Saturday, January 01, 2011

Identity Theft as an Access Tool. Why steal ID's one at a time when you can download them wholesale?

Law firm’s credentials misused to access Experian database

December 31, 2010 by admin

Experian has a lot of clients and sometimes those clients’ login credentials fall into the wrong hands. That appears to be the case again.

Experian notified the New Hampshire Attorney General’s Office on December 22nd that someone using the access login credentials of the law firm of Samuels, Green, and Steel, LLP had accessed an unspecified number consumer credit reports. Those reports typically contain more than enough personal information to commit identity fraud.

Experian has detected a number of these types of situations. In this case, the notification letter does not provide any information as to when the access occurred or how long it took before it was detected. As in other cases, Experian reports that law enforcement has been contacted to investigate and that Experian is working with its client to investigate the breach.

A tool for all you practical jokers out there? “Since we can't investigate everything, we'll just assume the worst – after all, they're only citizens.”

One Tip Enough To Put Name On Terrorist Watch List

"As a result of the US Government's complete failure to investigate credible warnings about 'Underwear Bomber' Umar Farouk Abdulmutallab from none other than Abdulmutallab's father, senior American counterterrorism officials say they have altered their criteria so that a single-source tip can lead to a name being placed on the watch list. Civil liberties groups warn that it is now even more likely that individuals who pose no threat will be swept up in America's security apparatus, leading to potential violations of their privacy and making it difficult for them to travel. 'They are secret lists with no way for people to petition to get off or even to know if they're on,' said Chris Calabrese, legislative counsel for the American Civil Liberties Union."

Interesting concept. Perhaps this will evolve into a “virtual judge” accessible via iPhone, who can allow any type of warrant or subpoena instantly. “Courtrooms in the Cloud?”

'No Refusal' DUI Checkpoints Coming To Florida?

"With New Year's Eve only days away, the National Highway Traffic Safety Administration expects this to be one of the deadliest weeks of the year on the roads. But now a new weapon is being used in the fight against drunk driving. ... Florida is among several states now holding what are called 'no refusal' checkpoints. It means if you refuse a breath test during a traffic stop, a judge is on site, and issues a warrant that allows police to perform a mandatory blood test."

Failure to properly use “Information Assets” “We don't know who needs what so we're giving everyone everything and hoping they can figure it out...”

December 31, 2010

WaPo: WikiLeaks cable dump reveals flaws of State Department's information-sharing tool

Follow up to previous postings on WikiLeaks, via WaPo's Joby Warrick: "Investigations into the attacks concluded that government agencies had failed to share critical information that could have helped uncover the Sept. 11 plot. Because of that lapse, Congress tasked the Office of the Director of National Intelligence with pressuring key government agencies - including the Pentagon, the Homeland Security Department and the State Department - to find ways to rapidly share information that could be relevant to possible terrorist plots and other threats. The State Department, with its hundreds of diplomatic posts worldwide, was already making tens of thousands of classified cables available to intelligence and military officials with secret security clearances. But in 2005, the DNI and the Defense Department agreed to pay for a new State Department computer database that could allow the agency's cables to flow more easily to other users throughout the federal government. Net-Centric Diplomacy was launched in 2006 and tied into a giant Defense Department system known as the Secret Internet Protocol Router Network, or SIPRnet. Soon, nearly half a million government employees and contractors with security clearances could tap into the diplomatic cables from computer terminals around the globe... The State Department's new database quickly garnered praise as a model of interagency collaboration. The database was named a finalist for an Excellence in Government award in 2006... The flaws did not become apparent until much later. One of biggest problems: Sensitive cables were often dumped willy-nilly into the database regardless of whether they belonged there, according to two department officials familiar with the internal procedures for data storage."

Is this a case of forcing a new technology into an old technology's legal framework? It certainly make it easier for lawyers to (mis-)understand.

YouTube Legally Considered a TV Station In Italy

"Italian newspaper La Repubblica reports that YouTube and similar websites based on user-generated content will be considered TV stations (Google translation of Italian original) in Italian law, and will be subject to the same obligations. Among these, a small tax (500 €), the obligation to publish corrections within 48 hours upon request of people who consider themselves slandered by published content, and the obligation not to broadcast content inappropriate for children in certain time slots. The main change, though, is that YouTube and similar sites will be legally responsible of all published content as long as they have any form (even if automated) of editorial control. The main reason for this is probably that it will force YouTube to assume editorial responsibility for all published content, which facilitates the ongoing € 500M lawsuit of Italian prime minister Silvio Berlusconi against YouTube because of content copyrighted by Berlusconi's TV networks that some users uploaded on YouTube. Berlusconi's Spanish TV station, TeleCinco, was previously defeated in court on the grounds that YouTube is not a content provider."

Perspective. Africa as an emerging market. (I'll admit, the graphic caught my eye.)

The Future Ain’t What It Used To Be

Mobile phones and 3G service became ubiquitous in Africa so rapidly in part because they never had to compete with landlines. [Arthur C. Clarke wrote about developing countries skipping our “old and embedded” technology and jumping right to the latest stuff. Bob] Kenyans flocked to mobile-phone money transfer services, because they had no consumer banks: now M-Pesa, the largest, handles money equal to a mindboggling 10% of Kenya’s GDP every year. (The US equivalent would be $1.4 trillion/year. By contrast, PayPal handles less than $100 billion/year worldwide, of which mobile-phone payments are but a small fraction.) Now much of Kenya is quickly adopting distributed, flexible, resilient solar power, largely because their monolithic, sclerotic, vulnerable grid doesn’t reach much of the country.

