Saturday, February 01, 2014

A simple variation on “Crowd Sourcing.” If “many” people are interested in an “event” then it is possible the police will be interested too. It might be an interesting “thought experiment” to see what other scenarios might trigger similar actions.
From the is-this-the-old-good-Google-or-the-newer-evil-one dept.:
Quentyn Kennemer reports:
We come across tons of interesting patents each and every day, but recently none have caused as much concern and curiosity as this one. Google recently filed a patent for a system that identifies when and where a “mob” event takes place and sends multimedia alerts to relevant parties. The patents are actually titled “Mob Source Phone Video Collaboration” and “Inferring Events Based On Mob Sourced Video“.
No… not that mob. In this case a “mob” is essentially an activity or event attracting an abnormal amount of attention in the form of video recording and picture taking. Here’s a quick blurb from the patent description:
“When there are at least a given number of video clips with similar time stamps and geolocation stamps uploaded to a repository, it is inferred that an event of interest has likely occurred, and a notification signal is transmitted (e.g., to a law enforcement agency, to a news organization, to a publisher of a periodical, to a public blog, etc.).”
Read more on Phandroid.

For my students.
Buying Textbooks? Chegg And Should Be Your First Stops
… Two of the most used sites for getting textbooks (besides Amazon, of course) are Chegg and, but which should you use for your next college textbook buying excursion? Well, let’s take a look at what the two bookstore behemoths have to offer, then you can decide which site is right for you.

For my amusement.
… A report from the House Education and the Workforce Committee examines the working conditions of adjunct labor in higher education. More via Inside Higher Ed.
… For those keeping score at home, here’s a map of how much snow it typically takes to cancel school in the US.
Getting rid of the playground rules altogether at Swanson Primary School has meant “a drop in bullying, serious injuries and vandalism, while concentration levels in class are increasing.” [Libertarians take note! Bob]
… For-profit Bridgepoint Education’s Ashford University will let students take certain MOOC classes for credit.
But Stanford economist Caroline Hoxby says that “Elite Colleges Should Not Give Credit for MOOCs.” [Is this the start of a useful debate? Bob]

Oh, the horror! Surely, this can not be allowed to stand!
Beer-delivery drone grounded by FAA
Ice fishers in Minnesota are reeling from a recent FAA decision prohibiting beer delivery by drone.
Local brewery Lakemaid was testing a new drone delivery system to airlift frosty cases of beer to fishermen holed up in ice shacks on Mille Lacs Lake. After spotting a Lakemaid YouTube video that went up last week of one of the unmanned aerial vehicles (UAVs) on a test run, the Federal Aviation Administration contacted Lakemaid and told the company to stop.

Friday, January 31, 2014

For my Ethical Hackers. “How to Attack, Method 704”
Hackers Hit Yahoo Mail With Mass Account Checker Attack
Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts,” Jay Rossiter, SVP, Platforms and Personalization Products at Yahoo, wrote in a blog post Thursday. “
According to Rossiter, the list of usernames and passwords that was used to execute the attack was likely obtained from hacking another site and stealing the list of login credentials.
… “Hackers will use brute force attacks to test stolen usernames and passwords from one source to gain access to another say, bank accounts, Facebook pages, Gmail, you name it,” Juniper Networks’ Michael Callahan wrote in a recent SecurityWeek column.

For my student veterans.
They served their country but now the card that’s supposed to help veterans may be putting them at risk for identity theft and it’s a problem the Department of Veteran Affairs has known about for at least two years.
When the VA first issued new medical cards in 2004, they claimed the cards protected the vet’s identity. Fast-forward ten years and we found out, that’s not necessarily the case anymore.
WINK News Call for Action found that a crook only needs a smart phone and a free barcode scanner app, and then any vet with one of these so-called protective cards is vulnerable.
It took us all of ten seconds to get veteran Jim Murphy’s social security number.
Read more on WINK News, where they posted a detailed response from the VA on its plans to address the vulnerability with a rollout of new cards using a different system that does not embed Social Security numbers.
[From the article:
In December of 2011 the VA published a report and at the top the VA claimed the I.D. cards protected the veteran's identity because it doesn't publish the social security number. Buried at the bottom of the page, you'll find a warning which admits the bar code can easily be scanned, revealing private information.
Since we discovered that the VA has known about this issue for more than two years, we wanted to know when it would be fixed.
A spokesperson with the VA sent us this statement:
… At time of receiving the card, Veterans have always been advised to safeguard it as they would a Social Security card or a credit card, to protect their identity information.
VA has begun to move to the next generation of identification. The new card, the Veteran Health Identification Card (VHIC), provides a more secure means of identification for Veterans because the Social Security number and birth date will no longer be contained on either the magnetic strip or the bar code.
… Once necessary software changes have been made so applications used in VA health care facilities can read the VHIC bar code and magnetic stripe, VA will begin issuing the VHIC this year and replacing enrolled Veterans' old cards.

