Tuesday, December 31, 2013

Pew – Social Media Update 2013
by Sabrina I. Pacifici on December 30, 2013
“Some 73% of online adults now use a social networking site of some kind. Facebook is the dominant social networking platform in the number of users, but a striking number of users are now diversifying onto other platforms. Some 42% of online adults now use multiple social networking sites. In addition, Instagram users are nearly as likely as Facebook users to check in to the site on a daily basis. These are among the key findings on social networking site usage and adoption from a new survey from the Pew Research Center’s Internet Project.”

Might be amusing, until we get a real emulator.
iPadian: The iOS Simulator For Windows
… iPadian is a free iPad simulator for PCs running Windows XP or higher. It overlays itself on your desktop and requires no installation, you simply download the file from the iPadian website or cnet.com, extract the archive and run the ipadian.exe file. It launches an alternative desktop that looks and feels like an iPad home screen.
… The application is ad-supported, so you will occasionally see JavaScript pop-up ads.
It is not possible to download apps from iTunes since iPhone, iPad and iPod apps are encrypted with Apple’s FairPlay DRM technology. What the guys at iPadian have done is to create a custom app store that currently contains slightly over 300 hundred popular apps, such as Facebook, WhatsApp, Angry Birds, Cut The Rope and many more.
… iPadian is not an iOS emulator in the same way that BlueStacks emulates Android. We are yet to see a real emulator with access to Apple’s App Store. At the most, iPadian simulates the look and feel of an iOS device and at the least it’s like using iOS skins for Windows, with the added bonus of actually being able to use a couple of popular apps. But, despite this, it has no touch-screen support so you won’t be able to use a touch-screen monitor on Windows 8. For now you are limited to point-and-click with the mouse.

I'll update my Math Resources handout.
By Request - Ten Helpful Resources for Middle School and High School Math Teachers

For my Android-packing students. Open Office can write files in Microsoft Office formats.
– is the world’s first port of OpenOffice for Android. You can view, edit, export office documents using full features of the OpenOffice. AndrOpen Office has 6 components – Writer (a word processor), Calc (spreadsheet), Impress (presentation graphics), Draw (drawing), Math (equation editor), and Base (database).

Monday, December 30, 2013

Typical or government inefficiency?
Nic Rigby of the BBC reports on the cost to the U.S. of investigations involving U.K. hackers:
Lauri Love, 28, of Stradishall, Suffolk, was arrested in October over charges which include allegations he hacked the US Department of Energy (DoE) computers. A report says personal information on 104,000 people could have been taken. It says dealing with the fall out of this cost $3.7m.
And the Gary McKinnon incident cost the U.S. another $2.1m to pay for staffing “to help correct the problems and deal with the aftermath.”
Read more on BBC.

What's a good set of Policies and Procedures worth?
I've drafted dozens of them, including the form set currently available from the Texas Medical Association. On average, I've probably charged around $5,000 to $10,000 for a worked-over set of policies (including adaption to the client's specific needs, assisting with risk analysis, adding in forms for BAAs and NoPPs, etc.). That's a lot of money for some clients, and many balk at a price tag that high.
But what is the set worth? If you're Adult & Pediatric Dermatology in Massachusetts, the number is $150,000. APDerm lost a flash drive with PHI on it: as far as anyone knows, nothing happened to the PHI. But, the loss triggered an OCR investigation, which uncovered that APDerm hadn't adopted policies and procedures. That failure triggered a $150,000 fine.

Ignorant politicians.
This statement in an OpEd in the Des Moines Register by Anthony Gaughan, associate professor of law at Drake University, gave me pause:
The greatest threat to your privacy is not posed by the NSA. It’s posed by hackers, thieves and corporations.
So what do you think is the single greatest threat to privacy?

“Da world, she change!” Keeping up is hard.
Orin Kerr points us to this interesting post by law professor Miriam Baer:
As I ready myself for teaching a new semester of Criminal Procedure I (often known as the “investigation” course, as opposed to the Crim Pro II “adjudication” course, which ostensibly covers everything from “bail to jail”), I cannot help but think how much the course — and my syllabus – has changed in the last year or so, and how much it is likely to change over the next 24 months.
Just two years ago, the discussion of whether police action constituted a “search” would have been answered primarily by asking whether the action intruded upon an individual’s “reasonable expectation of privacy.” Today, however, it would be unthinkable not to also ask whether the action interefered with the individual’s property rights.
A few years ago, if one taught the “third party doctrine,” one likely referred to it as an established yet disfavored doctrine that drew the ire of civil libertarians and privacy scholars, but whose implementation continued largely without challenge.
Read more on Prawfsblawg.

Do these actually work? Where can I find studies?
Sancheska Brown reports:
Immigration Minister Fred Mitchell said yesterday the Government is considering introducing a National Identification Card as well as charging persons who knowingly hire illegal immigrants in an effort to deal with the country’s long standing illegal migration problem.
Read more on Tribune242.

You don't need to know these facts, but infographics are relatively painless and addictive.
10 Amazing Facts About Google You Probably Didn’t Know

Sunday, December 29, 2013

It would move the cost of storage from the NSA budget to the far less efficient individual carriers. I can see this appealing to politicians who seems to believe that “If a thing is worth doing, we should do it as inefficiently as possible.”
Phone companies say 'no way' to storing phone data for NSA
… Major phone companies argue that being required to store metadata for an extended period of time for the NSA would be costly, time consuming, and risky, according to a report from The Washington Post on Saturday.

