Saturday, September 08, 2012

One to follow?
ACLU Sues Police for Seizing Man’s Phone After Recording Alleged Misconduct
The ACLU has sued the District of Columbia and two police officers for allegedly seizing the cellphone of a man who photographed a police officer allegedly mistreating a citizen, and for then stealing his memory card.
The suit, filed in federal court (.pdf) in Washington, D.C., alleges that the police officer violated Earl Staley, Jr.’s First Amendment and Fourth Amendment rights by improperly searching and seizing his property while he was exercising his right to photograph the police performing their duty.

They aren't secret, we just haven't told anyone except for a few people now housed at Guantanamo.
Two District Court Rulings That Cell-Site Data Not Protected Under the Fourth Amendment
September 7, 2012 by Dissent
Earlier this week, I posted a link to a report by David Kravets on how United States v. Antoine Jones is back in court, but this time on the cell phone location data records. In discussing the DOJ’s brief in the case, Orin Kerr writes:
It’s a good brief, I think, and I was particularly intrigued by the appendices. The appendices included two recent unpublished federal district court decisions on Fourth Amendment protection for cell-site data. To my knowledge, neither opinion has been public before — or if they were public, they are not on Westlaw. Here they are for those interested:
1) United States v. Gordon (D.D.C. February 2012) (Urbina, J.) (ruling, shortly after the Supreme Court’s decision in Jones, that cell-site information is not protected by the Fourth Amendment because Smith v. Maryland is controlling)
2) In re Application of the United States (D.D.C. October 2011) (Lamberth, J.) (redacted version of ruling filed under seal) (ruling after the D.C. Circuit’s decision in Maynard but before Jones that cell-site information is not protected under Smith v. Maryland, and distinguishing Maynard on the ground that cell-site data is much less revealing and detailed about a person’s life than is GPS information).

Hobby Hacking! I knew about this a few days early – the judge uses unencrypted wifi at home...
District Court Rules that the Wiretap Act Does Not Prohibit Intercepting Unencrypted Wireless Communications
September 7, 2012 by Dissent
Orin Kerr writes:
The decision is In re INNOVATIO IP VENTURES, LLC PATENT LITIGATION. MDL Docket No. 2303, Case No. 11 C 9308. (N.D.Ill. August 22, 2012), via Cybercrime Review. The opinion holds that anyone can monitor the unencrypted wi-fi communications of anyone else without implicating the Wiretap Act. I think the decision is wrong, and I wanted to explain why.
The court holds that unsecured wireless communications are not covered by the Wiretap Act because of the exception found in 18 U.S.C. § 2511(g)(i). That exception states:
(g) It shall not be unlawful under this chapter or chapter 121 of this title for any person—
(i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;
The Court concludes that this exception covers unsecured wi-fi communications, so that it is entirely lawful to snoop in on someone else’s private communications over an unsecured wireless network:
Read more on The Volokh Conspiracy.

(Related) for my Computer Security students.
If you think a wireless router’s only job is to connect you to the world of the Internet, you’re missing out on a lot of its awesome goodness. Sure, maybe all you need is Internet access. In that case, you don’t really have to worry about all the tricks your router can do. But for those of you that want to maximize your experience, there are some advanced wireless router features that will make your life much easier.

Better to educate than simply ban a tool...
How Instagram became the social network for tweens
Well-intentioned parents who've kept their tweens off Facebook are catching on to the workaround: kids are turning to Instagram, the photo-sharing app that may as well be a social network.

I'm not a fan of so called “situational ethics.” If an action is right sometimes but wrong in some situations, you don't have the definition right!
Drones in Domestic Surveillance Operations: Fourth Amendment Implications and Legislative Responses
September 7, 2012 by Dissent
From the Congressional Research Service, by Richard M. Thompson II:
… the constitutionality of domestic drone surveillance may depend upon the context in which such surveillance takes place. Whether a targeted individual is at home, in his backyard, in the public square, or near a national border will play a large role in determining whether he is entitled to privacy. Equally important is the sophistication of the technology used by law enforcement and the duration of the surveillance. Both of these factors will likely inform a reviewing court’s reasoning as to whether the government’s surveillance constitutes an unreasonable search in violation of the Fourth Amendment.
Read the full report on FAS.

Of course, but the constitution only applies to second-class citizens and similar scum. It never applies to Big Brother and friends.
Does Germany’s Plan To Create Its Own Spyware Violate Its Constitution?
September 7, 2012 by Dissent
Ryan Gallagher writes:
Are you a creative thinker who can write software and detect computer security vulnerabilities? If yes, federal police in Germany have a job for you.
The Bundeskriminalamt, or BKA, is Germany’s version of the FBI. The agency iscurrently recruiting for a number of IT specialists to help develop “technical surveillance methods” that can be used to secretly and remotely access computers during crime investigations. What that means, in plain English, is that the BKA is looking for people to help design in-house spyware than can be used to infiltrate computers and mine data.
Read more on Slate.

No surprise. But things like this make it seem likely that the FBI would have millions of iPhone details available for Anonymous to hack. No doubt it includes your Facebook “mugshots” too...
FBI launches $1 billion nationwide facial recognition system
September 7, 2012 by Dissent
Sebastian Anthony writes:
The US Federal Bureau of Investigation has begun rolling out its new $1 billion biometric Next Generation Identification (NGI) system. In essence, NGI is a nationwide database of mugshots, iris scans, DNA records, voice samples, and other biometrics, that will help the FBI identify and catch criminals — but it is how this biometric data is captured, through a nationwide network of cameras and photo databases, that is raising the eyebrows of privacy advocates.
Read more on ExtremeTech.

