Saturday, March 03, 2012

“Can we block your connections?”
"The Federal Communications Commission is reviewing whether or when the police and other government officials can intentionally interrupt cellphone and Internet service to protect public safety. A scary proposition which will easily become a First Amendment issue. Does the FCC have the authority to [regulate local or state authorities' decision to] take down cellular networks if they determine there is an imminent threat? The FCC is currently asking for public input (PDF) on this decision."
According to the article, "among the issues on which the F.C.C. is seeking comment is whether it even has authority over the issue. The public notice asks for comment on whether the F.C.C. itself has legal authority over shutdowns of wireless service and whether it can pre-empt local, state or federal laws that prohibit or constrain the ability of anyone to interrupt service." Maybe they just don't like being upstaged by BART.

Ubiquitous surveillance. Think of the Lower Merion High School flap (students being photographed in their bedrooms) only now everyone can be watched on any video/photo enabled device.
"The little cameras in your home are multiplying. There are the ones you bought, perhaps your SLR or digital camera, but also those that just kind of show up in your current phone, your old phone, your laptop, your game console, and soon your TV and set-top box. Varun Arora, founder of startup GotoCamera in Singapore, wants you to turn them all on and let his company's algorithms analyze what they show, then sell the results as marketing data, in a sort of visual version of what Google and other firms do with search results and free email services."

(Related) We like surveillance enough to pay for it!
Highlight, the people discovery app that could change the world
… Highlight is a mobile app that helps you learn more about the people around you. If you are standing near me and you also have Highlight installed, your profile will show up on my phone. I can see your name, profile photo, all of the friends we have in common, and all of the other things we have in common--like if we went to the same school or are from the same hometown. I can also see a history of the times we have crossed paths before. If I am walking down the street and Highlight sees someone particularly interesting crossing my path, it will notify me.

I find it hard to believe they could summarize bio-ethics in 15 pages, let alone translate that into something technology researchers will understand. But I'm not sure it won't become a worthy supplement to the legal framework eventually.
EPIC Urges DHS to Abide by Privacy Laws When Conducting Technology Research
March 3, 2012 by Dissent
From EPIC:
Earlier this week, EPIC submitted comments to the DHS on “The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research.” DHS sought public views on the privacy implications of ethical human subject research in information and communication technology research. EPIC said that many federal privacy laws, such as the Privacy Act of 1974, set out legal standard for how government agencies should protect personal data. EPIC strongly urged DHS to abide by federal privacy laws rather than adopt non-binding principles, which are not enforceable and provide few rights for individuals. For more information, see EPIC: Privacy and The Common Rule
Alice Lipowicz reports on the letter on Federal Computer Week.
[This is part of the report they object to:
Respect for public interest can often be addressed by obeying relevant laws. If applicable laws conflict with each other or with the public interest, and a decision is made to not comply with legal obligations that are viewed as unethical, researchers should have ethically defensible justification and be prepared to accept responsibility for their actions and consequences.

I think it's a great idea we don't (yet) know how to make secure...
A few countries, like Estonia, have gone for internet-based voting in national elections in a big way, and many others (like Ireland and Canada) have experimented with it. For Americans, with a presidential election approaching later this year, it's a timely issue: already, some states have come to allow at least certain forms of voting by internet. Proponents say online elections have compelling upsides, chief among them ease of participation. People who might not otherwise vote — in particular military personnel stationed abroad, but many others besides — are more and more reached by internet access. Online voting offers a way to keep the electoral process open to them. With online voting, too, there's no worry about conventional absentee ballots being lost or delayed in the postal system, either before reaching the voter or on the way back to be counted. The downsides, though, are daunting. According to RSA panelists David Jefferson and J. Alex Halderman, in fact, they're overwhelming. Speaking Thursday afternoon, the two laid out their case against e-voting. [Much more follows Bob]

I'll look for the transcript (or the video) since the slides are merely suggestive.
March 02, 2012
Pew - The emerging information landscape - 8 realities of the "new normal"
"Pew Director Lee Rainie gave a keynote at the NFAIS annual conference about the way the internet and mobile connectivity have transformed the worlds of networked individuals. He discussed how normal life has changed in the past decade because of three revolutions in technology:
1) the spread of broadband;
2) the rise of mobile connectivity; and
3) the emergence of technological social networks.
He discussed trends and likely future developments in technology that will shape the way people learn, share, and create information. The slides in PDF are here."

Are there lessons here for other media?
"In March 2011, personalized-magazine startup Zite got a cease-and-desist letter from a group of 11 media giants outraged by the way Zite's popular iPad app 'misappropriated' their news articles. By August 2011, Zite had become part of CNN, which is owned by Time Warner, one of the organizations behind the C&D letter. Zite's brief clash with the media establishment, followed by its swift assimilation into the same establishment, is emblematic of a larger story unfolding in the media business: the grudging acknowledgement by publishers that readers want to access their content in new ways. In this article Zite CEO Mark Johnson explains how the startup mollified publishers (by presenting articles in 'Web view' mode rather than a stripped-down 'reader mode'), why CNN bought the company, and how it strives to make reading more enjoyable while still respecting publishers' business models."
[From the article:
Old-line media companies have spent the last 25 years coping with the digital fragmentation of their content, starting with CompuServe and AOL in the 1980s and exploding in recent years across the Web, RSS, Google News, Flickr, YouTube, Facebook, Twitter, Tumblr, and all the rest. Just as they’ve started to figure out how to make money in this radically altered world—not as much as they did in the print era, but something above zero— a new technology trend comes knocking: apps like Zite, Flipboard, and Pulse that hoover up publishers’ content fragments and put them back together in the form of tablet- and smartphone-based “magazines.” (See “The 10 Social News Apps You Need to Try,” 1/20/12.)

