Saturday, July 13, 2013

Lots of information I'm not posting. At first read, it seems that the data from LabMD was given to Homelan Security and stolen from them, but maybe not... Interesting, if confusing, case.
Adam Greenberg reports on two cases where businesses have challenged the FTC’s authority in data security cases. Although Wyndham’s challenge has been discussed in detail on (see these posts), I haven’t really described the LabMD case until now.
In the LabMD case, the Atlanta Business Chronicle reported last year:

Another case my Computer Security and Forensics students can learn from. Could you call up records documenting the status of software on a card reader you sold in 2006?
Cotton Patch Cafe‘s lawsuit against Micros goes to trial in U.S. District Court in Baltimore on Monday. I had posted some of the background on this case back in July 2011, here. The restaurant sued Micros after it was hacked and customers’ credit card information was stolen. Now Gary Haber reports:
The lawsuit alleges that Micros Systems failed to meet credit card industry standards because its system did not have adequate security to prevent hackers from breaking in and stealing customers’ credit card data. The lawsuit alleges unknown third-parties accessed the system in 2006 and 2007 and stole customers’ credit card numbers.
“The system was not compliant at the time they sold it to us,” Larry Marshall, Cotton Patch Cafe’s president, said in an interview.
Louise Casamento, a Micros Systems spokeswoman, called the allegations in the lawsuit “frivolous.”
Cotton Patch’s lawsuit alleged negligence, gross negligence, negligent misrepresentation, fraud by nondisclosure, and violations of the Texas Deceptive Trade Practices Act. I’ve uploaded a copy of their second amended complaint and Micros’s response to it.
Micros moved for summary judgement, and the court granted their motion in part, striking the negligence and gross negligence counts. The three remaining counts will be litigated. Judge Marvin J. Garbis’s Memorandum and Order provides background on the case and allegations and refers to forensic findings. Since most of the court filings are under seal, this document may be helpful if you are trying to get up to speed on this case and what some of the forensic investigations revealed – or didn’t reveal.

For my weekly amusement...
The Chronicle reports that not a single student at Colorado State University-Global Campus has signed up for MOOC-for-credit. (Students there can purportedly pay $89 for a proctored exam, “compared with the $1,050 that Colorado State charges for a comparable three-credit course.”) The deluge of students wanting to acquire cheaper credits – is “not happening as quickly as we had hoped,” says Chari Leader Kelley, vice president of LearningCounts.
The New York Times reports that schools that are considering allowing employees to carry concealed weapons are facing higher insurance rates, with some insurance providers threatening to drop coverage altogether. “More than 30 state legislatures introduced bills that permit staff members to carry guns in public or private schools this year, according to the National Conference of State Legislatures.” [Not sure I see the logic here... Bob]
Versal launched its online learning platform this week, one it describes as “an open publishing platform for anyone to create interactive online courses - no coding required.” It’s also launched a foundation to support educators and non-profits with grants ($1,000 to $25,000) to create “forever-free,” openly-licensed courses. “Versal’s killer app is something it calls the ‘gadget’ tool,” reports ReadWrite, which wins for the headline-of-the-week: “Online Learning Is Broken, And Versal Wants To Fix It.” (I thought online learning was going to fix broken brick-and-mortar education, but it’s hard to keep everything straight.)

Friday, July 12, 2013

Another (relatively) trivial breach that illustrates some common perceptions. The fact that the files were found in Vietnam is of little concern. Sure the “owners” of the files had bad security if the FBI could locate the data, but with 4.25 million people in Harris County and 7 Billion elsewhere on the globe, the odds were it was taken by someone outside of the county.
Brian Collister reports that the personal information of approximately 16,000 former and current Harris County employees was found in two electronic files in Vietnam. The information included names, Social Security numbers, and dates of birth. One of the files was from 2005 and another was from 2007, both before the county changed its system to minimize use of SSN.
The county learned of the breach when the FBI notified them of the discovery.
Not surprisingly at this point, the county does not know how the breach occurred, but has sent a letter to those affected.

Oh the horror, the horror! A $60+ Billion company fined a mere $1.7 Million (0.028% of revenue) is like me being fined $20. Hardly rises to the level of “Irritating” Perhaps if the law (or the Board of Directors) required the fine to be paid from executive bonuses we might get their attention?
From HHS:
The managed care company WellPoint Inc. has agreed to pay the U.S. Department of Health and Human Services (HHS) $1.7 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.
This case sends an important message to HIPAA-covered entities [“See what you can get away with!” Bob] to take caution when implementing changes to their information systems, especially when those changes involve updates to Web-based applications or portals that are used to provide access to consumers’ health data using the Internet.
… OCR’s investigation indicated that WellPoint did not implement appropriate administrative and technical safeguards as required under the HIPAA Security Rule.
The investigation indicated WellPoint did not:
  • adequately implement policies and procedures for authorizing access to the on-line application database
  • perform an appropriate technical evaluation in response to a software upgrade to its information systems
  • have technical safeguards in place to verify the person or entity seeking access to electronic protected health information maintained in its application database.
As a result, beginning on Oct. 23, 2009, until Mar. 7, 2010, the investigation indicated that WellPoint impermissibly disclosed the ePHI of 612,402 individuals by allowing access to the ePHI of such individuals maintained in the application database.
Imagine what the penalty would have been if HHS had also taken Wellpoint’s previous and long-running exposure breach into account? That situation, which was reported on in 2008, was extremely similar, if not actually identical, to this one.

