Saturday, July 07, 2012

And I remember when getting a valentine was a big deal...
Teenage Sexting Is Becoming The Norm
“Under most existing laws, if our findings were extrapolated nationally, several million teens could be prosecuted for child pornography,” explains a new study on teen sexting, which finds that a whopping 28% of teenagers text fully-nude pictures of themselves. We took a deep dive into the much reported Pediatrics & Adolescent Medicine article, and found some weird insights into a 21st century trend that is quickly becoming the norm among teenagers.
1. White kids love sexting.
2. “Several million” teens could be held liable for child pornography, as some states do not define inappropriate sexual behavior as only between an adult and a minor.
3. If you find sexting pics sent from your kid’s phone, there’s a strong possibility that he or she is sexually active.
4. Gender stereotypes hold true with new technology: boys are bothered by being asked to sext much less than girls.
5. The suburbs aren’t safe from the trend either: socio-economic status had virtually no effect on whether teens sexted.

I'll have to download these since I want to appear to be following all that “politically correct” nonsense.
July 06, 2012
EPIC: Industry Association Publishes Guidelines for Drone Operators
Follow up to previous postings on drones, via EPIC: "The Association for Unmanned Vehicle Systems International, the organization representing drone manufacturers and operators, has released an Industry "Code of Conduct". Compliance with the guidelines is both voluntary and not enforceable. The association acknowledges that invasive drone surveillance technology poses a risk to the public, and specifically tasked users to "respect the privacy of individuals." In February, EPIC, joined by over 100 organizations, experts, and members of the public, submitted a petition to the FAA requesting a public rulemaking on the privacy impact of drone use in U.S. Airspace. The Agency has not yet responded or addressed these concerns. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones."

The “Ponderous Pendulum of Public Privacy Perception” swings again.
California Court Suspends Sacramento Judge’s Order For Juror Facebook Postings
July 6, 2012 by Dissent
From AP, the latest in the “Juror Number One” case:
The California Supreme Court has suspended a Sacramento judge’s order requiring a juror to submit his Facebook postings about a criminal trial so the judge could decide if the juror’s comments constituted misconduct.
The justices on Monday granted the juror, Arturo Ramirez, a temporary stay of Judge Michael Kenny’s order compelling Ramirez to give Facebook permission to turn over his postings about the 2010 trial involving a gang-related beating.
Read more on CBS.
If you feel like you’re watching a judicial ping pong [That works too Bob] match, you’re in good company. It was on May 31 that the California Court of Appeal in Sacramento had denied Ramirez’s petition.

If this is believed to be true, at what point will social networks be required to identify suicidal users and notify someone?
"The data that is available in social networks is often used to detect the opinion of the crowd — but can it reveal the state of mind of the individual. New research suggests that some simple but non-obvious characteristics of social network use are related to suicide. Data mining is usually about determining things of economic advantage, but in this case, suicide we have a personal loss and an economic one. A new paper by a group of Japanese researchers Naoki Masuda, Issei Kurahashi and Hiroko Onari claims to have found ways of detecting suicidal tendencies — or at least the tendency to think about suicide, so-called 'suicide ideation.' The study used the Japanese social network mixi, which has over 27 million members and allows users to join any of over 4.5 million topic groups — some focusing on the subject of suicide. This provided a study and control group to compare. The most interesting finding is that while users in the suicide group had lots of friends, they didn't have as many transitive relationships i.e. where A friends B friends C friends A. This suggests that it isn't lack of friends but a lack of tight social groupings that is a factor. The same technique could be used to investigate similar problems such as depression and alcohol abuse." [and voting Democrat... Bob]

Geek tools
Opera’s ‘SPDY’ Sense Tingling in Labs Release
The latest Labs release of Opera’s flagship desktop web browser adds support for the nascent SPDY protocol.
You can download the latest Opera Labs build for Windows 32-bit, Windows 64-bit, Mac and Linux from Opera.
… The SPDY protocol handles all the same tasks as HTTP, but SPDY can do it all about 50 percent faster.
If you’d like to get your own site serving over SPDY, check out mod_spdy, a SPDY module for the Apache server (currently a beta release) or read up on Nginx’s preliminary support.

Attention Ethical Hackers. During the Blitz, England was able to “bend” the radio beams the Germans were using for navigation. Your assignment is to “bend” a concave shape to the detection grid in our goal and a convex shape to the other guy's... Don't make it too obvious – no scoring when the ball is at mid-field.
Soccer Finally Comes to Its Senses With Goal-Line Tech
Soccer has finally come to its senses.
After years of discussion and debate, the sport has at long last approved the use of goal-line technology at all levels of the game. Thursday’s decision by the International Football Association Board will all but end flubbed calls that have decided games as monumental as the World Cup final and made the sport look embarrassingly Jurassic in a hyper-connected age of instant replay and instant communication.

Odd & ends I find interesting...
A federal judge has struck down the Department of Education’s “gainful employment” rules, which the Obama Adminstration issued last year and were designed to stop career training and for-profit schools from leaving students with massive amounts of debt but no job prospects. The for-profit schools had opposed the regulation, and Judge Contreras agreed saying that the provisions meant to measure schools’ preparation of students had "no real basis." [Wow! There goes a whole bunch of laws... Bob]
… Stanford University recently announced that computer science has become the largest major on campus, with more than 90% of its students taking at least one CS class. The school is now considering how it might redesign the degree and its core curriculum.

There are more than a few books out there...
The PDF file format is widely used by book publishers and manual creators whenever they decide to share their work online. Sometimes these books are downloaded by people and then converted into other PDF versions and re-uploaded. While searching for books, you are mostly looking for the high quality versions. This is where a site called Top HQ Books can help.

Friday, July 06, 2012

Who are these people and how do we make them understand? NOTE: This is not only a “Dutch” problem...
"In Holland, a major ISP (KPN) has found a major security flaw for their customers. It seems that all customers have had the same default password of 'welkom01'. Up to 140,000 customers had retained their default passwords. Once inside attackers could have found bank account and credit card numbers. KPN has since changed all the passwords of the 140,000 customers with weak passwords. [Was this 'required' because they found a security flaw? Bob] They also do not believe anyone has actually been burglarized since discovering this weak spot in security."

For my Business Continuity class. See, there are costs to inadequate backups...
Dating Site Breaks Up With Amazon Over Broken Cloud
Netflix, Pinterest, and Instagram may be sticking with Amazon’s cloud after last weekend’s outage, but for Brandon Wade’s online dating site, the Friday night crash was the last straw. He’s going off of Amazon now. After two outages in June, he says Amazon is simply not reliable enough for romance. [Catchy. I see this as a marketing catch phrase. Bob]
The paying users of his website,, are “very impatient, and relatively intolerant of such failures,” he says. “Some people’s lives were interrupted in a big way.”

