- The Atlantic Council: The New US “Blueprint” for National Cyber Security
Saturday, December 17, 2011
That “something is fishy” feeling still remains. If use of Carrier-IQ software is entirely legitimate and beneficial, how come everyone is backing away form them? “We no longer need to know why our phones are failing?”
Sprint disables Carrier IQ software on its handsets
December 16, 2011 by Dissent
Jaikumar Vijayan reports:
Sprint, the biggest user of Carrier IQ’s software, said Friday it has disabled use of the tool in response to customer concerns.
The wireless carrier is no longer collecting data using the tool and is evaluating its options regarding the software going forward, the company said in an emailed statement.
Read more on Computerworld.
An anonymous reader writes with a report that Sprint, in an attempt to extricate itself from the Carrier IQ drama, has "ordered that all of their hardware partners remove the Carrier IQ software from Sprint devices as soon as possible." Sprint confirmed that they've disabled the use of Carrier IQ on their end, saying, "diagnostic information and data is no longer being collected." The software is currently installed on roughly 26 million Sprint phones, though the company has only been collecting data from 1.3 million of them.
The law is changing for the better?
(update) Michaels Stores Still PINned beneath Payment Card Skimming Lawsuit
December 16, 2011 by admin
Ah, I missed a ruling. Thankfully, Brendon Tavelli didn’t. He writes:
In May 2011, Michaels Stores reported that “skimmers” using modified PIN pad devices in eighty Michaels stores across twenty states had gained unauthorized access to customers’ debit and credit card information. Not a pretty picture for Michaels. Lawsuits soon splattered on the specialty arts and crafts retailer, alleging a gallery of claims under the Stored Communications Act (“SCA”), the Illinois Consumer Fraud and Deceptive Business Practices Act (“ICFA”), and for negligence, negligence per se, and breach of implied contract.
Late last month, U.S. District Court Judge Charles Kocoras ruled on Michaels’s motion to dismiss. Some claims were dismissed, but others survived. The opinion presents a broad-brush survey of potential data security breach claims, with some fine detail and local color particular to this variety of criminal data security breach.
Read more on Proskauer Privacy Law Blog.
[From the article:
PIN pads aren’t a communications service under the SCA.
In dispensing with those claims that plaintiffs “artfully tailor[ed]” to the language of the SCA, the court ruled that Michaels’ provision of PIN pads enabling consumers to pay by credit or debit card did not amount to the provision of “electronic communications services” or “remote computing services” as contemplated by the SCA. According to the court, the plaintiffs failed to allege either that Michaels provided the underlying service that transported consumer credit and debit card data or that Michaels provided any off-site computer storage or processing services. Thus, the plaintiffs’ SCA claims failed.
Michaels didn’t deceive, but it may have been unfair.
The court next considered the plaintiffs’ claims under Illinois consumer law. The plaintiffs alleged that Michaels committed both a deceptive and an unfair trade practice by failing to take proper measures to secure access to PIN pad data.
The court rejected the plaintiffs’ deception theory because the plaintiffs failed to identify any communication by Michaels that contained a deceptive misrepresentation or omission. But the court went the other way on plaintiffs’ unfair trade practice claim, in part because Michaels is alleged to have failed to implement PCI PIN Security Requirements that might have thwarted the skimmers.
Lastly, relying on the First Circuit’s “persuasive” reasoning in Anderson v. Hannaford Bros., 2011 WL 5007175 (1st Cir. Oct. 20, 2011), see our Anderson blog post, the court concluded that the plaintiffs’ allegations “demonstrate the existence of an implicit contractual relationship between Plaintiffs and Michaels, which obligated Michaels to take reasonable measures to protect Plaintiffs’ financial information and notify Plaintiffs of a security breach within a reasonable amount of time.”
Local, unfortunately. Doesn't everyone already have the lyrics memorized?
'Internet is for Porn' pops up during House SOPA debate
A two-day debate in the House Judiciary committee--which has been postponed until at least next Wednesday and perhaps until 2012--was interrupted by the appearance of the popular meme "The Internet is for Porn."
Rep. Jared Polis, a Colorado Democrat who presumably knows his way around the Internet better than any other member of Congress (he founded BlueMountainArts.com), was the committee member who decided to bring up the prevalence of online porn. (See CNET's Q&A with Polis earlier this week.)
A "high percentage" of the Internet's use is for porn, Polis said. It's "a pornographer's wet dream!"
Polis then offered an amendment that would stop the Justice Department from using SOPA's vast powers to aid adult industry businesses who happen to hold valid copyrights. "Pornography should not be the focus of the attorney general's protection," he said.
It was a brilliant tactical maneuver. First, it delayed discussions while members of the august Judiciary committee wrangled with how to handle this unusual conversational detour. Second, it put SOPA-supporting chairman Lamar Smith, a conservative Republican whose district is largely Texas Hill Country, on the defensive by appearing to show him siding with the intellectual-property rights of people who create triple-X movies.
… Polis, whose district includes the progressive enclave of Boulder, Colo., presumably wasn't too serious in offering his antiporn amendment (PDF),
The future, the present or the past?
"As the price of digital storage drops and the technology to tap electronic communication improves, authoritarian governments will soon be able to perform retroactive surveillance on anyone within their borders, according to a Brookings Institute report. These regimes will store every phone call, instant message, email, social media interaction, text message, movements of people and vehicles and public surveillance video and mine it at their leisure, according to 'Recording Everything: Digital Storage as an Enabler of Authoritarian Government,' written by John Villaseno, a senior fellow at Brookings and a professor of electrical engineering at UCLA."
Always interesting to see what the government thinks it's doing..
