- PII was the most frequently exposed data (28.7% of breaches), followed closely by PHI (27.2% of breaches).
- Lost/Stolen Laptop/Devices were the most frequent cause of loss (20.7%), followed by Hackers (18.6%).
- Healthcare was the sector most frequently breached (29.3%), followed by Financial Services (15.0%).
- Small Cap ($300M-$2B) and Nano cap (< $50M) companies experienced the most incidents (22.9% and 22.1% respectively). Mega?Cap (> $100B) companies lost the most records (45.6%).
- The median number of records lost was 1,000. The average number of records lost was 2.3 million. [What a wild distribution! Bob]
- Claims submitted for this study ranged from $2,500 to $20 million. Typical claims, however, ranged from $25,000 to $400,000.
- The median claim payout was $242,500. The average claim payout was $954,253. However, many claims in our dataset have not yet been paid. If we assume that, at a minimum, the SIR will be met, the median claim payout would be $250,000 while average claim payout would be $3.5 million.
- The median per record cost was $107.14. The average per record cost was $6,790. However, if we exclude outliers (incidents with a low number of records exposed but extremely high payouts), the median per?record cost was $97 and the average per?record cost was $307.
- The median cost for Crisis Services (forensics, notification, credit monitoring and legal guidance) was $209,625. The average cost for Crisis Services was $737,473.
- The median cost for legal defense was $7,500. The average cost for legal defense was $574,984.
- The median cost for legal settlement was $22,500. The average cost for legal settlement was $258,099.
Saturday, November 02, 2013
Granted that the “network” handled low level data, but really, FOUR YEARS? No one noticed (did they even look?) for four years?
Angela Moscaritolo reports:
The Finnish government has confirmed it suffered a “serious data security violation,” which was reportedly carried out over a period of four years and allowed hackers to pilfer unspecified amounts of data.
The breach affected the Finnish Foreign Service Internet network, which contains information and data “of the lowest classification level,” according to a statement from Finland’s Ministry for Foreign Affairs. The leak did not affect classified, confidential, or secret information, and there is no indication that any international data was stolen.
Read more on PCMag.
Do I have your attention now? Even without the skew introduced but exceptionally large breaches, the numbers should make for interesting boardroom conversation.
NetDiligence has released its 2013 report on “Cyber Liability & Data Breach Insurance Claims” based on actual claims submitted:
This report summarizes our findings for a sampling of 145 data breach insurance claims, 140 of which involved the exposure of sensitive data in a variety of sectors, including government, healthcare, hospitality, financial services, professional services, retail and many more.
Their key findings include:
You can download the report here (pdf).
Something to pass along to your Computer Security Manager
How To Avoid CryptoLocker Ransomware
Ouch! So nasty I love it!
New Yorker cover takes Obamacare back to the tech past
Would you let this man into your country? Imagine what he might reveal!
In letter to German lawmakers, Snowden speaks of his 'moral duty to act'
In a letter delivered to German lawmakers Friday, former NSA contractor Edward Snowden said he'd like to be able to travel to their country to assist in a parliamentary investigation of mass surveillance, and he accused the US government of "systemic violations of law" and of "criminalizing political speech."
Why would a Satellite or Cable company do this?
The Federal Court of Canada has ordered Canadian cable giant Bell TV to pay a Beechville, N.S., man $21,000 in damages after the company accessed his credit report without permission.
In a ruling this week, the court used harsh language to describe Bell’s conduct, saying the matter was “reprehensible” and chided the company for not even showing up to the court hearing.
The ultimate in eavesdropping?
DARPA developing implant to monitor brain in real time
Interesting. Is it a “Privacy Right,” or do we have a “Right to be left alone?” I think the latter is more easily defined and certainly more obviously violated.
Orin Kerr writes:
United States privacy law traditionally has only protected the privacy of those in the United States and U.S. citizens abroad. Over at Just Security, David Cole argues that this should change. Privacy is a human right, he argues, and U.S. law should protect the privacy of foreigners all around the world. David offers three pragmatic reasons for his approach, but I don’t find his arguments persuasive.
Read more on Lawfare.
Worth setting your DVR?
The Privacy and Civil Liberties Oversight Board will be holding a public hearing on Monday, November 4:
Consideration of Recommendations for Change: The Surveillance Programs Operated Pursuant to Section 215 of the USA PATRIOT Act and Section 702 of the Foreign Intelligence Surveillance Act
All sessions will be streamed live on www.c-span.org and live on Networks:
9:15a-11:45a C-SPAN 2 1:15p-4:30p C-SPAN
If you’d like to attend in person, the hearing will be held at:
Renaissance Mayflower Hotel – Grand Ballroom
1127 Connecticut Ave NW, Washington DC
The doors open at 8:45 am.
When people started putting TVs in cars, many states passed laws forbidding the placement of screens where drivers could see them and be distracted. Will those laws need to be modified?
Hudway app delivers windshield HUD for driving
… Hudway is a free iPhone app (coming for Android by February of next year) that reflects driving directions onto your windshield for low-visibility conditions.