(Related) It's “How much do we need?” not “What can we get away with?” Perhaps there is a place for Best Practices that are not related to the local culture?
"The predominant narrative of the Fukushima Daiichi nuclear disaster has been that the accident was caused by a one-in-a-million tsunami, an event so unlikely that TEPCO could not reasonably have been expected to plan for it. However, a Parliamentary inquiry in Japan has concluded that this description is flawed — that the disaster was preventable through a reasonable and justifiable level of preparation, and that initial responses were horribly bungled. The inquiry report points a finger at collusion between industry executives and regulators in Japan as well as 'the worst conformist conventions of Japanese culture.' It also raises the question of whether the failed units at Fukushimi Daiichi were already damaged by the earthquake before the tsunami even hit, going so far as to say that 'We cannot rule out the possibility that a small-scale LOCA (loss-of-coolant accident) occurred at the reactor No 1 in particular.' This is an explosive question in quake-prone Japan, appearing in the news just as Japan begins to restart reactors that have been shut down nationwide since the disaster."

(Related) Are location apps part of your business strategy?
Drone Hijacking? That’s Just the Start of GPS Troubles
On the evening of June 19, a group of researchers from the University of Texas successfully hijacked a civilian drone at the White Sands Missile Range in New Mexico during a test organized by the Department of Homeland Security.
The drone, an Adaptive Flight Hornet Mini, was hovering at around 60 feet, locked into a predetermined position guided by GPS. Then, with a device that cost around $1,000 and the help of sophisticated software that took four years to develop, the researchers sent a radio signal from a hilltop one kilometer away. In security lingo, they carried out a spoofing attack.
“We fooled the UAV (Unmanned Aerial Vehicle) into thinking that it was rising straight up,” says Todd Humphreys, assistant professor at the Radionavigation Laboratory at the University of Texas.
Deceiving the drone’s GPS receiver, they changed its perceived coordinates. To compensate, the small copter dove straight down, thinking it was returning to its programmed position. If not for a safety pilot intervening before the drone hit the ground, it would have crashed.
… What’s worse, the experiment at White Sands shows that drone-jacking is “just the tip of the iceberg of a much bigger security issue we have in this country,” according to Logan Scott, a GPS industry consultant who has worked for defense giants like Lockheed Martin.
In other words, it’s not only about drones, it’s GPS in general that is not safe.

Makes me wonder what technology he traded for this deal.
The Analyzer’ Gets Time Served for Million-Dollar Bank Heist
Ehud Tenenbaum, aka “The Analyzer,” was quietly sentenced in New York this week to time served for a single count of bank-card fraud for his role in a sophisticated computer-hacking scheme that federal officials say scored $10 million from U.S. banks.
He was also ordered to pay restitution in the amount of $503,000 and was given three years probation.
… It’s not clear how long Tenenbaum was in custody after he was extradited. The U.S. Marshal Service told Threat Level in August 2010 that he’d been released on bond in March of that year, after Tenenbaum had agreed to plead guilty on the access device charge. The sequence of events, the lengthy time that the case remained inactive, and the quiet sentencing suggest that part of the plea agreement may have involved cooperation with authorities, something that is a condition of many plea agreements that involve hacking and bank fraud.

Good morning Mr Bond. How's all that secret agent stuff working for you?”
British Airways Borders On Creepy With “Know Me” Google Identity Check
British Airways is using Google Images to develop passenger dossiers for checking people out as they come through the gate. Now that’s what you call customer service.
At least that’s British Airways spin. Privacy advocates have a different take.
According to The Evening Standard, the airline is facing considerable backlash today after it announced a plan to launch a program called “Know Me.” The new intelligence tool uses Google Images to find pictures of passengers for staff to use so they can approach them as they arrive at the terminal or plane.

This should be interesting. A “Rodney King App?” Perhaps there would be a market for an App that connected you to a lawyer in real time?
Secretly Monitor Cop Stops With New ACLU App
The American Civil Liberties Union of New Jersey is unveiling an Android app allowing citizens to secretly record audio and video of police stops, and have the footage sent to the group’s servers for review.
“This app provides an essential tool for police accountability,” ACLU-NJ Executive Director Deborah Jacobs said in a statement. “Too often incidents of serious misconduct go unreported because citizens don’t feel that they will be believed. Here, the technology empowers citizens to place a check on police power directly.”
The Police Tape app is among a growing number of apps aimed at empowering citizens in their encounters with police activity. The New York chapter of the ACLU released a similar app last month, and others enable protesters to notify family, friends and attorneys if they’ve been arrested.

On the other hand, cops can use their 'e-Sting' Apps...
Court: Cops can read suspect’s texts, spring text trap
July 6, 2012 by Dissent
Elinor Mills reports:
Police did not violate the privacy rights of a Washington state man who responded to a text message from the iPhone of his suspected drug dealer only to get arrested on drug charges after arranging to meet up, a Washington appeals court says.
Read more on CNET.
Have I mentioned recently that we really really really need to update ECPA and decimate third party doctrine?

We have the technology to suppress dissidents, but only the US can use it?
July 05, 2012
Pew - The Future of Corporate Responsibility
The Future of Corporate Responsibility - by Janna Anderson, Lee Rainie. July 5, 2012: "Experts are divided about the role Western technology companies will play in helping monitor and thwart dissident activity in the future. Some hope the open Internet and the prospect of consumer backlash will minimize businesses’ cooperation with authoritarian governments; others believe the urge for profits and for global reach across all cultures will compel firms to allow their digital tools to be used against critics of the status quo."

How does your liability increase as user continue to violate your “Terms of Service” without any action on your part? “Yes, we have a record of the kidnapper sending the ransom note, but we didn't think it was important.”
Cisco Hit With Backlash Over Home Router ‘Cloud’ Service
Cisco is facing a backlash over its decision to update the embedded software on some its home Wi-Fi routers so that they’re managed via a new “cloud” service it offers over the net.
Some customers are concerned that Cisco is invading their privacy by requesting personal data via the service, while others felt that the fine print barred them from surfing the net for “obscene, pornographic, or offensive purposes.” Cisco has moved to quell at least some of these fears, but it didn’t stop the complaints from reverberating over the net over the holiday week.
In some ways, this is a tempest in a teacup. But on another level, it works as a metaphor for the company’s attempts to stay relevant in the age of cloud computing. The company is facing increasing pressure from companies that are seeking to redefine networking in the proverbial cloud with technologies such as OpenFlow and virtual networking, which seek to reduce the importance of brand-name hardware.

