Saturday, November 10, 2012

Local (Colorado Springs) But not important enough to make the evening news? No indication of “when” they discovered the breach/loss.
By Dissent, November 9, 2012
Memorial Hospital (University of Colorado Health) issued the following statement on November 6:
Memorial Hospital has discovered that laboratory reports containing a certain amount of health information for 6,400 patients are missing. The laboratory reports are used for processing billing and charges for laboratory services, not for clinical care.
There is no evidence the missing records have been disclosed to or used by unauthorized individuals.
The reports cover lab work done between May 1, 2012 and Aug. 31, 2012. The missing reports contain the patient’s name, Memorial internal account numbers (these were not credit card numbers), dates and the type of lab work that was completed. Results from the lab work were not part of the missing reports. Also, demographic information and Social Security Numbers were not contained in the missing lab reports, making the risk of identity theft low.
Upon discovering that the reports were lost, Memorial conducted an immediate and thorough investigation. Investigators, however, have been unable to determine how the records were lost or what became of them. The information contained in the reports remains available in the patients’ electronic medical records for purposes of medical care and treatment.
… Patients who have concerns related to this incident are asked to call 1-866-283-9930

Also local, but this could be more fun.
Part Incubator, Workspace & Code School, Galvanize Wants To Turn Denver Into A Startup Hub; Uber, Forkly & More Already On Board
… The latest initiative is Galvanize, a 30,000-square-foot workspace for digital startups that recently opened in downtown Denver. While most of Colorado’s entrepreneurial energy emanates from Boulder, the Galvanize founders are on a mission to bring Denver into the conversation by creating a shared workspace that will accommodate over 300 individuals and approximately 60 to 70 startups once it’s fully operational.
Jim Deters, the founder and Managing Director of Galvanize, tells us that the idea was inspired by other national startup communities and workspaces like RocketSpace in San Francisco and 1871 in Chicago. It offers support and office space for every phase of the business development process, from a shared area for small, one-or-two person teams in the ideating phase to suites for 10-person startups.
… That’s why the workspace is also adding an experiential and community-based education platform called gSchool that offers an intensive six-month course designed to take those with zero coding experience and turn them into legit, professional web developers. The class has been created in partnership with JumpstartLab, a Washington, D.C.-based firm led by Jeff Casimir that runs Hungry Academy for Living Social. The program is similar to that of Dev Bootcamp in San Francisco, except for the fact that these services are offered from within the Galvanize community.
And the best part: Because Deters, Casimir and team want to put their money where their mouths are, they’ve decided that students graduating from gSchool must receive a job offer within three months of graduating from the program, or they’ll get their money back. (Which admittedly is a lot, considering the price of admission is $20K/person.)

Never leave technology to the Liberal Arts majors...
"Many talking heads have attributed Obama's success to an unmatched 'ground game.' Now, inside reports from campaign volunteers suggest that Project Orca, a Republican, tech-based voter monitoring effort with 37,000 volunteers in swing states, turned out to be an epic failure due to dismal IT. Problems ranged from state-wide incorrect PINs, to misleading and delayed information packets delivered to volunteers, to a server outage and missing redirection of secure URLs."

Something does not ring true. (Although, now he does not have to testify about the attack n Lybia)
"After serving as Director of the CIA since September 2011, David Petraeus resigned from his position today, November 9. The retired four-star Army general has cited an extramarital affair as reason for the resignation. Michael Morell will now serve as Acting Director of the CIA."

Perspective Is Google leading or following?
… According to a note to investors from Morgan Stanley, three Google executives presented at the 2012 Open Mobile Summit in San Francisco and spoke about the future of the company and where it’s headed.
… During the presentation, there were some bullet points said that are worthy of a mention. First, the execs said that Google is now considering themselves a “mobile first” company. Steiber also mentioned that he thinks mobile will be the primary way people access Google in 2013. Varela believes that total mobile traffic to YouTube may soon surpass 50%.
The execs also brought up a couple of statistics to prove their points. They mentioned that mobile searches have increased by 200% in 2012 so far, and 25% of traffic on YouTube, as well as 40% of video views come from mobile devices, which is up a staggering 300% in 2012.

For those times when you really , really don't want your messages intercepted.
… While people won’t have immediate access to encrypted files, they may eventually find a brute force way to decrypt it, or they may force you to share the password and encryption algorithm. For cases like those, you’ll not only want to encrypt, but hide the data. But hiding data isn’t easy because it can’t simply vanish while still existing on your storage medium. Instead, you’ll want to hide it inside another file.

The bits I find interesting...
… Kudos to Udacity for making their lecture videos downloadable via YouTube under a Creative Commons license (CC-BY-NC-ND).
[A partial list from their website:
  • CS101 - Intro to Computer Science: Building a Search Engine
  • ST101 - Intro to Statistics: Making Decisions Based on Data
  • CS215 - Algorithms: Crunching Social Networks
  • CS222 - Differential Equations: Making Math Matter
  • CS253 - Web Application Engineering: How to Build a Blog
  • CS259 - Software Debugging: Automating the Boring Tasks
  • CS262 - Programming Languages: Building a Web Browser
  • CS212 - Design of Computer Programs: Programming Principles
  • CS313 - Introduction to Theoretical Computer Science
  • CS373 - Artificial Intelligence: Programming a Robotic Car
  • CS387 - Applied Cryptography: The Science of Secrets
Pearson unveiled Project Blue Sky this week, an OER search engine (that also happens to turn up proprietary Pearson content in its search results). Blue skies indeed. More details via Inside Higher Ed. [Still, with over 2,000,000 items, you probably can find something useful Bob]
Macmillan announced this week that it would stop printing dictionaries. Starting next year, the Macmillan Dictionary will be online-only. [Making old dictionaries collectable? Bob]
Jim Groom reports that the University of Mary Washington project Domain of One’s Own has been fully funded — awesome news as giving students their own digital domain and teaching them the skills to manage their own online identities and data is one of the most important projects in education.

Free is good!

NPR's Car Talk announces the results of their (much more amusing) “election” NOTE: My favorite includes the word “Lawyer!”

