Saturday, January 19, 2013

We didn't have the time to do it right, but we found the time to do it over...”
Doesn't the fact that they immediately changed their practices after the loss impact their liability?
By Dissent, January 18, 2013 7:09 pm
Chris Cobb reports:
Montfort Hospital officials were scrambling on Friday to reassure thousands of patients that an unsecured USB data key lost by a hospital employee did not contain intimate details of their health issues.
Information on the USB key, downloaded from a Montfort computer in contravention of hospital rules, contained information on more than 25,000 patients, all of whom have been sent a letter of apology and reassurance signed by Montfort’s chief privacy officer El Mostafa Bouattane.
The mass-mailed letter addressed to “Dear Patient”’ tells patients only that the USB key disappeared “despite our standard precautions” and contained just basic person information — “your name, summary data relating to the type of service you received, the date of service and a code referring to your provider’s name.” (“Provider” is the patient’s doctor).
Read more on Ottawa Citizen.
[From the article:
The employee has now been “re-sensitized” to security issues and is back at work, he added, but she wasn’t suspended or otherwise penalized.
… We decided there was no malice, hacking or other illegal activity involved.”
The Montfort, previously equipped with both encrypted and non-encrypted computers, has upgraded its systems with new privacy technology that does not allow data to be download onto USB keys that are not similarly encrypted, added Marleau.
… Carolyne Chaput, who had X-rays taken at the Montfort in October, said Friday that the letter came to her home Thursday “out of the blue” and she found it was extremely vague.


I wouldn't give up a valuable tool like that unless I had another (next generation ) tool ready to go, or better already installed and working.
Red October espionage platform unplugged hours after its discovery
Key parts of the infrastructure supporting an espionage campaign that targeted governments around the world reportedly have been shut down in the days since the five-year operation was exposed.
… The research uncovered more than 60 Internet domain names used to run the sprawling command and control network that funneled malware and received stolen data to and from infected machines. In the hours following the report, many of those domains and servers began shutting down, according to an article posted Friday by Kaspersky news service Threatpost.


Are we heading toward “universal breach notification?”
New bill asks companies to notify EU of security breaches
Proposed legislation in the European Union would force tech companies that have access to user data -- such as Facebook, Google, and Microsoft -- to report any security breaches to local cybersecurity agencies, the Financial Times reported today.


“We know what's best for students, parents don't!”
School Kicks Out Sophomore in RFID Student-ID Flap
A Texas high school on Friday barred a girl from attending class as part of the fallout from a legal flap that began when the sophomore refused to wear around her neck an RFID-chip student ID she claims is the “Mark of the Beast,” lawyers connected to the brouhaha said.
… The devout Christian sued the district, and last week a Texas federal judge concluded the 15-year-old’s right of religion was not breached, a decision a federal appeals court left intact Wednesday. That’s because the school district, the lower court ruled, eventually agreed to accommodate the girl and allow her to remove the RFID chip while still demanding that she wear the identification like the other students.
… U.S. District Judge Orlando Garcia’s ruling gave the girl and her family until Friday to decide whether to go to a different school or comport. She appealed to the New Orleans-based 5th U.S. Circuit Court of Appeals, arguing that adorning herself with the ID card, even one without an RFID chip, amounted to discriminating against her “sincerely held beliefs.”
… Money is the main motive behind the school using the RFID chips.
Like most state-financed schools, the district’s budget is tied to average daily attendance. If a student is not in his seat during morning roll call, the district doesn’t receive daily funding for that pupil because the school has no way of knowing for sure if the student is there.


“Yeah, that used to be a privacy option, now it's a search feature!”
On Facebook, users can no longer hide from search results
In the wake of its “graph search” announcement, Facebook removed the ability for users to opt out of appearing in search results on the site, as noted by Quartz. Because graph search relies on the content of profiles to fuel its results, the move will allow more comprehensive returns on searches but may violate the privacy of users who previously relied on that feature.


A useful case study for Copyright law students? OR Something for the Copyright lawyers to blather about?
Hands On With Kim Dotcom’s New Mega: This Service Could Dismantle Copyright Forever
Kim Dotcom's Mega officially launches tomorrow, but we're already in. From the membership plans we showed you this morning, the service might look like it's just another online storage locker like Dropbox or Google Drive. But it's way more than that. Mega is a weapon aimed straight at copyright rights holders. It's maybe the most private, invincible file-sharing service of all time.
When you first sign in, you see (instead of a big red button coyly promising to change the world) a simple drag-and-drop upload tool. A Mega upload tool.
From there, you're immediately prompted to agree to terms and conditions. Our resident lawyer told us they're not very well written, but in essence, they absolve Mega for any liability whatsoever for and naughty things you might do with the service. Smart Move, Kim.
… So what's to stop Mega from going down just the way Megaupload did? Mega's privacy, which is a no-foolin' stroke of genius. See, all of your files are encrypted locally before they're uploaded, so Mega has no idea what anything is. It could be family photos or work documents, or an entire discography of your favorite band. Poof: online and easy to share. And importantly, Mega doesn't have the decryption key necessary to get in. See? It's a masterstroke of copyright subversion.


