Saturday, September 03, 2011

“If anything can go wrong, it will.”
September 1, 2011
Unredacted U.S. Diplomatic WikiLeaks Cables Published
It looks as if the entire mass of U.S. diplomatic cables that WikiLeaks had is available online somewhere. How this came about is a good illustration of how security can go wrong in ways you don't expect.
Near as I can tell, this is what happened:
  1. In order to send the Guardian the cables, WikiLeaks encrypted them and put them on its website at a hidden URL.
  2. WikiLeaks sent the Guardian the URL.
  3. WikiLeaks sent the Guardian the encryption key.
  4. The Guardian downloaded and decrypted the file.
  5. WikiLeaks removed the file from their server.
  6. Somehow, the encrypted file ends up on BitTorrent. Perhaps someone found the hidden URL, downloaded the file, and then uploaded it to BitTorrent. Perhaps it is the "insurance file." I don't know.
  7. The Guardian published a book about WikiLeaks. Thinking the decryption key had no value, it published the key in the book.
  8. A reader used the key from the book to decrypt the archive from BitTorrent, and published the decrypted version: all the U.S. diplomatic cables in unredacted form.
Memo to the Guardian: Publishing encryption keys is almost always a bad idea. Memo to WikiLeaks: Using the same key for the Guardian and for the insurance file -- if that's what you did -- was a bad idea.
EDITED TO ADD (9/1): From pp 138-9 of WikiLeaks:
Assange wrote down on a scrap of paper: ACollectionOfHistorySince_1966_ToThe_PresentDay#. "That's the password," he said. "But you have to add one extra word when you type it in. You have to put in the word 'Diplomatic' before the word 'History'. Can you remember that?"
I think we can all agree that that's a secure encryption key.
EDITED TO ADD (9/1): WikiLeaks says that the Guardian file and the insurance file are not encrypted with the same key. Which brings us back to the question: how did the encrypted Guardian file get loose?
EDITED TO ADD (9/1): Spiegel has the detailed story.

“To err is human. To really screw thing up, use a computer!”
Scanning 2.4 Billion Eyes, India Tries to Connect Poor to Growth
September 2, 2011 by Dissent
Lydia Polgreen of The New York Times has a detailed article on India’s national ID system, and how it will presumably improve life for India’s impoverished citizens. Reading her article, some of the lofty ideals sure sound swell, but I remain skeptical that creating a mandatory identity database is necessary – and it is certainly not sufficient – to really begin to equalize the inequities in India’s economy and control of power. Like all technology, such things have the potential for good or evil, and by now, I don’t see government databases as generally being a source of good in this world. See what you think when you read it.
[From the article:
“One cannot improve human beings,” said Ram Sevak Sharma, the director general of the identity program. “But one can certainly improve systems. And the same flawed human beings with a better system will be able to produce better results.”

Not required by law, but now a competitive imperative?
Breach Notification: Time for a Wake Up Call
In case you haven't heard, the days of having no obligation to notify consumers of a data breach or loss that involves only email addresses may have ended. This should be a major wakeup call for every CIO.
Historically, a business and its CIO were only required to be concerned about personally identifiable information. In other words, if a business did not collect banking information, Social Security numbers, medical information or similar data, then the duty to report a breach or loss only arose in the event that the business had contractually promised its customers that it would do so.
… However, those in charge of safeguarding consumer information may have noticed something a little odd about the Epsilon data theft this spring. When news of the Epsilon data breach broke, and notifications started arriving, the pendulum toward breach notification obligation made a further shift — a seismic leap, frankly.
… The disclosure of an email-only data theft may have changed the rules of the game forever. A number of substantial companies may have inadvertently taken legislating out of the hands of the federal and state governments. New industry pressure will be applied going forward for the loss of fairly innocuous data. This change in practice has the potential to affect every CIO who collects “contact” information from consumers, maybe even from employees in an otherwise purely commercial context.

