Saturday, October 08, 2011

I could probably write these press releases myself. All it takes is a bit of obfuscation, double-think and chutzpah...
By Dissent, October 7, 2011
Three unencrypted computer backup tapes containing patient billing and employee payroll data have been reported missing from a Nemours facility in Wilmington, Delaware. The tapes were stored in a locked cabinet following a computer systems conversion completed in 2004. [I wonder if they had been seen since then? Bob] The tapes and locked cabinet were reported missing on September 8, 2011 and are believed to have been removed on or about August 10, 2011 during a facility remodeling project.
There is no indication that the tapes were stolen or that any of the information on them has been accessed or misused. Independent security experts retained by Nemours determined that highly specialized equipment [a tape reader Bob] and specific technical knowledge [How to push the “ON” button? Bob] would be necessary to access the information stored on these backup tapes. There are no medical records on the tapes.
“This is an isolated incident unrelated to patient care and safety,” said David J. Bailey, M.D., President and Chief Executive Officer. “The privacy of our patients, their families, and our employees and business partners is a high priority to all of us at Nemours.”
The information on the tapes dates principally between 1994 and 2004 and relates to approximately 1.6 million patients and their guarantors, vendors, and employees at Nemours facilities in Delaware, Pennsylvania, New Jersey and Florida. The missing backup tapes contained information such as name, address, date of birth, Social Security number, insurance information, medical treatment information, and direct deposit bank account information.
Nemours is notifying individuals who may have been affected and offering them one year of free credit monitoring and identity theft protection as well as call center support. Additionally, Nemours is taking immediate steps to strengthen its data security practices. These include moving towards encrypting all computer backup tapes [not actually encrypting the backups, but thinking about possibly scheduling a planning meeting to consider forming a committee to evaluate potential processes that might eventually lead to a procedure, etc. Bob] and moving non-essential computer backup tapes to a secure off-site storage facility.
Source: Nemours Press Release

Identity theft seems to be the hot new “Franchise” for criminals.
More than 100 arrested in massive NYC theft ring
… In total, 111 people were arrested and more than 85 are in custody; the others are still being sought. Five separate criminal enterprises operating out of Queens were dismantled. They were hit with hundreds of charges, said Queens District Attorney Richard Brown, calling it the largest fraud case he'd ever seen in his two decades in office.
… The enterprise had been operating since at least 2010 and included at least one bank and restaurants, mostly in Queens. Authorities say the graft operated like this:
At least three bank workers, retail employees and restaurant workers would steal credit card numbers in a process known as skimming, in which workers take information from when a card is swiped for payment and illegally sell the credit card numbers. Different members of the criminal enterprise would steal card information online.
The numbers were then given to teams of manufacturers, who would forge Visas, MasterCards, Discover and American Express cards.
… The plastic would be given to teams of criminal "shoppers" for spending sprees at higher-end stores including Apple, Bloomingdale's and Macy's. The groups would then resell the merchandise oversees to locations in China, Europe and the Middle East.
All told, more than $13 million was spent on iPads, iPhones, computers, watches and fancy handbags from Gucci and Louis Vuitton, authorities said.

Each new technology ignores the lessons learned by earlier technologies...
October 07, 2011
Wired Reports Keylogger Computer Virus Has Infected U.S. Drone Fleet
Danger Room: "A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones. The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system."
[From the article:
We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”
… The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech.
… But despite their widespread use, the drone systems are known to have security flaws. Many Reapers and Predators don’t encrypt the video they transmit to American troops on the ground. In the summer of 2009, U.S. forces discovered “days and days and hours and hours” of the drone footage on the laptops of Iraqi insurgents . A $26 piece of software allowed the militants to capture the video.

The first job for any bureaucracy is to survive and grow. Solving problems is contrary to this goal.
White House Issues ‘WikiLeaks’ Order to Secure Classified Data
… The so-called “WikiLeaks Order” (.pdf) was issued by President Obama on Friday and largely focuses on establishing committees, offices and task forces to work on implementing a balance between the needs of federal agencies to access classified data and the necessity of securing that data against improper usage and leaks.

It looks like the next Privacy Foundation seminar will address how lawyers calculate/estimate/guess Damages following a Privacy Breach. Articles like this one lead me to ask my lawyer friends if there is a polite way to initiate a lawsuit – i.e. one that suggests a settlement is possible without the need to mount a “full court press” defense? What are the signals?
Citigroup Sued by Cardholders Over May Security Breach
October 7, 2011 by admin
Patricia Hurtado reports:
Citigroup Inc. (C), the third-largest U.S. bank, was sued by cardholders over a May computer security breach that affected more than 360,000 accounts.
Kristina and Steven Orman of Northport, New York, sued Citigroup in federal court in Manhattan today, seeking to represent victims of the hacking in a class-action, or group, lawsuit. Money was stolen from their bank account and their credit cards were illegally used by third parties following the breach, they said.
Read more on Bloomberg.
[From the article:
“Defendants have taken no steps that adequately or effectively protect cardholders against illegal use of the cardholders’ sensitive and extensive financial records since the breach,” the Ormans alleged in the complaint. They seek unspecified damages.
Citigroup said in June that the breach, affecting 1.5 percent of its card customers in North America, was discovered at Citi Account Online during routine monitoring.
… Citigroup also failed to disclose how it concluded that “more sensitive information like social security numbers, birth dates, card expiry dates and CVV card security codes were not compromised,” according to the complaint.