Now what? It's illegal in France, but apparently not important enough to have the police do this. Lawsuits? A sudden increase in fatal “accidents?”
The Local reports:
Twitter has handed over data to French authorities to help identify [The person owning the account is not necessairily the author of the Tweets. Bob] the authors of anti-Semitic tweets following a complaint from a Jewish students’ group, AFP reported on Friday.
Twitter said in a statement that it had given information to judicial authorities “enabling the identification of some authors” of anti-Semitic tweets..
A French court in January ordered the company to provide the data after the complaint from France’s Union of Jewish Students (UEJF).
Read more on The Local (FR)

What I've been saying, only smarter...
The NSA's Surveillance Is Unconstitutional
Due largely to unauthorized leaks, we now know that the National Security Agency has seized from private companies voluminous data on the phone and Internet usage of all U.S. citizens. We've also learned that the United States Foreign Intelligence Surveillance Court has approved the constitutionality of these seizures in secret proceedings in which only the government appears, and in opinions kept secret even from the private companies from whom the data are seized.
If this weren't disturbing enough, the Consumer Financial Protection Bureau, created by the 2010 Dodd-Frank financial reform, is compiling a massive database of citizens' personal information—including monthly credit-card, mortgage, car and other payments—ostensibly to protect consumers from abuses by financial institutions.
All of this dangerously violates the most fundamental principles of our republican form of government.
… As other legal scholars, most notably Yale law professor Akhil Reed Amar, have pointed out, when the Fourth Amendment was ratified in 1791 as part of the Bill of Rights, government agents were liable for damages in civil tort actions for trespass.
… With the NSA's surveillance program, the Foreign Intelligence Surveillance Court has apparently secretly approved the blanket seizure of data on every American so this "metadata" can later provide the probable cause for a particular search. Such indiscriminate data seizures are the epitome of "unreasonable," akin to the "general warrants" issued by the Crown to authorize searches of Colonial Americans.
… The secrecy of these programs makes it impossible to hold elected officials and appointed bureaucrats accountable.

Been there. Done that. Got the T-shirt.
Bruce Schneier’s blog points us to a recent article by Penica Cortez and David Hay. Here’s the Abstract:
This paper reports an exploratory study of privacy breaches in the U.S. from 2005-2011 to explore potential benefits of data privacy auditing. Privacy auditing is a mechanism to help organisations to be vigilant in protecting information privacy, and to avoid penalties or damage to reputation and losing customer trust. Recently, privacy audits have been imposed on several high-profile organizations, but little is known about the benefits of privacy audits. We examined whether companies with privacy disclosures in their audited financial statements (as a proxy for privacy audits) were more or less likely to incur subsequent privacy breaches, and whether companies incurring breaches were more or less likely to make privacy disclosures. The results show that there are empirical regularities consistent with the privacy disclosures in the audited financial statements having some effect. Companies disclosing privacy risks are less likely to incur a breach of privacy related to unintentional disclosure of privacy information; while companies suffering a breach of privacy related to credit cards are more likely to disclose privacy risks afterwards. Disclosure after a breach is negatively related to privacy breaches related to hacking, and disclosure before a breach is positively related to breaches concerning insider trading. These results may be related to the risk of privacy breaches. Privacy disclosure in the regulatory risks section of a 10K report is associated with a larger number of records affected by a breach of privacy. We also examined the extent of damages arising from privacy breaches, but there are not enough observations to draw a conclusion.
You can download the full article from SSRN.

An article for my students and my lawyer friends (is the NSA reading your correspondence with your clients?)
… I’d like to offer a few easy ways that you can encrypt your webmail to at least try and maintain some semblance of email privacy in a world filled with snoops and spies.

Not sure if my students will like this, but I find things like “Fantasy SCOTUS” amusing and JD Supra “obvious in retrospect.” Let's hope the like the technology that enables the law firm Robot, Robot & Hwang LLP.
Fastcase 50 for 2013
“2013 was the Year of Reinvention, with innovators gathering at several national conferences pushing the boundaries of the business of law, using software, algorithms, and new pricing models for lawyers as a way to better provide legal services to the middle class. New companies challenged our assumptions about legal research, and established challengers hit their stride as much larger enterprises. Bar associations and law professors sought to change some of the most traditional legal organizations serving law students and lawyers. The Fastcase 50 classes of 2011 and 2012 were an inspiration. This year, you submitted a record number of nominations, and we are pleased to honor the Fastcase 50 Class of 2013.”

