Saturday, August 17, 2013

For my Ethical Hackers. This is one of those hacks where we want to know exactly what happened and how to avoid it in the future. Some tips: Cut the Internet connection. Remove the “open all doors” feature. Log all commands entered.
Prison Computer ‘Glitch’ Blamed for Opening Cell Doors in Maximum-Security Wing
Florida prison officials say a computer “glitch” may be to blame for opening all of the doors at a maximum security wing simultaneously, setting prisoners free and allowing gang members to pursue a rival with weapons.
But a surveillance video released this week (see above) suggests that the doors may have been opened intentionally — either by a staff member or remotely by someone else inside or outside the prison who triggered a “group release” button in the computerized system. The video raises the possibility that some prisoners knew in advance that the doors were going to open.
It’s the second time in two months that all of the doors in the wing opened at once, officials say, raising questions about whether the first incident was a trial-run to see how long it would take guards to respond.
… Miami-Dade Corrections Director Tim Ryan acknowledged to the Herald that the circumstances around the door-release were “suspicious,” and said officials were investigating whether any staff members were responsible for opening the doors or if a problem lay with the computerized system that controls the doors. The latter system is reportedly part of a $1.4 million security upgrade installed at the prison by a company in Alabama named Black Creek Integrated Systems.
The control panel for the system generally features a group-release button that allows guards in minimum-security facilities to release inmates simultaneously for a head count, the Herald reports. But it’s generally not used in maximum-security settings, since inmates are kept one-to-a-cell and aren’t allowed to interact with one another in common areas.
… But the correctional facility in Florida isn’t the only one to experience a problem with its electronic doors. Last April, just a month before the first Florida incident occurred, a correctional facility in Maryland had a similar problem when the locks on 500 cell doors disengaged simultaneously at around 12:20 a.m. on a Saturday morning.
A computer malfunction was also blamed for this failure. Officials at the Montgomery County Correctional Facility where it occurred said no inmates tried to escape, but about 20 police cars were called in to secure the perimeter of the facility during the hour it took to fix the glitch and secure the doors. Three days later, however, the locks on the cell doors disengaged again.

Just because the RIAA has kittens whenever they hear the word, does not mean BitTorrent is always used for evil. The sync tool is probably the most interesting way to use it.
File Syncing With BitTorrent Sync
BitTorrent, Inc. — the company behind BitTorrent — recently released BitTorrent Sync. BitTorrent Sync works differently from standard BitTorrent clients. it’s entirely private — you install the client, choose one or more folders to share, and then link it up with other computers. Files anyone places in their copy of the shared folder are all automatically synced with all other copies of the shared folders.
In this way, BitTorrent Sync is a lot like Dropbox. Unlike Dropbox, it doesn’t store your files in a centralized server online — it just syncs them between computers you own or computers your friends own. This means that it offers easy file sharing over the Internet and, unlike Dropbox, you can sync an unlimited number of files as long as you have the space on your computers for them.
… It’s a great way to roll your own Dropbox-like service and share files across the Internet without trusting them to a central server or being limited by the size of your cloud storage account.

Well, we're not number one, but this does suggest places where I can find out how they teach my subjects... University of Colorado at Boulder was number 33 on their list.
2013 Academic Ranking of World Universities
ARWU 2013 Press Release: ”The 2013 Academic Ranking of World Universities (ARWU) is released today by the Center for World-Class Universities at Shanghai Jiao Tong University. Starting from a decade ago, ARWU has been presenting the world Top 500 universities annually based on transparent methodology and reliable data. It has been recognized as the precursor of global university rankings and the most trustworthy one.”

For my students.
10 Free Online Courses For Technology Novices

For my students. See what others think, collaborate on your own projects.
– is a web-platform for visualizing and sharing networks of thought – and opening reasoning and action to collaborative learning and iterative improvement. DebateGraph is already being used in over 100 countries and helping people reason and learn together more effectively in many different fields. DebateGraph is free to use, and there’s no limit to the number of people who can collaborate.

Something amusing every week...
Louisiana is boosting the funding for its new Course Choice program, which allows high school students to receive credits for classes taken from a variety of vendors, including for-profit companies. 4000 students have signed up so far.
South Korea is moving forward with its plans to use digital textbooks throughout the country. According to the Yonhap News Agency, the education minister says that “social studies and science textbooks are being developed for third- and fourth-year students of elementary schools and first- or second-year middle school students.”
India has launched a national repository for open educational resources.
… The Department of Education has approved a competency-based degree program at the for-profit Capella University, reports The Chronicle of Higher Education. ...award degrees based on demonstrated competencies rather than credit hours. [This could be important in the “Age of MOOCs” Bob]
Pearson says that it released the wrong grades for 4000 students in Virginia. Ooops.
… Students at Chelsea High School in New York had to retake their Regents Exam as McGraw-Hill lost the original copies of the tests. They “fell off a back of a truck." Ooops.
… According to Amazon’s Textbook Rental Terms and Conditions, students who rent textbooks via its subsidiary Warehouse Deals cannot cross state borders with their books, or they face being charged the full purchase price for the book. More on this silliness via Inside Higher Ed.
Khan Academy has introduced “Learning Dashboards,” which developer Ben Kamens calls the “biggest change to Khan Academy yet.” The dashboard tracks student progress and makes recommendations about what videos/exercises to work through next.
Edublogs’ Sue Waters has released the annual “State of Educational Blogging” report, which contains loads of interesting information about the numbers and the uses of blogging in and out of the classroom.

