Saturday, February 02, 2013

If you haven't been hacked, China doesn't think you're important. (This Blog is safe.) On the other hand, Who has been hacked but has not (yet?) detected it?
Following on the heels of the New York Times, Bloomberg News, and the Wall Street Journal, sources have come forward to state that The Washington Post has also been hit by cyberattacks originating in China. The information was provided by individuals said to be familiar with the situation, including a former Post employee. The attacks were said to have occurred over the course of at least four years.


...and just for fun, we did it with 140 character programs!
"Earlier this week, hackers gained access to Twitter's internal systems and stole information, compromising 250,000 Twitter accounts before the breach was stopped. Reporting the incident on the company's official blog, Twitter's manager of network security did not specify the method by which hackers penetrated its system, but mentioned vulnerabilities related to Java in Safari and Firefox, and echoed Homeland Security's advisory that users disable Java in their browsers. Sure, blame everything on Larry Ellison. Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times."


What's the French word for “extortion?” Oh yeah, it's “extorsion.” Vive le France!
New submitter Flozzin writes with news of some resolution to the long-standing dispute that some French publishers have had with Google for republishing snippets of news reports without sharing revenue earned from the ads run alongside. Now, reports the BBC, "Google has agreed to create a 60m euro ($82m; £52m) fund to help French media organisations improve their internet operations. [Let's hope this does not mean “find more victims” Bob] It follows two months of negotiations after local news sites had demanded payment for the privilege of letting the search giant display their links. The French government had threatened to tax the revenue Google made from posting ads alongside the results."


A potential guide for government Health Care systems?
Jack Doyle reports:
GPs are to be forced to hand over confidential records on all their patients’ drinking habits, waist sizes and illnesses.
The files will be stored in a giant information bank that privacy campaigners say represents the ‘biggest data grab in NHS history’.
They warned the move would end patient confidentiality and hand personal information to third parties.
The data includes weight, cholesterol levels, body mass index, pulse rate, family health history, alcohol consumption and smoking status.
Diagnosis of everything from cancer to heart disease to mental illness would be covered. Family doctors will have to pass on dates of birth, postcodes and NHS numbers.
Officials insisted the personal information would be made anonymous and deleted after analysis.
Read more on Daily Mail.
And if you’re looking for additional information on the Everyone Counts initiative, you might want to check out this NHS Commissioning Board web site. One of the documents on that site provides more details on the clinical data sets and the types of information GPs are required to submit.
It is understandable, and even commendable, that public health authorities want to get a handle on the state of the public’s health and available services to improve them. Our own CDC also compiles data that points to underserved groups of patients, etc. But requiring physicians to provide such extensive information on every patient in conjunction with the patient’s national NHS identifier when we know that the NHS has had numerous data security and privacy breaches is a breach waiting to happen. Under the scheme, GPs would be providing:
  • NHSNumber
  • Date of Birth
  • Gender
  • PostCode
  • EthnicityCode
  • Registration Status
  • RegistrationDate
  • DeRegistrationDate
  • Date of Death
And then there is all the medical/mental health information.
I think the NHS is overly and unduly confident of its ability to secure data. How many thousands of people will have access to the data that has been electronically inputted by physicians? And for how long will they store the data before it is analyzed and then deleted?
Overall, it appears that the NHS has taken the notion of public health to an extreme at the expense of patient confidence in the confidentiality of their visits to their doctors. How many patients will not seek care for fear of mental health or other problems being reported to a central authority?
Just as health care professionals in the U.S. need to resist some government plans to require us to provide data on our patients, so, too, do British health care organizations need to take a long hard look at confidentiality issues. The BMA has expressed some concerns, but confidentiality doesn’t appear to be among them. Hopefully they will address confidentiality and security issues in a further post.