There are none so blind as those who will not see...
"In a twist that will surprise no one except the RIAA, MPAA, BREIN, and other anti-piracy lobbies, the amount of BitTorrent traffic has stayed the same or increased in Europe following the blockade of The Pirate Bay in the UK, Netherlands, and other countries. This news comes from XS4All, one of the largest European ISPs, which has published a graph of the network traffic associated with the BitTorrent protocol — and sure enough, since the Dutch Pirate Bay blockade began in February 2012, traffic has stayed the same or increased slightly. There are probably a few reasons for this: a) The European blockades created a lot of publicity (and no publicity is bad publicity); b) TPB isn't the only torrent site out there, and many of its torrents are available elsewhere; and c) Internet denizens are a lot more savvy (proxies, VPNs, etc.) than the MPAA and co give them credit for."

Ah, them zoomies are a hoot! Remember, no texting while piloting!
Air Force Wants Apps for Training Flyboys
Manuals are so analog. The Air Force is thinking about turning some of its training programs into apps for reservists’ smartphones.
According to a recent call for industry input, the Air Force Reserve Command’s Development and Training Flights want to “obtain a smartphone application that allows all participating Reserve members the opportunity to engage in training and gaming activities with other members.”
It doesn’t look like full training manuals would be digitized. Suggested functionality includes apps to teach “Air Force Core Values,” and “Fitness and Nutrition Principles,” as well as games to memorize M-16 components and military songs (“Name that Military Tune”). [“Into the air, junior birdmen...” Bob

For my Data Analysis entrepreneurs... Hey, maybe that statistics class was worthwhile.
Will Data-as-a-Platform Deliver New Opportunity?
In his post over at GigaOm, Oestreich writes Thursday:
And, if the data is becoming so valuable, then analyzing and mining it ought to provide incremental revenue streams beyond the traditional product-based business model. But consider going one step further: If treated right, access to enough quality data would be valuable to others outside of your enterprise too — assuming the correct federation and business models were constructed.

Global Warming! Global Warming! So this is nothing new and seems to be related to normal climate cycles, but it is still evidence of man made changes? Help me! I have a pain in my logic circuits...
Coral clues to climate: Reefs vanished for 2,500 years
Coral reefs along Panama's Pacific coast completely collapsed for 2,500 years due to natural climate cycles, researchers reported in a study Thursday, adding that there's a lesson in the data for man-made climate change: ease up on greenhouse gasses and reefs will restore themselves.
… The researchers reconstructed 6,000 years of coral reef history by driving pipes into reefs to pull out core samples.
… The team found the same gap in earlier studies by other researchers as far away as Australia and Japan, and tied the collapse to an intensification of the natural climate cycle that produces El Nino and La Nina weather events.

Thursday, July 05, 2012

The “appearance” of security is not sufficient? (Is that what they are saying?) What a precedent!
Update: Federal appeals court raps U.S. bank over shoddy online security
July 5, 2012 by admin
Jeremy Kirk reports the latest twist in a long-running lawsuit by a construction firm against its bank over fraudulent wire transfers:
A U.S. construction company may stand a greater chance of recovering some of the $345,000 it lost in fraudulent wire transfers that it blames on poor online banking practices of its bank.
Patco Construction Company, based in Sanford, Maine, sued Ocean Bank, now called People’s United Bank, after fraudsters made six wire transfers using the Automated Clearing House (ACH) transfer system amounting to more than $588,000 in May 2009. About $243,000 was recovered.
In its suit, Patco alleged among other claims that Ocean Bank’s online security was not commercially reasonable under Article 4A of the Uniform Commercial Code (UCC), a federal code governing contractual disputes that has been adopted into most U.S. states’ laws.
The UCC does not allow claims such as negligence, fraud and breach of contract. The code makes it potentially costly for small businesses to sue financial institutions over cybercrime-related fraud. Even if a small business wins a lawsuit, under the code the financial damages are limited only to the money stolen plus interest.
In a significant twist, a three-judge federal appeals court panel found on Tuesday that Ocean Bank’s online security measures were not “commercially reasonable,” reversing a lower court ruling from May 2011.
Read more on Computerworld.

A useful tool and a serious security concern? “If we cut through the wall right here, we can walk right into the bank vault!” (a line from too many movies to count)
Just in time for the Olympic games, Google is bringing its indoor maps to the UK. This Google Maps feature is currently available on Android devices, and lets us users navigate our way and get walking directions not only in the street, but inside building as well. There are currently over 40 venues in the UK featured on indoor maps, including the British Museum, King’s Cross Station, the O2 Arena and most big airports.

Suggesting a new iPhone advertising campaign?
Security firm: Android malware pandemic by year's end
Android malware levels are rising at an alarming rate, according to antivirus maker Trend Micro.
The security firm said at the start of the year, it had found more than 5,000 malicious applications designed to target Google's Android mobile operating system, but the figure has since risen to about 20,000 in recent months.
By the coming third-quarter, the firm estimates there will be around 38,000 malware samples, and close to 130,000 in the fourth-quarter.
Forced cleanup. Has there ever been a non-technical equivalent? (300,000 Typhoid Mary's?)
"The FBI is set to pull the plug on DNSChanger servers on Monday, leaving as many as 300,000 PCs with the wrong DNS settings, unable to easily connect to websites — although that's a big improvement from the 4m computers that would have been cut off had the authorities pulled the plug when arresting the alleged cybercriminals last year. The date has been pushed back once already to allow people more time to sort out their infected PCs, but experts say it's better to cut off infected machines than leave them be. 'Cutting them off would force them to get ahold of tech support and reveal to them that they've been running a vulnerable machine that's been compromised,' said F-Secure's Sean Sullivan. 'They never learn to patch up the machine, so it's vulnerable to other threats as well. The longer these things sit there, the more time there is for something else to infect.'"
[Check you computer here:

(Related) Perhaps the FBI will nuke 'em? If making laws is similar to making sausage, how should we explain “diplomacy?”
Wikileaks starts publishing two million 'Syria Files' emails
Whistleblowing organisation Wikileaks has begun publishing more than two million emails from Syrian political figures, ministries, and associated companies.
Wikileaks says the data derives from 680 Syria-related entities or domain names, including those from the Ministry of Presidential Affairs, Foreign Affairs, Finance, Information, Transport, and Culture Ministries.
Today's publication of dozens of emails mark the first cache released, with more to be published over the coming months. A number of media outlets are working in partnership with Wikileaks, including the Associated Press.
Wikileaks founder Julian Assange said the Syrian government will not be the only ones facing criticism from the fallout of today's announcement.