Automating copyright review... If you claim copyright on malware are you opening yourself to liability for its use?
"A malicious software researcher finds herself in company with First Lady Michelle Obama and science fiction author Neil Gaiman: booted from the Web by hard-headed copyright protection algorithms, according to the Naked Security blog. Mila Parkour, a researcher who operates the Contagio malware blog, said on Thursday that she was kicked off the cloud based hosting service Mediafire, after three files she hosted there were flagged for copyright violations and ordered removed under the terms of the Digital Millennium Copyright Act (DMCA). The files included two compressed and encrypted malicious PDF files linked to Contagio blog posts from 2010. The firm responsible for filing the DMCA take down notice was Paris-based LeakID, which describes itself as a 'digital agency ...founded by experts from the world of radio, television and Internet.' LeakID markets 'Leaksearch,' an 'ownership tool that will alert you within seconds if your being pirated.' According to Parkour, Mediafire received a notice from LeakID claiming that it was 'acting on behalf of the copyright owners,' though the owners and presumed copyrighted content weren't named."

Raises an interesting question: What other security/privacy settings do they ignore?
Apache Web software overrides IE10 do-not-track setting
September 7, 2012 by Dissent
Stephen Shankland reports:
Apache, the most commonly used software to house Web sites, will ignore Microsoft’s decision to disable ad-tracking technology by default in Internet Explorer 10.
Roy Fielding, an author of the Do Not Track (DNT) standard and principal scientist at Adobe Systems, wrote a patch for Apache that sets the Web server to disable DNT if the browser reaching it is Internet Explorer 10. “Apache does not tolerate deliberate abuse of open standards,” Fielding titled the patch.
As a result of the Apache update, Web servers using the software will ignore DNT settings for people using IE10.
Read more on CNET.
So users who believe that they have DNT on by default will unknowingly have their protection bypassed by the Apache patch? Oh good, that will really help protect users’ privacy. NOT.

Are we reaching our limit of tolerance for Big Brother? (Was Ayn Rand right to forecast a John Galt?)
Jimmy Wales threatens to encrypt Wikipedia if UK passes snooping bill
September 7, 2012 by Dissent
Timothy B. Lee writes:
Wikipedia founder Jimmy Wales has joined the opposition to the Communications Data Bill that was proposed by the UK government earlier this year. Civil rights groups have raised the alarm about provisions that could require British ISPs to keep records of every website their customers visit for 12 months. Now Wales is threatening to enable encryption on Wikipedia for UK Web users to protect their privacy.
“If we find that UK ISPs are mandated to keep track of every single webpage that you read at Wikipedia, I am almost certain we would immediately move to a default of encrypting all communication to the UK, so that the local ISP would only be able to see that you are speaking to Wikipedia, not what you are reading,” Wales told members of parliament.
Read more on Ars Technica.

Ebooks to get cheaper?
Judge Approves E-Book Pricing Settlement Between Government and Publishers
In a decision that could start an e-book price war in the publishing industry, a federal judge on Thursday approved a settlement between the Justice Department and three major publishers in a civil antitrust case that accused the companies of collusion in the pricing of digital books.
… And the ruling promised to empower Amazon, the e-retailing giant, to drop the price of many e-books back to $9.99 or even lower in the coming months, a move that could pressure competing retailers to do the same.

The Physics of Computer Security. (By the way students, Mr. Schrodinger's cat is still missing...)
"A very interesting paper (PDF) has just hit the streets (or, at least, Physics Review Letters) about the Heisenberg uncertainty relationship as it was originally formulated about measurements. The researchers find that they can exceed the uncertainty limit in measurements (although the uncertainty limit in quantum states is still followed, so the foundations of quantum mechanics still appear to be sound.) This is really an attack on quantum entanglement (the correlations imposed between two related particles), and so may have immediate applications in cracking quantum cryptography systems. It may also be easier to read quantum communications without being detected than people originally thought."

… On its own, Apple's iPhone business would be a Fortune 50 company.
It's also bigger than all of Microsoft. Not just Windows or Office -- the iPhone generated more sales than the entirety of Microsoft's product lineup over the past four quarters.

For my Statistics students...
The Probabilities of Large Terrorist Events
In a recent paper posted to the arXiv, my friend and colleague Aaron Clauset, along with his collaborator Ryan Woodard, set out to use a sophisticated statistical approach to address this problem.

Exerpts from:
… The California State Senate passed an open textbook bill this week — it now heads to Governor Jerry Brown’s desk — that would create an OER library for the textbooks in the most popular undergraduate classes at the state’s public universities.
… And so it begins: Colorado State University’s Global Campus will accept transfer credit for online education startup Udacity's CS 101.
edX, the MIT and Harvard MOOC initiative, will now offered proctored final exams to the students that sign up for its open enrollment online classes, reports The Chronicle of Higher Education. These tests will be given by Pearson (which also provides testing for Udacity). Vive la revolution

Friday, September 07, 2012

Perhaps he could ask Christo to cover the country in fabric?
Sudan’s Dictator Wants Satellites to Stop Spying on His Crimes
Sudanese President Omar al-Bashir has issues with satellites. It’s not that he would mind some of his own, if Sudan suddenly developed a working space program. It’s rather those pesky foreign satellites snooping on Bashir’s war crimes and state-orchestrated genocide that he wants to get rid of.
On Wednesday, Bashir called on the African Union (AU) to find ways to “protect” the continent from spy satellites. The dictator urged the AU to “legislate protection of [Africa's] space,” as the state-owned Sudan Vision website reported, in tandem with developing a new unified space agency. “I’m calling for the biggest project, an African space agency,” Bashir said during remarks at a telecommunications conference in Khartoum. “Africa must have its space agency,” he added.
The dictator — who is wanted by the International Criminal Court regarding his role in the Darfur genocide — has, er, particular reasons for wanting the spy satellites to stay out. Last year, satellites from private space monopoly DigitalGlobe uncovered what appeared to be evidence of mass killings carried out during Sudan’s ongoing civil war. But whatever Bashir’s motivations, a continent-wide space agency actually isn’t a bad idea.