Friday, November 09, 2012

In a city where it can cost you $5-10,000 per year to park your car, I can't wait to see what they consider price gouging.
"In the wake of Hurricane Sandy, the New York State Attorney General has subpoenaed Craigslist, demanding that the site identify more than 100 sellers whose prices on post-Sandy gas, generators and other supplies were of an 'unconscionably excessive price' during an emergency. AG Eric Schneiderman said: 'Our office has zero tolerance for price gouging [and] will do everything we can to stop unscrupulous individuals from taking advantage of New Yorkers trying to rebuild their lives.'"

“Big brother owns a copy”
"A high court judge has ruled that companies do not have a general claim of ownership of the content contained in staff emails. The decision creates a potential legal minefield for the terms of staff contracts and an administrative nightmare for IT teams running email servers, back up and storage. The judge ruled businesses do not have an 'enforceable proprietary claim' to staff email content unless that content can be considered to be confidential information belonging to a business, unless business copyright applies to the content, or unless the business has a contractual right of ownership over the content. Justice Edwards-Stuart added it was 'quite impractical and unrealistic' to determine that ownership of the content of emails either belongs exclusively to the creator or the recipient of an email."

If "War is the continuation of Politik by other means" as Clausewitz suggests, are drones warfighting tools or political tools?
Military Stats Reveal Epicenter of U.S. Drone War
… The American military has launched 333 drone strikes this year in Afghanistan. That’s not only the highest total ever, according to U.S. Air Force statistics. It’s essentially the same number of robotic attacks in Pakistan since the CIA-led campaign there began nearly eight years ago. In the last 30 days, there have been three reported strikes in Yemen. In Afghanistan, that’s just an average day’s worth of remotely piloted attacks. And the increased strikes come as the rest of the war in Afghanistan is slowing down.

(Related) It must be politics, or this would be an act of war. Wouldn't it?
Iranian Pilots Tried (and Failed) to Shoot Down a U.S. Drone
Two Iranian jets recently tried and failed to shoot down an unarmed MQ-1 Predator drone flying a surveillance mission over the Persian Gulf, the Pentagon disclosed Thursday. Despite the best efforts of Iranian pilots, the slow-flying robot returned to its Middle Eastern base unharmed.
… This isn’t the first time the manned and unmanned air forces of the two countries have tangled; in 2009, a U.S. fighter jet shot down an Iranian drone flying over Iraq, as Danger Room first reported.
… Apparently the Predator was not flown under the auspices of the CIA; Little referred to it as a “military” drone. He said he didn’t have a precise timeline of the incident, but it appears to have taken place quickly. While the U.S. has lots of Navy ships near Iranian waters, including two aircraft carriers, the U.S. didn’t scramble any of its own piloted aircraft to break the Iranian “escort” or otherwise relieve the drone of its pursuers, Little said.

“It's free, but it will work a lot better if you pay us.” Perhaps my lawyer friends could invent the “Crass Action Lawsuit?” (Be sure to get Trekies on your jury)
Family Feud: Tense Thanksgiving for Facebook and George Takei
Takei, whose page has nearly 3 million followers on the social network, says in a Facebook post that his forthcoming book Oh Myyy will include an entire chapter devoted to Facebook’s filtering of page posts using an algorithm called EdgeRank and its parallel practice of charging page owners to reduce EdgeRank filtering. Takei made the announcement while replying to another Facebook user who wrote a jeremiad against the filtering. Takei has been outspoken about his frustration with the filtering, which essentially forces him to pay Facebook if he wants to reach all of his own fans.
“I am writing a chapter in my book Oh Myyy about Edgeranking and what I have done to try and achieve higher engagement,” Takei writes. “I am curious as to why interactivity rates on my page appear to fluctuate so much when I have done nothing different. I have not been pressured to use Promoted Pages [advertising], but I have had to take active steps to get fans to add my page to their ‘Interests’ so that it has a higher likelihood of appearing in their newsfeed.”
Takei’s book is slated for release sometime around Thanksgiving, keeping alive a controversial issue that just won’t die. Earlier this fall, the blog Dangerous Minds and the author Ryan Holiday both published rants accusing Facebook of aggressively filtering posts from Facebook pages in order to get owners of the pages to pony up for advertising to escape the filtering. Facebook told our sister site Ars Technica that, regardless of whether the author has paid for promotion, a post can be suppressed if readers fail to interact with the post or if they respond negatively.

You might be surprised!
See Everything You’ve Ever Shared With Someone On Facebook’s Redesigned Friendship Pages
Facebook has a little-known feature called Friendship Pages that shows all the wall posts, updates, and photos you’re tagged in with someone. Today it’s getting a redesign, and Facebook is launching the quick link for couples to see their Friendship Pages.

Yeah, it's upside down, but still interesting. This has potential!
"Australia's UBank has put a billion real-world transaction records behind a website that allows users to compare their spending habits with others of the same gender, in the same age/income range, neighborhood and living situation. The 'PeopleLikeU' tool surfaces favorite shops and restaurants surprisingly accurately — because it's based on real customers' transactions, it lists places like good takeout joints that wouldn't normally come to mind when you think of a favorite place to eat. The bank says all data was 'deidentified' and it consulted with privacy authorities."

Interesting that fines are based on a percentage of revenue rather than what seem a “reasonable number” when the legislation is passed but quickly drops to insignificant as revenues exceed a billion dollars a month.
Facebook Lobbies Brussels In Earnest On EU Data Privacy Proposals
November 9, 2012 by Dissent
Tom Brewster reports:
Facebook is lobbying hard to influence European Commission policy makers on recent proposals to shake up data privacy laws across member states, TechWeekEurope understands.
Earlier this year, the EC outlined its plans for new data protection rules, laying out a regulation and a directive. They both contained controversial proposals, including the ability for regulators to fine a company two percent of annual turnover for serious failings and an obligation to confess to data breaches within 24 hours of them happening.
A source close to the matter said today the company was putting plenty of effort into lobbying in Brussels to get officials to rethink the laws.
Read more on TechWeek Europe.

A backgrounder...
November 08, 2012
Australian Government - Telecommunications data retention - an overview
  • "By drawing on information related to similar proposals introduced in the United Kingdom (UK) in June 2012, this Background Note outlines the types of communications data generated by use of the Internet, email and phones, why law enforcement agencies want it retained, and what existing access law enforcement agencies have to such data. In this context, it also explores the reasons for the proposals, outlines some of the concerns and touches on some of the challenges involved. However, it does not specifically examine the arguments for and against a data retention scheme, or the growing debate over its privacy implications."

