Wednesday, September 03, 2014
Here we go again?
Home Depot Investigating Potentially Massive Credit Card Breach
… Home Depot has confirmed that it’s investigating some “unusual activity” with regards to its customer data, and the consistently spot-on Brian Krebs is saying that it’s a credit card breach. According to Krebs, two “massive” batches of cards appeared on a credit card number seller site early this morning.
It’s unclear just how long the breach was in play — but Kreb’s early analysis of the credit card data suggests that its tentacles reached into the majority of Home Depot’s 2,200 stores, possibly going as far back April of this year...
Mandating surveillance? Of course this does nothing to prevent crime, but might make catching the criminals a bit easier.
If you have a business in Gary, Indiana that’s open during the hours of 10 pm and 6 am, you must have outside surveillance cameras – whether you want to or not. Rob Earnshaw reports:
Businesses in the city operating between the hours of 10 p.m. and 6 a.m. will be required to have three high-resolution surveillance cameras recording public access areas following passage Tuesday of an ordinance by the City Council.
Businesses have a three-month grace period until the ordinance is enforced and failure to comply after that could result in fines up to $2,500 and revocation of its business license.
Read more on NWI.
[From the article:
Gary Police Cmdr. Kerry Rice said Police Department reports show that in 2013 more than 60 percent of reported crimes and 80 percent of shootings at gas stations and convenience stores in Gary occurred between the late evening to early morning hours.
… According to the ordinance the cameras must produce reproducible digital color images from a digital video recorder that is approved by the Police Department. Businesses must also post a conspicuous sign stating that the property is under camera surveillance. Each camera must display a date and time stamp on each image and produce retrievable images suitable for permanent police records.
The camera system must also be able to store and retrieve 30 days of recorded material.
Let's make a law... (I skipped a lot of this post that would probably be of interest to lawyers)
The Australian Law Reform Commission’s Final Report, Serious Invasions of Privacy in the Digital Era (Report 123, 2014) was tabled in Parliament today and is now publicly available.
The Terms of Reference for this Inquiry, required the ALRC to design a tort to deal with serious invasions of privacy in the digital era. In this Report, the ALRC provides the detailed legal design of such a tort located in a new Commonwealth Act and makes sixteen other recommendations that would strengthen people’s privacy in the digital environment.
… The Report and a Summary Report is available to freely download or purchase in hard copy from the ALRC website. The Report is also freely available as an ebook.
It's the (marketing) principle of the thing!
Microsoft Defies Judge, Refuses To Hand Over Customer Emails
Microsoft looks set to be found in contempt of court after defying an order from a US judge that it should hand over data stored in Ireland.
Judge Loretta Preska, chief of the US District Court in Manhattan, has lifted a stay on her previous order that Microsoft must give email messages held in an Irish data center to US prosecutors investigating a criminal case.
However, Microsoft is refusing to comply. While the judge has concluded that the order itself isn’t appealable, a refusal to play ball by Microsoft could force her to find the company in contempt. Microsoft could then appeal against that finding to continue arguing its case.
… The disagreement hinges on whether the servers on which the data is kept are subject to US jurisdiction. In July, the judge ruled that Microsoft must hand over the emails because, while they were stored overseas, they were under the control of a US company.
… Alternatively, we may start to see more of a move towards the encryption of all customer data. If Microsoft and other cloud providers didn’t have access to the encryption keys, the data couldn’t be deemed to be under their control – and they couldn’t hand it over.
It's an argument, not a solution.
Chris Hoofnagle writes:
A revolution is afoot in privacy regulation. In an assortment of white papers and articles, business leaders—including Microsoft—and scholars argue that instead of regulating privacy through limiting the collection of data, we should focus on how the information is used. It’s called “use regulation,” and this seemingly obscure issue has tremendous implications for civil liberties and our society. Ultimately, it can help determine how much power companies and governments have.
Read more on Slate.
[From the article:
Use regulations offer no real protection, because businesses themselves get to choose what uses are appropriate. Worse yet, companies misusing data will have a huge legal loophole—the First Amendment. Companies have long argued that privacy rules are a form of censorship, and thus limits on use will be an abridgement of their free expression rights. The only workable situation for this problem is to require companies to contractually waive their First Amendment rights with respect to personal data.
For my Statistics students.
A Predictive Analytics Primer
No one has the ability to capture and analyze data from the future. However, there is a way to predict the future using data from the past. It’s called predictive analytics, and organizations do it every day.
Has your company, for example, developed a customer lifetime value (CLTV) measure? That’s using predictive analytics to determine how much a customer will buy from the company over time. Do you have a “next best offer” or product recommendation capability? That’s an analytical prediction of the product or service that your customer is most likely to buy next. Have you made a forecast of next quarter’s sales? Used digital marketing models to determine what ad to place on what publisher’s site? All of these are forms of predictive analytics.
… Lack of good data is the most common barrier to organizations seeking to employ predictive analytics.
… Regression analysis in its various forms is the primary tool that organizations use for predictive analytics.
(Related) For law school students? Interesting question?
Should Lawyers Be Big Data Cops?
Many police departments are using big data analytics to predict where crime is likely to take place and prevent it. Should lawyers do the same to predict and stop illegal, non-criminal activities? This is not the job of police, but should it be the job of lawyers? We already have the technology to do this, but should we? Should lawyers be big data cops? Does anyone even want that?
… The necessary software and search skills already exist to do this. Lawyers with big data skills can already detect and prevent breach of contract, torts, and statutory violations, if they have access to the data. It is already possible for skilled lawyers to detect and stop these illegal activities before damages are caused, before disputes arise, before law suits are filed. Lawyers with artificial intelligence enhanced evidence search skills can already do this.
I have written about this several times before and even coined a word for this legal service. I call it “PreSuit.” It is a play off the term PreCrime from the Minority Report movie. I have built a website that provides an overview on how these services can be performed. Some lawyers have even begun rendering such services. But should they? Some lawyers, myself included, know how to use existing predictive coding software to mine data and make predictions as to where illegal activities are likely to take place. We know how to use this predictive technology to intervene to prevent such illegal activity. But should we?
For my programming students. Read this understand why you need a lawyer.
Open Source Software Licenses: Which Should You Use?