Saturday, November 30, 2013

Push, push, push... Let's hope everyone knows (and plays by) the rules of this game.
China scrambles jets in air zone to monitor US and Japanese planes
The zone covers territory claimed by China, Japan, Taiwan and South Korea.
China said last week that all aircraft crossing through the zone must file flight plans and identify themselves or face "defensive emergency measures".
The US, Japan and South Korea say they have since defied the ruling and flown military aircraft in the area.
The air defence identification zone (ADIZ) covers a vast area of the East China Sea, including a group of islands claimed by Japan, China and Taiwan.
South Korea claims a submerged rock, known as Ieodo, also within the zone.


Now this is interesting. Did GfK develop the “surveillance router” or is it a Google tool? If it involves a ”hands on” delivery, my Ethical Hackers probably can't spoof a few thousand survey participants. How skewed will this be if they only survey the “Privacy ignorant?”
Joe Cadillic sent me a link to an article on Testosterone Pit that begins:
The first thing I noticed after I’d removed the glossy brochure and a letter from the 8.5 x 11 envelope was the crisp $5 bill attached to the letter. I’m a sucker for free money. [Ditto Bob] After peeling it off and securing it in my pocket, I started reading. It was addressed to “Dear current resident of …,” followed by my address. The five bucks was “our way of thanking you for considering participation,” the letter said. Participation in what?
“An exciting and very important new research study conducted for Google by GfK,” it said. It sounded harmless. The proposition? My involvement in “Screenwise” would help Google understand how I “use different types of media” and improve its “products and services.” In return, I’d get some money. How much wasn’t exactly clear up front due to the different steps and conditions. So, sucker for free money, I read on.
I would also get a “free top-of-the-line wireless Cisco router,” it said. Ha, I already have one of those, but this router would be special. It would collect all data flowing through it and send it to Google and GfK. A spy router!
Read more about it on Testosterone Pit while I go mutter to myself. I doubt any of my readers would sign up for the offer they describe, but it’s hard to believe it’s even for real….
[From the article:
Google would in effect sit inside the router and know everything – where you bank, the brokers you use, how often you visit their sites, what trading software you use, your internet phone calls, Skype conversations, instant messages, email, what health issues you might be dealing with, the porn sites you or your kids visit, where you’d like go to dinner. Everything.

(Related) Prescription surveillance tools? Install the “Safe Living” app or we'll raise your health insurance rates?
Kate Andries reports:
Your phone knows everything about you — how much you walk, talk and what level of Candy Crush you’re stuck on — but soon it could be spilling secrets to your doctor.
More and more physicians are prescribing apps that help track their patients’ illnesses through information collected by their smartphones.
“[The trend] just seems to be exploding,” said Seth S. Martin, a Pollin cardiovascular prevention fellow at Johns Hopkins Hospit al in Baltimore. “With the widespread use now of smartphones, it’s a really exciting opportunity to help people live healthier lives.” [“...until research tells us we've been suggesting the wrong things.” Bob]
Read more on WTOP. The news story discusses accuracy and validity of apps, but I see no discussion of data security and whether such data might be intercepted or shared elsewhere – and with what consequences.


Contrast this with the UN and EU insistence on Privacy (both published this week)
Mass Surveillance of Personal Data by EU Member States and Its Compatibility with EU Law
by Sabrina I. Pacifici on November 29, 2013
Bigo, Didier and Carrera, Sergio and Hernanz, Nicholas and Jeandesboz, Julien and Parkin, Joanna and Ragazzi, Francesco Rossi and Scherrer, Amandine, Mass Surveillance of Personal Data by EU Member States and Its Compatibility with EU Law (November 6, 2013). Liberty and Security in Europe Papers No. 61. Available at SSRN.
“In the wake of the disclosures surrounding PRISM and other US surveillance programmes, this paper assesses the large-scale surveillance practices by a selection of EU member states: the UK, Sweden, France, Germany and the Netherlands. Given the large-scale nature of these practices, which represent a reconfiguration of traditional intelligence gathering, [Why would they think that? Bob] the paper contends that an analysis of European surveillance programmes cannot be reduced to a question of the balance between data protection versus national security, but has to be framed in terms of collective freedoms and democracy. It finds that four of the five EU member states selected for in-depth examination are engaging in some form of large-scale interception and surveillance of communication data, and identifies parallels and discrepancies between these programmes and the NSA-run operations. The paper argues that these programmes do not stand outside the realm of EU intervention but can be analysed from an EU law perspective via i) an understanding of national security in a democratic rule of law framework where fundamental human rights and judicial oversight constitute key norms; ii) the risks posed to the internal security of the Union as a whole as well as the privacy of EU citizens as data owners and iii) the potential spillover into the activities and responsibilities of EU agencies. The paper then presents a set of policy recommendations to the European Parliament.”


They use drones to smuggle drugs into the US, why not keep their friends supplied while they serve their terms? Perhaps they should put more emphasis on “Remote” piloting?
Drones used to try to smuggle contraband into jail
… Prison guards at the Calhoun state jail spotted a drone hovering over the prison yard and alerted police who began a search of the local area.
Inside a nearby car they found a six-rotor remote-controlled helicopter, between 1lb and 2lb of tobacco and several mobile phones.
Four people were arrested and could face up to 20 years in prison if found guilty of attempting to smuggle contraband into the prison.