It never hurts to redundantly repeat and reiterate the basics...

(Related)


How else does one get the attention of (for example) people who use the XYZ website?
"You don't necessarily have to a hacker to be viewed as one under federal law. ProPublica breaks down acts of 'hacktivism' to see what is considered criminal under the Computer Fraud and Abuse Act. It points out that both Aaron Swartz and Bradley Manning were charged under the CFAA. Quoting: 'A DDoS attack can be charged as a crime under the CFAA, as it “causes damage” and can violate a web site’s terms of service. The owner of the site could also file a civil suit citing the CFAA, if they can prove a temporary server overload resulted in monetary losses. ... The charges for doxing depend on how the information was accessed, and the nature of published information. Simply publishing publicly available information, such as phone numbers found in a Google search, would probably not be charged under the CFAA. But hacking into private computers, or even spreading the information from a hack, could lead to charges under the CFAA.'"


I read a LOT of articles every day, so I will give this a try.
When was the last time you read a whole article? Not two or three paragraphs and then clicked on to the next one, but the whole thing. What about an article that was more than 1000+ words? The fact is, it’s difficult to read on the web. There are a number of things that could be blamed from ads along side of content that are distracting to our click-happy habits of constantly opening more and more links in our browser.
A developer by the name of Richard Wallis saw this problem too and he created a solution. That solution is a browser extension and a bookmarklet that removes the potential distractions from around the page, but it also addresses something else that he feels is actually the reason behind our poor reading habits online.
In his blog post, he explained his reasoning:
The problem is scrolling. Scrolling is a brilliant way to display a map or an Excel spreadsheet on a computer. But it’s a terrible way to display text.
That’s because scrolling moves the text on a page. And moving text, even if it’s under your control, will break your reading rhythm.
… MagicScroll certainly isn’t the only web reading aid out there, there’s Clearly, Instapaper, iReader, and Readability, which are among my favorites.
Don't have Chrome? Just drag the following link to your bookmarks bar:


For my amusement...
San Jose State University has partnered with the online education startup Udacity to offer 3 online classes for credit. Although Udacity has been at the forefront of the recent MOOC-hype, these classes aren’t really “MOOCs.” They aren’t massive — just 100 students apiece. They aren’t open — they’re limited to a select group of SJSU, community college, and high school students. They aren’t free. The credits will cost $150 a piece. MOOCs or not, this is pretty big news. My write-up is here.
… In related news, ACE (the American Council on Education) will evaluate 4 Udacity courses for credits. ACE announced in November that it was similarly evaluating Udacity’s competitor Coursera to see if its courses could be eligible for credit.
A survey from Scholastic finds that the number of kids reading e-books has nearly doubled since 2010. Despite the interest expressed by those age 6 to 19 about e-books, 80% said that they still read books for fun “primarily in print.”


This is the start of my HTML5 collection
Here’s the Interactive Site That Will Make You an HTML5 Devotee
… Designer and developer Jongmin Kim has taken it upon himself to explore the language’s bleeding edge with his Form Follows Function web project, which demonstrates and expands HTML5′s most aesthetically interesting capabilities.


So can my students rent textbooks?
This week Amazon has unveiled Kindle book rentals in an extremely quiet fashion, opting to test it out with the public before doing any sort of press on the topic – but you can try it out right this minute if you wish. What you’re going to be doing here is renting a title for a certain amount of time, with the price going up based on how many months you’d like to keep it around. Thirty day increments appear at the moment to be the turn-over for how much you’ll be paying, 30, 60, 90, and 120 day periods being available for less than a dollar difference.
… If you have a peek at one of the very, very few titles available with rentals thus far by the name of Theories of International Politics and Zombies (courtesy of tipster Karen at Zats Not Funny, you’ll find that the Buy Price is (as it usually is) a little more than half of the price of the list price. The rent price, then, is less than half that cost – 80% off the original list price. Of course that’s the price to rent a digital copy for 30 days instead of owning the original print book forever, but the price difference is extremely important to the author in the end.

Friday, January 18, 2013

Does “finding malware” set the bar for notification higher? This is really “an abundance of caution.” Where would you draw the line?
St. Mark’s Medical Center in LaGrange, Texas notified 2,988 patients of a breach. From their notice of December 31, 2012:
On November 15, 2012, we learned that on May 21, 2012, one of our employee’s computers had become infected with malware that appears to have been designed to look for personal information stored on the computer. We immediately began an investigation and engaged a computer forensic investigation firm to examine the computer. Although the firm could not rule out the possibility, they did not find any evidence to confirm that any unauthorized person removed the personal information stored on the computer. If an unauthorized person did gain access to files stored on the computer, they would have been able to view billing files that contained patient names, account numbers, medical record numbers, dates of birth, gender, Social Security numbers, treatment dates, insurance provider names, and account balances. No medical records were accessed in the incident.