Friday, August 16, 2013

Sometimes, it's what they don't say that speaks loudest. Would you not assume the worst, absent anything to the contrary? The employee was fired but not arrested. Was that because the data was not valuable in the DA's eyes? If they haven't recovered the drive, shouldn't they say, “no indication of misuse SO FAR?”
Alex Belser of KTEN reports that a computer drive containing medical records of nearly 3,000 patients was stolen from the North Texas Comprehensive Spine and Pain Center in Sherman, Texas. The law firm representing the center says that there’s no indication of any misuse of the data, but the stolen external hard drive contained patients’ names, Social Security numbers, dates of birth, addresses, and diagnoses.
The theft was reported to police back in June and the employee responsible for the theft was reportedly fired. The report does not indicate whether the drive was ever recovered.
There does not seem to be any substitute notice on the center’s web site at the time of this posting and they do not seem to have offered affected patients any free credit monitoring services even though they are advising them to check their bank statements and credit reports. sent the center an email inquiry as to whether the drive had been recovered and whether the data had been encrypted but the center did not reply by the time of this publication.

(Related) ...and local! Another “assume the worst?”
Anica Padilla of 7News reports that Janna Benkelman, a licensed professional counselor who has offices in Denver and Parker, Colorado, sent a breach notification to 7News after a laptop with unencrypted patient information was stolen from her office. Ms Padilla didn’t report when the theft occurred, whether it affected patients at both offices or just the Denver office, and what types of information were on the laptop. Nor did she reproduce the letter they were sent, so there’s no real information in The Denver Channel story other than the data weren’t encrypted and patients will be offered free credit monitoring. At this time, there’s no copy of the notification on Ms. Benkelman’s web site.

Surprise! Of course, if you don't like it you can try to find another insurance company...
If their insurer gets their way, the beleaguered Schnuck Markets will find itself without help from its insurance carrier in paying litigation costs and other data breach-related costs.
Liberty Mutual Insurance Company has informed Schnuck Markets that it is not responsible to cover costs of the eight lawsuits that were filed in the wake of a breach that impacted 2.4 million payment cards. Nor, it claims, is it responsible for other costs Schnuck incurred from banks and a payment services company.
This is not the first time we’ve seen an insurer claim that a general liability policy does not cover data breaches, and it can serve as a useful reminder of understanding your insurance coverage. has the details on this dispute.

Encryption is cheap and fast.
Google now encrypts cloud storage by default
Google's Cloud Storage service now automatically encrypts all its customer data for free, the company said Thursday.
The encryption has "no visible performance impact," Google Cloud Storage's product manager, Dave Barth, wrote in a blog post.
… New files added to Cloud Storage will be encrypted as they're uploaded and before they're saved to a drive. Older files will be migrated "in the coming months," Barth said. This is part of Google's emphasis on "forward secrecy," which many Internet companies have yet to adopt.

Context please. Is that 90% of the “surveillance events” NSA conducted or one in a million? Their definition of “query incident” seems to suggest these are “self reported.” Did they look for any others?
NSA violated privacy rules thousands of times, audit finds
The National Security Agency exceeded its legal authority and broke agency rules thousands of times since it was granted broader powers in 2008, according to an internal agency audit obtained by The Washington Post.
… The audit, dated May 2012, uncovered 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications, the Post reported.

What will happen when the government takes over?
David Lazarus reports on a rewards program that made me shudder when I read this story:
Since February, CVS Caremark has been pushing its pharmacists to enroll customers in a prescription-drug rewards program.
The benefit to customers is the opportunity to earn up to $50 a year in store credits that can be used to buy shampoo, toothpaste or other products.
The benefit to CVS is persuading pharmacy customers, through questionable means, to give up federal privacy safeguards for their medical information and permitting the company to share people’s drug purchases with others.
Read more on Los Angeles Times.

Isn't this a two edged sword? “We found this in the recycle bin. That's proof he was trying to conceal it!”
Kirsten Thompson writes:
Anyone who has watched Law and Order knows that the police, both here and in the U.S., do not need a warrant to rifle through someone’s curbside recycling bin. This is because that person has abandoned their privacy interest in the contents of the bin. Does the same hold true for items in someone’s computer desktop recycling bin?
Apparently not, according to the B.C. Court of Appeal in R. v. McNeice, 2013 BCCA 98. While putting something by the curb in the real world indicates an abandonment of a privacy interest, the B.C. Court of Appeal has held that doing the same thing in the virtual world is (emphasis added) “consistent with an intent to conceal, and thus to maintain a privacy interest”.