On Marh 15th, The Privacy Foundation (http://privacyfoundation.org/ ) will host a seminar to correct all of the FTC's errors. Mark your calendar!
The FTC has released a new report: Mobile Privacy Disclosures: Building Trust Through Transparency. From the Executive Summary:
Based on the Commission’s prior work in this area, the panel discussions, and the written submissions, this report offers several suggestions for the major participants in the mobile ecosystem as they work to improve mobile privacy disclosures.
Platforms, or operating system providers offer app developers and others access to substantial amounts of user data from mobile devices (e.g., geolocation information, contact lists, calendar information, photos, etc.) through their application programming interfaces (APIs). In addition, the app stores they offer are the interface between users and hundreds of thousands of apps. As a result, platforms have an important role to play in conveying privacy information to consumers. While some platforms have already implemented some of the recommendations below, those that have not should:
  • Provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation;
  • Consider providing just-in-time disclosures and obtaining affirmative express consent for other content that consumers would find sensitive in many contexts, such as contacts, photos, calendar entries, or the recording of audio or video content;
  • Consider developing a one-stop “dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded;
  • Consider developing icons to depict the transmission of user data;
  • Promote app developer best practices. For example, platforms can require developers to make privacy disclosures, reasonably enforce these requirements, and educate app developers;
  • Consider providing consumers with clear disclosures about the extent to which platforms review apps prior to making them available for download in the app stores and conduct compliance checks after the apps have been placed in the app stores;
  • Consider offering a Do Not Track (DNT) mechanism for smartphone users. A mobile DNT mechanism, which a majority of the Commission has endorsed, would allow consumers to choose to prevent tracking by ad networks or other third parties as they navigate among apps on their phones.
App developers should:
  • Have a privacy policy and make sure it is easily accessible through the app stores;
  • Provide just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information (to the extent the platforms have not already provided such disclosures and obtained such consent);
  • Improve coordination and communication with ad networks and other third parties, such as analytics companies, that provide services for apps so the app developers can provide accurate disclosures to consumers. For example, app developers often integrate third-party code to facilitate advertising or analytics within an app with little understanding of what information the third party is collecting and how it is being used. App developers need to better understand the software they are using through improved coordination and communication with ad networks and other third parties.
  • Consider participating in self-regulatory programs, trade associations, and industry organizations, which can provide guidance on how to make uniform, short-form privacy disclosures.
Advertising networks and other third parties should:
  • Communicate with app developers so that the developers can provide truthful disclosures to consumers;
  • Work with platforms to ensure effective implementation of DNT for mobile.
App developer trade associations, along with academics, usability experts and privacy researchers can:
  • Develop short form disclosures for app developers;
  • Promote standardized app developer privacy policies that will enable consumers to compare data practices across apps;
  • Educate app developers on privacy issues.
Download the full report here.


We heard your protests and after review have decided to ignore them.”
"Facebook has brought back its photo Tag Suggestions feature to the U.S. after temporarily suspending it last year to make some technical improvements. Facebook says it has re-enabled it so that its users can use facial recognition 'to help them easily identify a friend in a photo and share that content with them.' Facebook first rolled out the face recognition feature across the U.S. in late 2010. The company eventually pushed photo Tag Suggestions to other countries in June 2011, but in the US there was quite a backlash. Yet Facebook doesn't appear to have made any privacy changes to the feature: it's still on by default."


Not exactly an App, but an interesting “big data” tool...
IBM Security Tool Can Flag ‘Disgruntled Employees’
… The new tool, called IBM Security Intelligence with Big Data, is designed to crunch decades worth of emails, financial transactions and website traffic, to detect patterns of security threats and fraud. Beyond its more conventional threat prevention applications, the new platform, based on Hadoop, a framework that processes data-intensive queries across clusters of computers, will allow CIOs to conduct sentiment analysis on employee emails to determine which employees are likely to leak company data, Mr. Bird said. That capability will look at the difference between how an employee talks about work with a colleague and how that employee discusses work on public social media platforms, flagging workers who may be nursing grudges and are more likely to divulge company information. “By analyzing email you can say this guy is a disgruntled employee and the chance that he would be leaking data would be greater,” Mr. Bird said of IBM’s new tool.


For my Geeks...


For anyone who has to be out and about during “Commercial Fest” (More sources in the article)
… If you head over to the CBS Sports home page and click on over to their /SuperBowl/ portal, you’ll be able to see the whole game live.
… If you’re a Verizon user and you’ve subscribed to NFL Mobile, you’re in luck – the whole game will be streamed through your smartphone.


The future of education?
Friday, February 1, 2013
200+ MOOCs and Free Online Certificate Programs
… To help you find a MOOC that interests you and or your students Open Culture has created a list of more than 200 MOOCs and free certificate programs.
Stephen Downes also has a nice MOOC listing going on his MOOC.ca page. 


My weekly amusement...
TorrentFreak reports that the University of Illinois is disconnecting the Internet of students who are accused of piracy after their first warning. “When copyright holders send a DMCA notice informing the university about unauthorized BitTorrent downloads, the student’s dorm room is immediately cut off from the Internet.”
The patent system in the U.S. is broken. Case in point, the awarding this week of a patent to the University of Phoenix for its Academic Activity Stream, an educational news feed. There’s lots of prior art here, including Facebook’s patent on the news feed itself. Phil Hill offers more thoughts on e-Literate. Will ed-tech soon see round 2 of the great LMS patent wars (Blackboard v Desire2Learn) with the University of Phoenix going after those who use news feeds in their software (namely Instructure, Edmodo, Schoology, Pearson’s OpenClass…)?


Dilbert shows one downside (upside?) of Behavioral Advertising...

No comments: