Saturday, February 25, 2012
Interesting article. Not sure it makes me feel comfortable.
"A profile of Facebook's CSO reveals that his 70-person security team includes 25 people dedicated solely to handling information requests from law enforcement. They get thousands of calls and e-mails from authorities each week, though Facebook requires police to get a warrant for anything beyond a subscriber's name, email and IP address. [Bad reporting alert... Bob] CSO Joe Sullivan says that some government agency tried to push Facebook to start collecting more information about their users for the benefit of authorities: 'Recently a government agency wanted us to start logging information we don't log. [and here I thought they logged everything Bob] We told them we wouldn't start logging that piece of data because we don't need it to provide a good product. We talked to our general counsel. The law is not black-and-white. That agency thinks they can compel us to. We told them to go to court. They haven't done that yet.'"
[From the article:
Sullivan and his team actively police the site for user data worth volunteering to the authorities. [There has to be some... Bob]
… The company gives law enforcement “basic subscriber information” on requests accompanied by subpoenas: a user’s name, e-mail address and IP address (which reveals approximate location). Sullivan insists that everything else—photos, status updates, private messages, friend lists, group memberships, pokes and all the rest—requires a warrant.
… He claims that “99.9% of the time” when Facebook resists a request, the government backs down. [Which leaves a few every week that they honor? Bob]
Attention angry customers!
Judge Awards iPhone User $850 in Throttling Case
When AT&T started slowing down the data service for his iPhone, Matt Spaccarelli, an unemployed truck driver and student, took the country's largest telecommunications company to small claims court. And won.
… Spaccarelli could have many imitators. AT&T has some 17 million customers with "unlimited data" plans who can be subject to throttling. That's nearly half of its smartphone users. AT&T forbids them from consolidating their claims into a class action or taking them to a jury trial. That leaves small claims actions and arbitration.
How important are trends? Are you ready for the next big shift in your field?
"Cultural Observatory at Harvard University in Cambridge, Massachusetts is to index the whole of the ArXiv pre-print database of papers from the physical sciences, breaking down the full text of the articles into component phrases to see how often a particular word or phrase appears relative to others — a measure of how 'meme-like' a term is. The team has already applied a similar approach to 5 million books in the Google Books database to produce their n-gram viewer. But the Google Books database carries with it a major limitation: because many of the works are under copyright, users cannot be pointed to the actual source material. [Perhaps they mean “can't be given a copy of the data...” Bob] Applying the tool to ArXiv means it could be used to chart trends in high-energy physics, for example: a quickening pulse of papers citing the Higgs boson, for example, or a peak in papers about supersymmetry, a theory which may soon be waning."
A handy techie tool?
Windows does not provide its users with the facility to selectively disable USB device types. For example, if you want to disable all storage devices connected to your computer from within Windows, you do not have a convenient solution to employ. But here to help and make the process easier is a tool called USB Manager.
Bad science or bad reporting? I was under the impression that they (scientists on either side of the Global Warming debate) knew how much carbon cars & truck contributed and thought it was an alarming amount. Now I see that they didn't know and still thought it was trivial. See why I no longer trust science reporting?
"Gasoline-burning engines put out twice as much black carbon as was previously measured, according to new field methods tested in Toronto. The tiny particles known as black carbon pack a heavy punch when it comes to climate change, by trapping heat in the atmosphere and by alighting atop, and melting, Arctic ice. With an eye toward controlling these emissions, researchers have tracked black carbon production from fossil fuel combustion in gasoline-burning cars and diesel-burning trucks. Until this study was published [abstract of paywalled article], gas-burning vehicles had been thought to be relatively minor players."
Friday, February 24, 2012
Well, well... This holds out some hope for our local decryption case – the arguments even seem similar.
Eleventh Circuit Finds Fifth Amendment Right Against Self Incrimination Protects Against Being Forced to Decrypt Hard Drive Contents
Orin Kerr writes:
The important decision is In re Grand Jury Subpoena Duces Tecum Dated March 25, 2011. From the opinion by Judge Tjoflat:
We hold that the act of Doe’s decryption and production of the contents of the hard drives would sufficiently implicate the Fifth Amendment privilege. We reach this holding by concluding that (1) Doe’s decryption and production of the contents of the drives would be testimonial, not merely a physical act; and (2) the explicit and implicit factual communications associated with the decryption and production are not foregone conclusions.
Read more on The Volokh Conspiracy.
Why Johnny needs his own (used, less powerful) computer.
"PC Pro's Davey Winder has revealed how pre-school children are being targeted by data thieves. Security vendors have uncovered a bunch of Flash-based games, colorful and attractive to young kids, which came complete with a remote access trojan. The trojan is usually installed behind a button to download more free games, but BitDefender even found one painting application where the very act of swiping the paintbrush over an online pet to change the color of the virtual animal was enough to trigger redirection to an infected site."
Interesting how this type of case can be delayed and hidden...
Accused pretexters enter mystery plea in old HP spy case
A father-and-son team of private investigators charged with crimes relating to Hewlett-Packard's infamous spy scandal entered a plea yesterday in federal court, but that plea was immediately placed under seal by the court.
It's unclear why the pleas were sealed, as related court documents have not been posted publically. But in general, a court has the right to seal documents if they contain issues of confidentiality that outweigh the public's right to access court proceedings and records. In this case, the parties [both sides? Bob] requested the proceedings be sealed, and presiding U.S. District Court Judge D. Lowell Jensen granted that request, his clerk confirmed.
… The secrecy surrounding the case leaves us wondering whether this is just the end of a very old saga, or perhaps--less likely this far down the pike--it's the beginning of a larger federal case targeting those who hired the DePantes' firm to begin with.
Is this the new fingerprint? I wonder if there was any attempt to use fingerprints for more than identification? “People whose prints swirl to the left are always Communists!”
Court OKs Taking DNA From Felony Arrestees
David Kravets writes:
A federal appeals court Thursday upheld a voter-approved measure requiring California authorities to take a DNA sample from every adult arrested on felony accusations in the Golden State.
The American Civil Liberties Union, which brought the challenge in hopes of striking down the measure, argued that DNA sampling of arrestees was an unconstitutional Fourth Amendment search and privacy breach. A lower court had refused to stop the program that has resulted in California securing a DNA database of more than 1.5 million people.