For my fellow teachers (and my students)
Share My Screen Pro is a handy cost-effective software solution that lets you share your screen with anyone online via browser. It is aimed at people who work remotely and located in different geographical locations. Using it you can run meetings and presentations over the Internet from single user presentations up to 300 viewer webinars. It is easy to set up and run and doesn’t require the viewer to download any software. Your viewers can access your screen via Windows PCs and devices running Android and iOS platforms.
Related tools – ScreenView, ScreenLeap.

Another potentially useful tool (you can't have too many)
Quickly record a video of what you’re doing on your computer, or take a precise screenshot. Free app oCam makes this process easy for Windows users, and is completely free.

I post a lot of free (and I hope useful) tools, but this one really grabbed my attention. If you have an eReader, watch the demo video and be amazed...
Calibre is a free and open source e-book library management application developed by users of e-books for users of e-books.

Thursday, July 11, 2013

Interesting. Does this shut down any customer lawsuits? Why else would they even comment?
E. B. Solomont reports:
Schnuck Markets Inc. did not violate Missouri law regarding data security, an investigation into a widespread data breach at Schnucks by Missouri Attorney General Chris Koster’s office has concluded.
The St. Louis-based grocery chain “was itself a victim of criminal wrongdoing,”Nanci Gonder, press secretary for the attorney general, told the Business Journal. “After reviewing the records and speaking with forensic investigators, we did not find that Schnuck Markets violated Missouri laws regarding data security,” she said.

I think Colorado Technical University should offer this one a scholarship! (Note that large companies are not the only ones to re-assess their security after an incident.)
Toddler buys 1962 Austin Healey on eBay
PORTLAND, Ore. (KOIN) — Sorella Stoute bought a 1962 Austin Healey Sprite on eBay last month. She’s a toddler.
The 14-month-old opened the eBay app on her dad’s smartphone last month and bought the car for $225 — without his knowledge.
Her dad, Paul Stoute, didn’t know about it until he got a congratulatory email from eBay.
… “I’m just glad she didn’t buy the $38,000 Porsche I was looking at,” he said.
Since Sorella bought the car, though, he activated the facial recognition technology and has a new PIN code, just in case she ever gets the shopping bug again.

Interesting, because they are trained to use tools like LinkedIn, so I doubt they were unaware.
Mike Masnick writes:
So, over the weekend, the Washington Post revealed some of the code names for various NSA surveillance programs, including NUCLEON, MARINA and MAINWAY. Chris Soghoian has pointed out that a quick LinkedIn search for profiles of people in Maryland with codenames like MARINA and NUCLEON happen to turn up profiles like this one which appear to reveal more codenames:
TRAFFICTHIEF, eh? WEBCANDID? Hmm… Apparently, NSA employees don’t realize that information they post online can be revealed.
So… will DOJ prosecute these people for leaks? Will the Army block the military from reading LinkedIn?
No, I don’t think either should happen but if the government really wants to keep some information from the public forum, they’re not doing a great job, are they?
But more to the point: how many members of Congress even know what these programs are or do? How many members of Congress are engaging in actual oversight of these programs?

Does the new CEO hope to gain credibility for the actions of her predecessor?
Brandon Bailey reports:
In a rare legal move, Yahoo is asking a secretive U.S. surveillance court to let the public see its arguments in a 2008 case that played an important role in persuading tech companies to cooperate with a controversial government data-gathering effort.
Releasing those files would demonstrate that Yahoo “objected strenuously” to government demands for customers’ information and would also help the public understand how surveillance programs are approved under federal law, the company argued in a filing with the Foreign Intelligence Surveillance Court this week.
Read more on Mercury News.
You can read the court filing here.

Useful. Learn what laws you are breaking! If you aggregate the laws of all 100 countries, could you still operate a business?
Dave Banisar has updated his global map on data protection laws:
Approximately 100 countries and independent jurisdictions and territories around the world have adopted comprehensive [??? Bob] data protection/privacy laws to protect personal data held by both governments and private companies. This map shows which jurisdictions have adopted laws or have pending initiatives to adopt one.
You can download the map from SSRN.

Just in time for my Linear Algebra students
Paperkit is a free to use website that lets you download graph templates which you can print out. There are various properties of the grid that the website lets you modify. To get started using the site’s tools, you do not need to create any new accounts – you simply visit the website and start tweaking the various graph properties.