Undue reliance. The computer is never wrong and in any case, we gave up the ability to fix anything.
The Greatest British Work of Literature, Blocked at the Greatest British Library
Two Mondays ago, British author Mark Forsyth sat in the British Library, researching for his new book, and needed to check a quote in Hamlet. He knew that MIT had, on its website, the Bard's complete works, so he googled "Hamlet MIT," clicked on the first result, and, in his words...
A message came up from the British Library telling me that access to site was blocked due to "violent content".
Now, Hamlet is a violent play. I see that. When the curtain comes down here's a lot of bodies on the boards. But...
I tried it again. It told me that my attempts to access this violent content were being logged.
A Monday of tragicomic Shakespearean proportions ensues. He tells the story -- of unsympathetic librarians, of unhelpful IT specialists – in his blog post about the matter. "I asked them if they were surprised that Hamlet was now banned in the British Library," he writes of the library staff. "They shrugged." They were also, he says, unable to immediately unblock it for him, because they had outsourced the part of their filtering system responsible for the limitation.

How to read a Privacy Policy. (Who does this in your organization?)
… In this series of posts we’re going to take a closer look at some of the most popular VPN services. We will break down their privacy polices and see if they are really focused on protecting your personal data.

For my Computer Security students. Protect yourself from PDFs bearing gifts.
Via, the NSA/CSS published “Recommendations for Configuring Adobe Acrobat Reader XI in a Windows Environment.” You might want to check out the recommendations for your own use.

“This has been going on for years, give us a week or two and we'll fix evderything.”
Michelle Richardson of the ACLU has compiled a very helpful list of legislation proposed since the NSA leaks started in June:
Currently there are 19 bills pending in Congress with more expected to be introduced. The legislation can be broken down into four broad categories: 1) substantive reforms to the laws the NSA believes allow it to conduct its surveillance programs, 2) disclosure of the FISA Court opinions that determined the programs were legal, 3) general reporting of the number and types of surveillance orders received by recipients and how many users affected, and 4) reforms to the FISA Court.
See her chart that summarizes the key feature of each proposed law on ACLU.

For my website students.
– is a Google product which allows you to input a website URL and then for you to receive a score on how fast that website loaded on the desktop and on a mobile. You can then receive detailed instructions on how to increase that loading score with suggestions such as enabling compression, optimizing images, and leveraging browser caching.

For my 'power shopper' students. (Doesn't this look like one of those supermarket tabloid headlines? “Loose 200 pounds of ugly fat – divorce your husband!”)

Dilbert: Who knew Wally was a typical student?

Thursday, August 15, 2013

I doubt any country is completely unaware that spying is an ongoing fact. More likely, this is an attempt to calm their citezens who otherwise will be asking, “do you do that to us?”
Brazil warned US Secretary of State John Kerry on Tuesday that failure to resolve the row over Washington’s electronic spying could sow mistrust between the two countries, AFP reports.
Brazil was outraged by media reports of widespread US phone and Internet eavesdropping based on information leaked by fugitive intelligence contractor Edward Snowden.
Read more on Tengri News.

(Related) Don't mention it in public. Send lower ranking 'officials' out to deny it. All of that works just fine until the cat is let out of the bag.
Jennifer Stisa Granick and Christopher Jon Sprigman write:
It seems that every day brings a new revelation about the scope of the NSA’s heretofore secret warrantless mass surveillance programs. And as we learn more, the picture becomes increasingly alarming. Last week we discovered that the NSA shares information with a division of the Drug Enforcement Agency called the Special Operations Division (SOD). The DEA uses the information in drug investigations. But it also gives NSA data out to other agencies – in particular, the Internal Revenue Service, which, as you might imagine, is always looking for information on tax cheats.
The Obama Administration repeatedly has assured us that the NSA does not collect the private information of ordinary Americans. Those statements simply are not true.
Read more on Forbes.

Amusing. Try the mindmap!
An Educated Guess About How the NSA Is Structured

Just because the President is watched like a hawk does not mean he understands the concerns of us “second class” citizens.
Anita Kumar and Jonathan S. Landay report:
In pledging to make changes that could curtail the federal government’s ability to spy on Americans, President Barack Obama failed to address calls by lawmakers and experts to overhaul a law that allows the National Security Agency to search vast databases of individual Americans’ emails without court warrants.
Read more on McClatchy.
I’m sure that was just an oversight on his part. I mean, how many surveillance programs can we expect him to keep in mind at any one time, right?

I'm surprised they know what Privacy is...
Where Teens Seek Online Privacy Advice
Many teens ages 12-17 report that they usually figure out how to manage content sharing and privacy settings on their own.
… At the same time, though, a nationally representative survey of teen internet users shows that, at some point, 70% of them have sought advice from someone else about how to manage their privacy online. When they do seek outside help, teens most often turn to friends, parents or other close family members.