Re-Identification Risks and Myths, Superusers and Super Stories (Part I: Risks and Myths)
September 6, 2012 by Dissent
Daniel Barth-Jones has a critique of re-identification studies that informs the conversation about risks:
In a recent Health Affairs blog article, I provide a critical re-examination of the famous re-identification of Massachusetts Governor William Weld’s health information. This famous re-identification attack was popularized by recently appointed FTC Senior Privacy Adviser, Paul Ohm, in his 2010 paper Broken Promises of Privacy. Ohm’s paper provides a gripping account of Latanya Sweeney’s famous re-identification of Weld’s health insurance data using a Cambridge, MA voter list. The Weld attack has been frequently cited echoing Ohm’s claim that computer scientists can purportedly identify individuals within de-identified data with “astonishing ease.”
However, the voter list supposedly used to “re-identify” Weld contained only 54,000 residents and Cambridge demographics at the time of the re-identification attempt show that the population was nearly 100,000 persons. So the linkage between the data sources could not have provided definitive evidence of re-identification. The findings from this critical re-examination of the famous Weld re-identification attack indicate that he was quite likely re-identifiable only by virtue of his having been a public figure experiencing a well-publicized hospitalization, rather than there being any actual certainty to his purported re-identification via the Cambridge voter data. His “shooting-fish-in-a-barrel” re-identification had several important advantages which would not have existed for any random re-identification target. It is clear from the statistics for this famous re-identification attack that the purported method of voter list linkage could not have definitively re-identified Weld and, while the odds were somewhat better than a coin-flip, they fell quite short of the certainty that is implied by the term “re-identification”.
The full detail of this methodological flaw underlying the famous Weld/Cambridge re-identification attacks is available in my recently released paper. This fatal flaw, the inability to confirm that Weld was indeed the only man with in his ZIP Code with his birthdate, exposes the critical logic underlying all re-identification attacks.
Read more of this commentary on Concurring Opinions. Part II of his commentary can be found here.

There is always someone who notices something odd about the Emperor's new clothes...
"According to British daily The Telegraph, Sir Tim Berners-Lee has warned that plans to monitor individuals' use of the internet would result in Britain losing its reputation as an upholder of web freedom. The plans, by Home Secretary Theresa May, would force British ISPs and other service providers to keep records of every phone call, email and website visit in Britain. Sir Tim has told the Times: 'In Britain, like in the US, there has been a series of Bills that would give government very strong powers to, for example, collect data. I am worried about that.' Sir Tim has also warned that the UK may wind up slipping down the list of countries with the most Internet freedom, if the proposed data-snooping laws pass parliament. The draft bill extends the type of data that internet service providers must store for at least 12 months. Providers would also be required to keep details of a much wider set of data, including use of social network sites, webmail and voice calls over the internet."

“Let us check to see if you are related to a rapist.” Would anyone even consider doing this in the US?
"In an attempt to solve a rape and murder of a 16-year-old girl, the Dutch police have asked 8080 men to provide their DNA. All these people lived 5 km or less from the crime scene at the time of the murder. This reopened cold case is the first large-scale attempt not to hunt the rapist and killer but to locate his close or distant male relatives. All data gathered will be destroyed after the match with this particular murder. There seems to be great public support for this attempt."
Shades of The Blooding.

Perhaps our message is getting out?
September 05, 2012
Pew Survey - Privacy and Data Management on Mobile Devices
Privacy and Data Management on Mobile Devices, by Jan Lauren Boyles, Aaron Smith, Mary Madden. Sep 5, 2012.
"More than half of mobile application users have uninstalled or avoided certain apps due to concerns about the way personal information is shared or collected by the app, according to a nationally representative telephone survey conducted by the Pew Research Center’s Internet & American Life Project. In all, 88% of U.S. adults now own cell phones, and 43% say they download cell phone applications or “apps” to their phones. Among app users, the survey found:
  • 54% of app users have decided to not install a cell phone app when they discovered how much personal information they would need to share in order to use it
  • 30% of app users have uninstalled an app that was already on their cell phone because they learned it was collecting personal information that they didn’t wish to share
  • Taken together, 57% of all app users have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons."

We called it “incidental intelligence”
September 05, 2012
Users increasingly sharing photos over text on social media
eMarketer - Users turn to Instagram, Tumblr and Twitter itself to post pictures. "As the number of Twitter users grows, consumers are using the site to share photos, videos and other links with their followers. eMarketer forecasts that US adult Twitter users will reach 31.8 million in 2013, up 14.9% from the 27.7 million users in 2012. As the base grows, the way consumers use the site and what they share is also changing. In July 2012, website analysis company Diffbot looked at 750,000 links posted to Twitter worldwide and found that 36% were images, 16% were articles and 9% were videos. Additionally, 8% linked to a product, and 7% each linked to a site’s front page, a status update or a page error. Games, location-sharing, recipes and reviews each made up less than 2% of links."

What process/practice would allow you to force them to lower their price for you? That's the one I want to patent.
"A newly-granted Google patent on Dynamic Pricing of Electronic Content describes how information gleaned from your search history and social networking activity can be used against you by providing tell-tale clues for your propensity to pay jacked-up prices to 'reconsume' electronic content, such as 'watching a video recording, reading an electronic book, playing a game, or listening to an audio recording.' The patent is illustrated with drawings showing how some individuals can be convinced to pay 4x what others will be charged for the same item. From the patent: 'According to one innovative aspect of the subject matter described by this specification, a system may use this information to tailor the price that is offered to the particular user to repurchase the particular item of electronic content. By not applying discounts for users that may, in relation to a typical user, be more inclined to repurchase a particular product, profits may increase.' Hey, wasn't this kind of dynamic pricing once considered evil?"