For my Data Mining & Data Analysis students...
"The ACM's Queue magazine has a new, comprehensive taxonomy of visualization techniques, drawing from the theories of Edward Tufte and citing examples from academia, government, and the excellent NYT visualization team. This list contains 12 steps for turning data into a compelling visualization: Visualize, Filter, Sort, Derive, Select, Navigate, Coordinate, Organize, Record, Annotate, Share, & Guide. 'For developers, the taxonomy can function as a checklist of elements to consider when creating new analysis tools.' The citations alone make this an article worth bookmarking."

Would the average police department know how to use Facebook this way?
The website Criminal Justice Degrees Guide posted an interesting infographic today about how Facebook played a pivotal role in solving 20 different criminal cases. Police are finding ways to use the social networking site to track down cyberstalkers, pranksters gone awry, and inappropriate posting of information. The UK police have reported a sharp rise in Facebook-related crimes in the past few years.

Should this be on my Ethical Hacking wish list?
The Little White Box That Can Hack Your Network
… Built by a startup company called Pwnie Express, the PwnPlug is pretty much the last thing you ever want to find on your network — unless you’ve hired somebody to put it there. It’s a tiny computer that comes preloaded with an arsenal of hacking tools. It can be quickly plugged into any computer network and then used to access it remotely from afar. And it comes with “stealthy decal stickers” — including a little green flowerbud with the word “fresh” underneath it, that makes the device look like an air freshener — so that people won’t get suspicious.
The basic model costs $480, but if you’re willing to pay an extra $250 for the Elite version, you can connect it over the mobile wireless network. “The whole point is plug and pwn,” says Dave Porcello, Pwnie Express’s CEO. “Walk into a facility, plug it in, wait for the text message. Before you even get to the parking lot you should know it’s working.”
Porcello decided to start making the PwnPlug after coming across the SheevaPlug, a miniature low-power Linux computer built by Globalscale Technologies that looks just like a power adapter.

Definitely for my Ethical Hackers...
… Windows Phones come locked by default, with users only able to install apps from the Windows Phone Marketplace on a region-specific basis. This can result in some disparity between users based in different territories and also prevents amateur developers from testing their apps on the platform.
Fortunately, two unlock methods are currently available across all Windows Phone devices. The first option is to register your Windows Phone as a developer device, enabling access to a wealth of development options – for a fee. If you don’t have resources for this, however, a much cheaper but limited choice also exists.

Freebies for my students!
"VALO-CD is an open source software collection similar to The Open CD. Version 8 is now available in English. The open source collection has been available in Finnish for several years, but now it has been translated into English and is available internationally as well. The collection contains pretty much everything a typical end user would need: LibreOffice, Inkscape, Firefox, Audacity and many other programs. The main goal is to increase knowledge about open source software. The programs are for Windows since most Linux distributions already contain most of the programs, and Linux users obviously are already aware of open source. The CD is developed collaboratively in a wiki. It is freely available as a torrent download."

Friday, March 02, 2012

Finally, all those lawyers who were convinced that Y2K held immeasurable Class Action riches are vindicated! A major player has a date problem! Dust off those old Class Action documents you never filed and start editing...
Yes, Microsoft Azure Was Downed By Leap-Year Bug
Microsoft has confirmed that Wednesday’s Windows Azure outage that left some customers in the dark for more than 12 hours was the result of a software bug triggered by the Feb. 29 leap-year date that prevented systems from calculating the correct time.

“Look, If we can't see your photos how do we know to send you ads for services like Divorce Lawyers or Drug Rehab Centers?
Et Tu, Google? Android Apps Can Also Secretly Copy Photos
March 1, 2012 by Dissent
Brian X. Chen and Nick Bilton report:
It’s not just Apple. Photos are vulnerable on Android phones, too.
As Bits reported this week, developers who make applications for Apple iOS devices have access to a person’s entire photo library as long as that person allows the app to use location data.
It turns out that Google, maker of the Android mobile operating system, takes it one step further. Android apps do not need permission to get a user’s photos, and as long as an app has the right to go to the Internet, it can copy those photos to a remote server without any notice, according to developers and mobile security experts. It is not clear whether any apps that are available for Android devices are actually doing this.
Read more on The New York Times.

(Related) Machiavelli would be proud! With a stroke of the pen they have expanded their powers and thereby increased the number of lobbyists willing to buy them lunch.
EPIC sues U.S. Dept of Education
March 1, 2012 by Dissent
EPIC has filed suit against the U.S. Dept. of Education over its recent amendments to the Family Education Rights Privacy Act (FERPA). The federal complaint, which was filed in the D.C. District Court yesterday, alleges that the amendments are not in accordance with the law and exceeded USED’s authority.
The amendments provided definitions of terms such as “authorized representative” and “education program” that would expand the number and type of entities that would have access to student data. Another amendment would also broaden the types of information that could be included – and shared – as “directory information.”

Maybe I'm old fashion (never having worked for DHS) but I suspect the rubber glove guys may not have the skills to deal with technology...
DHS, Not NSA, Should Lead Cybersecurity, Pentagon Official Says

(Related) Would the FBI ever release plans for secure phones?
"The National Security Agency has designed a super-secure Android phone from commercial parts, and released the blueprints(Pdf) to the public. The doubly-encrypted phone, dubbed Fishbowl, was designed to be secure enough to handle top secret phone calls yet be as easy to use and cheap to build as commercial handsets. One hundred US government staff are using the phones under a pilot which is part of a wider project to redesign communication platforms used in classified conversations."

Taxpayer funded research.
March 01, 2012
Access to Congressional Research Service (CRS) Reports
Congressional Research Service (CRS) Reports - Collected by: Stanford University, Social Sciences Resource Group - Archived since: Jun, 2008
  • "Congressional Research Service (CRS) is a "think tank" that provides research reports to members of Congress on a variety of topics relevant to current political events. However, the Congressional Research Service (CRS) does not provide direct public access to its reports, nor are they released to the public via the Federal Library Depository Program (FDLP). There are several organizations that collect and give access to subsets of published CRS Reports. This collection attempts to bring all CRS Reports together in one place. For more information on CRS, see the Sunlight Foundations CRS Reports backgrounder. Please contact James Jacobs (jrjacobs AT stanford DOT edu) if you know of additional sites hosting CRS reports."