How do you secure your computers?
"For the second time in a row, Microsoft's Security Essentials failed to earn certification from AV-Test, the independent German testing lab best known for evaluating the effectiveness of antivirus software. Out of 25 different security programs tested by AV-Test, including software from McAfee, Norman, Kaspersky, and others, Microsoft's Security Essentials was just one out of three that failed to gain certification. These results are noteworthy because Microsoft Security Essentials is currently (as of December) the most popular security suite in North America and the world."


Facebook, the phone company?
The Washington Post (among many others) reports on a development from Facebook that may excite many more users than does the much-hyped announcement about richer search capabilities: after launching a Canadian trial balloon not long ago, Facebook is expanding the reach of its free in-app VoiP communications with free voice comms via the company's smartphone app.

(Related)
Frequent contributor Bennett Haselton writes with some strong cautions on a Facebook "feature" that lets you search for random phone numbers and find the accounts of users who have registered that number on their Facebook profile. This has privacy implications that are more serious than searching by email address.


Anonymous ain't?
By Dissent, January 18, 2013 8:38 am
Gina Kolata reports:
The genetic data posted online seemed perfectly anonymous — strings of billions of DNA letters from more than 1,000 people. But all it took was some clever sleuthing on the Web for a genetics researcher to identify five people he randomly selected from the study group. Not only that, he found their entire families, even though the relatives had no part in the study — identifying nearly 50 people.
Read more on The New York Times.


Hummm. Translating from the Queen's English is confusing.
On January 9, I had some concerns about a U.K. injunction that blocked The Sun from publishing pictures of actress Kate Winslet’s husband. Now Mr. Justice Briggs’ written judgement is available online. The ruling provides a nice recap of the multi-prong test being applied by the court in trying to determine, and balance, an individual’s Article 8 rights against the press’s Article 10 rights.
One of the points that I thought Justice Briggs made well concerned what should happen when material has already been disclosed on Facebook. In this case, he held that even though the material had been viewed by people, it was not so widely available as to make it comparable to a situation in which commercial trade secrets, once widely disclosed, have lost their confidential nature. Additional reproduction or dissemination of photos to new groups would provide new opportunities for harm or embarrassment to the individual and so preventing such future publication is appropriate when publication of the pictures is only to titillate the public or give them a chance to snigger at someone’s immature behavior.
See what you think of the ruling.


Mobile Apps are caught in their “We can, therefore we must” logic.
Bob Sullivan reports:
The element of surprise causes hard feelings when it comes to privacy violations, and mobilephone apps are ambushing consumers far too often, according to researchers at Carnegie Mellon University.
Researchers at the school’s Human-Computer Interaction Institute studied both the data gathered by the 100 most popular programs in Google’s Android app store, and how surprised users were when told what the apps were doing. On Tuesday they released a list of the 10 worst offenders in terms of transparency.
[The 10 worst offenders:
Brightest Flashlight (device ID, location)
Toss It game (device ID, location)
Angry Birds game (device ID, location)
Talking Tom virtual pet (device ID)
Backgrounds HD Wallpapers (device ID, contacts)
Dictionary.com (device ID, location)
Mouse Trap game (device ID)
Horoscope (device ID, location)
Shazam music (device ID, location)
Pandora Internet Radio (device ID, contacts)

(Related) How come my congressman never introduces privacy bills? How many technology gernerations behind is Congress?
new draft bill published today aims to increase privacy for mobile app users.
Led by U.S. Rep. Hank Johnson (D-Ga.), the bill aims to legally require app developers to publicize how they gather information and also let users request deletion of their stored data.
Read more on CNET.


412 pages should cover it (if not we can use the report to crush it)
The IRISS (Increasing Resilience in Surveillance Societies) project, funded by the EC under the 7th Framework Programme, has just published a major 412-page report entitled Surveillance, Fighting Crime and Violence. The report analyses the factors underpinning the development and use of surveillance systems and technologies by both public authorities and private actors, their implications in fighting crime and terrorism, social and economic costs, protection and infringement of civil liberties, fundamental rights and ethical aspects.
The IRISS consortium has identified the following trends: (1) a substantial growth of public sector demand for surveillance bolstered by the adoption of identity schemes and terrorist detection technologies and markets, (2) an increase in the demand for civil and commercial surveillance, (3) the development of a global industry in surveillance, (4) an increase in integrated surveillance solutions, and (5) a rise in the government use of cross-border surveillance solutions.
Read more on IRISS Project.

(Related) This complicates their assurance that “everything is safe and private” doesn't it?
"The Transportation Security Administration (TSA) has ended a contract with Rapiscan, a unit of OSI Systems Inc., manufacturer of about half of all of the controversial full-body scanners used on air passengers. TSA officials claim that Rapiscan failed to deliver software that would protect the privacy of passengers, but the contract termination happened immediately after the TSA finally got around to studying the health effects of the scanners, and Congress had a hearing on TSA's 'Scanner Shuffle'."

(Related) Just so we're clear...
TSA to Remove Naked-Image Scanners From US Airports
The Transportation Security Administration has announced that it will remove the controversial "naked image" body scanners from US airports because developers can't write software to make the images less revealing.