Verrrrry interesting. I wonder what the judge is suggesting?
Spencer Ackerman reports:
A representative of a criminal defendant has for the first time been granted permission to view evidence gathered against him under the Foreign Intelligence Surveillance Act, one of the wellsprings of authority for terrorism surveillance.
Judge Sharon Coleman, a federal district judge in Illinois, issued an order on Wednesday permitting a lawyer for Adel Daoud, who is accused of attempting to detonate a car bomb near a Chicago bar, to learn the origins of the information the FBI or other US authorities collected about him under an order from a secret court that permits surveillance on terrorists or “agents of a foreign power”.
Read more on The Guardian.
[From the article:
“While this court is mindful of the fact that no court has ever allowed the disclosure of Fisa materials to the defense, in this case, the court finds that the disclosure may be necessary,” Coleman wrote, in an order first reported by New York Times journalist Charlie Savage on Twitter.
“This finding is not made lightly, and follows a thorough and careful review of the Fisa application and related materials. The court finds however that an accurate determination of the legality of the surveillance is best made in this case as part of an adversarial proceeding.”

(Related) Another legal challenge.
The consensus is clear that spying on innocent Americans section 215 of the Patriot Act is flatly illegal. The Center for Democracy and Technology said it, Christopher Sprigman and I said it, Laura Donohue said it, Judge Richard Leon said it, the Privacy and Civil Liberties Oversight Board (PCLOB) said it, Sprigman and I said it again.
So far, less attention has been paid to the legality—and wisdom—of mass surveillance under section 702 of the FISA Amendments Act (FAA), codified at 50 USC 1881a. Section 702 is the statutory authority for the PRISM program, which involves warrantless collection of communications contents via targeting non-U.S. individuals or entities reasonably believed to be located abroad.
… Meanwhile, a report from the New America Foundation recently took a serious look at the efficacy of 702 in counterterrorism. Researchers concluded that section 702 is less valuable than people may have assumed, finding that section 702 collection played a role in only 4.4 percent of examined terrorism cases.

(Related) Everything is illegal and evil until something happens and we say, “How could you have failed to prevent this?”
… a leading lawyer in the UK has submitted legal advice to a parliamentary group concluding that mass surveillance programs conducted by the British intelligence agency, the GCHQ, are likely illegal (see The Guardian’s report here). The All Party Parliamentary (APPG) on Drones, an informal parliamentary group with members drawn from all parties, asked Jemima Stratford QC to provide expert evidence on the legality of the alleged GCHQ surveillance.

So, how does all that “NSA/GCHQ/CSEC is evil” stuff impact the average citizen? Not at all, apparently.
TRUSTe 2014 US Consumer Confidence Privacy Report
by Sabrina I. Pacifici on January 30, 2014
“Privacy concerns are growing with 74% more concerned about their online privacy than a year ago. Despite the constant media coverage of government surveillance programs such as NSA’s PRISM, this is not the main driver of online privacy concerns. People are far more concerned about businesses sharing personal information with other companies and tracking their online behavior to show targeted ads and content than anything the government is doing. The report reveals:
  • Consumer online privacy concerns remain extremely high with 92% of US internet users worrying about their privacy online compared with 89% in January 2013.
  • Consumers are far more concerned about about companies tracking their activities (58%) than the government (38%).
  • Consumer trust is falling. 54% of consumers (down from 57% in 2013) say they do not trust businesses with their personal information online.
  • Online privacy concerns mean consumers are less likely to click on ads (83%), download apps (80%), enable location tracking (74%)
See also the accompanying Infographic

Interesting that head of the NSA has been downgraded from 4 stars to 3 stars. This must be deliberate, but I don't see a good reason for it.
Vice Admiral Michael Rogers Named New NSA Chief
President Barack Obama has nominated a US Navy officer, Vice Admiral Michael Rogers, to take over as head of the embattled National Security Agency.
If confirmed by lawmakers, Rogers would also take over as head of the military's cyber warfare command.