Can a mere MD be expected to understand HIPAA (HIA) and contract law?
Kevin Vink rerports:
A local physician reported the loss of control over more than 1,500 patient records when she was unable to retrieve them upon leaving the Didsbury Medical Clinic to start a clinic of her own, according to officials.
Following an investigation by the Information and Privacy Commissioner (OIPC) of Alberta, Rachel Hayward, portfolio officer for the OIPC, wrote in her investigation report — H2013-IR-01 – that Dr. Dianne Smith did not follow the Health Information Act (HIA), because she did not have a direct contract with the Electronic Medical Record (EMR) provider for the clinic, as outlined in the HIA.
“When custodians do not directly sign agreements with their EMR vendors, they may find themselves in the unfortunate position of not being able to exercise control over health information they need to provide health services,” stated Hayward.
Read more on Carstairs Courier. This really is a teachable moment, and I appreciate the OPIC’s decision to publish it so that others may learn from it.

Do they offer regional franchises? (In Denver this year!)
Aereo CEO: Service will turn a profit before turning in 1M subscribers
Aereo Chief Executive Chet Kanojia is keeping the lid tight on how many people have joined his service to stream local TV broadcasts over the Internet, but he doesn't need millions of them to turn a profit.
Kanojia said that Aereo would have a fabulous business at 1 million registered users and an "extremely fabulous" business at 5 million. But it would be profitable with hundreds of thousands of subscribers, he said, speaking to a group of local entrepreneurs in New York.
… The company, which is backed by IAC Chairman Barry Diller, uses antenna/DVR technology to let consumers can watch live, local over-the-air television broadcasts. It's a capability that has provoked the ire of from broadcasts giants including CBS, ABC, Fox, NBC Universal, and Telemundo, which are suing Aereo for violating copyrights and skirting retransmission fees. (Disclosure: CBS is the parent of CNET.) Aereo says its practice is legally legit, since each user has their own dedicated antenna.
… In January it said it would move to 22 total cities across the U.S. over the course of this year. It now operates in New York, Boston, and Atlanta, with Chicago, Salt Lake City, Dallas, Houston, and Miami on the way.

Online searches hit 19.4 billion in the U.S. in July
According to new data released Wednesday by digital analytics company ComScore, people in the U.S. conducted 19.4 billion explicit core searches in the month of July. That's up from 19.2 billion in June and 16.3 billion last September.
Of all of the top search engines, Google remains the king. In July, 67 percent of users' core searches were on Google, which is 0.3 percent higher than June. This equals nearly 13 million searches.
Trailing behind were Microsoft, which got 17.9 percent of the search market with no change from June, and Yahoo, which came in third with 11.3 percent of the market and down 0.1 percent from June.
… The searches counted in this data are from home and work computers, not mobile devices.

Gartner – Smartphone Sales Grew 46.5 Percent in Second Quarter of 2013
News release: “Worldwide mobile phone sales to end users totaled 435 million units in the second quarter of 2013, an increase of 3.6 percent from the same period last year, according to Gartner, Inc. Worldwide smartphone sales to end users reached 225 million units, up 46.5 percent from the second quarter of 2012. Sales of feature phones to end users totaled 210 million units and declined 21 percent year-over-year. “Smartphones accounted for 51.8 percent of mobile phone sales in the second quarter of 2013, resulting in smartphone sales surpassing feature phone sales for the first time,” said Anshul Gupta, principal research analyst at Gartner. Asia/Pacific, Latin America and Eastern Europe exhibited the highest smartphone growth rates of 74.1 percent, 55.7 percent and 31.6 percent respectively, as smartphone sales grew in all regions. Samsung maintained the No. 1 position in the global smartphone market, as its share of smartphone sales reached 31.7 percent, up from 29.7 percent in the second quarter of 2012 . Apple’s smartphone sales reached 32 million units in the second quarter of 2013, up 10.2 percent from a year ago.”

My wife is sold and she hasn't even seen this article yet. I guess it beats milk cartons...
Finding Rover app tracks lost dogs using facial recognition
John Polimeno … is touring the country on a bus promoting Finding Rover, a new smartphone app he's created.
… Polimeno started calling the major players in facial-recognition technology and finally found a willing partner in the Software Development Center at the University of Utah. He funded the research while the center cracked the nut of facial recognition for our furry four-legged friends.
… Watch the video to see exactly how the app works and the clever built-in photo feature that helps you capture your pup's best side.
Finding Rover recently hit the Apple App Store and is free to download. Android and Web versions will be available in a few months, so you can use the technology even if you don't own a smartphone.
… Finding Kitty is in the works.

Better tools make my job easier. The school added some 52 inch TVs to replace the projectors, but they block part of the white board and don't allow me to write on them. But then, no one asked us what we wanted...
Microsoft's 'touch screen' for any surface goes on sale
Turning a wall into a touch-screen computer has many uses -- it could help teachers instruct classes or be used by shops to display product information. It could even be used for fun to play interactive active games.
Once just a prototype created by the startup Ubi with a Microsoft Kinect for Windows sensor, this technology is now out of beta and on sale for consumers.
Microsoft announced on Tuesday that Ubi has worked to develop the software with more than 50 organizations and is now accepting orders for purchase.
… To get the system to work, users need a computer running the Ubi software, a projector, and the Kinect for Windows sensor. The Ubi software comes in four different packages ranging from Basic, which costs $149, to Enterprise, which costs $1499. The Kinect for Windows sensor costs $250.