This doesn’t mean they’ll be better off – we’ll be vastly wealthier for some decades yet – but they’re using their blank-slate advantage to evolve far faster. if you want to see the world’s real hothouse of change, or build a business that can change the lives of (or make money from) many tens of millions in the space of a few years, get ahead of the curve and aim at the 70% of humanity who live in Asia, where they already get new smartphones first, or Africa, which despite its Dark Continent reputation is rapidly growing wealthier.

The future of Education? Online, very specific, global access, best possible teacher(?), free to try.

Florida Bar Approves the Blog’s Online Education Program

… The accreditation in Florida was awarded to each of the four Sections that make up our program. We will use that same plan with other states. As explained at, the first Section is offered for free to everyone, everywhere. All you have to do is register. There will only be a charge for this first Section if you later seek to have Bar CLE credits awarded for your studies.

Global Cooling! Global Cooling! Mother Nature repeals the Al Gore Law...

Our Lazy Solar Dynamo — Hello Dalton Minimum?

"Solar maximum is supposed to be occurring, and everything from satellite communications to your toaster or radio could be affected. The only problem is that this just isn't happening, and NASA continues to revise downward the original prediction. In fact, the new forecast for Solar Cycle 24 is a lot smaller, and is now pegged at almost 40% of what was previously predicted. Recently, two scientists at the National Solar Observatory have followed the lead of a prominent Russian scientist, who almost five years ago forecast a dearth of sunspots and the subsequent cooling of Earth for the next several cycles. With Britain currently experiencing the coldest winter in over 300 years, and no new sunspots for the last week, are we heading for a Dalton Minimum, or worse still, yet another Maunder?"

Because I like lists...

A List Of The Best Of The Best Meme Lists Of 2010

Another way for my wife to print life-size pictures of her horse.

Image Print Wizard: Spread & Print Posters on Multiple Pages

Similar tools: Easy Poster Printer, PicSlice, BlockPosters and Rasterbator.

Friday, December 31, 2010

No doubt the Privacy Foundation will have to come up with a “Top Ten” list...

The Top 10 Privacy Stories of 2010

December 30, 2010 by Dissent

Declan McCullagh of CNET published a round-up of some of the stories that made privacy news in the U.S. this past year. But what were the top stories or the most important ones? Over on Liminal States, Jon Pincus posted his list, inspired by a Twitter privacy chat two weeks ago. A subsequent poll on Twitter drew 59 responses as to top story. Yours truly forgot to vote in time, but that’s okay.

As I mentioned in a previous blog post and on Jon’s blog, my priorities seem to be somewhat different than many of those who are also deeply concerned about privacy. In some respects, the Top 5 Privacy Violations of 2010 by Jeffrey Evans come closer to what I see as important privacy stories or developments.

So after giving it a bit more thought, here’s my list of the Top 10 Privacy Stories of 2010 for the U.S., in no particular order and for better or worse:

  • Tyler Clementi’s suicide

  • Karen Owens’ “paper” on sexual encounters goes viral and names names

  • Facebook changes everyone’s privacy settings

  • Homeland Security in Pennsylvania and their contractor surveill environmental protesters like terrorists

  • TSA introduces “enhanced” patdowns and backscatter machines that trample privacy, dignity, and civil liberties

  • Schools start fingerprinting school children and putting tracking devices on them

  • Lower Merion School District sued for recording students in their homes via webcam

  • Some courts rule that GPS surveillance and cell phone location records require warrants

  • Don’t Ask Don’t Tell repealed

  • Arizona enacts “papers, please” law

Yes, I know I don’t have most of the online tracking and regulatory stories listed. Frankly, those issues are just not as important to me. Your mileage, of course, may vary.

They will. They won't. They will. They won't.

BlackBerry denies India email access deal as struggle continues

December 30, 2010 by Dissent

Earlier today, I referenced a story from December 21 and indicated that Research in Motion had caved in to India’s demands to provide an encryption key to Blackberry email services. I’ve corrected that post in light of additional information. A story in today’s Economic Times of India resulted in a strong response from Research in Motion to set the record straight on exactly what RIM agreed to – and didn’t agree to. Josh Halliday reports:

BlackBerry-maker Research In Motion has hit back at reports that it is ready to allow Indian authorities access to customers’ highly-secure corporate emails.

The Canadian manufacturer slammed as “false and technologically infeasible” an Economic Times of India report which said that it will allow the Indian government access to all messages and emails sent by its 400,000 BlackBerry customers in the country. An internal home ministry memo, apparently seen by the paper, suggested that RIM would automatically make readable all BlackBerry communications, including encrypted enterprise emails.

RIM quickly refuted the charges, saying that only an account holder has the necessary key to decrypt the messages. But it confirmed that security authorities and mobile operators will be granted “lawful access” to the popular BlackBerry Messenger chats.