For all my students. Looks like the grab the RSS feed. (At least, it works like an RSS reader but in your browser!)
Most people who frequently use the Internet have a bunch of websites bookmarked to get news and updates. But visiting these websites individually and checking out their new posts can be quite time consuming.
Skimr is a free to use web service that helps you quickly browse the latest updates on your favorite websites. This is accomplished by letting you view your favorite websites in a list view where you click on a site and subsequently read the corresponding updates. When you first the site’s home page, you will find a list containing a few websites on which you will find the latest technology-related news on the Internet.
You can edit this list by creating an account on the website and adding any website that you want; you can add the websites through their URL or through their RSS feed.
Similar: Skimzee [Similar, but works with Twitter Bob]

(Related) founders to use your browser history to conquer the Web founders Felix Miller and Martin Stiksel think they have the solution to the overabundance of the Web and the ever-flowing rivers on social media feeds.
The two European entrepreneurs, who created a music service that recommends music based on your listening history, have decided to apply their technology to the entire Internet.
… The pair launched a new product on Thursday, a Web discovery tool called Lumi. In the spirit of, which Miller and Stiksel sold to CBS in 2007 for $280 million (CBS also owns CNET), Lumi is a site that relies on a user's browser history to determine what they should see or read on the Internet.
Users must install the Lumi browser extension and allow the tool to collect their browsing history. It's available on Chrome, Firefox or Safari. Lumi starts processing your information once you install it and spits out results in about 20 seconds. (Two-thirds of Stiksel's results are music-related, of course.)
… When they started testing Lumi in December, 10,000 users signed up for its trial run. Those testers were most concerned with privacy, Miller said. If you browse in incognito mode, which hides your browsing history, Lumi can't see where you have surfed. Otherwise, your movement on the Internet is fair game.

Wednesday, July 10, 2013

If not, what would they have to be doing to violate the constitution? (and why don't US news organizations ask these questions any more?)
Alison Frankel writes:
The more we find out about the mostly secret inner workings of the U.S. Foreign Intelligence Surveillance Court, the more questions we should all have about the intersection of national security and Fourth Amendment restrictions on unreasonable searches by government authorities. Based on recent comments by U.S. Supreme Court Justices Elena Kagan and Stephen Breyer, the court is primed for an inevitable constitutional review of the National Security Agency’s program of gathering phone and Internet data from foreign suspects and U.S. citizens alike under provisions of the Patriot Act and the Foreign Intelligence Surveillance Act. That debate will surely center on the Fourth Amendment, but a lesser-known argument that has popped up in some cases challenging FISA wiretaps raises different constitutional objections to the NSA’s widespread data collection. And just as it was in California’s ban on gay marriage, Article III of the Constitution could be the linchpin of any Supreme Court decision on the legality of the NSA program.
Read more on Reuters.

(Related) “We gotta do something?”
If you didn’t watch the Privacy and Civil Liberties Oversight Board (PCLOB) workshop yesterday, there will be a transcript of it. Some of the most interesting comments came from a now-retired FISC judge who seemed stunned at the direction the court has taken since his retirement. Dan Roberts reports:
James Robertson, who retired from the District of Columbia circuit in 2010, was one of a select group of judges who presided over the so-called Fisa courts, set up under the Foreign Intelligence Surveillance Act, which are intended to provide legal oversight and protect against unnecessary privacy intrusions.
But he says he was shocked to hear of recent changes to allow more sweeping authorisations of programmes such as the gathering of US phone records, and called for a reform of the system to allow counter-arguments to be heard.
Speaking as a witness during the first public hearings into the Snowden revelations, Judge Robertson said that without an adversarial debate the courts should not be expected to create a secret body of law that authorised such broad surveillance programmes.
Read more on The Guardian. Not reported in Roberts’ story were statements made by Greg Nojeim of CDT, who in a soft-spoken voice, politely told the PCLOB members that Section 215 of the PATRIOT Act should just flat-out be repealed. The board, however, did not seem particularly interested in any such sweeping recommendations but seemed more receptive to ideas about introducing an adversarial component into the FISC process and learning more about the difficulties in determining whether someone is a US person or not, or where they are located for Section 702 purposes.

Monica Ermert writes:
Judges of the Grand Chamber of the European Court of Justice in Luxembourg on 9 July 2013 adamantly asked for proof of the necessity and efficiency of the EU Data Retention Directive.
While the representatives of the EU member states, the Council, the Commission and the Parliament had to acknowledge a lack of statistical evidence, they still demanded the Court to reject the complaints from Digital Rights Ireland, the working group AK Data Retention Austria (who were joined by over 11,000 citizens in their legal action) and individual complainant Michael Seitlinger, an Austrian IT expert.
Read more on Internet Policy Review. (via @TJMcIntyre)
@DaraghObrien also points us to this earlier piece by Glyn Moody that provides more background on the case.