For the graphic design students. Perhaps they'll let me use their 30” Color Printer?
A Guide to the Web's Growing Set of Free Image Collections

For my website students
– is a plugin for live bi-directional (editor?browser) CSS editing. Currently, it works in Google Chrome, Safari and Sublime Text, more browsers and editors will be available later. Instant updates – see changes as-you-type. No file saving, no page reloading. You can open the same page in different windows and get instant updates in all of them.

For all my Math students. (I don't know why they bother with the grade level links, all the formulas are the same)
eGlossary - A Math Glossary for Middle & High School Students
Back when I was struggling through my high school mathematics courses, I always needed a glossary of mathematics terms. I used to tell my teachers that I needed a "mathematics to English" translation. Today, there are quite a few good "mathematics to English" glossaries online for students like me. One such resource is McGraw Hill's eGlossary.
The McGraw Hill Mathematics eGlossary provides written and verbal definitions and explanations of mathematics terms. The glossary is divided by grade level. Select your grade level then the first letter of the term for which you need an explanation. The explanation is offered in text form as well as verbal (click the speaker icon to listen). The eGlossary is also available in other languages including Spanish, Russian, and Chinese.
Applications for Education
McGraw Hill's Mathematics eGlossary could be an excellent resource for students who need additional or alternate explanations of mathematics terms. For mathematics teachers, eGlossary could be worth linking to your classroom website or blog. Glossary could be particularly valuable if you have mathematics students whose first language is not English.

Dilbert points out one of the benefits of a corporate health program...

Wednesday, August 14, 2013

What would have happened if the cards had already been issued?
Oops. Via WBUR, we learn of a breach involving Boston Public Schools.
Here’s the statement from BPS’s web site:
The Boston Public Schools is changing the design of Boston OneCard student ID badges, changing MBTA CharlieCard assignments and is changing library card numbers for students following a vendor’s loss of a flash drive that contained badge sticker images Friday afternoon. The vendor, Northborough-based Plastic Card Systems, is contracted to create OneCard ID badges for the upcoming school year.
None of the information contained on the drive can be used by an unauthorized person to access student records or log-in to any electronic systems. The sticker image data on the drive is limited to student names, school, age, grade, ID number, library card number, CharlieCard number and for about two-thirds of the cards, a photo. The drive did not contain any confidential student contact information, such as a home address, phone number, social security number or birth date.
The drive lost by the vendor contains .pdf images that are used to print 21,054 student ID badges for students across 36 schools
… Plastic Card Systems reported the company could not find the drive after picking it up from BPS on Friday afternoon.

Did the NSA get the idea from Google or did Google get the idea from the NSA? Chicken/egg
Gmail: You weren't really expecting privacy, were you?
I just finished reading Google's motion to dismiss in response to a lawsuit alleging that its e-mail scanning violates California privacy laws. And I'll say this: those Google lawyers are towering writers, indeed. But on to the point: did Google really argue in its rebuttal to the lawsuit that Gmail users do not and never should have an expectation of privacy when they're using Gmail? I mean, they actually just came out and said it like that!?
Well, yes. But if you read the brief, or the Gmail Terms of Service, or even stop and think about what Gmail actually does, that shouldn't come as a surprise, and it's nothing Google hasn't baldly stated before. I'm not saying I like it, but it's definitely not news. It's actually just how Gmail works.
… Google argues, the Electronic Communications Privacy Act specifically permits such indexing and automated scanning by email providers because it's "necessary" for them to continue to deliver you free, Web-based email (that they use as a vector for serving you ads). [Is there a market for an email service that is not free but does not read your mail? Bob]
… Google's brief points out that "[u]nder federal law, the consent of a single party to a communication is complete defense to any liability and so the consent of the Gmail user alone is sufficient to bar a claim."
… Google reads your e-mail, knows what's in your calendar, looks at your photos, and knows who your friends are, and that's just via its in-house services. When you include the breadth of its search, Google knows everything about you that's public information, from your address to all your online profiles to your marital status and much, much more.

Is this really so different?
Olivier Proust writes:
On June 19, 2013, the French Court of Cassation ruled in favour of a company for having dismissed one of its employee’s (M. X) on the grounds that he was involved in unfair competition. M. X’s wrong-doing was based on email exchanges between him and a competitor that were found on his computer’s hard drive and used against him as evidence in court. M. X argued that this evidence was inadmissible because it was unlawfully obtained by the company in violation of his right to privacy and to the secrecy of correspondence. M.X claimed that the emails were private and that the company had made a copy of his computer’s hard drive without informing him and not in his presence.
Read more on Privacy and Information Law Blog. The case provides for an interesting contrast between French and U.S. standards. From my reading of Proust’s commentary, had the employee put “PRIVATE” in the subject line of the emails or stored them in a folder marked “PRIVATE,” the outcome of the case might have been very different.

Does this strike you as creapy?
Bill Chappell reports:
The city of London has ordered a company to cease tracking the cellphones of pedestrians who pass its recycling bins, which also double as kiosks showing video advertisements. The bins logged data about any Wi-Fi-enabled device that passed within range.
The company, called Renew, recently added the tracking technology to about a dozen of the 100 bins it had installed before London hosted the 2012 Summer Olympics.
Read more on WUFT.