December 15, 2011
Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise
"The Blueprint for a Secure Cyber Future builds on the Department of Homeland Security Quadrennial Homeland Security Review Report’s strategic framework by providing a clear path to create a safe, secure, and resilient cyber environment for the homeland security enterprise. With this guide, stakeholders at all levels of government, the private sector, and our international partners can work together to develop the cybersecurity capabilities that are key to our economy, national security, and public health and safety. The Blueprint describes two areas of action: Protecting our Critical Information Infrastructure Today and Building a Stronger Cyber Ecosystem for Tomorrow. The Blueprint is designed to protect our most vital systems and assets and, over time, drive fundamental change in the way people and devices work together to secure cyberspace. The integration of privacy and civil liberties protections into the Department’s cybersecurity activities is fundamental to safeguarding and securing cyberspace."
[From the Atlantic Council article:
However, for many years, the United States government has been unsuccessfully trying to defeat cyber criminals, balance security and privacy, and create a secure cyberspace. As noted by the Government Accountability Office, the department has had problems executing this mission and it is not clear that this Blueprint and its recently released brethren will be sufficient to pull us out of this long dive.
(Related) Haven't we seen this before?
Governmental Tracking of Cell Phones and Vehicles: The Confluence of Privacy, Technology, and Law
December 16, 2011 16:04 Source: Congressional Research Service
From the summary:
This report will briefly survey Fourth Amendment law as it pertains to the government's tracking programs. It will then summarize federal electronic surveillance statutes and the case law surrounding cell phone location tracking. Next, the report will describe the GPS-vehicle tracking cases and review the pending Supreme Court GPS tracking case, United States v. Jones. Finally, the report will summarize the geolocation and electronic surveillance legislation introduced in the 112th Congress.
Direct link to full report (PDF; 341 KB)
Not the first time that the Copyright army has overstepped the actual ruling. No one bothers to see what the courts actually ruled? No simple way to preempt these lawsuits?
"The Belgian Anti-Piracy Federation (BAF), has been threatening ISPs into expanding their blockade of thepiratebay. Recently they have been sending threatening letters to various other ISPs which were not involved with the original judgment to block thepiratebay. The letter 'kindly requests' that all ISPs voluntarily block thepiratebay, or BAF will bring legal action against them. The ISP BASE has succumbed to these legal threats. Also, many of the same Belgian ISPs have taken it one step further and also blocked the DNS for depiraatbaai.be. depiraatbaai.be was setup by thepiratebay as an alternative domain which directs users to the piratebay's servers to circumvent DNS censorship. For those who can't wait for The Pirate Bay to set up new alternative domains, a full working mirror of the site still exists at malaysiabay.org, which was originally set up to circumvent the piratebay block in Malaysia."
It beats IE8, but not all versions taken together... (Is that why Microsoft is going to force updates? So they can consolidate all their versions and remain on top?)
December 16, 2011
Reports that Google Chrome Overtakes IE 8 in Global Market
Technolog: "Ireland-based StatCounter — which posts Web analytics based on aggregate data it collects from a sample exceeding 15 billion pageviews per month (including 4 billion in the U.S.), collected from the StatCounter network of more than 3 million websites — released a statement about Chrome 15's ascension, humbling the initial enthusiasm of any Google devotee when it also made it clear that in the U.S., reports of IE's demise are still premature. According to StatCounter, it was still able to capture 27 percent of browser action last week, compared to 18.1 percent for Chrome 15."
The Rise of The Digital Doctor
For my Ethical Hackers...
… While we all trust antivirus software and anti-malware programs like IOBit or MalwareBytes to identify those nasty varmints, the truth is that sometimes things slip through the cracks.
Luckily, there is a new tool you can use to manually go through and clean up those evil processes.
The bottom line is that any malware is typically meant to run in some form on your PC, and somehow transmit information into or out of your computer via the Internet.
A very simple utility called CloseTheDoor lets you probe into the processes that are running on your computer, and analyze those processes at a level that usually requires a professional. The reason you can do this is because CloseTheDoor makes the analysis very simple and logical, putting all of the tools you need in one place.
Worth a read...
100 Excellent Hints and Tips for every Computer User
Dilbert shows how Smartphones will subjugate humans...
Friday, December 16, 2011
Normally, the Auditors would run their checklist before products are released with “features” engineers haven't considered.
"The much-hyped payment application from Google on Android has been examined by viaForensics and appears to store some cardholder data in plaintext. Google wallet is the first real payment system to use NFC on Android. Version 2 of the PCI DSS (the current standard) mandates the encryption of transmitted cardholder data encourages strong encryption for its storage. viaForensics suggest that the data stored in plain text might be sufficient to allow social engineering to obtain a credit card number."
Stolen iPhone? Your iMessages May Still Be Going To The Wrong Place
Some unlucky iPhone owners are beginning to discover that, despite their best efforts to remove all information from their stolen phones, thieves and unsuspecting buyers are still able to send and receive iMessages as the original owner — even after the device is registered under a new account. Almost nothing seems to work — remote wiping, changing Apple ID passwords, or even moving the old phone number to a new phone — and users are becoming more than frustrated that thieves are so easily able to pose as them.
Wait, don't tell me! Elections are coming? Have any of these folks had a Privacy Pulse ever before?
Obama fills vacancies on independent privacy board
December 16, 2011 by Dissent
Jim McElhatton reports:
President Obama has named two lawyers and a former federal judge to an independent privacy board recommended by the 9/11 Commission that has sat dormant for years under he and President George W. Bush.
The nominations Thursday fill out the five-member Privacy and Civil Liberties Oversight Board, where vacancies have left the panel unable to meet for years.
The Washington Times reported on the vacancies in August. At the time, the White House declined to say why the board had languished so long even as critics openly called on Mr. Obama to fill the seats.
The appointments Tuesday were David Medine, a partner at the WilmerHale law firm specializing in privacy and data security; Rachel Brand, chief counsel for regulatory litigation at the Chamber of Commerce; and Patricia Wald, who served for 20 years on the U.S. Court of Appeals for D.C.
The president previously nominated James Dempsey, vice president of public policy at the Center for Democracy and Technology, and Elisebeth Collins Cook, a lawyer who worked for the Justice Department in the Bush Administration.
Read more on The Washington Times.