“We looked. We couldn't figure it out either.”
CRS – NSA Surveillance Leaks: Background and Issues for Congress
NSA Surveillance Leaks: Background and Issues for Congress. Marshall Curtis Erwin, Analyst in Intelligence and National Security; Edward C. Liu, Legislative Attorney. July 2, 2013
“Recent attention concerning National Security Agency (NSA) surveillance pertains to unauthorized disclosures of two different intelligence collection programs. Since these programs were publicly disclosed over the course of two days in June, there has been confusion about what information is being collected and what authorities the NSA is acting under. This report clarifies the differences between the two programs and identifies potential issues [Not so much Bob] that may help Members of Congress assess legislative proposals pertaining to NSA surveillance authorities. One program collects in bulk the phone record —specifically the number that was dialed from, the number that was dialed to, and the date and duration of the call—of customers of Verizon Wireless and possibly other U.S. telephone service providers. It does not collect the content of the calls or the identity of callers… The other program collects the electronic communications, including content, of foreign targets overseas whose communications flow through American networks. The Director of National Intelligence has acknowledged that data are collected pursuant to Section 702 of FISA. As described, the program may not intentionally target any person known at the time of acquisition to be located in the United States, [So should we add 'location' to the data collected? Bob] which is prohibited by Section 702. Beyond that, the scope of the intelligence collection, the type of information collected and companies involved, and the way in which it is collected remain unclear.”

Hello. What rock have you been sleeping under?
A research letter in JAMA is getting some attention in the news:
New research has raised alarm about threats to privacy posed by patients searching for health-related information on the internet.
Marco Huesch, a researcher at the University of Southern California, Los Angeles, searched for “depression,” “herpes” and “cancer” on various health-related websites and observed that the data was being tracked.
“Confidentiality is threatened by the leakage of information to third parties” through trackers on the websites themselves or on consumers’ computers, he wrote in the Journal of the American Medical Association.
Read more on Sydney Morning Herald.
You can find Huesch’s research letter here (subscription required).

This could be wild...
Apple found guilty of e-books price fixing
In a quick decision, the Southern District of New York has ruled that Apple violated antitrust laws in government's e-book price-fixing case against the computing giant, according to the judge's decision Wednesday.
"This Court finds by a preponderance of the evidence that Apple conspired to restrain trade," Judge Denise Cote said in a 160-page opinion.

An Infographic for my TL;DR students...
Tech-savvy burglars use publicly-obtainable information e.g. Foursquare check-ins, location-based Facebook updates, and metadata from shared images to locate potential victims. To illustrate the risk of over-sharing on social media, Distinctive Doors designed this infograph explaining how they do it, and what you can do to protect yourself.

Here is a little warning – if you are not too careful with what you post on your social media accounts, it may come back one day to haunt you. This is especially true with companies checking their applicants’ social networking pages for background checks. SimpleWash, formerly known as Facewash, is a web app that can help you ensure that your online public presence is clean and free from incriminating content. It can scan your Facebook and Twitter timelines for content that you probably want to hide from potential employers or family members.
Similar Tools: and ArchivedBook.

Free stats for my students.
Now Free – Vital Statistics on Congress
“That essential Congressional reference book, American Enterprise Institute/Brookings’ Vital Statistics on Congress is now free and online – as downloadable Excel & PDF files.” [via Jennifer Manning]

For my Math students.
I continue to be amazed by Wolfram Alpha and the way it crunches numbers around openly available data. The result – it shows us the world in a far more inter-connected and interesting way. You can put Wolfram Alpha to use every day using the simplest method possible i.e. with a natural language query.
… Before you set off having fun here, here’s Ryan’s crash course on how to set up search queries on Wolfram Alpha and lay your hands on all the power behind it.
… Get the Statistics for Every NFL Team, Game, and Player from the Past 25 Years
… Check Your Hand of Poker
Solve Word Puzzles

For all my students
Many good-willed organizations out there release educational material for free, and some of it is actually very interesting and entertaining. The real question is, what is the best way to view this content?
Well, if you’re fine sitting at a computer, we have 5 websites that will expand your mind and 3 websites to get a University level education for free. With an iOS device, you can even get an official Khan Academy app. But what is a poor ol’ Android user to do? Read on to find out.
This relatively new app, released in March of this year by Mobispectra Technologies, is fantastic. If you want to organize all your educational videos in one place, Grace is the app to do it. Seriously, go download it right now.
… this one allows you to download videos to your Android device for offline viewing. Grace can’t do that.
… If you read a book that they have a study guide for, go through and read the study guide when you’re done. You’ll learn so much about the book. You can even go through the Harry Potter study guides if you’re a big enough nerd. Get the Android app here.

How the Computer Science, IT, and Math faculty shares knowledge
… Here’s a guide that will talk you through all the finer points of online meetings, including scheduling, writing agendas, video conferencing tools, minute-taking, brainstorming, and more.