Read more in the Guardian.

My apologies to Research in Motion for misunderstanding earlier reports.


India Cracks Down on Unauthorized Communication Snooping

December 30, 2010 by Dissent

Maybe this should be filed under “irony” in light of governmental attempts to increase its own surveillance capabilities, but John Ribeiro reports:

The Indian government on Thursday said that it has discovered that private vendors, detective agencies and companies have imported equipment that is capable of illegally monitoring mobile and other communications.

In a statement through the country’s Press Information Bureau (PIB), the government has warned that under the law, no equipment can be used for unauthorized communication network monitoring, intercepting and surveillance of communications.

Read more on PCWorld.

Implications for Health Records in the Cloud?

Iowa Supreme Court upholds right to privacy of medical records

By Dissent, December 30, 2010

Michael J. Crumb of Associated Press reports on a case where grandparents seeking their adult child’s mental and physical health records as part of a visitation dispute concerning their grandson were turned away by the Iowa Supreme Court. The grandparents had sought their daughter’s records after she refused to allow them to have contact with her young son. Crumb reports that the court overturned a lower court’s ruling requiring production of the records:

A district court ordered Mulligan to produce her physical and mental health records to her parents, because the Ashenfelters had to prove their daughter was unfit to make a decision regarding grandparent visitation.

Mulligan appealed and the Supreme Court reversed the district court’s decision, deciding that the records were protected by Mulligan’s constitutional right to privacy.

Importantly, the court did not have to rule in this case if it chose not to, as a change in state law made the grandparents’ case moot.

But justices moved forward with ruling on the case, because “we believe individual privacy interests in medical and mental health records presents an issue of great public interest. We foresee this issue arising in the future, in the context of grandparent visitation as well as other civil contexts.”

Read more in the Chicago Tribune.


Information Sharing in Criminal Justice-Mental Health Collaborations: Working with HIPAA and Other Privacy Laws

Understanding the legal framework of information sharing is the crucial first step for jurisdictions seeking to design and implement effective criminal justice-mental health collaborations. This guide supports that first step by introducing how federal and state laws are likely to influence practitioners’ responses.

Gaming the system. “On the Internet, nobody knows you're a Democrat.”

Democrats Crowdsourcing To Vote Palin In Primaries

"In what could be the most extreme and influential crowdsourcing project ever, Democrats are beginning to organize to purposely vote for Palin in the 2012 Republican primaries. Their theory is by having Palin as an opponent, Obama will have the best odds at winning reelection. Recent polls have shown that Obama comfortably leads Palin by 10-20 points, but Obama is statistically tied with Romney and barely ahead of Huckabee. They even have a state-by-state primary voting guide to help Democrats navigate various states' rules for voting Palin in Republican primaries."

Considering Amazon's success, this isn't a surprise but I wonder about the percentages...

Study: So people do pay for online content

It's a long-standing truism that people won't pay for online content, but a new study from Pew Internet suggests otherwise.

Among the 750 Internet users in the U.S. surveyed by Pew for a study out today, 65 percent said they've paid for online content.

… Digital music and software proved to be the most popular items, with 33 percent of those questioned willing to pay for them online. Mobile apps were next in the list, with 21 percent saying they've bought them online. Other common items were digital games, magazine and newspaper stories, videos, and ringtones.

Lower on the list were cheat codes for video games and access to specific Web sites, such as online dating services. And only 2 percent admitted to buying adult content online.

How much are people willing to spend? On average, the people polled spend around $10 per month on online content. The majority (43 percent) spent amounts ranging from $1 to $10, while 25 percent said they spend between $11 and $30. And 7 percent said they spend around $100 a month.

Most (23 percent) of those surveyed said they pay for subscription services as opposed to the 16 percent who download individual files and the 8 percent who access streaming content.

Some surveys have found that many people won't pay for online content, at least not for specific types of content, such as newspaper subscriptions. But the rise in broadband is making it increasingly easier and faster for people to download and pay for the content they want, such as software, movies, music, e-books, and even news articles, according to Pew.

Record retention. Something for all my IT students. There are some very specific suggestions in the article.

Future-proof your data archive

It's easier than ever to make sure copies of your most important records, documents, photos, videos, and other personal data will be readable/viewable/playable long after the hardware and software used to create the files have bitten the dust.

The four keys to safe data archiving are to choose file formats that won't become obsolete, use storage media that won't deteriorate or become inaccessible, make multiple copies stored apart, and check your archived data regularly to ensure it's still readable.

Replacing those Bar Review courses?

BarMax, The $1,000 App (That’s Actually Worth It), Hits The iPad

It was just about a year ago that we first wrote about BarMax, an iPhone application meant to help law student pass the Bar exam.

Thursday, December 30, 2010

Just a quick heads-up!

Data Privacy Day 2011 is January 28th – Mark Your Calendars!

December 29, 2010 by Dissent

Whether you call it Data Privacy Day in the U.S., or European Privacy & Data Protection Day, mark your calendars for January 28, 2011!

Here are some privacy-related events going on that week. Most are free; but a $ symbol indicates that there’s a registration fee.

[Here's the one we can walk to...