Okay, well, I wish he’d named someone from EFF, EPIC, or the ACLU – or former Senator Russ Feingold – as this panel sounds a bit too business/govt-friendly for my taste, but time will tell. In the meantime, best of luck to the new panel and get busy – our privacy is under siege.
Anyone want a drone? I'm NOT suggesting that my Ethical Hackers are taking orders, but we are curious about the hardware and software they use...
"Following up on the earlier Slashdot story, the Christian Science Monitor now reports that GPS spoofing was used to get the RQ-170 Sentinel Drone to land in Iran. According to an Iranian engineer quoted in the article, 'By putting noise [jamming] on the communications, you force the bird into autopilot. [You block the remote piloting signals Bob] This is where the bird loses its brain.' Apparently, once it loses its brain, the bird relies on GPS signals to get home. By spoofing GPS, Iranian engineers were able to get the drone to 'land on its own where we wanted it to, without having to crack the remote-control signals and communications.'" [This suggests they know exactly where the Drone is supposed to land... Bob]
What could JPMorgan do with all that computer time it saves? Offer other banks access to their computers – sort of a calculation outsourcing option. This is also an illustration of the type of computing that should thrive in the cloud.
"JP Morgan is expanding its use of dataflow supercomputers to speed up more of its fixed income trading operations. Earlier this year, the bank revealed how it reduced the time it took to run an end-of-day risk calculation from eight hours down to just 238 seconds. The new dataflow supercomputer, where the computer chips are tailored to perform specific, bespoke tasks (as explained in this Wall Street Journal article) — will be equivalent to more than 12,000 conventional x86 cores, providing 128 Teraflops of performance."
Go where your customers are. Eventually, there will be Cloud all over the globe.
Amazon Opens Data Center in Brazil
Amazon is opening a data center in Sao Paulo, Brazil, its first in South America. The facility will provide the region with quicker access to the company’s Amazon Web Services, an “infrastructure cloud” that serves up various computing resources, including processing power and storage.
Amazon data centers already serve four regions in the U.S. and three others in Europe and Asia. AWS can be accessed from anywhere, but it helps to have a data center in your backyard.
(Related) Go where the raw materials (smart people) are.
Apple to Set up R&D Center in Israel,The First Ever Outside California
This will really upset some IT shops, but they may be able to filter it out... (The comments don't reflect much concern)
"Microsoft will be upgrading all Windows XP, Vista and 7 users to the latest IE silently. They are doing this because they have found a large number of non-patched systems. Microsoft pointed out that Chrome and Firefox do this regularly. They will start with Australia and Brazil in January, then go world-wide after they have assured there are no issues."
This is not new, but interesting to see it move under its own power.
"Commercial satellite company DigitalGlobe Inc. has announced that it has an image of the People's Republic of China's first functional aircraft carrier, taken during the carrier's first sea trials in the Yellow Sea. The carrier was originally meant for the Soviet navy, but its construction was halted as the Soviet Union collapsed in 1991 and engineers in the Ukraine disarmed it and removed its engines before selling it to China in 1998 for $20 million. The vessel, an Admiral Kuznetsov class aircraft carrier measuring 304.5 meters long, and having a displacement of 58,500 tons, has been refitted for research and training in China. The Ministry of National Defense says the steam-powered aircraft carrier has completed all refitting and testing work as scheduled after its first sea trial in mid-August, and was heading back out to sea for additional scientific research and experiments. According to Andrew S. Erickson at the US Naval War College, China's long term strategic dilemma is whether to focus on large-deck aviation or on submarines (PDF)."
[This earlier image shows it with a few planes on its deck. No doubt training the troops...
[Not quite as many planes as the Nimitz carries...
New “Android Training” Program Helps Developers Make Better Apps
… The team has just recently rolled out a new beta initiative called Android Training, which as you may be able to tell from the name, is meant to teach developers how to create better apps.
Because backups are important!
… Enter Redo Backup, a user-friendly live CD that makes cloning or restoring your entire drive simple. Tell the program where you’d like your cloned drive to be and you’re pretty much set.
… While taking full backups of your entire system is important, you may want to more frequently back up really important directories or files.
… Microsoft SyncToy is a free tool that lets you “pair” up folders for either an echo clone or full synchronization. I’ll explain the difference below. However, the point here is that before you can automate the directory and file backups, you need to set up all of the areas you want to copy and where you want the archived copy to go.
One of the Blogs I read daily won an EduBlog Award.
Thursday, December 15, 2011
Last night the 2011 Edublog Awards were given out. This year Free Technology for Teachers won in the Best Ed Tech Blog category.
(Related) Find one for yourself!
Thursday, December 15, 2011
Whether you agree or disagree with giving out awards for blogging, the Edublog Awards are a good way to discover some excellent new-to-you blogs to add to your RSS reader.
Thursday, December 15, 2011
It is possible no one violated the law. This kerfuffle is entirely due to a failure to notify users about data capture. NOTE: Certain Computer Law experts (you know who you are) should not take this article as justification for remaining technological neanderthals...
You don’t have to be tech-savvy to recognize the perils
December 14, 2011 by Dissent
Criminal defense attorney Scott Greenfield has an interesting commentary on revelations that the FBI may be availing itself of some of Carrier IQ’s “features” that its customers may be deploying:
… this doesn’t mean they already have their hands on your text messages, or even that there’s any cooperation on the part of Carrier IQ. Indeed, there may be a passel of issues surrounding any effort to gain access to every keystroke you ever tapped on your smartphone, though it would appear that since it’s in the hands of a third party, no Fourth Amendment right attaches. On the other hand, since no one knew this was happening, and it came as a huge, and scandalous surprise to the public, a court should be hard pressed to conclude that it passes scrutiny under Katz’s reasonable expectation of privacy test.
But now you do know. And so does the FBI. And as long as you continue to tap, tap, tap on that cute little qwerty keyboard, you can’t deny you took the risk of exposure to the government by Carrier IQ.