Short, but to the point.
November 08, 2012
Teen Use of Social Networking Sites and Perceptions of Legal Risk
De Zwart, Melissa , Lindsay, David F., Henderson, Michael and Phillips, Michael, Randoms vs Weirdos: Teen Use of Social Networking Sites and Perceptions of Legal Risk (2011). (2011) 36(3) Alternative Law Journal 153.; Monash University Faculty of Law Legal Studies Research Paper No. 44. Available at SSRN
  • This article reports on research to identify the risks relevant to teens when using these services and provide them with practical guidance regarding how to miminise and avoid such risks. The authors, drawn from the education and law disciplines, undertook to ascertain the actual scale and nature of use of SNS among teenagers in years 7 to 10, the perceptions of risk associated with such use and the actual legal risks. The project produced both a report detailing the outcomes of the research and an educational resource to be distributed to all Victorian schools that may be used to assist students, teachers and parents to discuss and critically consider the risks and legal implications of using SNS. This article discusses some key outcomes of the study related to use of SNS and perceptions of legal risks."

A quick reminder with links to the good stuff...
Tips for Understanding User Privacy When Operating in Multiple Countries
… To read more on this topic, consider these related ISACA resources:
the Privacy/Data Protection topic in the ISACA Knowledge Center,

I suppose it's worth a try...
Ca: Commissioners release guide for ‘privacy-friendly’ smartphone apps
November 9, 2012 by Dissent
James Keller reports:
Several Canadian privacy watchdogs have created a set of guidelines to help mobile developers create “privacy-friendly” smartphone apps.
And they warn that failing to be transparent about any information collected could see developers running afoul of both the law and their potential customers.
Federal privacy commissioner Jennifer Stoddart joined her counterparts in British Columbia and Alberta in releasing a 12-page document that explains how Canada’s privacy laws apply to mobile app developers — whether they’re based in this country or farther afield.
Read more on The Province.

Better than nothing, but not by much... More like, “Hey look at me! I've gathered all this information so I must be an authority on this data stuff...”
Lawmakers Release Information About How Data Brokers Handle Consumers’ Personal Information
November 9, 2012 by Dissent
From Rep. Ed Markey:
A bipartisan group of lawmakers, including Reps. Edward J. Markey (D-Mass.) and Joe Barton (R-Texas), co-Chairmen of the Congressional Bi-Partisan Privacy Caucus, today released responses to letters sent to nine major data brokerage companies querying each about how it collects, assembles and sells consumer information to third parties. The companies –Acxiom, Epsilon (Alliance Data Systems), Equifax, Experian, Harte-Hanks, Intelius, Fair Isaac, Merkle, and Meredith Corp. – responded to lawmaker questions about policies and practices related to privacy, transparency and consumer notification. Data brokers represent a multi-billion dollar industry, aggregating information about hundreds of millions of Americans from both online and offline sources, which they then may sell to third parties for targeted advertising and other purposes. Consumers often have little knowledge of the existence of these companies.
Other signatories on the letters include Reps. Henry A. Waxman (D-Calif.), Steve Chabot (R-Ohio), G.K. Butterfield (D-N.C.), Bobby L. Rush (D-Ill.), and Jan Schakowsky (D-Ill.).
“The data brokers’ responses offer only a glimpse of the practices of an industry that has operated in the shadows for years,” said the lawmakers in a joint statement. “Many questions about how these data brokers operate have been left unanswered, particularly how they analyze personal information to categorize and rate consumers. This and other practices could affect the lives of nearly all Americans, including children and teens. We want to work with the data broker industry so that it is more open about how it collects, uses, and sells Americans’ information. Until then, we will continue our efforts to learn more about this industry and will push for whatever steps are necessary to make sure Americans know how this industry operates and are granted control over their own information.”
A copy of the responses to the lawmakers, as well as the original letters, can be found HERE.
Findings from the responses include:
  • All companies except for one – Acxiom – rejected the categorization of their business practices as data brokerage. One company called itself a “data provider”, while another reported that since it only “analyzes” data, they should not be considered a data broker.
  • Only one company provided details on the number of consumers who request access to their information – Acxiom reported over the last two years as few as 77 people per year, out of the 190 million consumers it has collected information on, requested access to their personal information. Several other companies do not allow access to consumer data stating that information is not identifiable.
  • In addition to collecting data about consumers from sources such as telephone directories, mobile phones, government agencies, financial institutions and directly from consumers themselves, several data brokers reported mining consumer information from social media sites such as Facebook and LinkedIn.
  • The companies provided little explanation of the distinction between information they collect and use (e.g, a person is female) versus the information they create by analysis for profiling consumers (e.g. young female interested in weight loss sent coupon for a diet pill).

I suspect Amazon would like a piece of the “Marijuana Home Delivery” business here in Colorado. Perhaps we could trade for wine?
Amazon has announced a new service called Amazon Wine that brings online shoppers one-step closer to being able to buy anything and everything from The service allows users to buy over 1000 different wines from wineries around the country. The service also offers access to details from the winemakers such as tasting notes, recommended food pairings, and how many cases they produce of each vintage.
… The states where customers can purchase wine via Amazon include California, Connecticut, Florida, Idaho, Illinois, Iowa, Nebraska, Nevada, North Carolina, Oregon, Washington, and Wyoming. Amazon says additional states will be coming soon.

Is this a viable research tool?
November 08, 2012
The Ethics of Twitter Research: A Topology of Disciplines, Methods and Ethics Review Boards
Michael Zimmer, PhD: "In the five years since its launch, the social networking and microblogging service Twitter has quickly grown to over 300 million users, generating over 300 millions tweets each day. By providing a simple platform for users to explain “what’s happening” in 140 characters or less, Twitter has become the Internet’s de facto public forum to sharing “pretty much anything [users] wanted, be it information, relationships, entertainment, citizen journalism, and beyond” (Dybwad, 2009). This sharing of information, relationships, entertainment, journalism, and beyond has made Twitter a cultural phenomenon... The Library of Congress recognized this importance of Twitter when it announced in 2010 that, Every public tweet, ever, since Twitter’s inception in March 2006, will be archived digitally at the Library of Congress (Raymond, 2010, ¶2)..In the wake of the Library of Congress announcement, increased debates over the appropriateness of archiving public Tweets for research purposes have arisen (see, for example, Vieweg, 2010; Zimmer, 2010). The goal of this paper is to seek initial answers to these questions by surveying academic research that relies on the collection and use of Twitter data."