Tuesday, July 09, 2013

I'm shocked, shocked I tell you!
McAfee: S. Korea major cyberattack part of 4-year spy op
The cyberattacks against South Korean banks and news agencies which took place in March were part of a long-term, domestic covert operation called "Operation Troy", which was aimed at stealing sensitive military and government data, McAfee said.
The cyberattacks in South Korea on March 20, 2013 which reportedly affected 30,000 computers has since been dubbed "Dark Seoul".
While it remains unclear if the attacks were state-sponsored, the security vendor said in a report released Monday, the operation which had been going on since 2009, were conducted by two separate hacker groups--New Romanic Cyber Army Team and the Whois Hacking Team.
The attackers gang had infected PCs with a malware, the 3Rat Trojan, which automatically sought out documents of interest by scanning computers for military keywords in English and Korean, the report noted. Once the malware identified documents of interest, it encrypted those files and delivered them to the hackers' servers.
… In March this year, a cyberattack launched against local Internet service provider, LG Uplus, resulted in server outages at three domestic broadcasters YTN, MBC, and KBS, as well as the Shinhan Bank and NongHyup Bank.

We are becoming a nation of wimps.
The NFL has banned fanny packs from stadiums
… Last month a story made the rounds about how the NFL was banning large bags such as backpacks and purses from their stadiums. W e all moaned, but chalked it up to an increased need for safety in the 21st century, even if some of the items prohibited, like seat cushions, seemed a bit over the top.
… In reviewing a story about how the Indianapolis Colts are shipping season ticket holders bags that are pre-approved for stadium entry, however, something caught our eye. And that was included in the NFL’s list of banned items, along with backpacks and purses and seat cushions, was something we could scarcely believe: the fanny pack.

If you are politically active (particularly for the other party) we're gonna out ya!”
From their web site:
Public.Resource.Org has discovered that the Internal Revenue Service has posted the Social Security Numbers of tens of thousands of Americans on government web sites. The database in question contains the filings of Section 527 political organizations such as campaign committees. This Section 527 database is an essential tool used by journalists, watchdog groups, congressional staffers, and citizens. While the public posting of this database serves a vital public purpose (and this database must be restored as quickly as possible), the failure to remove individual Social Security Numbers is an extraordinarily reckless act.
On July 2, Public.Resource.Org discovered this systematic violation of Americans’ privacy and notified the U.S. Treasury Inspector General for Tax Administration. We documented our findings in an audit document, copies of which were furnished to I.R.S. officials and senior White House officials. On July 3, the administration removed this database from public view.
Public.Resource.Org uncovered this serious violation of federal law in the course of an unrelated audit which was sparked when, on June 18, the I.R.S. notified Public.Resource.Org that it had sent out an improperly-vetted shipment of data on DVD for the January release of the Form 990-T, the Exempt Organization Business Income Tax Return. Because the I.R.S. had publicly released that data in February, and had not notified recipients of the bulk data subscription of this privacy breach for several months, Public.Resource.Org conducted a systematic examination of the breach and how it was handled and delivered that audit to the Inspector General on July 1, 2013.

You conspire with people you meet? Perhaps not everone you meet is a conspirator?
Marissa Vahlsing writes:
After more than eight months of silence, U.S. District Court Judge Lewis Kaplan recently issued a long-awaited decision on the enforceability of a subpoena served by Chevron on Microsoft in connection with Chevron’s lawsuit claiming that it has been the victim of a conspiracy in the $18.2 billion judgment against it for massive environmental contamination in Ecuador. But Kaplan’s decision begs more questions than it answers.
The sweeping subpoena was one of three issued to Google, Yahoo! and Microsoft, demanding IP usage records and identity information for the holders of more than 100 email accounts, including environmental activists, journalists and attorneys. Chevron’s subpoena sought personal information about every account holder and the IP addresses associated with every login to each account over a nine-year period.
[From the article:
This could allow Chevron to determine the countries, states, cities or even buildings where the account-holders were checking their email so as to “infer the movements of the users over the relevant period and might permit Chevron to makes inferences about some of the user’s professional and personal

This might be fun until they shut them down...
App lets you stream TV channels to your Android phone or tablet
The US TV & Radio Free app might seem a little too good to be true. It streams unlimited live TV to your Android device, and it doesn't cost a penny.
The app offers an extensive list of channels: AMC, Bravo, Cartoon Network, Discovery Channel, Food Network, FX, MTV, NBC, Nickelodeon, Syfy, TBS, TNT, and lots more. Even more surprising: a few premium channels, including HBO, Showtime, and Starz.
According to the description shown within the app, it's an aggregator of freely available content:

Another way to drive my students crazy?
First Person: Laura Nissinen ‘I read the news in Latin’
… Nuntii Latini is a weekly overview in Latin of the international news – or conspectus rerum internationalium hebdomadalis as we say. It’s broadcast by YLE, the Finnish Broadcasting Company.