It works off the back of Google Maps. You build a route on the map, which the app then preloads so it can be used offline -- useful if connection is intermittent or you don't want to use data. You then place your phone on your dashboard (we recommend securing it with some kind of mount or Blu-tack) and driving directions are displayed reflected off the glass.
A very tough business model to figure out. Even then, would it be truly profitable?
Peapod who? Online grocer shows Amazon, Walmart how it's done
… Groceries in general is not an easy business. The margins are low, the products are perishable, and the storing and transportation details can be complex. But the potential rewards are worth reaping.
There are more than 115 million households in the US, according to Balzer, and everybody needs to eat. Even a small piece of the grocery business means billions of dollars for companies, he said.
I think we need videos like these that do not assume an elementary school audience. I have math students who were never exposed to some of these basic concepts. (It wouldn't hurt to stop talking down to the younger ones either...)
– Math is a subject which everyone pretty much dislikes, but it is essential to be able to add, subtract, multiply, and devide numbers, if you are going to be financially literate in life. Therefore young kids should improve their math as much as possible. Math Live is an interactive site with lessons on all areas of math.
Just to illustrate the technologies
Turn an Android Device Into a Laptop With Four Keyboard Technologies
Friday, November 01, 2013
Wow! The things we say when our brains are disengaged... Sort of the elected official's version of “I was just following orders!” In this case, “I didn't tell them to do it! My underlings just followed their written procedures.”
Dan Roberts, Spencer Ackerman, and Paul Lewis report:
John Kerry, the US secretary of state, conceded on Thursday that some of the country’s surveillance activities had gone too far, saying that certain practices had occurred “on autopilot” without the knowledge of senior officials in the Obama administration.
In the most stark comments yet by a senior administration official, Kerry promised that a previously announced review of surveillance practices would be thorough and that some activities would end altogether.
Read more on The Guardian.
Truly good encryption is indistinguishable from random gibberish. So are attempts at encryption that fail in the middle of the process. What happens when the court insists I must “decrypt” a file that I can not decrypt? OR I do decrypt a file and it is the archive of correspondence with my lawyers? (How much evidence can I poison at once?)
Kate Crockford writes:
Can the government force you to decrypt your hard drive? Do the Fifth Amendment of the United States Constitution and Article 12 of the Massachusetts Declaration of Rights protect us from being compelled to disclose or enter our encryption keys, and thereby potentially incriminate ourselves? The answer to these questions in Massachusetts hinges on the Supreme Judicial Court’s upcoming decision about whether decrypting a computer is like giving someone a key or a combination to a safe, or instead, if it’s like translating words from one language to another.
Read more on ACLU’s blog.
A really interesting description of LinkdIn's new “service.” If you or your colleagues use LinkedIn, you should read this and perhaps reconsider.
Disassembling the privacy implications of LinkedIn Intro
LinkedIn Intro has already become known by many names: A dream for attackers, A nightmare for email security and privacy and A spectacularly bad idea to mention but a few. Harsh words. The general consensus of people I’ve spoken to is that it’s fundamentally stupid and about the worst thing you could consider doing with your privacy. It looks like this:
Kind of an overview. Should be a lot more detail available somewhere.
Somini Sengupta reports:
State legislatures around the country, facing growing public concern about the collection and trade of personal data, have rushed to propose a series of privacy laws, from limiting how schools can collect student data to deciding whether the police need a warrant to track cellphone locations.
Read more on The New York Times.
I'm seeing more companies at least designate a part-time Privacy guru. Would a “C-level” officer be responsible for all privacy failures?
Does your state education department have a Chief Privacy Officer? Probably not, but it’s a good idea.
Sheila Kaplan (@EducationNY) testified before the NYS Senate Standing Committee Hearing on Public Education this week. You can read her written testimony here (pdf). Here’s part of her testimony:
In order to address these challenges comprehensively, each state would benefit from a Chief Privacy Officer in its Department of Education. The broad goal of a CPO is to promote the implementation of fair information practices for privacy and security of personally identifiable information (PII). Working with privacy experts, I drafted the model bill Chief Privacy Officer for Education Act that can easily be adapted to meet states’ needs. [See Exhibit 4, Chief Privacy Officer for Education Act; attached.]
Under the proposed model bill, the CPO would advise students, parents and other individuals about options and actions that they can take to protect the privacy and security of PII; make recommendations on privacy and security to the governor, state legislatures and agencies, schools, parents and students; and conduct oversight of privacy and security activities of organizations handling and storing student data.
What are my students interested in?
How to Create Google Scholar Alerts
Google Scholar, like Google Books, is one of the research tools that high school students often overlook. Searching on Google Scholar is not like searching on Google.com or searching in any other public search engine.
Google Scholar indexes scholarly, peer-reviewed academic papers, journals, theses, books, and court opinions. These are materials that students usually won't find through Google.com, Bing, or Yahoo search. Just they can do for Google.com searches, students can create Google Scholar alerts. Google Scholar alerts notify students when new materials related to their search queries appear on Google Scholar. The screenshots below offer directions for creating Google Scholar alerts. (Click the images to view them in full size).