'The rest of the world' can see that we are afraid of them.
Here’s another post from yesterday that I should have restored earlier:
Om Malik interviewed PGP creator Phil Zimmerman on the surveillance state. You can read excerpts of his interview on GigaOm. Here’s one of Zimmerman’s comments:
The surveillance landscape is far worse than it has ever been and I feel like everything we do is now observable. All of our transactions and communications are all fused together into total information awareness apparatus. I don’t think any of this can be fixed merely by the application of cryptography. It is going to require some push back in the policy space. We are going to have to have Congress react to this and we need to get the population to react, perhaps through the economic consequences we face of losing a lot of business for American internet companies. Maybe American internet companies can push back because of economic harm that comes with the rest of world turning its back on us.

The pendulum swings. Give it a few hundred years to settle down.
Jason M. Weinstein of Steptoe & Johnson reviews recent litigation trends. His sympathies seem clearly with the businesses and not government regulators or states seeking to protect consumers:
Nearly every day we read about another data breach at yet another major company in the United States. Yet even more disturbing than the increase in data breaches is the rise in efforts by regulators and class-action lawyers to try to blame the victim companies for not doing more to prevent those breaches. Federal regulatory agencies, most notably the Federal Trade Commission, and numerous state attorneys general have targeted victim companies in the wake of cyberattacks.
These same regulators have also aggressively pursued companies for alleged privacy violations based on the companies’ own collection and use of personal data.
Read more on Steptoe & Johnson.
Update: Thompson & Knight have also issued a client alert about the FTC’s “aggressive” stance. Of course, some of us see that as A Good Thing. :)

Not everything, but a simple start...
… The header is a part of the email message that most people never even see. It contains a lot of data that seems like gobbledygook to the average computer user, so as email use became a daily tool in everyone’s life, email clients started to hide this information out of convenience for you. These days, it can even be a bit troublesome to unhide the header, even for those who know it is there.

Record retention is not simple.
Yes, Virginia, if you don’t store it forever, you’ll have less cost protecting it or producing it:
A ruling by the High Court on the issue of dealing with data subject access requests highlights the positives that can be derived by businesses that decide to dispose of personal data records they no longer need, an expert has said.

Is it that we're not teaching research skills or we're accepting a level of research that we could have achieved back in the days of scrolls and quill pens?
New on LLRX – Rebooting Legal Research in a Digital Age
Via LLRX.comRebooting Legal Research in a Digital Age: Steven A. Lastres writes that research has always been core to the practice of law. However, the results of a recent survey Steven has authored identified a “New Normal” in today’s business climate that has a profound effect in the delivery of legal services and impacts how research is conducted.

For my students and other professors.
Fidus Writer
Fidus Writer is an online collaborative editor especially made for academics who need to use citations and/or formulas. The editor focuses on the content rather than the layout, so that with the same text, you can later on publish it in multiple ways: On a website, as a printed book, or as an ebook. In each case, you can choose from a number of layouts that are adequate for the medium of choice.

Current events?
It seems these days as if you’re not getting anywhere unless you have a channel on the automation juggernaut known as IFTTT (If This Then That). In the past, we have highlighted lots of other companies who have allowed us to automate their service using IFTTT (the most recent one being Gmail attachments). But now the newspaper giant The New York Times has jumped right in with both feet with their own IFTTT channel, enabling you to have various stories and features from the NYT sent to you automatically. For those who love to read the news, this one could be heaven-sent.
There are currently 71 “recipes” on IFTTT which involve the NYT in some way, and this includes the following 5 which immediately jumped out at me:
And what is even better is that you don’t need a NYT subscription to take advantage of these recipes. Just stick to your free NYT monthly quota and the recipes will work just fine without having to pay for a subscription.

Simplify, simplify, simplify.
See and Print Pages More Clearly With Evernote Clearly
Evernote Clearly is a free browser extension available for Firefox and for Chrome. Clearly can strips the sidebar content from any webpage that you're viewing. You can send the cleaned-up version directly to your Evernote account for easy reading whenever you open your Evernote account. You can print the cleaned-up article from your Evernote account or directly from your web browser.
Evernote Clearly is an excellent extension for teachers to use before printing articles to distribute to their students to read in class. Stripping the sidebar content not only saves ink and paper it also makes it also creates a distraction-free reading experience for your students. Evernote Clearly can also be used to highlight sections of an article. And if you have students that need webpages read to them, Clearly has a text to speech capability that your students can use.

For my website students
Layout your pages in minutes for beautifully responsive pages on desktops, tablets and smartphones. Add divs to separate the different sections of your page. Add, remove, rename and nest divs with a click of a button until you’re happy with the layout. Resize each div according to how you want it to appear on each device.

For all my students.
New on LLRX – Student Research Resources on the Internet
Via LLRX.comStudent Research Resources on the Internet: Marcus P. Zillman’s new guide is a comprehensive pathfinder that identifies reliable, actionable and high value research resources and sources on the Internet that will provide students with key benchmarks for their studies.