Ameritrade lawsuit settlement approved
October 7, 2011 by admin
In one of the longer-running databreach lawsuits, a court has now approved the settlement in the Ameritrade case. Associated Press reports that the deal will cost Ameritrade between $2.5 million and $6.5 million. Settlement details are available online at

Obvious in retrospect.
Google Adds More Security to Google+ [News]
… Previously, Plus users could only make content private after it was made public to one or more of their Plus Circles. But now you can select privacy controls before content is posted.

...and let's not forget, maybe they're better than everyone else?
Google and the antitrust inquiry: Fighting shadows
As Google’s federal antitrust case winds its way through the halls of justice in Washington, investigators for the Federal Trade Commission and the Justice Department will have to consider some fundamental questions about how to apply antitrust law to a company whose primary products are free — and whose monopoly was arguably gained not through coercive relationships but through the power of an algorithm. In other words, what does the word “monopoly” even mean when applied to a web-based entity like Google? Are network effects a barrier to entry, as some have argued, or are online monopolies inherently more fragile than their real-world cousins?

At least I can use Google to find a book I might want to read, then actually purchase it or have my library run it down.
October 07, 2011
The Song of the Sirens: Google Book's Project and Copyright in a Digital Age
The Song of the Sirens: Google Book's Project and Copyright in a Digital Age, Clarice Castro and Ruy De Queiroz, September 1, 2011
  • "Numerous scholars have highlighted the extraordinary book-scanning project created by Google in 2004. The project aims to create a digital full text search index which would provide people with online access to books and assist research. A few months after the original idea started being implemented, the Authors Guild and the Association of American Publishers-AAP filed a class-action lawsuit, claiming that Google Book’s Project violated copyright law in the United States. The main contention was that the books which were not under public domain could not have been scanned without permission and compensation for authors and publishers. Google’s Book Project radically changed its character from the time of its birth until the negotiation of an Amended Settlement Agreement - ASA with the plaintiffs. It has raised serious controversies not only regarding different aspects of the future of the Internet but also over the issue of privatization of knowledge. Those in favour of the initiative highlight the astonishing accomplishment of Google, allowing us to access books more easily than ever before in human history. However, their claim is as dangerous as the song of the sirens. While at first sight Google tells a tale of extraordinary inclusion, it excludes those who cannot pay to access snippets or limited view of around 80% of the books available. We will also discuss the Amended Settlement Agreement of Google with the Author’s Guild and its failure on March, 2011. Finally, we will explore the concept of “fair use,” or “exceptions and limitation on copyright,” which provides for full access to books to any individual, library or archive as long as they are used for educational or scientific purposes."

For my CJ students... Isn't his something Facebook already does for free?
"The FBI by mid-January will activate a nationwide facial recognition service in select states that will allow local police to identify unknown subjects in photos, bureau officials told Nextgov. The federal government is embarking on a multiyear, $1 billion dollar overhaul of the FBI's existing fingerprint database to more quickly and accurately identify suspects, partly through applying other biometric markers, such as iris scans and voice recordings."

(Related) Not sure I agree, but this might be interesting to kick around...
Forensic DNA Could Make Criminal Justice Less Fair

For my Data Mining and Data Analytic students
October 07, 2011
Six Provocations for Big Data
Six Provocations for Big Data, Danah Boyd and Kate Crawford
  • "The era of Big Data has begun. Computer scientists, physicists, economists, mathematicians, political scientists, bio-informaticists, sociologists, and many others are clamoring for access to the massive quantities of information produced by and about people, things, and their interactions. Diverse groups argue about the potential benefits and costs of analyzing information from Twitter, Google, Verizon, 23andMe, Facebook, Wikipedia, and every space where large groups of people leave digital traces and deposit data. Significant questions emerge. Will large-scale analysis of DNA help cure diseases? Or will it usher in a new wave of medical inequality? Will data analytics help make people’s access to information more efficient and effective? Or will it be used to track protesters in the streets of major cities? Will it transform how we study human communication and culture, or narrow the palette of research options and alter what ‘research’ means? Some or all of the above? This essay offers six provocations that we hope can spark conversations about the issues of Big Data. Given the rise of Big Data as both a phenomenon and a methodological persuasion, we believe that it is time to start critically interrogating this phenomenon, its assumptions, and its biases.
(This paper was presented at Oxford Internet Institute’s A Decade in Internet Time: Symposium on the Dynamics of the Internet and Society on September 21, 2011.)"

Data Mining: DHS Needs to Improve Executive Oversight of Systems Supporting Counterterrorism, GAO-11-742, Sep 7, 2011

"ISPs are wildly exaggerating the cost of increased internet traffic, according to a new report. Fixed and mobile broadband providers have claimed their costs are 'ballooning' because of the expense of delivering high-bandwidth services such as video-on-demand. However, a new report from Plum Consulting claims the cost per additional gigabyte of data for fixed-line ISPs is between €0.01-0.03 per GB. The report labels claims of ballooning costs a 'myth.'"