De-stressing my students. Seriously.
If you spend most of your time working in front of your computer, your eyes get tired after a certain time period, without you noticing. Constant sitting in front of a computer screen may lead to eye strain injury. Now, there is an app called eyeBreak that helps you avoid eye strain injury by reminding you to take an eye-rest at regular intervals. You simply open their website in your browser and keep it open. Every 20 minutes it will remind you to take an eye-rest by making a sound. No need to sign up or configure settings.

Free is good. And fun! Download the free book and load it into your word processor. Change all occurances of “Dracula” to “Congress” and references to “blood sucking” to “Taxation” and you have a Libertarian manifesto!
Thursday, November 8, 2012
Free Copies of Dracula - And Google Books for Educators
Today's Google doodle remembers Bram Stoker's birthday. If you click through today's Google doodle you'll find a slew of links about Stoker and his most famous work, Dracula. On Google Books you can find free full-view copies of Dracula. I've embedded a copy below. If you haven't used Google Books to locate free full-view books, take a look at my simple guide to Google Books for Educators.
Applications for Education
If you have your students reading novels, short stories, and or primary source works that are in the public domain, Google Books is a great place to look for free copies of those works. You can embed the works directly into your course blog so that students can read them online in the same place that they find all of the other important information about your courses.

Even if you don't want to write a book, the idea of a collection of test questions is interesting...
Siyavula has gathered teachers and university-level students in South Africa to write openly licensed textbooks in math and science. Over the course of two to three weekend-long workshops per book, volunteers come together and collaboratively author a textbook.
The workshops include an introduction to copyright, Beckett says. And they must deal with a variety of practical and technical issues (including which authoring platform to utilize). But by bringing together a diverse group of people, the textbooks include more ideas than you’d find if you’d just commissioned a single author to write the copy.
… Siyavula covers math and science, and other organizations have been working on similar efforts. There have been textbook hackathons in Finland and in Boston, for example, compiling math and computer science textbook materials.

If the security is adequate, this could be quite useful.
Pinterest, the online board where users can pin images for other users to see and share, has finally added private boards. Secret Boards, as the new feature is called, allows users to set up private, user-restricted boards where images can rest safely knowing they’re not open to public scrutiny. The feature is being “gradually rolled out.”

Thursday, November 08, 2012

How big is “lots?” Even if this was a trivial hack, the size of the user base suggests that Twitter should provide all the details it can to reduce the level of anxiety.
You Might Have Gotten An Email From Twitter About Your Account Being Compromised, It’s Real
Keep your eyes peeled, Twitter users: Twitter is sending out emails to some of its users telling them it has reset their password and asking them to create a new one. If you can’t log into your account that may be why. Lots of users are affected judging by the amount of people tweeting about password problems.
… The cause of the compromise is not described in detail in Twitter’s email — it just says “Twitter believes that your account may have been compromised by a website or service not associated with Twitter”. A blog by TweetSmarter notes that such emails tend to go out after a lot of accounts are hacked.

For my Disaster Recovery students: A series of articles describing how the NY data centers that survived Sandy did it.
"When Hurricane Sandy hit the East Coast, the combination of high winds, rain, and storm surges wreaked havoc on homes and businesses alike. With a data center on the Avenue of the Americas, CoreSite Realty escaped the worst the storm had to offer. But was it coincidence or careful planning? Slashdot sat down for an interview with Billie Haggard, CoreSite's senior vice president of data centers. He's responsible for the design, construction, maintenance, facilities staffing and uptime, reliability and energy efficiency of CoreSite's data centers. He described what it took to weather the worst weather to hit New York City in decades."

Is this the equivalent of creating a new branch of the military or a new Intelligence/Assassination Agency? I fear it is the later and the rules are whatever “they” want.
4 More Drones! Robot Attacks Are on Deck for Obama’s Next Term
When Barack Obama took office, drone strikes were a once-in-a-while thing, with an attack every week or two. Now, they’re the centerpiece of a global U.S. counterterrorism campaign. Obama institutionalized the strikes to the point where he could hand off to the next president an efficient bureaucratic process for delivering death-by-robot practically on autopilot. Only now he’s the next president. Welcome to Obama’s second-term agenda for dealing with the world. As the Ramones sang: second verse, same as the first.

Imagine each card with its own one-time password... A simple card swipr just got a whole lot more complicated. (I expect smartphones will replace these cards)
MasterCard rolls out credit card with display and keypad
Next time you get a new card from your bank, don't be surprised if it has a keypad and an LCD on it.
Meet MasterCard's new "Display Card," which basically combines the usual credit/debit or ATM card with an authentication token. The authentication portion features a touch-sensitive keypad and LCD display -- hence the name "Display Card" -- for reflecting a one-time password (OTP).

“There is no law that says we have to keep data easily accessible.”
"In Britain, where it is custom and practice to charge around £10 for a copy of your medical results, a patient has discovered that his copy will cost him £2,000 because the records are stored on an obsolete system that the current IT systems cannot access. Can this be good for patient care if no-one can access records dating back from a previous filing system? Perhaps we need to require all current systems to store data in a way that is vendor independent, and DRM-free, too?"

If we're going to monitor every sex offender until they go to the grave, perhaps we should hasten that departure and just execute them on the spot? This is in “Liberal” California, imagine Texas!
"The EFF sued to block portions of the approved Prop 35 today. Prop 35 requires sex offenders (including indecent exposure and non-internet offenses) to provide all of their online aliases to law enforcement. This would include e-mail addresses, screen and user names, and other identifiers used on the internet. The heart of the matter as the EFF sees it, would be not only the chilling effect it would have on free speech, but also the propensity of these kind of laws to be applied to other (non-sex offending) people as well."

Resources for my Statistics class...
November 07, 2012
2012 Presidential Election Results - State Maps and Inauguration Updates "President Barack Obama won the 2012 Presidential election. According to major news outlets, he captured 303 electoral college votes, and won important battleground states like Ohio and Virginia.

