Friday, May 09, 2014
A bright future for government auditors!
Will a Government Settlement Improve Snapchat’s Privacy? Don’t Count on It
Snapchat just joined the F.T.C. club.
The company that makes the popular messaging app agreed on Thursday to a settlement with the Federal Trade Commission of charges that it deceived users when it said photos on the service would “disappear forever” after recipients viewed them.
In fact, the agency determined, access could be obtained to Snapchat’s photos through a set of relatively simple workarounds. Under the terms of the deal, Snapchat agreed to be monitored by an independent privacy auditor for the next 20 years.
Oh, of course!
Marco Tabini reports:
A newly-released document on Apple’s website outlines the company’s policies when it comes to sharing the personal information of iOS users with U.S. law enforcement.
According to the whitepaper, the company can help lawmen get their hands on a significant amount of information you share through iCloud, including your e-mail, iWork documents, calendars, and so on—provided, of course, that they come looking for it with a valid warrant.
Read more on Macworld.
Develop “Best Practices” Could be a great project for my Computer Security students teamed with some law school students. Anyone want to buy the pizza? (Students run on pizza.)
Anne L. Kim writes:
The rise of health apps has expanded the opportunities for individuals’ data to be used for research purposes, policy analysis, and so on. But what are the complexities involved with making sure people are “de-identified” from their own data, so their privacy can be protected? At an FTC workshop today on consumer-generated health data, panelists spent some time talking about whether there should be a uniform standard.
There isn’t a single definition of de-identification or one “rule that governs everybody,” according to Joy Pitts, chief privacy officer at HHS’ Office of the National Coordinator for Health Information Technology. (There is a Department of Health and Human Services document that offers guidance on where de-identification fits into the Health Insurance Portability and Accountability Act, or HIPPA, but there’s no set of industry best practices.)
Read more on Roll Call.
Implementing Best Practices and Reform Initiatives Can Help Improve the Management of Investments
If there is a silver lining to the series of high-profile targeted attacks that have made headlines over the past several months, it is that more enterprises are losing faith in the “magic bullet” invulnerability of their prevention-based network security defense systems.
That is, they are recognizing that an exclusively prevention-focused architecture is dangerously obsolete for a threat landscape where Advanced Persistent Threats (APTs) using polymorphic malware can circumvent anti-virus software, firewalls (even “Next Generation”), IPS, IDS, and Secure Web Gateways -- and sometimes with jarring ease. After all, threat actors are not out to win any creativity awards. Most often, they take the path of least resistance; just ask Target.
As a result of this growing awareness, more enterprises are wisely adopting a security architecture that lets them analyze traffic logs and detect threats that have made it past their perimeter defenses – months or possibly even years ago. It is not unlike having extra medical tests spot an illness that was not captured by routine check-ups. Even if the news is bad (and frankly, it usually is), knowing is always better than not knowing for obvious reasons.
“If we don't like it, it's not a law.”
China and International Law in Cyberspace
by Sabrina I. Pacifici on May 8, 2014
U.S.-China Economic and Security Review Commission Staff Report. May 6, 2014. China and International Law in Cyberspace by Kimberly Hsu, Policy Analyst, Security and Foreign Affairs with Craig Murray, Senior Policy Analyst, Security and Foreign Affairs
“The Chinese government states it intends to work with the “international community to promote the building of a peaceful, secure, open, and cooperative cyberspace.” Similarly, U.S. government policy is to “work internationally to promote an open, interoperable, secure, and reliable” cyberspace.1 While this semantic overlap in officially stated goals suggests strong similarities between China and the United States in their viewpoints on international law and norms in cyberspace, they are more different than similar. China’s participation in a 2013 UN report affirming the applicability of international law to cyberspace is a promising development. The same UN group will gather in 2014 to address some of the more challenging and divisive concepts regarding state responsibility and use of force in cyberspace. Any fractures in the debate at this meeting will likely reflect some of the major differences between the United States and China on cyberspace policy. These differences will likely endure as Beijing is presently unwilling to compromise on issues such as Internet sovereignty and information control, which it judges as critical to the maintenance in power of the Chinese Communist Party (CCP) regime.”
A most interesting tactic.
Math Shall Set You Free—From Envy
… Perhaps the oldest fair division method on the books—one which has been used by children from time immemorial—is the “I cut, you choose” method for dividing up, say, a cake between two people. One person cuts the cake into two pieces, and the other person gets to choose which piece to take.
… Fair Buy-Sell was devised in 2007 by Ring and Steven Brams, a professor of politics at New York University, and requires each partner to simultaneously propose a buyout price. If John proposes $110,000 and Jane proposes $100,000 then John, the higher bidder, will buy out Jane for $105,000. Unlike the shotgun clause, this method is equitable: Each participant ends up with something—either money or the business—at a price that is better than his or her offer. “Both participants always get a solution that’s better than what they proposed,” Ring says. And the business always goes to the partner who values it more.
Also, not for sale?
The Navy's New Super Secure E-Readers Are Called NeRDs. Is Reading Nerdy?
… Kindles, iPads, and other tablets/e-readers are currently forbidden on Navy vessels. They take up space, and, more importantly, can be a security threat because of connectivity points like wi-fi, expandable storage, and USB ports. So the Navy's General Library Program partnered with the digital content service Findaway World to create NeRD. The devices don't have Internet access, and their content is fixed.
The idea is that the Navy can expand the reading material it offers on ships and submarines for recreation, while also throwing in some texts for professional development that would be too big to fit in the small locker that’s usually allotted for books on Navy vessels.
Something to revisit. Students too.
Opera 21 Launches For Windows and Mac With Huge Speed Improvements
That's exactly how I remember Shakespeare! (Infographic)
A “How To” that my students should avoid.
How Inkjet Printers Are Changing the Art of Counterfeit Money
The U.S. government recouped more than $88 million in counterfeit currency last year, and more than half of it was made on regular old inkjet or laser printers.
That's according to Bloomberg, which tells the story of a woman who pleaded guilty to counterfeiting up to $20,000 in fake bills over a two-year period. She took $5 bills, soaked them in degreaser, scrubbed off the ink with a toothbrush, dried them with a hairdryer, then reprinted them as $50 and $100 on a Hewlett-Packard printer, the news service said.
While the counterfeiting business used to be specialized, these days it's easy for anyone with a printer to give it a try.
Dilbert illustrates the logic (illogic?) of the reciprocal statement!
Greetings from your government