It's not a crazy as it sounds. Think of “HealthBook” as very similar to FaceBook, but without the bad privacy decisions. Business opportunity?
We’d all be better off with our health records on Facebook
A Facebook user’s timeline provides both a snapshot of who that user is and a historical record of the user’s activity on Facebook. My Facebook timeline is about me, and fittingly, I control it. It’s also one, single profile. Anyone I allow to view my timeline views my timeline—they don’t each create their own copies of it.
… In medical records: The “about” section would be a snapshot of the patient’s health and background. It should include the patient’s age, gender, smoking status, height, weight, address, phone number, and emergency contact information; the patient’s primary care provider; and insurance information. This section would include a summary list of the patient’s current diagnoses and medications, as well as family history. And importantly, both the doctor and the patient would be able to add details.

(Related) On the other hand...
Facebook Is ‘Dead and Buried’ to Teens, and That’s Just Fine for Facebook
Anthropologist Daniel Miller has been studying British teens, and he has a dire message for Facebook: The social network is “dead and buried” to Britain’s 16-to-18-year-olds because they’re “embarrassed even to be associated with it.”
In a recent article for academic clearinghouse The Conversation, Miller shares preliminary findings from a 15-month ethnographic study of social media in eight countries, and explains that Facebook is “so uncool” to teens because their parents and other family members are using it to keep tabs on them.
You just can’t be young and free if you know your parents can access your every indiscretion,” Miller writes. “Young people care about style and status in relation to their peers, and Facebook is simply not cool anymore.”

This is interesting. Take an old document and translate it to use new technology.
Atlas of the Historical Geography of the United States
by Sabrina I. Pacifici on December 28, 2013
Here you will find one of the greatest historical atlases: Charles O. Paullin and John K. Wright’s Atlas of the Historical Geography of the United States, first published in 1932. This digital edition reproduces all of the atlas’s nearly 700 maps. Many of these beautiful maps are enhanced here in ways impossible in print, animated to show change over time or made clickable to view the underlying data—remarkable maps produced eight decades ago with the functionality of the twenty-first century.”

Could explain why students fail my math classes...
New research suggests that people even solve math problems differently if their political ideology is at stake
by Sabrina I. Pacifici on December 28, 2013
“Everybody knows that our political views can sometimes get in the way of thinking clearly. But perhaps we don’t realize how bad the problem actually is. According to a new psychology paper, our political passions can even undermine our very basic reasoning skills. More specifically, the study finds that people who are otherwise very good at math may totally flunk a problem that they would otherwise probably be able to solve, simply because giving the right answer goes against their political beliefs. The study, by Yale law professor Dan Kahan and his colleagues, has an ingenious design. At the outset, 1,111 study participants were asked about their political views and also asked a series of questions designed to gauge their “numeracy,” that is, their mathematical reasoning ability. Participants were then asked to solve a fairly difficult problem that involved interpreting the results of a (fake) scientific study. But here was the trick: While the fake study data that they were supposed to assess remained the same, sometimes the study was described as measuring the effectiveness of a “new cream for treating skin rashes.” But in other cases, the study was described as involving the effectiveness of “a law banning private citizens from carrying concealed handguns in public.”

Easier than a garage sale?
– is the fastest, most efficient way to list items to online marketplaces like eBay. It simplifies and demystifies the process of listing items, and can be used on any smartphone, tablet, or desktop. WorldLister intuitively guides you step-by-step and generates a complete, attractive listing.

Might be a useful tool for my Website students!
– is a tool to take existing HTML webpages off the web, extract the main content, and turn it into Markdown so you can store it as plain text. Whether you keep your notes in raw Markdown, or render them into HTML or Rich Text for another organizer, Marky will give you clean markup and easy-to-edit notes.

I'm not sure my students would be interested in “games from ancient history.”
Hundreds of Classic Console Games Can Now Be Played Online, Free
Thanks to the good people at the Internet Archive, classic console video games like Donkey Kong, Mario Bros., Asteroids, Dig Dug, and Pac Man are now fully playable online. The games, released as the Internet Archive Console Living Room, are also available for free downloads. They don't have sound yet, but the archive promises to get that up and running soon. And even though the collection isn't complete at this point, the archive promises to expand it "in the coming months." Because the archive has versions of each game available in an browser-based emulator, you can jump right in to the game of your choice without downloading any specialized software.
… For instance: the archive contains ET: The Extra Terrestrial, a game so bad that someone made a documentary about its failure. On the other hand, there's always Frogger, which is still excellent.
Some of the games even come with the original manual, which if nothing else, gives a good glimpse at the conceptual imagination behind the very sparse graphics game designers had to work with at the time.

For my Criminal Justice students...
Sandy Hook Elementary School Shooting Reports

There's an App for that!
Top Apps
The Recapp

Saturday, December 28, 2013

How important is it to get your facts (and the potential risks) correct? Is it better to say, “I don't have that information in front of me, let me check and get back to you?” In every “incident” I was involved with as an Auditor, we started by documenting how data flowed through the processes involved. Later we could look at each step and the potential for something inappropriate to happen.
Four days after a computer was stolen from Inspira Medical Center Vineland, the hospital still can’t say whether there was any patient data on it?
That’s absurd. Just ask the staff who were using it whether they entered patient data on it. If they say “Yes, we used it for every radiology patient,” then you have your answer. You may not know which patients or what data yet, but at least you’d be able to say whether patient data was on it or not. Significantly, perhaps, the employee who reported the theft to the police told them that patient data was on the computer.
If HHS investigates this incident, I expect they’ll want to know how it is that after four days, the hospital couldn’t say whether any patient data were on a computer. Doesn’t that suggest a lack of inventory or safeguards at the very least?