For my entrepreneurs...
What the Heck Is Homestuck, And How’d It Get $750K on Kickstarter?
When I heard that a webcomic called Homestuck had raised three quarters of a million dollars on Kickstarter within 24 hours for a videogame version, I set out to research what it was. Three hours later, I was not much closer to understanding it.
Homestuck, and the rabid fandom of its millions of readers, is difficult to explain. Entire blogs have been started just to answer the question, “What is Homestuck?”
Here’s the best I can do: It’s a book/webcomic/Flash animation/videogame hybrid, all created by Andrew Hussie. When Hussie revealed a Kickstarter campaign to fund creation of a Homestuck adventure game on Tuesday, his fans helped him meet his $700,000 goal within just one day. He plans to release the game in 2014.

Thursday, September 06, 2012

So now the question becomes, are the UDIDs real? If so, where did they come from?
Apple: We Didn’t Give FBI Any Device IDs
September 5, 2012 by admin
John Paczkowski got a statement from Apple, denying that they provided the FBI with the database of device IDs:
“The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization. Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID,” Apple spokeswoman Natalie Kerris told AllThingsD.
Read more on AllThingsD.
So now the FBI has denied the data were in their possession, and Apple has denied providing it to the FBI. Absent any proof from AntiSec that they obtained it from an FBI notebook, it seems that they did obtain a database of real data, but I remain unconvinced as to where/how they obtained it. Some people are encouraging users who find their device IDs in the data dump to compile a list of apps they’ve used so that perhaps, a common culprit can be identified. Or perhaps the individuals who acquired the data will provide more evidence as to where they obtained it. Yes, the FBI could be lying. Yes, Apple could be lying. Hell, everyone could be lying, but we appear to have a real database and we don’t know who was in possession of it – or even how many business, agencies, or individuals may be in possession of it. Not a comforting situation.

Another fake or are we in for some election year amusement?
A federal investigation has been launched after hackers claimed to have stolen Mitt Romney’s tax returns. The hackers have given Romney until September 28th to pay $1 million in bitcoins or they say they will release the returns. From the article: "The claim was made in a post on the Pastebin site on Sunday that alleged that Romney's federal tax returns were taken from the offices of PriceWaterhouse Coopers in Frankin, Tenn., on August 25 by someone who snuck into the building and made copies of the document. [Unlikely? Bob] The message author threatened to release the files publicly on September 28 and said copies of the files had been given to Democratic and Republican leaders in that county. Democrats have made Romney's refusal to release his tax returns a key point in their criticism that he is not in touch with working class voters."

All I ask is 10%...
Cybercrime costs U.S. consumers $20.7 billion
U.S. consumers lost $20.7 billion to cybercrime over the past 12 months, with 71 million Americans falling victim to online perps, according to new research.
Meanwhile, worldwide losses resulting from cybercrime including malware attacks and phishing hit $110 billion between July 2011 and the end of July 2012, a report by security company Symantec (PDF) has found.

At what point must we apply the rules of war? If the CIA can do this can the DHS? Would they use one to intercept another 9/11 plane?
29 Dead in 8 Days as U.S. Puts Yemen Drone War in Overdrive
29 dead in a little over a week. Nearly 200 gone this year. The White House is stepping up its campaign of drone attacks in Yemen, with four strikes in eight days. And not even the slaying of 10 civilians over the weekend seems to have slowed the pace in the United States’ secretive, undeclared war.
At this week’s Democratic National Convention in Charlotte, you’ll hear lots of talk about the Obama administration’s pursuit of al-Qaida and its allies — including, of course, the raid that ultimately took out Osama bin Laden. But the hottest battlefield in this worldwide conflict isn’t likely to receive much attention. It’s a shame, because the fight in Yemen is one that demands discussion. Not only does the White House consider al-Qaida in the Arabian Peninsula to be the extremist group most likely to strike in the United States. But the American response to that threat was been widely questioned by regional experts, who wonder whether U.S. drones and commandos aren’t being duped into fighting on one side of a civil war.

For my Ethical Hackers. Your task: do the same thing remotely
Widely used fingerprint reader exposes Windows passwords in seconds
September 5, 2012 by admin
Dan Goodin reports:
Fingerprint-reading software preinstalled on laptops sold by Dell, Sony, and at least 14 other PC makers contains a serious weakness that makes it trivial for hackers with physical control of the machine to quickly recover account passwords, security researchers said.
The UPEK Protector Suite, which was acquired by Melbourne, Florida-based Authentec two years ago, is marketed as a secure means for logging into Windows computers using an owner’s unique fingerprint, rather than a user-memorized password. In reality, using the software makes users lesssecure than they otherwise would be. When activated, the software writes Windows account passwords to the registry and encrypts them with a key that is easy for hackers to retrieve. Once the key has been acquired, it takes seconds to decrypt the password.
Read more on Ars Technica.

(Related) A fingerprint replacement and another collection of biometric data?
"CNet reports that Google was awarded a patent yesterday for logging into a computing device using face recognition (8,261,090). 'In order for the technology to work, Google's patent requires a camera that can identify a person's face. If that face matches a "predetermined identity," then the person is logged into the respective device. If multiple people want to access a computer, the next person would get in front of the camera, and the device's software would automatically transition to the new user's profile. ... Interestingly, Apple last year filed for a patent related to facial recognition similar to what Google is describing in its own service. That technology would recognize a person's face and use that as the authentication needed to access user profiles or other important information.'"

TSA invents another “screening technique?” Do they check the vendors too? (Is this sanitary? Apparently not)
TSA Moves On From Your Underwear to Your Starbucks
Not content with fondling your privates and banning liquids from entering the concourse, the Transportation Security Administration is apparently now also screening liquids bought by passengers after they’ve already gone through regular security screening.
A passenger flying from Columbus, Ohio, to Oakland, California, over the holiday weekend captured the practice on video while he was sitting with other passengers in the airport’s embarkment lounge waiting to board their flight.
As the unidentified passenger points out in commentary posted with his video to YouTube, the liquid testing is being done “well beyond the security check” and on liquids that passengers have purchased inside the security perimeter after they already passed through security screening and threw out any drinks they might have brought with them to the airport.
… He concludes his post by asking, “Whats next…perhaps the TSA will come to your home prior to your drive to the airport? The police state of the US is OUT OF CONTROL!”
But the TSA says the practice isn’t new — it’s been going on since 2007 — and is part of random screening techniques designed to catch liquid explosives that might slip through initial screening.

