Saturday, September 21, 2013
Sneaky trick #49 Most banks don't have outside “engineers” wandering around working on their computers.
Eight men have been arrested on suspicion of stealing 1.3 million pounds ($2 million) from a Barclays bank branch by tapping into its computers, British police said Friday.
Detective Supt. Terry Wilson said one of the arrested men is the “Mr. Big” of British cybercrime.
Police suspect that in both cases a gang member posed as an engineer and installed devices on the bank’s computers that allowed the suspects, in the Barclays case, to gain information used to siphon money from the bank.
Read more of this story on HuffPost.
[From the article:
Police suspect that in both cases a gang member posed as an engineer and installed a KVM on the bank's computers that allowed the suspects, in the Barclays case, to gain information used to siphon money from the bank.
"That would allow them to log the keystrokes and the actual screen, so you could gather passwords and see how people log into their systems," said Graham Cluley, an independent computer security analyst. "Then you could remotely access the computers as if you were sitting in front of it. Effectively, it's like breaking into the bank in the middle of the night."
Santander hacking plot: How did gang use keyboard video mouse to take control of a bank's computers?
… Expert Chris Pirillo, speaking on YouTube, explained how it worked. "The idea behind KVM is that you can have one set of peripherals, a keyboard, monitor and a mouse, to control many computers.
"An example is that if you have multiple computers in a house and you want to control them with relative ease you can have a KVM switch."
Once installed, the technology would mean that a person keen to steal from a bank, could effectively attempt to transfer cash from its computer systems from the comfort of their own home.
According to police, the gang arrested allegedly used this technology to control of all the computers at the Santander branch in Surrey Quays shopping centre
However, according to the Spanish bank said they were unable to steal any money.
I have to wonder if we've trained some privacy advocates too well.
NSA job post for 'Civil Liberties & Privacy Officer' goes live
… President Obama announced during a press conference in August the plan to create the new position, along with an NSA Web site devoted to greater transparency, which, surprisingly to some, took the form of a Tumblr blog.
Here's the job listing in full
No doubt Section II, Paragraph C, Line 4 says something like “and then a miracle occurs.”
Somini Sengupta of the NYT reports:
Kids. The reckless rants and pictures they post online can often get them in trouble, by compromising their chances of getting into a good college or even landing them in jail. What to do about such lapses vexes parents, school officials, the Internet companies that host their words and images — and the law.
Now California legislators are trying to solve the problem with the first measure in the country to give minors the legal right to scrub away their online indiscretions. The legislation puts the state in the middle of a turbulent debate over how best to protect children and their privacy on the Internet, and whether states should even be trying to tame the Web.
Gov. Jerry Brown has taken no position on the bill. He has until mid-October to sign it, after which, without his signature, the legislation becomes law.
Read more on BendBulletin.com
Update: For those seeking the text of the bill, it’s SB 568
[From the article:
Some supporters of the bill say Internet companies got off easy. The eraser bill does not, for example, require companies to remove the deleted data from its servers altogether, nor does it offer any way to delete material that has been shared by others; a sensational picture that has gone viral, in other words, can’t be purged from the Internet.
Interesting in theory, unlikely in practice.
EFF – Thirteen Principles Against Unchecked Surveillance Launched at United Nations
Privacy Advocates Call Upon UN Member States to End Mass Internet Spying Worldwide: “Geneva – At the 24th Session of the United Nations Human Rights Council on Friday, six major privacy NGOs, including the Electronic Frontier Foundation (EFF), warned nations of the urgent need comply with international human rights law to protect their citizens from the dangers posed by mass digital surveillance. The groups launched the “International Principles on the Application of Human Rights to Communications Surveillance” at a side event on privacy hosted by the governments of Austria, Germany, Hungary, Liechtenstein, Norway, and Switzerland. The text is available in 30 languages at http://necessaryandproportionate.org. The document was the product of a year-long negotiation process between Privacy International, the Electronic Frontier Foundation, Access, Human Rights Watch, Reporters Without Borders, and the Association for Progressive Communications. The document spells out how existing human rights law applies to modern digital surveillance and gives lawmakers and observers a benchmark for measuring states’ surveillance practices against long-established human rights standards. The principles have now been endorsed by over 260 organizations from 77 countries, from Somalia to Sweden. Included in the 13 principles are tenets such as:
Necessity: State surveillance must be limited to that which is necessary to achieve a legitimate aim.
Proportionality: Communications surveillance should be regarded as a highly intrusive act and weighed against the harm that would be caused to the individual’s rights.
Transparency: States must be transparent about the use and scope of communications surveillance.
Public Oversight: States need independent oversight mechanisms.
Integrity of Communications and Systems: Because compromising security for state purposes always compromises security more generally, states must not compel ISPs or hardware and software vendors to include backdoors or other spying capabilities.”
Big Data is not automatically Big Money. If raw data was all you needed, NSA would provide all the money needed to run the government.
Here are four steps your organization can take in order to understand the value of your data, and to plan for potential monetization:
Clarify whether it’s really your data
Understand who would value it, why, and how much
Frame up realistic aspirations for monetization
Test, learn, and tweak
I'm on a two week break between Quarters, so I might try one or two “free online” movies...
