Saturday, September 22, 2012

One of my least favorite topics: theft of unencrypted laptops. Why can't managers understand that it is the electronic equivalent of carrying one, ten or 500 four-drawer file cabinets fulle of sensitive records? Would they care more if laptop threats got them fired?
By Dissent, September 21, 2012
HHS added 10 incidents to its breach tool in its most recent update. Somewhat depressingly, five of the incidents involved the theft of unencrypted laptops.
In terms of newly revealed details on known incidents, the University of Miami reported that it had notified 64, 846 patients of the insider breach involving theft and possible sale of patient “face sheets.”
The Howard University Hospital breach of January 25th involving theft of a laptop was updated to reflect 66,601 patients notified. Initially, Howard University had reported 34,503 patients affected.
Here are some of the newly disclosed incidents that had not been previously mentioned on this blog:
Central States Southeast and Southwest Areas Health and Welfare Fund in Illinois notified 754 about an incident on July 31st involving “Unauthorized Access/Disclosure,Other” of paper records. There is no notice on their web site at this time and I can find no substitute notice or media coverage. They have not yet responded to a request for a statement explaining the breach.
Liberty Resources, Inc.” in Pennsylvania notified 3,183 of a laptop theft on August 4th. I cannot find any statement on their web site and I can find no media coverage or substitute notice. They have not yet responded to a request for a statement explaining the breach.
Tricounty Behavioral Health Clinic in Acworth, Georgia notified 4,000 patients after a laptop was stolen on August 26th. They do not seem to have a web site, but I was able to locate a brief media report in the Rome News-Tribune under one of their doctor’s names:
An Acworth doctor had a laptop stolen from her office, according to a Cherokee County Sheriff’s Office report.
According to the report:
Someone broke into the office on Dr. Swarnalatha Inderjith, of 4661 Jefferson Township Lane, and stole a laptop that contained patient information on Aug. 27.
A 32-inch television was also stolen.
The doctor has set up a toll free number for patients or former patients to learn additional information. The number is 888-261-6360.
And yes, there seems to be a small discrepancy as to the date of the theft.
Charlotte Clark-Neitzel, MD of Olympia, Washington notified 942 patients following the July 24th theft of a laptop. I was able to locate a cached copy of Sept. 11 substitute notice:
The home office of Charlotte B. Clark-Neitzel, M. D. was broken into on July 24, 2012. In addition to other personal items, the thieves stole both her medical bags and a laptop. The laptop contained access to Dr. Clark-Neitzels electronic medical record (EMR) system [Are they suggesting an automatic signon? Bob] which was used daily to manage patient information. The Olympia Police Department was notified and is conducting their investigations. All affected patient notification letters were mailed on September 7, 2012. A thorough investigation shows that patient name, address, Social Security number, date of birth and medical information was included on the laptop. Patient billing and banking information was not stored on the laptop and therefore not breached. At this time there has been no indication of malicious use of patient information. Dr. Clark-Neitzel has hired ID Experts to aid in notification and provide services to affected patients. Patients with questions regarding this incident or to determine if they were affected can contact ID Experts at 1-800-809-2956. This public notice is in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act. Dr. Clark-Neitzel has sent notification letters to the affected patients and the Department of Health and Human Services (HHS).
Lana Medical Care in Florida notified 500 patients after a laptop was stolen on August 18. I can find no web site for the practice, nor any substitute notices under that name or under the names of two physicians associated with the practice.
As additional info becomes available, I’ll update this post.

(Related) After all, failure to encrypt can cost you big time...
By Dissent, September 21, 2012
Kathy Roberton reports:
A hearing is scheduled in Sacramento on Sept. 27 on a class action against Sutter Health over last year’s theft of a personal computer that held data on 4.24 million patients.
Twelve lawsuits filed over the incident have been coordinated in Sacramento County Superior Court.
The Sutter Health breach reportedly affecting 4.2 million after an unencrypted computer was stolen from their offices was disclosed in November 2011. Within two weeks, at least two lawsuits had been filed. Sutter subsequently reported that 943, 434 were affected.

So much for their “We want you to be secure” lip flapping... (“It's not a failure, it's a feature!”) That means my password “Icanneverremembermypassworddammit!” has to be changed?
"Microsoft doesn't like long passwords. In fact, the software giant not only won't let you use a really long one in Hotmail, but the company recently started prompting users to only enter the first 16 characters of their password. Let me rephrase that: if you have a password that has more than 16 characters, it will no longer work. Microsoft is making your life easier! You no longer have to input your whole password! Just put in the first 16 characters!"
At least they warn you; I've run into some sites over the years that silently drop characters after an arbitrary limit.

(Related) “We left all those decisions to our entry-level programmers...”
"'If you are one of the six million Virgin subscribers, you are at the whim of anyone who doesn't like you.' The Hacker News describes how the username and password system used by Virgin Mobile to let users access their account information is inherently weak and open to abuse."
Computerworld also describes the problem: essentially, hard-coded, brute-force guessable passwords, coupled with an inadequate mechanism for reacting to failed attempts to log on.

“Well, you started it with the attack on our nuclear facilities.”
“Did not!”
“Did too!”
At what point do we reach the electronic equivalent of war?
"Evidence suggests the Iranian government is behind cyberattacks this week that have targeted the websites of JPMorgan Chase and Bank of America. The attacks are described by one source, a former U.S. official, as being 'significant and ongoing,' and looking to cause 'functional and significant damage.' Another source suggested the attacks were in response to U.S. sanctions on Iranian banks."