Changing the rules...
U.S. Consumer Groups Endorse Proposed European Privacy Law
September 5, 2012 by Dissent
In a letter to members of the European Parliament, over twenty U.S. consumer organizations expressed support for the new European data protection law. The coalition, including Consumers Union, Consumer Federation of America, and Public Citizen, said that the proposed regulation “provides important new protections for the privacy and security of consumers.” The groups also explained that the European effort will raise privacy standards for consumers in other parts of the world. The European Union privacy regulation is a comprehensive update of the 1995 EU Data Protection Directive and adopts innovative new approaches to privacy protection, such as “Privacy by Design.” BEUC, the association of European consumer groups, has also expressed support for the new law. For more information, see EPIC: EU Data Protection Directive

Plain sight? Digital sight?
Police seizure of text messages violated 4th Amendment, judge rules
September 5, 2012 by Dissent
Jon Brodkin reports:
At 6:08am, on October 4, 2009, Trisha Oliver frantically called 911 from her apartment in Cranston, Rhode Island when her six-year-old son, Marco Nieves, stopped breathing. The Fire Department took Marco to Hasbro Children’s Hospital, where he was found to be in full cardiac arrest. He died 11 hours later.
By 6:20am, Sgt. Michael Kite of the Cranston Police Department had arrived at the apartment, where he found Oliver, her boyfriend Michael Patino, and their 14-month-old daughter, Jazlyn Oliver. Kite observed a couple of stripped beds and linens on the floor, a trash can with vomit inside it, dark brown vomit in a toilet, and, crucially, a cell phone on the kitchen counter. Kite picked up the cell phone, and it was at that point—in the just-released opinion of a Rhode Island state court—that police proceeded to mangle a murder case and violate Patino’s Fourth Amendment rights by viewing text messages without a warrant.
Read more on Ars Technica.

Data Mining for teaching evaluation? Probably a few privacy questions here too.
September 04, 2012
Big Data for Education: Data Mining, Data Analytics, and Web Dashboards
  • "In this report, I examine the potential for improved research, evaluation, and accountability through data mining, data analytics, and web dashboards. So-called “big data” make it possible to mine learning information for insights regarding student performance and learning approaches. 1 Rather than rely on periodic test performance, instructors can analyze what students know and what techniques are most effective for each pupil. By focusing on data analytics, teachers can study learning in far more nuanced ways. 2 Online tools enable evaluation of a much wider range of student actions, such as how long they devote to readings, where they get electronic resources, and how quickly they master key concepts."

Does Social Media document emotional distress?
Plaintiff has to turn over emotional social media content in employment lawsuit
September 5, 2012 by Dissent
Evan Brown writes:
Plaintiff sued her former employer for discrimination and emotional distress. In discovery, defendant employer sought from plaintiff all of her social media content that revealed her “emotion, feeling, or mental state,” or related to “events that could be reasonably expected to produce a significant emotion, feeling, or mental state.”
The case is Robinson v. Jones Lang LaSalle Americas, Inc., 2012 WL 3763545 (D.Or. August 29, 2012), and the outcome is no surprise at this point. If you make a claim in court, expect the defendant’s lawyers to seek your social media content in discovery.
Read more on InternetCases.

This is difficult to program.
The Algorithmic Copyright Cops: Streaming Video’s Robotic Overlords
As live streaming video surges in popularity, so are copyright “bots” — automated systems that match content against a database of reference files of copyrighted material. These systems can block streaming video in real time, while it is still being broadcast, leading to potentially worrying implications for freedom of speech.
On Tuesday, some visitors trying to get to the livestream of Michelle Obama’s widely lauded speech at the Democratic National Convention on Tuesday were met with a bizarre notice on YouTube, which said that the speech had been blocked on copyright grounds.
On Sunday, a livestream of the Hugo Awards — the sci-fi and fantasy version of the Oscars — was blocked on Ustream, moments before Neil Gaiman’s highly anticipated acceptance speech. Apparently, Ustream’s service detected that the awards were showing copyrighted film clips, and had no way to know that the awards ceremony had gotten permission to use them.
Last month, footage from NASA’s triumphant Curiosity rover landing was blocked numerous times on YouTube, despite being in the public domain, because several companies — such as Scripps Local News — claimed copyright on the material.

For my programming students
FTC Releases Mobile App Guidance
September 5, 2012 by Dissent
Andy Serwin writes:
The FTC has been focused on mobile apps and the legal issues they raise, and that focus continues to be shown by the most recent guidance from the FTC. Marketing Your Mobile App: Get it Right From the Start, offers guidance to app developers regarding what the FTC believes should be done to protect consumers in the mobile world.
The FTC clearly is speaking to smaller, as well as larger companies that use the mobile platforms to create apps, as the FTC clearly states up front its view that the guidance, and the relevant laws, are equally applicable to small and large companies.
Read more on The Lares Institute.

A way to bug my students 24/7? I could record phrases like “Get to work!” “Do your homework!” and the ever popular “Stop that!” and program them to repeat a various times...
… Zello Walkie Talkie is a free to use smartphone app for Android, BlackBerry, iOS devices, and Windows computers. Being a cross-platform app, Zello will enable group conversation between different mobile and computer users.
Similar tools: LoudTalks and Heytell.

For my students
Tuesday, September 4, 2012
Evernote is currently my favorite service for note-taking and bookmarking. I have Evernote installed on my iPad, my Android Tablets, my phone, my computers, and I have the Evernote web clipper installed in all of my browsers. Because of Evernote's versatility I highly recommend it to anyone looking for a good note-taking and bookmarking tool. One question that I often hear from first-time Evernote users is, there's so many options, where do I start? Make Use Of has just released a new guide that will answer that question and many more.
How To Use Evernote, The Missing Manual is a free 34 page guide to using Evernote. The guide will help you use Evernote in your web browser, on your iPad, on your Android tablet, on your phone, and on your desktop. The guide is available to download as a PDF or EPub.