Excerpts from a very long post...
From their press release:
The U.S. Department of Health and Human Services (HHS) moved forward today to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The final omnibus rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law.
… “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”
The Rulemaking announced today may be viewed in the Federal Register at https://www.federalregister.gov/public-inspection.
The rule is currently available only in .pdf format, and it’s a staggering 563 pp: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules
… Entities will need to perform a risk assessment that incorporates four factors:
(1) the nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification; (2) the unauthorized person who used the protected health information or to whom the disclosure was made; (3) whether the protected health information was actually acquired or viewed; and (4) the extent to which the risk to the protected health information has been mitigated.
… In skimming, I also noticed that HHS estimates that, based on their experience, approximately 6.71 million individuals will be affected by the 19,000 breaches reported to HHS each year, which is, on average, roughly 353 affected individuals per breach.


I suppose it fits the “Safeguard and secure cyberspace” part of their mission.
"The Department of Homeland Security has taken charge of pushing medical device manufacturers to fix vulnerable medical software and devices after researchers popped yet another piece of hospital hardware. It comes after the agency pushed Philips to move to fix critical vulnerabilities found in its popular medical management platform that is used in a host of services including assisting surgeries and generating patient reports. To date, no agency has taken point on forcing the medical manufacturers to improve the information security profile of their products, with the FDA even dubbing such a risk unrealistic (PDF)."


Does this reduce the possibility of abuse?
"Congresswoman Zoe Lofgren proposes a change to the Computer Fraud and Abuse Act (CFAA) which would remove the felony criminal penalty for violating the terms of service of a website and return it to the realm of contract law where it belongs. This would eliminate the potential for prosecutors to abuse the CFAA in pursuit of criminal convictions for simple violations of a website's terms of service."


Is this another indication that the case is bogus or just that DoJ is too heavy handed? “Gimme everything and I'll tell you what I think you should know.”
Timothy B. Lee reports:
An Ontario judge has refused a US request for unfettered access to the data on Megaupload servers hosted in Canada. The ruling is another sign that overseas courts are not giving US officials the degree of deference they’ve grown accustomed to in this case under US law.
Read more on Ars Technica.
Now if U.S. judges would just stop being so deferential to DOJ, too…
[From Ars Technica:
Instead, she ordered the United States and Megaupload to negotiate about which information the government should get access to under court supervision. If the parties are unable to reach an agreement, Justice Pardu herself will make the decision.

(Related)
"Kim Dotcom on Thursday used Twitter to reveal some interesting new tidbits in regards to his upcoming Mega service, which will be hosted at the New Zealand-based domain Mega.co.nz. Two days before the service is to go live, Doctom says he plans to offer 50GB of free storage to all members and is also working on bringing over users' Megaupload files and data, but has so far run into legal issues."
To say that Kim Dotcom has "run into legal issues" is like saying that Julian Assange is having a sleepover at the Ecuadorian embassy.


In one swell foop, Dilbert explains things for my Statistics, Business and Discrete Math students!


I have some students who should take this.
Take Mensa’s Free Test and Find Out If You’re a Genius
Mensa—the club for people who know they're smarter than you—is offering its home test for free during the month of January. It's an IQ test that takes 32 minutes to complete and at the end it'll tell you whether you're Mensa material.


Thursday, January 17, 2013

We only steal from the best. (Why waste time on targets with less than 6 figures in the bank?)
"Researchers at RSA say that a new phishing toolkit allows attackers to put a velvet rope around scam web pages – bouncing all but the intended victims. The new toolkit, dubbed 'Bouncer,' was discovered in an analysis of attacks on financial institutions in South Africa, Australia and Malaysia in recent weeks. It allows attackers to generate a unique ID for each intended victim, then embed that in a URL that is sent to the victim. Outsiders attempting to access the phishing page are redirected to a '404 page not found' error message. Other phishing kits have used IP address blacklists to block anti malware companies from viewing their malicious pages, but this is the first known use of whitelisting, RSA said. The phishing attacks that RSA technicians discovered that used the Bouncer kit were designed to harvest login credentials from financial services firms. The whitelisting feature may well work, especially given the volume of potential phishing pages that security companies review each day. Getting a 404 message may be enough to get a forensic investigator or security researcher to move on to the next phishing site, rather than investigating."


Double Secret Probation! What do you expect when you put Dean Wormer in charge?
Surveillance Strategy Is ‘Privileged and Confidential,’ FBI Says
… He also said the government issued two memos on how to proceed following the so-called “Jones” decision — memos the government now claims are not for public consumption. What that boils down to is this: If the government told you how it was spying on you, it would have to kill you. [Not funny. They have drones! Bob]
… According to the ACLU, the withholding of the documents’ contents is “an unfortunate decision” that “leaves Americans with no clear understanding of when we will be subjected to tracking — possibly for months at a time.”
Catherine Crump, the ACLU’s lawyer on the topic, added that “Privacy law needs to keep up with technology, but how can that happen if the government won’t even tell us what its policies are?