Also shocking: How dare anyone suggest that politicians “get it!”
"Apparently there are some politicians who 'get it.' At least it seems that way after reading an entry on the blog of Rick Falkvinge (founder of the Swedish Pirate Party). He says the Green party group, fifth largest in the European Parliament, has officially adopted several of the Pirate Party's stances in a new position paper (PDF). The Greens say, 'the copyright monopoly does not extend to what an ordinary person can do with ordinary equipment in their home and spare time,' adding that a 20-year protection term is more reasonable than 70 years. They go on to say, 'Net Neutrality must be guaranteed,' and also mention DRM: 'It must always be legal to circumvent DRM restrictions, and we should consider introducing a ban in the consumer rights legislation on DRM technologies that restrict legal uses of a work.'"

Friday, October 07, 2011

“We have clear evidence that we detected this early enough to stop it, but couldn't be bother to actually do anything.” Wow, that makes me confident they are protecting my money...
A few weeks ago, UBS employee Kweku Adoboli (universally described as a "rogue trader") ran up a $2 billion loss for his employer; many readers wondered how it is the systems which allow trades to happen at all aren't better tuned to catch such massive cash flows without triggering alerts. Now, reader DMandPenfold submits a report from Computerworld UK in which the bank claims that such triggers were in place — they were simply not acted on. From the article:
"UBS has insisted its IT systems did detect unusual and unauthorised trading activity, Interim chief executive Sergio Ermotti, who is running the company following Oswald Grubel's resignation last month, sent a memo to employees saying the bank is aware that its systems did detect the rogue activity. In the memo, Ermotti wrote: 'Our internal investigation indicates that risk and operational systems did detect unauthorised or unexplained activity but this was not sufficiently investigated nor was appropriate action taken to ensure existing controls were enforced.'"

Predicting crime: good. Looking at everyone all the time rather than looking for anomalies: bad (and rather wasteful, unless the assumption is that most 'citizens' are criminals) This appears to be an attempt to automate the behavioral checking that Israel uses at airports. Good luck with that.
Homeland Security moves forward with 'pre-crime' detection
An internal U.S. Department of Homeland Security document indicates that a controversial program designed to predict whether a person will commit a crime is already being tested on some members of the public, CNET has learned.
… It's unclear why the June 2010 DHS document (PDF) specified that information is currently collected or retained on members of "the public" as part of FAST, and a department representative declined to answer questions that CNET posed two days ago.
Peter Boogaard, the deputy press secretary for the Department of Homeland Security, provided a statement to CNET that said:
The FAST program is only in the preliminary stages of research and there are no plans for acquiring or deploying this type of technology at this time.
FAST is designed to track and monitor, among other inputs, body movements, voice pitch changes, prosody changes (alterations in the rhythm and intonation of speech), eye movements, body heat changes, and breathing patterns. Occupation and age are also considered. A government source told CNET that blink rate and pupil variation are measured too.
A field test of FAST has been conducted in at least one undisclosed location in the northeast. "It is not an airport, but it is a large venue that is a suitable substitute for an operational setting," DHS spokesman John Verrico told in May.

Perspective: Didn't Maine recently give tablets to schoolchildren? But why would WY be number two?
Maine Was the Top State for Tablet Lovers in September
Targeted mobile advertising firm Jumptap has released its MobileSTAT market share report for September concerning tablet and smartphone usage trends across the United States. The big surprise? The state of Maine had the highest tablet use in the U.S. in September, followed by other vacationland spots like Hawaii, New Hampshire and Virginia. Jumptap says that 93% of tablet traffic comes over Wi-Fi while the iPad controlled the sector with 75% of usage.

Because you never know which one will work best...
Thursday, October 6, 2011
Vessenger, producers of a group messaging system, offers a free program for capturing and annotating images on your computer screen. The free program, called Snaplr, is available for Windows and Mac.
Snaplr reminds me a bit of Jing without the video option. With Snaplr installed you can capture all or part of your screen. Snaplr's annotation tools include text boxes, highlighting, and free-hand drawing tools. When you've finished creating your annotated screen capture you can save it as a PNG file or attach it to an email message in Outlook.

Thursday, October 06, 2011

The main reason not to use real data in testing is that real data make lousy teat data. It has already been run through system edits and contains no errors for the new system to detect and handle.
By Dissent, October 5, 2011
The Stanford Hospital breach is a useful reminder of why you shouldn’t use real data sets for testing. Kevin Sack of the New York Times reports:
Private medical data for nearly 20,000 emergency room patients at California’s prestigious Stanford Hospital were exposed to public view for nearly a year because a billing contractor’s marketing agent sent the electronic spreadsheet to a job prospect as part of a skills test, the hospital and contractors confirmed this week. The applicant then sought help by unwittingly posting the confidential data on a tutoring Web site.

Isn't the alternative, “We are grossly incompetent?” Which message would you like to send?
"After six days of spotty service and outages with its online and mobile sites, Bank of America today said it has not been the victim of a denial of service attack, hacking or malware. Yet, the bank has set up a new homepage that it says will help customers navigate to the proper online service. Internet monitoring service Keynote said the outage is unprecedented in banking. 'I don't think we've seen as significant and as long an outage with any bank. And I've been with Keynote for 16 years now,' said Shawn White, vice president of operations for web monitoring service Keynote Systems. In the meantime, a BofA spokeswoman continued to divulge what might be happening, saying 'We're not going to get into the technical details. We're not going to comment on the technicalities of what we do.' Speculation among experts has been that the site is under attack."
[From the speculation article:
The outages, which includes the bank’s hobbled home page as well as delays and difficulty in accessing online banking, began Friday morning, a day after the bank announced it would charge a $5 monthly fee for account holders using their debit cards.