The problem is keeping a lid on software that works and that people like. Ties into employees installing software on their employer's machines or their BYOD devices.
US agrees to pay $50m after 'piracy' of software
Apptricity, based in Texas, has provided logistics programs to the army since 2004.
The company said it had discovered last year the software had been installed on many more machines than had been licensed.
… According to court documents filed in 2012, the deal with the military meant up to 500 named users could access the software.
Apptricity later estimated that 9,000 users were accessing the program, in addition to the 500 that had been paid for.
The unauthorised copying only came to light after a US Army official mentioned "thousands" of devices running the software during a presentation on technology.


Oh, boo hoo! When you are found guilty of monopolistic practices, expect your watcher to charge monopolistic rates. That's the point, isn't it?
Our ebook antitrust watchdog is too expensive, moans Apple
Apple has filed a court motion complaining that Michael Bromwich, the court-appointed antitrust regulator appointed to oversee the fruity firm in the wake of its ebook price-fixing shenanigans, is too charging too much for his services.
"Mr Bromwich appears to be simply taking advantage of the fact that there is no competition here or, in his view, any ability on the part of Apple, the subject of his authority, to push back on his demands," said Cupertino's lawyers in a filing to the New York federal court, Bloomberg reports.
On the face of it Apple may have a point. In his first two weeks in the job, Bromwich has invoiced Apple for $138,432 for his services, including a 15 per cent surcharge because he's assigned the role to his consultancy business, rather than as part of his day job at law firm Goodwin Procter.
… Bromwich is charging an hourly rate of $1,100, which the Apple filing says is more than it has ever been billed by a lawyer before. [But he's charging as a consultant. Bob]
… Based on Bromwich's first two weeks of invoicing, that five year appointment could cost Apple over $16m in fees, although it may be that the lawyer has been front-loading the early invoices to pay for costs of setting up a regulator position. Apple's 2013 net income was $37 billion.


My statistics students will recognize this – they had better recognize this!
How to Start Thinking Like a Data Scientist
… First, start with something that interests, even bothers, you at work, like consistently late-starting meetings. Whatever it is, form it up as a question and write it down: “Meetings always seem to start late. Is that really true?” [Your hypothesis Bob]
Next, think through the data that can help answer your question, and develop a plan for creating them. Write down all the relevant definitions and your protocol for collecting the data. For this particular example, you have to define when the meeting actually begins. Is it the time someone says, “Ok, let’s begin.”? Or the time the real business of the meeting starts? Does kibitzing count?
Now collect the data. It is critical that you trust the data. And, as you go, you’re almost certain to find gaps in data collection. You may find that even though a meeting has started, it starts anew when a more senior person joins in. Modify your definition and protocol as you go along.
Sooner than you think, you’ll be ready to start drawing some pictures. [...or even apply some simple math! Bob]



Friday, November 29, 2013

Are we ready for Constitution 2.0? (Someone had to say it.)
Randy Barnett writes:
The Federalist Society’s journal Engage has an interesting Symposium on the National Security Agency’s Bulk Data Seizures and FISA Surveillance Programs. The symposium includes my very brief essay with Cato’s Jim Harper, Why NSA’s Bulk Data Seizures Are Illegal and Unconstitutional. In it we contend that:
Rather than airy and untethered speculations about “reasonable expectations,” the courts should return to the traditional—and more readily administrable—property and contract rights focus of Fourth Amendment protection reflected in the majority opinion in Katz. Courts should examine how parallels to the walls of the home and the phone booth in Katz conceal digital information are employed by the people to preserve their privacy.
Read more on The Volokh Conspiracy.


...and if you don't have a phone, expect a complementary DHS cavity search at every airport, train station, bus station or Federal building.
Your Next Phone Will Be The Ultimate Surveillance Machine
… A new phone bought today can sense if you are walking or running, if you drove to your destination in a car or hopped on a bike. Far better than most pedometers, it can tell you how many steps you’ve taken and in which direction you went. It knows how long you stayed out at the bar last weekend and how you got home. And it’s getting more accurate by the day.


You could sing into each service individually, providing a basic set of identifying information. Then I could buy each set and combine your data. OR you can sign in to Google once, and use your Google sign in everywhere you go. Then Google does the combining. What difference does that make in the end?
Thomas Escritt reports:
Google’s practice of combining personal data from its many different online services violates Dutch data protection law, the country’s privacy watchdog said on Thursday after a seven-month investigation.
The Dutch Data Protection Authority, or DPA, asked Google to attend a meeting to discuss its concerns, after which it would decide whether to take any action against the cloud services, Internet search and advertising giant, which could include fines.
Read more on Reuters.
[From the article:
In March 2012, Google unilaterally imposed new terms of service on users of all its cloud services, which include the YouTube video streaming site, the GMail email service, and the ubiquitous Google search engine.
… The report said it was "almost impossible" for a Dutch Internet user not to interact with Google "be it via Search, YouTube or Maps, or passively through third-party websites".


Apparently the government health database contains more than a few dozen applications for health insurance... I didn't know it was illegal to be depressed in the US. Fortunately for me, I am always happy.
Valerie Hauch reports:
Ellen Richardson went to Pearson airport on Monday full of joy about flying to New York City and from there going on a 10-day Caribbean cruise for which she’d paid about $6,000.
But a U.S. Customs and Border Protection agent with the Department of Homeland Security killed that dream when he denied her entry.
“I was turned away, I was told, because I had a hospitalization in the summer of 2012 for clinical depression,’’ said Richardson, who is a paraplegic and set up her cruise in collaboration with a March of Dimes group of about 12 others.
Read more on The Toronto Star.
How did the U.S. get her mental health history? Apart from the fact that any policy denying entry to people with past history of suicidality may be overly broad, discriminatory, and just plain foolish, HOW DID THEY GET HER DETAILS?


Is everything protected, even if public? No exceptions or exclusions? That's the tough part, “Everybody gots Right!” is easy.
UN General Assembly Third Committee Approves Text Titled ‘Right to Privacy in the Digital Age’
by Sabrina I. Pacifici on November 28, 2013
“Through this resolution, the General Assembly establishes, for the first time, that human rights should prevail irrespective of the medium and therefore need to be protected both offline and online,” Brazil’s representative said, echoing the statement delivered by his President during the opening of the sixty-eighth session. The draft, approved without a vote, would have the General Assembly call upon Member States to review their procedures, practices and legislation on the surveillance of communications, their interception and collection of personal data, including mass surveillance, with a view to upholding the right to privacy by ensuring the full and effective implementation of all relevant obligations under international human rights law. Following the approval, some delegates stressed the need for agreed international human rights mechanisms in relation to ensuring privacy and freedom of expression. Some expressed regret over the lack of a specific reference to such mechanisms in the draft, while others applauded the consensus as a clear international reaction to the national and extraterritorial electronic surveillance activities conducted by the United States.”
[From the text:
a recorded vote of 148 in favour to 4 against ( Canada, Israel, United Kingdom, United States), with 27 abstentions

(Related)
Report on the findings by EU Co-chairs of ad hoc EU-US Working Group on Data Protection
by Sabrina I. Pacifici on November 28, 2013
“Under US law, a number of legal bases allow large-scale collection and processing, for foreign intelligence purposes, including counter-terrorism, of personal data that has been transferred to the US or is processed by US companies. The US has confirmed the existence and the main elements of certain aspects of these programmes, under which data collection and processing is done with a basis in US law that lays down specific conditions and safeguards. Other elements remain unclear, including the number of EU citizens affected by these surveillance programmes and the geographical scope of surveillance programmes under Section 702… Various layers of oversight by the three branches of Government apply to activities on the base of Section 215 and Section 702. There is judicial oversight for activities that imply a capacity to compel information, including FISC orders for the collection under Section 215 and annual certifications that provide the basis for collection under Section 702. There is no judicial approval of individual selectors to query the data collected under Section 215 or tasked for collection under Section 702. The FISC operates ex parte and in camera. Its orders and opinions are classified, unless they are declassified. There is no judicial oversight of the collection of foreign intelligence outside the US under Executive Order 12333, which are conducted under the sole competence of the Executive Branch.”


ebooks cost too much and are hard to resell or even donate. It is also difficult to display leather bound ebooks on your shelves.
Young adult readers ‘prefer printed to ebooks
by Sabrina I. Pacifici on November 28, 2013
Liz Bury – The Guardian: “Survey finds that 62% of 16 to 24-year-olds prefer traditional books over their digital equivalents - Sixteen to 24-year-olds are known as the super-connected generation, obsessed with snapping selfies or downloading the latest mobile apps, so it comes as a surprise to learn that 62% prefer print books to ebooks. Asked about preferences for physical products versus digital content, printed books jump out as the media most desired in material form, ahead of movies (48%), newspapers and magazines (47%), CDs (32%), and video games (31%). “It is surprising because we think of 16-24s as being attached to their smartphones and digital devices, so it does shout out,” said Luke Mitchell of agency Voxburner, which researched questions about buying and using content with 1,420 young adults. The two big reasons for preferring print are value for money and an emotional connection to physical books. On questions of ebook pricing, 28% think that ebooks should be half their current price, while just 8% say that ebook pricing is right.”


My students might like this...
Annotate & Link PDFs Side-By-Side with Easy Annotate for iPad
I have already reviewed a couple of useful PDF applications, including Apple’s Preview and iOS apps iAnnotate and iBooks, but there’s always room for other PDF apps that offer a different approach to annotating and managing PDFs. The newest app in this genre is Easy Annotate ($5.99; $2.99 during launch offer).


For my students who write games (strangely, not all are in techie majors)
4 Free Websites Where You Can Learn The Basics Of Game Development
… In the world of programming, they say that once you learn one coding language, you pretty much know them all. It’s a little more nuanced than that, but the sentiment is more accurate than you think. The difficulties of programming – especially with regard to games – are not the actual coding, but learning the paradigm of how a game works and how to use those languages to organize and translate your thoughts into reality.
Therefore, when looking for a good game development tutorial series, you want one that will teach you the practices and mentality of good coding because you can then transpose those practices in any language or platform, whether it’s C++, C#, Python, Java, or whatever other language you intend to use. Here are some of the most useful tutorials I’ve found on my self-taught journey.


A way for my criminal justice & homeland security students to locate employers?
– ever since September 11th, various law enforcement agencies and counter-terrorism forces have sprung up, in order to combat the various threats against the United States. The Washington Post has compiled a map where you can enter a zip code and be shown which agencies – local, state, and federal – is in that area.


Something for teachers?
– is an app that facilitates screen sharing between yourself and others. Just type in the URL of a website that you want to show them, and send them the unique link provided. Then they will see what you see, and you can show them the various areas of your site. Or you can use it to help someone navigate a site, or plan a vacation.