We’re inundated with the magic of technology, making our world easier, faster and perpetually more fabulous. Those who adore technology gush over every shiny new toy. And to a large extent, the toys are great fun and occasionally useful. But nobody wants to be serious about the perils. And there is no shortage of perils.
My deep understanding of all things technical precludes me from discussing the potential of evils that could stem from this rootkit. I don’t even know what a rootkit is. But I know too well that the government will have no qualms about using it to their advantage if they can get their hands on it.
By the time a court rules that some technology I’ve never heard of is so common and pervasive that no reasonable person could expect privacy, the cutting edge is already a thousand light years ahead of it. [I'm gonna have that printed on a T-shirt! Bob] I learn about it via some of the more technologically astute (and, naturally, younger) lawyers, like Keith Lee, but so does the government. If there’s data to be mined, they’ve got their pith helmets at the ready.
So enjoy those new, shiny toys. Tap to your heart’s content. Hang in the clouds. Eventually, we’ll find out whether you had some unexpected company with you, and by the time it reaches a circuit court and a decision is made about how unreasonable you were to expect that your private, personal communications and messages would remain private, it will be too late to worry about it. By then, you will be informed that everyone knows that there’s no privacy in the technological, digital, shiny toy world. But by then, it will be too late to worry about it.
I couldn’t agree with Scott more, which is why I have always been something of a technological dinosaur. Maybe it’s a genetic thing. My dad used to buy new clothes but then let them age in his closet for at least a few years before he’d wear them. I was never sure why he did it, but I seem to have inherited the reluctance to rush into new things. I wait years to see if something is really safe or valuable to use and I still use a Palm Pilot because I don’t like the idea of my patient scheduling calendar being up in some cloud where others might be able to access it. My new devices come with BlueTooth but I have no idea what I want to do with that. By the time I figure it out, BlueTooth will probably be passé.
On a positive note, I avoid all the weekly Facebook privacy worries by having had the foresight to never create a profile on most social media platforms (Twitter is the exception and there, I use a #noloc app to keep my tweets out of the Library of Congress).
Games? Apps? They sound great – and often free – but as I learned as a health care professional decades ago, there’s no such thing as a free lunch. And if the price of lunch is the government amassing tons of data on me without judicial oversight, well, thanks, but no thanks.
(Related) The benefits of a superior education system?
"Reuters reports that a quarter of the EU has yet to use the internet. Further, half of those in some of the southern and western states do not even have internet access at home. From the article: 'As well as highlighting geographic disparities across one of the world's most-developed regions, the figures underline the lack of opportunity people in poorer communities have to take part in advances such as the Internet that have delivered lower cost goods and service to millions of people.' The full report created by Eurostat can be found here."
...and since every employee has a cellphone camera...
I can just picture it….
December 14, 2011 by admin
Why risk getting caught downloading customer data when you can just take pictures of it?
Trilegiant Corporation in Stamford, Connecticut recently notified the New Hampshire Attorney General’s Office that a call center vendor’s employee had been caught taking screen shots of customer data (names and debit or credit card numbers) with his phone camera.
The police are reportedly investigating and the firm is offering affected customers some free credit monitoring services.
Ironically, perhaps, Trilegiant describes itself as the “premier membership-based provider of travel, shopping, health, dental, entertainment, and consumer protection services.” [Hey! They caught the guy, didn't they? Bob]
What are we saying here? China's hackers rule? US security sucks? (Are we bragging or complaining?)
"Chinese-based hacking of 760 different corporations reflects a growing, undeclared cyber war. From giants like Intel and Google to unknowns like iBahn, the Chinese hackers are accused of stealing everything isn't nailed down. Simply put, it is easier and cheaper to steal rather than develop the legal way. China has consistently denied it has any responsibility for hacking that originated from servers on its soil, but — based on what is known of attacks from China, Russia and other countries — a declassified estimate of the value of the blueprints, chemical formulas and other material stolen from U.S. corporate computers in the last year reached almost $500 billion"
Interesting applications for facial recognition tech...
Across the Web and around the world, your face is being detected and recognized. Here are 6 of the more prominent examples.
Dude! I was hanging with Bill Gates and Warren Buffet the other day and they kept bugging me for loans. Bummer dude!
"Betabeat's Adrianne Jeffries takes a look at the questionable young science of using social media to evaluate creditworthiness. As banks start nosing around Facebook and Twitter, Jeffries explains, the wrong friends might just sink your credit. 'Let's take a trip with the Ghost of Christmas Future,' she suggests. 'The year is 2016, and George Bailey, a former banker, now a part-time consultant, is looking for a 30-year fixed-rate mortgage for a co-op in the super-hot neighborhood of Bedford Falls (BeFa). He has never missed a loan payment and has zero credit card debt. He submits his information to the online-only PotterBank.com, but halfway through the application process, the website asks for his Facebook login. Then his Twitter. Then LinkedIn. The cartoon loan officer avatar begins to frown as the algorithm discovers Mr. Bailey's taxi-driving buddy Ernie was once turned down by PotterBank for a loan; then it starts browsing his daughter Zuzu's photo album, 'Saturday Nite!' And what was this tweet from a few years back: "FML, about to jump off a goddamn bridge"?' So, could George piggyback his way to a better credit score by adding Larry and Sergey to his Google+ Circles?"
Not coincidence, but not clear what it really is...
Ca: Insider breach at Insurance Corporation of British Columbia linked to shootings, arson
December 14, 2011 by admin
This sounds like it might qualify as one of the worst – if not, THE worst – insider breach of 2011.
When people affiliated with the Justice Institute of British Columbia starting seeing their homes shot at or set on fire, the RCMP began an intensive investigation.
That probe has now culminated in the firing of an Insurance Corporation of British Columbia (ICBC) employee who accessed information on dozens of people, including 13 people victimized by the shooting/arson incidents, RCMP said Wednesday.