What are banking regulations in the Cloud? When data moves constantly (to balance workloads and improve performance) it only “passes through” jurisdictions.
New Bank Has No Branches, Just an App — And Thinks You’ll Volunteer to Pay for It
The company that made prepaid debit cards for the “unbanked” ubiquitous has a new venture: a bank. But Green Dot (GDOT) isn’t planning on opening any branches. To visit this bank, you have to open up the app.
Green Dot’s GoBank, announced this week in San Francisco, attempts to push mobile banking forward by making banking mobile-only. And the company seems to believe the GoBank app will delight account holders so much that they will voluntarily pay for the privilege of using it.
… “If you look at people who have an iPhone or Android and are under 40 and are dissatisfied with their bank, it’s actually quite a large market,” said Sam Altman, Green Dot’s vice president of mobile.


Toward automated legal services.
January 16, 2013
Article - Can Lawyers Stay in the Driver's Seat?
Can Lawyers Stay in the Driver's Seat? - Daniel G. Currell, Corporate Executive Board; M. Todd Henderson, University of Chicago - Law School. University of Chicago Institute for Law & Economics Olin Research Paper No. 629. January 16, 2013
  • "The law firm business is thriving, despite significant pain in the legal sector as changes take place. The continuing success of Big Law is in part because of its ability to adjust quickly to changes in demand by hiring and firing staff. But as Larry Ribstein saw, big changes nevertheless loom on the horizon. These changes will likely be driven by a series of specialized service providers who compete with law firms from a lower price point as Benjamin Barton points out in his article in this volume. If history is a guide, cheaper alternatives will evolve into higher-quality alternatives, at which point the law firms most invested in the status quo are likely to suffer greatly. While the significance of this disruption is often viewed in terms of how it will affect lawyers, in fact it should be assessed mainly from the perspective of consumers and society: does the quality of legal services rise or fall at any given price point?"


One day we will be able to automagically annotate articles (even my blog posts) with proper legal citations.
January 16, 2013
Enhancements to U.S. Statutes at Large on FDsys
"The U.S. Government Printing Office (GPO) recently enhanced the U.S. Statutes at Large collection on FDsys by adding descriptive metadata for public laws, private laws, concurrent resolutions, and presidential proclamations. For approximately 32,000 individual documents, the enhancements allow researchers improved searchability and retrieval by searching such metadata fields as title, SuDocs classification number, date, category, etc. The U.S. Statutes at Large collection includes volumes 65-115, covering the 82nd -107th Congresses, from 1951-2002. The additional descriptive data was added by both manual and automatic processes. A team of GPO staff members from Library Services and Content Management (LSCM), including catalogers and automation librarians, added descriptive metadata for titles, public law numbers, and dates."


If the process is that old, has the patent expired? And why 5-10 years to re-start production?
"California scientists have just created a new biofuel using plants that burns just as well as a petroleum-based fuel. 'The discovery, published in the journal Nature, means corn, sugar cane, grasses and other fast-growing plants or trees, like eucalyptus, could be used to make the propellant, replacing oil,' writes the San Francisco Chronicle, and the researchers predict mass marketing of their product within 5 to 10 years. They created their fuel using a fermentation process that was first discovered in 1914, but which was then discontinued in 1965 when petroleum became the dominant source of fuel. The new fuel actually contains more energy per gallon than is currently contained in ethanol, and its potency can even be adjusted for summer or winter driving."


For my statistics students. You can find bias anywhere, if you are so inclined. (Inclined = tilted, titled = biased)
"The much-publicized international rankings of student test scores — PISA — rank the U.S. lower than it ought to be for two reasons: a sampling bias that includes a higher proportion of lower socio-economic classes from the U.S. than are in the general population and a higher proportion of of U.S. students than non-U.S. who are in the lower socio-economic classes. If one were to rank comparable classes between the U.S. and the rest of the world, U.S. scores would rise to 4th from 14th in reading (PDF) and to 10th from 25th in math."

Wednesday, January 16, 2013

If so, they must have failed to implement many “Best Practices” that could have detected and prevented this. Note that they did not need an Internet connection to be infected.
"Two U.S. power companies have reported infections of malware during the past three months, with the bad software apparently brought in through tainted USB drives, according to the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The publication (PDF) did not name the malware discovered. The tainted USB drive came in contact with a 'handful of machines' at the power generation facility and investigators found sophisticated malware on two engineering workstations critical to the operation of the control environment, ICS-CERT said."


It might be interesting to have a random group of law school students look back at their high school websites to see how they are handling student privacy.
Here’s something you likely won’t see here in the U.S. – partly because we don’t have a Privacy Commissioner and partly because the U.S. Department of Education remains disturbingly placid about all the breaches in the education sector – the government of Hong Kong issued the following statement:
The Office of the Privacy Commissioner for Personal Data has discovered that sensitive personal information of students has inadvertently been exposed online, potentially affecting as many as 8,505 students from 11 local schools, including tertiary institutions.
[...]
It’s not clear to me what enforcement action the government might take should educational institutions not improve their data protection and security, but I suspect that they will be more likely to take action there than we are here.