First they said it wasn’t, now they say it was but not to worry…. read Chris Welch’s report on The Verge.
[From the article:
Class action lawsuits accusing Target of not doing enough to protect consumer data are already starting to pile up.

There is a problem in believing that what you can see (or what you read in a newspaper) is everything there is to see.
Reuters reports:
A U.S. judge has concluded that the National Security Agency’s sweeping collection of telephone data is lawful, rejecting a challenge by the American Civil Liberties Union to the program.
U.S. District Judge William Pauley in Manhattan on Friday said there was no evidence that the government had used any of the so-called “bulk telephony metadata” it had collected for any reason other than to investigate and disrupt terrorist attacks.
Read more on Reuters. The AP covers the ruling here.
You can read the ruling here (pdf).
There’s a lot there to digest, none of it good news for privacy advocates from the parts I’ve skimmed so far. Of note, Judge Pauley found that Congress had ratified the Section 215 program as interpreted by the Executive Branch when they reauthorized FISA after having the opportunity to review a classified document that noted that it required the collection of “substantially all” telephone calls. The judge noted that not all members of the House had read the document, but concluded that the Executive branch has fulfilled its obligation by providing the memo.
So… we have members of Congress to thank for failing to read what they could have read? Would they have blocked the reauthorization of FISA had they been paying more attention?

NEW YORK – A federal court issued an opinion and order in ACLU v. Clapper, the ACLU’s challenge to the constitutionality of the NSA’s mass call-tracking program, ruling that the government’s bulk collection of phone records is lawful under Section 215 of the Patriot Act and under the Fourth Amendment. The court denied the plaintiffs’ motion for a preliminary injunction and granted the government’s motion to dismiss the case. Judge Pauley’s ruling conflicts with last week’s ruling by a federal judge in Washington, D.C., that the mass call-tracking program violates the Fourth Amendment. The ACLU plans to appeal the ruling to the Second Circuit Court of Appeals.
The plaintiffs filed the lawsuit on June 11, 2013, less than a week after the mass call-tracking program was revealed by The Guardian newspaper based on documents obtained from NSA whistleblower Edward Snowden.
“We are extremely disappointed with this decision, which misinterprets the relevant statutes, understates the privacy implications of the government’s surveillance and misapplies a narrow and outdated precedent to read away core constitutional protections,” said Jameel Jaffer, ACLU deputy legal director. “As another federal judge and the president’s own review group concluded last week, the National Security Agency’s bulk collection of telephony data constitutes a serious invasion of Americans’ privacy. We intend to appeal and look forward to making our case in the Second Circuit.”

Why clutter the intelligence space with useless data? The answer is, they don't! If there is no evidence that they stopped a terrorist attack, ask what value they do find in this data? How would you use the data?
Ryan Goodman has a post on Just Security that is part of an ongoing dialogue* about the report by the President’s Review Group. Ryan writes:
The question I consider in this post is whether the Group’s assessment will, and should, signal the effective demise of the program. I examine the strongest claims that proponents of the program may still raise; and I propose some analytic tools for considering the issue of effectiveness, so that we might all (proponents, opponents, and others alike) candidly assess this particular program’s potential security benefits.
Read his commentary on Just Security.
*[Editor’s Note: Just Security is holding a “mini forum” on the Report by the President’s Review Group on Intelligence and Communications Technologies. Others in the series include a post by Marty Lederman analyzing the Report’s highlights, post by Julian Sanchez examining the scope of the NSA's section 702 program, a post by David Cole and Marty Lederman analyzing how metadata is used under section 215, and a post by Jennifer Granick discussing the implications for non-US persons (with a follow-up post by Jennifer).]

For my students. (I'm curious to see how the government thinks we should calculate...)
Get Calculators and Worksheets to Evaluate Your Finances
by Sabrina I. Pacifici on December 27, 2013
“Calculators are an essential tool to help you evaluate your current financial situation, and to get you where you want to be in the future. They can tell you if you are in the “ballpark” for retirement, and help you analyze fees associated with mutual funds and 529 Plans. Here are just a few of the tools you’ll find on Investors.gov:
  • 401(k) and IRA Required Minimum Distribution Calculator: After age 70½, you are generally required to start withdrawing money from your IRAs and 401(k)s. Find out the minimum amount you’ll need to withdraw, depending on your age and the value of your accounts.
  • Compound Interest Calculator: Find out how much your money can grow, using the power of compound interest.
  • Social Security Retirement Estimator: Get personalized benefit estimates to help you plan for retirement.
  • Worksheet for Determining Your Net Worth: Use this worksheet to list your assets and debts.
  • Worksheet for Tracking Your Income and Expenses: Keeping track of your income and expenses will help you stay on track with your financial goals.”

For my students who read (There are some!) NOTE: I did skip a couple... Load these into Calibre to organize and move to various devices.
Supercharge Your eBook Reading With IFTTT
… As you probably already know, IFTTT is just the hack you’re looking for. This great automation service can be used for anything from superpowering Google Calendar to making money, and yes, it can also be used to supercharge your eBook reading. From finding eBook deals to automatically sending articles to your Kindle, these are all the recipes you need.
This recipe is based on the website FreeBooksHub — a website dedicated to finding Kindle deals.
This recipe takes any RSS feeds you’re interested in, and sends any new items to your Kindle. Who said your Kindle is just for books?
… define a Dropbox subfolder in your Public folder (for example, public/kindle), which automatically transfers files to your Kindle.
Readability has a feature that lets you connect your Kindle to your Readability reading lists. You can check out this help page to find out more about setting it up.
This recipe monitors the Gold Box feed for the “Kindle” keyword, and emails you only when a relevant deal appears. When using the recipe, you can change the keyword to anything you want, so if it’s not Kindle you’re interested in, the recipe is still very useful.