Are we truly coming to the conclusion that we need to plan for cyber-security?
Report – Risk and Responsibility in a Hyperconnected World
by Sabrina I. Pacifici on January 30, 2014
“Many leaders in business, civil society and government realize that for the world’s economy to fully derive the value inherent in technological innovation, a robust, coordinated system of global cyber resilience is essential to effectively mitigate the risk of cyberattacks. This view is beginning to permeate discussions among senior leaders in the private and public sectors, and across different industries, as concerns related to cyber resilience shift from awareness to action. The critical questions today are: what needs to be done, and how can it be achieved? Risk and Responsibility in a Hyperconnected World, a joint effort between the World Economic Forum and McKinsey & Company, assesses the necessary action areas, and examines the impact of cyberattacks and response readiness. The report sets these against three alternative scenarios in which economic value from technological innovations is realized or lost depending on models of cyber resilience. It draws on knowledge and opinions derived from a series of interviews, workshops and dialogues with global executives and thought leaders to estimate the potential value to be created through 2020 by technological innovations. It examines the value that could be put at risk if the adoption of such innovations is delayed because more frequent, intense cyberattacks are not met with more robust cyber resilience. Finally, the report draws conclusions from the analysis and research, and offers a 14-point roadmap for collaboration.”

“We don't need no stinking parents!” This kind of thinking leads to multi-generational debtors prisons.
Reports: Lunches seized from Utah schoolkids because of unpaid bills
Dozens of children at a Utah school had their lunches seized and thrown away because they did not have enough money in their accounts, prompting an angry response from parents, it was reported.
… Isom's mom Erica Lukes called the move “traumatic and humiliating” and told the Salt Lake Tribune she was all paid up.
"I think it’s despicable," she said. "These are young children that shouldn’t be punished or humiliated for something the parents obviously need to clear up."
Salt Lake City District Spokesperson Jason Olsen told the Tribune that parents had been notified about negative balances on Monday and a child nutrition manager had decided to withhold lunches to deal with the issue. They were thrown away because once food is served to one student it can’t be served to another, he explained.

Act like a brat, get deported? Works for me!
White House Must Address Petition to Deport Justin Bieber
After topping more than 100,000 signatures on "We the People," the White House is now obligated to respond to a petition to "Deport Justin Bieber and revoke his green card."
As of this afternoon, the petition had 104,700 signatures and climbing.

Perspective. A huge and error prone infographic. (To start with, Google should always be written “go ogle”)
Exactly How Big IS Google?

The Canadian Prime Minister (what's his name) on Justin Beiber...

Thursday, January 30, 2014

I wonder how that contract was worded?
Danny Yadron, Paul Ziobro and Charles Levinson report:
The hackers who stole 40 million credit- and debit-card numbers from Target Corp. appear to have breached the discounter’s systems by using credentials stolen from a vendor.
The finding will help to start unraveling the riddle of how the software that carried out the attack got into Target’s systems. It also underscores the risks companies face as they operate vast, interconnected business systems.
“We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor’s credentials which were used to access our system,” Target spokeswoman Molly Snyder said.
Read more on WSJ.

(Reated) For my Ethical Hackers. Slick. Sounds like the TJMaxx breach, only smarter.
New Clues in the Target Breach
… As I noted in Jan. 15′s story – A First Look at the Target Intrusion, Malware – the attackers were able to infect Target’s point-of-sale registers with a malware strain that stole credit and debit card data. The intruders also set up a control server within Target’s internal network that served as a central repository for data hoovered up from all of the infected registers
That analysis looked at a malware component used in Target breach that was uploaded to Symantec’s ThreatExpert scanning service on Dec. 18 but which was later deleted (a local PDF copy of it is here). The ThreatExpert writeup suggests that the malware was responsible for moving stolen data from the compromised cash registers to that shared central repository...
… “Attackers exfiltrate data by creating a mount point for a remote file share and copying the data stored by the memory-scraping component to that share,” the SecureWorks paper notes.