The next big thing in Mobile Apps?
The Future of Commerce Starts With a Tap
Over 100 million phones will ship with NFC this year. Google has built NFC into the Android operating system. Nintendo uses NFC in the new Wii U gaming console. At the recent Consumer Electronics Show, Samsung, LG, and Sony unveiled NFC-enabled smartphones, televisions, and appliances.
So what's NFC? It technically stands for Near Field Communications, and it enables mobile devices like smartphones to communicate with nearby devices and objects with a simple tap. It works like this: A chip in your phone sends out a radio wave that is picked up by another NFC device or any object with an RFID tag. The tag is small, about the size of a dime, and can be embedded in or attached with a sticker to a product or advertisement. When tapped by a device, the tag tells the device what to do, such as open a web site, transmit a file, download an app, or make a payment.


Now you too can hold several jobs (why stop at one?) and still have time to party! (Sort of an outsourcing sub-lease?)
"The security blog of Verizon has the story of an investigation into unauthorized VPN access from China which led to unexpected findings. Investigators found invoices from a Chinese contractor who had actually done the work of the employee, who spent the day watching cat videos and visiting eBay and Facebook. The man had Fedexed his RSA token to the contractor and paid only about 1/5th of his income for the contracting service. Because he provided clean code on time, he was noted in his performance reviews to be the best programmer in the building. According to the article, the man had similar scams running with other companies."


Okay, this guy has suffered enough. Now let's send everyone to my crabby backyard neighbor! [It's wrong, but it's on the Internet so it must be true!]
"A mysterious GPS-tracking glitch has brought a parade of lost-phone seekers — and police officers — to the front door of a single beleaguered homeowner in Las Vegas. Each of the unexpected visitors – Sprint customers all — has arrived absolutely convinced that the man has their phone. Not so, police confirm. The same thing happened in New Orleans in 2011 and Sprint got sued. Says the Las Vegas man: 'It's very difficult to say, 'I don't have your phone,' in any other way other than, 'I don't have your phone.''"


“Leader of opposition party killed in tragic accident. A spy drone fell on him” Why not just share our take (allow them limited tasking) just to ensure they play by the rules?
Pentagon Swears It Won’t Sell Killer Drones to Afghanistan, Just Spy Ones
Yesterday, when Afghan president Hamid Karzai boasted that the U.S. was about to give him his own fleet of drones, you may have been tempted to see the mercurial leader with his hand on the joystick of an armed Predator. Please disabuse yourself of that notion. The Pentagon confirmed on Tuesday that it’s in talks to sell the Afghans drones. But the drones will be tiny, low-flying, and unarmed.

(Related) See “tragic accident,” above...
Senator Asks CIA Nominee When Drones Can Kill Americans
… Sen. Ron Wyden (D-Ore.) sent a letter on Monday to John Brennan, the White House’s counterterrorism adviser and nominee to be head of the CIA, asking for an outline of the legal and practical rules that underpin the U.S. government’s targeted killing of American citizens suspected of working with al-Qaida. The Obama administration has repeatedly resisted disclosing any such information about its so-called “disposition matrix” targeting terrorists, especially where it concerns possible American targets. Brennan reportedly oversees that matrix from his White House perch, and would be responsible for its execution at CIA director.


Interesting ruling!
"Reuters reports that a Manhattan District Judge has ruled that AFP and the Washington Post infringed a photographer's copyright by re-using photos he posted on his Twitter account. The judge rejected AFP's claim that a Twitter post was equivalent to making the images available for anyone to use (drawing a distinction between allowing users to re-tweet within the social network and the commercial use of content). The judge also ruled against the photographer's request that he be compensated for each person that viewed the photos, ruling instead that damages would be granted once per infringing image only. This last point might have interesting implications in file-sharing cases — can it set a precedent against massive judgments against peer-to-peer file-sharers?" [I'm betting no Bob]


Hooray! Right?
How California’s Online Education Pilot Will End College As We Know It
Today, the largest university system in the world, the California State University system, announced a pilot for $150 lower-division online courses at one of its campuses — a move that spells the end of higher education as we know it.
[Note: at the end of this article, I offer a timeline for how this all comes crumbling down]

(Related) Is it already too late?
Non-Profit Innovation: How Minerva Plans To Make Its Affordable, Next-Gen University A Reality
The Minerva Project burst onto the scene last year with an ambitious goal: To create the next elite American university, online, and, in so doing, help rethink the role of higher education in the Digital Era. Not only that, but the startup wants to establish rigorous, Ivy League-caliber standards, admitting only the best and the brightest, with a faculty to match, while offering tuition that’s “substantially less than half” the price of today’s elite universities, according to founder Ben Nelson.


I have several tons of old negatives. Perhaps there is a faster way to do this?
Odds are many people out there have old developed film from the old days of 35 mm photography lying around. If you ever wished that you could take those old photos from physical film and transfer them to digital, you will want to check out the Lomography Smartphone Film Scanner. The scanner works with a smartphone and an app that allows you to make digital versions with ease.