The Privacy Foundation (Sturm College of Law, U. of Denver): World Privacy Lunch

Details to be Announced

Another case of “We make it so convenient, anyone can get your money!” After all, how can you prove it wasn't you?

ID thieves zero in on home equity lines of credit

December 29, 2010 by admin

Dan Browning reports:

Burnsville resident Mike Calcutt says he was stunned last March when he learned that someone had run up nearly $90,000 in unauthorized charges on his home equity line of credit account at Affinity Plus Federal Credit Union.

His shock turned to anger when the credit union informed him that he’d have to repay the money.


Turns out, Affinity Plus let someone set up telephonic banking privileges on his account, Calcutt said. Then someone executed a series of nine transfers — each just below $10,000 — from his credit line to his savings account. And finally, someone got the credit union to wire the money to a drop account in Boston, from which it has disappeared.

Read more in the Star Tribune, where Browning also reports on other similar cases.

Related: Complaint in Calcutt v. Affinity Plus

For my Ethical Hackers...

At what point do companies (and governments) go beyond ignorance?

Unsmart Investments in Smartcards

Let this be a lesson for companies implementing smartcard systems: If you don’t want people creating money from nothing, pay attention to the security research before investing.

… Taipei’s EasyCard system has been in place since 2001, largely as a means of paying for the subway, bus, taxis and parking. It has also been widely known to use a smartcard system called MIFARE Classic, produced by NXP Semiconductors, the security of which was publicly demonstrated to be broken by CCC members at their annual congress three years ago.

This break is no secret. It was publicized at the time, is noted on Wikipedia, and the issue was noted by NXP itself on its Web site, which today says the MIFARE Classic offers “basic levels of data security.”

… Welte knew the MIFARE system was weak. That isn’t necessarily a problem — if, say, someone tries to hack a $50 dollar card to read $500, but there’s a backend server verification check that says this card is only supposed to have $50, the problem is more or less solved.

… The city government and EasyCard know about the problem, he said. Taiwanese researchers have tried to warn them, and the research is publicly available online. The problem is companies trying to rely on “security through obscurity” — using proprietary but unsafe encryption — and trying to save money by not investing in solid security.

Wednesday, December 29, 2010

All kinds of interesting questions arise. Do corporations have a right to privacy? Is any of this covered by whistle-blower laws? Is this a “security breach” that must be reported? Perhaps corporations will finally realize how important it is to know what data they have and who accesses it!

December 28, 2010

Forbes: WikiLeaks And The New Corporate Disclosure Crisis

WikiLeaks And The New Corporate Disclosure Crisis - Stephanie Nora White and Rebecca Theim: "If the scandals that have plagued corporate America in the past two years haven't gotten you thinking about your own company's vulnerabilities, then the latest revelations out of WikiLeaks certainly should. In an interview with Forbes' Andy Greenberg, WikiLeaks founder Julian Assange declared that half the documents that have been fed to the organization are from corporations, and that sometime early next year his organization plans what presumably will be the first of many corporate disclosures. It will begin with information about one of the nation's leading banks. The target is rumored to be Bank of America, and the bank's stock tumbled 3% shortly after the rumors were publicized. Got your attention now? WikiLeaks is promising to give a voice to the disenfranchised, disgusted and disillusioned within Corporate America, those who have knowledge of company behavior ranging from distasteful to criminal. "Companies turn people into leakers by their failure to listen, look and respond," says business consultant and author Margaret Heffernan, whose forthcoming book, Willful Blindness: Why We Ignore the Obvious at Our Peril, will tackle the issue. In other words, it will no longer be a company's general counsel who will decide if and when something is disclosed to the public. Now, it's any insider with a flash drive who's troubled or disgruntled by an organization's conduct. And the types of information WikiLeaks is disclosing can be more damaging--and memorable--than a traditional corporate crisis."


The SEC Investigation Into Private Stock Sales Is All About The Glaring Lack Of Disclosure

The Securities and Exchange Commission is asking questions about private stock markets like SecondMarket and SharesPost. The SEC has sent “information requests to several participants in the buying and selling of stock” to a number of companies, reports the New York Times (although private market SecondMarket says they have received no request from the SEC). [Corrected: An earlier version of this story indicated that the private markets themselves received the information requests from the SEC, but the New York Times does not specify which firms were contacted].

Over the past year, trading in shares of still-private companies such as Facebook, Zynga, and LinkedIn has skyrocketed, allowing employees and early investors to sell their shares even without an IPO. About $400 million worth of shares will pass hands this year on SecondMarket, which is the largest of the private exchanges, up from about $100 million in 2009. The lack of liquidity because of the general postponement of IPOs among many Internet startups is fueling this growth. Only qualified institutions and high net-worth individual investors are allowed to participate in these markets, but as more and more shares trade hands the SEC’s 500-shareholder rule could be triggered which would require the companies to report audited financial results just like a publicly-traded company.

… Facebook shares are the ones most in demand on these markets. They recently traded at an implied valuation of above $50 billion on SecondMarket, and $42.4 billion on SharesPost. A couple years ago, Facebook won an exemption from the SEC’s 500-shareholder rule by arguing that the shares were mostly held by employees, and it also changed the way it issued restricted stock.

...because if you shop at Harrods or subscribe to the Financial Times, you might be a terrorist!”