“Contrary to what I say in public, this is my real agenda, don't tell anyone...”
Recording Romney, Part One
September 21, 2012 by Dissent
Earlier this week, I pointed to some coverage questioning the legality of recording presidential candidate Mitt Romney’s comments at a private fund-raising event. Now there’s a more in-depth legal analysis of the issue by Jeffrey P. Hermes of Citizen Media Law Project that is well worth reading:
As will be discussed below, there are a patchwork of laws on this topic, but the ultimate determination will largely turn on two issues: (1) whether there was consent to the recording that would protect the individual who made the video against liability; and (2) whether there was a reasonable expectation of privacy in Romney’s remarks. Part One of this post will discuss the laws that might apply, and the question of consent. Part Two, which will be posted tomorrow, will discuss whether Romney (or anyone else) had a reasonable expectation of privacy in the remarks, and certain other relevant legal issues (such as protection that Mother Jones enjoys in such situations under the First Amendment).
Read Part One on CMLP.

Recording Romney, Part Two
September 21, 2012 by Dissent
The second part of Jeffrey P. Hermes’ analysis of the legality of recording Mitt Romney at a private fundraiser is now up on Citizen Media Law Project (Part One here).
What a great example of information being freely available on the Internet. Kudos to Jeff Hermes and CMLP for informing those of us who want to understand the nuances of laws involving recording as they apply in this case.

Interesting. Who (if anyone) inherits the rights to her Facebook account?
Facebook fights for deceased beauty queen’s privacy
September 21, 2012 by Dissent
Sometimes even when you’re right, you’re perceived as wrong. For those of us who criticize Facebook’s lack of sufficient regard for user’s privacy, here’s a case where by attempting to protect user privacy, they will undoubtedly leave many understandably upset with them. Declan McCullagh reports:
Facebook has successfully fought a subpoena trying to seek access to the account of a beauty queen who died after falling from the 12th floor of her ex-lover’s apartment, CNET has learned.
A federal judge in California yesterday rejected a attempt from representatives of the estate of Sahar Daftary to gain access to her Facebook account.
Her mother is hoping to show a Manchester, U.K., coroner’s inquest that Daftary, a onetime Face of Asia beauty contest winner, did not commit suicide when falling from the apartment of property developer Rashid Jamil in 2008.
But U.S. Magistrate Judge Paul Grewal said that a federal law called the Stored Communications Act does not require Facebook to comply with such a subpoena in a civil case.
Read more about the case on CNET.

(Related) “We had to do it over there, we don't have as many lobbyists in Europe... Yet.”
"Facebook has disabled face recognition features on its site for all new European users. The move follows privacy recommendations made by the Irish Data Protection Commissioner. Tag Suggest information has been turned off for new users, and Facebook plans to delete the information for existing EU users by October 15th. 'The DPC says today’s report (PDF) is the result of evaluations it made through the first half of 2012 and on-site at Facebook’s HQ in Dublin over the course of two days in May and four in July. The DPC says FB has made just about all of the improvements it requested in five key areas: better transparency for the user in how their data is handled; user control over settings; more clarity on the retention periods for the deletion of personal data, and users getting more control over deleting things; an improvement in how users can access their personal data; and the ability of Facebook to be able to better track how they are complying with data protection requirements.'"

(Related) “We may not be able to use facial recognition...”
"Freedom to go under a pseudonym is, miraculously, one freedom to survive the security lock-down of the previous decade. Now Facebook wants to change this. James Firth shows Facebook is clamping down on pseudonyms, with an interesting screenshot of being asked whether a friend is using their real name."

(Related) Are some of these changes just cost savings to boost the stock price?
Facebook’s About-Face on Sharing Gives News Sites Whiplash
Facebook giveth and Facebook taketh away. App startups have known this for a long time; now The Washington Post and other news publishers are learning the same lesson as Facebook makes it harder for articles to go viral.
Facebook’s manager of media partnerships was quoted at a journalism conference saying the social network is moving away from so-called “passive sharing,” in which reader apps from the likes of the Post and The Wall Street Journal are able to broadcast activity without any prompting.

My Ethical Hackers would never do this (probably)
"At the EUSecWest security conference in Amsterdam, researchers showed how their 'UltraReset' Android app can read the data from a subway fare card, store that information, and reset the card to its original fare balance. The researchers said that the application takes advantage of a flaw found in particular NFC-based fare cards that are used in New Jersey and San Francisco, although systems in other cities, including Boston, Seattle, Salt Lake City, Chicago and Philadelphia, could also be vulnerable."

This is interesting. A library of free tools (some assembly required)
"The Public Laboratory for Open Technology and Science is putting together an open hardware spectrometer kit on Kickstarter. The kits are built using an HD webcam, discarded DVD, and a couple other odd bits. They've also put together a kit for your smart phone and open-source software for desktop, Android, and iOS. Need to analyze the contents of your coffee, the output of your new grow lights, or a distant star on a budget? Just build your own spectrometer, or pick up the limited edition steampunk version."
Besides making cool hardware, they'd like to "build a Wikipedia-style library of open source spectra, and to refine and improve sample collection and analysis techniques. We imagine a kind of 'SHAZAM for materials' which can help to investigate chemical spills, diagnose crop diseases, identify contaminants in household products, and even analyze olive oil, coffee, and homebrew beer."