Reading other people's mail... In an effort to stamp out wasting time on Facebook, you might expose all your communications.
New submitter jetcityorange tipped us to a nasty security flaw in Cyberoam packet inspection devices. The devices are used by employers and despotic governments alike to intercept communications; in the case of employers probably for relatively mundane purposes (no torrenting at work). However, the CA key used to issue fake certificates so that the device can intercept SSL traffic is the same on every device, allowing every Cyberoam device to intercept traffic that passed through any other one. But that's not all: "It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device - or, indeed, to extract the key from the device and import it into other DPI devices, and use those for interception. Perhaps ones from more competent vendors."

If Congress asked for a report, can an attempt at new laws be far behind?
July 04, 2012
CRS - Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions
Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions. Eric A. Fischer, Senior Specialist in Science and Technology, June 29, 2012
  • "For more than a decade, various experts have expressed increasing concerns about cybersecurity, in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised. The complex federal role in cybersecurity involves both securing federal systems and assisting in protecting nonfederal systems. Under current law, all federal agencies have cybersecurity responsibilities relating to their own systems, and many have sector-specific responsibilities for critical infrastructure. More than 50 statutes address various aspects of cybersecurity either directly or indirectly, but there is no overarching framework legislation in place. While revisions to most of those laws have been proposed over the past few years, no major cybersecurity legislation has been enacted since 2002."

(Related) In the UK they reported on the cost. We apparently don't care what it costs...
July 04, 2012
Paper - Measuring the Cost of Cybercrime
Via the 11th Annual Workshop on the Economics of Information Security - Measuring the Cost of Cybercrime - Ross Anderson, Chris Barton, Rainer Rainer Bohme, Richard Clayton, Michel J.G. van Eeten, Michael Levi, Tyler Moore, Stefan Savage
  • "In this paper we present what we believe to be the first systematic study of the costs of cybercrime. It was prepared in response to a request from the UK Ministry of Defence following scepticism that previous studies had hyped the problem. For each of the main categories of cybercrime we set out what is and is not known of the direct costs, indirect costs and defence costs both to the UK and to the world as a whole. We distinguish carefully between traditional crimes that are now 'cyber' because they are conducted online (such as tax and welfare fraud); transitional crimes whose modus operandi has changed substantially as a result of the move online (such as credit card fraud); new crimes that owe their existence to the Internet; and what we might call platform crimes such as the provision of botnets which facilitate other crimes rather than being used to extract money from victims directly. As far as direct costs are concerned, we find that traditional offences such as tax and welfare fraud cost the typical citizen in the low hundreds of pounds/Euros/dollars a year; transitional frauds cost a few pounds/Euros/dollars; while the new computer crimes cost in the tens of pence/cents. However, the indirect costs and defence costs are much higher for transitional and new crimes. For the former they may be roughly comparable to what the criminals earn, while for the latter they may be an order of magnitude more. As a striking example, the botnet behind a third of the spam sent in 2010 earned its owners around US$2.7m, while worldwide expenditures on spam prevention probably exceeded a billion dollars. We are extremely ineffi cient at fighting cybercrime; or to put it another way, cybercrooks are like terrorists or metal thieves in that their activities impose disproportionate costs on society. Some of the reasons for this are well-known: cybercrimes are global and have strong externalities, while traditional crimes such as burglary and car theft are local, and the associated equilibria have emerged after many years of optimisation. As for the more direct question of what should be done, our figures suggest that we should spend less in anticipation of cybercrime (on antivirus, firewalls, etc.) and more in response - that is, on the prosaic business of hunting down cyber-criminals and throwing them in jail."

They must teach this in that Law School class titled “Invent your own logic” .
"In a stretch of the meaning of 'free speech' that defies the most liberal interpretation, Verizon defends throttling your data speed."
In its continuing case to strike down the FCC net neutrality regulations, Verizon is arguing that Congress has not authorized the FCC to implement such regulations, and therefore the FCC is overstepping its regulatory bounds, but (from the article): "Verizon believes that even if Congress had authorized network neutrality regulations, those regulations would be unconstitutional under the First Amendment. 'Broadband networks are the modern-day microphone by which their owners [e.g. Verizon] engage in First Amendment speech,' Verizon writes." They are also arguing that "... the rules violate the Fifth Amendment's protections for private property rights. Verizon argues that the rules amount to 'government compulsion to turn over [network owners'] private property for use by others without compensation.'"

Perhaps a reaction to Treaties negotiated in secret? Or maybe it's just a bad idea?
European Parliament Kills Global Anti-Piracy Accord ACTA
The European Parliament on Wednesday declared its independence from a controversial global anti-piracy accord, rejecting the Anti-Counterfeiting Trade Agreement.
The vote, 478-39, means the deal won’t come into effect in European Union-member nations, and effectively means ACTA is dead.
Its fate was also uncertain in the United States. Despite the Obama administration signing its intent to honor the deal last year, there was a looming constitutional showdown on whether Congress, not the administration, held the power to sign on to ACTA.
Overall, not a single nation has ratified ACTA, although Australia, Canada, Japan, Morocco, New Zealand, Singapore and South Korea last year signed their intent to do so. The European Union, Mexico and Switzerland, the only other governments participating in ACTA’s creation, had not signed their intent to honor the plan.

For my Ethical Hackers
… when UK Internet service provider BT blocked The Pirate Bay, the block was only in effect for a few minutes before The Pirate Bay bypassed it.
Topics covered:
How Websites Are Blocked
How Websites Bypass Blocks
Legal System Slowness
Other Ways to Bypass Blocks
The Streisand Effect

Wednesday, July 04, 2012

Not only did we move your email without warning, we didn't bother to debug the code before we did it.
"If you thought that Facebook's recent unannounced change of its users' email address tied with their account to Facebook ones was bad, you'll be livid if you check your mobile phone contacts and discover that the change has deleted the email addresses of many of your friends. According to Facebook, the glitch was due to a bug in its application-programming interface, and causes the last added email address to be pulled and added to the user's phone Contacts. The company says they are working hard at fixing the problem, but in the meantime, a lot of users have effectively lost some of the information stored on their devices."

Do we all agree on what constitutes a “crash?” If you rub the curb while parking will police, fire and ambulance arrive minutes later and fine you for “leaving the scene?”
arisvega writes with news that the European Parliament has pass a resolution in support of eCall, an initiative to install devices in vehicles that automatically contact emergency services in the event of a crash. The resolution calls on the European Condition to make it mandatory for all new cars starting in 2015.
"The in-vehicle eCall system uses 112 emergency call technology to alert the emergency services automatically to the location of serious road accidents. This should save lives and reduce the severity of injuries by enabling qualified and equipped paramedics to get to the scene within the first “golden hour” of the accident, says the resolution. The eCall system could save up to 2,500 lives a year and reduce injury severity by 10 to 15%, it adds."