(Related) Just in case you thought the government wanted all that data for “National Security” purposes...
concealment sends in a story at Time that goes behind the scenes with the team of data crunchers that powered many of the Obama campaign's decisions in the lead-up to the election. From the article:
"For all the praise Obama's team won in 2008 for its high-tech wizardry, its success masked a huge weakness: too many databases. Back then, volunteers making phone calls through the Obama website were working off lists that differed from the lists used by callers in the campaign office. Get-out-the-vote lists were never reconciled with fundraising lists. It was like the FBI and the CIA before 9/11: the two camps never shared data. ... So over the first 18 months, the campaign started over, creating a single massive system that could merge the information collected from pollsters, fundraisers, field workers and consumer databases as well as social-media and mobile contacts with the main Democratic voter files in the swing states. The new megafile didn't just tell the campaign how to find voters and get their attention; it also allowed the number crunchers to run tests predicting which types of people would be persuaded by certain kinds of appeals. [Behavioral Advertising Bob] Call lists in field offices, for instance, didn't just list names and numbers; they also ranked names in order of their persuadability, [Gullibility Index? How can I get that data to target my Viagra ads? Bob] with the campaign's most important priorities first. About 75% of the determining factors were basics like age, sex, race, neighborhood and voting record. Consumer data about voters helped round out the picture. 'We could [predict] people who were going to give online. We could model people who were going to give through mail. We could model volunteers,' said one of the senior advisers about the predictive profiles built by the data. 'In the end, modeling became something way bigger for us in '12 than in '08 because it made our time more efficient.'"

Perspective (But how does this make us money?)
Web radio growing faster than on-demand services (study)
… For the quarter ending in June, the audience for Internet radio services in the United States, which include companies such as Pandora Media, grew 27 percent from the same period a year earlier, NPD reported. In comparison, on-demand services such as Spotify, YouTube and Rhapsody, grew 18 percent over the same period.

Freebies is good!
… I’m happy to report that the range of magazines using Newsstand for distribution has improved massively over the last 12 months. There are also signs of more sensible pricing, and even some completely free publications to sink your teeth into. Perhaps the most high-profile example of this happening came last year when The Huffington Post dropped its 99¢ cost per issue and instead offered long-form features, reviews, snippets of news and some interactive gubbins to the masses for free. You can download it here and enjoy, if HuffPo is your kind of thing.
[Big list of free magazines follows Bob]
[Don't have an iPad? Try: iPadian 0.2

Sometimes I'm a Nerd, asometimes I'm a Geek (Sometimes a NEEK sometimes a GERD) no matter how hard I try, I still fall short of “Philosopher King.”
According to our infographic today, there are certain tell-tale signs to watch out for if you are trying to decide whether someone is a nerd or a geek.

Wednesday, November 07, 2012

Congratulations Mr. President. I knew (one of) you would be elected!

As expected. My brother is still without power, so it is possible some of these email addresses are simply offline... A Governor's decree does not override Mother Nature.
E-Mail Voting Fails Some New Jersey Residents
November 6, 2012 by Dissent
Ben Smith reports:
New Jersey’s last-minute offer of e-mail voting to displaced residents was greeted by concern by security experts, who warn that e-mail offers a fast track to voter fraud.
But the system may have another problem as well: County election administrators are, according to anecdotal reports, simply not responding to all requests for ballots. In two major counties, the e-mail address advertised on the website of the county clerk is not even accepting e-mail.
The e-mail address listed on the website of the Morris County Clerk,, is not receiving e-mail. Nor is the e-mail address,, listed on the website of the Essex County Clerk, nor theCounty’s site. (The Essex County Clerk posted to his Facebook page Monday that voters could e-mail requests to his personal Hotmail account.
Essex County Clerk C.J. Durkin e-mailed at 5:30 a.m. Tuesday, “We are working around the clock to try and ensure that everyone who wants to vote…can. As an alternative email, voters can send requests to
Oh. My. God.
Read more on BuzzFeed Politics.

(Related) My “Shooting fish in a barrel” prediction: Most of these “problems” were known before the machines were used. An illustration of genius? A woman in Florida was block (for a time) because of her MIT sweatshirt...
Several readers have submitted news of the inevitable problems involved with trying to securely collect information from tens of millions of people on the same day. A video is making the rounds of a touchscreen voting machine registering a vote for Mitt Romney when Barack Obama was selected. A North Carolina newspaper is reporting that votes for Romney are being switched to Obama. Voters are being encouraged to check and double-check that their votes are recorded accurately. In Ohio, some recently-installed election software got a pass from a District Court Judge. In Galveston County, Texas, poll workers didn't start their computer systems early enough to be ready for the opening of the polls, which led to a court order requiring the stations to be open for an extra two hours at night. Yesterday we discussed how people in New Jersey who were displaced by the storm would be allowed to vote via email; not only are some of the emails bouncing, but voters are being directed to request ballots from a county clerk's personal Hotmail account. If only vote machines were as secure as slot machines. [Yet, the house always wins... Bob] Of course, there's still the good, old fashioned analog problems; workers tampering with ballots, voters being told they can vote tomorrow, and people leaving after excessively long wait times.

For my Computer Security students. This is why you study Network Security. When we say the infrastructure is fagile, remember this...
New submitter mc10 points out a post on the CloudFlare blog about the circumstances behind Google's services being inaccessible for a brief time earlier today. Quoting: "
To understand what went wrong you need to understand a bit about how networking on the Internet works. The Internet is a collection of networks, known as "Autonomous Systems" (AS). Each network has a unique number to identify it known as AS number. CloudFlare's AS number is 13335, Google's is 15169. The networks are connected together by what is known as Border Gateway Protocol (BGP). BGP is the glue of the Internet — announcing what IP addresses belong to each network and establishing the routes from one AS to another. An Internet "route" is exactly what it sounds like: a path from the IP address on one AS to an IP address on another AS. ... Unfortunately, if a network starts to send out an announcement of a particular IP address or network behind it, when in fact it is not, if that network is trusted by its upstreams and peers then packets can end up misrouted. That is what was happening here. I looked at the BGP Routes for a Google IP Address. The route traversed Moratel (23947), an Indonesian ISP. Given that I'm looking at the routing from California and Google is operating Data Centre's not far from our office, packets should never be routed via Indonesia."