– What are you in the mood to watch right now? Movievisor helps you find something to fill your cravings. Give Movievisor the thumbs up or down, and it will customize its recommendations. Suggestions come from Netflix, Amazon Instant and Hulu, with more sources to be added soon. You can see reviews for each movie on the page as well.
First question I ask in each class, “Who reads SiFi?” They will have no problem with new concepts OR will drive me crazy with “What if...” questions.
Why Today's Inventors Need to Read More Science Fiction
… This fall, MIT Media Lab researchers Dan Novy and Sophia Brueckner are teaching "Science Fiction to Science Fabrication," aka "Pulp to Prototype," a course that mines these "fantastic imaginings of the future" for analysis of our very real present. Over email, I asked Novy and Brueckner about the books they'll be teaching, the inventions that found their antecedents in those pages, and why Novy and Brueckner believe it is so important for designers working in the very real world to study the imaginary. An edited transcript of our correspondence follows.
Every week a new laugh...
… EdX launched a new program, “the XSeries,” that will offer certificates for students who complete a sequence of classes offered on its MOOC platform. The program starts with two series: Foundations of Computer Science and Supply Chain and Logistics Management. These new certificates will require an ID verification program, newly launched from edX too. More details on the courses and the fees in Inside Higher Ed.
… All of the courses that make up the first year of Wharton’s MBA program are now available online via Coursera.
Friday, September 20, 2013
Interesting case of the pot calling the kettle black? Has Zuckerberg (Facebook) matured? Is this a ploy to make their privacy violations look like the work of an evil secret government agency?
Mark Zuckerberg's Advice to the NSA: Communicate
(Related) What Mr. Communication did to his customers.
The App Store will be packed with updates today as developers roll out new designs and features to take advantage of Apple's new iOS 7. Facebook is no exception, but alongside the expected visual tweaking and trimming, the company is introducing a radically simplified navigation paradigm. Other developers sweat bullets when they make a big change like this, but Facebook isn't. It believes users will like the update because it's already tested it — with 8 million unsuspecting people.
Perspective We suspected some confusion as to “cause and effect,” perhaps now it's time for a little “re-think?”
… Since last year Ofcom has surveyed the download habits of tens of thousands of Brits. The latest data wave shows that between March and May of this year about 9% of the people in the UK pirated music, with Ofcom signaling a clear downward trend compared to last year.
The estimated number of downloaded tracks in the UK dropped from 301 million last year to 199 million in the latest measurement. In other words, according to Ofcom’s findings a third of all music piracy evaporated in a year.
The number of people who admitted to pirating music during the same period dropped as well, approximately 10% during the same time frame.
This is great news for the music industry, but neither the BPI or IFPI have cheered on the findings in a press release. It might be that they are not convinced by the data, or perhaps they too might have noticed that the unprecedented drop in piracy had virtually no effect on music sales.
Pew: Mobile Cell Phone Activities 2013
“Fully 91% of American adults own a cell phone and many use the devices for much more than phone calls. In our most recent nationally representative survey, we checked in on some of the most popular activities people perform on their cell phones and found:
- 81% of cell phone owners send or receive text messages
- 60% of cell phone owners access the internet
- 52% send or receive email
- 50% download apps
- 49% get directions, recommendations, or other location-based information
- 48% listen to music
- 21% participate in a video call or video chat
- 8% “check in” or share their location”
Perhaps my students will actually use this...
A Snappy Visual Dictionary and Thesaurus
Snappy Words is a free visual dictionary and thesaurus. Enter any word or phrase into the Snappy Words search box and it will create a web of related words, phrases, and definitions. Hover your cursor over any word or phrase in the web to read its definition. Click and drag any node to explore other branches of the web. Double click on a node and it will generate new web branches.
Snappy Words could be a good resource for students that are stuck in the rut of using the same words and phrases repeatedly in their writing. Snappy Words will give those students access to alternative words and their definitions much faster than thumbing through a thesaurus.
For my students...
Google makes Quickoffice mobile app free for everyone
… The company on Thursday announced that its Quickoffice mobile app, for viewing and editing Microsoft Office files, is now free to anyone with a Google account.
… As a bonus, Google is offering an extra 10GB of Google Drive storage for the next two years to anyone who signs up their Google account for the new Quickoffice app by September 26.
Quickoffice for iOS and Android lets users create, view, and edit Microsoft Office Excel, Word, and PowerPoint files on their mobile devices. The app is also integrated with Google Drive so files can be stored and accessed across devices.
Since we don't have a football stadium, students are looking for other sports. This may work.
'Star Wars' lightsaber thumb-wrestling goes to the digit side
Thursday, September 19, 2013
Would this apply to Alfred E. Neuman?
Court grants First Amendment protection to Facebook 'Like'
… The likable ruling was included in a decision published by the Fourth US Circuit Court of Appeals in Bland v. Roberts.
In the case, which is still ongoing, Bobby Bland and five of his co-workers in the Sheriff's Department in Hampton, Va., are suing their former employer, Sheriff B.J. Roberts, for wrongful termination. Part of the suit hinged around the question of whether liking a campaign's Facebook Page is protected speech. One of the plaintiffs, Daniel Carter, said that he was fired for liking the Page of a candidate running against Roberts in the 2009 election.
Is this the opposite of “Cool?”