Tuesday, August 13, 2013

Does this offer the potential for new information on the breaches we know about and perhaps a few new ones? When and for how long was Nasdaq penetrated?
Hacker pleads not guilty to stealing 160M credit cards
One of the five men accused of perpetrating the largest hacking scheme ever prosecuted in the U.S., which culminated with the theft of more than 160 million credit card numbers, pleaded not guilty on Monday, according to Reuters.
The charges levied against Dmitriy Smilianets, 29, include conspiracy to commit wire fraud, wire fraud, and unauthorized access to computers. If convicted, he could spend the next 65 years in prison.
Smilianets is originally from Russia but was extradited to the U.S. from the Netherlands last year.
… According to Reuters, Nasdaq was also breached, but this information wasn't released until last month when the feds accused the group of five of carrying out the massive hacking scheme. Prosecutors told Reuters the Nasdaq breach didn't include the stock trading platform and that the hackers weren't able to get any money from this specific breach.
The hacking group's cyberattacks began in 2005 and lasted at least until the summer of 2012, according to federal prosecutors.

For my Ethical Hackers: come up with three more.
Change the Medium of Communication
To paraphrase Marshall McLuhan, the medium is the type of warrant needed. Typically the older the form of communication, the greater the legal protection it has.
… Land-line phone conversations are almost equally protected compared to letter mail, yet your phone records are available to the government as well. Once you step up to voice calls on a cell phone, the laws preventing the government from listening in tend get more lax. Text messaging even more so again. Because these cellular and WiFi communications fly through open air space, courts may find that there isn’t the reasonable expectation of privacy that governments afford land-line conversations.
Check Your Apps
Possibly the easiest way to compromise smartphone communications is to write an app that allows you access to everything on the phone, and then get people to download it.
Encrypt the Communication
… Encryption takes something that is meaningful to the average person and makes it gibberish that can only be made meaningful again through a complex mathematical process.
… By encrypting the data that is already on your phone, as in the article, How To Encrypt Data on Your Smartphone and using the methods in this article, you will have the closest thing to a spy phone that your average citizen can have.

Oh, is that all?
Orin Kerr found the Administration’s white paper on the legal analysis permitting bulk collection under Section 215 “a somewhat frustrating read.”
Read his commentary on The Volokh Conspiracy.

We need to train more “Big Data” analysts...
How Big Data Is Transforming Government
Turning Optimism into Reality: How Big Data Is Transforming Government: “The proliferation of Big Data has forced agencies to consider its great potential to revolutionize federal operations. The White House’s Big Data Initiative has invested $200 million in new research and development projects to use Big Data, and the use of Big Data in various agency activities ranging from performance tracking to budgeting has begun to take hold. As a result, many agencies are trying to train and/or hire a workforce to leverage Big Data, but in the current budget climate, new hires and investing in training courses is proving to be difficult or impossible. In order to evaluate agency efforts to leverage Big Data and provide insight on how agencies can best capitalize on the opportunities provided by Big Data given the current budget climate, the Government Business Council, with sponsorship from Booz Allen Hamilton, undertook a comprehensive research project that surveyed federal managers.”

(Related) It's George Orwell's FOIA?
UK – Freedom of Information – the next generation
By Steve Wood : “The evolution of the Freedom of Information Act (FOIA) will reach a key milestone on 1st September, as the new open data rights come into force. Changes to the law not only give new rights to request data in a form that means it can be re-used, but also give users the right to re-use that data, even commercially. It is a welcome upgrade for FOIA. The strong foundation we have in the current legislation is being enhanced by additional rights. Put simply, the more usable the data, the greater the potential to enhance accountability, transparency and economic growth. The ICO (Independent Commissioner’sOffice) is keen to play its part in the process. We’ve published new guidance on the changes, as well as an at-a-glance list of what public authorities can do to get ready for the changes. We’ve also highlighted a couple of possible pitfalls in providing the information. The changes are all about datasets, something defined in the new legislation. Section 102 of the Protection of Freedoms Act 2012 has amended sections 11 and 19 of the Freedom of Information Act, giving new rights to receive datasets in a form capable of re-use (e.g. CSV). For the first time, the Act now gives users the right to re-use datasets, under the terms of a specified licence – in most cases likely to be the Open Government Licence (OGL). The amendments also require public authorities to publish any requested datasets as part of their publication scheme, if appropriate. It is important to note that the changes do not give new rights of access – they are concerned with format and the ability to re-use datasets, once the public authority has decided that no exemptions or other provisions (e.g. costs, vexatious) in the legislation apply. The new Freedom of Information (Release of Datasets for Re-use) (Fees) Regulations 2013 have also been published today. These new regulations set out how a public authority can charge for making a certain datasets available for re-use – the costs they can recover and a reasonable return on investment.”