EFF: Government plans to pry into your privacy if you send any money overseas

Money laundering and terrorist financing are serious problems, but there are several troubling aspects in the new rules proposed by the Financial Crimes Enforcement Network (FinCEN). FinCEN, a bureau of the Department of Treasury, proposed that the government should be told your name, address, bank account number, taxpayer ID, and other sensitive financial information if you electronically transfer any amount of money out of or into the country. Depending upon the type of transfer, these reports could also include passport numbers or alien ID numbers, the amount and currency of the funds transferred, and the name and address of the recipient.

We have the technology so we have to use it. It's for the children!”

UK: CCTV ‘used to monitor schoolchildren in toilets and changing rooms’

December 28, 2010 by Dissent

Graeme Paton reports:

Schools are using CCTV cameras to spy on pupils in toilets and monitor teachers’ performance in the classroom, according to an official report.

The use of video surveillance has evolved in recent years from a security measure to a tool to keep checks on children and staff, it was disclosed.

A report by the Information Commissioner’s Office warned that many schools were flouting guidance on CCTV which insists cameras should only be used to monitor behaviour in exceptional circumstances.


The latest study, which features contributions from a series of academics, said: “The use of CCTV has migrated from perimeter security and access control to monitoring pupil behaviour in public areas such as in corridors and playgrounds, and to more private realms such as changing rooms and toilets.”

Read more in the Telegraph.

Related: Information Commissioner’s report to Parliament on the state of surveillance , November 2010.

(Related) “We don't need no stinking 'due process!'”

MO: Cheerleaders Sue School to Get Back on Team

December 29, 2010 by Dissent

Anyone who knows me will know that I never aspired to be a cheerleader while in high school. While some of my peers were practicing kicks, flips, and waving their pom poms around, I was out organizing political protests and engaged in activities related to civil rights. How ironic, then, that over 40 years later, I would be writing about a case involving cheerleaders in support of their civil rights.

Joe Harris reports:

Two cheerleaders sued a southwest Missouri school district after being kicked off the squad for allegations of cyber-bullying. The cheerleaders say the Seneca school district violated their constitutional rights by booting them off the squad.

No charges were filed against the girls by the Newton County Sheriff’s Department after an investigation into the cyber-bullying allegations, according to the federal complaint.

The girls, identified only as P.A. and K.E., say they have suffered alienation from fellow students and cheerleaders since they were kicked off the cheerleading squad in June this year. They say they “were punished for conduct alleged, but yet not proven in any administrative hearing or court of law, to have occurred off campus and not on school time.”

Read more on Courthouse News.

This issue of whether schools can discipline students for behavior that occurs off-campus has been coming up more and more in the past two years. These cases raise issues about student privacy, the scope of a school’s authority, and issues of whether some conduct is protected speech. In this case:

The district’s attorney, Tom Mickes, told The Joplin Globe that several court rulings have found that extracurricular activities are not protected under the Constitution.

That may be true, but that doesn’t grant public entities such as school districts the ability to deprive children of public education or any benefits thereof based on any “policies” under color of state flag. Is this an “over-reach” of a school district’s authority?

Apart from the due process issues raised in the complaint in this case, what if a school district had a policy that said that students who engage in neo-Nazi groups outside of school are barred from school or participating in after-school clubs because it would create a “hostile” school environment for black or Jewish students? We’d all recognize the First Amendment issue.

Where is the line, if there is one, in determining what extra-curricular activity or speech can be used to deny a child of the full range of opportunities provided by taxpayer dollars-funded public education? Can public education be made contingent on compliance with a school’s “code of conduct” or “policies” applied to extra-curricular behavior if the behavior is not a violation of law? The complaint does not specify what behavior or “cyber-bullying” the plaintiffs allegedly engaged in outside of school, but if there has been no due process and no criminal charges ever filed, as alleged, on what basis does a district punish a student?

Sooner or later, this issue will get to the Supreme Court. For now, this is one of the cases I will be watching.

How good are Microsoft's lobbyists?

France Planning Non-Windows Tablet Tax?

"Lots of countries around the world have private copying 'levies,' which are effectively taxes on products that store data, which is put into a pool to be handed out to copyright holders, as a sort of payment for the 'copying' that individuals do. This was quite popular with blank CDRs, for example, but has been expanded in certain countries to cover hard drives, iPods and other such devices. Over in France, they're looking to expand the levy to tablet computers, but apparently if that tablet computer is running Microsoft Windows, it will be exempted from the tax. iPads and Android-powered tablets will have the tax. Why? Well, the argument is that if a tablet is running Windows, it's really a 'computer.' But if it's running one of those 'mobile' operating systems, suddenly it's a brand new category. Not surprisingly, makers of Android tablets — including the French company Archos — are not at all happy about this."

For my Ethical Hackers

Breaking GSM With a $15 Phone … Plus Smarts

Speaking at the Chaos Computer Club (CCC) Congress here Tuesday, a pair of researchers demonstrated a start-to-finish means of eavesdropping on encrypted GSM cellphone calls and text messages, using only four sub-$15 telephones as network “sniffers,” a laptop computer and a variety of open source software.

A true time saving technology! For everyone who expects lame Christmas gifts?