Perspective: If Bill says it's so, it must be so!
"Bill Gates, in an interview with Charlie Rose last night, defended the move to Metro-ize Windows 8 and focus solely on the tablet experience (here's the video — tablet talk starts around 28 minutes in). When asked how traditional PC users will react, he explained that the world is moving into tablets, and a new PC needs to have both experiences integrated together. Also, he defended the move to build the Surface while charging his competitors a bundle for Windows 8. He says users have access to both experiences, whether it is a signature Microsoft one, or from an OEM. Is the a sign the desktop is dead or dying?"
Gates stopped short of saying the traditional PC is dead, but dodged direct questions about its future. This is a big change to the stance he has advocated in years past.

I think this might be the future of education...
Who Will Benefit from Badges (and Other New Forms of Credentialing)?
A number of initiatives and startups are hoping to offers ways to give people some sort of formal(ized) recognition for their informal learning – or at least for the skills they possess for which they don’t have official diplomas or degrees. Among them: Mozilla’s Open Badges project, the social endorsement site, the soon-to-launch Degreed, and the open-to-the-public-just-today LearningJar.
There seems to be a lot of buzz about these in the tech industry in particular -- due to the high demand for workers with programming skills, due to the feeling that a college degree in CS doesn't always mean someone has those necessary programming skills, and -- of course -- due to the concerns over the high cost of higher education. And even if there weren’t headlines and hand-wringing about the “higher education bubble," these efforts do make sense: a college degree isn’t necessarily the best or only indicator of a person’s skill-set.

Not sure these guys have it all figured out, but there is something here...
I've already asked this week, "who will benefit from badges?" I don't want to rehash that. But I do think we need to think about the promises of "unbundling education,” and notice what we're repackaging elsewhere -- courses, content, access, power.
That’s a pretty critical opening salvo, I realize, to introduce a startup I’ve been following for a year now, a startup that wants to help address this gap between the learning we do and the credit we get for it: LearningJar, which opened its public beta this week.
… LearningJar ... hopes to serve several purposes: track what learners learn and know; guide them down certain learning paths; help them showcase this. That is, create a portfolio (of sorts) that can track what you can do and also get recommendations to help you do more.

Tuesday, July 03, 2012

Sharing on Facebook... “Those who do not study 'really stupid things to do online' are doomed to repeat 'really stupid things to do online.'” Bob, with apologies to Santayana.
Twitter feed reveals nirvana of human doltishness
… this is a Twitter feed called NeedADebitCard. It serves a vast social purpose.
Yes, it reveals all those who happen to share pictures of their brand new debit cards. Full frontal. Numbers exposed. Names attached.
… Naturally, some speculate that the vast majority of those tweeting these pictures are teenagers, who have so little money that their identity is scarcely worth stealing.

Updates as massive security/privacy/operational issues.
Do it our way (which is none of your business) or else!
“We are not amused.” “Queen” Victoria, my network gal...
Cisco’s cloud vision: Mandatory, monetized, and killed at their discretion
… When owners of the E2700, E3500, or E4500 attempted to log in to their devices, they were asked to login/register using their “Cisco Connect Cloud” account information. The story that’s emerged from this unexpected “upgrade” is a perfect example of how buzzword fixation can lead to extremely poor decisions.
… The E2700, E3500, and E4500 all shipped with the “Automatic Firmware Update” option selected, [Best Practice is to change all “default settings” which in your best interest. Bob] which is why so many users found themselves asked to authenticate using a different account with no prior warning.
… The second major problem with Cisco’s Cloud Connect is its “supplemental privacy policy.” This policy is an addition to Cisco’s Privacy Statement. As of June 27, the fifth paragraph read as follows:
When you use the Service, we may keep track of certain information related to your use of the Service, including but not limited to the status and health of your network and networked products; which apps relating to the Service you are using; which features you are using within the Service infrastructure; network traffic (e.g., megabytes per hour); Internet history; how frequently you encounter errors on the Service system and other related information (“Other Information”).
This paragraph has been excised entirely from the current version of the Supplemental Privacy Policy, but that proves nothing — Cisco has the right to update its privacy policy at any time, without legal penalty. Both versions of the document contain a further statement that may raise a few eyebrows. The next-to-last sentence reads: “In some cases, in order to provide an optimal experience on your home network, some updates may still be automatically applied, regardless of the auto-update setting.”

(Related) “Why should we fix it? It's working exactly as we intended.”
Facebook's e-mail debacle: One 'bug' fix, but rollback impossible
Facebook changed its 900+ million users' primary e-mail address a week ago, setting in motion a continually cascading series of failures.
Users have lost unknown amounts of e-mail, and address books were unknowingly overwritten. Facebook's first official response yesterday was that everyone was just confused about how to look in their Facebook inboxes.
Now they've changed their tune. But their admission of intercepted and lost e-mail, questions about privacy ethics, and new issues around Apple iOS 6 show that Facebook's Apple app is also adding secondary, undeletable contacts into users' address books.

Auto-Sunk. Check Your Hidden Facebook “Other” Inbox For Your Missing Emails

Perhaps they learned from the team that created Stuxnet? At least I now know who to call if my sprinklers come on by themselves. The pie charts are interesting...
July 02, 2012
Industrial Control Systems Cyber Emergency Response Team Report
"The Department of Homeland Security (DHS) Control Systems Security Program manages and operates the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) to provide focused operational capabilities for defense of control system environments against emerging cyber threats... This report provides a summary of cyber incidents, onsite deployments, and associated findings from the time ICS-CERT was established in 2009 through the end of 2011. The most common infection vector for network intrusion was spear-phishing emails with malicious links or attachments. Spear-phishing accounted for 7 out of 17 incidents. At least one incident involved an infection from a removable USB device."

(Related) Looks like we need another “Team.” Seriously! This is biological warfare and lots of US hating countries with no nuclear weapons have plenty of bugs.
"Timothy Paine, an entomologist at the University of California-Riverside, recently 'committed to the scientific record the idea that California's eucalyptus trees may have been biologically sabotaged, publishing an article [in the Journal of Economic Entomology] raising the possibility of bioterrorism.' Specifically, Paine argues that foreign insect pests have been deliberately introduced in the Golden State, in hopes of decimating the state's population of eucalyptus (especially the two species regarded as invasive, which 'are particularly susceptible to the pests.') In California's Bioterror Mystery, Paine (and scientists who are skeptical) make their arguments. What isn't in dispute is that the insect pests have already inflicted hundreds of millions of dollars in damage, making the story a cautionary tale about what might happen if a food or crop were intentionally targeted."