Read more on Threat Level. Obviously, I disagree with the court’s ruling and hope this eventually makes it to the Supreme Court, as I think if these DNA-on-arrest laws stand, why not just arrest everyone in the country and charge them with a felony so you can compile a massive national database? Couldn’t/wouldn’t happen, you say? Didn’t it already happen with our telecommunications being swooped up in nets without warrants?
This is praiseworthy, but I can't help flashing on the thought that it could become mandatory (for the children) and an entire generation will no longer find pain relief in opiates...
"Scientists at Mexico's National Institute of Psychiatry are working on a vaccine that makes the body resistant to the effects of heroin, so users would no longer get a rush of pleasure. The researchers say they have successfully tested the vaccine on mice and are preparing to test it on humans. Mice given the vaccine showed a huge drop in heroin consumption. 'It would be a vaccine for people who are serious addicts, who have not had success with other treatments and decide to use this application to get away from drugs.'"
One puny little protest against a “spying on the serfs” bill can't override years of “we need this (without wasting time on warrants)” whining from intelligence and law enforcement. “Do we really” is not in the political lexicon.
How Internet Companies Would Be Forced to Spy on You Under H.R. 1981
Rainey Reitman writes:
Online commentators are pointing to the Internet backlash against H.R. 1981 as the new anti-SOPA movement. While this bill is strikingly different from the Stop Online Piracy Act, it does have one thing in common: it’s a poorly-considered legislative attempt to regulate the Internet in a way experts in the field know will have serious civil liberties consequences. This bill specifically targets companies that provide commercial Internet access – like your ISP – and would force them to collect and maintain data on all of their customers, even if those customers have never been suspected of committing a crime.
Under H.R. 1981, which has the misleading title of Protecting Children From Internet Pornographers Act of 2011, Congress would force commercial Internet access providers to keep for one year a “log of the temporarily assigned network addresses the provider assigns to a subscriber to or customer of such service that enables the identification of the corresponding customer or subscriber information under subsection (c)(2) of this section.” Let’s break that down into simple terms.
Read more on EFF.
(Related) Some nice words, but unrelated to reality? (see above) Will we look back some day and say “This was the point where everything changed” OR “What ever happened to this?”
The White House issues plan to protect consumer privacy
A “fact sheet” issued by the White House outlines a proposed Consumer Privacy Bill of Rights:
- INDIVIDUAL CONTROL: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
- TRANSPARENCY: Consumers have a right to easily understandable and accessible information about privacy and security practices.
- RESPECT FOR CONTEXT: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
- SECURITY: Consumers have a right to secure and responsible handling of personal data.
- ACCESS AND ACCURACY: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
- FOCUSED COLLECTION: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
- ACCOUNTABILITY: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.
You can read the full plan (60 pp., pdf) on whitehouse.gov.
I've mentioned before that Judge Lamberth seems to have that “logic stuff” down pat. (and he has a way with language!)
Crude tweeter gets unmasked when grand jury investigates whether tweets were just obnoxious speech or threats
Yet another Twitter subpoena to unmask an anonymous tweeter. Once again Twitter notified the user of the subpoena to give him a chance to file a motion to quash. News coverage here and here.
Kudos to Judge Lamberth for allowing the Twitter user to file the motion to quash anonymously, despite how distasteful his tweets were. The judge denied the motion to quash on the basis that any threat against a presidential candidate has to be investigated/taken seriously. The judge notes, however, that he doubts the investigation would result in an indictment as the speech does not appear to pose a credible threat even if the language of at least one tweet is a prima facie threat.
[The decision: http://legaltimes.typepad.com/files/lamberth_twitter.pdf
What a fun can of worms could be! But everyone knows lawyers just use “standard forms” (copyrighted by Ben Franklin) and merely fill in (their version of) the facts.
February 23, 2012
Lawyers Sue Westlaw and Lexis Over Publication of Briefs
Via WSJ Law Blog: "Two lawyers are taking on legal database providers Westlaw and LexisNexis with what appears to be a novel interpretation of copyright law. Edward L. White, a Oklahoma City, Okla., lawyer, and Kenneth Elan, claim WestLaw and LexisNexis have engaged in “unabashed wholesale copying of thousands of copyright-protected works created by, and owned by, the attorneys and law firms who authored them” — namely publicly filed briefs, motions and other legal documents."
(Related) One good copyright article deserve a second...
Joustin’ Beaver App Maker Served A Cease & Desist Order From Justin Bieber
A mobile game created to parody Canada’s biggest teenybopper export in years was just asking for trouble, and that’s what it’s gotten: the developers behind ‘Joustin’ Beaver,’ a mobile game available for iOS and Android devices, have been served with a cease and desist order from lawyers representing Justin Bieber.
… RC3 has responded: “The game is a parody and is protected by the First Amendment of the Constitution. Nowhere in the game is Justin Bieber’s name, photo, image, or life story mentioned.”
I don't need to worry about this, but a certain professor at the law school should remember the pseudonym I use...
February 23, 2012
No good deed goes unpunished and no device that makes textbooks cheap is as cheap as marketing makes it look... It's always the little things...
Will an Avalanche of iPads Crush Business Networks?
Are Apple’s iPads about to overwhelm corporate networks?
The research firm Gartner says that unless businesses plan for it, they could require three times the amount of wireless coverage in order to support the iPad on corporate networks.
The issue? Well, iPads are bandwidth hogs, and they have weaker wireless radios than most laptops. That means that — just like most mobile phones — they can’t connect to an access point as well as a laptop. And with more and more iPads and phones coming on the network, companies that want to support them are going to need to bump up Wi-Fi access points … a lot.
For people like me, who are too cheap to own a smartphone?
Easily send a text message to any phone in the United States, free of charge, regardless of where you live. You will get the responses in your email, and can even respond to responses using email. It’s all at TextPort, a site that makes sending SMS messages from your computer easy.
We’ve shown you how to send a free SMS to any phone via email, but doing so requires you know which carrier all of your friends are on. TextPort figures this out for you, letting you send a quick SMS to any phone number in the US for free. It offers a few other worthwhile tools as well, including a reverse number lookup and a few pay features.