Another change in the public's perception of Privacy?
Hidden CCTV cameras to be audited amid privacy concerns
September 2, 2011 by Dissent
Peter Michael reports:
Queensland’s Privacy Commission plans to audit the booming numbers of CCTV camera networks to thwart concerns about “significant” abuses of vision obtained by hidden surveillance.
The move comes after The Courier-Mail this week revealed police were investigating fresh leads after security footage stolen from Cairns’ Reef casino of public sex and bar fights had been posted to YouTube.
Officials admit they do not know how many hidden cameras and security networks are tracking our everyday movements.
Read more on: The Courier-Mail

A simple way to override all the Facebook snooping? No wonder Facebook is concerned.
First time accepted submitter FlameWise writes
"Yesterday, German technology news site Heise changed their social 'like' buttons to a two-click format (Original in German). This will effectively disable unintentional automatic tracking of all page visits by third-party social sites like Facebook, Twitter or Google+. Less than 24 hours later over 500 websites have asked about the technology. Facebook is now threatening to blacklist Heise (Original in German)."
As I read the updated story, Facebook has backpedaled a bit, so "blacklist" may no longer be the operative word. An anonymous reader adds a quick explanation of the changed interface: "Instead of enabling Facebook to track a user (arguably without prior consent) by placing a 'like' button on the website in the usual way, a greyed-out like button is shown. If a user wants to share or 'like,' he has to execute an additional click to enable the original Facebook 'like' button and get the desired behavior. This technique obviously has a disadvantage for Facebook, because the behavioral tracking does not work anymore."

Will this translate to US law?
Norway: Hunt For Student File-Sharers Thwarted By Data Privacy Ruling
September 3, 2011 by Dissent t
enigmax writes:
Copyright holders and anti-piracy companies have been dealt a blow in their attempts to monitor and track down student file-sharers in Norway. Following a decision by the Data Inspectorate, universities will not be allowed to spy on the online activities of their students and data gathered for network maintenance purposes will kept well away from rightsholders and lawyers.
Read more on TorrentFreak.

This sounds like a TSA argument. Unfortunately, there is more than a grain of truth here.
The Bilateral Fourth Amendment and the Duties of Law-Abiding Persons
September 2, 2011 by Dissent
L. Rush Atkinson, law clerk to the Honorable Julia Smith Gibbons, U.S. Court of Appeals for the Sixth Circuit, has an article in Georgetown Law Journal, Issue 99.6 (August 2011)> Here’s the abstract:
The Fourth Amendment protects the innocent only from “unreasonable” searches. In light of the limited nature of this constitutional safeguard, law abiders consistently take precautions to avoid government searches. [We do? After reading the article, we do! Bob] This Article considers why constitutional jurisprudence limits the protection of the innocent to “unreasonable” searches, thereby forcing them to alter their behavior. [It does? Bob] The most satisfying answer derives from an often-overlooked fact: Searches of innocent persons are often “bilateral accidents,” meaning that both the innocent suspect and the police can affect the likelihood that an erroneous search will occur. In bilateral conditions, a reasonableness rule induces both the searcher and the searched to take optimal care to avoid mistaken searches, while other rules embodied in constitutional protections—like that within the Takings Clause of the Fifth Amendment—cannot.
By assigning costs for erroneous-but-reasonable searches to the innocent, the Fourth Amendment functions as an important regulatory device, channeling law abiders away from activity that unintentionally masks others’ criminal enterprises. [Sounds like taking reasonable security protection makes us “law abiders” look like criminals! Bob] Thus, the Amendment regulates the very people that it protects from governmental intrusions. This Article refers to this duality as the “bilateral Fourth Amendment” and argues that the Amendment’s incentives for the innocent are best understood as a duty for law-abiding people to act reasonably.
At the same time, identifying the “bilateral” nature of searches should influence the legal rules dictating what evidence police may use as grounds to search a suspect. Because the innocent alter their behavior based on which activities the government deems “suspicious,” rules about cause and suspicion cannot singly turn on evidence’s probative value; they must also account for the socially beneficial activity that is reduced by labeling behavior “suspicious.”
[The article is here:

Dilbert sums up Management's view of IP Law!