How is “acceptable use” defined and does management actually try to ensure that unacceptable use is detected and corrective action taken? I think it will be real interesting to find out why everyone was looking at this woman, apparently to the point where she became aware of the scrutiny.
MN: DVS Database Searches of Woman’s History May Be Data Breach
October 5, 2011 by Dissent
Paul Blume reports:
A recent audit at the state’s driver and vehicle services division has 18 law enforcement agencies — including the FBI in Minneapolis — looking into why one woman’s private data was accessed 400 times within four years and whether or not it was justified.
There are currently investigations at multiple state agencies, including the University of Minnesota Duluth Police Department.
Read more on MyFox9.
In this case, the woman herself raised the issue that started the ball rolling on investigating whether there has been improper access. Aren’t departments or agencies supposed to have audit procedures already in place that would flag unusual numbers of access requests? I realize that there are multiple agencies involved here, but if they’re all accessing the same record, why didn’t that send up a flag?

It's like we've all agreed to disagree...
October 05, 2011
Cell Phone and Texting Laws
Governors Highway Safety Administration, Cell Phone Laws and Texting, October 2011 "This chart outlines all state cell phone and text messaging laws. Some local jurisdictions may have additional regulations. Enforcement type is shown in parenthesis.
  • Handheld Cell Phones: 9 states, D.C. and the Virgin Islands prohibit all drivers from using handheld cell phones while driving. Except for Maryland, all laws are primary enforcement—an officer may cite a driver for using a handheld cell phone without any other traffic offense taking place.
  • All Cell Phone Use: No state bans all cell phone use (handheld and hands-free) for all drivers, but many prohibit all cell phone use by certain drivers - Novice Drivers: 30 states and D.C. ban all cell phone use by novice drivers. School Bus Drivers: Bus drivers in 19 states and D.C. may not use a cell phone when passengers are present.
  • Text Messaging: 34 states, D.C. and Guam ban text messaging for all drivers. 31 states, D.C., and Guam have primary enforcement; the others, secondary. Novice Drivers: An additional 7 states prohibit text messaging by novice drivers. School Bus Drivers: 3 states restrict school bus drivers from texting while driving.
  • Some states such as Maine, N.H. and Utah treat cell phone use and texting as part of a larger distracted driving issue. In Utah, cellphone use is an offense only if a driver is also committing some other moving violation (other than speeding)."

"In a case explicitly decided to set a precedent, the California Appellate court has determined police officers can rifle through your cellphone during a traffic violation stop. ... Florida and Georgia are among the states that give no protection to a phone during a search. In particular, Florida law treats a smartphone as a 'container' for the purposes of a search, similar to say a cardboard box open on the passenger seat, despite the thousands of personal emails, contacts, and photos a phone can carry stretching back years. But after initially striking down cell phone snooping, California has now joined the list of states that allow cops to go through your phone without a warrant."
Interesting additional commentary, too, from UCSD law professor Shaun Martin.

Nein to nine!
Software Makers Win Big in Supreme Court Copyright Fight
The Supreme Court is refusing to review a federal appellate panel’s decision that software makers may use shrink-wrap and click-wrap licenses to forbid the transfer or resale of their wares.
Without comment, the justices on Monday let stand a 9th U.S. Circuit Court of Appeals ruling that is another erosion of the so-called “first-sale” doctrine, which the Supreme Court began to chip away at last year.

(Related) But I can still digitize my collection of Louis Armstrong records, right?
Rip your LPs! Get a USB turntable for $32.99

This is what is possible today. Should we be content with 2Mbps?
"UK service provider BT has launched its Fibre to the Premises (FTTP) product, pledging it will offer downstream speeds of 300Mbps by spring next year. At present, the service can hit 110Mbps downstream speeds and will be available in just six locations from the end of October. More locations will be added and speeds will rise, however, with a 1Gbps service currently being trialled in Kesgrave, Suffolk. There may be continuing disputes over BT Openreach's pricing of fibre products, given the recent industry in-fighting. Nevertheless, 300Mbps fibre will provide some pretty speedy downloads for end users."

Now computers are cheaper than a tank full of gas...
India launches $35 Aakash tablet computer for students
Commercial version of the tablet, priced at $60, expected to hit stores later this year
India has launched a touch screen tablet computer priced at just $35 (£23).
… The laptop -- which features Internet browsing, 2GB RAM, W-Fi and USB -- has been indigenously developed with custom-made low-cost motherboards and a 2-watt power system to make it work effectively in areas that have a poor power-supply, according to the NYT.