Windows Phone 8 gets security thumbs-up from US government
Robert Hoover, a Windows Phone project manager, wrote on the official Windows Phone blog that Win Phone 8 has reached an "important new security milestone," which could make the platform a prospect for governments and organizations that require high security and encryption on their networks and communications platforms.
The U.S. government has granted Win Phone 8 the FIPS 140-2 (PDF) security accreditation. FIPS 140-2 is used to scrutinize and assign a level of security to devices, including tablets and smartphones, that use cryptographic algorithms to protect sensitive data stored within.
Remember the old “Practice safe hex!” campaigns? (Only $10)
USB Condoms Protect Your Data While You Charge
A company by the name of Int3.cc has just introduced what they are calling USB Condoms, a small device that goes on the end of your USB plug to protect your data from “juice jacking”, which is when someone is able to steal your data through a public charging station.
Since most phones are set up to allow data transfer just by connecting to a USB port, the USB Condoms work by blocking the data transmitters and receivers of a USB port without blocking the charging components.
… The USB Condoms are currently sold out on Int3.cc’s website, but they state that they should be getting more inventory soon.
Sort of a Big Data, Social Networking, target identifying, 'now we can squash them like a bug' kind of thing. Also useful for spreading disinformation?
US Military Scientists Solve the Fundamental Problem of Viral Marketing
Viral messages begin life by infecting a few individuals and then start to spread across a network. The most infectious end up contaminating more or less everybody.
Just how and why this happens is the subject of much study and debate. Network scientists know that key factors are the rate at which people become infected, the “connectedness” of the network and how the seed group of individuals, who first become infected, are linked to the rest.
It is this seed group that fascinates everybody from marketers wanting to sell Viagra to epidemiologists wanting to study the spread of HIV.
So a way of finding seed groups in a given social network would surely be a useful trick, not to mention a valuable one. Step forward Paulo Shakarian, Sean Eyre and Damon Paulo from the West Point Network Science Center at the US Military Academy in West Point.
These guys have found a way to identify a seed group that, when infected, can spread a message across an entire network. And they say it can be done quickly and easily, even on relatively large networks.
Ref: arxiv.org/abs/1309.2963 :A Scalable Heuristic for Viral Marketing Under the Tipping Model
Do we (here in the US) have a four-step “Get out of jail free!” procedure? (If not, could we?)
Case Note 248601  NZ PrivCmr 4 : Medical practice mitigates future harm after data breach
A doctor working in a suburban medical practice had his car broken into and bag stolen. The bag contained a USB stick holding the personal information of a number of patients, including the complainant. The data detailed the complainant’s first and last names. Also included were details of their prescribed drugs and medical diagnosis.
One of the doctor’s patients complained to us.
The medical practice acted quickly and fulfilled all four key steps an agency should follow in response to a privacy breach. These steps aim to contain the breach and reduce harm to the subjects of the breach.
Breach containment and preliminary assessment
Following a data breach, an agency must take immediate steps to contain or limit it. This includes designating an appropriate individual to lead the initial investigation and determine who needs to be notified.
The medical practice received news of the theft the following day and the manager immediately made plans to contact the affected individuals. Our complainant was informed of the breach by his general practitioner and offered a meeting with the manager to discuss the situation.
Evaluation of the risks associated with the breach
An appropriate evaluation includes considering what personal information was involved, establishing the cause and extent of the breach, considering who was affected by the breach and whether those affected might be harmed.
The manager noted that the only identifying details in this case were the complainant’s first and last name. He had frequently changed address in recent years and did not have a listed telephone number. The manager believed the main harm was that the complainant may lose trust in the medical practice. However, the complainant had continued to use the agency’s services since the breach.
The patients were notified as soon as reasonably possible. The manager of the medical practice met the complainant to discuss the theft and apologised for the loss of his personal information.
As a result of the breach, the medical practice took steps to increase the security of any data that was to leave the premises. A review was conducted of their patient information security policy. Immediate changes were drafted for sign off by the practice’s Board.
The medical practice purchased new encrypted USB sticks immediately after the data breach, to be used where data is to leave the premises. [Never before? Bob] An active register containing a list of the staff who are to use these keys was implemented and an agreement drawn up for staff to sign, acknowledging that they are responsible for the safety of the information.
Staff were advised both verbally and electronically of the new process and the medical practice ensured there was a transparent communication process with the staff about this incident.
The complainant sought damages as a result of the breach. However we were not satisfied that he suffered harm that warranted damages.
We also considered the medical practice had taken appropriate steps in the circumstances.
See our privacy breach guidelines at: http://privacy.org.nz/news-and-publications/guidance-notes/privacy-breach-guidelines-2/
(Related) Is this also possible only in New Zealand?
An insurance company has been forced to reach a settlement and change its policies after breaching a man’s privacy by accessing his full medical history without permission.
The unidentified man brought a complaint to the Office of the Privacy Commissioner after the company he applied to for trauma insurance accessed his full medical records for the previous five years.
Read more on Stuff.
Related: Case Note 226245  NZ PrivCmr 2 : Over-collection of medical notes by insurance company
A place to look. Are we as advanced as New Zealand?