Run the numbers, but remember it's not just the big, new, professionally written malware that causes problems.
Is Antivirus Software a Waste of Money?

Perspective “Delusional is as delusional does.” F. Gump (Others are far less polite in Comments)
"After posting a controversial op-ed in The New York Times saying Wikipedia and Google 'misinformed' the public about SOPA and PIPA, Cary Sherman, CEO of the RIAA said in an interview yesterday that he hopes the SOPA protests were a 'one-time experience.' He also said that Wikipedia and Google users were duped into thinking SOPA was a bad bill because they assume "if it comes from these sources, it must be true." In another hilarious comment, Sherman blames the Internet for making it impossible for Congress to get out its side of the story, and for not spreading information with the same 'clarity and integrity' of broadcast journalists."

Perspective Perhaps Zuckerberg does not know best?
Bigger Than Facebook! Foreign Sites That Outshine the Web’s U.S. Stars

Not that my students would ever waste time with games...
The next iteration of Microsoft’s answer to flight simulations, Microsoft Flight, has finally been released for free on the Games for Windows platform.
… It won’t cost anything to play, instead there will be an ever expanding selection of downloadable content (DLC) that can be purchased to expand the players in-game options. The first batch of DLC includes a second world war P-51 Mustang ($7.99), the Maule M-7-260C single prop aircraft ($14.99) and the Hawaiian Adventure Pack ($19.99) which includes the Vans RV-6A aircraft and some tropical islands over which to stretch your wings.
Download: Microsoft Flight @

Thursday, March 01, 2012

If they would not have been allowed to force her to reveal the password protecting the data, are they allowed to “break into” the data? Sounds to me like we still have a constitutional question.
Constitutional Showdown Voided: Feds Decrypt Laptop Without Defendant’s Help
Colorado federal authorities have decrypted a laptop seized from a bank-fraud defendant, mooting a judge’s order that the defendant unlock the hard drive so the government could use its contents as evidence against her.
The development ends a contentious legal showdown over whether forcing a defendant to decrypt a laptop is a breach of the Fifth Amendment right against compelled self incrimination.
… “They must have used or found successful one of the passwords the co-defendant provided them,” Fricosu’s attorney, Philip Dubois, said in a telephone interview Wednesday. [Does that suggest that he encrypted the data rather than her? Bob]
He said the authorities delivered to him Wednesday a copy of the information they discovered on the drive. Dubois said he has not examined it.
The development comes a week after a federal appeals court ruled in a separate case that forcing a criminal suspect to decrypt hard drives so their contents can be used by prosecutors is a breach of the Fifth Amendment right against compelled self-incrimination.
… The decision by the 11th U.S. Circuit Court of Appeals said that an encrypted hard drive is akin to a combination to a safe, and is off limits, because compelling the unlocking of either of them is the equivalent of forcing testimony.

...and I'm renaming it. Henceforth it shall be called “Bob”
Space station control codes on stolen NASA laptop
A laptop stolen from NASA last year contained command codes used to control the International Space Station, an internal investigation has found.
The laptop, which was not encrypted, was among dozens of mobile devices lost or stolen in recent years that contained sensitive information, the space agency's inspector general told Congress today in testimony highlighting NASA's security challenges.

A study we can use...
Data Breach Case Research Paper Sheds Light
March 1, 2012 by admin
Kristin J. Mathews writes:
In a draft research paper titled “Empirical Analysis of Data Breach Litigation”, three prominent scholars have collected and analyzed a sample of over 230 federal data breach lawsuits in order to deduce just what makes them tick.
Romanosky, Hoffman and Acquisti examined, for example, what factual and legal characteristics made a company more likely to be sued for a breach of personal data, and what made a data breach lawsuit more likely to settle.
Read more on Proskauer’s Privacy Law Blog.

I propose that we change the term “default password” to “extremely insecure password because everyone knows what it is and you'll look like a fool if you don't change it NOW!”
Outsider Hacks Dominated 2011 Security Breaches
March 1, 2012 by admin
Kelly Jackson Higgins reports from RSA:
More than 85% of the data breach incident response cases investigated by Verizon Business last year originated from a hack, and more than 90% of them came from the outside rather than via a malicious insider or business partner.
Tuesday, Verizon published a snapshot of data from its upcoming 2012 Data Breach Investigations Report, using data from its own caseload of some 90 of its 855 breach cases for last year.
This is the first year that we worked more cases outside the U.S. than inside. That ratio has been building and it makes the case that this is not a U.S.-specific problem. All regions are having data breaches,” said Wade Baker, director of research and intelligence at Verizon Enterprise Solutions.
Read more on Dark Reading.
No surprises there if you’ve been following this blog or It would be nice to consolidate their database with DLDB’s, though, to provide one more complete database. I suspect each database has breaches the other one doesn’t have.
[From the article:
The most commonly used venue for breaches was exploiting default or easily guessed passwords, with 29% of the cases last year, followed by backdoor malware (26%), use of stolen credentials (24%), exploiting backdoor or command and control channels (23%), and keyloggers and spyware (18%). SQL injection attacks accounted for 13% of the breaches.