Amazon tech helps return gifts before you get them

Amazon might have a simple solution in store for those who get disappointed every holiday season by undesirable gifts.

The company has been awarded a patent that allows gift recipients to automatically exchange items before they receive them. The solution would offer those ungrateful recipients the opportunity to choose something else or get a gift card without necessarily indicating to the sender that it wasn't accepted.

Automating and off-shoring. I don't worry about this, I'm already egg shaped...

Korean schools welcome more robot teachers

If you thought your English teacher was a robotic bore, spare a thought for kids in South Korea. They're being taught by real robots.

The city of Daegu introduced 29 robot teachers in 19 elementary schools as part of a large-scale project to robotize teaching. The ambitious effort envisioned robots in all 8,400 kindergartens in Korea by 2013.

Kids at Hakjung Elementary School seemed thrilled to interact with robots like the globular Engkey (above and in the vid below). It's about 3.2 feet tall and rolls around the classroom on wheels, asking questions in English and dancing to music.

Developed by the Korea Institute of Science and Technology (KIST) at a cost of some $1.39 million, Engkey is a telepresence bot, controlled by teachers in the Philippines.

A resource for my students.

Sixty Symbols

...a collection of videos featuring scientists at the University of Nottingham giving short, sometimes humorous, explanations of the symbols of physics and astronomy. [Including Einstein's favorite, the Vuvuzela Bob]

Tuesday, December 28, 2010

Like many breaches, this one continues to grow as the client organizations notify their customers and we are able to link it back to the company responsible for the failure.

American Honda Motor Co – Customer Info Exposed

December 27, 2010 by admin

Rafal Los writes:

Alright, so Honda’s web sites didn’t actually get hacked, but like McDonalds they are on the receiving end of a lump of coal in their stocking for Christmas.

A post on Honda’s “” website for Honda Pilot owners hints at a data breach at a vendor maintaining a mailing list for customer of My Acura and Honda’s Owner Link websites. From the forums post, it would appear as though SilverPop, the same company that was behind the breach of email addresses and information, also included Honda [likely this is fallout from the SilverPop hack].

Read more of this Following the White Rabbit post on Infosec Island.

Unlike other entities reporting a breach involving an email marketing vendor, Honda says no passwords were acquired or at risk:

American Honda Motor Co., Inc. recently became aware of unauthorized access to an email list used by a vendor to create a welcome email to customers who have an Owner Link or My Acura vehicle account. The data that was obtained included your email address, your name, Vehicle Identification Number (VIN) and User ID. Your password was not included and no other sensitive information was contained in that list.

SilverPop has not publicly named entities affected by the breach, nor have they issued any additional updates since their Dec. 15th statement on their blog.

One more anti-Behavioral Advertising lawsuit

Apple Apps Give Information to Advertisers, Suit Says

December 27, 2010 by Dissent

Joel Rosenblatt reports:

Apple Inc. was sued over claims that applications for the company’s iPhone and iPad transmit users’ personal information to advertising networks without customers’ consent.

The complaint, which seeks class action, or group, status, was filed on Dec. 23 in federal court in San Jose, California. The suit claims Cupertino, California-based Apple’s iPhones and iPads are encoded with identifying devices that allow advertising networks to track what applications users download, how frequently they’re used and for how long.

Read more on Bloomberg Businessweek.

Governments often acknowledge Audits, then ignore them.

Auditors Question TSA's Tech Spending, Security Solutions

"Government auditors have faulted the TSA and its parent agency, the Department of Homeland Security, for failing to properly test and evaluate technology before spending money on it. The TSA spent about $36 million on devices that puffed air on travelers to 'sniff' them out for explosives residue. All 207 of those machines ended up in warehouses, abandoned as unable to perform as advertised, deployed in many airports before the TSA had fully tested them. Since it was founded in 2001, the TSA has spent roughly $14 billion in more than 20,900 transactions with dozens of contractors, including $8 billion for the famous new body scanners that have recently come under scrutiny for being unable to perform the task for which they are advertised. 'TSA has an obsession of finding a single box that will solve all its problems. They've spent and wasted money looking for that one box, and there is no such solution,' said John Huey, an airport security expert."

So that's one crime solved for every 2000 or so cameras? How many additional police officers would that pay for? They at least have the potential to prevent crime...

London Police Credit CCTV Cameras With Six Solved Crimes Per Day

"CCTV cameras across London help solve almost six crimes a day, the Metropolitan Police has said. According to the article, 'the number of suspects who were identified using the cameras went up from 1,970 in 2009 to 2,512 this year. The rise in the number of criminals caught also raises public confidence and counters bad publicity for CCTV.'"


There are up to 4.2m CCTV cameras in Britain - about one for every 14 people.

(Related) We're talking toy drones here. Fortunately, they don't come with toy missiles. Imagine how the government might react when (not if) someone uses these toys for “terrorist acts”

German politicians see camera drones as data protection risk

December 27, 2010 by Dissent

Flying drones that take pictures of foreign subjects may sound like part of a military arsenal, but they’re also available to consumers now. Consumer Affairs Minister Aigner has called the new devices a privacy threat.

… some German politicians are concerned about privacy issues relating to the toys priced at 299 euros ($393) and steered by devices like the iPhone and iPad.