Wednesday, September 05, 2012

This seems to be an extremely quick response. It is good that the FBI has this ability to instantly, absolutely, and positively guarantee that none of its thousands of laptops ever had such data and were never hacked. On the other hand, AntiSec has made false claims before...
FBI Says Laptop Wasn’t Hacked; Never Possessed File of Apple Device IDs
The Federal Bureau of Investigation is refuting a statement made by members of AntiSec this weekend that they hacked the laptop of an FBI special agent and stole a file containing 12 million Apple device IDs and associated personal information.
The FBI also said it did not possess a file containing the data the hackers said they stole.
In a statement released Tuesday afternoon, the FBI said, “The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence [Kind of weasel worded. Perhaps the evidence was there yesterday, but we removed it. Bob] indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”

(Related) ...but they got these somewhere.
Hackers Release 1 Million Apple Device IDs Allegedly Stolen From FBI Laptop
… In a lengthy post online, the hackers wrote that last March, they hacked a laptop belonging to an FBI agent named Christopher K. Stangl from the bureau’s Regional Cyber Action Team and the New York FBI office’s Evidence Response Team.

“Good fences make good neighbors” Robert Frost
September 04, 2012
A Behavioural Understanding of Privacy and its Implications for Privacy Law
A Behavioural Understanding of Privacy and its Implications for Privacy Law, Kirsty Hughes, University of Cambridge, September 2012. The Modern Law Review, Vol. 75, Issue 5, pp. 806-836, 2012
  • "This article draws upon social interaction theory (the work of Irwin Altman) to develop a theory of the right to privacy, which reflects the way that privacy is experienced. This theory states that the right to privacy is a right to respect for barriers, and that an invasion of privacy occurs when a privacy barrier is penetrated. The first part of the paper establishes the position of the author's theory in the existing scholarship. The second part of the paper expands upon the theory to explain the nature of privacy barriers and the way that the author's theory manages a number of specific privacy issues, including threats to privacy, attempted invasions of privacy, unforeseeable interferences with privacy and waiving the right to privacy. The final part of the paper demonstrates the impact that this approach to privacy could have upon judicial reasoning, in particular Article 8 European Convention on Human Rights."

Zuckerberg for President? With a few minor tweeks, we could make candidate X look so much better/smarter/taller/fatter than candidate Y
September 04, 2012
Pew - Politics on Social Networking Sites
Politics on Social Networking Sites, by Lee Rainie, Aaron Smith. Sep 4, 2012: "A portion of social networking site users say the sites are important for some of their political activities and the way they decide how to engage with campaigns and issues. At the same time, most users of the sites say they do not use the sites for political purposes or debates. A nationally representative phone survey by the Pew Research Center’s Internet & American Life Project finds that:
  • 36% of social networking site (SNS) users say the sites are “very important” or “somewhat important” to them in keeping up with political news.
  • 26% of SNS users say the sites are “very important” or “somewhat important” to them in recruiting people to get involved in political issues that matter to them.
  • 25% of SNS users say the sites are “very important” or “somewhat important” to them for debating or discussing political issues with others.
  • 25% of SNS users say the sites are “very important” or “somewhat important” to them in finding other people who share their views about important political issues."

What is “Privacy by design?”
"Networked cars — cars that can identify each other's location and prevent collisions — are coming soon, and will be a boon for safety, with one estimate having them cut accidents by 70 percent. But what happens to all the data the car will collect — about your location and driving behavior? It's worrisome that nobody seems to be thinking seriously about the privacy side of the equation."

A metaphor for security & privacy? Don't abuse my “pet computer” and I won't let my “pet computer” SPAM in your yard...
"Social robots — machines with the ability to do grocery shopping, fix dinner and discuss the day's news — may gain limited rights, similar to those granted to pets. Kate Darling, a research specialist at the MIT Media Lab, looks at this broad issue in a recent paper, 'Extending Legal Rights to Social Robots.' 'The Kantian philosophical argument for preventing cruelty to animals is that our actions towards non-humans reflect our morality — if we treat animals in inhumane ways, we become inhumane persons. This logically extends to the treatment of robotic companions. Granting them protection may encourage us and our children to behave in a way that we generally regard as morally correct, or at least in a way that makes our cohabitation more agreeable or efficient.' If a company can make a robot that leaves the factory with rights, the marketing potential, as Darling notes, may be significant."

How drunk? “One beer” drunk? “A shot and a beer” drunk? “Too drunk to drive” drunk? “So drunk I might vote Democrat” drunk?
Infrared-Camera Algorithm Could Scan for Drunks in Public
Computer scientists have published a paper detailing how two algorithms could be used in conjunction with thermal imaging to scan for inebriated people in public places.
… alcohol causes blood-vessel dilation at the skin’s surface, so by using this principle as a starting point the two began to compare data gathered from thermal-imaging scans. One algorithm compares a database of these facial scans of drunk and sober individuals against pixel values from different sites on a subject’s face. A similar method has been used in the past to detect infections, such as SARS, at airports — though a study carried out at the time of the 2003 outbreak warned, “although the use of infrared instruments to measure body surface temperatures has many advantages, there are human, environmental, and equipment variables that can affect the accuracy of collected data.”

For my Website students. Well, what excuse do you have now?
Estonia Reprograms First Graders as Web Coders
Public schools in Estonia will soon have a curriculum for teaching web and mobile application development to students as early as first grade.
According to an article published by UbuntuLife, the program begins this month with training for primary-school teachers. This will be followed by pilot programs. Eventually, the curriculum will be available to all public schools, with educational materials for all levels from grades 1 through 12.