I wish they had published these before I spent days revising my privacy practices notice and having them printed, but if you still need them, HHS has provided customizable templates for your notices here. Remember the new law goes into effect September 23.
(Related) Or, can we relax and let the government handle everything?
Jesse Holland and Kelli Kennedy report:
The Obama administration is planning a high-level effort to reassure Americans about the privacy and security of the information submitted under the new health care law, hoping to blunt complaints from Republican opponents that enough isn’t being done to protect consumer data.
Attorney General Eric Holder, Health and Human Services Secretary Kathleen Sebelius, Federal Trade Commission chairwoman Edith Ramirez and other federal and state officials are set to meet Wednesday at the White House to discuss security measures designed to keep scammers and identity thieves from taking advantage of what could be millions of Americans attempting to enroll for health coverage under the Affordable Care Act starting in October.
Read more on Huffington Post.
Is this an issue of just better informing/reassuring the public, or is it the case that more security and privacy protections will be introduced? It sounds like the White House will be emphasizing the former.
Another “Privacy in the Age of Big Data” article.
Patrick Ouellette reports:
Health privacy and security are often mentioned in tandem, but Deborah Peel, Founder and Chair of Patient Privacy Rights and Adrian Gropper, Chief Technology Officer of Patient Privacy Rights, took a different view in a recent Institute for Health Technology Transformation (iHT2) webcast.
The presentation, titled “Competing for Patient Trust and Data Privacy in the Age of Big Data” detailed a few of the nuances between patient data privacy and security and why privacy is so significant as healthcare organizations pull together huge data sets for health information exchange (HIE) and accountable care.
Read more on HealthITSecurity.com.
(Related) Is this a valid use of social media?
Your Deadbeat Facebook Friends Could Cost You a Loan
It's already well known that Facebook and other social media networks harvest user data and sell it to companies that use that info to peddle their products to consumers. But some lenders have begun to find a new use for this information, scrutinizing Facebook, Twitter, and LinkedIn data to determine the credit-worthiness of loan applicants. It's an unprecedented practice that consumer advocates say can be unfair or discriminatory—and one that is poised to only become more prevalent in the years ahead.
Among the US-based online lenders that factor in social media to their lending decisions is San Francisco-based LendUp, which checks out the Facebook and Twitter profiles of potential borrowers to see how many friends they have and how often they interact; the company views an active social media life as an indicator of stability.
No discrimination against the new guys...
Pandora scores legal victory against music publishers
… A federal court in New York has ruled in favor of Pandora's motion that it can play all of the songs covered in the ASCAP library, the online music service announced Wednesday. Pandora had argued that a consent decree with ASCAP gave it a blanket license to play all such music despite attempts by some publishers to negotiate their own separate deals.
The case arose when ASCAP members EMI Music Publishing, Sony/ATV Music Publishing, and Universal Music Publishing Group tried to remove their licensing rights from ASCAP as a way to negotiate directly with online radio services such as Pandora, according to Reuters. Pandora claims these withdrawals shouldn't affect its overall license with ASCAP.
The future of the education bid-ness?
The Next Step on the Path to an Online-Only Education?
MIT will soon offer a free, two-year online course sequence. (Then you pay to take a test.)
Compare and contrast the previous business with this one...
Grand Theft Auto V Makes $800 Million On First Day
Apple expected to sell 5-6M iPhone 5S, 5Cs this weekend
Even the one based on the Zombie TV show?
11 Cutting-Edge Free Online Courses Worth Taking This Fall
Just in case all my math students want to download all those math videos...
3 Ways to Download All Videos in a YouTube Channel
YouTube is great to check out videos on the fly. It’s fast, dynamic and incredibly easy to find other related videos. However, if you have to go offline, that won’t do you much good. Why not download those videos to your computer instead? Not only does this let your enjoy your videos offline, you can also use them in presentations or your own projects.
Downloading a single YouTube video is simple, but it’s a bit harder to download all the videos from a particular YouTube channel in one go. Today we’ll be offering you three ways to tackle this problem.
For my Criminal Justice students
A Smartphone Case Delivers a Defensive Jolt
The Yellow Jacket smartphone case is meant to protect more than a phone.
The $140 smartphone cover conceals a stun gun.
For all my students. Remember, you only need to find one that you like...
CherryTree: A Wiki-Style Notebook That’s Polished and Functional
Which organization tool is best for you? Evernote seems to be a wide favorite for our readers, but less conventional alternatives outside the mainstream exist. Take for example personal wiki-style notebook apps like the awesome personal wikis I wrote up recently. In that article, I praised TiddlyWiki for its speed and features, but there may be a contender on the horizon: CherryTree.
Hey! It can't hurt!
– Entrepreneurs often lack time and money to make basic branding materials – logo, website, business cards, etc – all with the same look and feel. Yet when everything matches, your business looks more professional. And potential customers recognize you more easily. Logo Garden has invented do-it-yourself (DIY) logos, then DIY websites. The result is dazzling looks, instant launch, and zero cost.
For all my students
Four Helpful Web Search Strategy Tutorials
Vaughn Memorial Library at Acadia University hosts four free animated tutorials designed to teach lessons on web research strategies. The four tutorials are Credible Sources Count, Research It Right, Searching With Success, and You Quote It, You Note It.