Not that is a contract I'd like to read...
Strategizing the lawsuit against South Carolina
November 5, 2012 by admin
While I was offline, the lawsuit(s?) apparently commenced against South Carolina over their monster data breach. According to Meg Kinnard of Associated Press, however, plaintiffs might receive only a matter of pennies, as the state limits/caps how much a state agency can pay out for a breach, and that cap is $600,000. It may depend, in part, on how a state court defines an “occurrence.” Then again, there may be deeper pockets with no cap. In the latest development, TrustWave has been added as a defendant. Eric Connor reports;
The private company hired by the state of South Carolina to monitor millions of taxpayers’ sensitive personal data is in the crosshairs of a lawsuit after it was revealed that its services were used in lieu of internal, government-owed protection. [So they outsourced their security... Bob]
“This is a huge development, because we learn for the first time that a large, multinational corporation had assumed the responsibility for securing this data,” Upstate attorney John Hawkins said in announcing his amended lawsuit against the state, which he hopes will be named as a class-action suit.
This case is no longer just about suing state government,” Hawkins said. “It’s become much bigger.” is developing this story and has contacted the computer security company, TrustWave, seeking comment, as well as Gov. Nikki Haley. [That sentence reads like the Governor is hiding at TrustWave Bob]

“We figure that using a really old technology like tapes means we can ignore all them thar modern security “Best Practices” like encryption.” Also a really interesting twist!
By Dissent, November 6, 2012
Tim O’Coin reports:
Women & Infants Hospital says tapes of ultrasound images [Does this fit the legal definition of Child Porn? Bob] and patients’ personal information are missing.
According to a post on its website, the hospital discovered back in September that backup ultrasound tapes at Ambulatory Sites in Providence and New Bedford had disappeared.
The hospital said the tapes also contained patients’ names, dates of birth, and in some cases Social Security numbers.
Read more on WPRI.
The following press release was posted to the hospital’s web site yesterday:
Women & Infants Hospital today announced that on September 13, 2012, the hospital discovered that unencrypted backup tapes containing ultrasound images from two of its ambulatory sites located at 79 Plain Street in Providence, RI and 67 Brigham Street in New Bedford, MA were missing. The hospital immediately began an investigation and conducted a thorough search of its facilities but has been unable to locate the backup tapes.
The backup tapes contained ultrasound studies dating from 1993 to 1997 in Providence and from 2002 to 2007 in New Bedford and included patient names, dates of birth, dates of exam, physicians’ names, patient ultrasound images, and, in some instances, Social Security numbers.
“We have no reason to believe that the information on the backup tapes has been accessed or used improperly,” said Elizabeth Fecteau, privacy officer at Women & Infants Hospital, explaining that it would take specialized equipment [a tape drive Bob] and technical expertise [Knowing how to press the “On” button Bob] to access the information on the tapes.
… Women & Infants has taken steps to prevent an incident like this from happening in the future, including a thorough review of policies and procedures and enhancement of backup tape receipt and storage practices. [Is this proof that the earlier system was inadequate? Bob]
The corresponding notification letter to patients says:
… The backup tapes contained ultrasound images dating from 1993 to 1997 from the Providence location,
… The backup tapes contained ultrasound image dating from 2002 to 2007 from the New Bedford location,
While we no longer have the actual ultrasound images, [These were not “Backup” copies, they were the ONLY copies! Bob] we assure our patients that the full report of their ultrasound and its findings remain in their electronic medical record for reference, if ever needed.

Physicians, stick to your anti-socal networks...
By Dissent, November 6, 2012
Lynn Sessions and Cory Fox write:
Recently, the Federation of State Medical Boards (“the Federation”) released its Model Policy Guidelines for the Appropriate Use of Social Media and Social Networking in Medical Practice (“Guidelines”). The Guidelines are intended to address how physicians can utilize social media to facilitate patient care while still maintaining the privacy and confidentiality of patient information and the appropriate level of professionalism.
Social media usage, such as Facebook, Twitter, LinkedIn and blogging, has increased amongst healthcare providers. One survey indicates that 87% of physicians use social media websites for personal use and 67% use social media for professional purposes. Another study indicates that 35% of physicians have received friend requests from patients or their family members, and 16%of physicians have visited an online profile of a patient or a family member. The expanded use of social media raises challenging questions for healthcare providers, such as the extent to which physicians can share their work experiences online without violating the privacy and confidentiality of their patients and how to clearly delineate appropriate boundaries of professionalism. An analysis of physician blogs found that nearly 17% included enough information about patients to identify them.
Read more on Data Privacy Monitor.

(Related) And it's an application of statistics that my Statistics students will love like laugh at me for presenting.
According to a fairly recent estimate by Facebook, there are around 83 million fake accounts on the social network.
… Thankfully, like the bulk of spamming and phishing efforts today, they’re mostly still fairly easy to spot.
… Recently, Barracuda Networks pieced together some statistics about Fake Facebook profiles, the results of which are quite interesting and might help you to spot a fake profile. Here’s what the average fake profile looks like:
  • They have 6 times the average number of friends (726 versus 130)
  • Around 60% of fake accounts say they are bisexual, which is more than 10 times the amount of real Facebook accounts that list that information.
  • Almost all fake accounts (97%) claim to be female, as opposed to 40 percent of real accounts.
  • Fake accounts will often tag photos far more often than real accounts, with an average of 136 tags per four photos on fake accounts compared to one tag per four photos for real Facebook users.
  • 43% of fake profiles have never updated their status, compared with 15% of real people.

I'd like to know how many people were actually overcharged. Does the fine represent hundreds of dollars per victim or pennys? Apparently the FCC settled before they found out...
"CNet reports on an agreement between AT&T and the FCC which will require the telecom company to pay $700,000 to the federal government to resolve overcharging complaints. AT&T will also refund charges to customers who were switched from pay-as-you-go data plans to monthly plans after AT&T said they could keep the old plans. 'AT&T has also agreed to an extensive compliance plan (PDF), which includes: consumer notification, training of customer care representatives, and periodic compliance reports to the FCC. AT&T must also conduct additional searches of its records to identify improperly switched consumers and ensure appropriate refunds.'"

The saga continues. The RIAA reaches out to Gabon? “Zap this guy and we'll get you an autographed picture of Justin Bieber!”
"Kim Dotcom's plan to launch a 'bigger, better, faster, stronger, safer' Megaupload successor, Mega, is already in peril as Gabon's government has suspended the domain . Announcing his decision, Gabon's Communication Minister Blaise Louembe said 'I have instructed my departments... to immediately suspend the site 'in a bid to 'protect intellectual property rights' and 'fight cyber crime effectively.' Dotcom revealed through a tweet that he is in possession of an alternative domain name and that the recent suspension 'demonstrates the bad faith witch hunt the U.S. government is on.'"