This isn't new.
"Domain seizures are nothing new, but this particular case is interesting. The Department of Homeland Security has seized a domain name registered outside of the U.S., by individuals who are not American citizens, and who registered with a Canadian registrar. From the article: 'The ramifications of this are no less than chilling and every single organization branded or operating under .com, .net, .org, .biz etc needs to ask themselves about their vulnerability to the whims of US federal and state lawmakers (not exactly known their cluefulness nor even-handedness, especially with regard to matters of the internet).'"
[From the article:
The indictment focuses on the movement of funds from accounts outside the U.S., in Switzerland, England, Malta, and Canada, and the hiring of media resellers and advertisers to promote Internet gambling.
“Sports betting is illegal in Maryland, and federal law prohibits bookmakers from flouting that law simply because they are located outside the country,” Rosenstein said in a statement. “Many of the harms that underlie gambling prohibitions are exacerbated when the enterprises operate over the Internet without regulation.”
… But at the end of the day what has happened is that US law (in fact, Maryland state law) as been imposed on a .com domain operating outside the USA, which is the subtext we were very worried about when we commented on SOPA. Even though SOPA is currently in limbo, the reality that US law can now be asserted over all domains registered under .com, .net, org, .biz and maybe .info (Afilias is headquartered in Ireland by operates out of the US).
This is no longer a doom-and-gloom theory by some guy in a tin foil hat. It just happened.

Certainly nothing new here either. Will we see “electronics denial” weapons?
Darpa Warns: Your iPhone Is a Military Threat
“Commercial consumer electronics has created vulnerabilities by enabling sensors, computing, imaging, and communications capabilities that as recently as 15 years ago, were the exclusive domain of military systems,” Darpa deputy director Kaigham “Ken” Gabriel tells the House Armed Services Committee’s panel on emerging threats. “These capabilities now are in the hands of hundreds of millions of people around the world and in use every day.”
… Another way to defend against enemy gadgets is to fry them with microwaves. [Microwave the users along with the electronics? Bob] That’s the goal of the Air Force’s “Counter-Electronics High Power Microwave Advanced Missile Project,” or CHAMP.

So much for “learning” what the user intended...
Blown text auto-correct locks down school
A Georgia student texts: "Gunna be at West Hall this afternoon." Auto-correct, however changes the first word to "gunman." Pandemonium ensues.

Looks like they were getting “background checks” on a few (200 since 2003) individuals, which raises an interesting question: If this is a standard service, available from several French companies, where is the liability? The security service must leak like a sieve!
Ikea ‘stole secret French police reports’ – claim
March 1, 2012 by Dissent
Swedish furniture giant IKEA has responded to accusations it illegally accessed secret police files in France as part of its security operation.
Reports in weekly newspaper Le Canard Enchaîné and investigative website Rue89 say the company used French security companies to gain access to documents held in the STIC system.
Read more on The Local. They allegedly used police files not just to screen potential employees but also to get information on some customers.

(Related) Probably not how they would describe it, but the illustration is a screenshot of a “Background Check” website...
In the world of Big Data, privacy invasion is the business model
… Privacy invasion is the best business model in the information economy. Companies will increasingly stop at nothing to get your information and sell it to whomever is buying. And some of the worst offenders--data brokers you've never even heard of--seem to be inspiring the companies and apps we use every day to emulate their shadowy data-gathering behaviors.

I had assumed that if I could be watched by a person I could also be videotaped. This seems to say that the videotape should have been tossed out (it wasn't) but makes no mention of the person watching.
Does Jones Create A Right Not to Be Videotaped in Public Without A Warrant?
March 1, 2012 by Dissent
Orin Kerr always provides foods for thought. In another blog post yesterday, he writes:
Two Justices of the Montana Supreme Court think so, based on a special concurrence in Montana State Fund v. Simms (February 1, 2012). Justice Nelson (joined by Justice Wheat) suggests that under United States v. Jones, the Fourth Amendment limits the government’s ability to videotape people in public to determine if they are engaged in worker’s compensation fraud.
Read more on The Volokh Conspiracy.
[Quoted in Volokh:
Montanans do retain expectations of privacy while in public. And Montanans do not reasonably expect that state government, in its unfettered discretion and without a warrant, is recording and aggregating their everyday activities and public movements in a manner which enables the State to ascertain and catalog their political and religious beliefs, their sexual habits, and other private aspects of identity.

So how do we ensure more good than bad?
February 29, 2012
Pew - Millennials will benefit and suffer due to their hyperconnected lives
Millennials will benefit and suffer due to their hyperconnected lives - by Janna Anderson, Lee Rainie, February 29, 2012
  • "Teens and young adults brought up from childhood with a continuous connection to each other and to information will be nimble, quick-acting multitaskers who count on the Internet as their external brain and who approach problems in a different way from their elders, according to a new survey of technology experts. Many of the experts surveyed by Elon University’s Imagining the Internet Center and the Pew Internet Project said the effects of hyperconnectivity and the always-on lifestyles of young people will be mostly positive between now and 2020. But the experts in this survey also predicted this generation will exhibit a thirst for instant gratification and quick fixes, a loss of patience, and a lack of deep-thinking ability due to what one referred to as “fast-twitch wiring.”

Is this likely to become a significant category of e-Books? After all, an online “Pocket Guide” can now contain more information that the Library of Congress. Imagine a collaborative book of math formulas or (oxymoron alert) legal wisdom?
Book of Germs: The Quest for a Field Guide to Microbes
Every nature lover knows field guides, those handy compendia of the natural world. There are thousands of titles for birds alone, but microbes have been largely overlooked, even though their total biomass is equivalent to all the plants and animals on Earth. And the field guides that do exist are far from comprehensive.

For the Criminal Justice students. Might be a fun to create a local “scavenger hunt”
U.S. Wants You to Hunt Fugitives With Twitter
A worldwide manhunt kicks off at the end of March — a search across America and Europe for five fugitives, identifiable only by their mugshots. The successful team of trackers not only gets a $5,000 bounty from the U.S. State Department. They demonstrate to the planet’s law enforcement and intelligence agencies that they can hunt down fleeting suspects using nothing but their wits and social media connections.
The “Tag Challenge” isn’t the first contest designed to show how a networked crowd can unearth seemingly obscure information in a hurry. But this simulation may be the one with the widest scope — and the most relevance to government agencies.
Five jewel thieves are at large in New York, London, Washington, Stockholm, and Bratislava: That’s the (rather thin) conceit behind the Tag Challenge. At 8 a.m. local time in each city on March 31, contest organizers will release a picture of the local burglar. Contestants will then have 12 hours to scour their cities, find each of the volunteer crooks, and upload photos of them to the Challenge’s website.