Tuesday, January 15, 2013

Not a true breach, but still a breach.
The issue of privacy breaches involving improper sharing of PHI with researchers has mushroomed for the B.C. Health Ministry:
The personal-health data of more than five million British Columbians has been accessed without proper authorization, and in the most serious cases, the provincial government says it will notify more than 38,000 individuals of the breaches by letter.
Health Minister Margaret MacDiarmid made the announcement as part of an ongoing investigation into research-grant practices between ministry employees and researchers at the universities of B.C. and Victoria.
Read more on Globe and Mail. Note that these are not data security breaches and there’s no indication of additional disclosure or other use, but the data never should have been shared, it seems.

(Related) Perhaps this is a good thing? Try to get it right before forcing everyone to adopt e-Records?
"Back in 2005, RAND Corporation published an analysis suggesting that hospitals and other health-care facilities could save more than $81 billion a year by adopting electronic health records. While e-records have earned a ton of buzz, the reality hasn't quite worked out: seven years later, RAND's new study suggests that health care providers have largely failed to upgrade their respective IT systems in a way that allows them to take full advantage of e-records. Meanwhile, the health care system in the United States continues to waste hundreds of billions of dollars a year, by some estimates. 'The failure of health information technology to quickly deliver on its promise is not caused by its lack of potential, but rather because of the shortcomings in the design of the IT systems that are currently in place,' Dr. Art Kellerman, senior author of the RAND study, wrote in a Jan. 7 statement. Slow pace of adoption, he added, has further delayed the productivity gains from e-records."


So, does this clear things up?
US DOJ did not entrap Megaupload, the agency says
The U.S. Department of Justice did not mislead a court and attempt to entrap file storage site Megaupload on copyright infringement charges, the agency said in a new filing in the case.
… Megaupload lawyer Ira Rothken pointed to a portion of the June 2010 search warrant targeting Carpathia Hosting, Megaupload's hosting provider. U.S. Immigration and Customs Enforcement (ICE) asked a judge to seal the search warrant affidavit because disclosure could "provide an opportunity to destroy evidence [and] change patterns of behavior."
The search warrant also asked Carpathia and Megaupload to assist in the copyright infringement investigation.
"The government cannot, on one hand, tell a U.S. court under penalty of perjury in seeking the cooperation of Megaupload in a search warrant they wanted to prevent evidence destruction of alleged infringing content files, and then, on the other hand, complain to a different court under penalty of perjury that Megaupload is a criminal for not destroying such files," Rothken said in an email.


Perspective A good product/service wins customers. An insulting/stupid ToS change costs customers.
"Instagram scared off a lot of users back in December when it decided to update its original Terms of Service for 2013. But even though the company reneged on its new terms after a week of solid backlash, Instagram users are still fleeing the photo-sharing app in droves. According to new app traffic data, Instagram has lost roughly half of all its active users in the month since proposing to change its original Privacy Policy and Terms of Service. In mid-December, Instagram boasted about 16.3 million daily active users; as of Jan. 14, Instagram only has about 7.6 million daily users."
Towards the end of December data showing a 25% drop in Instagram's daily active users came out. While it caused quite a bit of discussion online, it was suggested that the decline was due to the Christmas holiday or an inaccuracy in the data.


Yet another study I need to replicate (at least the “and now we drink the beer” part) Where can I get a grant? My statistics students will be happy to see that some studies are fun (and tasty!)
January 14, 2013
Estimating the Price Elasticity of Beer: Meta-Analysis of Data with Heterogeneity, Dependence, and Publication Bias
Via SSRN: Estimating the Price Elasticity of Beer: Meta-Analysis of Data with Heterogeneity, Dependence, and Publication Bias, Jon P. Nelson, Pennsylvania State University - College of the Liberal Arts - Department of Economics, January 14, 2013
  • "Precise estimates of price elasticities are important for alcohol tax policy. Using meta-analysis, this paper corrects average beer elasticities for heterogeneity, dependence, and publication selection bias. A sample of 191 estimates is obtained from 114 primary studies. Simple and weighted means are reported. Dependence is addressed by restricting the number of estimates per study, author-restricted samples, and author-specific variables. Publication bias is addressed using a funnel graph, trim-and-fill, and Egger’s intercept model. Heterogeneity and selection bias are examined jointly in meta-regressions containing moderator variables for econometric methodology, primary data, and precision of estimates. Results for fixed- and random-effects regressions are reported. Country-specific effects and sample time period are unimportant, but several methodology variables help explain the dispersion of estimates. In models that correct for selection bias and heterogeneity, the average beer price elasticity is about -0.20, which is less elastic than values used in alcohol tax policy simulations."