Perspective. “It's not you father's malware.”
Redefining Malware: When Old Terms Pose New Threats
Long ago, malware was typically created and deployed by script kiddies bent on flexing their programming muscles. That’s not to say that all malware attacks were harmless pranks; some were severe, and all of them were technically illegal. But they generally weren’t devastating, and enterprises found that setting up perimeter security (e.g. signature-based antivirus products, firewalls, secure web gateways, and so on) was enough to keep malware from infecting their network and causing major damage. But that was then.
Now, just as the business world is in many ways unrecognizably different compared to years ago, today’s malware is a completely different and qualitatively more dangerous threat to enterprises for three core reasons:
1. New Threat Actors: As the technology to create and deploy malware has entered the mainstream, rebellious script kiddies have given way to sophisticated adversaries, hacktivists and nation states intent on fulfilling their illicit economic, social or political agendas. As such, instead of merely damaging machines, today’s threat actors are using malware to gain access and control corporate networks, as well as steal an enterprise’s intellectual property (IP) and other private data.
2. New Attack Approaches: In the past, malware attacks were typically quick, broad and indiscriminate. Now, they’re precise, targeted and unfold in multiple stages that include an initial probe of a victim’s network security system to identify vulnerabilities, and render perimeter security systems defenseless and ineffectual. In fact, it’s not unusual these days for some malware to do nothing except invade a network for the purposes of “opening a door” for future attacks that will occur much later.
3. New Masking Tactics: There was a time when one of the main objectives of a malware attack was to make as much noise as possible. Now the opposite is true, and today’s advanced malware is unnervingly capable of silently persisting on a network for weeks, months or even years without making a sound and setting off perimeter security alarm bells. What’s more, if today’s adversaries find that their attack is too noisy for their liking, they can outright destroy machines to cover their tracks (which is what happened in the Shamoon malware campaign), or they can deploy polymorphic malware that keeps changing to avoid detection by traditional security products.

(Related) “What's in your network?” (Worth reading)
Preparing for the Inevitable Data Breach: Discussion
Companies need to start thinking of themselves as stewards of consumer data and be proactive about data protection, a panel of experts said this week at a town hall event in honor of Data Privacy Day.
Businesses need to understand they will experience a breach incident and plan accordingly how they would protect the data, said Craig Spiezle, executive director and founder of Online Trust Alliance (OTA). If they don't, "they're really not meeting their obligations to their customers or their stockholders," Spiezle said.

I'm hoovering up a lot of stuff from Data Privacy Day activities.
The Future of Privacy Forum and Stanford Law School Center for Internet & Society have released a collection of papers (pdf) on Big Data and Privacy.

For my Ethical Hackers. Being expert means you never show up on this kind of infographic (or on those wanted posters in the post office)
The 9 Master Hackers Of The World (That We Know Of)

Very handy! Try it! Perhaps my nephew can feed his “music addiction” for free? Also works for podcasts.
Your Favorite Song Is Playing Somewhere. Find It With RadioSearchEngine
Radio Search Engine regularly indexes online radio stations, allowing you to search for a specific song playing…somewhere. You can then listen to the song (usually halfway through), then continue to listen to whatever station you stumble upon. You might find yourself listening to a Japanese top-forty station, but that’s half the fun.
… radio stations long ago added live web streams of their programming to the web.
… RadioSearchEngine takes advantage of this fact, as well as the song metadata these stations offer, to make it possible to hear any top-40 song instantly. Head to the site and you’ll see our local stations, to the right of a list of current top songs:
Click any of the song and you’ll be taken to a random station playing it. This will usually occur partway through a song, and occasionally occur after it’s played.
… Search for any song or artist and you’ll be shown a number of stations playing them (as seen above). Click to start listening. The service claims around 40,000 songs are playing at any given time, so you won’t find everything you’re looking for.
… If you’re not sold on the whole “search” idea, but would like to explore online radio some more, I’d recommend checking out TuneIn. It lets you tune into 50,000 stations worldwide, and offers an easy user interface for the job.

Wednesday, January 29, 2014

It's a bit of a shock and a bit of panic, but since we don't really understand it, it doesn't take long to forget the concerns and “get back to normal.”
Anne D’Innocenzio of Associated Press reports:
American shoppers say they are very concerned about the safety of their personal information following a massive security breach at Target, but many aren’t taking steps to ensure their data is more secure, according to a new Associated Press–GfK Poll.
The poll finds a striking contradiction: Americans say they fear becoming victims of theft after the breach that compromised 40 million credit and debit cards and personal information of up to 70 million customers. Yet they are apathetic to try to protect their data.
In the survey, nearly half of Americans say they are extremely concerned about their personal data when shopping in stores since the breach. Sixty-one percent say they have deep worries when spending online, while 62 percent are very concerned when they buy on their mobile phones.
But just 37 percent have tried to use cash for purchases rather than pay with plastic in response to data thefts like the one at Target, while only 41 percent have checked their credit reports. And even fewer have changed their online passwords at retailers’ websites, requested new credit or debit card numbers from their bank or signed up for a credit monitoring service.
Read more on KMSP.
So… have the card issuers’ reassurances that consumers won’t be responsible somewhat backfired by making consumers too complacent? If so, what’s the solution?