For all my students
Tuesday, September 4, 2012
Evernote is currently my favorite service for note-taking and bookmarking. I have Evernote installed on my iPad, my Android Tablets, my phone, my computers, and I have the Evernote web clipper installed in all of my browsers. Because of Evernote's versatility I highly recommend it to anyone looking for a good note-taking and bookmarking tool. One question that I often hear from first-time Evernote users is, there's so many options, where do I start? Make Use Of has just released a new guide that will answer that question and many more.
How To Use Evernote, The Missing Manual is a free 34 page guide to using Evernote. The guide will help you use Evernote in your web browser, on your iPad, on your Android tablet, on your phone, and on your desktop. The guide is available to download as a PDF or EPub.

Tuesday, September 04, 2012

If true, this negates that warm fuzzy feeling that our government is trying to protect us...
Hacked FBI notebook reveals over 12,000,000 iPhone users’ details – Anonymous
September 4, 2012 by admin
David Gilbert reports:
A post on Pastebin claims that during the second week of March 2012, a Dell Vostro laptop used by FBI Supervisor Special Agent Christopher K. Stangl (seen above in a video calling for computer science graduates to work with the FBI) was breached.
The group claims it found a file on the computer’s desktop – labelled NCFTA_iOS_devices_intel.csv – which contained a list with details about over 12 million unique Apple iOS devices including the Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, addresses and mobile phone numbers.
The paste, which is not signed with the now-familiar Anonymous sigblock, offers a somewhat lengthy political statement and rationale before getting to the description of the breach:
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
The FBI has not confirmed or denied the claims, which were first revealed yesterday on Pastebin.
So… if the claims are true (and we don’t know that yet): why were 12+ million entries of this kind in the FBI’s possession? And why were they on a mobile device? I’d like to hear the FBI’s explanation for this. That the FBI engages in domestic surveillance is not exactly earth-shattering news, but what crimes have so many possibly committed that would justify this database? And how did they compile these data, if they did?
Kudos to the hackers who decided to trim the personal information. Although does not, as a policy, endorse hacking even for worthy goals, this site does endorse hackers taking steps to protect the personal information of those who may have done nothing wrong but find their details in a database.

(Related) You have to work hard to be this bad.
Glasgow City Council slammed for losing 700 computers
September 4, 2012 by admin
Kathleen Hall reports:
Glasgow City Council has been slammed for losing more than 700 laptops and PCs in a probe into the body’s security malpractice.
The council has lost 256 unencrypted laptops and nearly 450 PCs. It also has a further 541 unencrypted laptops, according to an audit report.
The news follows the theft of two laptops in May, one of which contained bank details of 16,541 businesses and individuals. In 2009, Glasgow City Council also suffered a major data loss when it lost sensitive data containing information on local sex offenders,

(Related) Clearly they do not have security or privacy on their minds..
UK: Schools ‘not considering students security when collecting biometric data’
September 4, 2012 by Dissent
Everywhere you look, you find inadequate protection of student information. There’s an interesting article in the London Evening Standard:
Schools could be putting pupils’ personal data at risk by failing to store it securely, according to new research.
The study suggests that schools are increasingly collecting students’ biometric data, such as fingerprints, but do not always think about the security issues surrounding this.
It found that almost half of schools have regulations on personal data security that fall below a recommended minimum level.
It has been suggested that up to four in 10 secondary schools use fingerprinting or face-scanning systems for a number of reasons, including recording attendance, allowing pupils to check out library books, pay for lunch or access certain school buildings.
But a paper due to be presented at the British Educational Research Association’s (Bera) annual conference in Manchester warns that schools often do not have clear policies on how personal information should be stored and handled.
Read more about the study on London Evening Standard.

Will they limit their cooperation to defense?
"At the start of this month, news broke that Iran and North Korea have strengthened their ties, specifically by signing a number of cooperation agreements on science and technology. The two states signed the pact on Saturday, declaring that it represented a united front against Western powers. Ayatollah Ali Khamenei, Iran's Supreme Leader, told Kim Yong Nam, North Korea's ceremonial head of state, the two countries have common enemies and aligned goals. On Monday, security firm F-Secure weighed in on the discussion. The company believes Iran and North Korea may be interested in collaborating against government-sponsored malware attacks such as Duqu, Flame, and Stuxnet."

Old Tweets never die...
Your Old Tweets Resurface with Twitter’s Data Reseller Partners
September 3, 2012 by Dissent
Sarah Downey of Abine writes:
Yesterday, Twitter announced its Certified Partners Program. There are currently 12 partners in the program, and they specialize in one of three categories: engagement, analytics, and data resellers. Twitter says that the certifications will “make it easier for businesses to find the right tools.”
As a privacy company, we sat up when we heard the words “data reseller.” Three of the 12 partner companies–Topsy, DataSift, and Gnip–are data resellers, which means they provide access to all publicly available tweet content over several years (what Twitter calls the “Firehose“).
Read more on BostInno.
What does this do, if anything, to Twitter’s argument in court that because tweets are no longer available on their site, they regain their status as private and not public? And isn’t it inconsistent, in some real sense, with Twitter’s claims that users own their own content? Why aren’t we asked to opt-in to this?

Smartphone apps track users even when shut down
September 3, 2012 by Dissent
Hiawatha Bray reports:
Some smartphone apps collect and transmit sensitive information stored on a phone, including location, contacts, and Web browsing histories, even when the apps are not being used by the phone’s owner, according to two researchers at the Massachusetts Institute of Technology.
It seems like people are no longer in control of their own privacy,” said Frances Zhang, a master’s degree student in computer science at MIT.
Zhang and fellow researcher Fuming Shih, a computer science doctoral candidate, found that some popular apps for phones running Google Inc.’s Android operating system are continually collecting information without informing the phone’s owner.
Read more on The Boston Globe.