Something for my students
Google Image Chart Creator: Create Various Charts & Images That Are Embeddable

Something for my Geeky students
Download & Try Aurora 9 – A.K.A. Firefox 9 – For Free [News]

It's the start of a new Quarter, so I'll try to educate my students on e-Etiquette... You know, emails with subjects, salutations and signatures, punctuation, etc.
eEtiquette: Learn The Proper Etiquette For The Digital World

Wednesday, October 05, 2011

“We can control Big brother.” When all you have is a hammer, every problem starts looking like a nail. What happens when you have modern computer technology?
Hayden Urges Congress to Let NSA Monitor Public Networks for Threats
Former NSA and CIA director Michael Hayden revived a controversial meme on Tuesday when he urged Congress to allow his former agency to monitor public networks in order to defend against malicious activity coming from nation states and others.
“We’ve got capability on the sidelines wanting policy guidance,” he told the House Intelligence Committee, referring to the NSA. “And when we can enrich that guidance and get them in the field, the better — the safer — we are.”

(Related) We're already moving to ensure NSA can monitor everything...
FCC Wants GPS In Every Phone By 2018
… The FCC has ruled that all telephone service providers — including VOiP services — must offer only GPS-capable handsets by 2018 to better aid in pin-pointing the location of 911 calls.

With some companies (Facebook) wanting to track users after they leave the site, I can see them wanting to keep information after they quit the service. (Or perhaps even if they never join)
October 04, 2011
Account Deactivation and Content Removal: Guiding Principles and Practices for Companies and Users
Account Deactivation and Content Removal: Guiding Principles and Practices for Companies and Users, Erica Newland, Caroline Nolan, Cynthia Wong, and Jillian York. The Berkman Center for Internet & Society and. The Center for Democracy & Technology, September 2011
  • "This report explores these dilemmas, and recommends principles, strategies, and tools that both user-generated content (UGC) platforms and users can adopt to mitigate the negative effects of account deactivation and content removal. We use select examples to highlight good company practices, including efforts to balance complex and often competing considerations—the enforcement of site guidelines, responses to government pressure, the free expression and privacy rights of users, and the potential risks faced by activists—in consistent, transparent, and accountable ways. Importantly, this report does not put forth a one-size-fits-all solution for the complex set of challenges raised by Terms of Use (ToU) enforcement. Platforms vary in terms of history, mission, content hosted, size, and user base, and no single set of practices will be an appropriate fit in every case. Moreover, while the examples in this report focus on platforms that host social media, the recommendations are broadly applicable to companies that host different types of user-generated content."

(Related) We need to collect tools like these...
CyberGhost: Surf Anonymously With A Free VPN Connection
If you are worried about privacy and feel uncomfortable browsing some websites because you may compromise your information, CyberGhost is an excellent tool to fix that problem. It is a free VPN that lets you surf the web anonymously so you don’t have to worry about websites spying on you or hackers getting your information.
With the free version, you can browse up to 1GB of traffic for up to 6 hours at any given time. The tool not only works for browsers but also for messengers and download clients such as Torrents and FTP. It completely eliminates the need for searching for new proxy servers every day.

No comment (that isn't insulting)
"Proposed legislation under debate in Italy has Wikipedia warning of a shutdown for the Italian version of the site. They say the law would create 'a requirement to all websites to publish, within 48 hours of the request and without any comment, a correction of any content that the applicant deems detrimental to his/her image.' They further explain. 'Unfortunately, the law does not require an evaluation of the claim by an impartial third judge — the opinion of the person allegedly injured is all that is required, in order to impose such correction to any website. Hence, anyone who feels offended by any content published on a blog, an online newspaper and, most likely, even on Wikipedia can directly request the removal of such contents and its permanent replacement with a "corrected" version, aimed to contradict and disprove the allegedly harmful contents, regardless of the truthfulness of the information deemed as offensive, and its sources.'"

For my Statistics students...
October 04, 2011
Statistical Abstract of the United States: 2012
  • "This annual factbook contains more than 1,400 tables of social, political and economic facts about our nation and the world. Among the broad topics covered are marriage and divorce, health, education, law enforcement, national security, social insurance, business, science and technology, agriculture, natural resources, energy, information and communications, banking and international statistics. The source of the data is not limited to the Census Bureau -- statistics are also derived from other federal agencies and private sources. Data in this edition are generally for the most recent year or period available by spring 2011."

For all my students
October 04, 2011’s new publications web site,
" offers publications from across government, on topics including: Cars | Consumer | Protection | Education | Employment | Federal Programs | Food | Health | Housing | Money
  • "You’ll find hundreds of free publications to read online, download in PDF format, or order in print. We also offer a small but growing number of e-books to download to your e-reader, tablet, or smart phone. Many publications are offered in both Spanish and English."

For all my students...
3 Excellent Tools To Track And Recover Your Stolen Laptop

The 10 Best Sites To Rent Or Buy College TextBooks Cheaply

What they can't say is, “Global Warming is good!”
Climate Shifts Sparked 17th-Century Conflicts
… Advances in paleoclimatology have enabled researchers to look back further in time than they ever could before. One of these scientists, geographer David Zhang of the University of Hong Kong, was particularly interested in how hot and cold spells affect human civilization.
Climate shifts were a statistically significant cause of social disturbance, war, migration, epidemics, famine, and nutritional status, the researchers report online today in the Proceedings of the National Academy of Sciences.