It's that time again. While I'm not in the running, this is a great resource for finding innovative users of blogging, wikis and Twitter.
The Edublog Awards

Thursday, November 28, 2013

It looks like China has decided to let everyone know that their military build-up is complete. Now if all this chest thumping can be contained, we won't have a war. But then these are the folks who advise North Korea, so expect a few “regrettable incidents.” (Whatever it takes to make the evening news)
South Korea, Japan join U.S. in defying Chinese air defense zone
South Korean and Japanese flights through China's new maritime air defense zone added to the international defiance Thursday of rules Beijing says it has imposed in East China Sea but that neighbors and the U.S. have vowed to ignore.

(Related) Nice photo of what we call “a target.”
China's carrier group had 'innocent passage' through Taiwan Strait


Not large, but a bit slow on the notifications (and a bit vague elsewhere) Again, outsiders had to tell the college they had been breached.
Tim Gallen and Mike Sunnucks report:
The Maricopa County Community College District is notifying nearly 2.5 million students, former students, vendors and employees because their personal information may have been exposed in a security breach.
The Tempe-based college district announced today that it is contacting 2.49 million students, employees and suppliers that their information may have been exposed without authorization.
Sensitive information such as names, birth dates, Social Security numbers and bank account information was exposed, according to the district. MCCCD operates 10 community colleges and also has dual enrollment programs with local high schools.
However, MCCCD officials are not aware of any evidence of any misuses of personal information. [Can we agree failing to secure the data is misuse? Bob] Spokesman Tom Gariepy said students or others who worry about identity theft or other fraud can contact a credit services company the district has hired.
“While we are not aware of misuse of anyone’s personal information, we are providing resources to assist all of the people whose information was in these systems, including credit monitoring and other identity safeguards, managed by a nationally known identity protection firm,” said MCCCD Chancellor Rufus Glasper in a statement. “We are examining every aspect of our IT operations, and the changes underway are making us stronger system-wide.”
District officials learned of IT security issues in April this year and began investigating.
Read more on Phoenix Business Journal. In related coverage, KPHO reports that the college district learned of the breach from federal law enforcement on April 29. They also report that As names, dates of birth, Social Security numbers and bank account information – but not credit card information or health records – was exposed. Neither news source is clear about the nature of the breach.


The latest version of “inadequate and confusing?” The only rules I know of that you can fully comply with and apparently still be violation of...
Earlier this month, the Payment Card Industry Security Standards Council (PCI SSC) released Version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS), which includes several enhanced security requirements that will affect how businesses protect payment card data in their systems. The updated standard calls upon businesses to take a more active role in security compliance. It also addresses several common vulnerabilities in the cardholder data environment, including weak passwords, fallible authentication methods, unpatched malware protection, and inadequate threat monitoring practices. The end result is a standard that gives businesses a clearer, yet more stringent, set of baseline requirements for protecting cardholder data. Compliance with Version 3.0 is required as of January 1, 2015, although some of the new requirements will not go into effect until July 1, 2015. Until then, they are recommended as best practices.
Read more on Hogan Lovells Chronicle of Data Protection.


When you need to understand a technology, MakeUseOf may have a Guide!
FREE EBOOK: The unofficial, beginner’s guide to tumblr


For my students, since some of them apparently can't study anywhere in Colorado... Actually list some good resources and tools.
Where To Study: Navigating The Free Online Education World

Wednesday, November 27, 2013

So will “security breach insurance” get more expensive or is it normal for insurance companies to challenge any “first of its type” claim? (Because the language looks clear to non-lawyer me.)
Understanding what your insurance will cover when it comes to a data breach and what it won’t can save you a lot of grief down the road. Roberta D. Anderson of K&L Gates analyzes a recent case where the court concluded that a breached entity was covered under the terms of their policy’s language, but as we’ve seen elsewhere, that’s not always the case:
The U.S. District Court for the Central District of California recently upheld coverage under a commercial general liability policy for a hospital data breach that compromised the confidential medical records of nearly 20,000 patients.
In that case, Hartford Casualty Insurance Company v. Corcino & Associates et al.,[1] the plaintiffs in two underlying class actions sought, among other relief, statutory damages of $1,000 per person under the California Confidentiality of Medical Information Act (“CMIA”)[2] and statutory damages of up to $10,000 per person under the California Lanterman Petris Short (“LPS”) Act.[3]
The hospital sought coverage under a CGL policy, which stated that the insurer, Hartford, would pay “those sums that the insured becomes legally obligated to pay as damages because of … ‘personal and advertising injury’”[4] and defined “personal and advertising injury” to include “[o]ral, written or electronic publication of material that violates a person’s right of privacy.”[5]
Hartford initiated litigation seeking a declaration that the statutory relief sought by the claimants was barred under an exclusion for “Personal And Advertising Injury … [a]rising out of the violation of a person’s right to privacy created by any state or federal act.”[6] The hospital moved to dismiss Hartford’s complaint, arguing that the exclusion did not apply “because the plaintiffs in the underlying cases seek statutory remedies for breaches of privacy rights that were not themselves ‘created by any state or federal act,’ but which exist under common law and the California state Constitution.”[7]
Applying established rules of insurance policy construction, the court concluded that the hospital’s interpretation of the policy was reasonable and, therefore, “any relief awarded under the LPS and CMIA would be covered, rather than excluded, under Hartford’s Policy.”[8]
Read more on K&L Gates or download the full article here (pdf). The article previously appeared on Law360.com.