Of course, if I did have a phone.... This also fits my “Ubiquitous Surveillance” category
Recording the audio of your meetings is easy; but it is all a different matter when you need to transcript the audio and share it with other meeting attendees. What you could use is an app that records audio, converts it to text, and let you share the audio as well as the transcription. This is precisely what an Android app called SaveMeeting offers.
SaveMeeting is a phone application for Android devices. The app is free, sized at 1.5 MB, and compatible with devices running Android version 2.2 or later. Using the app, you can begin recording audio anytime and upload it online by adding details to it. Details include meeting title, project title, meeting date, number of attendees, etc. Your recorded audio of a meeting is uploaded online to your SaveMeeting account and can be easily shared with other users on the site.
Similar tools: NoteRec,
Thursday, February 23, 2012
Local The file in question is named something.Ramona, which makes it difficult to deny ownership. I name my files “Correspondence with my Attorney.”
Colorado woman must turn over computer hard drive
On Tuesday, the 10th U.S. Circuit Court of Appeals refused to get involved, saying Ramona Fricosu's criminal case must first be resolved in District Court before her attorney can appeal.
… Federal prosecutors argue that not allowing the government access to encrypted computers would make it impossible to prosecute crimes such as terrorism, child exploitation and drug trafficking.
… The San Francisco-based Electronic Freedom Foundation has opposed the government's actions in the case because it believes easy-to-use encryption software should be used by everybody to prevent computer crimes and fraud, said Hanni Meena Fakhoury, an attorney for the foundation. The case could render those privacy protections useless, he said.
… In Fricosu's case, "the government has no idea what's on that computer," DuBois said. That element makes it different from other cases, he said.
… "It is possible that Ms. Fricosu has no ability to decrypt the computer, because she probably did not set up the encryption on that computer and may not know or remember the password or passphrase," DuBois said in a statement Tuesday.
No doubt this will come as a great relief to politicians everywhere...
Company says YouPorn chat service has been taken offline after user data was compromised
February 22, 2012 by admin
Raphael Satter of Associated Press reports:
Users of a chat service linked to the heavily-trafficked YouPorn website have had their personal information compromised after a third-party service provider failed to secure its data, YouPorn’s owners said Wednesday.
Luxembourg-based Manwin Holding SARL said the chat site had been disabled and would remain offline until an investigation was carried out. Manwin spokeswoman Kate Miller stressed that the site was run by an outside company on separate servers and that there was no breach at YouPorn itself.
Read more on Washington Post. And yes, this is the same firm that owns Brazzers, which was hacked earlier this month.
[From the article:
Manwin runs some of the world’s most-visited pornography websites, and its YouPorn offering is one of the 100 most-popular sites on the planet, according to Web information company Alexa.
What were they thinking? (Why weren't they thinking?)
By Dissent, February 23, 2012
From the what-were-they-thinking dept.:
The VU university’s teaching hospital has been accused of breaking patient confidentiality by allowing a television production company to record patients being treated at its accident and emergency department.
Medical law professor Johan Legemaate and medical ethics expert Erwin Kompanje told television show Nieuwsuur on Wednesday night the hospital had broken the rules by allowing Eyeworks to install 35 remote-controlled cameras to record activity in the department over a two-week period.
In total 1,500 people visited the A&E department while filming was taking place, and some 150 gave permission for Eyeworks to film them.
Read more on DutchNews.nl
Retroactive immunity. Think about it. How is that different from a Presidential Pardon?
DOJ Urges Supreme Court to Halt Challenge to Warrantless Eavesdropping
The Obama administration is urging the Supreme Court to halt a legal challenge weighing the constitutionality of a once-secret warrantless surveillance program targeting Americans’ communications that Congress eventually legalized in 2008.
The FISA Amendments Act (.pdf), the subject of the lawsuit brought by the American Civil Liberties Union and others, allows the government to electronically eavesdrop on Americans’ phone calls and e-mails without a probable-cause warrant so long as one of the parties to the communication is outside the United States. The communications may be intercepted “to acquire foreign intelligence information.”
Why jam? Because it's a fun electronics project? It could keep an on-board anti-theft system from reporting the location of the Bentley you just stole. But if they can triangulate the jamming signal, it's becomes almost like confessing to being a terrorist. (Perhaps a “home on jamming signal” Maverick missile launched from a police “surveillance” drone?)
"A secret network of 20 roadside listening stations across the UK has confirmed that criminals are attempting to jam GPS signals on a regular basis. From the article: 'Government-funded trials involving the police have revealed more than a hundred incidents of GPS jammer use in the UK. The Sentinel project, which has been running since January 2011, was designed to measure GPS jamming on UK roads. The project, run by GPS-tracking company Chronos Technology, picked up the illegal jamming incidents via four GPS sensors in trials lasting from two to six months per location.'"
[From the article:
"The idea behind Sentinel is to detect and locate interference," Chronos Technology's divisional manager Andy Proctor told ZDNet UK on Wednesday. "Until you physically get a jammer in your hands you can't claim 100 percent it's a jammer, because you don't know what's been causing the interference."
(Related) Sounds like there is so much uncontrolled radiation in the UK the citizens will start to glow...
"As the UK nears the end of a lengthy digital TV switch-over, the sale of the analogue TV spectrum for 4G mobile phones will disrupt digital TV in almost a million homes. Affected homes will be issued with a filter or required to upgrade to satellite or cable, and in extreme cases may be granted funding to find their own solution."
It's snowing like an Al Gore nightmare today – maybe I'll stave off boredom by creating an eBook.
And the number of platforms for creating and publishing books digitally keeps on growing and growing. We have already covered PressBooks and Pandamian on KillerStartups (see here and here), and now a site like Hyperink comes along to help those who for any reason or the other found Pandamian and PressBooks too difficult or complex to use.
Wednesday, February 22, 2012
Cui bono? Who benefits? Why would a company gather huge volumes of data if there was no profit to be made?
Data Collection Arms Race Feeds Privacy Fears
Revelations last week that Google Inc, Twitter and other popular Internet companies have been taking liberties with customer data have prompted criticism from privacy advocates and lawmakers, along with apologies from the companies.
They are the latest in a long line of missteps by large Internet companies that have faced little punishment for pushing privacy boundaries, which are already more expansive than most consumers understand.