For my Android toting students...
– draws the attention of people who care about you at times of need, and makes it easier for them to find you. Create response groups based on locations you visit frequently, and add people who care about you to each group. Whenever you don’t feel safe, start SafeSpot.

I can't help thinking that I could make more money selling individual “How to” lessons at $1 per, than I could teaching full time.
From Cooking To Coding: Learn And Teach Lessons On Curious.com
If you have the time and inclination to explore a new hobby, prepare a gourmet meal, learn how to code, or pick up a few health and beauty tips, the online learning site and mobile app, Curious.com, offers hundreds of free or low cost video tutorials on a wide range of topics.
Curious.com launched last summer and is similar to Khan Academy, Udemy, Lynda.com, and other online course sites. Its online platform was recently expanded into an iPhone app, followed by its iPad version which released this August.
… Each Curious lesson is broken down into interactive sections with a few multiple-choice review questions at the end of each lesson. Some lessons may include PDF handouts, links to other resources, and a feature for leaving comments and asking questions.
… Curious includes a Curious Lesson Builder platform for creating lessons, and uploading video content to the site. Instructors get their own individual web page (www.curious.com/yourbrand), and for paid lessons, teachers receive 70% and Curious gets 30% of the paid tuition. Lessons can easily be shared to social networks, and all uploaded content remains non-exclusive and owned by the instructors.

Well, I find it amusing...
A judge has ruled that Sherlock Holmes (and the other characters and elements of Arthur Conan Doyle’s series) is no longer covered by US copyright law and is now in the public domain.
A judge has ruled that the Douglas County (Colorado) school district “violated the state’s Fair Campaign Practices Act when it hired Rick Hess to author a positive report about school reforms that it later e-mailed to 85,000 subscribers in the weeks before the November election.” All’s fair in

Friday, December 27, 2013

Haven't I been saying this?
Alan Dershowitz rips Edward Snowden: ‘We have an absolute right’ to spy on other countries
… In particular, Dershwoitz slammed Snowden for bringing to light the agency’s surveillance activities against other countries, saying they “raise some questions, but [were] not unconstitutional.
“We have an absolute right under our Constitution to listen to the prime minister of Israel, to listen to the chancellor of Germany,” Dershowitz said. “That is not a constitutional issue, and yet he disclosed — or people working on his behalf — the fact that we are using surveillance abroad, outside the country, where the Constitution does not apply.”

Interesting. Are we back to the same “anti-Iran” agreements we had before Sadam invaded Kuwait?
U.S. sending missiles and surveillance drones to Iraq to help combat Al-Qaeda-backed violence: NYT
The United States is sending Iraq dozens of missiles and surveillance drones to help it combat a recent surge in Al-Qaeda-backed violence, the New York Times reported on Thursday.
The weapons include a shipment of 75 Hellfire missiles purchased by Iraq, which Washington delivered to the country last week, the Times reported.
The daily wrote that 10 ScanEagle reconnaissance drones — smaller versions of the larger Predator drones that once were frequently flown over Iraq — are expected to be sent by March. [Meanwhile, they can hand deliver the missiles Bob]

Looks like telecom is in the contraction phase already.
Report: Owners of Sprint in final stages of deal for T-Mobile
Sources say that SoftBank will make a $19 billion bid for 70 percent of T-Mobile.
On Wednesday, the Nikkei news agency cited unnamed sources who said that SoftBank, the company that owns a majority of Sprint, was “in the final stages of talks with T-Mobile's German parent, Deutsche Telekom.” News of a merger between Sprint and T-Mobile hit in early December, with the Wall Street Journal reporting that Sprint’s parent company was wary of trying to merge with T-Mobile like AT&T had years earlier, only to see its efforts thwarted by the Department of Justice and the Federal Communications Commission.

I'm not sure my students plan over much, but if they do, this looks interesting.
– Convert your Basecamp Project, Google Calendar or Trello Board to a Gantt Chart. Explain your plans to others using one simple chart. See how all your activities relate in time and find bottlenecks in a matter of seconds. It is free and there is no need to register.
… Ganttify is provided to you by Tom's Planner. Tom's Planner is an online Project Planning tool used by more than 150k users worldwide.
(To create a Gantt chart from scratch check out tomsplanner.com!)

Thursday, December 26, 2013

For my Computer Security and Ethical Hacking students. You can see that keeping our “academic efforts” below a couple of million BPS won't even make their list.
Digital Attack Map displays global DDoS activity on any given day
by Sabrina I. Pacifici on December 25, 2013
“The Digital Attack Map is a live data visualization of DDoS attacks around the globe, built through a collaboration between Google Ideas and Arbor Networks. The tool surfaces anonymous attack traffic data to let users explore historic trends and find reports of outages happening on a given day.”