It must be because I'm not a lawyer, but this seems crazy to me.
Young men, get a 'yes' text before sex
… Never have sex with a girl unless she's sent you a text that proves the sexual relationship is consensual beforehand. And it's a good idea to even follow up any sexual encounter with a tasteful text message saying how you both enjoyed being with one another -- even if you never plan on hooking up again.
Crazy, I know, but I've actually been encouraging my son and his friends to use sexting -- minus the lewd photos -- to protect themselves from being wrongly accused of rape. Because just as damning text messages and Facebook posts helped convict the high-schoolers in Steubenville of rape, technology can also be used to prove innocence.


“We have a system that works.” “It's “Good Enough” for most users.” In many places, there is effectively no competition. (What happens when cities offer free wifi?)
US download speeds sluggish compared with other countries
Considering the Internet was invented in the US, it's a bit strange that the country doesn't do better in speed rankings. Alas, it comes in at a sad 31st in global download speed tests.
According to data from Ookla, which runs Speedtest.net, the US places below dozens of countries, including Latvia, Moldova, Andorra, Estonia, and Uruguay. Asian and European countries appear to be leading the pack with Hong Kong, Singapore, Romania, South Korea, and Sweden snapping up the top five spots, respectively.


Handy stuff for students...
Free Digital Photos and a Guide to Citing Them
FreeDigitalPhotos.net is a new-to-me place to find digital images to re-use for free. FreeDigitalPhotos.net allows you download and re-use low-resolution images without restriction. To download and re-use high-resolution images you need to publish a credit to the creator of the image. That's not a hard requirement to meet. To help you meet the requirement of crediting the photographer, FreeDigitalPhots.net offers a simple chart that outlines how to credit the creator of an image. The left side of the chart lists the ways the images can be used and how to credit the photographer for each use case.
Applications for Education
It is easy to simply right-click on images on the web and save them your computer. Just because it can be done, doesn't mean it should be done or that it is even safe (are you sure that you're only downloading an image and not something else along with it?) and legal to do so. Unfortunately, I frequently meet teachers who allow their students to engage in this practice. Fortunately, there is an easy way to stop that practice. The solution is to use images found on sites like FreeDigitalPhotos.net.
For more free images that your students can use, see this list of sources of Public Domain images.


Perspective
Tablets to carve out nearly half of PC market next year


From several perspectives...
A snapshot of one minute on the internet, today and in 2012


Geeky stocking stuffer?
Smartphone-controlled paper airplane kit conquers the skies
I suck at paper airplanes. Though I love origami in general, I have never managed to build a truly flight-worthy paper plane. With the PowerUp 3.0 smartphone-controlled paper airplane kit, though, I could get my revenge on aerodynamics.
No longer will paper airplanes have to rely on clever folding techniques and outdated technology like paper-clip weights to make them fly. PowerUp 3.0 includes a device called a Smart Module that clips onto your paper airplane creation. This contains a small propeller and rudder to power your plane through its flight.


A holiday caution.
Cyberscammers take aim at Black Friday, Cyber Monday
'Tis the season for cyberscams — and it's stacking up to be one of unprecedented plunder for cybergrinches.
Crooks go where the money is, and cybercriminals are concentrating their cleverness this year on mobile devices and social media.
With Black Friday and Cyber Monday just around the corner, cybercriminals have begun to flood e-mail, social media postings and search results with tainted web links, offers for worthless products and pitches for all variety of scams.
… The crooks count on one in 10 recipients of holiday-themed phishing lures to click on a poisoned link, or fill out a bogus form.

Tuesday, November 26, 2013

This should not be amusing, but I'll wager it is.
From the good folks at EPIC:
EPIC has filed a Freedom of Information Act lawsuit against the Department of Justice’s Office of Legal Counsel for the secret legal analyses that justifies the use of the NSA PRISM program. PRISM is a program that allows the FBI and NSA to collect information – including the contents of internet users’ communications – directly from internet service providers, and without a warrant. Through this lawsuit, EPIC seeks to clarify which, if any, legal authority would permit such extensive domestic surveillance of personal activities. The secrecy of these opinions is of increasing concern to Open Government advocates. EPIC, joined by a coalition of FOIA organizations, recently filed an amicus brief in support of a New York Times lawsuit for opinions of the Office of Legal Counsel. For more information, see EPIC v. DOJ – PRISM.


Shared custody? Shared ownership?
John Moore and Rob Tholemeier write:
A common and somewhat unique aspect to EHR vendor contracts is that the EHR vendor lays claim to the data entered into their system. Rob and I have worked in many industries as analysts. Nowhere, in our collective experience, have we seen such a thing. Manufacturers, retailers, financial institutions, etc. would never think of relinquishing their data to their enterprise software vendor of choice.
It confounds us as to why healthcare organizations let their vendors of choice get away with this and frankly, in this day of increasing concerns about patient privacy, why is this practice allowed in the first place?
Read more on HealthcareITNews. Of course, they take the position that the data belongs to the healthcare organization (and maybe not the patient?), which may raise some ire in some of this site’s readers, but at the very least, entities should not be allowing EHR vendors to assume ownership of data. Responsibility to protect data, yes. Ownership as in with all the rights that go with ownership, no.

(Related) Is this a first? I kind of doubt it...
WASHINGTON, Nov. 20 – The U.S. Department of Veterans Affairs’ Veterans Health Administration issued the following directive:
1. REASON FOR ISSUE: This Veterans Health Administration (VHA) Directive establishes policy for approving and providing authorized users access to VHA personally identifiable information (PII) in Information Technology (IT) systems of the Department of Veterans Affairs (VA).
2. SUMMARY OF CHANGES: This is a new Directive.
Read more via Targeted News Service here.