Tipping Point: Smartphone Owners Now Outnumber Other Mobile Users In The U.S.
… As of February 2012, 46 percent of the 2,253 adults surveyed said they are now smartphone owners — growing 11 percent in the last nine months, while 41 percent of adults own a device that is not a smartphone.
What’s interesting is that these are averages, meaning that we really are seeing a critical mass affecting different demographics. The numbers are actually significantly higher in certain age groups like young adults: among college graduates, 18-35 year olds and the well off, those who said they used a smartphone was at 60 percent and up.

Dr. Michelle Post showed me this one. Great tool for anyone who writes! And it's FREE!
Paper Rater is a free resource, developed and maintained by linguistics professionals and graduate students. is used by schools and universities in over 46 countries to help students improve their writing.
Free Online Proofreading
Grammar & Spelling Check
Plagiarism Detection
Writing Suggestions

Wednesday, February 29, 2012

Congress says,“We'll look into it.”
February 28, 2012
FTC Releases Top Complaint Categories for 2011
News release: "The Federal Trade Commission today released its list of top consumer complaints received by the agency in 2011. For the 12th year in a row, identity theft complaints topped the list. Of more than 1.8 million complaints filed in 2011, 279,156 or 15 percent, were identity theft complaints. Nearly 25 percent of the identity theft complaints related to tax- or wage-related fraud. The report breaks out complaint data on a state-by-state basis and also contains data about the 50 metropolitan areas reporting the highest per capita incidence of fraud and other complaints. In addition, the 50 metropolitan areas reporting the highest incidence of identity theft are noted."

Another week, another round of Congressional questions and posturing?
February 29, 2012 by admin
How many data breach investigations can one Congress initiate without actually doing anything?
What is the point of asking Grindr questions about its security? Hasn’t Congress heard enough by now to know that most companies and apps do not implement adequate security despite what they say on their sites? What, if anything, does Congress intend to do to prevent these breaches?
And surely they should also be asking questions about all the law enforcement-related sites that get hacked due to inadequate security, right? Don’t government sites that retain citizens’ personally identifiable information have an obligation to adequately secure those data?
If Congress is not going to actually do anything useful, let’s stop this farce of letters and inquiries already so that we can just get on with the never-ending rounds of class action lawsuits over preventable breaches.

Short videos by smart people. You don't have to agree, but you should listen... A tool for my Intro to Computer Security class.
TED 2012: New Browser Add-On Visualizes Who Is Tracking You Online
In the hour that Mozilla CEO Gary Kovacs lets his 9-year-old daughter surf the web every day, her wanderings have been tracked by dozens of sites.
To some degree, it’s to be expected. Tracking our online behavior is big business. The revenues involved in the top online tracking companies in the space is over $39 billion, Kovacs says. It’s not something that will be slowing any time soon.
But that isn’t for a lack of trying. Kovacs unveiled a new Firefox add-on named Collusion on Tuesday at the Technology Entertainment and Design conference (TED), a visualization tool that depicts the number and different types of sites that are tracking your browsing as you surf the web.
… “The memory of the internet is forever,” Kovacs said. “We are being watched. It’s now time for us to watch the watchers.”
You can download the browser add-on today at Mozilla’s web site.

Tom Cruise answered this in 'Minority Report' – if “pre-crime” is bad, then “pre-adjudication” must be too. (Let the argument begin!)
Can Magistrate Judges Rule on How the Fourth Amendment Applies to the Execution of a Court Order At the Time of the Application?
February 28, 2012 by Dissent
Orin Kerr writes:
Last week, I filed an amicus brief in the Fifth Circuit on a very important question in high-tech crime investigations. As far as I know, the issue is a matter of first impression in any court. Here’s the question: When privacy statutes require the government to obtain a court order before collecting records or conducting surveillance, is the constitutionality of the future execution of the order ripe for adjudication at the time of the application?
That’s a mouthful, so let me try an example. Imagine you’re a federal magistrate judge. The government comes to you with an application for a court order to collect records as required by a federal privacy statute. The government has satisfied the statutory standard set by Congress. But you think that the statute is unconstitutional, and that compliance with the statute therefore will violate the Fourth Amendment. Here’s the question: Can you deny the order and issue an opinion explaining your denial based on your conclusion that the collection of the records would violate the Fourth Amendment? Or do you have to issue the order, let the government execute it, and then wait for an ex post challenge to the constitutionality of the government’s conduct?
Read more on The Volokh Conspiracy. It’s an interesting question and one that seems increasingly important in these days of government seeking Twitter or social media records on users.

Ubiquitous surveillance. It makes little difference if the camera faces backwards, I can still determine where you are and how you got there (plus, I can count the people you ran over to get there)
"Every year around 17,000 people are injured and over 200 die in backover accidents involving cars, trucks and SUVs. Now the Chicago Tribune reports that the National Highway Traffic Safety Administration will send Congress a proposal mandating a rearview camera for all passenger vehicles starting in 2014. 'Adoption of this proposal would significantly reduce fatalities and injuries caused by backover crashes involving children, persons with disabilities, the elderly and other pedestrians,' says NHTSA in its proposal. But the technology won't come cheap. In its study, the NHTSA found that adding a backup camera to a vehicle without an existing visual display screen will probably cost $159 to $203 per vehicle, shrinking to between $58 and $88 for vehicles that already use display screens. Toyota of Albany Sales manager Kelvin Walker says he believes making backup cameras standard on cars made after 2014 is a good idea. 'If you want to get a backup camera with a mirror in it now, it may cost you $700 to $800 as an additional dealer option or you have to purchase a navigation which is about $1,500 to $1,600. So $1,600 compared to $200? You do the math.'" [Perhaps someone should. Since we produce about 4 million cars each year in the US, this means we will spend about $800,000,000 each year to try to prevent 200 deaths. That's $4,000,000 per death or roughly $47,000 per injury, per year! Of course, nothing says any injury or death will actually be prevented. Would this money be better spent trying to cure some disease? Bob]

For my geeks...
Where to get the Windows 8 beta
Microsoft has made this "Consumer Preview" available for free--just as they did with Windows 7.
You can download it from Microsoft's own site or CNET's, and be sure to check out CNET's official First Take.