Another fine nit to pick. Sic 'em, lawyers!
Orin Kerr discusses an interesting question and ruling:
A recent case, United States v. Young (D. Utah, December 17, 2013) (Campbell, J.), touches on a novel, interesting, and quite important question of Fourth Amendment law: Assuming that e-mail account-holders generally have Fourth Amendment rights in the contents of their e-mails, as courts have so far held, when does a person’s Fourth Amendment rights in copies of sent e-mails lose Fourth Amendment protection?
To understand the question, consider Fourth Amendment rights in postal letters. Before a letter is sent, only the sender has rights in the letter; during transmission, both the sender and recipient have rights in the letter; and once the letter is delivered at its destination, the recipient maintains Fourth Amendment rights but the sender’s rights expires. But how do you apply this to an e-mail? By analogy, a sender loses Fourth Amendment rights in the copy of the e-mail that the recipient has downloaded to his personal computer or cell phone. But does the sender have Fourth Amendment rights in the copy of the e-mail stored on the recipient’s server after the recipient has accessed the copy? And does the sender have Fourth Amendment rights in the copy of the e-mail stored on the recipient’s server before the recipient has accessed the copy? At what point does the sender’s Fourth Amendment rights in the sent copy expire?
Read more on The Volokh Conspiracy.

Hotels don't have to, but they can. All that suggests is that hotels could sell the data to anyone who wanted it. (Police, paparazzi, divorce lawyers) Perhaps asking police to pay for records would limit the gathering?
Joe Palazzola reports:
While federal courts in New York and Washington mull the constitutionality of the National Security Agency’s bulk collection of phone records, a panel of judges in California has answered another weighty Fourth Amendment question: Do we have an expectation of privacy in our hotel guest records?
No, we do not, the Ninth U.S. Circuit Court of Appeals ruled Tuesday.
But hotels do have an interest in keeping their records private, and so, in a gift to privacy advocates, the appeals court struck down a Los Angeles ordinance that required operators to produce information about their guests to police officers, upon request, without a warrant. The information included a guest’s name and address, the number of people in the party, vehicle information, arrival and checkout dates, rooms number and method of payment.
Read more on WSJ.
I’m glad we got something, but I still detest the third party doctrine that says we lose our expectation of privacy by turning over our information to a business. The business has a property interest/privacy expectation, but we don’t. That needs to change.

(Related) Not sure I agree that gathering “suspicious activity reports” is ever a bad idea. It's what happes after the tip that could be a waste of time.
New Report: Police Intelligence Gathering Lacks Standards, Threatens National Security and Civil Liberties
by Sabrina I. Pacifici on December 25, 2013
“Gaps in local-federal intelligence sharing systems jeopardize national security investigations and threaten Americans’ civil liberties, according to a new Brennan Center report. National Security and Local Police, the most comprehensive survey of counterterrorism policing since 9/11, finds that police are operating without adequate standards and oversight mechanisms, routinely amassing mountains of data – including personal information about law-abiding Americans – with little or no counterterrorism value. The Brennan Center’s findings are based on dozens of freedom of information requests, in addition to surveys and interviews with police departments, Joint Terrorism Task Forces, and data sharing centers nationwide. The Brennan Center’s new report shows how the lack of consistency and oversight in local counterterrorism programs directs resources away from traditional police work, violates individual liberties, undermines community-police relations, and causes important counterterrorism information to fall through the cracks. The Boston Marathon bombing exemplifies how critical information can get lost in a din of irrelevant data.”

My interest in how poorly the “Music Industry” (actually music labels) has incorporated technology is matched by how smart individual bands seem to be... Note that this makes no money for the music label, only for the band itself.
How Iron Maiden found its worst music pirates -- then went and played for them
… A U.K. company called Growth Intelligence aggregates data on U.K. companies to offer them a real time snapshot of how their company is performing. They capture everything from real-world data, like hiring of employees, to online indicators like email to online discussion.
Its stats were compiled for the London Stock Exchange "1000 Companies That Inspire Britain" list. On that list were six music firms that outperformed the music sector, one of them being Iron Maiden LLP, the holding company for the venerable heavy metal band.
… Enter another U.K. company called Musicmetric, which specializes in analytics for the music industry by capturing everything from social media discussion to traffic on the BitTorrent network. It then offers this aggregated information to artists to decide how they want to react. Musicmetric noticed Iron Maiden's placement and ran its own analytics for the band.
… In the case of Iron Maiden, still a top-drawing band in the U.S. and Europe after thirty years, it noted a surge in traffic in South America. Also, it saw that Brazil, Venezuela, Mexico, Colombia, and Chile were among the top 10 countries with the most Iron Maiden Twitter followers. There was also a huge amount of BitTorrent traffic in South America, particularly in Brazil.
Rather than send in the lawyers, Maiden sent itself in. The band has focused extensively on South American tours in recent years, one of which was filmed for the documentary "Flight 666." After all, fans can't download a concert or t-shirts. The result was massive sellouts. The São Paolo show alone grossed £1.58 million (US$2.58 million).
And in a positive cycle, Maiden's online fanbase grew. According to Musicmetric, in the 12 months ending May 31, 2012, the band attracted more than 3.1 million social media fans. After its Maiden England world tour, which ran from June 2012 to October 2013, Maiden's fan base grew by five million online fans, with a significant increase in popularity in South America.

A real exercise for my Computer Security students. If you really want to understand your “Internet footprint” this will help.
How To Make Yourself Disappear Online Completely
If you’re looking to drop from the Webosphere completely in an attempt to remain anonymous, we can help. The process is arduous and there are several key steps you’ll need to take along the way.

I need more time!
The Best Free Education Web Tools Of 2013
… Thankfully, the folks over at Edublogs have put together this great List.ly that is filled to the brim with the best education tools, and the best part is that they’re all free!

Wednesday, December 25, 2013

It's that time of year again. Rather than a heartfelt “Bah, Humbug!” allow me to offer you..