“We don't need no stinking Internet!” It also makes a nifty stalking tool!
The Internet of Things, Unplugged and Untethered
A startup called Iotera wants to let you track your pets, your kids, or your belongings without relying on commercial wireless networks.
… The system uses GPS-embedded tags that can last for months on a single charge, occasionally sending their coordinates over unlicensed wireless spectrum to small base stations with a range of several miles.
Iotera expects businesses to use its technology to track everything from tools on construction sites to workers in dangerous places like oil rigs. Or people might use it to keep an eye on their pets. Iotera’s founders say two companies (which it won’t name) are trying it out. One is using it to help parents monitor their children’s whereabouts, and the other is tracking company-owned devices.


Interesting. Does MakeUseOf.com know the story of Kim Dotcom (listed as 'principal strategist')? Still, “50GB free” is an incentive.
– is a site for uploading, downloading, and storing files. Your data is encrypted and decrypted during transfer of the files, to ensure your privacy. Your data is accessible anytime from whatever device you are using. Only you control the keys to your files. Share folders with your contacts and see their updates in real time. Online collaboration is private and secure.


Seriously, did anyone expect a rational strategy?
Newtown report: Shooter Adam Lanza had no clear motive, was obsessed with Columbine
Newtown shooter Adam Lanza had no clear motive, but was obsessed with Columbine and planned the rampage that took the lives of 20 children and six school staffers at Sandy Hook Elementary, "including the taking of his own life," according to a long-awaited report on last December's shooting released Monday.
"Many people have asked why the shooter did what he did on December 14, 2012," said the 48-page report, which was published on the state's Division of Criminal Justice website.


Is it easier to allow the “nattering nabobs of negativism” to make rules they can't enforce – or even know when they have been violated. We'll be over here doing what we think is important.
Colum Lynch reports:
The United States, Great Britain, and its chief intelligence allies, known as the Five Eyes, agreed late Friday to support a Brazilian and German sponsored General Assembly resolution promoting an international right to privacy, but only after thwarting efforts to impose new legal constraints on foreign espionage that could potentially restrain the U.S. National Security Agency, according to diplomats involved in the negotiations.
Read more on ForeignPolicy.com (free reg. required)


For my Statistics students, who may agree that Big Data is the future, but still hate math...
I have no idea about the privacy and security controls in place, but this is fascinating stuff and demonstrates some of the good that can come out of Big Data.
[From the article:
“This study broadly shows that we can take decades of off-the-shelf electronic medical record data, link them to DNA, and quickly validate known associations across hundreds of previous studies,” lead author Josh Denny, M.D., Vanderbilt associate professor of biomedical informatics and medicine, said in a statement. “And, at the same time, we can discover many new associations.”

(Related) Those old “rules of thumb” are crumbling...
How is Big Data Transforming Your 80/20 Analytics?
Even today, most organizations technically struggle to answer even the simplest 80/20 analytics questions: Which 20% of customers generate 80% of the profits? Which 20% of suppliers are responsible for 80% of customer UX complaints? What 20% of customers facilitate 80% of the most helpful referrals? Indeed, even organizations where top management keeps their eyes glued to KPI-driven dashboards have trouble agreeing on what their Top Ten Most Important Customer/Client 80/20 analytics should be.
That’s not good because Big Data promises to redefine the fundamentals of the 80/20 rule.


Question: Is the speed of adoption related to productivity improvements? Again I point to: http://elsa.berkeley.edu/~bhhall/e124/David90_dynamo.pdf
The Pace of Technology Adoption is Speeding Up
Many people suggest that rates of new product introduction and adoption are speeding up, but is it really, across the board? The answer seems to be yes. An automobile industry trade consultant, for instance, observes that “Today, a typical automotive design cycle is approximately 24 to 36 months, which is much faster than the 60-month life cycle from five years ago.” The chart below, created by Nicholas Felton of the New York Times, shows how long it took various categories of product, from electricity to the Internet, to achieve different penetration levels in US households. It took decades for the telephone to reach 50% of households, beginning before 1900. It took five years or less for cellphones to accomplish the same penetration in 1990. As you can see from the chart, innovations introduced more recently are being adopted more quickly. By analogy, firms with competitive advantages in those areas will need to move faster to capture those opportunities that present themselves.


Something for my website students. (Well, I thought it was fun.)
Welcome To Revolver Maps 2.0
Revolver Maps are real time visitor globes rendered by the Revolver Engine.

Monday, November 25, 2013

Does this protect my encrypted files as well?
Password Protection Laws Could Protect Much More than Passwords
by Sabrina I. Pacifici on November 24, 2013
O’Donohue, Sarah, ‘Like’ it or Not, Password Protection Laws Could Protect Much More than Passwords (August 1, 2013). 20 J.L. Bus. & Eth. (February 2014, Forthcoming). Available at SSRN
“Employers and schools in several states are now prohibited from requesting access to the social networking accounts of their employees, students, and applicants as a result of the “password protection” laws that are sweeping the nation. These laws take an expansive view of the definition of privacy by implying that viewing content on a user’s restricted-access social networking profile without his consent constitutes an invasion of privacy. Courts have consistently held that the information users post on social networking websites is, in fact, not private. Further highlighting the contrast between legislative and judicial interpretations of privacy in the context of these new technologies, the express language in one of the password protection laws declares that all Internet users have a reasonable expectation of privacy in their social networking website communications and affairs. This Article argues that password protection laws should be interpreted narrowly as only prohibiting the invasive methods used by employers and schools to gather information from social networking profiles — not as establishing in all cases that communications to which access has been restricted are private. The reasonableness of a user’s expectation of privacy in the content of his social networking profile must be determined by courts on a case-by-case basis, informed by such factors as how many people he invites to view it, the relationship between the user and his chosen audience, the exact calibration of his privacy settings, and the degree to which his digital information is guarded by the website under its privacy and data use policies.”