In Credible Sources Count students learn how to recognize the validity of information on the Internet. It's a good tutorial except for a strong emphasis on using domain names for determining validity.
Research It Right walks students through the process of forming a research question through the actual research steps.
Searching With Success shows students how search engines function. The tutorial gives clear examples and directions for altering search terms.
You Quote It, You Note It shows students what plagiarism is and how to avoid accidentally plagiarizing someone's work.
A freebie for all my students...
Wednesday, September 18, 2013
How could anyone possibly see things differently?
Ellen Nakashima reports:
A federal surveillance court on Tuesday released a declassified opinion upholding the constitutionality of the National Security Agency’s sweeping collection of billions of Americans’ phone records for counterterrorism purposes.
The gathering of “all call detail records” from phone companies is justified as long as the government can show that it is relevant to an authorized investigation into known — and, significantly — unknown terrorists who may be in the United States, the Aug. 29 opinion states.
[From the Post article:
“This isn’t a judicial opinion in the conventional sense,” said Jameel Jaffer, American Civil Liberties Union deputy legal director. “It’s a document that appears to have been cobbled together over the last few weeks in an effort to justify a decision that was made seven years ago. I don’t know of any precedent for that, and it raises a lot of questions.”
Jaffer added that the opinion was “completely unpersuasive” as a defense of the call-records program. The constitutional analysis fails to mention the landmark United States v. Jones privacy case decided by the Supreme Court last year, which suggested a warrant was necessary for long-term tracking of GPS data, he said. And Eagan’s analysis of the statute overemphasizes some terms while ignoring others, he said.
Also out of control?
From the ACLU:
[Today] the ACLU will release a report, “Unleashed and Unaccountable: The FBI’s Unchecked Abuse of Authority,” documenting the bureau’s expanded post-9/11 authorities, their impact on civil liberties in the United States, and the FBI’s evasion of oversight that enables abuses to continue today. Twelve years after 9/11, its time for the attorney general and Congress to revisit the extraordinary powers given to the federal government’s premier law enforcement agency in the haze of tragedy and initiate a top-to-bottom review of FBI policies and practices to identify and curtail any activities that are unconstitutional or easily misused.
The FBI serves a crucial role in protecting Americans from criminals and terrorists, but it must do so while guarding and respecting the rights that make the United States worth protecting. Liberty and security are not mutually exclusive: we can be both safe and free.
“Unleashed and Unaccountable: The FBI’s Unchecked Abuse of Authority” will be available here, at 10 a.m.
For my Computer Security students. First, do you have a camera?
Hack Attack: How To Keep Your Webcam Secure From Online Peeping Toms
Someone could be watching you through your webcam right now. Chances are you’re safe so don’t freak out, but you should be aware that the possibility exists.
… Fortunately, there are ways to keep yourself clean from these online peeping Toms. Keep reading to find out how.
For my students with artistic talent. Note that it links to earlier C++ code.
Redundant, but that's okay. I've listed it before.
– is a sortable database of educational resources from the Edupunks’ Guide and around the web. If you are looking for either an online or offline education resource, this page has some excellent links to choose from, such as MetaFilter, TED, and Google Code University.
I'm going to read this soon, or at least look at the Infographic.
The 12 Different Types Of Procrastinators
Tuesday, September 17, 2013
A video for my Computer Security students (and all my other students)
Perhaps a long hunting season?
Will Weissert of AP reports:
A hobbyist using a remote-control airplane mounted with a digital camera just happened to capture images last year of a Dallas creek running red with pig’s blood. It led to a nearby meatpacking plant being fined for illegal dumping and two of its leaders being indicted on water pollution charges.
Yet, a Texas law that took effect Sept. 1 tightened rules not on polluters but on taking such photographs, an effort to better protect private property from drone surveillance.
Read more on Lake Wylie Pilot.
Lets call it “eSurveillance.”
Nate Anderson reports:
Recent leaks about the NSA’s Internet spy programs have sparked renewed interest in government surveillance, though the leaks touch largely on a single form of such surveillance—the covert one. But so-called “open source intelligence” (OSINT) is also big business— and not just at the national/international level. New tools now mine everything from “the deep Web” to Facebook posts to tweets so that cops and corporations can see what locals are saying. Due to the sheer scale of social media posts, many tools don’t even aim at providing a complete picture. Others do.
For instance, consider BlueJay, the “Law Enforcement Twitter Crime Scanner,” which provides real-time, geo-fenced access to every single public tweet so that local police can keep tabs on #gunfire, #meth, and #protest (yes, those are real examples) in their communities. BlueJay is the product of BrightPlanet, whose tagline is “Deep Web Intelligence” and whose board is populated with people like Admiral John Poindexter of Total Information Awareness infamy.
Read more on Ars Technica.
[Here's how to do it:
[This one is free:
“Oh, is that still legal? We gotta fix that.” (Sort of like the new Kim Dotcom site)
Jon Brodkin reports:
After eight years of existence, file sharing service Box has built a huge user base—claiming 180,000 businesses, including 97 percent of the Fortune 500—by offering cloud storage and collaboration tools with top-notch security and regulatory compliance.
But while Box may be resistant to most criminal hackers, like most cloud storage companies, it must provide the government with customer data when it is forced to. For the vast majority of Box customers, that isn’t likely to change. However, the company is developing a system for the most security-conscious customers in which even Box management would not be able to decrypt user data—making it resistant to requests from the National Security Agency.