Friday, September 02, 2011

Guidelines with teeth?
NLRB Report Reviews Social Media Enforcement Actions
September 1, 2011 by Dissent
Boris Segalis writes:
On August 18, 2011, the Associate General Counsel of the National Labor Relations Board (“NLRB” or the “Board”) issued a report analyzing the Board’s recent social media enforcement actions. The report seeks to provide guidance to employers that want to ensure that their social media policies appropriately balance employee rights and company interests.
Read more on InformationLawGroup
[From the article:
According to the report, the NLRB may view as unlawful (often because the Board viewed them as overly broad) social media policies that:
  • Prohibit employees from posting pictures of themselves in any media, including the Internet, which depict the company in any way, including posting featuring a company uniform or corporate logo;
  • Prohibit employees from making disparaging comments when discussing the company or the employees' superiors, coworkers or competitors;
  • Generally prohibit, in the application to social media, offensive conduct and rude or discourteous behavior;
  • Prohibit inappropriate discussions about the company, management or coworkers;
  • Prohibit any use of social media that may violate, compromise or disregard the rights and reasonable expectations as to privacy and confidentiality of any person or entity;
  • Prohibit any communications or posts that constitute embarrassment, harassment or defamation of the employer or its employees, officers, board members, representatives or staff members;
  • Prohibit statements that lack truthfulness or might damage the reputation or goodwill of the employer, its staff or employees;
  • Prohibit employees on their own time from using social media to talk about company business, from posting anything that they would not want their manager or supervisor to see or that would put their job in jeopardy, from disclosing inappropriate or sensitive information about employer, or from posting any pictures or comments involving the company or its employees that could be construed as inappropriate;
  • Prohibit employees from using the company name, address or other information on their personal profiles;
  • Prohibit employees from revealing personal information regarding coworkers, company clients, partners or customers without their consent; or
  • Prohibit the use of employer’s logos and photographs or of the employer’s store, brand or product without written authorization.

Perhaps the goal is to make “suspects” glow in the dark for easier tracking?
"The Electronic Privacy Information Center received more FOIA documents from the U.S. Department of Homeland Security regarding mobile x-ray scanners (a.k.a. Z Backscatter Vans). We've discussed these devices before. Perhaps the most interesting part is slide #11 ('Disclaimer About Scanning People') on page 6 of this PDF explaining that the radiation output of these devices is too high to comply with ANSI N43.17. In other words, they output too much radiation even by TSA's questionable standards for airport body scanners. Regardless, the slide ends with the author stating that the ANSI standard 'is not applicable to covert operations.' What might that assertion have meant to the presentation's intended audience?"

What, you thought you blocked that site?
TextMirror: Convert Websites To Plain Text By Removing Their HTML Tags
TextMirror is a free to use web service that converts websites into plain text by removing all the webpage elements and HTML tags. All you have to do is enter the URL of the website you want converted; the conversion is all done on TextMirror’s own server so you never really need to access the site being converted.
In addition to using the site as a proxy for reading articles, you can use TextMirror to quickly view text on large webpages that are taking simply too long to load up.

An InfoGraphic of a dying method of communication?
The History Of Email & It’s Growth

Many of my students love WolframAlpha. A great supplement for Math classes.
Next week on September 7th Wolfram Alpha is hosting a free webinar for teachers. The webinar will provide an overview of how to use Wolfram Alpha's computational search engine. Participants will also be introduced to using Wolfram Alpha to create custom widgets to enhance learning experiences. The webinar will be repeated on September 15. You can find the details on the webinars and register for them here.
Applications for Education
While Wolfram Alpha is a natural fit for mathematics lessons, the webinar announcement promises to offer something for every content area. From the view point of a social studies teacher one of the things I like about Wolfram Alpha is the quick "fact sheets" that my students can pull up. For example, if I want my students to quickly find some demographic and economic data about Libya they can simply type "Libya" into the search box to have that info right at their finger tips. This allows us to then spend more class time discussing and analyzing the significance of that data instead of searching for the data.

Thursday, September 01, 2011

“Hey, we're the government. Your data is safe with us!”
UK: Local councils lose personal details of 160,000 people
September 1, 2011 by admin
David Pegg reports:
Local councils have lost data relating to personal details of more than 160,000 people in the last five years, a Bureau investigation can reveal. More than 26,000 individuals have had their personal details lost in the first half of 2011 alone.
The losses include personal details of more than 5,000 children.
CVs, housing benefit information, passport numbers, information on vulnerable people and an encrypted version of a local electoral register were amongst the various losses that councils admitted.
One council, Worcestershire, even admitted losing people’s bank details, in an incident that involved the loss of a contractor’s laptop that contained information relating to 16,200 staff in 2007.
In many cases councils have also failed to inform people affected by the loss.
Read more on Bureau of Investigative Journalism. Some of the breaches mentioned were only uncovered by a freedom of information request.

(Related) “Hey, we're a school district. We're educated in Security!”
TX: Hackers tap EPISD system: Student, employee information, including Social Security numbers, compromised
September 1, 2011 by admin
Daniel Borunda reports:
The private information of thousands of El Paso Independent School District students, teachers and other employees is at risk after hackers broke into the district’s internal computer network.
The security breach was discovered Wednesday when a computer security company noticed hackers bragging on a website about breaking into the EPISD system. [EPISD didn't notice... Bob]
EPISD officials confirmed that the district’s internal network ( was infiltrated and that hackers gained access to information such as names, birth dates, addresses and Social Security numbers of district employees and students.
Read more on the El Paso Times.
The hackers’ post referred to in the story seemingly was posted on Pastebin, but has been removed as of the time of this posting. A cached copy, still currently available, shows that ethnicity data were also acquired. The hackers, who identified themselves as -Sy5t3mF41lur3 & t3hblackhatter of H05t_Bu5t0rz, did not display any dates of birth in their proof of intrusion, nor Social Security Numbers. Their post reveals the names, ethnicity codes, and student ID numbers for 26 students. There are no other personal details revealed.
Gaby Loria of KVIA notes that the server contained the district’s internal network includes names, addresses and Social Security numbers for approximately 63,000 students and 9,000 teachers.
The alert to parents is posted in both English and Spanish on the district’s home page.
There is no explanation of why the district had failed to encrypt the sensitive information.

(Related) “Hey, we're your Health Care provider. Can't you wait until we go national?”
By Dissent, August 31, 2011
Saw this press release today and thought it worth mentioning here for its statistics:
Veriphyr, a leading provider of Identity and Access Intelligence, today announced the results of new survey on Protected Health Information (PHI) privacy breaches. According to the findings, more than 70 percent of the organizations in the study have suffered one or more breaches of PHI within the last 12 months. Insiders were responsible for the majority of breaches, with 35 percent snooping into medical records of fellow employees and 27 percent accessing records of friends and relatives.
The report, entitled “Veriphyr’s 2011 Survey of Patient Privacy Breaches”, summarizes the findings of a survey of compliance and privacy officers at mid to large sized hospitals and healthcare service providers. Respondents were queried on their perceptions of privacy and compliance initiatives within their organization, adequacy of tools to monitor unauthorized access to PHI, and the number and type of breaches sustained in the past year. A complimentary copy is available here (registration required). [No link. Perhaps in a later Update... Available here (registration required) Bob]
“Given that data breaches of patient information cost healthcare organizations nearly $6 billion annually, we were not very surprised to discover that more than 70 percent of the organizations surveyed were victimized last year,” said Alan Norquist, CEO of Veriphyr. “However, we did not expect the prevalence of insider abuse reported, and that nearly 80 percent of the respondents feel they lack adequate controls to detect PHI breaches in a timely fashion.”
Some of the report’s key findings include:
– Top breaches in the past 12 months by type: — Snooping into medical records of fellow employees (35%)
– Snooping into records of friends and relatives (27%)
– Loss /theft of physical records (25%)
– Loss/theft of equipment holding PHI (20%)
– When a breach occurred, it was detected in:
-- One to three days (30%)
– One week (12%)
– Two to four weeks (17%)
– Once a breach was detected, it was resolved in:
-- One to three days (16%)
– One week (18%)
– Two to Four weeks (25%)
– 79% of respondents were “somewhat concerned” or “very concerned” that their existing controls do not enable timely detection of breaches of PHI
52% stated they did not have adequate tools for monitoring inappropriate access to PHI

The not-so-secret world of diplomacy
WikiLeaks breach exposes unredacted US cables; organization blames Guardian reporter
August 31, 2011 by admin
James Ball of The Guardian reports:
A Twitter user has now published a link to the full, unredacted database of embassy cables. The user is believed to have found the information after acting on hints published in several media outlets and on the WikiLeaks Twitter feed, all of which cited a member of rival whistleblowing website OpenLeaks as the original source of the tipoffs.
WikiLeaks published a statement blaming the documents’ release on the Guardian’s book WikiLeaks: Inside Julian Assange’s War on Secrecy, by investigations editor David Leigh and Luke Harding, published in February 2011.
The statement, released on WikiLeaks’s official Twitter feed, alleged: “A Guardian journalist has, in a previously undetected act of gross negligence or malice, and in violation of a signed security agreement with the Guardian’s editor-in-chief Alan Rusbridger, disclosed top secret decryption passwords to the entire, unredacted, WikiLeaks Cablegate archive. We have already spoken to the state department and commenced pre-litigation action. We will issue a formal statement in due course.” The Guardian denies WikiLeaks’s allegations.
The embassy cables were shared with the Guardian through a secure server for a period of hours, after which the server was taken offline and all files removed, as was previously agreed by both parties. This is considered a basic security precaution when handling sensitive files. But unknown to anyone at the Guardian, the same file with the same password was republished later on BitTorrent, a network typically used to distribute films and music. This file’s contents were never publicised, nor was it linked online to WikiLeaks in any way.
Read more on The Guardian. WikiLeaks’ editorial on the breach can be found here.