Despite all the chatter about online privacy and the regular introductions of proposed data protection laws in Congress, Silicon Valley is in the midst of a veritable arms race of personal data collection that is intensifying.
Read more of this Reuters report on Wall Street & Technology.
[From the article:
[What des technology enable? Bob] Many innovative companies, most prominently Facebook, base virtually all of their services on the ability to personalize, which requires them to know their users well. Their business models likewise depend to an increasing degree on the ability to target a banner advertisement or other marketing pitch to an individual. Millions of times each day, the right to advertise to a specific user is auctioned off in a fraction of a second by computers talking to one another.
For both the buyers and the sellers of the advertising, the business advantage goes to the participant with the most knowledge, and that race is driving companies like Google to learn as much about its users as Facebook does.
Few U.S. laws prevent those companies and others from collecting all manner of information - ranging from credit cards numbers and real names and addresses to buying patterns and Web surfing habits - then selling the data to advertisers and other third parties.
… Companies generally face legal threats or a user backlash only after violating their own published privacy policies or being discovered subverting consumer wishes.
(Related) Government knows who has the data they want...
Government Pressures Twitter to Hand Over Keys to Occupy Wall Street Protester’s Location Data Without a Warrant
February 22, 2012 by Dissent
Hanni Fakhoury of EFF writes about the Twitter subpoena I previously mentioned on this blog.
… The subpoena is astonishing not only for its poor grammar, but also for the breadth of information the government wants for a trivial crime that hardly requires it. The government’s request that Twitter hand over Tweets is unlikely to succeed because consistent with the Stored Communications Act, Twitter releases “contents of communication” (effectively Tweets and private messages between Twitter users) only with a search warrant. In any event, Mr. Harris’ account is “public”, meaning the government could obtain Tweets simply by checking out Mr. Harris’ Twitter feed. Plus, requesting Tweets only highlights the absurdity of the entire situation: why would the government need Tweets from both before and after the October 1 protest to prove he was obstructing traffic on the bridge? In any event, government fishing expeditions like this raise serious First Amendment concerns. Mr. Harris was very outspoken about his support of and involvement in the Occupy Wall Street movement. With this overbroad subpoena, the government would be able to learn about who Mr. Harris was communicating with for an extensive period of time not only through Tweets, but through direct messages. And with the government’s request for all email addresses associated with @destructuremal, they could subpoena Mr. Harris’ email provider to get even more information about who he communicated with. The First Amendment shouldn’t be trampled with only an expansive subpoena in a case that barely registers as “criminal.”
Given that much of Mr. Harris’ Twitter information (like Tweets and followers) is already public, it’s very likely that the government was really after something else: location data. By attempting to subpoena these records, the government can get around the Fourth Amendment’s prohibition against warrantless searches by requesting information that includes IP addresses.
Read more on EFF.
As EFF argues, and as I’ve often maintained on this blog, Congress must update ECPA and it needs to extend 4th Amendment protections to our online records. But as importantly, and not really discussed in Hanni’s post, Twitter (and other platforms) needs to stop logging IP data – or at least significantly reduce the log retention so that the government cannot go after these data.
Google Sued by Apple Safari-User Over Web-Browser Privacy
Phil Milford and Jef Feeley report:
Google Inc. officials were sued for violating users’ privacy rights on Apple Inc.’s Safari Web browser by bypassing computer settings designed to block monitoring of consumers’ online activity.
Google, the world’s biggest Internet-search company, has been dodging privacy settings in Safari, which serves as the primary Web browser on Apple’s iPhone and iPad products, lawyers for an Illinois man who uses the Safari browser said in a lawsuit filed [last Friday] in federal court in Delaware.
Read more on Bloomberg Businessweek.
[From the article:
“Google’s willful and knowing actions violated” federal wiretapping laws and other computer-related statutes, attorneys for Matthew Soble said in the complaint.
(Related) Just because everyone wants to be like Facebook does not mean that is a very lofty goal...
Facebook lawsuits sent to SF federal court
Ari Burack reports on the consolidation of Facebook lawsuits:
A series of class-action lawsuits contending that the popular social networking site Facebook illegally tracked members’ Internet activity on other websites has been moved to a federal court in San Francisco.
Read more on The San Francisco Examiner.
Someone believes in Global Warming!
February 21, 2012
New Study: Americans Pay More for Weather Catastrophes as Insurers Increasingly Shift Costs to Consumers and Taxpayers
"The Consumer Federation of American (CFA) today released a new study with insurance industry data that found that insurance companies have significantly and methodically decreased their financial responsibility for weather catastrophes like hurricanes, tornados and floods in recent years, shifting much of the risk and costs for these events to consumers and taxpayers. The report is being released as insurers in eleven states have requested large homeowners’ insurance rate increases of 18 percent or more. “Insurance commissioners should block many of these pending rate increases because they place an unwarranted financial burden on homeowners, many of whom are coping with severe financial difficulties in a bad economy,” said J. Robert Hunter, CFA’s Director of Insurance and former federal insurance administrator and state insurance commissioner. “In the last twenty years, insurers have been so successful at shifting costs to consumers and taxpayers that they are currently overcapitalized and cannot justify higher homeowners’ rates.” Insurance executives frequently remind the public and regulators of the frequency and severity of catastrophic events. CFA’s study, The Insurance Industry’s Incredible Disappearing Weather Catastrophe Risk, found that some of the savings insurers have achieved are legitimate, the result of the use of reinsurance and wise risk diversification strategies." [Suggesting “we don't want to cover that” is illegitimate? Bob]
Nifty little research tool with “find related articles” feature?
ReadCube is a PDF documents reader for people who are conducting research. The tool is basically a desktop client that has versions for both Windows and Mac computers.
… Based on your papers, you are provided article recommendations by ReadCube.
- Similar tool: Proposalpad.
- Also read related article: 4
Really Light Alternatives to Adobe Reader.
[Some claims from the ReadCube website:
Clickable references take you straight to the articles referenced in the paper you are reading.
Immediately view articles that cite the paper you are reading, or those that are related to it.
Get daily article recommendations based on your research interests and the contents of your library – so you need never worry about missing that important paper again.