Read more on Ars Technica.
File this one under “What could possibly go wrong?”
Here’s a situation in which there’s clearly been a privacy breach, but the privacy issues may actually be the least of the patients’ problems.
Heather Graf reports that a former patient at the Carol Milgard Breast Center has filed a complaint after discovering three other patients’ records were mixed in with her own, raising questions of the potential for medical/treatment mistakes as well as privacy and confidentiality issues. Out of 900 pages in the patient’s medical records, 141 pages belonged to other patients.
During a deposition of the clinical supervisor of the Carol Milgard Breast Center, Tsuru’s attorneys say the clinical supervisor admitted to the error.
When asked if they’d ever had troubles or issues in regards to the electronic records, the clinical supervisor had this response:
“When they did our conversion from Zotec to the RIS, they changed the way they were doing the medical record numbers. And so it caused a migration issue for when the new system was brought up, sometimes patients’ records, especially scanned documents, ended up in the wrong place.”
Deutscher says the mistake dates back to September of 2012, and could potentially impact every patient ever treated at the facility. She also says the staff there has made no attempt to fix the problem.
Read more on KING5. Although the story keeps the local color by talking about what the state might do, I’m pondering what HHS might do. If there are less than 500 patients involved, we won’t see this one on the breach tool, and I suspect their investigation will not be completed in 6 months or less like the state’s, but this is a good one to follow. And I wonder how many entities have had similar breaches due to glitches during conversion or digitizing of records. Now that you think about it, aren’t you surprised that we haven’t seen more media stories about this type of problem?
(Related) Same category... The Doctor-Patient relationship is like Attorney-Client, right?
Tom Sullivan writes:
As a self-described “rabble rouser” Brian Ahier plans to ask his doctor to send a medical record to a free e-mail account, if only to see what happens, after the omnibus HIPAA Final Rule on Privacy and Security kicks in.
“It’s obviously not the biggest thing in the omnibus rule but it’s there, relatively unknown,” Ahier, founder of Advanced Health Information Exchange Resources (AHIER) said. “And that makes it incredibly interesting.”
Read more on Government HealthIT.
I’ve always cautioned patients about the risks of e-mail but have always sent to whatever e-mail address they provide, so for me, this will be nothing new or different.
Descendants of Ned Ludd? I would have thought they would happily give management the finger...
Jasper Hamill reports:
Cleaners working on the London Underground will resort to industrial action this week in protest against the introduction of a controversial biometric clocking-in system.
Starting at just after midnight on Thursday morning, “up to 300 cleaners” will join in the action by refusing to scan their fingerprints every time they clock on for work, said the union. Their decision will set the workers on a collision course with ISS, the Danish firm which employs them.
Read more on The Register. It seems that the cleaners are citing human dignity concerns and not pointing to any data protection or data security concerns. But maybe if we give them time…..
Something for my Ethical Hackers to recreate?
Kashmir Hill reports:
After spotting a police car with two huge boxes on its trunk — that turned out to be license-plate-reading cameras — a man in New Jersey became obsessed with the loss of privacy for vehicles on American roads. (He’s not the only one.) The man, who goes by the Internet handle “Puking Monkey,” did an analysis of the many ways his car could be tracked and stumbled upon something rather interesting: his E-ZPass, which he obtained for the purpose of paying tolls, was being used to track his car in unexpected places, far away from any toll booths.
Read more on Forbes.
[From the article:
A spokesperson for the New York Department of Transportation, Scott Gastel, says the E-Z Pass readers are on highways across the city, and on streets in Manhattan, Brooklyn and Staten Island, and have been in use for years. The city uses the data from the readers to provide real-time traffic information, as for this tool. The DoT was not forthcoming about what exactly was read from the passes or how long geolocation information from the passes was kept. Notably, the fact that E-ZPasses will be used as a tracking device outside of toll payment, is not disclosed anywhere that I could see in the terms and conditions.
Perspective Perhaps we don't need a dedicated data line?
Pew – Cell Internet Use 2013
“63% of adult cell owners now use their phones to go online, a figure that has doubled since we first started tracking internet usage on cell phones in 2009. In addition, 34% of these cell internet users say that they mostly go online using their cell phone. That means that 21% of all adult cell owners now do most of their online browsing using their mobile phone—and not some other device such as a desktop or laptop computer.”
(Related) Smart ways to use your Smartphone...
How to Automatically Download Anything to Your Android Device
… But it’s often a good idea to automatically download the stuff you want ahead of time.
Your Android device can fetch the content you want to view while it’s charging and on Wi-Fi, saving you valuable battery power and mobile data.
I have to spend more time with this App...
Turn Evernote Into An RSS Reader In A Few Easy Steps
For my students.
A 'fancy' serial number can make a $1 bill worth thousands
… At CoolSerialNumbers.com, Nashville musician and currency collector Dave Undis brings together like-minded digit-heads who have little interest in the history of money or even the denomination of a given note. Instead they are after certain patterns and series that fall under the flexible heading of “fancy” serial numbers.