Megaupload Case Has Far-Reaching Implications for Cloud-Data Ownership Rights
… The privacy and property rights of its 60 million users are also in jeopardy, as well as the privacy and property rights of anyone who stores data in the cloud, according to the Electronic Frontier Foundation, which is representing one of Megaupload’s users in a lawsuit against the government that could set a precedent for cloud users in general. A hearing on the issue in Virginia federal court is expected to be set any day.
The problem lies in the fact that there is currently no clear process for owners to retrieve property that federal prosecutors effectively seized when they shuttered the file-sharing and cyberlocker service last January over issues of alleged copyright infringement.

I often point to Dilbert cartoons as simple summaries of complex ideas. That's because Scott Adams is actually a rather smart guy.
"Scott Adams has an entertaining entry on his Dilbert Blog about the perception of privacy. He writes, 'It has come to my attention that many of my readers in the United States believe they have the right to privacy because of something in the Constitution. That is an unsupportable view. A more accurate view is that the government divides the details of your life into two categories: 1. Stuff they don't care about. 2. Stuff they can find out if they have a reason.' His post is written in response to some reader comments on another entry about privacy guardians and how swell life would be if we voluntarily gave up certain personal info."

Interesting. A mindmap with Priority flags... Aspects of a Project Management tool. Be sure to look under the Education tab.
… MindMaple is a program designed to help you manage all those difficult tasks in the most efficient way possible. It helps you generate a mind map, which is like an outline of what you need to do and your ideas for how to do it.

We will need to do this too... Perhaps we could make these class projects? Perhaps a KickStarter funded business?
Distance Learning University, The Open University, Repackages Course Materials For The App Generation
U.K.-based distance learning university, the Open University, is developing a series of apps to deliver undergraduate course materials to students’ smartphones and tablet devices, starting next year. The OUAnywhere app will allow undergraduates to access their main course materials through their handheld devices, along with the audio and visual content the OU produces to support studies.
… OUAnywhere is being created in response to increasing use of mobile devices by students — the OU notes that mobile usage of its virtual learning environment in one month is now comparable to usage for an entire quarter of the previous year. It’s also noticed students are spending much more time online via mobile and tablet devices, and clocking up more repeated visits. (Students using gadgets? It’s not exactly rocket science… )

A place for me to brush up. “Biiru ippai kudasai.” and then “WC doko desu ka?

Tuesday, November 06, 2012

How can you tell when a politician is lying? His lips move. (Pre-historic joke)
Personal data routinely leaked from Obama and Romney websites
November 5, 2012 by Dissent
Both the Barack Obama and Mitt Romney campaigns swear that their websites don’t collect personally identifiable information from visitors, but a new report reveals that neither candidate can really back that claim up.
Responding to the New York Times for an article published just this week, representatives from both presidential contenders say no private information that could reveal their website visitors’ identity is offered to third-parties, with the paper even reporting, “both campaigns emphasize that such data collection is ‘anonymous’” since companies use code numbers — not names — to track site visitors. Jonathan Mayer of the Stanford Center for Internet Society didn’t seem convinced, though, and took it upon himself to investigate the truth.
[From the article:
Although the campaigns are largely correct by saying data collected off their sites are never directly linked to a specific person, the alleged anonymity that they swear by hardly protects any identities. While the data is tied to a code number in lieu of a name, the data that is collected could easily be used to find out almost anything about a visitor of the site, Mayer writes.

(Related) Toys & Tools for whoever gets elected. Kind of a fluf piece but interesting how many involve drones...
7 Technologies That Will Make It Easier for the Next President to Hunt and Kill You

Is it still war if we spell it: “e-War?”
U.S. panel labels China largest cyberspace threat, report says
China poses the largest threat in cyberspace, with its hackers increasingly targeting U.S military computers and defense contractors, according to a draft of a Congressional report obtained by Bloomberg.
The report, produced by the U.S.- China Economic and Security Review Commission, found that China's persistence and its advances in hacking activities over the past year poses an increasing threat to information systems and users.

Another example of really bad reporting? It looks like the police suspected Mendoza, went on his property, found the marijuana plants and then set up the cameras to see who came to tend/harvest them. Not stated is why they suspected him or his property.
Court OKs warrantless use of hidden surveillance cameras
November 5, 2012 by Dissent
Declan McCullagh reports:
Police are allowed in some circumstances to install hidden surveillance cameras on private property without obtaining a search warrant, a federal judge said yesterday.
CNET has learned that U.S. District Judge William Griesbach ruled that it was reasonable for Drug Enforcement Administration agents to enter rural property without permission — and without a warrant — to install multiple “covert digital surveillance cameras” in hopes of uncovering evidence that 30 to 40 marijuana plants were being grown. [Okay, that isn't correct. They had already discovered more than 1000 plants. Bob]
Read more on CNET.
[From the article:
"The Supreme Court has upheld the use of technology as a substitute for ordinary police surveillance," Callahan wrote. [“susbtitute” as in “equal to?” So the Courst would have Okayed a 24/7 police presence? Bob]
Two defendants in the case, Manuel Mendoza and Marco Magana of Green Bay, Wis., have been charged with federal drug crimes after DEA agent Steven Curran claimed to have discovered more than 1,000 marijuana plants grown on the property... [Discovered using the camera or as justification for using the camera? Bob]
[The Order:

Since they broadcast, you have no way to know if or how often someone reads your data.
Smart meters not so clever about privacy, researchers find
November 5, 2012 by Dissent
Martyn Williams reports:
Researchers at the University of South Carolina have discovered that some types of electricity meter are broadcasting unencrypted information that, with the right software, would enable eavesdroppers to determine whether you’re at home.
The meters, called AMR (automatic meter reading) in the utility industry, are a first-generation smart meter technology and they are installed in one third of American homes and businesses. [Somehow, I doubt that Bob] They are intended to make it easy for utilities to collect meter readings. Instead of requiring access to your home, workers need simply drive or walk by a house with a handheld terminal and the current meter reading can be received.
Read more on Computerworld.