How do you plan to counter this, Computer Security students?
How Anonymous Picks Targets, Launches Attacks, and Takes Powerful Organizations Down
… In fact, the success of Anonymous without leaders is pretty easy to understand—if you forget everything you think you know about how organizations work. Anonymous is a classic “do-ocracy,” to use a phrase that’s popular in the open source movement. As the term implies, that means rule by sheer doing: Individuals propose actions, others join in (or not), and then the Anonymous flag is flown over the result.

1) Wait, wait... You haven't been doing this all along?
2) Someone better tell Congress before they start passing laws based on this stuff...
Feds Look to Fight Leaks With ‘Fog of Disinformation’
Pentagon-funded researchers have come up with a new plan for busting leakers: Spot them by how they search, and then entice the secret-spillers with decoy documents that will give them away.
Computer scientists call it “Fog Computing” — a play on today’s cloud computing craze. And in a recent paper for Darpa, the Pentagon’s premiere research arm, researchers say they’ve built “a prototype for automatically generating and distributing believable misinformation … and then tracking access and attempted misuse of it. We call this ‘disinformation technology.’”

I was dreading a long report at 140 characters per Tweet... It is actually fairly comprehensible.
Twitter Transparency Report
July 2, 2012 by Dissent
Twitter has issued its first transparency report, covering governmental requests for user account data for the period January 1, 2012 – June 30, 2012.
Out of the 849 requests it received during this period (a number significantly lower than what I had imagined), 679 were from the U.S. for user account information on 948 users. Of those 679 requests, 75% resulted in Twitter providing some or all of the requested data.
See the report, and kudos to Twitter for disclosing these numbers.
[Also see Twitter's Guidelines for Law Enforcement. Bob]

(Related) So we will likely see many more requests...
Judge Finds No Constitutional Violation in Producing Tweets
July 2, 2012 by Dissent
Andrew Keshner reports:
Twitter must produce tweets and user information of an Occupy Wall Street protester, a judge has ruled, discounting objections from the social media website in a case of first impression.
“The Constitution gives you the right to post, but as numerous people have learned, there are still consequences for your public posts. What you give to the public belongs to the public. What you keep to yourself belongs only to you,” Criminal Court Judge Matthew Sciarrino Jr., sitting in Manhattan, wrote inPeople v. Harris, 2011NY080152.
Read more on New York Law Journal.

For my Data Mining and Data Analysis students
July 02, 2012
Managing Discovery of Electronic Information: A Pocket Guide for Judges
Managing Discovery of Electronic Information: A Pocket Guide for Judges, Second Edition. Barbara J. Rothstein, Ronald J. Hedges, and Elizabeth C. Wiggins. Federal Judicial Center, 2012
  • "ESI currently includes e-mail messages, word processing files, web pages, and databases created and stored on computers, magnetic disks (such as computer hard drives), optical disks (such as DVDs and CDs), and flash memory (such as “thumb” or “flash” drives), and increasingly on “cloud” based servers hosted by third parties that are accessed through Internet connections. The technology changes rapidly, making a complete list impossible. Federal Rules of Civil Procedure 26 and 34, which went into effect on December 1, 2006, use the broad term “electronically stored information” to identify a distinct category of information that, along with “documents” and “things,” is subject to discovery rights and obligations."

Attention Ethical Hackers: Two teams, one builds drones the other tries to take them over. One month form now we switch teams. Note that this was NOT a true hack of the drone.
Research Team Hacks Surveillance Drone With Less than $1,000 in Equipment
July 2, 2012 by Dissent
David Sydiongco reports:
Last week, a team University of Texas researchers, led by professor Todd Humphreys, managed to hack a surveillance drone before the eyes of the Department of Homeland Security, successfully “spoofing” the UAV’s GPS system with just about $1,000 is off-the-shelf hardware.
Read more on Slate.
[From the article:
The University of Texas team constructed a “spoofing device,” which sent counterfeit GPS signals to the unmanned aerial vehicle, steering it off-course.
DHS officials were pleased with his results, says Humphreys, as they were a “fulfillment of their prophecies.”
He explains that while the hardware of the “spoofing” device is easily accessible, its “special sauce” is in the software, which was developed over a four-year period by his team. “It’s outside the capability of any average American citizen,” said Humphreys. [Well, are you going to allow that challenge to go unanswered? Bob]

Perspective: So far, none of my students have asked, “What is that strapped to your wrist, professor?”
The Smartphone Replacement Index
… O2, the same network that documented the phone call's fifth-most-popular ranking among smartphone functions, also conducted research into the non-phone-y uses of the smartphone. What it found was a Swiss Army effect: people are using their smartphones not just as phones, and not even just as portable Internet cafes, but also as diaries and watches and cameras and alarm clocks and libraries and personal movie theaters.

Maybe We Should Stop Calling Smartphones 'Phones'
Every day, the average smartphone user spends 128 minutes actively using the device. That's just over two hours. The average user is spending those 128 minutes surfing the Internet (for nearly 25 minutes), engaging in social networking (for more than 17), listening to music (more than 15), and playing games (more than 14). 
What the average user is doing relatively little of, however, is talking -- using the smartphone as, you know, a phone.

Hope for the future. This increases the odds that someone will actually figure it out!
Tyler Cowen: 'Everywhere Will Be Like the Music Industry'
The music industry, as we all know, has been turned upside down by the new behaviors enabled by the Internet. If you look at recorded music sales alone, the industry has nosedived since the late 90s. But if you take a broader view, we see that people continue to listen to tons of music, go to concerts, and that all kinds of startups are desperately trying to become the new model for the industry.
If George Mason economist and Marginal Revolution blogger Tyler Cowen is right, higher education is about to go the way of the record company. Speaking at the Aspen Ideas Festival, he offered up college as the next in a long line of industries that Internet-enabled innovation is going to scramble.

Years ago, I thought of this exact form of funding, but as a “charity” replacement. Let the donors pick new projects to fund.
The Power and the Peril of Our Crowdfunded Future
Since Kickstarter launched in April of 2009, we, the crowd, have funded a quarter of a billion dollars worth of art projects, small businesses, tech gear, etc.