For those rare occasions when I want to show my students a video...
Recent events have seen well-known torrent directories like BTJunkie closing their doors or being threatened with closure, leaving many people wondering about the legalities of torrents and which directories are still open to find them in anyway. The good news is that the process of torrenting is legal – BitTorrent is just a peer-to-peer method for downloading which happens to have many legal uses.
However, just knowing the process is legal doesn’t mean that all the torrents out there are. To find legal torrents, the best thing you can do is look for them in directories that specialise in legal material of some kind, like public domain or creative commons works. In order to help you find the best of these legal torrent directories, here’s a list of some of the best.

I'm adding this to my RSS feed.
Productive Web Apps is a free to use website that helps you discover interesting web apps which you will find useful. When you visit the website, you can start browsing the apps featured on the homepage, find out which sites are the latest additions, or browse the apps categorically. You will find apps for health, entertainment, business, lifestyle, and more.

Tuesday, February 28, 2012

No warrant required. If you can look back for a couple of years, imagine what the government can do... Can you say “evidence gathering?”
DataSift Unlocks Access To Historical Twitter Data Dating Back To January 2010
DataSift, one of Twitter’s data partners which currently provides developers and third parties with access to the full Twitter firehose in realtime, is about to unlock a whole new set of Twitter data to the ecosystem. The social data platform has launched Historics, a cloud-computing platform that enables entrepreneurs and enterprises to extract business insights from Twitter’s public Tweets dating back to January 2010 (we originally reported on the pending launch here).
Developers, businesses and organizations can essentially use DataSift to mine the Twitter firehose of social data. But what makes DataSift special (besides the premier access to Twitter data) is that it can then filter this social media data for demographic information, online influence and sentiment, either positive or negative. As we’ve reported in the past, DataSift does not limit searches based on keywords and allows companies of any size to define extremely complex filters, including location, gender, sentiment, language, and even influence based on Klout score, to provide quick and very specific insight and analysis.

Once upon a time, there was a disaster here. Should that always be at the top of the search results?
"Los Alfaques, a bucolic campground near the Spanish town of Tarragona, isn't happy with Google. That's because searches for 'camping Alfaques' bring up horrific images of charred human flesh — not good for business when you're trying to sell people on the idea of relaxation. The campground believes it has the right to demand that Google stop showing 'negative' links, even though the links aren't mistakes at all. Are such lawsuits an aberration, or the future of Europe's Internet experience in the wake of its new 'right to be forgotten' proposals? Legal scholars like Jeffrey Rosen remain skeptical that such a right won't lead to all sorts of problems for free expression. But in Spain, the debate continues. Last week, Los Alfaques lost its case — but only because it needed to sue (U.S.-based) Google directly. Mario Gianni, the owner of Los Alfaques, is currently deciding whether such a suit is worth pursuing."

“This time, we've crossed our eyes and dotted our tees...”
Starting two years ago, hundreds of thousands of BitTorrent users who allegedly shared films without the consent of copyright holders have been dragged to court in the US.
The aim of the copyright holders is never to take any of the cases to trial, but to get alleged infringers to pay a substantial cash settlement to make legal action go away. Some equal this scheme to extortion, but the copyright holders say they are merely protecting their work.
One of the first film studios to recognize the potential of these schemes was Nu Image. Last year they had the questionable honor of filing the largest P2P lawsuit in history by targeting 23,322 alleged downloaders of ‘The Expendables’.
While that case was dismissed a few months later, Nu Image isn’t leaving BitTorrent users alone.
Late last week the studio filed a brand new mass-BitTorrent lawsuit at the US District Court of Maryland for another well-known movie. The suit targets 2,165 alleged sharers of ‘Conan The Barbarian,’ a film that was downloaded on BitTorrent by millions of people in recent months.
… Other than the new film title, the paperwork is pretty much identical to previous lawsuits that were filed by the US Copyright Group (USCG). However, a closer look reveals that the lawyers did learn from ‘mistakes’ made in previous cases.
One of the most significant changes is that all defendants appear to reside in the right district, Maryland in this particular case. Previously judges have dismissed tens of thousands of defendants because they lived in other districts. This was also the main reason why Nu Image’s ‘The Expendables’ case died prematurely.

“Siri, activate “complete distraction” mode please.”
"Mercedes-Benz unveiled plans on Monday to use Siri, Apple's AI personal assistant exclusive to the iPhone 4S, to power its electronics system called 'Drive Kit Plus,' which will essentially let drivers access their iPhone apps while driving using voice commands. With Siri, Mercedes drivers will have a hands-free solution to listen to music, change channels on the radio, send texts, or make calls. 'Drive Kit Plus' will also come pre-installed with a number of social networks, so drivers will even be able to update their Twitter accounts and post messages to Facebook. Siri will also be integrated with Garmin's GPS system, so drivers can navigate and get directions with simple voice commands. With this move, Mercedes-Benz earns the distinction of being the first carmaker to integrate Apple technology into its vehicles' in-car systems."