Another feature I didn't know was there...
Let Wolfram Alpha Create Your Password For You

Tuesday, October 04, 2011

“You were serious about dat?” Joe Pesci in “My Cousin Vinny”
By Dissent, October 3, 2011
Sue Dremman reports that a lawsuit has been filed against Stanford Hospital & Clinics and its former vendor, Multi-Specialty Collection Services, LLC. You can read about it on Palo Alto Online. This is one of those cases where I really do view a breached entity as a victim because SHC seems to have done everything right but they’ll still take the reputation hit and incur costs.
Keeping in mind that this is just SHC’s side of the story and we have yet to hear from MSCS:
Stanford officials said Multi-Specialty Collection Services, a California company, provided business and financial support to the hospitals. Multi-Specialty was operating under a contract that specifically required it to protect the privacy of the patient information. The hospital sent the data to Multi-Specialty in an encrypted format to protect its confidentiality.
A hospital investigation found that Multi-Specialty prepared an electronic spreadsheet from the data that had patient names, addresses and diagnosis codes. The company sent the spreadsheet to a third person who was not authorized to have the information and who posted it on a website.
“This mishandling of private patient information was in complete contravention of the law and of the requirements of MSCS’s contract with SHC and is shockingly irresponsible. SHC regrets that its patients’ confidentiality was breached and is committed to protecting the health and privacy of all of its patients,” the hospital said.
Read more on Palo Alto Online.

Probably not that big an increase. I'll bet they just didn't look for or notice most of them in earlier years...
GAO: Federal network security breaches spike 650 percent
October 3, 2011 by admin
Aliya Sternstein reports:
Reports of network security incidents at federal agencies have soared 650 percent during the past half-decade, jeopardizing the confidentiality and integrity of sensitive government information, federal auditors charged in a congressionally mandated report.
The most prevalent types of cyber events included infections from malicious code — 30 percent of incidents; violations of acceptable use policies; and intrusions into networks, applications and other data resources, states a Government Accountability Office report released on Monday.
Read more on NextGov.
[From the NextGov article:
The main reason agency computers are vulnerable to contamination is departments have failed to implement security controls, according to the audit. Agencies do not always adequately train personnel responsible for system security, regularly monitor safeguards, successfully fix vulnerabilities or resolve incidents in a timely fashion.

I would expect nothing less. After all, this is what they said they didn't do, but then said they did, but then blamed on the users.
suraj.sun sends word that a recent Facebook patent application details specific methods for tracking its users while they're using other websites. Michael Arrington pointed out over the weekend that this follows explicit statements from Facebook employees that the social networking giant has "no interest in tracking people." Quoting the Patent Application:
"In one embodiment, a method is described for tracking information about the activities of users of a social networking system while on another domain. The method includes maintaining a profile for each of one or more users of the social networking system, each profile identifying a connection to one or more other users of the social networking system and including information about the user. The method additionally includes receiving one or more communications from a third-party website having a different domain than the social network system, each message communicating an action taken by a user of the social networking system on the third-party website. The method additionally includes logging the actions taken on the third-party website in the social networking system, each logged action including information about the action."

(Related) “It's the user's fault that they didn't opt-out of the feature they didn't know about, but we were kind enough to opt them into...”
How To Avoid Appearing In Social Ads In Facebook & LinkedIn
… A social advertisement works in a very straightforward way: if you, by a coincidence or whatever reason, have liked a Facebook page or ad, your friends will see your “like” next time they see the same advertisement. You might feel comfortable with that, however most people are not aware of the fact that by simply “liking” something (and thus expressing a passive form of appreciation), they also start recommending the same thing to their friends. LinkedIn launched a somewhat similar form of social advertising this summer.
Another disturbing thing is that in both systems, you find yourself automatically “opted-in” the social advertising system. Yes, you can opt out, but only if you know about the system and can spend a little effort and a few minutes of your time to do a quick research on how to disable it for your profile. So here’s a quick guide for those who feel they don’t want to participate in social advertising at LinkedIn and Facebook.

Microsoft did what?
U.S. Privacy Laws Also Extend to Noncitizens
October 3, 2011 by Dissent
Tim Hull reports:
A federal law that protects the privacy of emails and other electronic communications extends to foreign nationals, the 9th Circuit ruled Monday, allowing Microsoft to protect the emails of an Indian citizen accused of fraud in Australia.
Read more on Courthouse News.
What’s particularly nice about this case is that it was Microsoft that made the motion to quash. I love it when businesses try to protect consumer’s privacy – in this case, by asserting that ECPA protected the privacy of noncitizens as well as citizens.

The parallel with the beeper is that someone has to actually follow the beeps – very similar to following the car. With GPS, you bug the car and go have coffee while it records everything.
Privacy advocates’ amicus brief in United States v. Jones
October 3, 2011 by Dissent
CDT has uploaded the amicus brief filed by itself, EFF, Matt Blaze, Andrew J. Blumberg, Roger L. Easton, and Norman M. Sadeh in United States v. Jones, a case that asks whether a warrant is required under the Fourth Amendment to attach a GPS device to a vehicle.
You can read the brief here. As I understand it, there seems to be two main arguments in their brief: (1) that GPS is not equivalent to beeper technology, which simply augments an officer’s sensory capabilities; and (2) the massive amounts of detailed information compiled automatically by GPS systems violates the public’s sense of still having some reasonable expectation of privacy in public.
Briefs, documents, and more background on the case can be found on SCOTUSblog.