Tuesday, February 21, 2012
How should I read this? It took him 8,000,000 attempts to find 400 accounts? £350,000 sounds so small I'm inclined to call him Dr. Evil...
UK: Computer whizz faces jail for writing programme to steal personal details of 8 MILLION people, including 400 PayPal accounts
February 20, 2012 by admin
Chris Parsons reports:
A computer expert who ‘plotted a £350,000 fraud’ is facing jail today after admitting he stole the personal details of more than eight million people.
Edward Pearson, 23, also admitted he illegally obtained the credit card details of 400 PayPal customers in an 18-month scam.
Read more on The Daily Mail. Sadly, there are no details on the software he wrote to amass the 8 million individuals’ details.
I'm sure the government will do a much better job...
According to a study from Ponemon and MegaPath, negligent employees and failure to meet compliance needs are the key reasons that more than 90-percent of the small healthcare networks included in the study suffered a breach last year.
… 'Surprisingly, only 30 percent agree that they have adequate resources to ensure that privacy and data security requirements are met.'
Moreover, there is a clear lack of definition when it comes to responsibility, as one-third of those who took part in the MegaPath-funded study said that no one person has overall responsibility for protecting patent data. This is on top of the 70-percent in the study that reported that their organizations lack the funding to meet governance, risk management and compliance requirements.
The full report is online, but registration is required.
...but it is okay for Facebook to provide free facial recognition, right?
Ca: Court order required to use facial recognition to identify Stanley Cup rioters
Jonathan Fowlie reports:
The Insurance Corp. of British Columbia cannot use facial recognition to identify Stanley Cup rioters without a court order, B.C.’s privacy commissioner said in a report released Friday.
Commissioner Elizabeth Denham launched an investigation into ICBC’s use of facial recognition technology shortly after the June 2011 Stanley Cup riots, when the corporation — the provincial Crown corporation that provides auto insurance, driver and vehicle licensing and registration to B.C. motorists — offered to match external photographs of alleged rioters against its driver’s licence database.
Read more on Vancouver Sun.
An answer to the growing concern over drones? And a question: what is the “Law of Drones?” A drone a 30,000 feet is virtually undetectable, but how low can they be before they become a hazard, an intrusion or a target?
Animal rights group says drone shot down
A remote-controlled aircraft owned by an animal rights group was reportedly shot down near Broxton Bridge Plantation Sunday near Ehrhardt, S.C.
Steve Hindi, president of SHARK (SHowing Animals Respect and Kindness), said his group was preparing to launch its Mikrokopter drone to video what he called a live pigeon shoot on Sunday when law enforcement officers and an attorney claiming to represent the privately-owned plantation near Ehrhardt tried to stop the aircraft from flying.
"It didn't work; what SHARK was doing was perfectly legal," Hindi said in a news release. "Once they knew nothing was going to stop us, the shooting stopped and the cars lined up to leave."
He said the animal rights group decided to send the drone up anyway.
"Seconds after it hit the air, numerous shots rang out," Hindi said in the release. "As an act of revenge for us shutting down the pigeon slaughter, they had shot down our copter."
He claimed the shooters were "in tree cover" and "fled the scene on small motorized vehicles." [Or wandered away when they realized there were no more targets? Bob]
Making money on Ubiquitous Surveillance?
Crowdsourcing As A Service: Citizen Reporters, Mystery Shoppers and Intelligence Gathering
Smartphones aren’t just great devices for communication and consumption; they’re also incredibly powerful tools for gathering information. Once you cross from hardware to software, it almost doesn’t matter what kind of information it is. What matters is mobilizing that huge network of machines and making sense of the information they’re sharing.
This, at least, is Engagement Media Technologies’ central premise. E MT makes mobile apps and backend services for three very different industries: citizen journalism, retail brand engagement, and intelligence and security operations.
A market for my “Write like Shakespeare” app? “The first thing we do, let's kill all the lawyers.”
"Arvind Narayana writes: What if authors can be identified based on nothing but a comparison of the content they publish to other web content they have previously authored? Naryanan has a new paper to be presented at the 33rd IEEE Symposium on Security & Privacy. Just as individual telegraphers could be identified by other telegraphers from their 'fists,' Naryanan posits that an author's habitual choices of words, such as, for example, the frequency with which the author uses 'since' as opposed to 'because,' can be processed through an algorithm to identify the author's writing. Fortunately, and for now, manually altering one's writing style is effective as a countermeasure."
In this exploration the algorithm's first choice was correct 20% of the time, with the poster being in the top 20 guesses 35% of the time. Not amazing, but: "We find that we can improve precision from 20% to over 80% with only a halving of recall. In plain English, what these numbers mean is: the algorithm does not always attempt to identify an author, but when it does, it finds the right author 80% of the time. Overall, it identifies 10% (half of 20%) of authors correctly, i.e., 10,000 out of the 100,000 authors in our dataset. Strong as these numbers are, it is important to keep in mind that in a real-life deanonymization attack on a specific target, it is likely that confidence can be greatly improved through methods discussed above — topic, manual inspection, etc."
February 20, 2012
Encyclopedia of the future of news, by Nieman Journalism Lab
"Encyclo is an encyclopedia of the future of news, produced by the Nieman Journalism Lab at Harvard University...our main site emphasizes new developments and the latest news. We think there’s great value in a resource that steps back a bit from the daily updates and focuses on background and context. What is it about Voice of San Diego that people find interesting? How has The New York Times been innovating? What model is Politico trying to achieve? Those kinds of questions are why we decided to build Encyclo — a resource on the most important organizations and issues in journalism’s evolution... Our initial focus is on the companies and organizations that are having a big impact on the future of news. That includes a lot of traditional news organizations doing innovative work (like The New York Times, The Atlantic, The Guardian, and CNN) and a lot of newcomers whose business models are made possible by the Internet (like Talking Points Memo, GlobalPost, and West Seattle Blog). Some are nonprofits focusing on high-end investigative and watchdog work..."
Tweets are like blogs are like newspapers are like...