How about that...
Evelyn B. Stacey reports:
After months of parent protests, Colorado’s Department of Education ended its contract with controversial technology organization inBloom in November, shortly after Jefferson County, Colorado’s school board cut ties with it for the same reason by a 7-1 vote.
This makes New York the sole remaining state to continue its relationship with inBloom, of an initial nine.
Read more on Heartland.org.


Remember the movie “The Day of the Jackal?” The police collected the cards and processed them manually back in 1973.
Simon Davies writes:
The next time you check into a hotel in any European country – or indeed in many countries outside the EU – chances are you’ll be required to fill out a guest registration form. At the very least this form will demand information such as passport number, nationality, home address, telephone number, gender and date of birth.
Most travellers are blissfully unaware that this information is an internationally available police and security resource required by law. Guests are rarely informed of the fact, despite the ubiquity of data protection laws in those countries.
Read more on Privacy Surgeon.


Never let another bureaucracy do what you could do with more people and a larger headcount.
Spencer Ackerman reports:
The deputy director of the National Security Agency on Friday sounded skeptical about permitting the FBI, DEA or other law enforcement agencies to directly search through the NSA‘s vast data troves, as a new bill would appear to permit.
A bill recently approved by the Senate intelligence committee on a 13-4 vote blesses the ability of law enforcement agencies to directly conduct “queries of data” from NSA databases of foreign-derived communications content “for law enforcement purposes”.
Read more on The Guardian.


We live in a changing world. Customers are trading expensive Cable/Internet contracts for Free WiFi – imagine that.
Commentary – TV Is Dying, And Here Are The Stats That Prove It
by Sabrina I. Pacifici on November 24, 2013
Business Insider – Jim Edwards: “The TV business is having its worst year ever. Audience ratings have collapsed: Aside from a brief respite during the Olympics, there has been only negative ratings growth on broadcast and cable TV since September 2011, according to Citi Research. Media stock analysts Craig Moffett and Michael Nathanson recently noted, “The pay-TV industry has reported its worst 12-month stretch ever.” All the major TV providers lost a collective 113,000 subscribers in Q3 2013. That doesn’t sound like a huge deal — but it includes internet subscribers, too. Broadband internet was supposed to benefit from the end of cable TV, but it hasn’t… This is the macro problem: Ratings are falling across the board. They have been for years. It’s not too surprising that broadcast TV ratings are down. The major networks have faced increasing competition for years from niche-interest cable channels and the better-quality programming on places like AMC and HBO. But ratings for both cable and the broadcast networks are down.”


Yeah, I still don't get it. (Interesting poster though...)
Innovative Grammar Mind Map Is Perfect For Teaching English


If you have a few sites you search regularly.
– make a list of your favorite websites on any topic and Nuggety will generate a search list. A search list is a powerful way to search many websites from one page. With Nuggety it is simple to create a search vertical for something specific, like motorcycle parts. If you know of several websites for searching and buying motorcycle parts, you can build a search list that others can use as well.


For my presentations (and those of my students)
– is a completely new kind of presentation software. Whether it’s a breakthrough business idea, a photo slideshow for your blog, or a mini manifesto, we know you have amazing stories to tell and ideas to share. Haiku Deck helps you find your creative flow. Be inspired by the week’s best decks from a wide range of topics, hand-picked by our team, in our Featured and Popular Galleries.


For my Statistics students
Country statistical profiles: Key tables from OECD for the United States
by Sabrina I. Pacifici on November 24, 2013
Country statistical profile: United States – November 15, 2013, updated annually. DOI: 10.1787/20752288-table-usa
“This table includes data for United States on economy, education, energy, environment, foreign aid, health, information and communication, labour, migration, R&D, trade and society. The table is part of the key tables collection on country statistical profiles.”


Dilbert explains why you should know a little bit about technology.

Sunday, November 24, 2013

It's a start, but only a start. I doubt you will find all of the sites you use on the EFF's chart. Might be useful to point them to the Best Practices and ask when they will rise from the mediocre.
EFF – Encrypt the Web Report: Who’s Doing What
by Sabrina I. Pacifici on November 23, 2013
EFF: “We’ve asked the companies in our Who Has Your Back Program what they are doing to bolster encryption in light of the NSA’s unlawful surveillance of your communications. We’re pleased to see that four companies—Dropbox, Google, SpiderOak and Sonic.net—are implementing five out of five of our best practices for encryption. In addition, we appreciate that Yahoo! just announced several measures it plans to take to increase encryption, including the very critical encryption of data center links, and that Twitter has confirmed that it has encryption of data center links in progress. See the infographic.
By adopting these practices, described below, these service providers have taken a critical step towards protecting their users from warrantless seizure of their information off of fiber-optic cables. By enabling encryption across their networks, service providers can make backdoor surveillance more challenging, requiring the government to go to courts and use legal process. While Lavabit’s travails have shown how difficult that can be for service providers, at least there was the opportunity to fight back in court.
While not every company in our survey has implemented every recommendation, each step taken helps, and we appreciate those who have worked to strengthen their security. We hope that every online service provider adopts these best practices and continues to work to protect their networks and their users.”