Please accept with no obligation, implied or implicit, our best wishes for an environmentally conscious, socially responsible, low stress, non-addictive, gender neutral, celebration of the northern hemisphere winter solstice, practiced within the most enjoyable traditions of the religious persuasion of your choice, or secular practice of your choice, with respect for the religious/secular persuasions and/or traditions of others, or their choice not to practice religious or secular traditions at all. And a fiscally successful, personally fulfilling and medically uncomplicated recognition of the generally accepted calendar year 2014, but not without due respect for the calendars of choice of other cultures whose contributions to society have helped make our country great, and without regard to the race, creed, color, age, physical ability, religious faith, sexual orientation or choice of computer platform and operating system of the wishee.

By accepting this greeting, you are accepting these terms:

1. The greeting is subject to clarification or withdrawal.
2. It is freely transferable with no alteration the original greeting.
3. It implies no promise by the wisher to actually implement any of the wishes for her/himself or others.
4. It is void where prohibited by law, and
5. It is revocable at the sole discretion of the wisher.

This wish is warranted to perform as expected with the usual application of good tidings for a period of one year or until the issuance of a subsequent holiday greeting, whichever comes first, and warranty is limited to replacement of this wish or issuance of a new wish at the sole discretion of the wisher.

[This is what happens when you hang out with lawyers. Bob]

Let me repeat. You really don't need to know the names to establish that “Known Terrorist #402” is repeatedly calling a cell phone in New Jersey and that cell phone is then calling three other phones.
Research – MetaPhone: The NSA’s Got Your Number
by Sabrina I. Pacifici on December 24, 2013
by Jonathan Mayer, a grad student at Stanford - Co-authored with Patrick Mutchler – via the Web Policy Blog
“MetaPhone is a crowdsourced study of phone metadata. If you own an Android smartphone, please consider participating. In earlier posts, we reported how automated analysis of call and text activity can reveal private relationships, as well as how phone subscribers are closely interconnected.
“You have my telephone number connecting with your telephone number,” explained President Obama in a PBS interview. “[T]here are no names . . . in that database.” Versions of this argument have appeared frequently in debates over the NSA’s domestic phone metadata program. The factual premise is that the NSA only compels disclosure of numbers, not names. One might conclude, then, that there isn’t much cause for privacy concern. This line of reasoning has drawn sharp criticism. In a declaration for the ACLU, Ed Felten noted:
“Although officials have insisted that the orders issued under the telephony metadata program do not compel the production of customers’ names, it would be trivial for the government to correlate many telephone numbers with subscriber names using publicly available sources. The government also has available to it a number of legal tools to compel service providers to produce their customer’s information, including their names.”
When Judge Richard Leon granted a preliminary injunction against the program last week, he expressed a similar view:
The Government maintains that the metadata the NSA collects does not contain personal identifying information associated with each phone number, and in order to get that information the FBI must issue a national security letter (“NSL”) to the phone company. . . . Of course, NSLs do not require any judicial oversight . . . meaning they are hardly a check on potential abuses of the metadata collection. There is also nothing stopping the Government from skipping the NSL step altogether and using public databases or any of its other vast resources to match phone numbers with subscribers.
(Senator Dianne Feinstein issued a statement in response, reiterating that “no names” are coerced from the phone companies in bulk.)
So, just how easy is it to identify a phone number? Trivial, we found. We randomly sampled 5,000 numbers from our crowdsourced MetaPhone dataset and queried the Yelp, Google Places, and Facebook directories. With little marginal effort and just those three sources—all free and public—we matched 1,356 (27.1%) of the numbers. Specifically, there were 378 hits (7.6%) on Yelp, 684 (13.7%) on Google Places, and 618 (12.3%) on Facebook. What about if an organization were willing to put in some manpower? To conservatively approximate human analysis, we randomly sampled 100 numbers from our dataset, then ran Google searches on each. In under an hour, we were able to associate an individual or a business with 60 of the 100 numbers. When we added in our three initial sources, we were up to 73. How about if money were no object? We don’t have the budget or credentials to access a premium data aggregator, so we ran our 100 numbers with Intelius, a cheap consumer-oriented service. 74 matched. [The results we obtained from Intelius were seemingly spottier than from Yelp, Google Places, and Facebook.] Between Intelius, Google search, and our three initial sources, we associated a name with 91 of the 100 numbers. If a few academic researchers can get this far this quickly, it’s difficult to believe the NSA would have any trouble identifying the overwhelming majority of American phone numbers.”

Is buying data stolen from an individual (or an organization that individual deals with) a Fourth Amendment violation? I would say it was clearly unethical, yet we see it a lot. Both Germany and France paid for stolen Swiss banking records, for example.
Fred Grimm comments:
Major League Baseball, in its zeal to nail A-Rod and other accused juicers, paid thousands for stolen medical records.
Not that we don’t relish the prospect of overpaid jocks getting their comeuppance, but there’s a small problem with trafficking in stolen property. It’s stolen.
Florida law’s not fuzzy about the legality of “dealing in stolen property.” A state statute puts it bluntly. “Any person who traffics in, or endeavors to traffic in, property that he or she knows or should know was stolen shall be guilty of a felony of the second degree.”
The legislature, in writing the statute, failed to include an exception for Major League Baseball. No worries. It has become apparent, as this latest baseball doping scandal unfolded, that MLB investigators are allowed to operate beyond legal restraints that hamper less exalted elements of society.
Read more on Miami Herald.