For my Website class...
Monday, January 14, 2013
A Beginner's Guide to HTML & CSS
One of last week's most popular posts was about Crunchzilla's Code Monster that students can use to learn Javascript programming. And I've previously featured some other good resources that students can use to learn to code on their own. Today, I found another resource to add to list.
A Beginner's Guide to HTML & CSS is a nice resource developed by Shay Howe whose resume reveals that he works on the user interface for Groupon among other projects. There are currently ten text-based lessons for beginners. Once you've mastered the beginner lessons you can try your hand at the advanced lessons. Three advanced lessons are currently available and seven more are slated for publication between now and March 4, 2013. And according to this Tweet from Shay Howe, a print version of these lessons may be available in the future. [See next post Bob]


Now this is interesting. Since this is Blog Post #2401, I could have a pretty big book. But what would I do with it other than annoy my students? But it could also work for other blogs. [See pervious post ]
Monday, January 14, 2013
Turn Your Blog Into an eBook With Ebook Glue
Ebook Glue is a neat service that I discovered on Lifehacker this evening. Ebook Glue allows you to create an ebook from your blog posts. To use the service just enter your blog's RSS Feed or your blog's URL if you don't know the address of your feed and Ebook Glue will turn your posts into an ePub and Mobi files for you to download, read, and distribute.
I gave Ebook Glue a try with my new iPad Apps for School blog's feed and it did exactly what it advertises. I was able to type in my blog's URL, select ePub, and then download an ePub of the blog entries. Then to read the ePub on my iPad I just uploaded it to my Box.com account and opened it on my iPad.

Monday, January 14, 2013

There is a range of intelligence gathering techniques from “open source” to “real James Bond stuff.” Does any of it cross the line into an “act of war” or could I start using my Ethical Hacking class for “Fun & Profit?”
Cybersleuths Uncover 5-Year-Old Spy Operation Targeting Governments
An advanced and well-orchestrated computer spy operation that targeted diplomats, governments and research institutions for at least five years has been uncovered by security researchers in Russia.
The highly targeted campaign, which focuses primarily on victims in Eastern Europe and Central Asia based on existing data, is still live, harvesting documents and data from computers, smartphones and removable storage devices, such as USB sticks, according to Kaspersky Lab, the Moscow-based antivirus firm that uncovered the campaign. Kaspersky has dubbed the operation “Red October.”
… Kaspersky calls the victims “high profile,” but declined to identify them other than to note that they’re government agencies and embassies, institutions involved in nuclear and energy research and companies in the oil and gas and aerospace industries.
… The attackers, believed to be native Russian-speakers, have set up an extensive and complex infrastructure consisting of a chain of at least 60 command-and-control servers that Kaspersky says rivals the massive infrastructure used by the nation-state hackers behind the Flame malware that Kaspersky discovered last year.


The data is free, but now you have to actually use it.
January 13, 2013
EU - Digital Agenda: Turning government data into gold
News release: "The Commission has launched an Open Data Strategy for Europe, which is expected to deliver a €40 billion boost to the EU's economy each year. Europe’s public administrations are sitting on a goldmine of unrealised economic potential: the large volumes of information collected by numerous public authorities and services. Member States such as the United Kingdom and France are already demonstrating this value. The strategy to lift performance EU-wide is three-fold: firstly the Commission will lead by example, opening its vaults of information to the public for free through a new data portal. Secondly, a level playing field for open data across the EU will be established. Finally, these new measures are backed by the €100 million which will be granted in 2011-2013 to fund research into improved data-handling technologies. These actions position the EU as the global leader in the re-use of public sector information. They will boost the thriving industry that turns raw data into the material that hundreds of millions of ICT users depend on, for example smart phone apps, such as maps, real-time traffic and weather information, price comparison tools and more. Other leading beneficiaries will include journalists and academics."


Perspective. The first question you should ask yourself when buying a computer is, “What am I going to do with it?” Then if you are cheap like me, “What's the cheapest device that will do all that?”
PC Shipments Down 5 Pct In Q4 Pointing To Structural Market Shift: Report
Global PC shipments fell nearly 5 percent in the final three months of 2012, indicating likely structural changes to the market rather than weak demand, Gartner Inc. said.
Analysts at Gartner said the PC industry's problems point to something beyond a weak economy.
Mikako Kitagawa, principal analyst at Gartner said the availability of compelling low-cost tablets caused PC users to shift consumption to tablets rather than replacing older PCs.


Perspective
January 13, 2013
Wayback Machine: Now with 240,000,000,000 URLs
Internet Archives Blog: "Today we updated the Wayback Machine with much more data and some code improvements. Now we cover from late 1996 to December 9, 2012 so you can surf the web as it was up until a month ago. Also, we have gone from having 150,000,000,000 URLs to having 240,000,000,000 URLs, a total of about 5 petabytes of data. (Want a humorous description of a petabyte? start at 28:55) This database is queried over 1,000 times a second by over 500,000 people a day helping make archive.org the 250th most popular website."


I've got a backlog of these to try...
… If you are looking for a web application that you don’t need to install to use, check out the highly user friendly app called Apowersoft Online Screen Recorder.
… You start by visiting the app’s website; you can then click on its initiation button and wait for it to load up. While the first loading time might be slow, subsequent loading times will be significantly lower.
With the app loaded up, its interface can be used to specify what kind of a screencast you want to record – a recording of a particular region, the entire screen, a recording of your webcam, or just a recording around the area of your mouse.
Optionally you can add audio in your video recording. This can be immensely useful if you are making the screencast with the intention of explaining what you are doing.
The output video format of your screencasts is WMV and the app can begin sharing your screencasts online immediately.