Should all these questions be addressed before using the technology? (I'd say no.)
With Shooting Caught On Officer’s “Chest-Cam,” Tech Precedent To Be Set
The rising number of cameras recording activity on the street and on the job makes for an interesting new set of problems. I examined a few in my Surveillant Society post, and one has just emerged that could set a serious precedent for the application of tech in criminal cases.
On September 25, an Oakland police officer pulled over a car and the suspect got out and fled. The officer chased him, and during a struggle the suspect was shot and killed.
… It would be another sadly typical escalation with a lethal end, except that the officer in question had at some point flipped on his “chest-cam,” a relatively recent development in policing where a Flip-type pocket cam (in this case a Vievu model) is attached to the uniform and turned on under certain circumstances. The presence of this camera is leading to a few potentially major legal questions given the stakes of the case
First, when are officers required to activate the camera?
Second, how is the footage handled?
Can the officer in question view the footage before giving a statement?
At what level should this kind of tech decision be legislated?

It's not lying, it's enhancing the truth!
"Torrent Freak has an interesting interview with a former private investigator who was hired to track people who pirated software and movies. He relates some of the tactics used to make evidence more appealing to police, the media and lawmakers. He said, 'We discussed the formula for extrapolating the potential street value earnings of "laboratories" and we were instructed to count all blank discs in our seizure figures as if they were potential product. Mr. Gane also explained that the increased loss approximation figures were derived from all forms of impacts on decreasing cinema patronage right through to the farmer who grows the corn for popping.' Regarding the head of AFACT, the article notes, 'Gane understood that the media was an essential tool towards AFACT's goal of getting tougher copyright legislation in place. And for this purpose, it was a good idea to bend the truth a bit.'"

This could be a serious pain in the posterior..
"The Patent Examiner blog has the incredible story of Innovatio IP, a patent troll that recently acquired a portfolio of patents that its lawyers (what, you think there are any employees?) appear to believe cover pretty much any Wi-Fi implementation. They've been suing coffee shops, grocery stores, restaurants and hotels first — including Caribou Coffee, Cosi, Panera Bread Co, certain Marriotts, Best Westerns, Comfort Inns and more. ... The lawyer representing the company, Matthew McAndrews, seems to imply that the company believes the patents cover everyone who has a home Wi-Fi setup, but they don't plan to go after such folks right now, for 'strategic' reasons."

Isn't this covered in “Economics for Politicians who want to Do Something?”
Minimum wage harming job opportunities for young

The latest “convergence” makes Cable TV vulnerable... (Remember the IBM ad that claimed every song by every artist would be available on demand? Extend that to any media...)
Google paying $100 million for YouTube content, report says
Google is taking aim at the cable industry by putting up $100 million to develop original content for dozens of new YouTube channels, according to a Wall Street Journal report.
… The report comes as competition heats up for consumers' entertainment dollars. Amazon and Dish Network recently announced forays into streaming content to challenge Netflix, which has been experiencing a subscriber backlash after a price increase in its DVD-and-streaming plan.
As part of its Kindle Fire unveiling last week, Amazon announced it was bundling its new tablet computer with a free one-month subscription to Amazon Prime, which gives customers access to more than 11,000 movies and TV shows for $79 a year. The week before, Dish unveiled the "Blockbuster Movie Pass," a bundle of services that offers streaming video and discs and games by mail to existing customers for $10 a month.

The future is so yesterday...
INFOGRAPHIC: Got The Internet? Then Never Leave Home Again
Our infographic today comes from College At Home and shows all the different things you can do online which allows you to never leave your home.

Monday, October 03, 2011

It's one of those days when nothing interesting is happening so everyone starts philosophizing...

We only need to regulate the parts that screw with life, liberty and the pursuit of happiness...
Are We Too Hung Up on Privacy?
October 3, 2011 by Dissent
L. Gordon Crovitz discusses Jeff Jarvis’s book, Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live, on WSJ. He writes, in part:
Congress is considering several privacy bills. But Mr. Jarvis calls it a “dire mistake to regulate and limit this new technology before we even know what it can do.”
Privacy is notoriously difficult to define legally. Mr. Jarvis says we should think about privacy as a matter of ethics instead. We should respect what others intend to keep private, but publicness reflects the choices “made by the creator of one’s own information.” The balance between privacy and publicness will differ from person to person in ways that laws applying to all can’t capture.
Ethics? We saw how well relying on ethics and lack of regulation worked out with Wall Street, didn’t we?
Just as some rights are so near and dear to us that they have constitutional or statutory protection, so too, should the right to privacy have such protections. Hoping that people will respect others’ choices and wishes is just cockeyed optimism.