For my Computer Security students... (Worth reading the comments too)
"A student at the University of Oslo, Norway has claimed that Phishing attacks can be carried out through the use of URI and users of Firefox and Opera are vulnerable to such attacks. Malicious web pages can be stored into data URIs (Uniform Resource Identifiers) whereby an entire webpage's code can be stuffed into a string, which if clicked on will instruct the browser to unpack the payload and present it to the user in form of a page. This is where the whole thing gets a bit dangerous. In his paper, Phishing by data URI [PDF], Henning Klevjer has claimed that through his method he was able to successfully load the pages on Firefox and Opera. The method however failed on Google Chrome and Internet Explorer."

Gee whiz, maybe the RIAA and MPAA shouldn't run DHS and the FBI...
Homeland Security's domain seizures worries Congress
The U.S. Department of Homeland Security is seizing domains and taking down URLs in the name of copyright infringement, but its tactics are worrying certain members of Congress.
In a letter (pdf) sent last week to Attorney General Eric Holder and Secretary Janet Napolitano, three members of the House Judiciary Committee aired their unease.
… The three Congress members -- Rep. Zoe Lofgren, Rep. Jared Polis -- and Rep. Jason Chaffetz, point to one case that exemplifies a situation where Homeland Security got it wrong. Over a year ago, the government took down a hip-hop Web site owned by a man who goes by Dajaz1 on the basis that it linked to copyrighted songs. However, the links didn't actually infringe on copyrights.
"Much of Dajaz1's information was lawful, and many of the allegedly infringing links to copyrighted songs, and specifically the links that were the basis of the seizure order, were given to the site's owner by artists and labels themselves," the Congress members wrote in the letter.

(Related) On the other hand, takedown is hard to automate.
Ustream Apologizes For Shutting Down The Hugo Awards Livestream, Says It Will ‘Recalibrate’
Maybe you haven’t heard of the Hugo Awards, but to science fiction geeks, especially print science fiction geeks, they’re a big deal. They’re given out at the World Science Fiction Convention, and as io9′s Annalee Newitz writes, they’re “kind of like the Academy Awards,” where “careers are made; people get dressed up and give speeches; and celebrities rub shoulders with (admittedly geeky) paparazzi.”
Of course, not everyone can attend the convention, held this year in Chicago, but for those of us who couldn’t, we had a chance to follow along the ceremonies last night thanks to live video via Ustream (I probably would’ve been watching if I wasn’t taking my mom out to dinner). Or at least, fans had a chance to watch the beginning of the ceremony, up until Neil Gaiman was accepting his award in the Best Dramatic Presentation, Short Form category. That’s when the broadcast shut off abruptly, and the account was supposedly “banned due to copyright infringement.”
… Also, if you’re going to halt a live broadcast, you might not want to do it when a bestselling author with more than 1.7 million Twitter followers takes the stage.

Would this apply elsewhere?
September 03, 2012
EU Commission publishes guidance on application of competition rules in car sector
News release: "The European Commission has published a set of frequently asked questions (FAQs) on the application of EU antitrust rules in the motor vehicle sector. The FAQs provide stakeholders with guidance on how the Commission applies these rules, in particular in the markets for repair and maintenance services and spare parts. “The FAQs are a practical guide that should be of particular help for SMEs and consumers”, said JoaquĆ­n Almunia, Commission Vice-President in charge of competition policy. “They aim at clarifying important issues regarding the competition rules in the car sector, which affect carmakers, dealers, spare parts suppliers, independent repairers and ultimately consumers”. In May 2010, the Commission adopted a new Motor Vehicle Block Exemption Regulation and accompanying Guidelines, concerning the application of EU antitrust rules to categories of agreements between vehicle manufacturers and their authorised dealers, repairers and spare parts distributors (see IP/10/619 and MEMO/10/217). Following requests from stakeholders and national competition authorities for further practical guidance on the application of the new rules, the Commission has now published a set of frequently asked questions."

So where are the business opportunities here?
Cable’s Walls Are Coming Down
Everybody hates the cable company. The big cable carriers constantly score among the lowest in customer satisfaction among all industries.
Yet the cable operators continue to thrive largely because they operate as natural monopolies — the upfront capital costs of laying new cable keep potential competitors at bay. The satellite services don’t fare much better in terms of consumer love, and they too enjoy similar barriers to entry (satellites!).
But get ready for a sea change. Even if you’re tied to a subscription television service today, there’s a great chance you’ll become a cord-cutter in short order.

Attention geeks!
"The University of Cambridge has released a free 12-step online course on building a basic operating system for the Raspberry Pi. The course, Baking Pi — Operating Systems Development, was compiled by student Alex Chadwick during a summer interning in the school's computer lab, and has been put online to help this year's new recruits start work with the device. The university has already purchased a Raspberry Pi for every new Computer Science student starting in 2012."

Better to backup and never need it than to not backup and find out you do... (At least one is free!)
10 Awesome Hard Drive Backup Applications
Your computer has a lot of important data stored on it. You might not even imagine how much data you have in your computer – like photographs, videos, songs, documents, critical files, programs, movies, etc. Do you know that in a split second, you could lose all this data in case your hard drive crashes, or some virus infects it or you delete some folder by mistake. So the wise thing to do is to be always prepared for the worst, i.e. losing all your data. So you should always back up your important data regularly. Doing this manually can be really irksome, but thanks to all the backup apps out there you don’t have to do it manually. Many backup software are available out there, but which ones are the best? Well today we have a list of10 Awesome Hard Drive Backup Applications. This list is in no particular order, so check them out and pick the one that suits your needs the best!

Attention all students!!!
… If you have a set schedule every week and know exactly when you need to silence your phone, Silent Time might fit your needs. It is a small and simple app that lets you assign blocks of time to specific events when you’ll need your phone to be silenced.
Phone Silencer is a very simple, but functional app if you usually forget to re-enable your phone’s ringer from silent mode and finding out you missed a bunch of calls or text messages. Sound familiar? Phone Silencer can help relieve your pain with no almost no learning curve.