Low serial numbers, from 00000001 to 00000100, are sought after, as well as palindromes (23599532), solids (with a digit that repeats eight times), seven-of-a-kinds (66666665), ladders (45678901) and important dates (12071941). The criteria get even more obscure from there: Undis is seeking a pi note, with the number 31415927. But the more apparently jumbled the digits, the less likely it is that anyone with the bill in their wallet will ever notice.
For my Statistics students. Fun with numbers, but the answer is still Never!
According To Math, Here's When You Should Buy A Powerball Ticket
Monday, September 16, 2013
We don't like you so we won't answer the phone / read your letters / turn on our fax machine. (This in an era when you don't actually need hardware to receive faxes...)
The NSA's "Transparency" Thwarted... By A Fax Machine
Starting two weeks ago, requests faxed to the Office of the Secretary of Defense (OSD) started coming back as undeliverable. After several subsequent attempts and troubleshooting on our end, MuckRock reached out to the OSD. Sure enough, their fax machine is down... possibly until November.
… It bears repeating: The office that oversees the most powerful military in history (not to mention the best-funded) is unable to project when its single fax machine will once again be operational.
So maybe I am a “Journalist?”
Watching the Senate Judiciary Committee (SJC) hearing on the “Free Flow of Information Act” (reporter’s shield law), I was concerned by remarks made by Senator Dianne Feinstein. The Senator offered an amendment that would restrict the shield or privilege to those whom she considers “real reporters.” Senator Cornyn argued persuasively – but not persuasively enough, it seems – that Congress should not be in the business of defining “journalist,” a point that has been raised by others, including EFF, who argue that it would be better to define “journalism” than “journalist.” Despite the opposition from Cornyn and other Republicans on the committee, Feinstein’s amendment passed 13-5 and the bill made it out of committee, leading me to tweet:
So I gather I wouldn’t be covered by the #shieldlaw even though I do some investigative journalism and report on it. Thanks for nuthin’, SJC
— Dissent Doe (@PogoWasRight) September 12, 2013
To my surprise, media lawyer Kurt Wimmer replied:
@PogoWasRight I think you’d be covered!
— Kurt Wimmer (@kurtwimmer) September 12, 2013
In follow-up e-mail communications, I encouraged Kurt, who’s a partner at Covington & Burling, to blog about the bill and how it affects bloggers/citizen journalists. Kurt had been honored for his work in trying to get a reporter’s shield law several years ago, and his firm is part of the coalition trying to get FFIA passed. Although some might see that as a reason not to trust his interpretation of the language of the bill as amended, I think it’s exactly the reason that we should consider his interpretation of the language seriously. In the interest of full disclosure, I should also note that I also have tremendous regard for Kurt and his dedication to representing the rights of bloggers because he and his firm represented me and PogoWasRight.org when this blog was sued a few years ago.
And so Kurt and Jeff Kosseff have written a blog post on InsidePrivacy about the bill, as amended. Here’s an excerpt from what they wrote:
Some blogs and new (sic) reports have erroneously stated that the FFIA would only cover “credentialed” or salaried journalists who work for mainstream media. The legislation, in fact, provides strong protection for new-media journalists, including bloggers.
The FFIA covers individuals who gather news and information for the public, regardless of their medium. The protection applies equally to new media, such as blogs, web sites, and news apps, and traditional media, such as newspapers, magazines, and broadcasters. The bill states that it covers journalists who distribute news “in print, electronic, or other format,” and it explicitly mentions websites and mobile apps.
You can read their full post here.
To supplement their post, I asked Kurt whether he thought the term “regular” in the second definition of “covered journalist” (below) posed any concerns for citizen journalists/bloggers:
(bb) with the primary intent to investigate events and procure material in order to disseminate to the public news or information concerning local, national, or international events or other matters of public interest, engages, or as of the relevant date engaged, in the regular gathering, preparation, collection, photographing, recording, writing, editing, reporting or publishing on such matters by—
“Regular” has a fairly straightforward definition in the case law, and we expect that there also may be some legislative history that will put some more definition around that concept. In my own view, so long as it is the general practice of the blogger in question to gather information for publication to the general public or engage in the other activities mentioned in that section, a blogger should be covered. The reason for that section generally is to ensure that the bill covers people who really engage in journalism, rather than people who just luck into information that they want to keep away from law enforcement. This has been true of efforts to protect confidential sources, dating back to a gossip columnist sued by Judy Garland in 1959. The test, which the Second Circuit formalized in the Von Bulow case, focuses on whether the subject was engaging in journalistic activities at the time the confidential source material was obtained. Otherwise, someone who isn’t a blogger or writer at all could claim to be starting a blog, writing a book, or marketing a script when confidential information happens to fall into their lap. That’s never been covered under the federal common law privilege or any of the state shield laws, and this bill would be consistent with that concept.
I also asked Kurt for his reaction to criticism by EFF and others that the bill would be better if it focused on defining “journalism” instead of “journalist.” He responded:
I was actually puzzled by EFF”s criticism — it’s as if their writer hadn’t read the Senate bill. The section of the bill that we have been discussing actually does define journalism. Those who are covered under the bill are those who meet that test. So in my view, the Senate bill (both the original version that EFF wrote about, and certainly the bill now as amended) really does focus on defining “journalism.” Those covered are those engaging in journalism. I don’t know how else you can do it, given that the rest of the bill depends on identifying a particular person who then has the benefit of the privilege set out in Section 2 of the bill — at some point, you have to decide who is “covered.”