How to Hear Sign Language
So if I use my Statistics and Computer Science skills to Mine and Analyze your data, will I get rich?
Will the Next Nate Silver Please Stand Up?
Ever since Nate Silver made a splash with his freakishly accurate election predictions, all sorts of companies have been looking for their own rock-star data scientists. The trouble is that these people are hard to come by — few can blend computer science with applied mathematics in a way that produces truly effective data science — and for many companies, it’s not even clear that they really need this kind of expertise.
Shashi Upadhyay, CEO of analytics outfit Lattice Engines, which helps companies tackle data science, has seen this issue firsthand. “Customers ask us: do we need to hire data scientists?” he says. “It’s a question that’s been debated a lot: should the chief marketing officer of the future be a data scientist?”
Thursday, October 31, 2013
“Tis the season...” (The article has pictures)
Nordstrom Finds Cash Register Skimmers
Scam artists who deploy credit and debit card skimmers most often target ATMs, yet thieves can also use inexpensive, store-bought skimming devices to compromise modern-day cash registers. Just this past weekend, for instance, department store chain Nordstrom said it found a half-dozen of these skimmers affixed to registers at a store in Florida.
The fraud devices in this case resemble small keyloggers that are sold by dozens of stores for approximately $30 to $40 apiece. These hardware keyloggers are essentially Ps/2 connectors that are about an inch in length. The tiny data storage devices are usually purple in color to match the color-coded standard for keyboards, and are made to be inserted between the male end of a PS/2 keyboard connector and the female receptor on a computer.
Resources for Computer Security
CRS – Cybersecurity: Authoritative Reports and Resources
by Sabrina I. Pacifici on October 30, 2013
Cybersecurity: Authoritative Reports and Resources - Rita Tehan, Information Research Specialist. October 25, 2013
“Cybersecurity is a sprawling topic that includes national, international, government, and private industry dimensions. In the 113th Congress, 5 bills have been introduced in the Senate and 7 in the House. More than 40 bills and resolutions with provisions related to cybersecurity were introduced in the first session of the 112th Congress, including several proposing revisions to current laws. In the 111th Congress, the total was more than 60. Several of those bills received committee or floor action, but none became law. In fact, no comprehensive cybersecurity legislation has been enacted since 2002. This report provides links to cybersecurity hearings and legislation under consideration in the 113th Congress and those considered in the 112th Congress, as well as executive orders and presidential directives, data and statistics, glossaries, and authoritative reports.”
Interesting question in the age of Big Data...
“But Officer, I wasn't texting I was watching a safe driving video!”
Woman gets ticket for wearing Google Glass while driving
Clearly, this is where they've been heading.
Every move you make
Every vow you break
Every smile you fake
Every claim you stake
I'll be watching you The Police (who else)
Every vow you break
Every smile you fake
Every claim you stake
I'll be watching you The Police (who else)
Facebook contemplates tracking your every move
Facebook is testing new Web and mobile tracking methods to better understand member behavior and determine things such as how long people hover over various types of content. The company is mulling whether to incorporate such data collection practices on a broader scale, The Wall Street Journal reported Wednesday.
The social network ultimately aims to enhance its existing collection of demographic and behavioral data on members, and would use the additional information to improve its products and advertising targeting capabilities, Ken Rudin, Facebook's head of analytics, told the Journal.
Amazing how you can do research in real time... (Unless you work for the government)
The Most Embarrassing Possible Split-Screen Happened While Kathleen Sebelius Testified On Obamacare
Something my Website students can duplicate...
Side-scrolling, Mario-inspired resume rocks the job hunt
For my Ethical Hackers (and Computer Security managers everywhere!)
40 inappropriate actions to take against an unlocked PC
For my Computer Security students.
If you are a cyber security expert – or you are on your way to becoming one – you’d better stock up on Ray-Bans. Your future is so bright, you’re going to need them.
According to an article published by NBC News, there is a global shortage of skilled cyber security professionals.
The U.S. Bureau of Labor Statistics says the number of Information Technology security roles in the U.S. will increase by some 22 percent in the decade to 2020, creating 65,700 new jobs. Experts say it is a similar situation globally, with salaries often rising 5-7 percent a year.
I can't wait!
Aereo to launch in Denver as it scampers to year-end goal
Didn't I put a few in your stocking a few years back? I still need to find an Economist to explain this to me.
Man forgets he once bought $25 of Bitcoins -- now worth $848K
I know I do it all wrong.
Tips to Write Successful Blog Posts and Draw in More Readers
… Yes, there are lots of SEO techniques and SEO tools that you can use to draw in traffic, but what good is bringing in the crowds if they just take one look at your writing and leave immediately? In this article, I’m going to draw from about a decade of blogging experiences and lessons learned and provide you with a list of 5 critical things that make up a killer blog post.
Fair use? Might make for some interesting “Bad Lip Reading” videos...
– is a resource for teachers to make their own video lessons, using videos already on the Internet in places like YouTube, Khan Academy, EDpuzzle and more. When you have specified the URL, crop it to the part you need, and change the audio to your own voice explaining things your own way, also including questions, quizzes, notes, clarifications and a conclusion.