“We can now state the investigation revealed a link to an ICBC employee, who allegedly accessed personal information of 65 individuals, including the 13 identified victims,” Chief Supt. Janice Armstrong of the Lower Mainland District Regional Police Service said in a statement. “That employee, along with other individuals, is under continued police investigation.”
Read more on Vancouver Sun.
The coverage doesn’t discuss what the employee’s motivation may have been, but QMI Agency reports that none of the victims, all of whom were students associated with the college, were harmed or appear to have been involved in criminal activity.
The Justice Institute of British Columbia provides training programs for the public safety sector as well as programs in community and social justice and health sciences. It is not clear which program the 13 victims or the other 52 individuals whose were accessed are enrolled in. Nor is it confirmed that the other 52 individuals are all affiliated with JIBC.
JIBC issued a statement on their web site today, but like the RCMP’s press statement, it offers no clue as to why an employee of ICBC would be involved in any attacks or arson. Nor is there any indication whether the employee accessed the information and passed it on to other(s) or used the information directly. None of the shootings or arsons occurred on JIBC campuses.
CKNW quotes Sergeant Peter Thiessen of the RCMP as saying:
“I’m not in a position to share what we believe some possible motives may have been. But we are looking at number of different scenarios.”
Thiessen says that ICBC employee and other people are under continued police investigation.
In theory, multiple (many, many) phones working together could broadcast HDTV images – but very few homes in the US still have the ability to receive them.
U.S.-Funded Internet Liberation Project Finds Perfect Test Site: Occupy D.C.
… If he has his way, Meinrath’s project will lead to low-cost, easy-to-use wireless connections around the globe, all lashed together in mesh that can withstand the whims of dictators willing to pull the plug on the internet to quash dissent. He and a team of software engineers are developing open-source software to turn cheap wireless access points and Android smartphones into nodes on the network, which could then be used by dissidents to evade censorship and to spread low-cost connections everywhere around the world. Proponents of the plan include the U.S. State Department, which has given Meinrath a $2 million grant to develop the code.
I'd be happy if we could agree not to arm them with Hellfire missiles.
Civil liberties group calls for privacy protections involving domestic drones
December 15, 2011 by Dissent
Jim Barnett reports:
A leading organization advocating individual rights is recommending new rules and limits to protect the privacy of Americans in advance of expected expanded use of domestic drones by police and other law enforcement agencies.
In a report released Thursday, the American Civil Liberties Union recommends drones not be deployed indiscriminately unless there are grounds to believe the unmanned aerial planes will collect evidence about a specific crime, adding government power “needs to be subject to checks and balances.”
Read more on CNN.
Related: ACLU’s press release and their report, Protecting Privacy From Aerial Surveillance: Recommendations for Government Use of Drone Aircraft
Here's a thought: Let's start the patent process on every Science Fiction idea that seems to be even vaguely technically feasible in the next 50 years.
"On Tuesday, Google was awarded U.S. Patent No. 8,078,349 for methods and devices for Transitioning a Mixed-mode Autonomous Vehicle from a Human Driven Mode to an Autonomously Driven Mode. From the fast-tracked patent application, which was filed last May and kept under wraps at Google's request: 'The autonomous vehicle may be used as a virtual tour guide of Millennium Park in Chicago. In the example embodiment, the vehicle may have an instruction to drive to the Cloud Gate (Silver Bean) sculpture at Millennium Park. When the vehicle arrives, the autonomous instruction may tell it to wait in the location for a predetermined amount of time, for example 5 minutes. The instruction may then direct the vehicle to drive to the Crown Fountain at Millennium Park and again wait for 5 minutes. Next, the instruction may tell the vehicle to drive to the Ice Rink at Millennium Park and wait for another predetermined amount of time. Finally, the vehicle instruction may tell the vehicle to return to its starting position.'"
Has a “Best Seller” list ever been about anything other than what sells best? It's not even a popularity contest – no free books made the list.
"Amazon's released their list of 2011's best-selling books, revealing that 40% of the best-selling ebooks didn't even make it onto their list of the best-selling print books. The #1 and #2 best-selling ebooks of the year weren't even available in print editions, while four of the top 10 best-selling print books didn't make it into the top 100 best-selling ebooks. 'It couldn't be more clear that Kindle owners are choosing their material from an entirely different universe of books,' notes one Kindle site, which points out that five of the best-selling ebooks came from two million-selling ebook authors — Amanda Hocking and John Locke — who are still awaiting the release of their books in print. And five of Amazon's best-selling ebooks were Kindle-only 'Singles,' including a Stephen King short story which actually outsold another King novel that he'd released in both ebook and print formats. And Neal Stephenson's 'Reamde' was Amazon's #99 best-selling print book of 2011, though it didn't even make it onto their list of the 100 best-selling ebooks of the year. 'People who own Kindles are just reading different books than the people who buy printed books,' reports the Kindle site, which adds '2011 may be remembered as the year that hundreds of new voices finally found their audiences.'"
(Related) A unique business model? What would his profit percentage have been if a more traditional DVD version had been released?
"Comedian Louis C.K., real name Louis Szekely, took a major risk by openly selling his latest stand-up special, 'Louis C.K. Live at the Beacon Theater,' for only $5 on his website and refusing to put any DRM restrictions on the video, which made it easily susceptible to pirating and torrenting. Four days later, Louis CK's goodwill experiment has already paid off: The 44-year-old comic now reports making a profit of about $200,000, after banking more than $500,000 in revenue from the online-only sale. The special, which has sold 110,000 copies so far, is only available on Louis CK's website."
For my geeks...
When you really stop to think about it, an Internet browser in its simplest form isn’t really that impressive an application. I mean, yes, the Internet is amazing by anyone’s standards. The concept of linking so many of the world’s computers and mobile devices within this massive network, that is epic. But the concept of transferring a text file with special code in it, and displaying that transferred text onto the computer screen – that’s really not a big deal.
… Using the approach below, you can use Word, Access or Excel to read HTML documents on the web, alter those documents, and then output whatever you want in a new browser window.