Say all the right things, do whatever it takes?
Recently, the Organisation for Security and Cooperation in Europe (OSCE)’s Office for Democratic Institutions and Human Rights (ODIHR) launched a new practical manual for law enforcement officers on “Human Rights in Counter-Terrorism Investigations.” The manual, produced in partnership with the OSCE Strategic Police Matters Unit, provides practical guidance for law enforcement policy and training on conducting counter-terrorism operations in a human rights compliant matter.

(Related) (See above)
CNN today provided the most detailed account yet of the latest U.S. drone strike, carried out this past weekend in Somalia. US officials (quoted anonymously by CNN) said the strike targeted al-Shabaab suspect Ahmed Abdi Godane. The report also notes that the strike was carried out by the Defense Department, and that officials said that it was unclear yet whether Godane was killed in the attack.
The report also contains a detail that raises questions about what rules the U.S. applies to its strikes in Somalia.

For all my students. Interesting that they don't have downloadable versions yet.
Free definitive guide to verifying digital content for emergency coverage
by Sabrina I. Pacifici on January 28, 2014
“Authored by leading journalists from the BBC, Storyful, ABC, Digital First Media and other verification experts, the Verification Handbook is a groundbreaking new resource for journalists and aid providers. It provides the tools, techniques and step-by-step guidelines for how to deal with user-generated content (UGC) during emergencies.” [Currently available on the web. Printed, ePub and free PDF versions will soon be available.]

Oh look, Math students! A “Real World” use for “all this math stuff!”
Dominant Wireless Broadband Providers Overcharge U.S. Consumers by $15 Billion Per Year
by Sabrina I. Pacifici on January 28, 2014
“The Consumer Federation of America (CFA) today released a report entitled Abuse of Market Power for Broadband Internet Access Service: Blind Theory and Bonehead Analysis Can’t Hide the Problem, demonstrating that the recent analyses of broadband prices and services from the Phoenix Center and the Information Technology and Innovation Foundation (ITIF) are fundamentally flawed and purposefully misleading.
“CFA’s comprehensive, fact-based analysis stands in stark contrast to the error and bluster we’ve seen from the Phoenix Center and ITIF,” Dr. Mark Cooper, Director of Research at CFA and author of the report, said. CFA’s latest report was filed as an ex parte supplement to the record in several ongoing Federal Communications Commission (FCC) proceedings that are that are vital to broadband policy and on the agenda for the Federal Communications Commission Open Meeting on January 30, 2014. “The FCC prides itself on being a data-driven organization, and in these proceedings seeks an accurate picture of the status of prices and product offerings in broadband Internet access service to inform sound broadband policy,” Cooper said. “However, there is little factual data to be found in the Phoenix Center/ITIF reports. Indeed, by simply correcting their math, we show that the dominant incumbents actually overcharge customers by about $15 billion per year for wireless service.” “Utilizing data from the New America Foundation (NAF) global survey of rates, terms and conditions of wireline and wireless service, CFA found that U.S. providers charge more, offer slower speeds and, in the case of mobile broadband, have lower caps and more onerous penalties for exceeding those caps than their non-U.S. counterparts,” Cooper added.”

(Related) Son of a gun! Two “real world” examples in the same year! Maybe there's a use for this stuff after all! (Answer “Yes” to that question on the next quiz)
Anne Milgram: Why smart statistics are the key to fighting crime
When she became the attorney general of New Jersey in 2007, Anne Milgram quickly discovered a few startling facts: not only did her team not really know who they were putting in jail, but they had no way of understanding if their decisions were actually making the public safer. And so began her ongoing, inspirational quest to bring data analytics and statistical analysis to the US criminal justice system.

Are “College students (and parents)” a large enough voter block to get Congress interested?
Report – Fixing the Broken Textbook Market
by Sabrina I. Pacifici on January 28, 2014
U.S. PIRG: “The cost of college textbooks has skyrocketed in recent years. To students and families already struggling to afford high tuition and fees, an additional $1,200 per year on books and supplies can be the breaking point. As publishers keep costs high by pumping out new editions and selling books bundled with software, students are forced to forgo book purchases or otherwise undermine their academic progress.
  1. High textbook costs continue to deter students from purchasing their assigned materials despite concern for their grades. 65% of students said that they had decided against buying a textbook because it was too expensive. The survey also found that 94% of students who had foregone purchasing a textbook were concerned that doing so would hurt their grade in a course. More than half of the students felt significant concern for their grade.
  2. High textbook costs can have a ripple effect on students’ other academic decisions. Nearly half of all students surveyed said that the cost of textbooks impacted how many/which classes they took each semester. Students attend college seeking job preparation and/or degree attainment. Careful course selection is often necessary in order to yield the results that a student is seeking within the timeframe they are prepared to study. It is especially concerning that this process may be being undermined by high textbook costs.
  3. Students want alternatives, expressing support for textbooks that are available free online and buying a hard copy is optional. 82% of students felt they would do significantly better in a course if the textbook was available free online and buying a hard copy was optional. This is exactly how open textbooks are designed. Not only is the open textbook an ideal alternative to a traditional textbook from a student point of view, but it is the only product in the marketplace that can directly challenge the high prices that publishers charge for new editions. These high prices, which outpace inflation, underpin the entire textbook marketplace, and drive market conditions for other alternatives such as the used book and rental markets. Overall, this study demonstrates that despite recent steps forward in the marketplace, high textbook costs will continue to be a problem for students unless the cost of high-priced, new editions of college textbooks comes down.”