Wednesday, October 30, 2013
If your Computer Security manager hasn't contacted you, you need to send him this article. Question: Is it ethical to pay the ransom?
CryptoLocker Is The Nastiest Malware Ever & Here’s What You Can Do
Ransomware is an especially odious type of malware. The way it works is simple. Your computer will be infected with some malicious software. That software then renders your computer entirely unusable, sometimes purporting to be from local law enforcement and accusing you of committing a computer crime or viewing explicit pictures of children. It then demands monetary payment, either in the form of a ransom or a ‘fine’ before access to your computer is returned.
Horrible, isn’t it? Well, get ready to meet CryptoLocker; the evil patriarch of the Ransomware family.
CryptoLocker is a piece of malware targeting computers running the Microsoft Windows operating system. It is typically spread as an email attachment, often purporting to be from a legitimate source (including Intuit and Companies House).
Will this prove to be the final solution?
EPIC – Leahy and Sensenbrenner Introduce USA FREEDOM Act
“The Democratic Chair of the Senate Judiciary Committee and the Republican author of the Patriot Act have introduced the USA FREEDOM Act, which would reform the Foreign Intelligence Surveillance Act and limit NSA surveillance activities. A bi-partisan coalition, including 17 Senators and 70 Members of Congress, have joined as original co-sponsors. Key provisions of the FREEDOM Act increase transparency of intelligence activities, prevent end-runs around the FISA Court, and improve public reporting. In 2012 EPIC testified before the House Judiciary Committee about the need to reform FISA and to improve oversight of the FISA court. The FREEDOM Act also ends the controversial bulk phone records collection program. EPIC has brought a challenge in the Supreme Court to the phone records program, explaining that it is unlawful under current law. For more nformation, see EPIC: In re EPIC and EPIC – Foreign Intelligence Surveillance Act.”
So I'll need to Photoshop a few (dozen) drivers licenses. No problem.
JG Vibes reports:
This week a large number of Facebook users have been locked out of their accounts and are being forced to submit a government ID before they are allowed to log back in. This is part of a process that Facebook began over a year ago, which seeks to remove any trace of anonymity from Facebook, so every single profile is attached to someones personal identity.
Similar mass lockouts have occurred on Facebook in the past, most recently in January this year.
“This is just a general practice for both Facebook and Instagram to request photo IDs for verification purposes depending on what type of violation may have occurred,” Facebook said at the time.
Read more on Intellihub.
[From the article:
According to Facebook help section:
We require everyone using Facebook to use their real name and birthday. This way, you always know who you’re connecting with. When we discover accounts that look fake or like they’re using fake information, we ask the owner to confirm that they are who they say they are.
In most cases, the easiest way to confirm your identity is to follow the on-screen steps to enter your mobile phone number and request a code.
If can’t verify your account using your mobile number, you’ll need to provide a copy of your photo ID. This could be a scanned copy or a close-up photo you’ve taken. We’ll permanently delete this document after we resolve your issue.
Significant opportunities for my Data Analysis students? (Since we analyze Open Data) Note: This is also “Big Data”
Open data: Unlocking innovation and performance with liquid information
Open data—machine-readable information, particularly government data, that’s made available to others — “has generated a great deal of excitement around the world for its potential to empower citizens, change how government works, and improve the delivery of public services. It may also generate significant economic value, according to a new McKinsey report. Our research suggests that seven sectors alone could generate more than $3 trillion a year in additional value as a result of open data, which is already giving rise to hundreds of entrepreneurial businesses and helping established companies to segment markets, define new products and services, and improve the efficiency and effectiveness of operations. Although the open-data phenomenon is in its early days, we see a clear potential to unlock significant economic value by applying advanced analytics to both open and proprietary knowledge. Open data can become an instrument for breaking down information gaps across industries, allowing companies to share benchmarks and spread best practices that raise productivity. Blended with proprietary data sets, it can propel innovation and help organizations replace traditional and intuitive decision-making approaches with data-driven ones. Open-data analytics can also help uncover consumer preferences, allowing companies to improve new products and to uncover anomalies and needless variations. That can lead to leaner, more reliable processes.”
(Related) Or maybe not? Actually, my students can write the programs that automate their analysis.
Commentary – America’s Incredible Shrinking Information Sector
Vision Statement: America’s Incredible Shrinking Information Sector - Interactive by Alvin Chang; Analysis by Hank Robison
“The information industry – which the U.S. Bureau of Labor Statistics defines as processors, producers, and distributors of data, informational, and cultural products—shed more jobs in the first decade of the millennium than any other sector except manufacturing. Down more than 750,000 jobs, the industry accounts for about 2% of the U.S. market and 4.6% of America’s GDP. The losses seem surprising, given that information businesses have long been assumed to be an engine of the modern economy. The culprit, ironically enough, is tech-driven innovation, which has produced dramatic gains in efficiency and widespread automation.”