Click through to find inks to other papers as well...
Event: Friday, Nov. 9: Harvard Law Review Symposium on Privacy & Technology
November 6, 2012 by Dissent
Daniel Solove writes:
This Friday, November 9th, I will be introducing and participating in the Harvard Law Review’s symposium on privacy and technology. The symposium is open to the public, and is from 8:30 AM to 4:30 PM at Harvard Law School (Langdell South).
I have posted a draft of my symposium essay on SSRN, where it can be downloaded for free. The essay will be published in the Harvard Law Review in 2013. My essay is entitled Privacy Self-Management and the Consent Paradox, and I discuss what I call the “privacy self-management model,” which is the current regulatory approach for protecting privacy — the law provides people with a set of rights to enable them to decide for themselves about how to weigh the costs and benefits of the collection, use, or disclosure of their data.
For more details on the symposium, including the list of presenters, see Dan’s post on Concurring Opinions.

Take a really smart person and let them think about a topic for several years and you wind up with “words worth listening to.”
Article: Privacy by Design and the Emerging Personal Data Ecosystem
November 5, 2012 by Dissent
A paper by Ann Cavoukian, PhD, the Information & Privacy Commissioner of Ontario, describes the systems and initiatives driving the Personal Data Ecosystem and how they seek to address the challenge of protecting and promoting privacy, while at the same time, encouraging the socio-economic opportunities and benefits of personal information as a new asset class. The paper features case studies of the Personal Data Vault and platform at Washington-based Personal Inc., and the personal data network belonging to San Francisco-based Respect Network, plus invaluable market data on the emerging PDE provided by Ctrl-Shift of London:

Questions from Google's Privacy lawyer...
The Marketplace of Privacy Compliance Programs
November 5, 2012 by Dissent
Peter Fleischer writes:
The data protection establishment, worldwide, has been inventing a lot of new privacy compliance programs. All these different, well-intentioned initiatives are meant to serve the same purpose: improve privacy protections. All of them are, or likely will soon be, mandatory for most big companies. I can hardly keep track of all the different initiatives, but here are the ones I have struggled to understand:
  • Accountability
  • Privacy by Design
  • Privacy Impact Assessments
  • Consent Decrees
  • Audits (internal and external)
  • Regulatory reviews
  • Data Processing Documentation
  • Database notifications/registrations
  • Binding Corporate Rules
  • Safe Harbor Compliance programs
Lots of my acquaintances in the privacy field have asked me what I think about all this: Are these programs meant to run independently, even if they overlap and cover the same ground? Does anyone have a clue how much all this will cost? Where do you turn for help to implement these programs? Can one solid privacy compliance program be implemented to meet all of these goals? Clearly, all of us privacy professionals are struggling to understand this.

Can you “un-release” documents after everyone on the Internet has made at lest one copy?
ICE Releases Documents Detailing Electronic Surveillance Problems . . . and then Demands Them Back a Year Later
November 6, 2012 by Dissent
Jennifer Lynch writes:
This is a first for us in all of EFF’s history of Freedom of Information Act (FOIA) litigation—Immigrations and Customs Enforcement (ICE) has demanded we return records it gave us more than a year ago. The release of these documents doesn’t endanger national security or create a risk to an ongoing law enforcement investigation. Instead, it seems that ICE simply wants to stymie further FOIA requests from EFF as we try to get answers about the government’s electronic surveillance procedures.
Read more on EFF. I hope that EFF’s amazing lawyers are writing a suitable response incorporating such legalistic phrases as “barn door… horse” and “snowball… hell.”
[From the EFF article:
The problem for ICE is, these records have already been in the public’s hands for over six months—we filed them as an exhibit (pdf) in our FOIA litigation (pdf) in March 2012, and they’re readily available on the PACER docket for the case (or from the Internet Archive).

“We want to tax online sales but we also want to make it impossible to sell online.”
Apple leads legal battle over e-commerce vs. privacy rights in California Supreme Court
November 5, 2012 by Dissent
Howard Mintz reports:
Parked at the computer and want to use your credit card to buy the latest Lil Wayne song or a cool app on iTunes? Arrange the perfect date on eHarmony? Buy a ticket to a 49ers game on StubHub?
Chances are those online merchants will ask for your personal information to close the deal. And they may just be violating a two-decade-old California law designed to restrict the amount of personal information consumers must provide to make a credit card purchase.
On Wednesday, the California Supreme Court will tackle the unprecedented question of whether that state law applies to online commerce in a legal challenge led by Apple and backed by a host of retailers ranging from Walmart to eBay.
Read more on Mercury News.

For my Crypto geeks...
"Side-channel attacks against cryptography keys have, until now, been limited to physical machines. Researchers have long made accurate determinations about crypto keys by studying anything from variations in power consumption to measuring how long it takes for a computation to complete. A team of researchers from the University of North Carolina, University of Wisconsin, and RSA Security has ramped up the stakes, having proved in controlled conditions (PDF) that it's possible to steal a crypto key from a virtual machine. The implications for sensitive transactions carried out on public cloud infrastructures could be severe should an attacker land his malicious virtual machine on the same physical host as the victim. Research has already been conducted on how to map a cloud infrastructure and identify where a target virtual machine is likely to be."

An interesting way to always win at Hide-and-Seek!
The system consists of a handheld transmitter and tiny receivers that look like something out of a 60s spy movie. The little receivers are about the size of a quarter and are black. To use the system you stick one of the little receivers to whatever it is you tend to lose be it a smartphone, your keys, or your glasses.

For my gaming friends...
EA and DICE have announced something special for fans of the Battlefield franchise. To celebrate the 10-year anniversary of the original Battlefield 1942, EA and DICE are giving away a free PC download the full version of Battlefield 1942. The game is available exclusively on

We live in a sick, sick world.
Justin Bieber Sex Doll Blows Up at Online Adult Store—See the Pic
… An enterprising adult store now wants to make sure you get every last inch of him.
Naughty Beliebers, behold: the Justin Bieber blow-up sex doll!
Or, rather—cough, cough—it's the "Just-in Beaver Love Doll," which bears an uncanny resemblance to the pop star, minus his trademark tattoos and plus, well, a whole lot more.
… We've reached out to Biebs' camp for comment, but you can bet the product won't stay on shelves for long: It comes from the same folks who created a similar Miley Cyrus-inspired sex doll, which was quickly, ahem, yanked.