Protecting Twits!
Bitdefender Launches Anti-Malware Protection For Twitter
Bitdefender’s new Safego protection for Twitter scans your profile for spam, phishing attempts and malware, and automatically notifies you when threats are detected.
Similar to the company’s Safego Facebook app, the new Twitter protection (now in beta), uses the same anti-malware and anti-phishing engines to scan the URLs posted to your profile.

An interesting business model – consolidate the sites of other online vendors and smooth the search interface. No inventory or customer service hassle, just a small percentage of each sale.
Online Retail Giant CSN Stores Rolls Its 200+ Shopping Sites Into One Brand:

Good on ya Google!
8/30/2011 11:50:00 AM
We understand that it’s not always easy or affordable for our troops serving overseas to call friends and family at home, so starting today we’re making it completely free for all uniformed military personnel with valid United States Military (.mil) email addresses to call the United States, right from Gmail.

“Hey guys! We gotta do something about this Global Warming thing, so let's spend billions on something! We can figure out later why it didn't work.” (Al Gore's chart tying Carbon Dioxide to Global Warming was one of the first things scientists attacked, because it was clearly flawed.)
"You may or may not be old enough to remember the TV commercial for margarine that had the tag line: 'It's not nice to fool Mother Nature.' But that commercial came to mind as I was reading a report out recently that looked at the viability of large climate engineering projects that would basically alter large parts of the atmosphere to reduce greenhouse gases or basically reverse some of the effects of climate change. The congressional watchdogs at the Government Accountability Office took a look at the current state of climate engineering science and technology (PDF), which generally aims at either carbon dioxide removal or solar radiation management."

(Related) Will this be enough to kill an industry before it is born? Will we repeal Carbon Credits?
Has the AGW argument imploded?
A new study by a European nuclear research group appears to show that the actual prime cause of temperature shifts in the Earth’s climate isn’t carbon dioxide at all, or even the broader range of “greenhouse gases,” but the large ball of fire in the center of the solar system. Not that this study from CERN has attracted much attention in the media, at least not in the US — but at least Nature reported the results and the implications:
… In fact, AGW skeptics have long pointed to solar cycles as a much more likely explanation for the gradual but uneven warming seen over the last century or so.

Wednesday, August 31, 2011

A La the Lower Merion School District case, finding a stolen laptop does not require you to read the users mail or look at their pictures?

Publicly Shaming Laptop Thieves Catches Bystanders in the Crossfire

"Embarrassing thieves by exposing them using laptop recovery software makes for fun tech stories, but what about a case of a person being literally exposed after cops and a software company got their hands on naked photos she exchanged with her long-distance boyfriend, not realizing the machine was stolen? (She bought it for $60 so she should have known, but still). The case is going to trial in Ohio in September. The plaintiffs argue that the software company had the right to get the computer's location in order to recover it, but that it should not have intercepted the nude photos and shared those with the cops. Seems like a legitimate complaint and the plaintiffs are especially sympathetic in not realizing the device was stolen."

Good luck with that guys...

Pakistan Bans Encryption

"After some rumors of this last month, Pakistan has now officially told all of the country's ISPs that they need to block all encrypted VPNs since content running over such services cannot be monitored by the government."


Twitter Starting to Make SSL Encryption the Default

Heads up for your Computer Security manager...

New Worm Preys On Weak & Helpless Passwords For Windows Remote Desktop

Like many previous worms, this new threat is not technically sophisticated but remains effective due to its persistence. While only a small number of systems may be accessible with the passwords that Morto tries, the worm uses every infected machine to scan for additional targets and spreads itself relentlessly. One infection on a network can quickly turn into a full-blown PC plague. Infected machines also have their security software discreetly terminated, making the worm more difficult to find and remove.

… Protection against Morto is simple. Disabling Windows Remote Desktop will cut off its means of infection. Alternatively, a strong password containing random letters and numbers can thwart the worm.