My Math students will be thrilled! (Not really, but I can dream)
Wikispaces Adds GeoGebraTube to Their Widget Library
Math teachers who use Wikispaces may be happy to learn that Wikispaces has just added GeoGebraTube to their education widget library. GeoGebraTube is a large gallery of models and animations created by GeoGebra users. The gallery currently has more than 48,000 submissions.
To add a GeoGebraTube element to your wiki just open the editor on any of your wiki's pages, select "widget," then choose "education" to find the GeoGebraTube widget. You can browse through the GeoGebraTube gallery while still in Wikispaces. You can preview the widget before it goes live on your wiki.
Tuesday, October 29, 2013
So are we saying Adobe could not determine from their records how many records were taken?
Brian Krebs has updated his investigation into the Adobe hack that was originally reported to have affected 2.9 million customers.
In a post on KrebsonSecurity.com today, Brian writes that at least 38 million are affected.
But just this past weekend, AnonNews.org posted a huge file called “users.tar.gz” that appears to include more than 150 million username and hashed password pairs taken from Adobe. The 3.8 GB file looks to be the same one Hold Security CTO Alex Holden and I found on the server with the other data stolen from Adobe.
Adobe spokesperson Heather Edell said the company has just completed a campaign to contact all existing users whose login and encrypted password information was stolen, urging those users to reset their passwords. She said Adobe has no indication that there has been any unauthorized activity on any Adobe ID involved in the incident.
In a statement to Krebs, Adobe writes:
“So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users,” Edell said [emphasis added]. “We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not.”
Read more on KrebsonSecurity.com.
If anyone would retaliate for a cyber attack, the Israelis would. But who do you retaliate against?
Israeli Tunnel Hit by Cyber Attack, Experts Say
Remember, it's not Health Care, it's almost every government IT project.
The Stunning Negligence That Doomed Obamacare's Launch
If you can't make a logical argument, make an illogical one.
EPIC has filed a reply brief in In re EPIC with the U.S. Supreme Court, responding to the Government’s brief, which was filed after two extensions. The government argues the Supreme Court cannot hear the case. EPIC responded that it “simply cannot be correct” that the order of the Foreign Intelligence Surveillance Court, an inferior court, is not reviewable by the Supreme Court. EPIC also explained that the order is clearly unlawful. “No court has ever determined that ‘relevance’ permits the compelled production of such vast quantities of irrelevant personal information,” EPIC said, noting that Congressman Sensenbrenner, co-author of the USA PATRIOT Act, has written that “This expansive characterization of relevance makes a mockery of the legal standard.” EPIC also outlined the extraordinary impact of the NSA telephone record collection on all Americans: “These telephone records are unique and identifiable, and reveal a great deal of private information about millions of telephone users. In no instance has the Government established any individualized suspicion [Not exactly how the military (the NSA'a client) works. Bob] to support the collection of this information.” For more information, see In re EPIC.
We were talking “e-Discovery” at the Privacy Foundation's Big Data seminar last Friday (No video, no audio, no transcript – you REALLY had to be there) Interesting to find a whole website devoted to “Best Practices” for lawyers.
Judge Grimm’s New Discovery Order Is Now An e-Discovery Best Practice – Part One
Judge Paul Grimm’s new Discovery Order, which, to my knowledge, he now enters in every medium or large size case before him in District Court in Maryland, has just been included in Electronic Discovery Best Practices (found at EDBP.com).
What would George Washington do?
DNI Clapper Declassifies Additional Intelligence Community Documents Regarding Collection Under Section 501 of the Foreign Intelligence Surveillance Act
From IC on the Record, yesterday:
In June of this year, President Obama directed me to declassify and make public as much information as possible about certain sensitive intelligence collection programs undertaken under the authority of the Foreign Intelligence Surveillance Act (FISA) while being mindful of the need to protect national security. Consistent with this directive, in September 2013, I authorized the declassification and public release of a number of documents pertaining to the Government’s collection of bulk telephony metadata under Section 501 of the FISA, as amended by Section 215 of the USA PATRIOT Act (Section 215). Today I am authorizing the declassification and public release of a number of additional documents relating to collection under Section 215. These documents were properly classified, and their declassification is not done lightly. I have determined, however, that the harm to national security from the release of these documents is outweighed by the public interest.
Release of these documents reflects the Executive Branch’s continued commitment to making information about this intelligence collection program publicly available when appropriate and consistent with the national security of the United States. Additionally, they demonstrate the extent to which the Intelligence Community kept both Congress and the Foreign Intelligence Surveillance Court apprised of the status of the collection program under Section 215. Some information has been redacted because these documents include discussion of matters that continue to be properly classified for national security reasons and the harm to national security would be great if disclosed. These documents will be made available at the website of the Office of the Director of National Intelligence and at ICOntheRecord.tumblr.com, the public website dedicated to fostering greater public visibility into the intelligence activities of the U.S. Government.
Identify potential epidemics without medics in black helicopters dropping in to make sure you “eat healthy.”
Elizabeth Harrington reports:
The National Library of Medicine (NLM) is “mining” Facebook and Twitter to improve its social media footprint and to assess how Tweets can be used as “change-agents” for health behaviors.