Could this be a guide for e-Book authors? I think it has merit!
Why Journalists Need to Link
Jonathan Stray has a great essay up at Nieman Lab titled “Why link out? Four journalistic purposes of the noble hyperlink.” I basically agree with all of it; links are wonderful things, and the more of them that we see in news stories — especially if they’re external rather than internal links — the better.
It’s very easy to agree that if a story refers to some other story or document, and if that other story or document is online, then it should be hyperlinked. But Stray goes further than that:
In theory, every statement in news writing needs to be attributed. “According to documents” or “as reported by” may have been as far as print could go, but that’s not good enough when the sources are online.
I can’t see any reason why readers shouldn’t demand, and journalists shouldn’t supply, links to all online resources used in writing a story.

Immortality. Everyone's dying for it...
"Researchers from The University of Nottingham have demonstrated how a species of flatworm overcomes the ageing process to be potentially immortal. The discovery, published (abstract; full text PDF) in the Proceedings of the National Academy of Sciences, is part of a project funded by the Biotechnology and Biological Sciences Research Council and Medical Research Council and may shed light on the possibilities of alleviating ageing and age-related characteristics in human cells."
After finding the gene for telomerase synthesis in the worms, the researchers were able to observe that the worms "...dramatically increase the activity of this gene when they regenerate, allowing stem cells to maintain their telomeres as they divide to replace missing tissues."

Monday, February 27, 2012

I am extremely disappointed that Google didn't have a doodle recognizing 200 years of Luddites.
Feb. 27, 1812: Rage, Rage Against the Industrial Age

Did the founding fathers fear anything but a vengeful God? All bureaucracies want everything their way – few can make a compelling argument, but even legal logic is subject to death by a thousand cuts.
On the Colloquy: The Fourth Amendment and Airport Screening Issues
February 27, 2012 by Dissent
From the Northwestern University Law Review:
The online companion to the Northwestern University Law Review is proud to feature companion essays on the Fourth Amendment and newly invasive airport screening methods.
In Revisiting “Special Needs” Theory Via Airport Searches, Professor Alexander Reinert examines the controversy surrounding the Travel Security Administration’s new airport search regime by reference to the Fourth Amendment jurisprudence that developed in response to the first instantiation of mass airport searches in the early 1960s. While the Fourth Amendment approaches developed in the 1970s remain relevant today, Professor Reinert argues, TSA’s new search regime is more difficult to square with traditional Fourth Amendment principles than were the FAA’s initial airport screening procedures; and precisely because of the pressure on courts to adjust Fourth Amendment doctrine to meet the perceived needs of the TSA and the traveling public, it is all the more important that new doctrinal limitations accompany any judicial acceptance of the TSA’s new search regime.
In his companion piece The Bin Laden Exception, Professor Erik Luna complements Professor Reinert’s Essay on the Fourth Amendment and airport safety by providing context on terrorism and the decade of Osama bin Laden. Specifically, Professor Luna argues what is at play in the airport search context is not a previously recognized exception to the Fourth Amendment, but instead an entirely new exemption from otherwise applicable requirements, driven by an abiding fear of al Qaeda and its now-deceased kingpin rather than a reasoned assessment of terrorism-related risks.
Read both pieces online at the Northwestern University Law Review Colloquy.

Makes me wonder how many cases did not “require” GPS tracking? Not to mention, how many successful applications for warrants to resume tracking were made?
"The Supreme Court's recent ruling overturning the warrantless use of GPS tracking devices has caused a 'sea change' inside the U.S. Justice Department, according to FBI General Counsel Andrew Weissmann. Mr. Weissmann, speaking at a University of San Francisco conference called 'Big Brother in the 21st Century' on Friday, said that the court ruling prompted the FBI to turn off about 3,000 GPS tracking devices that were in use. These devices were often stuck underneath cars to track the movements of the car owners. In U.S. v. Jones, the Supreme Court ruled that using a device to track a car owner without a search warrant violated the law. After the ruling, the FBI had a problem collecting the devices that it had turned off, Mr. Weissmann said. In some cases, he said, the FBI sought court orders to obtain permission to turn the devices on briefly – only in order to locate and retrieve them."

“We can, therefore we must!” but we haven't gotten around to it yet...
Facebook denies reading personal text messages
Facebook is back in the privacy crosshairs this week after a report in The Sunday Times suggested the social media titan’s official Android software app is capable of accessing and reading personal text messages crafted by phone users.
However, Zuckerberg & Co. have offered up an official statement in which they claim the report “is completely wrong when it says Facebook is reading people’s SMS. Wrong on the terminology, and wrong on the suggestion that it has been implemented.” [Not “We can't” or even “We won't” just “We haven't, yet” Bob]

Apparently, parents and school officials thought they had a major drug problem at the school. 750 students and three “less than half ounce” charges later, I guess they do! Looks like they'll have to try strip searches next time.
Police sweep Colchester high school for drugs
February 26, 2012 by Dissent
Ryan Blessing reports:
Police cited four Bacon Academy students for drug-related infractions Thursday after the Colchester high school was locked down and searched for two hours by state police drug-sniffing dogs.
Contraband was found in lockers in the school and in vehicles in the student parking lot, Superintendent of Schools Karen A. Loiselle Goodwin said.
Three students were cited for possession of less than a half-ounce of marijuana. One was cited for possession of alcohol by a minor, and all received an infraction for possession of drug paraphernalia related to less than a half-ounce of marijuana.
Read more on The Bulletin.
Doesn’t sound like they found much after all that. Of course, they didn’t search the students themselves.
So what next?
[From the article:
Goodwin’s office sent an email to parents at about 9:30 a.m., when the search began.
… “I personally had no problem with it,” said Shawn Moody, whose daughter, Erica, is a senior at the school. “I saw the email the school sent out this morning. I’d heard they’ve had problems for years with drugs at Bacon.”  
The search was conducted in accordance with Board of Education Policy 5145.12, “Search and Seizure,” as published in the District Parent Policy Handbook and the Bacon Academy Student Handbook.
No specific incident prompted this action,” Board of Education Chairman Ronald Goldstein said. “Our community has made clear its concern about the possible presence of drugs in our high school.”
The board had heard concerns from parents at meetings, Goldstein said, and a schoolwide survey of students showed that 43 percent of those who responded believed drugs are available in the school.