If Kurt’s correct, that would be good news for bloggers like myself or those who file under FOI to obtain information to incorporate in their coverage of topics of public interest, or who reach out to news sources to get comments on current news stories.. Of course, the shield law doesn’t protect any journalist absolutely as there are exemptions built into the bill addressing national security concerns and other issues. But if, as Kurt and Jeff assert, the federal law would protect bloggers when state laws don’t, we may be gaining some protections we did not have. Kurt also sees the bill as providing more protection in some highly publicized cases:
… this bill would apply, if it is passed quickly enough, to Jim Risen’s case in the Fourth Circuit, in which he is in imminent danger of being jailed because of his attempt to protect a confidential source in the Jeffrey Sterling prosecution. It also would have prevented the AP subpoena, and the Fox News/Jim Rosen subpoena.
That will be of small comfort, though, to organizations like WikiLeaks and Cryptome who are seemingly intentionally excluded from coverage. Matt Drudge, who might be described as a news aggregator rather than a reporter or someone who conducts original interviews or investigation, also seems to think he’d be excluded from coverage. He tweeted:
Federal judge once ruled Drudge ‘is not a reporter, a journalist, or a newsgatherer.’ Millions of readers a day come for cooking recipes??!
I asked Kurt what changes, if any, he would like to see in the bill when it comes up on the Senate floor? He replied:
There are some elements in the House version of the bill that I do like, and it would be great if those might become a part of the Senate bill. The House bill, in particular, covers all journalistic work product, not just confidential source information. That’s pretty important, because maintaining the confidentiality of the work product of journalists is an essential element of protecting free expression. For the most part, though, I think the Senate bill reflects a careful balancing of a lot of competing values.
Obviously, this is a controversial bill and many will not agree with Kurt’s interpretation or view. So have at it in the “Comments” section if you wish.
I get the impression that Facebook made this much easier for websites that developing their own sign-in tools.
New on LLRX – Mandatory Facebook login for users trying to gain access to a third-party service
Professor Annemarie Bridy challenges the increasingly common use of mandatory Facebook login for Internet users trying to gain access to a third-party service – including posting comments to news stories, as well as viewing white papers, studies, reports and other documents.
How they are supposed do it.
The 2013 OECD Privacy Guidelines
“Over many decades the OECD has played an important role in promoting respect for privacy as a fundamental value and a condition for the free flow of personal data across borders. The cornerstone of OECD work on privacy is its newly revised Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (2013). Another key component of work in this area aims to improve cross-border co-operation [You grab data from my citizens, I'll grab data from your's.. Bob] among privacy law enforcement authorities. This work produced an OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy in 2007 and inspired the formation of the Global Privacy Enforcement Network, to which the OECD provides support. Other projects have examined privacy notices and considered privacy in the context of horizontal issues such as radio frequency indentification (RFID), digital identity management, and looked at metrics to inform policy making in these areas. The important role of privacy is also addressed in the OECD Recommendation on Principles for Internet Policy Making (2011) and the Seoul Ministerial Declaration on the Future of the Internet Economy (2008). Current work is examining privacy-related issues raised by large-scale data use and analytics. It is part of a broader project on the data-driven innovation and growth, which already produced a preliminary report identifying key issues.”
Something tells me Miley was looking to be “Banned in Boston” all along. She should be thrilled.
Here's the Miley Cyrus Web censor you've been waiting for
I don’t know why you would ever want to, but a new browser plugin allows you to erase Miley Cyrus from their Internet.
The free Google Chrome extension, “No Cyrus,” replaces all mentions of the controversial pop singer, along with related terms like “twerk” and “wrecking ball,” with pound signs.
Interesting question for my Statistics students: Would pirates give you a different “favorite show” list that Nielson ratings?
Netflix follows the pirates to decide which shows to pick up
While an opponent of illegal downloading, the streaming service tracks popular piracy targets to determine which programs to offer its customers.
For my Programming students. Ranges from K-12 to collegel level, so there is a lot to sort through.
Teach kids programming
A collection of resources
(Related) Be the one who automates someone else's job!
Report – Nearly Half of U.S. Jobs Are Vulnerable to Computerization
MIT Technology Review: “Rapid advances in technology have long represented a serious potential threat to many jobs ordinarily performed by people. A recent report (which is not online, but summarized here) from the Oxford Martin School’s Programme on the Impacts of Future Technology attempts to quantify the extent of that threat. It concludes that 45 percent of American jobs are at high risk of being taken by computers within the next two decades. [Lots of opportunity! Bob] The authors believe this takeover will happen in two stages. First, computers will start replacing people in especially vulnerable fields like transportation/logistics, production labor, and administrative support. Jobs in services, sales, and construction may also be lost in this first stage. Then, the rate of replacement will slow down due to bottlenecks in harder-to-automate fields such engineering. This “technological plateau” will be followed by a second wave of computerization, dependent upon the development of good artificial intelligence. This could next put jobs in management, science and engineering, and the arts at risk.”
For my Ethical Hackers. Dilbert gives us another example of “Why it's good to be a hacker!”