For my Math students
I am really getting
tired of having to explain Wolfram Alpha graphs to students. For
some reason, the default in Wolfram Alpha is to graph everything with
imaginary numbers. This results in bizarre-looking graphs and makes
it near-impossible to use Wolfram Alpha as a teaching tool for
undergraduate mathematics, a real shame. Now that Google
has entered the online graphing fray, I have a wary hope that the
programmers at Wolfram Alpha might finally (after two years of
waiting) fix the problem.
Here are a few examples. I’ll show you the graph in Wolfram Alpha, on a TI-84 Plus emulator (TI-SmartView), from Google Search, and from Desmos Graphing Calculator. These are all the “default” looks. Wolfram Alpha consistently shows this confusing imaginary view as the default whenever working with graphs involving variables in radicals.
Quite a list of organizations to research.
A Look At The Organizations That Grabbed $115 Million In Grants From Google In 2011
Now this is truly strange...
Benny Hill Yourself, as the name suggests, is a web based tool that lets you replace Benny Hill with yourself in some of his video sequences. As you can see in the image below, the tool puts your picture on top of his face and then finalizes the video accordingly.
Wednesday, December 14, 2011
Too good at what they do? In “Ye Olde Days” IBM mainframes logged everything that happened on the machine (SMF files) That allowed us to monitor for errors; predict growth of applications; see who accessed what, when, etc.
Carrier IQ Gets Transparent About Its Mobile Monitoring
John Paczkowski has an interview with Carrier IQ CEO Larry Lenhart, and Andrew Coward, the company’s VP of marketing. You can read it on All Things D. Here’s a snippet:
You say your software doesn’t keep a log of location, keylog and SMS information, yet Trevor Eckhart’s video appeared to show that. What was going on there?
Coward: What he was looking at there was an Android log file. And to be blunt, there was information there that shouldn’t have been. In order for Carrier IQ to get information off a device, we work with the manufacturers to deliver that information through an API. That information shouldn’t show up in an Android log file. We don’t read from Android log files; we don’t see Android log files. That info just shouldn’t be there. And, ultimately, what goes in that log file is up to the manufacturer.
So that’s not your log file in the video?
Coward: No. It’s just an Android system log file.
Now don’t you want to read more of the interview?
Related: Understanding Carrier IQ Technology (pdf, Dec. 12, 2011)
When you come late to the party, try and make a big entrance?
"According to this AP report, the National Transportation Safety Board says 'States should ban all driver use of cell phones and other portable electronic devices, except in emergencies.' 'The recommendation, unanimously agreed to by the five-member board, applies to both hands-free and hand-held phones and significantly exceeds any existing state laws restricting texting and cellphone use behind the wheel.' So what about all the cars today that come with built-in computers, navigation, internet capabilities, and cell phones?"
Who says (some) judges don't understand technology? It's the law I'm not sure of...
"A Minnesota man violated a restraining order obtained by his ex-girlfriend by blogging about her mental health and sexual issues, and sending links to posts on the blog to her family, friends, and co-workers. The judge then extended the restraining order by 50 years, ordered the guy never to write about his ex on the Internet and ordered him to delete the blog he created. Even though there was no evidence that what he had written was false, the judge said the ex-girlfriend's 'right to be free from harassment' outweighed the guy's 'right to free speech.' 'I believe it's rare, if not unprecedented, for a court to order an entire blog deleted,' says technology law professor Eric Goldman."
I like the logic! Can it be extended?
PA: Court Denies Defense Motion Seeking To Obtain Plaintiff’s Social Network Information
Attorney Scott Cooper points us to a decision that bucks what seems to be an emerging trend in requiring people to turn over their social media logins to opposing parties in litigation:
Last week, the Court of Common Pleas in Franklin County, Pennsylvania in Arcq v. Fields et al, No. 2008-2430 (Herman J. Franklin Co. Dec. 7, 2011) addressed the issue regarding the discoverability of a Plaintiff’s social network profile and information. After filing a lawsuit as a result of injuries sustained in a car accident, the Plaintiff objected to interrogatories seeking social network information by arguing that the materials are not relevant and the Plaintiff has a reasonable expectation of privacy to such information. The Defendants argued that under other trial court cases, and one from the same court, the information is discoverable.
The trial court finds that there is one glaring difference the present case has from the others, and that is that the request of the Defendants in Arcq is not the result of viewing the public portion of the Plaintiff’s profile.
Read more on InjuryBoard.com.
Scott kindly sent me the opinion, and I was encouraged to see a court deny what appears to me to to have been a fishing expedition. The defendant’s counsel offered no evidence that the plaintiff even had any social media account on any platform. As the court indicated, all the defendant offered was a “belief” that the plaintiff had a MySpace account and a “belief” that the plaintiff might have other accounts on Facebook, etc. A Google search that I conducted turned up no evidence of any James Arcq or Jim Arcq on MySpace, Facebook, or LinkedIn. Maybe that explains the unsupported “belief.”
In any event, I am pleased to see a court distinguish between discovery requests based on public profiles that suggest that there’s more to be uncovered that could be relevant and fishing expeditions that might needlessly intrude on privacy.
What Makes an Expectation of Privacy “Reasonable”? A Response to Chief Justice Roberts
Orin Kerr writes:
During the oral argument a few weeks ago in United States v. Jones, Chief Justice Roberts had some very interesting questions about the Fourth Amendment’s “reasonable expectation of privacy” test. I fear that the Chief Justice’s questions may reflect a common misunderstanding of the test. In this post, I wanted to explain the Chief’s possible error, and explain how I think the reasonable expectation of privacy test is supposed to work.
Read his commentary on The Volokh Conspiracy.
Sounds like they should also have one of those “workplace safety” signs that proclaim “___ days since our last Security Breach!”
UK: Communications providers should log personal data security breaches monthly, Information Commissioner says
December 13, 2011 by admin
The ICO recommends the monthly report in a new section in its guidance on security breach notifications. Public electronic communications service providers must alert it in the event of any security breaches relating to users’ personal data.