Global Warming! Global Warming! ...and would the capture of that much carbon cause global cooling?
Canada's far north could be forested by century's end
… "According to the data model, climate conditions on Bylot Island will be able to support the kinds of trees we find in the fossilized forest that currently exist there, such as willow, pine and spruce," says Alexandre Guertin-Pasquier of the University of Montreal.

(Related) Short answer: It sure doesn't look like it. Probably the reporter could find nothing informative to write about.
Does the expanding Antarctic sea ice disprove global warming?

Just another reason why I am FROM New Jersey...
Reader Presto Vivace blesses us with news that the state of New Jersey "has banned motorists from making big smiles [for their license pictures] because such expressions don't work with facial recognition software." Now that passports are by decree grim and glasses-free, I'm expecting the next phase to involve the banning of facial hair, lips, and any hair that blocks the ears.

Show your students (children, whatever) what cell phones looked like back in Ye Olde Days

Odd & Ends I find interesting...
Degreed, a startup that seeks to “jailbreak the degree” — that is, to help people get “credit” for all their learning, whether it happens at a 4 year college or not — opened its doors this week. It’s still in beta, and there are definitely kinks to work out. But the site lets you translate your degrees, transcripts, and badges into a score that recognizes what you know, not just what your diploma says.
The Saylor Foundation says that it plans to take advantage of the newly released Google Course Builder to create open enrollment online classes. The Saylor Foundation has created some 200 courses which it will now start offering via the new Google platform.

Friday, September 21, 2012

How much is encryption worth?
By Dissent, September 20, 2012
Michelle McNickle reports:
The recent data breach at Massachusetts Eye and Ear Infirmary (MEEI) and Massachusetts Eye and Ear Associates once again screams the message: Encryption, encryption, encryption! The provider has agreed to pay a $1.5 million fine to theDepartment of Health and Human Services (HHS), after allegations were made that Mass. Eye and Ear failed to comply with certain requirements of the Health Insurance Portability and Accountability Act (HIPAA) standards that govern the security of individually identifiable health information.
Read more on InformationWeek.

We've been trying to reduce paperwork, like warrants...
LAPD Joins Feds In Skirting Fourth Amendment With Cell Phone Tracking Devices
September 21, 2012 by Dissent
Tim Cushing reports that the use of software such as StingRay to triangulate and determine cell phone location is on the rise:
local law enforcement members have been availing themselves of them. LA Weekly, using recently obtained FOIA documents, discovered that the Los Angeles Police Department (along with police in Miami, Ft. Worth and Gilbert, AZ) has obtained and deployed the questionable StingRay.
Read more on TechDirt, keeping in mind that Congress failed again to update ECPA and the Governor of California has had a bill sitting on his desk for almost a month that would require a warrant for cell phone location data. He has neither signed the bill into law nor vetoed it.

(Related) From almost a year ago...
DoJ: Stingray cellphone tracking device falls under Fourth Amendment, but don't ask about it

This allows “Traffic Analysis” (to determine who the terrorists are talking to) but won't be able to tell if they are ordering an attack or a pizza...
AU: ASIO, Roxon defend data-retention proposal
September 21, 2012 by Dissent
Shipping data overseas is not the only Australian proposal generating controversy these days. Josh Taylor reports:
Following widespread criticism of the government’s proposal to require internet service providers (ISPs) to retain unspecified customer data for up to two years, the Australian Security Intelligence Organisation (ASIO) and Attorney-General Nicola Roxon have taken the unusual step of releasing public submissions on the proposal, defending the need to retain the data.
Read more on ZDNet.
[From the article:
In the submission, published yesterday, Roxon said that she didn't have a "specific data-retention model" planned at this stage, but that the government does not intend for the content of communications data, such as emails, SMS messages, or phone calls, to be included in the scheme.
Roxon pointed to the controversial EU Directive on Data Retention that was created in 2004, which requires companies to keep a log of the source, destination, date, time, duration, type, and the equipment used in making the communication for between 6 and 24 months.

(Related) “If you don't know how to control it, ban it!”
AU: Coalition joins fight against privacy law reform
September 21, 2012 by Dissent
One argument I often hear against privacy reform is that it will stifle innovation or commerce. In Australia, proposed reform would almost certainly do that. Jane Lee and Georgia Wilkins report:
The Coalition has joined big banks and telcos in their fight against proposed laws that aim to prevent them from sharing personal information about customers with companies overseas.
Government amendments to the Privacy Act would restrict companies from sending valuable information about customers’ credit-worthiness offshore – unless the receiver was formed in, or controlled from, Australia.
This would affect companies that outsource information to international call centres, data-processing centres and data stored in the cloud.
Read more on The Age.

“Holy Mackerel, Batman!” OR TSA strikes again! (Because we heard Al Queida is developing a bait fish bomb.)
Would-be terrorists hoping to sneak weapons and other contraband through U.S. ports on and in the hulls of ships may be thwarted by a robotic tuna fish under development for the government.

Insight! How to game the cy pres decision make sure you are fairly considered for a share of cy pres funds.
Settlement in Facebook Beacon case upheld
September 21, 2012 by Dissent
A challenge to the Ninth Circuit’s approval of the settlement in the Facebook Beacon class action lawsuit has failed. The Ninth Circuit Court of Appeals writes:
The question presented is whether the district court abused its discretion in approving the parties’ $9.5 million settlement agreement as “fair, reasonable, and adequate,” either because a Facebook employee sits on the board of the organization distributing cy pres funds or because the settlement amount was too low. We hold that it did not.
Read the opinion in Ginger McCall v. Facebook here. It sheds light on how the court views cy pres awards when there are a number of organizations that are relevant to the nexus of the complaint.
Wendy Davis of MediaPost covers the decision and reports that McCall is deciding whether to appeal.