Just a reminder...

You’re only as secure as your business partners

… Almost every company could be owned just as RSA and Sony were, even firms that embrace the security best practices I’ve advocated for the past 20 years, including better end-user education, faster and more inclusive patching, stronger authentication, improved monitoring, and quicker response to incidents. Of course, my regular readers have been taken all these important measures for a long time — but how about your partners? If they haven’t, they might well be putting your organization at risk.


Wikileaks: MPAA ‘Secret Pusher’ of BitTorrent Trial Against Aussie ISP

We’ve covered the landmark court battle between the Australian Federation Against Copyright Theft (AFACT) and the Aussie ISP iiNet in great detail here at TorrentFreak.

AFACT wants to hold iiNet responsible for the copyright infringing activities of their users, but they have been unsuccessful thus far.

Interestingly enough, a Wikileaks cable that was just released reveals that the MPAA (thus the American movie studios) are a main facilitator of the legal action.

Sounds like they have a point (or two)

EPIC Files For Rehearing In Body Scanner Case

"The Electronic Privacy Information Center has filed for a rehearing in their case against DHS regarding airport body scanners. In their latest court filing (PDF), EPIC argues that last month's ruling requiring a public comment period but no other changes was based on incorrect information. From TFA: '"The court overstated the effectiveness of the body scanner devices and understated the degree of the privacy intrusion to the travelling public," stated EPIC President Marc Rotenberg. EPIC's petition challenged the Court's finding that the devices detect "liquid and powders," which was never established and was not claimed by the government. EPIC also argued that the court wrongly concluded that the TSA is not subject to a federal privacy law that prohibits video voyeurism. The panel found that TSA body scanner employees are "engaged in law enforcement activity," contrary to the TSA's own regulations.' Note that this is a request for a rehearing with the same court that rejected their request to stop TSA's use of body scanners. It is not an appeal to a higher court. Is EPIC likely to obtain a more favorable ruling from the same court?"

One more tail twitch from the snake that wouldn't die?

Novell Wins Against SCO Again

"The Tenth Circuit Court of Appeals has just affirmed the District Court ruling in SCO v Novell (PDF) in its entirety. The decision is quite a good read and lays out the reasons why the court has rejected, in toto, SCO's attempt to re-argue the case before the Court of Appeals. Is this the last gasp for SCO or will they try to appeal this to the Supreme Court? The betting lines open at 11..."

Realistically this is the end of the line for the case.

Increasingly, this sounds like HP is still in the game – or at least they want to keep their manufacturing arm going until they can spin them off...

One Final Manufacturing Run of Touchpads

"HP has announced a limited manufacturing run of Touchpads to be available in the next few weeks. The HP employee making the announcement posted 'I think it's safe to say we were pleasantly surprised by the response' to their massively discounted, sold-at-a-huge-loss tablet."

Tuesday, August 30, 2011

Right up there with death and taxes on “Ye olde inevitable list.” But fear not. A password will protect these records for hundreds of years...

There's Been a Leak At WikiLeaks

"German paper Der Freitag claims it has uncovered a batch of online unredacted diplomatic cables that came from WikiLeaks. Editor Steffen Kraft said he found a 'password protected csv file' that contained a 1.73GB cache of diplomatic cables from WikiLeaks. Its pages contained 'named or otherwise identifiable "informers" and "suspected intelligence agents" from Israel, Jordan, Iran, and Afghanistan.'"

(Related) ...or maybe not. Interesting that the US Government concluded that this deal was in the country's best interest. (Or perhaps Oracle's lobbyists were earning their pay?)

US Gov't Lobbied EU To Approve Oracle-Sun Merger

"Cables leaked by Wikileaks have revealed that the U.S. Government actively pressured the EU Competition Commissioner to approve Oracle's acquisition of Sun Microsystems. The cable reveals that the U.S. went to great lengths to discover how the competition commissioner felt about the 'pro-competitive' nature of open source software and whether this would represent a threat to the US$7.4 billion deal."

Interesting because this suggests that Privacy is valued or perhaps one billionaire (Bloomberg) has found a way to stick it to another – even if it is for a paltry $27 mil...