A discussion point for my Intro to Business students.
Sell Your Product Before It Exists
… The most recent standout in the class of “vaporgoods” is Coin, which straddles the divide between software and hardware. If you haven’t seen the promos yet, Coin is a new device that aggregates all of your information from credit, debit, and even loyalty cards and can be swiped just like a regular credit card. Coin’s makers first launched a $50,000 crowdfunding campaign and, after hitting their goal inside of 40 minutes, are continuing to take pre-orders at half the future retail price. It’s unknown how many units of the device have now been pre-sold. However, the real success isn’t in the amount of cash Coin raises; it’s that the minds behind Coin have proven there’s a market demand for their product using the only research method that counts: the market itself.

This could be very handy for my next book. (My next one will be my first) Also for my website students.
– is a free converter tool for documents produced by Microsoft Word and similar office software. Word to clean HTML strips out invalid or proprietary tags, leaving clean HTML behind for use in webpages and eBooks. Simply paste your text into the box then click the “convert to clean HTML” button.

Tuesday, December 24, 2013

Something my Ethical Hackers should consider. Will we look back at Syria as the first true “Digital Battlefield,” even though it is very one sided (that we can prove) and targeted at non-combatants as well as the “rebels.” No violation of the “laws of war” (Is it?) but how do you counter?
Social Engineering and Malware in Syria: EFF and Citizen Lab’s Latest Report on the Digital Battlefield
by Sabrina I. Pacifici on December 23, 2013
“More than two years into the Syrian conflict, the violence continues both on the ground and in the digital realm. Just as human rights investigators and weapons inspectors search for evidence of chemical weapons, EFF, and the University of Toronto’s Citizen Lab have been collecting, dissecting, and documenting malicious software deployed against the Syrian opposition. Citizen Lab security researchers Morgan Marquis-Boire and John Scott-Railton and EFF Global Policy Analyst Eva Galperin today published their latest technical paper, Quantum of Surveillance: Familiar Actors and Possible False Flags in Syrian Malware Campaigns. The report outlines how pro-government attackers have targeted the opposition, as well as NGO workers and journalists, with social engineering and “Remote Access Tools” (RAT).”

Very nice summary.
Really really helpful post over on 451 Security. Here’s the intro:
I’ve written this post for two reasons. First, the recent Target breach has led to some confusion, which I will try to clear up here. Second, I wanted to create an easily referenced educational resource on how credit cards are designed to work. I’m hoping this will help people understand the intricacies of credit card fraud and how some credit card features attempt to limit it.
Here is the TL;DR version: CVV codes were compromised and should not be stored post-authorization, but the CVV codes compromised are not the codes printed on the card that we get asked for when making online purchases. There are actually two separate security codes: one to prove possession of the card when it is swiped (stored on the magnetic strip) and another printed on the card, to prove possession of the card when it is used in card-not-present transactions, like e-commerce or over the phone. The same value is not used for both codes.
Read more on 451 Security.
[From the article:
Based on what we know about the breach, it sounds like track data was either potentially stored by Target (against PCI DSS rules), was captured in transit or was captured pre-authorization (PCI says you can’t store track data after authorization). If full track data was compromised, the primary threat of consumer fraud from this breach will be for stolen data to be copied to fake credit cards and used in-person.

Just up the road, but also available globally via Live Stream.
This sounds like a not-to-be-missed event. Wish I could get there to attend, but I’ll have to console myself with watching the live stream.
Friday, January 17, 2014; 9:00 AM – 5:30 PM
@ University of Colorado Law School, Room 101
Live Stream: to view, click here
What harms are privacy laws designed to prevent? How are people injured when corporations, governments, or other individuals collect, disclose, or use information about them in ways that defy expectations, prior agreements, formal rules, or settled norms? How has technology changed the nature of privacy harm?
These questions loom large in debates over privacy law. Often, they are answered skeptically. The President of the United States justifies massive NSA surveillance programs by arguing that non-content surveillance is not very harmful. Advertisers resist calls for aggressive forms of Do Not Track by arguing that the way they track online behavior creates little risk of harm. Judges dismiss lawsuits brought by users suing services that suffer massive data breaches, for lack of harm.
Meanwhile, many privacy law scholars and advocates do not speak consistently, if they speak at all, about privacy harm. Some prefer to talk about “problems” or “conflicts” not harms. Others point primarily to abstract, societal harms such as chilling effects or harms to dignity or individual autonomy. Many of these people have tried to move the conversation away from harm and what they see as crabbed, tort-centric approaches to privacy protection.
It is time to revisit old conversations about harm. New practices and technologies raise new threats of harm. [Or automate existing ones? Bob] The fear of Big Data techniques (for example in the public debate over the pregnancy prediction program of the retailer Target) have inspired new theories of harm. Economists and computer scientists have developed new ways of measuring privacy harm. Regulators have adopted new ways of talking about harm.
Join the Silicon Flatirons Center for Law, Technology, and Entrepreneurship on Friday, January 17, 2014, from 9:00 AM – 4:15 PM as we venture into the New Frontiers of Privacy Harm. We will assemble thought leaders and top practitioners and regulators for a diverse and rich set of conversations about privacy harm.
You can see the great line-up of presenters and discussants, and access the day’s schedule here.