The NLM, a division of the Department of Health and Human Services (HHS), will have software installed on government computers that will store data from social media as part of a $30,000 project announced last week.
Read more on Washington Free Beacon.
I’m not sure what to make of this. Is the NLM going to be downloading all tweets in a publicly searchable archive like the Library of Congress?
I an think of a few CEOs that would find this rather intimidating. Welcome to the Internet Age.
Zach Miners reports:
Facebook CEO Mark Zuckerberg sometimes speaks quickly and his statements on Internet privacy are not always clear, so researchers have created an archive to collect everything the executive has said publicly, aimed at gaining a better understanding of where the company stands on privacy.
The University of Wisconsin-Milwaukee is hosting the Zuckerberg Files, a digital treasure trove containing over 100 full-text transcripts and about 50 video files documenting Zuckerberg’s public statements for scholars to download and analyze.
Read more on Computerworld.
Speaking of Facebook...
Facebook Data Scientists Know Who Your Lover Is
… In a new paper, they write that embeddedness is an at best mediocre predictor of that special something. Relying on embeddedness, they were able to accurately predict Facebook users' significant others 24.7 percent of the time.
Another measure fared much better: "dispersion," or how many different networks of theirs a person's friend shares. In other words, your significant other won't just share many friends with you, but friends from all walks of life: your colleagues, your high school buds, your college friends, your family, and so on. Using dispersion, Backstrom and Kleinberg doubled their accuracy: 50 percent of the time, a person was romantic partners with the person who was the most dispersed across his or her social network. For married people, their accuracy rose to 60 percent, a figure which they say is more than 30 times higher than random guessing would produce (everyone in their sample had at least 50 friends).
Pew – Photo and Video Sharing Grow Online
by Sabrina I. Pacifici on October 28, 2013
“A new study by the Pew Research Center’s Internet Project [by Maeve Duggan] shows that 54% of internet users have posted original photos or videos to websites and 47% share photos or videos they found elsewhere online. The mobile landscape has also added to photo- and video-sharing. Apps like Snapchat and Instagram have capitalized on the ubiquity of cell phones and smartphones that make it simple to upload and share images. Some 9% of cell phone owners use Snapchat and 18% use Instagram. This is the first time the Pew Internet Project has asked cell owners about Snapchat and Instagram.”
Monday, October 28, 2013
Your government at work.
President Obama has called cybersecurity a top priority, but the State Department cable and messaging system, built and maintained — like the troubled ObamaCare system — mainly by large IT contractors, has routinely failed to meet basic security standards, according to internal documents obtained by BuzzFeed.
Emails and other documents suggest security has been a standing problem in State Department systems, handling both classified and unclassified material, since at least 2009. Earlier this month, BuzzFeed reported on the department’s systemic and severe lack of security, including unsecured servers, workstations, unencrypted transfer of secret material, and the intermixing of classified and nonclassified information.
These newly obtained documents add to the picture, revealing that the department lacks even a basic monitoring system to determine unauthorized access or modification of files. Security on the unclassified systems appears problematic, as there is potential access to classified information, even inadvertently, and back-door access to servers.
No doubt this will solve everything!
Katharine Goodloe writes:
Under a new self-regulatory code released earlier this week, brick-and-mortar retailers that track customer in-store movements using mobile phone WiFi signals must disclose the practice to customers and allow them to opt out.
The code was created by the Future of Privacy Forum (FPF) and a group of mobile analytics companies. It was announced jointly by the FPF and by Sen. Charles Schumer, who in July called on the Federal Trade Commission to require retailers to allow customers to opt-out of the tracking. Sen. Schumer praised the code as a significant step forward, but noted there is “still much more work to be done.”
Read more on Covington & Burling Inside Privacy.
They're here. Learn to use them.
Open Access, Megajournals, and MOOCs
Open Access, Megajournals, and MOOCs – On the Political Economy of Academic Unbundling – by Richard Wellen. SAGE Open October-December 2013 vol. 3 no. 4 2158244013507271. The online version of this article can be found at: DOI: 10.1177/2158244013507271.
“The development of “open” academic content has been strongly embraced and promoted by many advocates, analysts, stakeholders, and reformers in the sector of higher education and academic publishing. The two most well-known developments are open access scholarly publishing and Massive Online Open Courses (MOOCs), each of which are connected to disruptive innovations enabled by new technologies. Support for these new modes of exchanging knowledge is linked to the expectation that they will promote a number of public interest benefits, including widening the impact, productivity, and format of academic work; reforming higher education and scholarly publishing markets; and relieving some of the cost pressures in academia. This article examines the rapid emergence of policy initiatives in the United Kingdom and the United States to promote open content and to bring about a new relationship between the market and the academic commons. In doing so, I examine controversial forms of academic unbundling such as open access megajournals and MOOCs and place each in the context of the heightened emphasis on productivity and impact in new regulatory regimes in the area of higher education.”
(Related) Also cutting edge.