February 20, 2012
Who Gives A Tweet? Evaluating Microblog Content Value
Who Gives A Tweet? Evaluating Microblog Content Value, Paul André - Carnegie Mellon; Michael Bernstein - MIT, and Kurt Luther - Georgia Tech, February 2012
- "While microblog readers have a wide variety of reactions to the content they see, studies have tended to focus on extremes such as retweeting and unfollowing. To understand the broad continuum of reactions in-between, which are typically not shared publicly, we designed a website that collected the first large corpus of follower ratings on Twitter updates. Using our dataset of over 43,000 voluntary ratings, we find that nearly 36% of the rated tweets are worth reading, 25% are not, and 39% are middling. These results suggest that users tolerate a large amount of less-desired content in their feeds. [Is this so different from earlier media? Bob] We find that users value information sharing and random thoughts above me-oriented or presence updates. We also offer insight into evolving social norms, such as lack of context and misuse of @mentions and hashtags. We discuss implications for emerging practice and tool design."
- See also via Atlantic, Be Better at Twitter: The Definitive, Data-Driven Guide
Perspective What do these two groups have in common?
Age, income dial up smartphone ownership rates
People 24 to 34 are most likely to own a smartphone, but those 55 to 64 making more than $100,000 are also front-runners, Nielsen finds.
The Post-Office Generation
A recent post on MinimalMac posits an interesting case for the slow, growing sense of the irrelevance
of Microsoft, at least in the applications space.
… with the rise of tablets, office workers have suddenly noticed that they don’t need Office anymore. All they need is an email app, a notepad, and something like Dropbox. You can open Office docs on any device, you can edit text on nearly any tablet, and $9.99 gets you a capable word processor on the iPad. In short, Office is becoming irrelevant.
Now you can use language gooder!
LibreOffice, an off-shoot of OpenOffice founded by former contributors to the OpenOffice project in 2010, has just been updated to 3.5. Several new features are part of the update including a new grammar checking tool which is included in Writer.
The goal of the new utility is to check sentences for grammatical errors more accurately. False alarms have always been a problem. The changes, which are explained in a blog post on the LibreOffice website, aim to reduce the chance that unusual spacing or capitalization (such as that used in an abbreviation) is wrongly flagged as incorrect.
Monday, February 20, 2012
I wonder how common this is? Some indication in the Comments section that companies are looking for “engaged” employees!
"Companies can get a lot of mileage out of social networking services from the likes of Google or Facebook. Chat, document collaboration, and video conferencing using services like Google+ Hangouts or Facebook's Skype are seductive additions to an IT arsenal. But a lot of people have privacy concerns about these services, and there's no shortage of horror stories how these sites track and exploit their users' habits. Would you work for a company that forced its employees to join a social network?"
Well, that's one possible reaction...
"Bloggers around the world have been commenting on recently leaked Heartland Institute documents that reveal their internal strategies to discredit climate science. These posters are now under threat of legal action. According to the Heartland Institute 'the individuals who have commented so far on these documents did not wait for Heartland to confirm or deny the authenticity of the documents. We believe their actions constitute civil and possibly criminal offenses for which we plan to pursue charges and collect payment for damages'"
The Next Big Things?
The “Unhyped” New Areas in Internet and Mobile
We are in a whole new world of platforms, a post-PC era, which I’d more aptly describe as the always/everywhere era, finally, and that means a whole new set of opportunities
… Personally, it is hard to see all the areas in which some disruptive or large new segment idea will take off, but it is clear that there are many. So when going fishing for these, I have defined certain pools that are more interesting than others in which to fish. I call them the “unhyped dozen”
- Data Reduction or Filters (Siri, Donna, Recorded Future, and many others): “Reducing, filtering and processing data streams to deliver the information or action that is relevant to you.”
- Big data or Analytics (Ness, Billguard, The Climate Corporation, Kaggle, Datasift): “Analyzing massive amounts of structured and unstructured data to deliver unique services or analysis.”
- Emotion (Foodspotting, Ness, Instagram): “Services that evoke strong emotions in users,”
- TV 2.0 (Miso, Flingo, Maker Studios, both first and second screen apps as well as content production & sourcing): “TV as an interactive and social experience both on the primary and the second screen.”
- Social Next (intersecting with all the interest graph stuff and verticals like Github, Coursekit, and Researchgate): “Social as a useful and productive part of lives—enabling collaboration and deep community building around the world in specific areas.”
- Interest-based networks (where Meebo is pivoting to, Twitter, Snip.it, State): “User driven content that maps to people’s interests both for a better user experience and better targeting.”
- Health 2.0 (Jawbone UP, Nike Fuelband, Empatica, BodyMedia, MC10, Fitbit, iBike, Recon, Withings, Alivecor): “Exponentially growing data will yield personalized lifestyle suggestions, improved outcomes, predictive diagnostics and applications we can’t imagine.”
- Internet of Things/Universal ID/NFC/Smart sensors (a technology with the applications still to emerge): “Sensors and authentication technologies which will interconnect everything and remake our interaction with the world around us.”
- Personal Collaborative Publishing (Pinterest, Tumblr, storify, Snip.it): “Truly free press with no barriers to entry and personalized interest-based curation.”
- Utility Apps (Siri, Seatme, Ifttt, Uber, and many, many more): “Leverage device ubiquity and context to deliver valuable services.”
- Marketplaces & Disintermediation (Interview Street, Kaggle, Etsy): “Remove the middle man, increase market efficiency and produce better results, faster“
For my geeky students
February 19, 2012
Field Guide to Web Applications 2012 Edition
Official Google Code Blog, Pete LePage, Developer Advocate: "...the Chrome Developer Relations team launched several new resources, including the Field Guide to Web Applications. It’s a new resource that is designed to help web developers create great web apps. We’ve heard loud and clear from users that they want more and better web apps, and we hope this new field guide will enable you to create those web apps. Our fictitious author Bert Appward guides you through topics like the properties of web applications, design fundamentals, tips for creating great experiences, and a few case studies that put best practices to use. Whether you're building your first web app or are just looking for ways to improve your existing apps, I hope you'll find the field guide useful."