I'm shocked! My blog isn't on the list!
The 1000 most-visited sites on the web

Monday, July 02, 2012

Spin me a story that doesn't include self-contradictory statements.
San Jose State University officials deny hacker’s data theft claims
July 2, 2012 by admin
Robert Salonga reports:
San Jose State University officials are denying a computer hacker’s claims he stole a wealth of sensitive personal data from its largest student-run campus enterprise.
Monday, a hacker going by “S1ngularity” announced via Twitter that he infiltrated a server for the Associated Students of SJSU, a student-run nonprofit that oversees a host of campus services. It is separate from the university, with its own IT infrastructure, meaning no school data was affected.
The university acknowledged an intrusion occurred but has not corroborated [Not the same as “can not” or “can definitely refute” Bob] the hacker’s boasts of posting information like students’ Social Security and driver’s license numbers.
Read more on The Mercury News.
[From the article:
New York-based data security firm Identity Finder plucked the announcement from the obscurity of Web forums and alerted media organizations, saying it analyzed nearly four gigabytes of unencrypted data the hacker posted, including email addresses, passwords, and perhaps most disturbingly, 10,000 Social Security numbers.
Aaron Titus, the firm's chief privacy officer, said the numbers were valid but not accompanied by names.
The university reached a similar conclusion.
"We have found no evidence to suggest (Social Security numbers) have been compromised," [Except of course the 10,000 numbers that were compromised. Perhaps they mean they can't (haven't yet?) matched them to students? Bob] Harris said.

Looks like a new case study for their Class Action class...
University of Florida notifies former law students about privacy breach
July 2, 2012 by admin
This sounds very much like the incident University of North Florida reported last month, but it’s a new/separate announcement from the University of Florida:
University of Florida officials are notifying 220 former law school students and applicants who had sought a roommate online [Where does the SSAN come in here? Bob] in the early 2000s through the Levin College of Law that their Social Security numbers were accessible on the Web.
Discovered in May, the information was removed immediately from the UF servers. Also, Google has since removed the files where the information was cached.
Roommate-matching software required Social Security numbers for access, [So the login system was compromised, not the ads for roommates Bob] but that information was not visible to anyone using the software or roommate database. The College of Law stopped using the software in the mid-2000s.
The university does not know whether the information was accessed for unlawful purposes. Florida law requires the university to notify individuals if a potential loss of personal identification information has occurred so that protective steps can be taken. Some guidelines to safeguard personal identification information is provided on UF’s privacy website at
“It is regrettable that this instance occurred,” said Susan Blair, UF’s chief privacy officer. “We are working diligently to purge and protect the personal identifying information of our students and prospective students.”
Letters were mailed June 25 to nearly all of the individuals with personal information listed in the database, but contact information was not available for two law school applicants. Concerned individuals may call UF’s Privacy Office Hotline toll-free at 1-866-876-HIPA.

“You were serious about that?” Joe Pesci as Vinny Gambini in that great courtroom drama, My Cousin Vinny
Cybercrime disclosures rare despite new SEC rule
July 2, 2012 by admin
Embedded in revisions to a proposed cybersecurity law are some provisions on mandatory breach notification. Richard Lardner reports:
The chairman of the Senate Commerce, Science and Transportation Committee, Sen. Jay Rockefeller, D-W.Va., is adding a provision to cybersecurity legislation that would strengthen the reporting requirement. The SEC’s cybersecurity guidance issued in October is not mandatory. [Apparently not, Vinny Bob] It was intended to update for the digital age a requirement that companies report “material risks” that investors want to know.
Rockefeller’s measure would direct the SEC’s five commissioners to make clear when companies must disclose cyber breaches and spell out steps they are taking to protect their computer networks from electronic intrusions.
“It’s crucial that companies are disclosing to investors how cybersecurity risks affect their bottom lines, and what they are doing to address those risks,” Rockefeller said riday.
Read more from AP.

Police invent the “e-Oops!” There is a big difference between “We can do it” and “We know what we're doing” (Don't they know you should never believe what you read on the Internet?)
Police intercept online threat, raid wrong house
… please place yourself inside the stomach of 18-year-old Stephanie Milan as she sat at home watching the Food Network and was overtaken by a harsh queasiness.
For her door was broken down and in walked a SWAT team, which was not in the mood to make her a burrito.
The Evansville Courier-Press offers that the ingredients of this raid were somewhat confused.
The SWAT team was looking for computer equipment, which, if you're a SWAT team, you tend to search by breaking doors down.
This computer equipment, police believed, had been used to post threats (including references to explosives) against the police and members of police officer's families, via
This computer, police believed, was at the Milan family's Evansville, Ill., house.
Actually, what the police believed was that the threats had been posted using Milan's Wi-Fi. Hence the draconian manner of entry.
… However, local police Chief Billy Bolin said the police had no way of knowing if Milan's Wi-Fi had been appropriated by persons unknown. [Hence the “Guilty until proven innocent” raid? Bob]
… The police, though, claim they now know who the miscreants might be and have agreed to repair the front door. A grenade they tossed inside seems to have caused a little carpet-staining, too.
The police are still in possession of Stephanie Milan's computer, and one can only hope that the case is resolved soon.

Undoubtedly a topic we should explore at a future Privacy Foundation seminar...
July 01, 2012
Pew - The Future of Smart Systems
The Future of Smart Systems, by Janna Anderson, Lee Rainie. June 29, 2012
  • "By 2020, experts think tech-enhanced homes, appliances, and utilities will spread, but many of the analysts believe we still won’t likely be living in the long-envisioned ‘Homes of the Future.’ Hundreds of tech analysts foresee a future with “smart” devices and environments that make people’s lives more efficient. But they also note that current evidence about the uptake of smart systems is that the costs and necessary infrastructure changes to make it all work are daunting. And they add that people find comfort in the familiar, simple, “dumb” systems to which they are accustomed. [Or in using smart systems in dumb ways Bob] Some 1,021 Internet experts, researchers, observers, and critics were asked about the “home of the future” in an online, opt-in survey. The result was a fairly even split between those who agreed that energy- and money-saving “smart systems” will be significantly closer to reality in people’s homes by 2020 and those who said such homes will still remain a marketing mirage."

Something to consider, students.

I gotta think about this...
Privacy Is the Problem: United States v. Maynard and a Case for a New Regulatory Model for Police Surveillance
July 2, 2012 by Dissent
A new article by Matthew Radler: Privacy Is the Problem: United States v. Maynard and a Case for a New Regulatory Model for Police Surveillance 80 Geo. Wash. L. Rev. 1209 (2012) [PDF]
Inescapably, the debate in the United States about law enforcement’s use of electronic surveillance is defined in terms of privacy. Whether discussed by courts, commentators, or legislators, the principal and often the only justification put forth for regulating the use of a given technology by the police is that it invades an interest somehow described as private. But as surveillance technology has extended to conduct that takes place on public property and in plain view of society at large, this rationale for regulation has become incapable of justifying the rules that result. This demand for privacy-based rules about public-conduct surveillance reached its apex (thus far) in 2010 in United States v. Maynard, the appellate decision affirmed on other grounds by the Supreme Court’s property-based ruling in United States v. Jones. Maynard’s theory of privacy rights in the context of police use of tracking devices—that they are violated by the mere aggregation of data—is so vulnerable to circumvention by police agencies that its efficacy as a basis for regulation is questionable at best. This Note proposes an alternative rationale for regulation of public-conduct surveillance, as well as a theory of institutional harm and an alternative rulemaking authority—an administrative agency—to address public-conduct surveillance issues.
In an era when police action is the primary determinant of who is con victed of crimes, without meaningful review via trial, unchecked surveillance renders the judiciary a rubber stamp for local executive power; the demand for an ex ante record restores the supervisory role of the courts over police conduct. Preserving that institutional role, instead of protecting an increasingly difficult-to-justify notion of individual privacy in public behavior, provides a durable rationale, and ensuring that it is given full effect will require administrative, rather than judicial or legislative, oversight.