How to get the most out of library e-books via the right gadget, text to speech, and otherwise
Via LLRX.com – Want to hear text to speech from free library books on your 50-mile commute? Even if you own an Android machine and the usual app can’t do “read-aloud” unless audiobooks count? A new, expert and insightful report by David Rothman focuses on the new Kindle Fire HDXes. He recommends them to be among the top choices if you care more about reading than about tech and can accept Amazon’s proprietary requirements. His article is written for both library staffers and patrons who are passionate about e-books.
I've been trying to get my students thinking about retirement. Well, “Life, the Universe and Everything,” actually...
Research Brief – Social Security’s Real Retirement Age Is 70
Center for Retirement Research, Boston College – IB#13-15 by Alicia H. Munnell
“The brief’s key findings are:
- Due to increases in Social Security’s Delayed Retirement Credit, the effective retirement age is now 70, with monthly benefits reduced for earlier claiming.
- Benefit levels at 70 appear appropriate given that rising deductions for Medicare and greater benefit taxation have reduced Social Security’s net replacement rates.
- The shift to 70 should be feasible for many workers given increases in lifespans, health, and education.
- But vulnerable workers forced to claim early will have low benefits and will be particularly harmed by any further cuts.
- Policymakers need to inform those who can work that 70 is the new retirement age and devise ways to protect those who cannot work.”
A look at a bunch of books, some of which might be useful?
New York Review of Books – The fast pace of change on the information superhighway
Are We Puppets in a Wired World? - Sue Halpern highlights new books on a range of issues including privacy, big data, social media and predictive analysis in relationship to e-commerce.
“In the first five years of the new millennium, Internet use grew 160 percent; by 2005 there were nearly a billion people on the Internet. By 2005, too, the Internet auction site eBay was up and running, Amazon was in the black, business-to-business e-commerce accounted for $1.5 trillion, while online consumer purchases were estimated to be between $142 and $772 billion and the average Internet shopper was looking more and more like the average shopper. Meanwhile, entire libraries were digitized and made available to all comers; music was shared, not always legally; videos were made, many by amateurs, and uploaded to an upstart site (launched in 2005) called YouTube; the online, open-source encyclopedia Wikipedia had already begun to harness collective knowledge; medical researchers had used the Internet for randomized, controlled clinical trials; and people did seem to have a lot to say to each other—or at least had a lot to say. There were 14.5 million blogs in July 2005 with 1.3 billion links, double the number from March of that year. The social networking site Facebook, which came online in 2004 for Ivy Leaguers, was opened to anyone over thirteen in 2006. It now has 850 million members and is worth approximately $80 billion. The odd thing about writing even a cursory reprise of the events attendant to the birth of the Internet is that those events are so recent that most of us have lived through and with them. While familiar—who doesn’t remember their first PC? who can forget the fuzzy hiss and chime of the dial-up modem?—they are also new enough that we can remember a time before global online connectivity was ubiquitous, a time before the stunning flurry of creativity and ingenuity the Internet unleashed. Though we know better, we seem to think that the Internet arrived, quite literally, deus ex machina, and that it is, from here on out, both a permanent feature of civilization and a defining feature of human advancement.”
Worth a peek?
Bulb - Create and Share Collections of Educational Media
Bulb is a new service through which you can create, share, and browse through collections of educational materials. On Bulb you can create your own collections of text, images, and videos. You could create collections of materials about an academic topic or about a skill that you want to help others learn.
You can browse Bulb and view the collections without registering on the site. To create your own collections you will have to create an account. Once your account is created you can develop collections of materials. Each of your collections can have multiple chapters. For example, this collection of materials about digital literacy has seven chapters. As you create your collections on Bulb you can write text, upload or link to pictures, and upload or link to YouTube videos. All collections can be shared via email and through popular social networks like Twitter and Google+.
The basic idea of creating collections of educational materials could be accomplished on any number of wiki and website services. The appeal of Bulb is that you and your students wouldn't have to worry about managing layouts, controlling editor permissions, or any technical work. The other nice aspect of Bulb is that you and your students can browse through the collections created by others.
For my Ethical Hackers. When you leave no footprints, you are ready, Grasshoppers.
Mozilla Introduces Lightbeam To Help Users Visualize How They Are Tracked
Mozilla has announced a new add-on for Firefox called Lightbeam that allows users to see exactly how they are being tracked while they surf the Web. The add-on works by recording what websites you visit and what third-parties are connected to those websites, and then displaying that information in a visually appealing and digestible format.
An Infographic for my website students! (not really)
Flowchart: Executing Your Killer Idea For A Website
So my students can (remote) control the world!
Forget Phone Calls – Your Android Can Remote Control Everything
Thou shalt not “get even” with thy Professor (at least until your grades are turned in)
Here's How You Can Create Those Personalized Comic Strips That Are Popping Up All Over Facebook
Sunday, October 27, 2013
Has anyone asked if there were any websites that “could not” be hacked by a 12-year-old? Were any CIOs or even Computer Security managers fired?
12-year-old Canadian boy admits to hacking police and government sites for Anonymous
… The boy pleaded guilty to three charges related to hacking websites that included those of Montreal police, the Quebec Institute of Public Health, the Chilean government and some non-public sites.