Thursday, September 20, 2012

Someone looked for weak security. (Note that this may not be a new breach)
Hackers steal info on 200,000 Navy personnel (updated)
September 19, 2012 by admin
Navy Times reports:
The private information of more than 200,000 current and former Navy personnel was compromised in June when hackers broke into the Navy’s Smart Web Move Internet site, an application used to arrange household moves on official orders that was subsequently suspended, Naval Supply Systems Command confirmed Wednesday.
The compromised database stored 11 years of private information, but officials said there is only evidence that the personal data for 20 people was posted online.
The rest of their story is behind a paywall on Navy Times.
The Hacker News reports that the hack was by “digital-corruption” and a partial data dump revealed usernames, email addresses, and “Security Questions – Answers of all users.” The paste has been removed from Pastebin, so I could not confirm that.
Update: see comment from Adam, below, indicating that this claimed hack had been claimed and disclosed previously by other hackers.

A target for my Ethical Hackers?
"Currently — as most of us know — TSA agents briefly examine government ID and boarding passes as each passenger presents their documents at a checkpoint at the end of a security line but Thom Patterson writes at CNN that under a 2008 Apple patent application that was approved in July and filed under the working title "iTravel," a traveler's phone would automatically send electronic identification to a TSA agent as soon as the traveler got in line and as each traveler waits in line, TSA agents would examine the electronic ID at an electronic viewing station. Next, at the X-ray stations, a traveler's phone would confirm to security agents that the traveler's ID had already been checked. Apple's patent calls for the placement of special kiosks (PDF) around the airport which will automatically exchange data with your phone via a close range wireless technology called near field communication (NFC). Throughout the process, the phone photo could be displayed on a screen for comparison with the traveler. Facial recognition software could be included in the process. Several experts say a key question that must be answered is: How would you prove that the phone is yours? To get around this problem, future phones or electronic ID may require some form of biometric security function including photo, fingerprint and photo retinal scan comparisons. Of course, there is still a ways to go. If consumers, airlines, airports and the TSA don't embrace the NFC kiosks, experts say it's unlikely Apple's vision would become reality. 'First you would have to sell industry on Apple's idea. Then you'd have to sell it to travel consumers,' says Neil Hughes of Apple Insider. 'It's a chicken-and-egg problem.'"

Training our children...
"In a cool yet creepy marketing campaign, Nestle plans to stalk UK consumers. The company kicked off a unique promotion called 'We will find you' that involves GPS trackers embedded in chocolate bars. When a winning consumer opens the wrapper, it activates and notifies the prize team who promises to track them down within 24 hours to deliver a check for £10,000. A Nestle spokesman added that 'inside their wrappers, the GPS-enabled bars looked just like normal chocolate bars.'" [But don't throw your wrapper away! Bob]

Too much “Wow, I didn't think of that...” going around.
When Privacy Gets Personal For Policymakers
September 19, 2012 by Dissent
Jay Stanley of the ACLU writes:
Data from license plate readers in Minnesota was obtained by a St. Paul car dealer using open-records laws, and used to repossess at least one car, according to a recent article in the Minneapolis Star Tribune. The article included this amusing tidbit:
When the Star Tribune published data tracking Mayor R.T. Rybak’s city-owned car over the past year, the mayor asked police Chief Tim Dolan to make a recommendation for a new policy about data retention.
To those of us who think about privacy a lot, it’s not just funny but also amazing how, when public officials discover that they can be at the receiving end of bad privacy policies, it tends to produce an immediate, electric effect on policy.
Read more on ACLU.

For my Data Mining and Data Analytics students.
Big Data for All
September 20, 2012 by Dissent
Omer Tene writes:
Much has been written over the past couple of years about “big data” (See, for example, here and here and here). In a new article, Big Data for All: Privacy and User Control in the Age of Analytics, which will be published in the Northwestern Journal of Technology and Intellectual Property, Jules Polonetsky and I try to reconcile the inherent tension between big data business models and individual privacy rights. We argue that going forward, organizations should provide individuals with practical, easy to use access to their information, so they can become active participants in the data economy. In addition, organizations should be required to be transparent about the decisional criteria underlying their data processing activities.
Read more on Concurring Opinions. I’ll withhold commenting on their proposal until I’ve had time to read through their article.

“When the politics get rough it's time to change the subject!” Was this “a conversation” as defined by this law? Can any candidate give an “off the record” speech?
Lawyers Ponder Whether ‘Secret Video’ of Romney Violated Privacy Laws
September 19, 2012 by Dissent
Bruce Carton writes:
Politicos want to know whether the “secret video” of Mitt Romney speaking at a private fundraising event will hurt his chances in the upcoming presidential election, but some lawyers are pondering a different question: Did the person who made the tape violate state law?
CNBC reports that in Florida, both parties to a conversation must give their consent before it can be recorded legally.
Read more on Some of the quotes obtained from legal experts in the related Politico piece are certainly intriguing.

If the pen is mighter than the sword, is tweeting just overkill? How simple it is to make a state cower in fear...
Magazine Cartoon Prompts French Embassy Closures
France plans to close its embassies, consulates, cultural centers and schools in 20 countries Friday as a precautionary measure after a French satirical magazine published cartoons featuring the Prophet Muhammad.