“Even just by using the small, helicopter-like hobby models, people can quickly go beyond the limits of the law,” said Ilse Aigner, Germany’s consumer affairs minister, in an interview with the Deutsche Presse Agentur.

For example, if hobbyists or children fly the AR.Drone onto neighbors’ property and capture images of them in their home without their permission, the photographs could already stand in violation of data privacy laws.

Read more on Deutsche Welle.

First a Barbie with a built-in cam and now these toy drones? Will we need regulation of toys for privacy risks? What next?

Is this one of those commie ideas?

Putin Orders Russian Move To GNU/Linux

"Vladimir Putin has signed an order calling for Russian federal authorities to move to GNU/Linux, and for the creation of 'a single repository of free software used in the federal bodies of executive power.' There have been a number of Russian projects to roll out free software, notably in the educational sector, but none so far has really taken off. With the backing of Putin, could this be the breakthrough free software has been waiting for?"

I can see the advertising pitch now: “School Districts! Why pay for a gym and sports teams? Replace all that with video games!”

Microsoft Kinect With World of Warcraft

"Researchers at the University of Southern California Institute for Creative Technologies have developed software that enables control of PC video games using the Microsoft Kinect sensor. Their toolkit, known as the Flexible Action and Articulated Skeleton Toolkit (FAAST), emulates custom-configured keyboard controls triggered by body posture and specific gestures. This video shows a user playing the online game World of Warcraft using the Kinect. Potential applications of this technology include video games for motor rehabilitation after stroke and reducing childhood obesity through healthy gaming."

Could this be a budget saving idea in the US?

Portugal's Decriminalization of Drug Use Pays Off; U.S. Eyes Lessons

Drugs in Portugal are still illegal. But here's what Portugal did: It changed the law so that users are sent to counseling and sometimes treatment instead of criminal courts and prison. The switch from drugs as a criminal issue to a public health one was aimed at preventing users from going underground.

Here's what happened between 2000 and 2008:

-- There were small increases in illicit drug use among adults, but decreases for adolescents and problem users, such as drug addicts and prisoners.

-- Drug-related court cases dropped 66 percent.

-- Drug-related HIV cases dropped 75 percent. In 2002, 49 percent of people with AIDS were addicts; by 2008 that number fell to 28 percent.

(Related) Additional criminalization?

MA: New drug law will track more prescriptions

By Dissent, December 27, 2010

Sarah Favot and Caroline Hailey report on prescription monitoring in Massachusetts:

Massachusetts residents face a new routine when they pick up certain prescription drugs at the pharmacy on Jan. 1.

Under a law passed last summer, they will have to show a driver’s license or another approved ID before the druggist can give them prescriptions ranging from addictive opiates to certain medicines for diarrhea. Their purchases will be recorded in a massive database that will include their names, addresses and the kinds and amount of pills they take.

The goal of the law is to combat the growing problem of prescription drug abuse, particularly among teens and young adults. According to one federal survey, Massachusetts ranked 8th among those 18-to-25 who have used drugs not prescribed to them.

The law is similar to legislation passed in 33 states and being initiated in another 10 states. Studies suggest the programs can help combat prescription drug abuse, but the law has other consequences that play against the national debate about the size and reach of government.

Read more on MetroWest Daily News

Monday, December 27, 2010


McDonald’s, CBS, Mazda & Microsoft Mine Data from Web Ads, Class Says

December 27, 2010 by Dissent

McDonald’s, CBS, Mazda and Microsoft use their Internet ads as a cover for data-mining, to identify the websites people visit, invading people’s privacy, misappropriating their personal information and interfering with the operations of their computers, a class action claims in Federal Court. “Defendants acted in concert with [nonparty] Interclick, mining consumers’ web browser histories for entries of particular relevance to defendants’ respective, customized advertising campaigns,” the complaint states.

Lead plaintiff Sonal Bose, of New York, N.Y., included Does 1-50 as defendants.

She claims McDonald’s committed its offenses, including violations of computer privacy laws, through its online World Cup-theme game in the summer of 2010.

CBS did it in an online ad campaign for its “online fantasy sports platform” before the 2010 Major League Baseball season began; Mazda did it in ads for its summer sales and 2010 models, and Microsoft did it during a 7-month ad campaign for its Windows Smartphone, according to the complaint.

Read more on Courthouse News.

(Related) and also inevitable. Why do you think he went to Law School?

Man quits job, makes living suing e-mail spammers

Eight years ago, Balsam was working as a marketer when he received one too many e-mail pitches to enlarge his breasts.

Enraged, he launched a Web site called, quit a career in marketing to go to law school [Law School recruiters take note! Bob] and is making a decent living suing companies who flood his e-mail inboxes with offers of cheap drugs, free sex and unbelievable vacations.

And while we're at it, let's go after those Behavioral Advertising types too...

Privacy groups ask FTC to probe drug companies’ online practices

By Dissent, December 27, 2010

Pamela Lewis Dolan reports:

Four privacy advocacy groups have filed a complaint with the Federal Trade Commission, asking it to investigate the online marketing practices of pharmaceutical companies.