This is clever!
Is There a Breach in the Dam Holding Back Damage Actions for Alleged Privacy Breaches?
July 2, 2012 by Dissent
Christopher Wolf writes:
Two recent federal cases alleging privacy violations in the mobile context have been allowed to proceed based on novel damages allegations. While neither cases recognized a property interest in personal information per se, the courts allowed cases involving mobile devices and alleged privacy violations to proceed, finding allegations sufficient that
(a) the plaintiffs paid more for their devices than they would have paid had they known their personal information would be misused, and
(b) that the battery and data usage costs arising from unwanted collection and sharing of personal information constitutes actionable damages.
Thus, these cases may open the door for more novel indirect financial injury claims arising from the allegedly improper collection and use of personal information. The long-standing presumption that mere exposure of personal data is insufficient for standing and damage actions may become irrelevant if plaintiffs are able to link the exposure to increased costs of device usage.
Read more on Hogan Lovells Chronicle of Data Protection.

Encrypted communications double, still not a problem since they could read everything...
"Federal and state court orders approving the interception of wire, oral or electronic communications dropped 14% in 2011, compared to the number reported in 2010. According to a report issued by the Administrative Office of the United States Courts a total of 2,732 wiretap applications were authorized in 2011 by federal and state courts, with 792 applications by federal authorities and 1,940 applications by 25 states that provide reports. The reduction in wiretaps resulted primarily from a drop in applications for intercepts in narcotics offenses, the report noted."
[From the report:
In 2011, encryption was reported during 12 state wiretaps, but did not prevent officials from obtaining the plain text of the communications.

No good deed goes unpunished. Security (or privacy) actions have reactions. This is fertile ground for hackers.
"Twitter is going to clamp down on abuse and 'trolling' according to its CEO Dick Costolo. Actions could include hiding replies from users who do not have any followers or biographical information. The difficulty is that moves to stop trolling could also curtail the anonymous Tweets which have been useful for protest in repressive regimes."

A backup for GPS?
"BAE Systems has developed a positioning solution that it claims will work even when GPS is unavailable. Its strategy is to use the collection of radio frequency signals from TV, radio and cellphone masts, even WiFi routers, to deduce a position. BAE's answer is dubbed Navigation via Signals of Opportunity (NAVSOP). It interrogates the airwaves for the ID and signal strength of local digital TV and radio signals, plus air traffic control radars, with finer grained adjustments coming from cellphone masts and WiFi routers. In any given area, the TV, radio, cellphone and radar signals tend to be at constant frequencies and power levels as they are are heavily regulated — so positions could be calculated from them. "The real beauty of NAVSOP is that the infrastructure required to make it work is already in place," says a BAE spokesman — and "software defined radio" microchips that run NAVSOP routines can easily be integrated into existing satnavs. The firm believes the technology could also work in urban concrete canyons where GPS signals cannot currently reach."

The problem with squeezing this into one page is, you need the page to be at least wall size to read it...
July 01, 2012
A Visual Guide to NFIB v. Sebelius
Follow up to The Health Care Law - Government Resources, Commentary and Analysis, see A Visual Guide to NFIB v. Sebelius: Competing Commerce Clause Opinion Lines 1789-2012, Colin P. Starger, University of Baltimore School of Law, June 30, 2012 - Download via SSRN.
  • Though Chief Justice Roberts ultimately provided the fifth vote upholding the Affordable Care Act (ACA) under the Tax Power, his was also one of five votes finding the ACA exceeded Congress’ power under the Commerce Clause. The doctrinal basis for Roberts’ Commerce Clause analysis was hotly contested. While Roberts argued that the ACA’s purported exercise of Commerce power “finds no support in our precedent,” Justice Ginsburg accused the Chief Justice of failing to “evaluat[e] the constitutionality of the minimum coverage provision in the manner established by our precedents.” These diametrically opposed perspectives on “precedent” might prompt observers to ask whether Roberts and Ginsburg considered the same cases as controlling. This Visual Guide shows that though the justices agreed on relevant cases, they disagreed on which opinions within those cases properly stated the law. Both Roberts and Ginsburg implicitly adopted the reasoning of prior dissents and concurrences as well as majority opinions. The map illustrates how competing lines of Commerce Clause opinions constitute a long-running doctrinal dialectic that culminated – for now – in NFIB v. Sebelius. This Visual Guide is a single-page PDF "poster" designed to serve as quick reference to the doctrinal debate."

Perspective: What Google thinks are the keys to competing in the Cloud?
"The Compute Engine announcement at Google I/O made it clear that Google intends to take Amazon EC2 head on. Michael Crandell, who has been testing out Compute Engine for some time now, divulges deeper insights into the nascent IaaS, which, although enticing, will have a long road ahead of it in eclipsing Amazon EC2. 'Even in this early stage, three major factors about Google Cloud stood out for Crandell. First was the way Google leveraged the use of its own private network to make its cloud resources uniformly accessible across the globe. ... Another key difference was boot times, which are both fast and consistent in Google's cloud. ... Third is encryption. Google offers at-rest encryption for all storage, whether it's local or attached over a network. 'Everything's automatically encrypted,' says Crandell, 'and it's encrypted outside the processing of the VM so there's no degradation of performance to get that feature.'"

This could be huge!
"Graphene once again proves that it is quite possibly the most miraculous material known to man, this time by making saltwater drinkable. The process was developed by a group of MIT researchers who realized that graphene allowed for the creation of an incredibly precise sieve. Basically, the regular atomic structure of graphene means that you can create holes of any size, for example the size of a single molecule of water. Using this process scientist can desalinate saltwater 1,000 times faster than the Reverse Osmosis technique."
[From the article:
Desalination might sound boring, but it’s super important. Around 97% of the planet’s water is saltwater and therefore unpotable, and while you can remove the salt from the water, the current methods of doing so are laborious and expensive. Graphene stands to change all that by essentially serving as the world’s most awesomely efficient filter. If you can increase the efficiency of desalination by two or three orders of magnitude (that is to say, make it 100 to 1,000 times more efficient) desalination suddenly becomes way more attractive as a way to obtain drinking water.