(Related) What should we call this? “Actor rights?” Do they get to veto any post production changes? Is this just fear of retaliation?
YouTube slapped with lawsuit by 'Innocence of Muslims' actress
… Cindy Lee Garcia, who has a role in "Innocence of Muslims," said that she did not know about the movie's anti-Muslim content while filming and her script did not mention the prophet Muhammad, religion, or sexual content, according to The Huffington Post.

A most interesting question. If Google could do this, should they charge for it?
Should the Duchess of Cambridge call upon Google to assist in restoring her privacy?
September 19, 2012 by Dissent
When I read the headline of the blog entry by Tim Lowles on Inforrm’s Blog, ”Should the Duchess of Cambridge call upon Google to assist in restoring her privacy?” my first thought was, “Why bother asking?”
For the longer version and explanation of why asking Google is generally a waste of time, read Tim’s commentary.

Another way for my Ethical Hackers to “Vote early, vote often!” (In the Chicago style)
California joins other states in allowing online voter registration
… "Today, the Internet replaces the mailbox for thousands of Californians wishing to register to vote," she said, according to the Los Angeles Times. "Today we are taking the next step in the never-ending evolution of democracy and reaching every Californian."
Within the first 12 hours of the launch of California's new system, 3,000 people had already used it to register to vote. [and 2,000 of them are in my class! Bob]

Another example of bad journalism, or poor editing, or a case of the “who cares?”
Pasco teacher fired over Facebook snooping
September 19, 2012 by Dissent
There was a small item on Bay News 9 that caught my eye:
The Pasco County School Board has fired a high school Spanish teacher who was accused of snooping on her students’ Facebook accounts.
Angelica Cruikshank, who taught Spanish at Land O’ Lakes High School, was let go Tuesday.
Attorneys said Cruikshank wanted to see if students were talking bad about her.
She said she was trying to protect a student from being fired. [That's what the article says... Bob]
So how was she snooping? Was she just reading their public posts? If so, does that violate District policy? Or was she snooping via other means? And how did the high school become aware of the snooping? Did the teacher comment on post to a student?
It would be nice to have more details on this case.
[After some (12 seconds) research:
… Students said Angelica Cruikshank told them she was withholding permission in January for some of them to attend a field trip because of suspected negative comments about her on a private Facebook page. They said she then intimidated the students into letting her look at the Facebook page through their accounts to determine who, if anyone, had made disparaging remarks.
… In her testimony during the July hearing, Cruikshank said she was trying to root out whether one of her own students was being bullied on the Facebook page in question. She said a school assistant principal told her she needed proof, so she set about getting that proof.

September 19, 2012
Bullying in a Networked Era: A Literature Review
"The Berkman Center for Internet & Society at Harvard University is pleased to share a new literature review by the Youth and Media team, contributing to The Kinder & Braver World Project led by danah boyd and John Palfrey - Bullying in a Networked Era: A Literature Review, by Nathaniel Levy, Sandra Cortesi, Urs Gasser, Edward Crowley, Meredith Beaton, June Casey, and Caroline Nolan, presents an aggregation and summary of recent academic literature on youth bullying and seeks to make scholarly work on this important topic more broadly accessible to a concerned public audience, including parents, caregivers, educators, and practitioners. The document is guided by two questions: “What is bullying?” and “What can be done about bullying?” and focuses on the online and offline contexts in which bullying occurs. Although the medium or means through which bullying takes place influence bullying dynamics, as previous research demonstrates, online and offline bullying are more similar than different. This dynamic is especially true as a result of the increasing convergence of technologies. Looking broadly at the commonalities as well as the differences between offline and online phenomena fosters greater understanding of the overall system of which each is a part and highlights both the off- and online experiences of young people – whose involvement is not typically limited to one end of the spectrum."

Another consequence of Social Networking?
SternisheFan writes with an AP story as carried by Yahoo that illustrates one of the boundaries of free speech online:
"A California man accused of posting comments on ESPN's website saying he was watching kids and wouldn't mind killing them was in jail Tuesday on $1 million bail after he was arrested for investigation of making terrorist threats, authorities said. Several guns were found Monday at the home of former Yale University student Eric Yee, said Los Angeles County sheriff's Lt. Steve Low. Yee was arrested after the sports network ESPN reported threatening posts were made in a reader response section to an online ESPN story on Thursday about new Nike sneakers named after LeBron James that cost $270 a pair. Some of the nearly 3,000 reader comments on the story talked about children possibly getting killed over the sneakers because of how expensive they are, said ESPN spokesman Mike Soltys. 'What he was posting had nothing to do with sports," Soltys said Tuesday. "We closely monitor the message boards and anytime we get a threat, we're alerting law enforcement officials.' An employee at ESPN headquarters in Bristol, Conn., notified local police the same day and they linked the posting to Yee's home in Santa Clarita in northern Los Angeles County."

September 19, 2012 The New Home for Legislative Information
" makes federal United States legislative information freely available to the public. Launched Sept. 19, 2012, this version of the site is an initial beta release of, created as a successor to, the current public site for legislative information. The beta site contains legislation from the 107th Congress (2001) to the present, member of Congress profiles from the 93rd Congress (1973) to the present, and selected member profiles from the 80th through the 92nd Congresses (1947 to 1972). Over the next two years, will be adding information and features, eventually incorporating all of the information currently available on (To compare the scope of legislative information available on and the scope of legislative information on the beta site, see Coverage Dates for Legislative Information.)"