(Related) Interesting article!
From a recent article by Woodrow Hartzog in Ohio State Law Journal, Vol. 74, p. 995, 2013:
As online social media grow, it is increasingly important to distinguish between the different threats to privacy that arise from the conversion of our social interactions into data. One well-recognized threat is from the robust concentrations of electronic information aggregated into colossal databases. Yet much of this same information is also consumed socially and dispersed through a user interface to hundreds, if not thousands, of peer users.
In order to distinguish relationally shared information from the threat of the electronic database, this essay identifies the massive amounts of personal information shared via the user interface of social technologies as “social data.” The main thesis of this essay is that, unlike electronic databases, which are the focus of the Fair Information Practice Principles (FIPPs), there are no commonly accepted principles to guide the recent explosion of voluntarily adopted practices, industry codes, and laws that address social data.
This essay aims to remedy that by proposing three social data principles — a sort of FIPPs for the front-end of social media: the Boundary Regulation Principle, the Identity Integrity Principle, and the Network Integrity Principle. These principles can help courts, policymakers, and organizations create more consistent and effective rules regarding the use of social data.
You can download the full article from SSRN. You may also wish to see the other articles in the same issue of the Ohio State Law Journal

I doubt most people even think about why privacy is of concern to magazines like Forbes.
Over on Forbes, Kashmir Hill writes:
Forget “twerking” and “selfies.” Dictionary.com dubbed “privacy” the word of the year in 2013. Here at The Not-So Private Parts, it feels a little like the unknown indie band we’ve been obsessed with for years just won best album at the Grammys. So why did the plight of our personal data achieve Arcade Fire-level fame this year?
Read more on Forbes.

(Related) Illogical or merely ignorant?
Liz Gannes reports:
When asked to choose which is more important to them, protecting their personal information online or protecting their online behavior, respondents to a recent survey said hacking is a bigger concern than tracking.
Some 75 percent of those surveyed said they are worried about hackers stealing their personal information, while 54 percent are worried about their browsing history being tracked by advertisers.
Read more on AllThingsD.

These are common failings in all industries. Managers do not like to spend money or resources on things like logs that are only useful in the unlikely event they are breached. Rational or irrational?
From the Executive Summary of a newly released report:
Nearly all hospitals with EHR technology had RTI-recommended audit functions in place, but they may not be using them to their full extent. In addition, all hospitals employed a variety of RTI-recommended user authorization and access controls. Nearly all hospitals were using RTI-recommended data transfer safeguards. Almost half of hospitals had begun implementing RTI-recommended tools to include patient involvement in anti-fraud efforts. Finally, only about one quarter of hospitals had policies regarding the use of the copy-paste feature in EHR technology, which, if used improperly, could pose a fraud vulnerability.
We recommend that audit logs be operational whenever EHR technology is available for updates or viewing. We also recommend that ONC and CMS strengthen their collaborative efforts to develop a comprehensive plan to address fraud vulnerabilities in EHRs. Finally, we recommend that CMS develop guidance on the use of the copy-paste feature in EHR technology. CMS and ONC concurred with all of our recommendations.
You can access the full report here (pdf, 30 pp.)

Sign up an you can be among the first to know you've been had. Possibly even before the breachee.
Have you been pwned? Now you can be automatically told when you are!
Just under three weeks ago now, I launched Have I been pwned? which could tell you if you owned one of 154 million email addresses that had been caught up in recent data breaches. Subsequently, the site turned out to be wildly popular and as with such things, a lot of good ideas came up in terms of features people would like to see.
Without doubt, the number one request was for notifications. Searching for accounts that may have been pwned up to the current date is one thing, but the real value is in being automatically notified when you get pwned in the future. So I built it – oh and I’ve made it a free service.
Signing up for notifications
Let me talk you through it: First of all, jump over to haveibeenpwned.com and search for your email address. You can always just hit the “Notify me” link in the nav but I suspect most people will want to kick off by looking at whether they’ve already been compromised.
This is pretty much business as usual, except now you’ve got a “Notify me if my address gets pwned in the future” hyperlink just above the social media icons. Click that guy and you’ll get a little window:

I like lists like this, because I always try to steal learn from the best! Many more blogs listed at the site.
Announcing the 2013 Blawggie Awards – Tenth Edition
2013 Blawggie Award Categories and Winners.
1. Best Overall Law-Related Blog – 3 Geeks and a Law Blog
2. The “Marty Schwimmer” Best Practice-Specific Legal Blog – Sharon Nelson’s Ride the Lightning
3. Best Law Practice Management Blog – Adam Smith, Esq.
4. Best Law-related Blog Category – Law Librarian Blogs BeSpacific Blog
5. The “Kennedy-Mighell Report” Best Legal Podcast – The Return of the Legal Talk Network
6. The “Sherry Fowler” Best Writing on a Blawg Award – Sharon Nelson’s Ride the Lightning
7. Best Law Professor Blog – Legal Skills Prof Blog
8. The “DennisKennedy.Blog” Best Legal Technology Blog – V. Mary Abraham’s Above and Beyond KM
9. Best New Blawg – Jerry Lawson’s NetLawTools

For my Apple toting students...
Year in Review: 5 Most Notable New iOS Apps of 2013

For my Ethical Hackers
… why not steal away by yourself for a few hours and work on the SANS Institute’s 10th annual Holiday Hacking Challenge?
… The learning opportunity comes into play when you don’t already understand something you encounter in the packet capture file. You are expected to do your own research to understand the artifact well enough to explain it in your response. Given that this year’s scenario is based on a virtual city’s critical infrastructure, Skoudis says there will be some protocols that network professionals probably aren’t familiar with. It’s a chance to stretch your knowledge a bit and build some in-demand skills in a fun way.
Since this is the 10th year for the competition, some of the previous years’ challenges and answers are posted online.
… For a look at the 2012 Holiday Hacking Challenge and the winning and honorable mention responses, click here.
Details about the Holiday Hacking Challenge, which is now live, can be found here. You have until January 6, 2014 to send your results to HolidayChallenge@counterhackchallenges.com. Good luck!