The Center for Digital Democracy, Consumer Watchdog, the U.S. Public Interest Research Groups and the World Privacy Forum filed a 144-page complaint in late November alleging that certain websites allow pharmaceutical companies to collect patient information and information on physicians’ prescribing and treatment patterns to market health-related services or drugs directly to the consumers or physicians.

Among the sites the complaint targeted are Google, Yahoo and Microsoft, which operate data and advertising exchanges. The complaint also mentions by name Sermo, the social media site for physicians that has a partnership with Pfizer,, Everyday Health, Health Central, QualityHealth and WebMD, among others.

Read more on American Medical News.

So, cops can use technology to enhance what the “Mark I eyeball” can do.

Pennsylvania appeals court allows evidence obtained with GPS technology

December 26, 2010 by Dissent

Eryn Correa reports:

A Pennsylvania appeals court on Saturday overturned the Chester County Court of Common Pleas decision banning the use of evidence obtained with global positioning systems (GPS) technology. The three judge panel of the appeals court ruled to allow the admission [Daily Local News report] of evidence that could bring four more alleged burglaries to light. In 2008, GPS tracking devices had been placed in SUVs thought to be used in the commission of several burglaries around Philadelphia. The GPS devices later showed the SUVs at or near the scene of further crimes. Chester County Judge Thomas Gavin originally upheld the movement to suppress the evidence obtained by GPS citing a lack of case history and unease with the invasion of privacy such technology allowed.

Read more on JURIST.

Perhaps we could move trials “into the Cloud?”

December 26, 2010

New on Juror Behavior in the Information Age

Via - Juror Behavior in the Information Age: Ken Strutin focuses on the impact of social media on jurors who increasingly try to stay connected to work and home while performing their civic duty, and the resulting impact of the power of individual jurors to virtualize a trial by going online. His article collects recent and notable examples of juror online misbehavior and highlights scholarship and practice resources concerning its implications for voir dire, trial management and the administration of justice.

Sunday, December 26, 2010

Interesting bit about the “government in waiting” requirement. I was concerned this would become a “least common denominator” with demands for government subsidized “happy meals”

The Wrong Way To Weaponize Social Media

"NYU's Clay Shirky, in the new issue of Foreign Affairs, calls the U.S. government's approach to social media 'dangerous' and 'almost certainly wrong,' as in its favoring Haystack over Freegate. The Political Power of Social Media claims that the freedom of online assembly — via texting, photo sharing, Facebook, Twitter, humble email — is more important even than access to information via an uncensored Internet. Countering Malcolm Gladwell in the New Yorker, Shirky looks at recent uprisings in the Philippines, Moldova, and Spain to make his point that, instead of emphasizing anti-censorship tools, the US should be fighting Egypt's recent mandatory licensing of group-oriented text-messaging services."

Only part of Shirky's piece is available for non-subscribers, but Gladwell's New Yorker piece is all online.

[Download Shirky's article here:

(Related) ...and now we can create an automated rabble rouser!

How To Be Popular On Facebook, Quantified

"Network World reports that Facebook has just released an analysis of the word usage for about one million status updates from its US English speakers with the words in updates organized into 68 different word categories based on the Linguistic Inquiry and Word Count (LIWC)--a text analysis software program that calculates the degree to which people use different categories of words across a wide array of texts. The results? To be popular on Facebook all you have to do is write longer status updates, talk about music and sports, don't be overly emotional, don't talk about your family, don't refer to time and use the word 'you' a lot. Facebook's study also confirms something that bloggers and Fox News have known for years: negative comments produce more online activity. Sure, Facebook users might click the like button more often on updates expressing positive emotion. But Facebook found you can't beat negativity for user engagement, as dismal status updates garnered more comments than positive ones."

For my Ethical Hackers – Why Cambridge is a Great University...

UK Banks Attempt To Censor Academic Publication

"Representatives of the UK banking industry have sent a take-down notice (PDF link) to Cambridge University, demanding that they censor a student's webpage as well as his masters thesis (PDF). The banks' objection is that the information contained in the report might be used to exploit a vulnerability in the Chip and PIN system, used throughout Europe and Canada for credit and debit card payments. The system was revealed to be fundamentally flawed earlier this year, as it allowed criminals to use a stolen card with any PIN. Cambridge University has resisted the demands and has sent a response to the bankers explaining why they will keep the page online."

[From the response...

you seem to think that we might censor a student’s thesis, which is lawful and already in the public domain, simply because a powerful interest finds it inconvenient. This shows a deep misconception of what universities are and how we work. Cambridge is the University of Erasmus, of Newton, and of Darwin; censoring writings that offend the powerful is offensive to our deepest values. Thus even though the decision to put the thesis online was Omar’s, we have no choice but to back him. That would hold even if we did not agree with the material! Accordingly I have authorised the thesis to be issued as a Computer Laboratory Technical Report. This will make it easier for people to find and to cite, and will ensure that its presence on our web site is permanent.

Background music? Many of my website students link to their favorite artists...

UWall.Tv Turns YouTube Into Your Own MTV

Frustrated with how difficult it is to search YouTube for music videos, Argentinian web developer and co-founder Sebastian Vaggi has created allows you to search YouTube by artist, song or by music category like Vevo, with the added benefit of creating a custom music video playlist based on your search.