Murdoch Loses $27 Million Contract With N.Y. Schools

… According to The Huffington Post, Michael Mulgrew and Richard Iannuzi, respective heads of New York City’s and the state’s teachers’ unions, protested the proposed contract with Murdoch’s company earlier this month: “It is especially troubling that Wireless Generation will be tasked with creating a centralized student database for personal information even as its parent company, News Corporation, stands accused of engaging in illegal news gathering tactics, including the hacking of private voicemail accounts.” —ARK

Interesting speculation? The ultimate Christmas present? A victory for content over hardware?

Amazon could sell 5 million tablets next quarter

… Sharing her thoughts in a blog post yesterday, Forrester analyst Sarah Rotman Epps said that if Amazon can launch a tablet below $300 and provide enough supply to meet demand, it could sell anywhere from 3 million to 5 million tablets in the next quarter.

Earlier this month, Taiwanese news outlet CENS cited information that claimed Amazon was already planning to order anywhere from 800,000 to 1 million tablets per month from August through October from supplier Quanta Computer. An Amazon tablet could launch as early as October, according to Epps.

… Whatever device surfaces, a price point under $300 means Amazon would sell the tablet at a loss. But the goal would be to turn a healthy profit from all the digital books, music, videos, and apps sold to tablet users rather than from the hardware itself.

To Blog or not to Blog...

August 29, 2011

World Bank Policy Research Working Paper - The Impact of Economics Blogs

The Impact of Economics Blogs, David McKenzie and Berk Özler, August 2011

  • "There is a proliferation of economics blogs, with increasing numbers of economists attracting large numbers of readers, yet little is known about the impact of this new medium. Using a variety of experimental and non-experimental techniques, this study quantifies some of their effects. First, links from blogs cause a striking increase in the number of abstract views and downloads of economics papers. Second, blogging raises the profile of the blogger (and his or her institution) and boosts their reputation above economists with similar publication records. Finally, a blog can transform attitudes about some of the topics it covers."

I'll tuck this away for my next Presentation Class (and send it to a few of my PowerPoint Challenged colleagues...

Short and Sweet Presentation Advice

In the two minute video below Kawasaki shares his advice for delivering an effective presentation. In the video he is speaking to a tech/ business audience, but 98% of what he says applies to any audience.

Now we're getting to the point where an entire education (K-PhD) can be stored on one device. Don't forget to backup your life!

New USB 3.0 Flash Drive Has 2 TB of Storage

"During Display Taiwan, Transcend and Taiwan's ITRI displayed a finger-long USB stick that reportedly offers 2 TB of storage. That's no typo. It somehow holds up to 2 terabytes worth of information. So far neither company has released anything official in regards to specs or a simple introduction, nor does the high-capacity USB 3.0 stick appear on Display Taiwan's website. But as seen in the video below, the 'Thin Card' thumb drive is even smaller than a thumb, measuring slightly thicker than a penny. It offers a minimum of 16 GB and a maximum of 2 TB."

This is not a trivial Infographic – there are many layers. I would like to see it a bit less cartoonish but perhaps that is appropriate for my students.

Tuesday, August 30, 2011

How To Do Research - An Interactive Map

One of the challenges that every student faces at one time or another is conducting focused and efficient research. The folks at the Kentucky Virtual Library know this and put together an interactive map of the research process for students. The map, titled How To Do Research, walks students through the research process from start to finish with every step along the way. One of the things about this map that school librarians will like is that it is not focused solely on web research. How To Do Research includes a good section about using library catalogs, books, and magazines.

Monday, August 29, 2011

A service for its ad customers?

Schmidt: G+ 'Identity Service,' Not Social Network

"Eric Schmidt has revealed that Google+ is an identity service, and the 'social network' bit is just bait. Schmidt says 'G+ is completely optional,' not mentioning that Google has admitted that deleting a G+ account will seriously downgrade your other Google services. As others have noted, Somewhere, there are two kids in a garage building a company whose motto will be 'Don't be Google.'"


August 28, 2011

The PII Problem: Privacy and a New Concept of Personally Identifiable Information

The PII Problem: Privacy and a New Concept of Personally Identifiable Information (July 8, 2011). New York University Law Review, Vol. 86, 2011. Paul M. Schwartz and Daniel J. Solove.

  • Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm. At the same time, there is no uniform definition of PII in information privacy law. Moreover, computer science has shown that in many circumstances non-PII can be linked to individuals, and that de-identified data can, in many circumstances, be re-identified. PII and non-PII are thus not immutable categories, and there is a risk that information deemed non-PII at one point in time can be transformed into PII at a later juncture. Due to the malleable nature of what constitutes PII, some commentators have even suggested that PII be abandoned as the means to define the boundaries of privacy law. In this Article, Professors Paul Schwartz and Daniel Solove argue that although the current approaches to PII are flawed, the concept of PII should not be abandoned. They develop a new approach called “PII 2.0,” which accounts for PII’s malleability. Based upon a standard rather than a rule, PII 2.0 is based upon a continuum of risk of identification. PII 2.0 regulates information that relates to either an “identified” or “identifiable” individual, and it establishes different requirements for each category. To illustrate their theory, Schwartz and Solove use the example of regulating behavioral marketing to adults and children. They show how existing approaches to PII impede the effective regulation of behavioral marketing and how PII 2.0 would resolve these problems."

It's like eye-witnessing, but with augmentation. Police cameras in their cruisers and Red Light or Speeding cameras are just the reverse...

Mass. Court Says Constitution Protects Filming On-Duty Police

Even in a country and a world where copyright can be claimed as an excuse to prevent you from taking a photo of a giant sculpture in a public, tax-paid park, and openly recording visiting police on your own property can be construed as illegal wiretapping, it sometimes seems like the overreach of officialdom against people taking photos or shooting video knows no bounds. It's a special concern now that seemingly everyone over the age of 10 is carrying a camera that can take decent stills and HD video. It's refreshing, therefore, to read that a Federal Appeals Court has found unconstitutional the arrest of a Massachusetts lawyer who used his phone to video-record an arrest on the Boston Common. (Here's the ruling itself, as a PDF.) From the linked article, provided by reader schwit1: "In its ruling, which lets Simon Glik continue his lawsuit, the U.S. Court of Appeals for the First Circuit in Boston said the wiretapping statute under which Glik was arrested and the seizure of his phone violated his First and Fourth Amendment rights."

...but what if it's all a marketing ploy, like changing the Coca Cola formula?

Ex-Board Member Says HP Is Committing 'Corporate Suicide'

"If Apple's looking for a seamless transition, advises the NYT's James B. Stewart, it definitely shouldn't look to Hewlett Packard. In the year after HP CEO Mark Hurd was told to hit-the-road-Jack, HP — led by new CEO Leo Apotheker — has embarked on a stunning shift in strategy that has left many baffled and resulted in HP's fall from Wall Street grace (its stock declined 49%). [Would the people who get huge stock price based bonuses do that to themselves? Bob] The apparent new focus on going head-to-head with SAP (Apotheker's former employer) and Oracle (Hurd's new employer) in enterprise software while ignoring the company's traditional strengths, said a software exec, is 'as if Alan Mulally left Boeing to join Ford as CEO, and announced six months later that Ford would be making airplanes.' Former HP Director Tom Perkins said, 'I didn't know there was such a thing as corporate suicide, but now we know that there is.'"

How about that! My extensive reading of SciFi has made me an IP resource!

Sci-fi tech as prior art: Tablets are just the start

Samsung's latest salvo against Apple and its attempts at barring the company from selling its line of Galaxy phones and tablets in the U.S. involved a bold trick earlier this week: saying Apple's iPad design patent should be tossed on the grounds that others have gotten there first.

The proof for that claim? Science fiction, of course.

Samsung last week cited Stanley Kubrick's 1968 film "2001: A Space Odyssey" wherein two of the astronauts watch video on two separate tablet devices while eating a meal. In its brief, Samsung says those tablets share design similarities with the tablet depicted in a granted Apple design patent, and the patent should therefore be tossed from Apple's effort.

That very idea opens up a wealth of other gadgets to scrutiny of "what came first?" Without further ado: a handful of gadgets that could be targeted for trailing their fictional media counterparts.

Sunday, August 28, 2011

One of those slow news days. Perhaps everyone is filling sandbags before the hurricane hits?

Another confusing case. It's illegal, but if you have good intentions you will be acquitted?

When can you eavesdrop on police? Chicago case exposes legal gray area.

A Chicago woman was acquitted Wednesday of felony eavesdropping charges for recording two police officers on her BlackBerry phone without their consent.

The case points to a legal gray area, in which the recording was clearly against state law, but a jury acquitted Tiawanda Moore because it felt she was trying to expose wrongdoing within the department. The two internal affairs investigators were allegedly trying to pressure her to drop a complaint she had filed against a Chicago police officer who she said had fondled her and given her his personal phone number after he responded to a domestic disturbance call in her home.