Thursday, May 08, 2014
“See? I'm a peacemaker! I'm resisting being drawn into war! So far...”
Putin Announces Pullback From Ukraine Border
President Vladimir V. Putin, faced with rising violence in southeastern Ukraine that threatened to draw in the Russian Army at great cost and prompt severe new Western economic sanctions, pressed pause on Wednesday in what had started to look like an inevitable march toward war.
But it remained unclear to analysts and political leaders on both sides of the Atlantic whether he was truly reversing course on Ukraine or if this was just another of his judo-inspired feints.
The alternative to “We don't give our data to Intelligence Agencies” has always been “Oops! Someone stole our data!” Which would customers prefer?
In February, I noted a breach involving 800,000 Orange customers that occurred in January.
Now Reuters reports:
French telecoms group Orange said around 1.3 million subscribers or potential subscribers fell victim to a theft of personal data, including telephone numbers, dates of birth and email addresses, last month.
In mid-April, hackers accessed a software platform that Orange used to send promotional emails and text messages to people who had agreed to receive them.
Read more on Reuters.
Are we starting to zero in on the cost of a HIPAA breach?
From HHS, a press release concerning a settlement arising from a breach previously covered on this blog:
Two health care organizations have agreed to settle charges that they potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by failing to secure thousands of patients’ electronic protected health information (ePHI) held on their network. The monetary payments of $4,800,000 include the largest HIPAA settlement to date.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) initiated its investigation of New York and Presbyterian Hospital (NYP) and Columbia University (CU) following their submission of a joint breach report, dated September 27, 2010, regarding the disclosure of the ePHI of 6,800 individuals, including patient status, vital signs, medications, and laboratory results.
… The investigation revealed that the breach was caused when a physician employed by CU who developed applications for both NYP and CU attempted to deactivate a personally-owned computer server on the network containing NYP patient ePHI. Because of a lack of technical safeguards, deactivation of the server resulted in ePHI being accessible on internet search engines. The entities learned of the breach after receiving a complaint by an individual who found the ePHI of the individual’s deceased partner, a former patient of NYP, on the internet.
In addition to the impermissible disclosure of ePHI on the internet, OCR’s investigation found that neither NYP nor CU made efforts prior to the breach to assure that the server was secure and that it contained appropriate software protections.
The New York and Presbyterian Hospital Resolution Agreement may be found at: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/ny-and-presbyterian-hospital-settlement-agreement.pdf
The Columbia University Resolution Agreement may be found at: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/columbia-university-settlement-agreement.pdf
An article Professor John Soma at the Sturm College of Law tipped me to. I hope he find this as scary as I do. Imagine the size of the law library if every type of device had unique law... Horrors! Perhaps the Privacy Foundation could point out the commonalities?
What Happens When There’s a Law for Every Device?
We often characterize the U.S. privacy framework as being sectoral. That is, instead of a comprehensive privacy framework at the federal level, the United States provides by statute heightened, statutory protections for certain kinds of personal information, including financial data, health information and children’s data, as they are used in certain types of activities. Even those who call for comprehensive privacy legislation would probably admit that there is some sense to the strategy of identifying sensitive types of information and providing heightened protections for them. But, as recent legislation shows, lawmakers don’t always focus on sensitive types of information. Sometimes they carve out sectors by focusing on specific technologies and services. For example, we wrote recently on the potential regulatory scenarios facing unmanned aerial systems (UAS), commonly referred to as drones. This month, we considered writing (and likely will in coming months) on legislation currently being considered for privacy in the context of “connected cars.”
That got us to wondering: What will the next laws be? Are refrigerator privacy laws on their way? What about televisions, thermostats, robots, and toilets?
How do I surveil thee,
Let me count the ways...
EPIC Sues Army for Information About DC Surveillance Blimps
by Sabrina I. Pacifici on May 7, 2014
“EPIC has filed a Freedom of Information Act lawsuit against the Department of the Army for documents about JLENS, a sophisticated surveillance system that will be deployed over Washington, DC during the next three years. JLENS is comprised of two 250′ blimps. One blimp conducts aerial and ground surveillance over a 340-mile range, while the other has targeting capability including HELLFIRE missiles. The JLENS was originally deployed in Iraq. In the FOIA request, EPIC asked the Army for technical specifications as well as any policies limiting domestic surveillance. EPIC has urged Congress to establish privacy safeguards for aerial drones. For more information, see EPIC: EPIC v. Army – Surveillance Blimps, EPIC: Drones – Unmanned Aerial Vehicles, and EPIC Spotlight on Surveillance (2005) – “Unmanned Planes Offer New Opportunities for Clandestine Government Tracking.”