For my Computer Security students
"The popular free security tool HijackThis has been open sourced by its owner, Trend Micro. The tool scans systems to find settings that may have been modified by spyware, malware or other programs that have wiggled their way onto a system and caused problems. Downloaded over 10 million times, HijackThis generates reports to help users analyze and fix an infected or problem computer. But the tool is not designed for novices – and doesn't actually determine what's good or bad. That's up to you, but it is a good way to keep an eye on things and possibly locate anomalies that may have been missed by other security products. Trend Micro warns that if you don't know what you're doing, it's probably not a good idea to make any changes to your computer settings and system files. Trend Micro acquired the tool from creator Merijn Bellekom in 2007, and has offered it for free ever since, but now is making the code available to the public. The code, originally written in Visual Basic, is now officially available at Sourceforge here."
Sunday, February 19, 2012
Fortunately, I already have a foil lined cowboy hat. Just remember, don't look up!
"A new federal law, signed by the president on Tuesday, compels the Federal Aviation Administration to allow drones to be used for all sorts of commercial endeavors — from selling real estate and dusting crops, to monitoring oil spills and wildlife, even shooting Hollywood films. Local police and emergency services will also be freer to send up their own drones. But while businesses, and drone manufacturers especially, are celebrating the opening of the skies to these unmanned aerial vehicles, the law raises new worries about how much detail the drones will capture about lives down below — and what will be done with that information. Safety concerns like midair collisions and property damage on the ground are also an issue."
“Gee whiz, everyone wants us to do our job! How strange.”
WPF files FTC complaint against Google and others over Safari privacy settings circumvention
February 18, 2012 by Dissent
The World Privacy Forum filed a complaint with the US Federal Trade Commission today regarding the circumvention of users’ expressly stated browser privacy choices without notice. “The World Privacy Forum requests that the Federal Trade Commission (FTC) investigate Google, Vibrant Media, Media Innovation Group, and Pointroll for potential violations of Section 5 of the FTC Act. These companies willfully overrode users’ privacy preferences as expressly stated by the users in their browser settings. Overriding privacy preferences and doing so without notice are both unfair and deceptive business practices.” The complaint further requests the Commission look into the companies’ violations of the NAI code, and in Google’s case, violation of its consent agreement with the Commission.
The latest brouhaha arose after publication of research by Jonathan Mayer, Safari Trackers.
(Related) “You have to pick your battles. Just because it irritates millions of people doesn't mean it rises to the level where we would get heat from the politicians that fund us...”
FTC Files Opposition / Motion to Dismiss in EPIC v FTC
February 18, 2012 by Dissent
The Federal Trade Commission today filed an opposition and a motion to dismiss in response to EPIC’s complaint to compel the agency to enforce the October 2011 Consent Order against Google. The government stated that EPIC would “deprive the Commission of the discretion to exercise its enforcement authority.” The government also charged that EPIC’s lawsuit is “completely baseless.” The papers were filed in federal District Court on the same today that the Wall Street Journal reported that Google had subverted the privacy settings of millions of users of the Internet browser software Safari. For more information see: EPIC: EPIC v. FTC (Google Consent Order).
Wow. Talk about stupid decisions...
"The universities of Western Ontario and Toronto have signed a deal with Access Copyright that allows for surveillance of faculty correspondence, defines e-mailing hyperlinks as equivalent to photocopying a document, and imposes an annual $27.50 fee for every full-time equivalent student to pay for it all. Access Copyright is a licensing agency historically used by most universities in Canada to give them blanket permission to reproduce copyrighted works, largely to address photocopying concerns that may extend beyond basic fair-use. Since the expiration of this agreement, and with recognition that many academic uses do not require copyright permissions or payments or are already covered under vendor-specific agreements, Canadian academic institutions have been united in opposing continuation of the agreement with the agency. Access Copyright has countered with a proposal for increased fees, and expansion of the definition of copyright to include linking and the need for online surveillance. In a strange breaking of ranks, the University of Western Ontario and the University of Toronto have capitulated and signed agreements that basically accede to the licensing agency's demands. The Canadian Association of University Teachers bulletin provides detailed background on the issue (PDF)."
“Our serfs are so ignorant that they will happily pay for us to monitor their private lives...”
“If you've got nothing to hide, we'll make something up.”
"In vogue with other countries cracking down on freedom and democracy on the internet as discussed in Slashdot recently, the UK is joining in with plans to track all phone calls, text messages, email traffic and websites visited online, all to be stored in vast databases under new government anti-terror plans. As reported in The Telegraph, security services will have access to information about who has been communicating with each other on social networking sites such as Facebook, direct messages between subscribers on Twitter would also be stored, as well as communications between players in online video games. The scheme is a revised version of a plan drawn up by the ex-Labour government which would have created a central database of all the information. The idea was later dropped in favor of requiring communications providers to store the details at the taxpayers' expense."
"Australian police, along with government agencies, are accessing phone and internet account information, outward and inward call details, phone and internet access location data, and details of IP addresses visited of Australian citizens, all without judicial warrants . In the last two years, some states have shown an increase of more than 50 per cent in these surveillance authorizations, which can be granted by senior police officers and officials instead of a magistrate or judge."
'cause if you want to remain anonymous, you must be a terrorist!
Feds Want to Warrantlessly Track Phones Bought with Fake Names
If the DOJ gets its way, it won't need a warrant to monitor people who buy cell phones and other electronic services using a fake name, according to a story in today's Wall Street Journal.
The DOJ is arguing that because a California man used a fake name when he bought a broadband card, service and a computer (and rented his apartment) he's not entitled to protection under the fourth amendment.
The government used a device called a Stingray to locate the broadband card being used by Daniel David Rigmaiden. The Stingray mimics a cell phone tower, and pings the target device. It measures the signal strength, and then moves to another location and measures it again. It uses that data to triangulate the phone's position. They are increasingly being used by law enforcement.
The Next Big Thing?
Beyond Facebook: The Rise Of Interest-Based Social Networks
… Some say “social is done,” Facebook is all the social media anyone would ever want or need. Unquestionably, as it nears one billion accounts, in the solar system of social media, Facebook is the Sun — the gravitational center around which everything social revolves.
But while some may pronounce that Facebook is all the social we’d ever need, users clearly haven’t gotten the memo. Instead, users are rapidly adopting new interest-based social networks such as Pinterest, Instagram, Thumb, Foodspotting, and even the very new Fitocracy.
… Interest-based social networks have a markedly different focus and approach than Facebook. The Pinterest, Thumb and Foodspottings of the world enable users to focus and organize around their interests first, whereas Facebook focuses on a user’s personal relationships.