Do lawyers actually use this?
September 18, 2012
New on LLRX - Bluebook Technologies
Via Bluebook Technologies - The Bluebook is the standard citation guide for legal materials. There are now three format choices for the Bluebook: paper, online subscription (since 2008), and as of August 10, 2012 - iPad app. Law Librarian, author, research instructor and blogger Mary Whisner's guide discusses and illustrates the features and pricing of each.

Al Gore gave us the Internet, what do these clowns offer?
September 19, 2012
Comparing the 2012 Presidential Candidates’ Technology and Innovation Policies
Comparing the 2012 Presidential Candidates’ Technology and Innovation Policies, September 12, 2012. Stephen Ezell, Robert D. Atkinson, Daniel Castro, Matthew Stepp and Richard Bennett. Information Technology & Innovation Foundation
  • "Despite the obligatory acknowledgment of innovation’s central role in U.S. economic growth, the 2012 campaign has not yet seen a serious conversation emerge regarding the policies sorely needed to revitalize U.S. innovation-based economic competitiveness. Moreover, rather than adopt an “all of the above” approach to innovation policy that includes corporate tax and regulatory reform as well as increased federal investment in research and development (R&D), digital infrastructure, and skills, the candidates stress policies from “each column,” with Governor Romney focusing more on the former and President Obama more on the latter. This is unfortunate. For, as we write in the book Innovation Economics: The Race for Global Advantage, U.S. policymakers need to recognize that the United States is engaged in a fierce race for innovation-based economic growth. To win this race, the United States will need to adopt a new, bipartisan Washington Innovation Consensus that places science, technology, innovation, and entrepreneurship at the center of economic policy-making and recognizes that both parties bring good ideas to the table in this regard. This report highlights the candidates' technology and innovation policies with the aim of amplifying the national dialogue around bolstering innovation-based economic growth. The report begins with an overview of each candidate’s general philosophy on technology, innovation, and trade policy, and then compares the candidates’ specific policy positions across 10 policy areas."

Is this the future?
"Students at Ontario College of Art and Design were forced to buy a $180 textbook filled with blank squares. Instead of images of paintings and sculpture throughout history (that presumably would fall under fair-use) the textbook for 'Global Visual and Material Culture: Prehistory to 1800' features placeholders with a link to an online image. A letter from the school's dean stated that had they decided to clear all the images for copyright to print, the book would have cost a whopping $800. The screengrabs are pretty hilarious, or depressing, depending on your point of view."

(Related) Perhaps this is the future...
New School: A Tumblr for Making Your Own Textbooks
… The Hasbroucks are working on a start-up called GinkgoTree, which Scott says "will enable professors to divorce textbooks entirely."
… Ginkgo Tree presents an intuitive, visual interface, not unlike Tumblr's dashboard. For each course and subject, professors can upload links and images, embed video, post comments, and--significantly--import a chunk of scanned pages from print books. All of those resources get bundled into modules and arrayed in a navigable grid.
When all is said and done, the use of Ginkgo Tree will cost professors nothing, says Scott, and cost students far less than they would pay for the typical boatload of textbooks--he estimates between $50-100 total per school term. Through an agreement with Copyright Clearance Center, scanned text costs around $0.15 per page (though it varies by book). So, as Lida points out, even a 100-page excerpt costs a fraction of a textbook's sale price.
Ginkgo Tree is set to launch in two weeks, with the goal of getting a critical mass of professors to adopt the technology for spring semester. "We just want it to be very simple, easy to use, and we're going to start small and build based on user feedback," says Scott, "Basically, it turns making your own textbook into a Tumblr blog."

This sounds like a perfect project to fund via KickStarter! (The Comments point to existing Apps)
"I am a musician/IT guy whose hearing has suffered from VERY LOUD guitar players, (yes I do use earplugs now, but too late), and am faced with the outrageously priced hearing aids $4.5K+/pair and was appalled at their lack of integration with smart phones. It seems obvious to me that I should be able to control the hearing aids via a smart phone interface so I can shape the profile for different environments, and also control features like 'hearing loops' and Bluetooth connections. I have done some research, but my guess is that the hearing aid companies want proprietary systems and don't want a smartphone interface since they would loose control and it would allow for competition for cheaper & better programs. I am not convinced that a combination of good ear-buds, good microphone(s), and a smartphone interface couldn't totally replace these overpriced solutions."

More on the e-University...
Education Site Expands Slate of Universities and Courses
Coursera, a start-up online education company that has enrolled 1.35 million students in its free online courses since it began just five months ago, is now more than doubling, to 33, its partners, universities that will offer classes on its platform. All together, Coursera will provide more than 200 free “massive open online courses,” known as MOOCs.
…  The caliber of Coursera’s partners — Princeton, Stanford and the University of Pennsylvania were among the original partners — has given it credibility and cachet in higher education circles, so much so that some university presidents have begun to fret that it will reflect badly on them if they fail to sign on.
…  A report from Moody’s Investors Service last week predicted that the rise of MOOCs might help leading universities reach more students, bolster their reputation and eventually generate revenue from distributing content or issuing certificates. The report warned, however, that the growing popularity of free online courses could be a problem for small local colleges and for-profit institutions.
…  A revenue stream may not be long in the making. Mr. Mitchell said he could imagine licensing courses, with other colleges paying a fee to use the material, just as they would for a textbook.