Is this not public information for the most part? Does FERPA make public information private? Perhaps we skip the email, perhaps not – it is the school's system...
It’s for the children, Sunday edition
October 2, 2011 by Dissent
Michael Morris, a lieutenant with the University Police at California State University-Channel Islands, argues for data mining student activity and accounts to predict – and hopefully prevent – violence or other serious problems. He writes, in part:
Many campuses across the country and most in California provide each student with an e-mail address, personal access to the university’s network, free use of campus computers, and wired and wireless Internet access for their Web-connected devices. Students use these campus resources for conducting research, communicating with others, and for other personal activities on the Internet, including social networking. University officials could potentially mine data from their students and analyze them, since the data are already under their control. The analysis could then be screened to predict behavior to identify when a student’s online activities tend to indicate a threat to the campus.
Seriously, Michael? Just because companies and others already data mine publicly available information or services like Gmail include targeted advertising based on email contents, that makes it okay for colleges – academia – the sanctuary of intellectual and private thought – to data mine?
This may be one of the worst ideas I’ve read all month.
You can read his full opinion piece on Chronicle of Higher Education.
[From the article:
Although university administrators may resist the idea of passive behavioral surveillance of the campus community because of privacy considerations, the truth is that society has been systematically forfeiting its rights to online privacy over the past several years through the continued and increased use of services on the Internet. Social-networking sites and search engines store and divulge personal information accessible to the world each day, yet people continue to use them in increasing numbers.

Something to look forward to...
"10 public-interest groups have asked the Federal Trade Commission to investigate Facebook's various business practices. This demand comes right after two similar ones this week: two U.S. congressmen asked the FTC to investigate how Facebook's cookies behave, and Ireland's Data Protection Commissioner has agreed to conduct a privacy audit of Facebook. Given that the social network's international headquarters is in Dublin, the latter is the more serious one as the large majority of the site's users could be affected."

Perhaps they will come up with a useful idea?
Pro Bono Help for Non-profits with Data Privacy Concerns
October 3, 2011 by Dissent
From Building a Smarter Planet:
To paraphrase Margaret Mead, progress that matters is usually set in motion by a handful of committed people possessed by a great idea and the will to pursue it.
In that vein, this summer a small team of privacy professionals coalesced around a promising idea–providing non-profit organizations with free legal advice on responsible and pragmatic practices for protecting individual privacy and data security.
Our work led to this month’s pilot launch of the Pro Bono Privacy Initiative, under which over a dozen professionals are engaging with a handful of human services agencies, helping them to navigate mission-critical privacy and data protection considerations.

For my Ethical Hackers working on the “Your phone, my information” project.
HTC Android handsets spew private data to ANY app
October 3, 2011 by Dissent
Bill Ray writes:
A data logger pushed out by HTC to Android handsets has opened up a vulnerability allowing any app with internet permissions to access private customer information.
The vulnerability was spotted by Trevor Eckhart, who informed HTC about it and waited five days for a response. Following that he decided to go public and gave Android Police the details along with demonstration code and a video showing how an application that is supposed to see almost nothing can now see almost everything.
Read more on The Register.

"Russian security software vendor Elcomsoft has released an app that it claims can determine BlackBerry handheld passwords. The software supposedly hacks the BlackBerry password via an advanced handheld security setting that's meant to encrypt data stored on a user's memory card. And a hacker doesn't even need to have the BlackBerry to determine a password, just the media card."

US v. Canada? If it's made public (published) can it be made not public by the “Terms of Use” contract.
"A trial judgment from British Columbia, Canada, found that Zoocasa, a real estate search site operated by Rogers Communications, breached copyright by scraping real estate listings and photos from Century 21 Canada. The decision thoroughly reviews the issues of website scraping, Terms of Use, 'Shrink Wrap' and 'Click Wrap' Agreements, robots.txt files, and copyright implications of hyperlinking. For American readers used to multi-million dollar damages, the court here awarded $1,000 (one thousand dollars) for breach of the Century 21 website's Terms of Use, and statutory copyright damages totalling $32,000 ($250 per infringing real estate photo). More analysis at Michael Geist's blog, and the Globe & Mail."
[The Globe sums it up nicely:
Click, you’ve just opened a Web page. And according to a recent B.C. Supreme Court decision, you’ve also just signed a contract.

Apple to sell 107 million iPhones in 2012, analyst says
… In a recent note to investors, Janney Capital Markets analyst Bill Choi wrote, according to All Things Digital, which obtained a copy of the letter, that Apple will ship 84 million smartphone units this year alone. Next year, iPhone shipments will reach as high as 107 million units, Choi said, according to All Things Digital.

Google Says 1/3 Of Search Ads Are Now ‘Enhanced’, Launches New Formats
Remember when Google search ads used to be three lines of text? Nowadays, says Google in a new blog post, roughly one-third of searches with ads show an enhanced ad format (featuring video preview windows, prices, images, specific links on a given Web page, recommendations from your friends and whatnot).
… Google has already gone live with a dedicated promotion website to tout enhanced search ads, and published a series of videos that should help advertisers understand what they’re all about.
They also talk numbers, such as:
- Every day there are more than a billion searches on Google. (source: Google)
- Since 2003, Google has answered 450 billion new unique queries. (source: Google)
- The +1 button is being served 2.3 billion times a day all over the web. (source: Google)
- The average query response time is roughly a quarter of a second. (source: Google)
- More than 20% of searches on Google on a desktop are related to location. On mobile, it‘s about 40%. (source: Google)
- People drive more than 12 billion miles a year with Google Maps Navigation. (source: Google)
  • Every query has to travel on average 1,500 miles to get back to the user. (source: Google)
    - More than half our searches come from outside the U.S. (source: Google)
    - We’ve never seen 16% of the queries we see every day. (source: Google) [Now that is interesting! Bob]