Defense One – Every Country Will Have Armed Drones Within Ten Years
by Sabrina I. Pacifici on May 7, 2014
Patrick Tucker: ”Virtually every country on Earth will be able to build or acquire drones capable of firing missiles within the next ten years. Armed aerial drones will be used for targeted killings, terrorism and the government suppression of civil unrest. What’s worse, say experts, it’s too late for the United States to do anything about it. After the past decade’s explosive growth, it may seem that the U.S. is the only country with missile-carrying drones. In fact, the U.S. is losing interest in further developing armed drone technology. The military plans to spend $2.4 billion on unmanned aerial vehicles, or UAVs, in 2015. That’s down considerably from the $5.7 billion that the military requested in the 2013 budget. Other countries, conversely, have shown growing interest in making unmanned robot technology as deadly as possible. Only a handful of countries have armed flying drones today, including the U.S., United Kingdom, Israel, China and (possibly) Iran, Pakistan and Russia. Other countries want them, including South Africa and India. So far, 23 countries have developed or are developing armed drones, according to a recent report from the RAND organization. It’s only a matter of time before the lethal technology spreads, several experts say… Sam Brannen, who analyzes drones as a senior fellow at the Center for Strategic and International Studies’ International Security Program, agreed with the timeline with some caveats. Within five years, he said, every country could have access to the equivalent of an armed UAV, like General Atomics’ Predator, which fires Hellfire missiles. He suggested five to 10 years as a more appropriate date for the global spread of heavier, longer range “hunter-killer” aircraft, like the MQ-9 Reaper. “It’s fair to say that the U.S. is leading now in the state of the art on the high end [UAVs]” such as the RQ-170.”
Welcome to the “Age of Stupid.”
Teen arrested after posting reckless driving video online
Robert Kelley, 18, has been arrested after posting a video of his reckless driving on YouTube. The "driving like an idiot" video reportedly shows the Florida teen running red lights, weaving in and out of traffic and causing two separate accidents. Kelley has been charged with leaving the scene of an accident with injuries, reckless driving and driving without a license.
Something to consider as we try to lock down the Internet of Things: Sensors have distinct “fingerprints.”
Jan Willem Aldershoff writes:
A researcher from the University of Illinois has discovered that a mobile phone’s accelerometer can be used to produce an unique fingerprint, allowing the phone to be tracked even if all other privacy settings are locked down. Fingerprinting through the sensors is possible because of small variations in each manufactured sensor. In a test researchers were able to recognize devices based on the fingerprint with a 96% accuracy.
Perhaps there is hope for my “Make your own explosive and detonate it with a phone call” video?
Most phone theft victims ready to resort to vigilantism, study shows
Perspective. End of (yet another) era.
Jet magazine shifting to digital publication
Jet magazine, the digest-size publication that has been a staple among African-American readers for 63 years, is getting out of the print business.
Johnson Publishing announced Wednesday that Jet, with a circulation of more than 700,000, will transition to a digital-only format in June.
For my students. Tell me what you learned and draw me a picture?
Adobe Voice video app focuses on narration
Adobe Voice is a free app for iPad that produces short videos based on voice recordings, motion graphics and images. It's based on the idea that speaking is key in storytelling or getting a message across.
… Targeted at mobile users, the app's animated videos can be viewed on virtually any mobile device.
… Users are encouraged to tell a story by recording one line at a time.
That means hitting a virtual button on the iPad, speaking a sentence, choosing an image or icon for that sentence and then repeating the process.
For my students who read...
Get More Out of Google Play Books By Adding Your Favorite eBooks
Google Play Books isn’t just for eBooks purchased from Google; you can easily upload your own ePub or PDF eBooks that sync with Play Books and are accessible from all your Android devices and even on the Web.
First things first: you’re going to need some eBooks that don’t have Digital Rights Management (DRM) on them, although you can break the DRM if you already have some eBooks with it.
Essentially, DRM on an eBook prevents you from copying it, transferring it to a different device, or altering it in any way. We have a more in-depth article on what exactly DRM is and how it works, but for our purposes, that’s all you need to know. Unfortunately, most major publishers and retailers slap DRM on their books, but there are some DRM-free stores out there.
Google Play Books only supports ePubs and PDFs right now, so make sure to download the correct file type. ePubs are much easier to read than PDFs generally because they’re scalable and customizable, while PDFs function similar to viewing an image of a page.
Handy tool. Make copies of a thumbdrive!
How To Create An Image Of Your USB Drive