For all my bookie friends who claim they like “real books” rather than eBooks... You know who you are.
Sure, free public libraries are always a valid option, but library space is always going to be limited. With the advent of the ebook, there are even ebook libraries that you can utilize free of charge. But, again, library selection is always inherently limited. Plus, there’s something to be said for buying and owning your own books – a joy that libraries cannot provide.
CheapRiver It’s a site that specializes in finding the cheapest pricings of books across all of Amazon’s different regional sites. Even though you’re American, you may find your desired book for a cheaper price in the UK store. Or vice versa. A big factor, of course, is international exchange rates – and CheapRiver takes advantage of those to find you the best prices.
BookFinder BookFinder is a search engine owned by AbeBooks that flips through all major online book retailer shops and reports the best prices and best selections.
AddALL I like the AddALL search engine because it can search ebooks, print books, used books, magazines, as well as music and movies. You can set the shipping destination and AddALL will calculate both shipping rate and sales tax into your search, which ends up providing really accurate results and comparisons.
Thrift Books Thrift Books is a used book online retailer that operates out of the US and provides free shipping to all of the US

(Related) A more general tool for “power shoppers”
This article details how to get RSS feeds for Etsy, Craigslist, Amazon and eBay.

Monday, July 08, 2013

Are we seeing a trend? Vendors being held accountable for failure to adequately (Best Practice level) secure a client's system?
Robert McGarvey reports that a credit union’s lawsuit against Fiserv has been resurrected by a Tennessee court:
The Court of Appeals in Tennessee, in a ruling filed July 3, ruled that a lower court erred when it dismissed a suit filed by Copper Basin Federal Credit Union and CUMIS against Fiserv Inc., wherein the plaintiffs alleged that Fiserv’s negligence allowed a data breach to occur on the Copper Basin FCU computers.
Wrote the court: “Plaintiffs alleged in their complaint that Defendant negligently performed professional services concerning the provision and maintenance of web defense software and that Defendant breached its contractual duty to protect the computer system of Copper Basin Federal Credit Union from computer incursion. For the reasons stated herein, we hold that the complaint alleges sufficient facts to allow the case to proceed, and, therefore, dismissal was in error.”
Read more on Credit Union Times.
In this case, the plaintiffs claim that Fiserv – as part of web defense services it offered them apart from its master contract – failed to activate the anti-virus software Fiserv required the credit union to use. Although the credit union duly paid for the update, they claim that only Fiserv had the login to the account. After the credit union was hacked and more than $500,000 stolen from an account, an employee discovered that Fiserv had failed to activate the software for more than 60 days.

I suppose if you wanted to deflect inquires into the UK surveillance programs...
UK Parliament to launch in-depth inquiry into US surveillance programmes
News release: “Parliament’s Civil Liberties Committee will conduct an “in-depth inquiry” into the US surveillance programmes, including the bugging of EU premises and other spying allegations, and present its results by the end of this year, says a resolution passed by the full House on Thursday. Parliament’s President and political group leaders formally confirmed the launch of the inquiry. MEPs also call for more protection for whistleblowers. In the resolution, approved by 483 votes to 98 with 65 abstentions, MEPs express serious concern over PRISM and other surveillance programmes, strongly condemn spying on EU representations and call on the US authorities to provide them with full information on these allegations without further delay. Parliament also expresses grave concern about allegations that similar surveillance programmes are run by several EU member states, such as the UK, Sweden, The Netherlands, Germany and Poland. It urges them to examine whether those programmes are compatible with EU law.”

Useful for legal research?
Library of Congress – A New Look for Legal Blawg Archive
by Sabrina I. Pacifici on July 6, 2013
“For more than six years, the Law Library of Congress has been collecting images of select legal blogs on a monthly basis. The Legal Blawg Archive was created so that the legal events detailed and analyzed in the blogs of today can be studied for years to come. Now this archive is available in an updated user interface making the collection more attractive and engaging. This updated interface is part of a larger Library of Congress update, explained by Abbie Grotke in her June 21 entry on the Library’s The Signal: Digital Preservation blog, to the Library’s various web archive collections.”

Federal Laws Relating to Cybersecurity: Overview and Discussion of Proposed Revisions
CRS – Federal Laws Relating to Cybersecurity: Overview and Discussion of Proposed Revisions – Eric A. Fischer, Senior Specialist in Science and Technology. June 20, 2013.
“For more than a decade, various experts have expressed increasing concerns about cybersecurity, in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised. The complex federal role in cybersecurity involves both securing federal systems and assisting in protecting nonfederal systems. Under current law, all federal agencies have cybersecurity responsibilities relating to their own systems, and many have sector-specific responsibilities for critical infrastructure. More than 50 statutes address various aspects of cybersecurity either directly or indirectly, but there is no overarching framework legislation in place. While revisions to most of those laws have been proposed over the past few years, no major cybersecurity legislation has been enacted since 2002. Recent legislative proposals, including many bills introduced in recent Congresses, have focused largely on issues in 10 broad areas (see “Selected Issues Addressed in Proposed Legislation” for an overview of how current legislative proposals would address issues in several of those areas): national strategy and the role of government; reform of the Federal Information Security Management Act (FISMA); protection of critical infrastructure (including the electricity grid and the chemical industry); information sharing and cross-sector coordination; breaches resulting in theft or exposure of personal data such as financial information; cybercrime; privacy in the context of electronic commerce; international efforts; research and development, and the cybersecurity workforce.”