The guidance also states that if the breach is of a particularly serious nature, providers need to notify the ICO as soon as possible using a new standard notification form.
Read more on Out-Law.com
I suppose they couldn't wait for International Privacy Day...
EPIC Launches Campaign Urging Public Comment on Facebook Privacy Settlement
December 14, 2011 by Dissent
EPIC launched the “Fix FB Privacy Fail” campaign to encourage the public to support improvements to a settlement between Facebook and the FTC. The settlement follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010 over Facebook’s decision to change its users’ privacy settings in a way that made users’ personal information more widely available to the public and to Facebook’s business partners. Although the proposed settlement is far-reaching, there are several ways in which it could be improved. EPIC has recommended that the FTC require Facebook to restore the privacy settings users had in 2009; give users access to all of the data that Facebook keeps about them; stop making facial recognition profiles without users’ consent; make the results of the government privacy audits public; and stop secretly tracking users across the web. The period for public comment on the proposed settlement ends on December 30. The campaign also allows users to sign on to the petition without using Facebook. For more information, see EPIC: FTC Facebook Settlement
(Related?) Interesting because the article assumes “Big Companies” monitor these media and yet we don't teach classes in how to use any of them!
How to Get Big Companies to Listen to Your Complaint
Go straight to webchat
Share your pain on Facebook
Tweet about it
Make a YouTube video
At one time, this would have been played big by Republicans. I don't think any of the current candidates even remember those days...
In U.S., Fear of Big Government at Near-Record Level
December 13, 2011 19:53 Source: Gallup
From the report:
Americans' concerns about the threat of big government continue to dwarf those about big business and big labor, and by an even larger margin now than in March 2009. The 64% of Americans who say big government will be the biggest threat to the country is just one percentage point shy of the record high, while the 26% who say big business is down from the 32% recorded during the recession. Relatively few name big labor as the greatest threat.
Direct link to full report (HTML)
I'm going to have strong words with my local library!
Silicon Valley Library Lends Google Chromebooks
Tuesday, December 13, 2011
For my Ethical Hackers... Walk-by hacking can pay for your college education! (You didn't hear it here...)
UK: Privacy fears as banks refuse opt out from NFC-enabled cards
Dan Worth reports:
A leading security expert has warned that citizens’ privacy rights may be in danger thanks to the refusal by most high street banks to allow customers to opt out from near-field communication (NFC) enabled bank cards using RFID technology.
Richard Hollis, a director of the not-for-profit Information Systems Audit and Control Association, argued that the lack of choice is of grave concern.
Read more on V3.co.uk. It’s not all banks that are refusing, but yes, if a bank refuses, I’d be concerned, too.
I thought it was too good to pass up...
The FBI Is Using Carrier IQ Information
December 12, 2011 by Dissent
Sam Biddle writes:
Well, I suppose this was inevitable: the FBI, via a Freedom of Information Act request denial, inadvertently admitted to involvement with Carrier IQ. And it won’t say how.
The government transparency wranglers atMuckRock filed for a FOIA release on the FBI’s use of Carrier IQ, and by saying no, they almost said it all:
The material you requested is located in an investigative file which is exempt from disclosure…
Read more on Gizmodo.
In the meantime, I’m still awaiting a response to my FOI request on the U.K.’s Met Police as to whether they’re investigating the use of Carrier IQ there as a violation of R.I.P.A. We’ll see what they day. I should hear back by the end of this month.
For my Data Mining/Data Analytics students... (e-Discovery) Always interesting, this is actually useful outside the world of e-discovery...
Secrets of Search – Part One
Two weeks ago I said I would write a blog revealing the secrets of search experts. I am referring to the few technophiles, lawyers, and scientists in the e-discovery world who specialize in the search for relevant electronic evidence in large chaotic collections of ESI such as email.
An unforgettable paper?
The ‘Right to Be Forgotten’ – Worth Remembering?
December 12, 2011 by Dissent
Jeff Ausloos of EFF has a paper up on SSRN, “The ‘Right to Be Forgotten’ – Worth Remembering?” Here’s the abstract:
In the last few years there has been a lot of buzz around a so-called ‘right to be forgotten.’ Especially in Europe, this catchphrase is heavily debated in the media, in court and by regulators. Since a clear definition has not emerged (yet), the following article will try to raise the veil on this vague concept. The first part will weigh the right’s pros and cons against each other. It will appear that the ‘right to be forgotten’ clearly has merit, but needs better definition to avoid any negative consequences. As such, the right is nothing more than a way to give (back) individuals control over their personal data and make the consent regime more effective. The second part will then evaluate the potential implementation of the right. Measures are required at the normative, economical, technical, as well as legislative level. The article concludes by proposing a ‘right to be forgotten’ that is limited to data-processing situations where the individual has given his or her consent. Combined with a public-interest exception, this should (partially) restore the power balance and allow individuals a more effective control over their personal data.
The paper will be published in Computer Law & Security Review, 2012. You can download it from SSRN, here.
For Your Library or Reference Shelf: New Edition of Information Privacy Law Casebooks
Privay law prof Daniel Solove has updated versions of some his books out. Over on Concurring Opinions, he writes:
The new edition of my casebook, Information Privacy Law (4th edition) (with Paul M. Schwartz) is hot off the presses. And there’s a new edition of my casebook, Privacy, Information, and Technology (3rd edition) (with Paul M. Schwartz). Copies should be sent out to adopters very soon. If you’re interested in adopting the book and are having any difficulties getting a hold of a copy, please let me know.
You also might be interested in my concise guide to privacy law, also with Paul Schwartz, entitled Privacy Law Fundamentals. This short book was published earlier this year. You can order it on Amazon or via IAPP. It might make for a useful reference tool for students.
There were a number of publishers who took government publications and put their own cover on them … I remember buying a “Small Building Construction” guide that was actually a SeaBee technical manual. Is this kind of the same thing?