Tuesday, January 28, 2014

Happy Data Privacy Day!

Interesting concept. Can they execute?
In response to a spate of cyber attacks targeting retailers nationwide, the Retail Industry Leaders Association (RILA) announced on Monday that it would help its members improve their cyber defenses by launching a new initiative to address cyber threats and promote further safeguards to protect payment data.
The initiative is organized around three major components.
1. Strengthening Overall Cybersecurity:
2. Improving Payments Security:
Eliminate the Mag-Stripe:
3. Addressing Consumer Privacy:

You may need to physically seize a server, is that approval to logically seize all of the email on that server? If clients were after security, are they “guilty by association?” Do you have “no expectation of privacy” on “secure email services?” Would this be similar to seizing one of those private “post office box” services because one client was shipping drugs, and then looking at everyone's mail?
Kevin Poulsen reports:
While investigating a hosting company known for sheltering child porn last year the FBI incidentally seized the entire e-mail database of a popular anonymous webmail service called TorMail.
Now the FBI is tapping that vast trove of e-mail in unrelated investigations.
The bureau’s data windfall, seized from a company called Freedom Hosting, surfaced in court papers last week when prosecutors indicted a Florida man for allegedly selling counterfeit credit cards online.
Read more on Threat Level.

So if the government made 1845 requests, companies could say “less than 2000.” Or they could say, “More than 1000 and less than 1845 thousand.” How does the exact number aid or comfort an enemy?
US Allows Tech Giants to Reveal Spy Agency Demands
Facing a legal challenge and a furious public debate, Attorney General Eric Holder and Director of National Intelligence James Clapper said the companies would now be allowed to disclose figures on consumer accounts requested.
Under the agreement filed with the secretive Foreign Intelligence Surveillance Court the companies will be able to disclose the numbers, within ranges.
They will have an option to reveal within bands of 1,000 the numbers of "national security letters" and specific court orders. Another option will be to disclose, in bands of 250, all the national security requests, lumped together.
The reports will have a six-month lag time, so data for the second half of 2014 may be published in mid-2015, according to the agreement.

Perspective. Not what I would have guessed.
Homicide In The U.S. Known To Law Enforcement, 2011
by Sabrina I. Pacifici on January 27, 2014
Homicide In The U.S. Known To Law Enforcement, 2011. Alexia Cooper, Ph.D., Erica L. Smith. December 30, 2013. NCJ 243035
“Presents data on homicide trends from 1992 to 2011. The report describes homicide patterns and trends by age, sex, and race of the victim. It explores weapon use, with a focus on trends in firearm use and homicide trends by city size. It also includes special discussions of missing offender data and firearm use in nonfatal violent victimizations. The data are from the FBI’s Supplementary Homicide Reports, with summary data from Crime in the United States, for homicide data prior to 1980. Data on nonfatal victimizations are from BJS’s National Crime Victimization Survey, 1993 to 1995 and 2008 to 2011. Highlights:
  • The U.S. homicide rate declined by nearly half (49%)
  • From 2002 to 2011, young adults ages 18 to 24 had the highest homicide rate of any age group and experienced the greatest rate decline (down 22%) over the 10-year period
  • The rate of homicides involving a firearm decreased by 49% from 1992 to 2011, while the percentage of homicide victims killed by a firearm (67%) remained stable.
  • Large cities of 100,000 or more residents experienced the largest decline (23%) in homicide rates

Perspective. That sounds like a lot until you realize that 815.3 million people flew in 2012. So that is 0.0002224 percent of passengers, or roughly 1 in every 449696. Don't get me started on how many standard deviations below average that would be... From their chart, Denver (the wild west) was lowest and Atlanta was highest.
1,813 People Tried to Bring Firearms Through TSA Checkpoints in 2013

Dilbert points out that it's not just technological ignorance that is bliss.