I'm not sure all of my students have a reading speed, but this can't hurt...
… Not only does a fast reading speed benefit book lovers but it also helps students prepare for exams quicker. Here to help you develop and polish your skills of speed reading is a useful website called I Read Faster.
I Read Faster is a free to use web service that helps its users develop, maintain, and polish their speed reading abilities.

Grab them while they're free!
Top iOS apps and games go free ahead of App Store's fifth anniversary
A host of highly regarded apps for iPhone and iPad have gone free today in what could be a major celebration to mark five years since Apple launched the App Store. So far, games such as Infinity Blade II, Superbrothers: Sword and Sworcery EP, Where's My Water?, Badland and Tiny Wings (iPhone / iPad) are all on offer for nothing, alongside apps such as Traktor DJ (iPhone / iPad), Day One, Over, and Barefoot World Atlas.
None of these apps have ever been free on the App Store before, and many have commanded relatively high prices until now. In the case of Traktor DJ for iPad, the app normally sells for $19.99, and comes recommended by The Verge's Nilay Patel and Trent Wolbe.

Sunday, July 07, 2013

The kerfuffle kontinues!

David Ingram reports:
The Obama administration on Friday urged a secret U.S. court that oversees surveillance programs to reject a request by a civil liberties group to see court opinions used to underpin a massive phone records database.
Justice Department lawyers said in papers filed in the U.S. Foreign Intelligence Surveillance Court that the court’s opinions are a unique exception to the wide access the public typically has to court records in the United States.
If the public had a right to any opinion from the surveillance court, the possible harms would be “real and significant, and, quite frankly, beyond debate,” the lawyers wrote, [Can there be such a thing in a Republic? Bob] citing earlier rulings from the court.
The American Civil Liberties Union had asked the court last month to release some of its opinions after Britain’s Guardian newspaper revealed a massive U.S. government database of daily telephone call data, prompting a worldwide debate about the program’s legality.
Read more on Reuters.

(Related) Is “vague” intended to keep the court from asking you to disclose your source?
Orin Kerr writes:
In the New York Times, Eric Lichtblau has a major scoop describing some of the secret rulings of the Foreign Intelligence Surveillance Court, aka the FISC (and sometimes just called “the FISA court”). According to Lichtblau’s sources, described as “current and former officials familiar with the court’s classified decisions,” the FISA court has issued over a dozen significant rulings. Some of the rulings are “nearly 100 pages long.” Although Lichtblau purports to summarize the rulings, I find his descriptions a frustrating read. Maybe it’s just me, but I find Lichtblau’s writing to be sufficiently vague that his distillation of the opinions leaves me with more questions than answers. In this post, I want to go through what Lichtblau says about the Fourth Amendment rulings of the FISA court and why his descriptions leave me confused. I’ll try to get to the statutory issues in a future post.
Read more on The Volokh Conspiracy.

John Naughton nails it:
Over the past two weeks, I have lost count of the number of officials and government ministers who, when challenged about internet surveillance by GCHQ and the NSA, try to reassure their citizens by saying that the spooks are “only” collecting metadata, not “content”. Only two conclusions are possible from this: either the relevant spokespersons are unbelievably dumb or they are displaying a breathtaking contempt for their citizenry.
Read more on The Guardian.

...because you can never have too many tools.
Adapter is a free versatile media converter for PC & Mac that lets you convert files from one format to another and supports virtually all popular audio, video and image file formats. It is totally free
Related tools – OnlineConvert, FreeFileConverter.

Meeting tools are conspiracy tools” Bug Brother is a web-based tool that lets you easily set up a meeting online with a group of people – friends, partners, colleagues etc. It makes it easy to collaborate with others in real time and is accessible from any device (smartphone, PC, tablet). You simply go to their website, select a channel name URL ( and sign up for an account. Then you invite others (by email or SMS) to your channel by sharing your channel name URL.
Once you start a meeting on your channel, you can then share you computer screen, share files from your computer or from popular online services (Dropbox, Google Drive, Evernote and others), message your guests or share your webcam. You can remove any guest from your channel at your will.
Additionally, for those who don’t have access to the Internet, there is an option for them to access your channel using a phone by dialing a number with a pass code, which are provided to you (the host) in your email upon registration.
Related tools – MeetingKing, MeetWithMe.

There aer many bits and pieces like this one out there. Perhaps enough to assemble my “Are you ready for college computing?” test.
Free Digital Citizenship Lesson Plans for Middle School Students
The beginning of the school year is a great time to conduct lessons on digital citizenship and digital literacy. The knowledge and skills gained in those early lessons can serve students throughout the school year. Google has a good set of lesson plans on digital citizenship and digital literacy that middle school teachers should take a look at. The lesson plans are divided into three sections; becoming a digital sleuth, managing digital footprints, and identifying online tricks and scams.
These digital citizenship lessons are part of Google's Good to Know site. Good to Know is an excellent site on which you can find good and clear explanations of web basics.