For my Statistics students... What is wrong with Government's place on the chart?
February 26, 2012
McKinsey - Will 'big data' transform your industry?
"The volume of data that businesses collect is exploding: in 15 of the US economy’s 17 sectors, for example, companies with upward of 1,000 employees store, on average, more information than the Library of Congress does. New academic research suggests that companies using this kind of “big data” and business analytics to guide their decisions are more productive and have higher returns on equity than competitors that do not. As big data changes the game for virtually all industries, it will tilt the playing field, favoring some over others. The financial and information sectors rank among those with the highest potential to create value in the near term."

This could get you drummed out of the RIAA (if they had every allowed real legal scholars in)
February 26, 2012
Paper - Disentangling Property and Contract in the Law of Copyright Licenses
A License is Not a 'Contract Not to Sue': Disentangling Property and Contract in the Law of Copyright Licenses - Christopher M. Newman, George Mason University School of Law, February 24, 2012, George Mason Law & Economics Research Paper No. 12-23
  • "The assertion that a “license” is simply a “contract not to sue” has become a commonplace in both copyright and patent law. I argue that this notion is conceptually flawed, and has become a straightjacket channeling juristic reasoning into unproductive channels. At root, a license is not a contract, but a form of property interest. It may be closely intertwined with a set of contractual relationships, but its nature and consequences cannot be satisfactorily explained from within the world of contract doctrine alone. In this article, I seek to explain the complementary but parallel roles played by property and contract doctrine in creation of the various forms of legal interests we refer to as “licenses.” Each doctrine has its own set of governing formalities that afford titleholders various means through which to create and protect use privileges granted to others, while still retaining residual title for themselves. I argue that clarifying the extent to which licenses are exercises of powers conferred by property rather than contract law provides a key to proper application of Section 204 of the Copyright Act of 1976, which has been (erroneously) construed as a statute of frauds governing contract formation, as opposed to one governing a specific form of property conveyance."

(Related) Automating the Copyright-lawsuit process means never having to say “Oops, I made a mistake.”
"I make nature videos for my YouTube channel, generally in remote wilderness away from any possible source of music. And I purposely avoid using a soundtrack in my videos because of all the horror stories I hear about Rumblefish filing claims against public domain music. But when uploading my latest video, YouTube informed me that I was using Rumblefish's copyrighted content, and so ads would be placed on my video, with the proceeds going to said company. This baffled me. I disputed their claim with YouTube's system — and Rumblefish refuted my dispute, and asserted that: 'All content owners have reviewed your video and confirmed their claims to some or all of its content: Entity: rumblefish; Content Type: Musical Composition.' So I asked some questions, and it appears that the birds singing in the background of my video are Rumblefish's exclusive intellectual property."

Why Johnny can't e-Read?
February 26, 2012
Report - Youth and Digital Media: From Credibility to Information Quality
Youth and Digital Media: From Credibility to Information Quality - New Report and Infographic, the Berkman Center, by Urs Gasser, Sandra Cortesi, Momin Malik, & Ashley Lee.
  • "Building upon a process- and context-oriented information quality framework, this paper seeks to map and explore what we know about the ways in which young users of age 18 and under search for information online, how they evaluate information, and how their related practices of content creation, levels of new literacies, general digital media usage, and social patterns affect these activities. A review of selected literature at the intersection of digital media, youth, and information quality — primarily works from library and information science, sociology, education, and selected ethnographic studies — reveals patterns in youth’s information-seeking behavior, but also highlights the importance of contextual and demographic factors both for search and evaluation. Looking at the phenomenon from an information-learning and educational perspective, the literature shows that youth develop competencies for personal goals that sometimes do not transfer to school, and are sometimes not appropriate for school. Thus far, educational initiatives to educate youth about search, evaluation, or creation have depended greatly on the local circumstances for their success or failure.

So is now the time for a “Complete Guide to Being e-Social” by e-Mily Post?
February 26, 2012
Pew - Most users choose restricted privacy settings while profile "pruning" and unfriending people is on rise
Privacy management on social media sites, by Mary Madden, Feb 24, 2012
  • "Social network users are becoming more active in pruning and managing their accounts. Women and younger users tend to unfriend more than others. About two-thirds of internet users use social networking sites (SNS) and all the major metrics for profile management are up, compared to 2009: 63% of them have deleted people from their “friends” lists, up from 56% in 2009; 44% have deleted comments made by others on their profile; and 37% have removed their names from photos that were tagged to identify them. Some 67% of women who maintain a profile say they have deleted people from their network, compared with 58% of men. Likewise, young adults are more active unfrienders when compared with older users."

Dilbert illustrates one of the finer points of Social Media etiquette...

What did the French mean in the 1630s when they used the word “computer?”

Al Gore is responsible for the fall of Mayan Civilization?
"The collapse of the Mayan empire has already caused plenty of consternation for scientists and average Joes alike, and we haven't even made it a quarter of the way through 2012 yet. But here's something to add a little more fuel to the fire: A new study suggests that climate change killed off the Mayans."

What we could do if we wanted to… (I'm running at 1.4MBPS, they get 1,000MBPS)
Gigabit Internet for $70: the unlikely success of California's
While some other cities can also brag about gigabit access, in this Sonoma County town it costs only $69.95 a month.
The service comes courtesy of, the18-year-old Internet provider based in the neighboring city of Santa Rosa. And Sonic even throws in two phone lines with unlimited long-distance calling when you sign up.