Monday, January 27, 2014

Simple Infographic.
You’re Being Watched Online
Yes, everything you do online is being tracked. Your searches, the videos you watch, transactions, social events, even crime. Scandalous crimes. With a little help, especially with our guides, you’re still able to remain anonymous on the Internet.

Self-Destruct: The Future Of Personal Communication
… The following are some of the best self-destructing social media services that are proving quite popular.

I say, “No problem! And where can I sign up?” Aereo is “Betamax in the Cloud.” How is that a new issue?
CRS – Internet Television Streaming and Copyright Law
by Sabrina I. Pacifici on January 26, 2014
Aereo and FilmOn X: Internet Television Streaming and Copyright Law. Emily M. Lanza, Legislative Attorney. January 13, 2014
“Companies such as Hulu, Netflix, and Amazon have changed how many people watch television programming by offering on-demand, online streaming to their computers, mobile devices, and gaming consoles. Aereo and FilmOn X also stream television programming over the Internet for a monthly subscription fee. Unlike the other companies, however, the technology of Aereo and FilmOn permits subscribers to watch both live broadcast television and already-aired programming without licenses. This development in technology has triggered multiple lawsuits alleging copyright violations by these companies. The litigation reveals not only multiple interpretations of copyright law and its application to new and developing technologies, but also a possible “loophole” in the law, which some have accused Aereo and FilmOn of exploiting. The Copyright Act of 1976 provides copyright holders with the exclusive right to control how their work is reproduced, adapted, distributed, publicly displayed, or publicly performed. The issue before the courts in the lawsuits against Aereo and FilmOn X is whether a retransmission of copyrighted broadcasts over the Internet without a prior agreement with the copyright holder violated the copyright holder’s right of public performance.”

Amusing. Either Apple sent a great salesman or LA sent idiots.
How Much Do 1:1 iPad Classrooms Cost?
A recent look at what Los Angeles is paying for students’ iPads in its 1:1 program found that the cost far exceeds what other nearby districts are paying for programs offering iPads, Chromebooks or other laptops. Now, Los Angeles is surveying dozens of other school districts to find out what they’re paying.
… Here’s a look at six 1:1 programs across the country.

Shorter than an elevator pitch, but interesting.
100 Data Innovations – January 2014 Edition
by Sabrina I. Pacifici on January 26, 2014
“Businesses, government agencies, and non-profits in countries around the world are transforming virtually every facet of the economy and society through innovative uses of data. These changes, brought about by new technologies and techniques for collecting, storing, analyzing, disseminating, and visualizing data, are improving the quality of life for billions of individuals around the world, opening up new economic opportunities, and creating more efficient and effective governments. Policymakers can help support these efforts by fostering the development of human capital, encouraging the advancement of innovative technology, and promoting the availability of data itself for use and reuse. This list provides a sampling, in no particular order, of some of the most interesting and important contributions data-driven innovations have made in the past year.”

Tools for Big Data!
New on LLRX – Knowledge Discovery Resources 2014
by Sabrina I. Pacifici on January 26, 2014
Via - Knowledge Discovery Resources 2014 – An Internet Annotated Link Dataset Compilation: Marcus P. Zillman’s new guide focuses on a comprehensive, reliable and actionable group of the most current resources for knowledge discovery available on the Web. The sources that Zillman highlights range from academe to non-profits, advocacy groups and the corporate sector. This guide covers topics that include: Data Mining, Web Mining, Knowledge Discovery, Data Analysis, Data Management, Big Data, Open Source and Curation, and P2P knowledge management.

Dilbert explains how Human Resources will use Big Data.

Sunday, January 26, 2014

This may be one of the “other retailers” related to Target. Note: If we are already seeing the card data in use, the breach is old enough for the breachers to gather, organize, and sell the data.
Sources: Card Breach at Michaels Stores
Multiple sources in the banking industry say they are tracking a pattern of fraud on cards that were all recently used at Michaels Stores Inc., an Irving, Texas-based arts-and-crafts retailer that maintains more than 1,250 stores across the United States.
Update 1:34 p.m. ET: The U.S. Secret Service confirmed that it is investigating a potential data breach at Michaels. Also, Michaels has just issued a statement stating that it “recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting that the Company may have experienced a data security attack.”
… It really does look like kind of the way we saw the Target breach spin up, because the fraud here isn’t limited to one store or one area, it’s been all over the place.”