Here in the US we don't need photoshop. Real images of our politicians are damning enough.
Photoshop experts wanted: Beijing scrambles to protect officials from doctored-image scandals
… In China, sending a government official a batch of sexually-scandalous photos for extortion has become a thriving business. Sometimes the pictures are real, but in most cases the official’s head has been superimposed on to a body that does not belong to him.
Nevertheless, many have paid up fearing that if the photos are circulated they would prompt an investigation .


I would have been surprised if the strategy was “to become a second rate power, ignoring all indications of potential adversarial actions.” I also note that they recognized that laws were lagging technology – proving that they have at least a moderate grasp of reality.
NYT – N.S.A. Report Outlined Goals for More Power
by Sabrina I. Pacifici on November 23, 2013
N.S.A. Report Outlined Goals for More Power By JAMES RISEN and LAURA POITRAS
“Officials at the National Security Agency, intent on maintaining its dominance in intelligence collection, pledged last year to push to expand its surveillance powers, according to a top-secret strategy document.
The N.S.A. document, titled “Sigint Strategy 2012-2016,” does not make clear what legal or policy changes the agency might seek. The N.S.A.’s powers are determined variously by Congress, executive orders and the nation’s secret intelligence court, and its operations are governed by layers of regulations. While asserting that the agency’s “culture of compliance” would not be compromised, N.S.A. officials argued that they needed more flexibility, according to the paper…”

(Related) Interesting. Some things never change...
Analytic Culture in the US Intelligence Community: An Ethnographic Study
by Sabrina I. Pacifici on November 23, 2013
Analytic Culture in the US Intelligence Community: An Ethnographic Study, by Dr. Rob Johnson. ISBN 1-929667-13-2. Center for the Study of Intelligence, Central Intelligence Agency, 2005


Preemptive? Unlikely. All the typical questions apply: Do they ban the templates? Can I print the odd numbered parts while my neighbor prints the even numbered parts? If I own a printed gun, can you tell where it was printed?
Philly Becomes First City to Ban 3-D Gun Printing
Today, the Philadelphia City Council voted unanimously to ban the manufacturing of guns by 3-D printers, making Philly the first city to do so. Which is interesting, because the author of the bill, Kenyatta Johnson, isn’t aware of of any local gun-printing 3-D printers.


Even I, cheap though I am, read academic papers on occasion.
5 Ways To Get Your Hands On Academic Papers Without Losing Your Mind (And Money)
… With a bit of determination, you can get your hands on any academic journals you want. Here’s how.
#icanhazpdf
icanhazpdf is a hashtag used by stressed out students looking for hard-to-get papers and journals. The premise is simple. You post a tweet naming the article you’re looking for, and someone will (hopefully) reply with a PDF of it.
It’s a fairly active community of people sharing (and flagrantly breaching copyright law). [I paid for it. I'm done with it. Take my copy. Bob] With that said, your mileage will vary, as people may not have the exact paper you’re looking for.
… Think of it as Bing for scholarly literature, but with a number of helpful features that will bring a smile to stressed out students throughout the world.
… they allow you to refine searches based upon the subject.
… makes it easy to reference articles. For each search result, it gives you the date of publications, the author, and other important information you need to do Harvard referencing.
… it tells you how many times it has been cited, making it easy to find reliable, authoritative works. All in all, MAS feels like the most mature publicly accessible academic search engine on the market right now.
… The latest update enables you to save articles from the search page in a personal “library”, organize them by topic, and search full-text within your library to find what you are looking for.
… I found that the quality of results returned weren’t as good as those produced by Scholar and Microsoft Academic Search, it makes up with with a huge database of papers to search from. It currently boasts almost 2 million documents. However, it’s important to stress that CiteSeer places an emphasis on articles and papers about computer science and information technology.
Email The Author
… You could always send a polite email to the author of the paper and ask for a copy of the paper.
When doing this, it’s important to remember that the authors have no obligation to help you. Be polite, but keep it short. They don’t have a huge amount of time to read every email that drops in their inbox. If they say no, accept it. If they don’t get back to you in a timely manner, don’t bombard them with emails.
Getting the contact details of academics is usually quite easy. You can usually find their email addresses on the web pages of the universities to which they are affiliated. As always, Google is your friend.

(Related) Seems to return only 100 items for each search...
– is a search engine for finding PDF files. According to the site, it fetches PDF files, eBooks, digital publications, presentations and electronic documents. Simply type what kind of PDF file you are searching for, or choose one of the recommended “Top Searches” on the page. There are also Chrome and Firefox extensions.


Something I can amuse myself with, by inflicting them on students!
– is “a social repository of the world’s greatest brain teasers, logic puzzles and mental challenges”. Every puzzle is color-coded according to level of difficulty, as well as being tagged for easy searching. When you read a puzzle, you can click to see the solution, and finally the answer. You can also leave comments to discuss the puzzle with others.


Something I should force my students to do...
Two Free Webinars on Video Creation
Wideo is a service that allows anyone to create animated videos and Common Craft-style videos online. On December 3rd Wideo is hosting two free webinars on how to create animated videos using the Wideo video editor. There is a beginner session and an advanced session. You can register for the beginner session here and register for the advanced session here.
You can create an animated videos on Wideo by dragging and dropping elements into place in the Wideo editor then setting the sequence of animations. Each element can be re-used as many times as you like and the timing of the animation of each image can individually adjusted. Wideo's stock elements include text, cartoons, and drawings. You can also upload your own images to use in your videos.


Cool!