For my Ethical Hackers: Perhaps you should contact your targets BEFORE you hack them?
"The BBC reports that software development student Glenn Mangham, a 26-year-old from the UK, was jailed 17 February 2012 for eight months for computer misuse, after he discovered serious Facebook security vulnerabilities. Hacking from his bedroom, Mangham gained access to three of Facebook's servers and was able to download to an external hardrive the social network's 'invaluable' intellectual intellectual property (source code). [Why would there be any source code on Internet connected servers? Oh wait... Have I “discovered” another “serious security vulnerability?” Bob] Mangham's defense lawyer, Mr. Ventham, pointed out that Mangham is an 'ethical hacker' and runs a tax registered security company. The court heard Mangham previously breached Yahoo's security, compiled a vulnerability report and passed on to Yahoo. He was paid '$7000 for this achievement,' and claims he was merely trying to repeat the same routine with Facebook. But in passing sentence, Judge Alistair McCreath said despite the fact he did not intend to pass on the information gathered, his actions were not harmless and had 'real consequences and very serious potential consequences' for Facebook. The case's prosecutor, Mr. Patel, said Facebook spent '$200,000 (£126,400) dealing with Mangham's crime.'"
I'm not so sure that I'd like a “keeper of any information they can gather about me” to “help” me generate a password...
"Google is in the process of developing a tool to help users generate strong passwords for the various and sundry Web sites for which they need to register and authenticate. The password-generator is meant to serve as an interim solution for users while Google and other companies continue to work on widespread deployment of the OpenID standard. The tool Google engineers are working on is a fairly simple one. For people who are using the Chrome browser, whenever a site presents them with a field that requires creating a password, Chrome will display a small key icon, letting the users know that they could allow Chrome to generate a password for them."
315 million for “failure to test?”
"A preliminary settlement has been reached in the class-action lawsuit brought against Apple in June 2010 over the 'Antennagate' fiasco. Ira Rothken, co-lead counsel for the case, says there are 21 million people entitled to either $15 or a free bumper. 'The settlement comes from 18 separate lawsuits that were consolidated into one. All share the claim that Apple was "misrepresenting and concealing material information in the marketing, advertising, sale, and servicing of its iPhone 4 — particularly as it relates to the quality of the mobile phone antenna and reception and related software." The settlement has its own Web site, www.iPhone4Settlement.com, which will be up in the coming weeks (the site doesn't go anywhere right now). There, customers will be able to get information about the settlement and how to make a claim. As part of the arrangement, e-mails will also be sent alerting original buyers to the settlement before April 30, 2012. The claims period is then open for 120 days.'"
How do I categorize this one? Sort of like a reverse 911? Sort of like a gang of vigilantes? Neighborhood watch? Could this return that sense of community we seem to be losing?
"A Kenyan chief in a town far from the bustling capital foiled a predawn robbery recently using Twitter, highlighting the far-reaching effects of social media in areas that don't have access to the Internet. Chief Francis Kariuki said he got a call in the dead of the night that thieves had broken into a neighbor's house. Local residents, who subscribe to his tweets through a free text messaging service, jumped into action. They surrounded the house, sending the thugs fleeing into the night. In the town 100 miles from Nairobi, a majority of residents don't have access to computers, the Internet or smart phones. The sporadic cyber cafes strewn across the landscape charge for Internet access. However, almost every household has a cell phone and text messages are a major form of communication in the nation."
Any perspective is helpful...
February 18, 2012
A Comprehensive Guide for Best Practices in Cloud Computing for State and Local Governments
A Comprehensive Guide for Best Practices in Cloud Computing for State and Local Governments, February 2012
- "Sensing the convergence of these business and technology trends, in September 2011 the TechAmerica Foundation formed a group of experts to develop guidance for helping state and local governments evaluate, adopt and implement cloud computing. This State and Local Government Cloud Commission (SLG-CC) initiative follows the Foundation’s earlier release of a blueprint for the U.S. federal government’s adoption of cloud computing, which supported the Obama Administration’s cloud-first strategy for government technology and for driving U.S. commercial leadership and innovation... This paper is a distillation of the SLG Cloud Commission’s efforts. It addresses cloud access and deployment challenges that are unique to states and localities — including procurement practices — and provides recommendations for surmounting barriers. In producing its recommendations, the Commission considered delivery of critical services to the public, such as healthcare, human services, and education, and discussed ways that large, complex programs can best leverage the cloud."
Multitenancy and Cloud Platforms: Four Big Problems
Who do you know that might benefit from this freebie?
With all of the innovation currently going on in computer science, many of us often get curious about finding out more. The Computer Science 101 is an excellent way to do that where everybody, even people with no computer science knowledge or experience, can take an online course. The course is offered free of charge by Nick Parlante who has been teaching computer science at Stanford for more than 20 years.
The course starts February 2012 and in addition to providing a general background of hardware and software, also dives into short bits of computer code so students can discover the potential and limitations of computer science. The course is completely browser based so there is nothing to install or download.
Similar tool: Google Code University,
Business opportunities? Would Burger King & Pepsi sponsor my Open Source Math textbook?
New Hope For Open Source Textbooks
… Free digital open source textbooks are a promising alternative for states looking to cut costs and for universities trying to spare students from the soaring price of higher education. A growing number of laptop computers and tablets in the classroom provide an even greater opportunity to switch.
… The idea of open source textbooks is not new. They have been around for more than a decade, a period in which the major commercial publishers hiked textbook prices faster than inflation.
Until recently, however, open source textbooks gained little traction, in part, because of the byzantine process for approving school books. State and local school boards, which insure that books meet standards, are not known for innovative thinking.
… One source of hope is a new initiative from Apple that offers publishers tools to more easily create digital textbooks and then sell them in Apple’s iBookstore for iPads. Kno and Inkling, two start-ups, offer competing platforms.
All three companies welcome working with publishers of free textbooks. In fact, a free open source statistics textbook from 20 Million Minds Foundation, a publisher of open source textbooks, is already available on Kno.
… Neeru Khosla, co-founder of CK-12 Foundation, a non-profit open source textbook publisher, said that the toughest part of open source textbooks is dealing with the state bureaucracy.