A cautionary tale. Is it in fact “User Error” when a technology changes without a clear explanation of the new features? Does anyone conduct a scenario review to see what new data might be exposed?
The Stream Team writes:
Google’s latest operating system for Android, called the KitKat, has faced criticism from transgender users who say it fails to protect their privacy.
A key feature of the software is Google+ integration with contacts, SMS messages and texts. Attention was drawn to the potential problems this update poses for trans users when a trans woman named Erika Sorensen was inadvertently outed to her coworker. The software update makes the Google Hangouts instant messaging chat platform the default for all messages, so when Sorensen texted a coworker, her name appeared as Erika rather than her previous male name she was still using at work.
Read more on The Stream Team and then read this very powerful piece on the issue by Violet Blue if you haven’t read it already. And when you look around for examples of “privacy harm,” think of this situation.

Some functions should never be outsourced. If 40% were “flushed,” were the remaining 60% perfect?
POGO – DOJ Sues Firm That Screened Edward Snowden and Navy Yard Shooter
by Sabrina I. Pacifici on January 25, 2014
“On Wednesday [January 23, 2014], the Justice Department filed its long-awaited complaint in a False Claims Act lawsuit against background check contractor U.S. Investigations Services (USIS). In October last year, Justice announced it had intervened in the lawsuit, which was filed in 2011 by former USIS employee Blake Percival. Percival’s complaint is posted here.
The government claims that, from March 2008 through September 2012, USIS defrauded the government by submitting at least 665,000 incomplete background investigations of current or prospective federal and contractor employees, which were used to determine eligibility for access to classified information and suitability for sensitive jobs. Specifically, the government accuses USIS of engaging in a practice known inside the company as “dumping” or “flushing,” through which it allegedly submitted investigations that it falsely claimed were complete and had undergone quality review. The government paid USIS between $95 and $2,500 for each of these 665,000 investigations (about 40 percent of USIS’s total workload during that time period) and also paid USIS more than $11.7 million in annual performance bonuses. USIS made national news last year as the firm responsible for the background investigations of Navy Yard shooter Aaron Alexis and NSA surveillance program whistleblower Edward Snowden. It is not clear from the government’s complaint whether USIS’s 2011 investigation of Snowden is among the thousands USIS allegedly falsified. (USIS’s investigation of Alexis, conducted in 2007, is presumably outside the scope of the lawsuit.) It also does not state whether USIS’s alleged fraud resulted in any serious security breaches or if any of the allegedly tainted background investigations had to be reopened…”

Microsoft releases global survey on Internet users around the world
by Sabrina I. Pacifici on January 25, 2014
“A new global survey of Internet users conducted by Microsoft Corp. reveals distinct regional findings and differing viewpoints between the developed and developing world. However, overwhelmingly the more than 10,000 people surveyed from 10 nations said they embrace personal technology, particularly in emerging markets, and see it as the foundation of innovation and economic empowerment. Microsoft unveiled the results of its new survey today at the World Economic Forum in Davos, Switzerland, in the report titled, Views from Around the Globe: How Personal Technology is Changing Our Lives.”
[From the article:
We invite you to read the entirety of our survey, entitled “Views from Around the Globe: How Personal Technology Is Changing Our Lives,” by clicking here. The survey was taken between Dec. 26, 2013 and Jan. 3, 2014. The 10 countries surveyed include the U.S., France, Germany, Brazil, Russia, China, India, Japan, Mexico and Turkey.

Global Cooling! Global Cooling! Take that, Al Gore.
Solar Lull Could Trigger Another 'Little Ice Age,' Sun Scientists Say

Every week, and it's free!
… After penning a letter to the campus protesting proposed budget cuts, CSU sociology professor Tim McGettigan had his email suspended by the university. McGettigan’s email compared the budget cuts to the Ludlow massacres (the massacre in 1914 of striking coal miners in the region). The university said the email was a threat and compared McGettigan to the shooters at Columbine and Virginia Tech. By the end of the week – after a huge outcry about academic freedom and the administration’s inability to grasp analogy, McGettigan’s email was restored. More via Inside Higher Ed.
Last week, two Yale students got in trouble for creating a website to help other students plan their course schedule. In response to the university shutting down that site, another student Sean Haufler made an “unblockable replacement.” The URL for his blog post is great: “i-hope-i-dont-get-kicked-out-of-yale-for-this/” – and I don’t think he will. Yale later admitted that it had made a mistake in banning the website.
Microsoft Research has adopted an open access policy for its researchers’ publications.