"Cory Doctorow has written a Guardian column, 'The pirates of YouTube,' about how multinational copyright-holding companies have laid false claim to public domain videos on YouTube. The videos are posted by the nonprofit FedFlix organization, which liberates public domain government-produced videos and makes them available to the world. These videos were produced at public expense and no one can claim to own them, but multinationals from CBS to Discovery Communications have done just that, getting YouTube to place ads on the video that deliver income to their coffers. What's more, their false copyright claims could lead to the suspension of FedFlix's YouTube account under Google's rules for its copyright policing system. This system, ContentID, sets out penalties for 'repeat offenders' who generate too many copyright claims — but offers no corresponding penalties for rightsholders who make too many false claims of ownership."
Global Warming! Global Warming! Science is difficult. Reporting on science is really difficult.
Greenland 'lurched upward' in 2010 as 100bn tons of ice melted
… Professor Michael Bevis … is lead boffin in charge of a network of groundbased GPS stations placed on bedrock outcrops around the Greenland coast, which were set up to measure rises in the rock as the weight of ice atop it diminishes. The stations were set up when gravity-measuring satellite measurements appeared to show colossal rates of ice loss from Greenland, in the range of 300 billion tons annually.
However the stations showed that the initial satellite calculations had failed to properly estimate the bedrock's rebound, and in fact scientists now think that losses from Greenland are probably more in the range of 100 billion tonnes a year, which might cause a worldwide sea level rise in the order of a quarter of a millimetre annually. [Estimates were off by a factor of three, Bob]
… This doesn't seem to mean anything very significant for sea levels globally, however. Throughout the 20th century (about as long as consistent records have been kept) sea levels rose slowly and steadily at around 1.7mm each year, and they have been rising for tens of thousands of years since the last ice age. Like world temperatures, sea levels vary a lot year to year, so they must be measured over a long period to detect any trend. [So 1.7mm times 10,000 years = 17,000mm or 55.7742782 feet Interesting. How far back has this been happening? And where would sea levels have been then? Bob]
… Various global-warming models and predictions suggest that sea-level rise might accelerate massively in a runaway positive feedback loop if global temperatures climb, and so become a major problem - probably the main reason to worry about global warming, if such massive accelerations in the rate of rise actually occur. However the warming seen in the latter half of the 20th century in fact produced no such acceleration. Indeed recent research indicates that the normal rise of the seas may be slowing down somewhat. [Global Cooling! Global Cooling! Bob]
(Related) A reaction to over-reaction? A recognition of reality?
"Canada will become the first country to formally withdraw from the Kyoto protocol on climate change, dealing a symbolic blow to the troubled global treaty. 'Kyoto, for Canada, is in the past,' says Environment Minister Peter Kent. 'We are invoking our legal right to formally withdraw from Kyoto.' Kent, a Conservative, says the Liberals should not have signed up to a treaty they had no intention of respecting and says Ottawa backs a new global deal to cut emissions of greenhouse gases, but insists it has to cover all nations, including China and India, which are not bound by Kyoto's current targets. Kent adds that meeting Canada's obligations under Kyoto would cost $13.6 billion: 'That's $1,600 from every Canadian family — that's the Kyoto cost to Canadians, that was the legacy of an incompetent liberal government.' Kent's announcement came just hours after negotiators in Durban managed to thrash out an agreement at the very last minute — an agreement to begin a new round of talks on a new agreement in the years ahead. 'Staying under 2C will require drastic, immediate action — with global emissions peaking in the next five years or so,' writes Brad Plummer. 'The Durban Platform, by contrast, merely prods countries to come up with a new agreement that will go into effect no later than 2020.'"
“A billion here, a billion there...”
December 12, 2011
CBO - The U.S. Federal Budget: Infographic
The U.S. Federal Budget: Infographic - December 12, 2011: "The United States is facing significant and fundamental budgetary challenges. The federal government's budget deficit for fiscal year 2011 was $1.3 trillion; at 8.7% of gross domestic product (GDP), that deficit was the third-largest shortfall in the past 40 years. (GDP is the sum of all income earned in the domestic production of goods and services. In 2011, it totaled $15.0 trillion.)"
At last! The original formula for Fig Newtons will be revealed!
December 12, 2011
Cambridge Digital Library - Newton Papers
"Cambridge University Library holds the largest and most important collection of the scientific works of Isaac Newton (1642-1727). We present here an initial selection of Newton's manuscripts, concentrating on his mathematical work in the 1660s. Over the next few months we will be adding further works until the majority of our Newton Papers are available on this site."
- Overview of Newton Papers held at Cambridge University Library (from Manuscripts Department website)
- History of Isaac Newton's Papers (from Newton Project website)
A business model for the Information Age? I know a few professors who teach because they would otherwise be bored to death. I even know a few bright students. I wonder if this model could be made to work here?
Accidental Scientist Hawks ‘Online Marketplace for Brains’
Kaggle bills itself an online marketplace for brains. Over 23,000 data scientists are registered with the site, including Ph.D.s spanning 100 countries, 200 universities, and every discipline from computer science, math, and econometrics to physics and biomedical engineering. Companies, governments, and other organizations come to the site with data problems — problems that require the analysis of large amounts of information — and the scientists compete to solve them. Sometimes they compete for prize money, sometimes for pride, and sometimes just for the thrill. “We’re making data science a sport,” reads the site’s tagline.
All of the education sites I read have picked up on this. I wonder why?
YouTube launches schools-friendly video service
YouTube For Schools promises classrooms access to educational videos without the risk of pupils being "distracted by the latest music video or cute cat".
The Google-owned site has put together playlists according to subject matter and intended age level.
… A sister site, YouTube for Teachers, gives advice on how best to use the site for learning.
"After twenty years of hard work, the Encyclopedia of Science Fiction website has recently gone live. It's an online database containing thousands of entries for all things Sci-fi, and a great place to read all about your favourite authors, characters, themes, and everything else."