The attacks took some of the sites offline for up to two days, at what police estimated as a cost of $60,000 in damages. A more detailed report will be handed over next month when the boy is sentenced, according to the Toronto Sun.
Local interest. What made them look at Muhtorov? Nothing. So they looked at everyone in Colorado and waited for something “interresting” to pop up?
Robert Barnes and Ellen Nakashima report:
The Justice Department on Friday informed a terrorism suspect in Colorado that it intends to use evidence against him gathered through the government’s warrantless surveillance program, a move that will likely lead to a constitutional challenge to the law.
It is the first time the government has informed a criminal defendant that it intends to use “information obtained or derived from acquisition of foreign intelligence information conducted pursuant to the Foreign Intelligence Surveillance Act.”
Read more on Washington Post.
[From the article:
The notification came in the government’s case against Jamshid Muhtorov, a refugee from Uzbekistan who lives in Aurora, Colo. He was charged in 2012 with giving material aid to the Islamic Jihad Union, and he and another man were suspected of trying to participate in a terrorist attack planned by the group.
(Related) It's only a concern if you rely on others to do your encryption. You use an encrypted service to mask your encrypted messages, which would stand out on an unencrypted service.
There’s a great write-up by Jennifer Granick on the Lavabit case and its implications for all of us. Do read it on JustSecurity.org.
(Related) Lessons learned when the “black helicopters” drop in on you? READ THIS ARTICLE
Mega CEO: Forget anonymous e-mail. Think privacy (Q&A)
The future of secure, private e-mail doesn't lie in Silicon Valley, or Silicon Alley, or even in the Northern Hemisphere, but in New Zealand.
At least, that's what Mega.co.nz Chief Executive Vikram Kumar wants to turn into a reality.
After Kim Dotcom's Mega shook up the secure storage world, offering a mind-boggling, industry-leading 50GB of encrypted free space, the company startled the world again by announcing that it would be building an encrypted e-mail service -- but only after the unexpected closure of Ladar Levinson's Lavabit.
In the wake of the unexpected secure e-mail service closures by Lavabit and Silent Circle, what does secure e-mail even mean? From his home in windy Wellington, New Zealand, Kumar spoke over Skype about what customers should and shouldn't expect from Mega.co.nz, and why he believes in the service's approach.
We can, therefore we must. Thinking is optional. (and “Thoughtful Politician” is an oxymoron.)
David A. Lieb of Associated Press reports:
Gov. Jay Nixon’s administration displayed “indifference to the privacy rights” of Missourians by gathering personal information about driver’s license applicants, according to a report Friday from a legislatively appointed panel.
Most of the procedures chided by the report have already been halted, but the panel nonetheless concluded that Nixon’s administration disregarded state law by implementing them in the first place.
Read more on News-Leader.com. I’m still trying to locate a copy of the report online. If anyone has a link, please let me know.
So is the evil or is they ain't?
Cory Scott of LinkedIn responds to some of the privacy concerns over their new product, Intro:
This blog post is intended to provide more information and address inaccurate assertions that have been made as a result of a product we launched on Wednesday called LinkedIn Intro. Many things have been said about the product implementation that are not correct or are purely speculative, so this post is intended to clear up these inaccuracies and misperceptions.
When the LinkedIn Security team was presented with the core design of Intro, we made sure we built the most secure implementation we believed possible. We explored numerous threat models and constantly challenged each other to consider possible threat scenarios. Here are some of the actions we took in advance of the launch
Read what steps they took on LinkedIn.
For my students, who (like Paul) should be thinking about this.
… It's a hard problem, but it's one Allen is eager to solve. After years of pondering these ideas abstractly, he's throwing his fortune into a new venture targeted entirely at solving the problems of machine intelligence, dubbed the Allen Institute for Artificial Intelligence or AI2 for short. It’s ambitious, like Allen's earlier projects on space flight and brain-mapping, but the initial goal is deceptively simple. Led by University of Washington professor Oren Etzioni, AI2 wants to build a computer than can pass a high school biology course. The team feeds in a textbook and gives the computer a test. So far, it's failing those tests… but it's getting a little better each time.
Do you suppose Dilbert is commenting on government IT projects? (Me too)
Every week, intentional or not, humor.
… USA Today covers the launch of Chartbeat, a new non-profit news organization focused on education policy and politics. Chartbeat is the result, in part, of the merger of New York-based GothamSchools and Denver-based EdNews Colorado, and the org is also building out local teams in Tennessee and Indiana.
… The price-tag for LAUSD’s iPad program continues to climb: $770 per tablet.
… UC Davis officer John Pike, infamous for pepperspraying non-violent student protesters in 2011, has been awarded $38,000 “for psychiatric injuries for the way he was treated afterwards.” UC Davis has also settled with the students who were sprayed. They get $30,000 apiece. [Now I can define 'ironic' Bob]
… The Apollo Group (parent of the University of Phoenix) says it will lay off 500 staff, on the heels of news that its enrollments have declined almost 20%. But don't worry. The stock market approved.
… The LMS Instructure has launched a new grant program, offering $100,000 in funding “to spur technological innovation from within the educational system.”