Wednesday, September 19, 2012

“Don't worry, all the cameras have been removed. But we might put them back...”
Ca: Concealed cameras in school washrooms have been removed, board says
September 18, 2012 by Dissent
Janet Bagnall reports:
News that there have been, and might still be, secret surveillance cameras in school washrooms has upset parents whose children attend New Frontiers School Board schools in the South Shore community of Ch√Ęteauguay.
Wayne Goldthorpe, director-general of the school board, admitted he was swamped with phone calls from parents Monday after a news report about the secret cameras was published on the weekend. Goldthorpe said there were three cameras installed, only two of which were functional.
Read more on Montreal Gazette
[From the article:
Mark Quenneville, a maintenance worker at the school board and president of Local 800 of the Federation of Quebec Labour, said union members found at least six carefully hidden or disguised surveillance cameras in the board’s schools, including one hidden in a thermostat in the Nova centre.
… Last spring, Local 800 filed a grievance with the school board over the presence, it claimed, of four secret surveillance cameras in the main maintenance shop room and in an employee changing room.
… Would the New Frontiers School Board put cameras back in? “Yes, if it’s for the protection of the children, we would,” said Goldthorpe. “We are required by Quebec law to be actively involved in anti-bullying campaigns. So, yes, we would do it.”

“Prevail” must not mean “Stop.”
EPIC Prevails in Mobile Body Scanner FOIA Case
September 18, 2012 by Dissent
A federal district court has awarded EPIC attorneys fees and costs in EPIC v. DHS, No, 11-945, a Freedom of Information Act lawsuit that resulted in the disclosure of information about the agency’s plan to deploy body scanners at bus stations, train stations, and elsewhere. The court found that EPIC had “substantially prevailed” in the FOIA lawsuit and that “EPIC has demonstrated a public benefit arising from the disclosed records.” EPIC has several related FOIA lawsuits concerning new systems of mass surveillance.

How timely!
Measuring Progress and Addressing Potential Privacy Concerns Would Facilitate Integration into the National Airspace System

Learn how politicians flip flop over time? Nothing new there...
September 17, 2012
Internet Archives Launches TV News Search & Borrow with 350,000 Broadcasts
"[On September 17, 2012] the Internet Archive launched TV News Search & Borrow. This service is designed to help engaged citizens better understand the issues and candidates in the 2012 U.S. elections by allowing them to search closed captioning transcripts to borrow relevant television news programs. The Internet Archive works to preserve the published works of humankind. Inspired by Vanderbilt University’s Television News Archive project, the Internet Archive collects and preserves television news. Like library collections of books and newspapers, this accessible archive of TV news enables anyone to reference and compare statements from this influential medium. The collection now contains 350,000 news programs collected over 3 years from national U.S. networks and stations in San Francisco and Washington D.C. The archive is updated with new broadcasts 24 hours after they are aired. Older materials are also being added."

Tuesday, September 18, 2012

Stay up to date...
… It was recently revealed that there may be a large Zero-day exploit causing problems for IE users. If an Internet Explorer user visits a malicious site that exploits this security hole, the results could be quite bad for them. This issue will not cause a problem for users of Internet Explorer 10. Only users running IE version 7,8, or 9 on a machine running Windows XP, Vista or 7 are at risk.
Essentially, with this Zero-day exploit an outside party could gain control over the infected machine and have the same privileges and access as the current user.

Like “situational ethics” Privacy based on specific technologues rather than “inalienable rights” is backwards... Isn't it?
On Reverse Engineering Privacy Law
September 18, 2012 by Dissent
Omer Tene writes:
Michael Birnhack, a professor at Tel Aviv University Faculty of Law, is one of the leading thinkers about privacy and data protection today (for some of his previous work see here and here and here; he’s also written a deep, thoughtful, innovative book in Hebrew about the theory of privacy. See here). In a new article, Reverse Engineering Informational Privacy Law, which is about to be published in the Yale Journal of Law & Technology, Birnhack sets out to unearth the technological underpinnings of the EU Data Protection Directive (DPD). The DPD, enacted in 1995 and currently undergoing a process of thorough review, is surely the most influential legal instrument concerning data privacy all over the world. It has been heralded by proponents as “technology neutral” – a recipe for longevity in a world marked by rapid technological change. Alas, Birnhack unveils the highly technology-specific fundamentals of the DPD, thereby putting into doubt its continued relevance.
Read more on Concurring Opinions.

For my Statistics students... Honest!
"The BBC has a fascinating look into the music download habits of the UK population based on stats compiled by Musicmetric. The stats, gathered through the monitoring of BitTorrent swarms and geo-locating the IPs, shows the hotspots for music copyright infringement across the UK and regional preferences for certain types of music. Some of the outliers are somewhat unusual though, suggesting some problems with the methodology or sample size, unless people on the Isle of Wight really do prefer trumpet-playing crooner Louis Armstrong to the likes of Rihanna and Ed Sheeran who top the lists nationwide. Not in the UK? There are some global stats on the ' Most pirated near you? tab' of the story. Better yet, if you want to crunch the numbers for yourself all of the data has been made available at the Musicmatch website under the Creative Commons Attribution Non-Commercial ShareAlike license and a RESTful API to access the data (free for non-commercial use, but requiring an API token) is also available."