I think they are deluding themselves if they truly believe that this protects them from terrorists. I doubt it even inconveniences the bad guys...
Norwegian government stops Apple's aerial mapping of capital
The Norwegian government has denied a request from Apple to do a 3D mapping of the capital city of Oslo because of security concerns, according to news reports Monday.
Apple applied for a license from the government to fly over Oslo and take images, but Norway's National Security Authority rejected the application because the mapping would include military buildings, local newspaper Aftenposten reported (translated by Google Translate).
The publication said the U.S. embassy has actually stepped in to aid Apple, and Oslo's mayor also asked the NSA to reconsider.

'cause biggest doesn't always mean bestest..
43+ Alternatives to YouTube
Excellent educational content can be found on YouTube. However, not every teacher can access YouTube in his or her classroom. That's why a few years ago I compiled a big list of alternatives to YouTube. Over the years some of those sites have shut-down, started charging a fee, or have switched into another market. So this evening I went through and eliminated some sites from the list and added a few new ones. My favorite five alternatives to YouTube are listed below. You can see the complete list here. If you have a suggestion for an alternative to YouTube, please let me know.

Dilbert points out how NSA should have asked for data...

Monday, August 12, 2013

So is this a story about an employee blocking his employer's tracking device or is it about a new multi-million (multi-billion?) dollar system that was just proven vulnerable. Fortunately, terrorists can't read.
Truck driver has GPS jammer, accidentally jams Newark airport
… I understand from my underworld contacts that such a jammer can be obtained for less than $100.
Gary Bojczak may have thought this a sound investment. For, as CBS New York reports, he admitted to investigators that he put one in the truck he drove on behalf of an engineering company called Tilcon.
… However, Bojczak tended to drive by Newark airport in New Jersey. The enterprising souls there were trying out a new system called Smartpath. This, according to its maker Honeywell, lets airports "increase airport capacity, decrease air traffic noise, and reduce weather-related delays."
Sadly, though, it can be jammed by passing trucks that happen to enjoy a GPS jammer.
As the New Jersey Star-Ledger reported, the FCC explained: "The signals emanating from the vehicle were blocking the reception of GPS signals used by the air traffic control system."
So Bojczak was fined $31,875 on Friday. And, yes, he was also fired for his misdirection.
Though the Smartpath system was only being tested at the time Bojczak was intercepted, it has now been installed at Newark.

Only a politician could think this would work. “Let's give each surviving sysadmin 10 times as much classified data (and no pay increase) and hope they don't become disgruntled.”
NSA Director – SysAdmin Cuts of 90% in Progress
(Reuters) – “The National Security Agency, hit by disclosures of classified data by former contractor Edward Snowden, said [August 8, 2013] it intends to eliminate about 90 percent of its system administrators to reduce the number of people with access to secret information.”

For my (Big Data) Data Mining students
Text & Data Mining – A Librarian Overview
Text & Data Mining – A Librarian Overview, Ann Okerson – Senior Advisor, Center for Research Libraries, Chicago IL, USA
“Text and data mining offers exciting research opportunities over a broad range of fields. As large corpora of data accumulate, automated and semi-automated analysis of their contents (and often of many different data sets correlated together) reveals patterns and allows establishment of fact patterns invisible to the naked eye. Libraries and librarians have an exciting opportunity to support this work. This paper reviews some of the possibilities for such work and outlines the challenges and the way ahead for librarians. One challenge lies in the terms by which data sets are licensed and made available to academic and other users; librarians need to be proactive in ensuring that these terms are favorable for the kind of use researchers will need and that the resources themselves are available in a format that allows innovative mining-based research. Another challenge is the need to support users who wish to engage in text and data mining with limited experience, especially when they approach data sets made available through library resources. Librarians should develop the expertise to support their users by making data resources available to them on favorable terms and supporting their mining efforts.”

Just in time for my student's kids to take these back to school...
7 great Android apps for notes and tasks
Google Keep is a bare bones way of organizing notes and lists. As is to be expected, the app ties directly to your Gmail or Drive account. Thanks to the power of the cloud, your notes, tasks, photos, and other items can be accessed from anywhere.
Evernote is likely the first name that comes to mind for many readers, and it's for good reason. First and foremost, the service has moved far beyond a "cloud based note service". Not only are users able to upload notes, tasks, and photos, but Evernote also provides a backbone for other apps. Indeed, the home screen widgets allow for quick adding of items, even by voice. was Holo-themed before before Google made it cool. There are few apps rival this straightforward to-do and task app; both the black and white themes make your checklists pop off your device.
… If you're looking for a slick-looking list keeping service with cross-platform support, Wunderlist is one of the top names today. Available for Android, iOS, Windows, and Mac, this free client makes for a great way to create, manage, and share lists.
… One service that I've enjoyed watching develop over time is Todoist and its eye-catching Android app. Not only is it simple to pick up, it's rich enough to satisfy deeper needs.
Essentially a cloud-based filing system for your to-do lists,
… If you're like me then you've been pining for an official app for Google Tasks for years. Task List is one of those apps that fills the void quite nicely and happens to look like something Google might endorse. It also doesn't hurt that it actually syncs with your Google account.
GTasks eschews the glitz and glamour for straight up task and to-do list management. Like the others in this list, this free app offers reminders, prioritization, due dates, and sorting items by name.