How can you tell a lawyer is destined for politics? They suck at actual lawyering...
Lawyer’s Facebook postings cause mistrial in Miami-Dade murder case
September 17, 2012 by Dissent
David Ovalle reports on a mistrial caused by a public defender’s inappropriate conduct on Facebook:
A Miami-Dade judge declared a mistrial in a murder case Wednesday after a defense lawyer posted a photo of her client’s leopard-print underwear on Facebook.
The defendant: Fermin Recalde, accused of stabbing his girlfriend to death in Hialeah in 2010.
Recalde’s family brought him a bag of fresh clothes to wear during trial. When Miami-Dade corrections officers lifted up the pieces for a routine inspection, Recalde’s public defender Anya Cintron Stern snapped a photo of Recalde’s briefs with her cellphone, witnesses said.
While on a break, the 31-year-old lawyer posted the photo on her personal Facebook page with a caption suggesting the client’s family believed the underwear was “proper attire for trial.”
Although her Facebook page is private and can only be viewed by her friends, somebody who saw the posting notified Miami-Dade Judge Leon Firtel, who declared a mistrial.
Read more on The Miami Herald. Apparently, that wasn’t the PD’s only imprudent conduct on Facebook in this case, and the judge did the right thing, in my opinion. But apart from her being fired immediately, I’d like to know if she will be facing charges with the bar association. At the very least, it seems that a refresher course in ethics would be in order. Or is it considered permissible for a defense attorney to disparage or make fun of their clients among friends?
Ovalle also mentions a few other cases where mistrials have occurred because of lawyer or juror misconduct involving social media.

Facebooker jailed for LOL car crash post
As Wave 3 TV in Kentucky relates it, Asher's post: "My dumbass got a DUI and hit a car LOL" wasn't appreciated by the parents of the teens who happened to be in the car she hit.
So, as NBC News continues the story, Judge Mary Jane Phelps ordered her to shut down her Facebook page.
Perish the concept, seemed to have been her reply, one that cost her dearly. For her alleged omission in shutting down her account led to the judge putting her in jail for two days.
The charge? Contempt for humanity. I'm sorry, I believe it may have been contempt of court.
Asher told Wave 3: "I didn't think LOL would put me in jail."
Some would say the words "LOL would put me in jail" were unnecessary in that sentence.

Perspective I keep trying to get the concept of “large” datasets and “cloudy” (multiple and dynamic) jurisdictions straight in my head.
"Google has made public the details of its Spanner database technology, which allows a database to store data across multiple data centers, millions of machines and trillions of rows. But it's not just larger than the average database, Spanner also allows applications that use the database to dictate where specific data is stored [pick a jurisdiction? Bob] so as to reduce latency when retrieving it. Making this whole concept work is what Google calls its True Time API, which combines an atomic clock and a GPS clock to timestamp data so it can then be synched across as many data centers and machines as needed."
Original paper. The article focuses a lot of the Time API, but external consistency on a global scale seems to be the big deal here. From the paper: "Even though many projects happily use Bigtable, we have also consistently received complaints from users that Bigtable can be difficult to use for some kinds of applications: those that have complex, evolving schemas, or those that want strong consistency in the presence of wide-area replication. ... Many applications at Google have chosen to use Megastore (PDF) because of its semi-relational data model and support for synchronous replication, despite its relatively poor write throughput. As a consequence, Spanner has evolved from a Bigtable-like versioned key-value store into a temporal multi-version database. Data is stored in schematized semi-relational tables; data is versioned, and each version is automatically timestamped with its commit time; old versions of data are subject to configurable garbage-collection policies; and applications can read data at old timestamps. Spanner supports general-purpose transactions, and provides a SQL-based query language."

The Internet of Things. Crowd funding allows us to see what customers want – or is this just geeky enough for a few gadget freeks? (Should I buy the 100 bulb package?)
Kickstarter project reimagines the lightbulb
… After all this time, lightbulbs are still only able to do one thing, and do it well: emit light.
That's all about to change with the launch of the LIFX Kickstarter project, a WiFi enabled, multi-color, energy-efficient LED light bulb that is designed to integrate technology that allows you to control it with your iOS or Android device. It's similar to how a NEST thermostat integrates with your existing heating system, but works in any of your lighting products around your house.
The project is just over 24 hours old and already it has achieved its $100,000 goal, reaching $230,134 from 1,780 backers.
… The team have made a number of different pledges available, with the $99 deal for two bulbs already sold out. However, you can grab one for $69, pay $119 for two or $196 for four. Distributors can also purchase a $5000 pack that offer 100 bulbs, helping get the LIFX out to a wider audience.

Speaking oabout “what customers want,” I like to know what percentage of teens werer sexualy active in the 60's or (better) through the last century. (Or were Romeo & Juliette truly scandalous?)
Teens who sext more likely to be sexually active
After reviewing data from 1,839 14- to 17-year-old high-school students in Los Angeles, researchers are confirming what may otherwise seem obvious: sexting and sex go hand in hand.
… As for how many teens are actually sexting, the data remains unclear, most likely because these studies rely on self-reporting. While this most recent study out of L.A. found that 15 percent of teens report having sexted, another study in December of 2011 found only 1 percent admitting to it, and yet another put the number at 20 percent.

Because a note (email, or tweet) is not as staisfying as a good scream!
The Internet offers numerous text-to-speech applications. But often you do not have any options to control the computerized voice that gives a voice to the words you type. An exception to this rule is the web app called LaloLi.
LaloLi is a free to use web service that helps you create audio messages. You make these messages by typing in your words and the application speaks them out loud in a computerized voice. Unlike other similar text-to-speech apps, LalolLi gives you control over the voice’s specifications such as amplitude, pitch, speed, and word gap.
The play button can be used to hear what you just typed with the new settings. When you type in the words, the site URL is updated in the address bar; you can copy it from there and share it with your friends; alternatively you can click on the Twitter, Facebook, BitLy, and Google+ buttons to share the link with your friends.
Similar tools: To Me By Me, WagWire, Utterz and Recordr.