Saturday, April 05, 2014

Concern: Was this a warm up for the Target breach? Now who is liable?
I live in Texas, and there’s a regional retailer that has just announced a data breach that is believed to have affected more than half a million customers. The announcement is controversial because the company, Spec’s, supposedly knew about the theft of payment card data almost a year ago and is just now telling customers. As you might imagine, people affected by this breach are rather upset.
Let me lay out the details, as reported by the Houston Chronicle newspaper.
… On March 29, the Houston Chronicle reported that “a sophisticated computer scam” was perpetrated against the Spec’s retail payment system for a year and a half. The breach is believed to have started October 31, 2012, and continued as late as March of 2014. The article suggests that authorities within Spec’s knew early last year (2013) that the computer system had been compromised.
… According to a Spec’s spokesperson Jenifer Sarver, federal investigators had asked the retailer not to divulge any details during the ongoing investigation. Sarver said, “It took professional forensics investigators considerable time to find and understand the problem, then make recommendations for Spec’s to fully address and fix them.”


Poor security can haunt you even after you sell the company.
As I tweeted last night, Experian has sued the former owner/shareholder of Court Ventures over the mess Experian found itself in when it acquired Court Ventures and later learned that a criminal had been using a Court Ventures account to access a U.S InfoSearch database with information on over 200 million Americans.
Today, Jim Finkle of Reuters reports on Experian’s cross-complaint in Court Ventures v. Experian, a lawsuit filed in Superior Court of California in Orange County. In today’s example of Extreme Chutzpah, it seems Court Ventures had sued Experian, seeking release of the escrow account created when Experian purchased Court Ventures. For its part, Experian counter-sued because Court Ventures had been notified of indemnification claims arising from the Ngo case. The escrow account is only a small portion of what was an $18 million acquisition.
In Experian’s cross-complaint, they raise claims against Court Ventures and its co-founder and shareholder Robert Gundling for breach of warranty, breach of contract, express contractual indemnification, promissory fraud, intentional misrepresentation, and negligent misrepresentation.
In their cross-complaint, Experian claims that Court Ventures misrepresented the credit header data that the service enabled clients to obtain through it relationship with U.S. InfoSearch. Experian claims that Court Ventures represented the credit header data as a service that would enable investigators to find an individual’s address for trace purposes. In actuality, Experian claims, when they checked logs after the Secret Service contacted them, Court Venture clients – including Ngo – were able to input names and states and obtain the Social Security numbers of individuals with that name in that state. Parenthetically, I note this would be consistent with what Brian Krebs had reported that a single query often produced records on multiple individuals.
When Experian discovered that credit header data was being used to obtain Social Security numbers, they immediately cut off the service for all users – including Ngo.
In addition to the complaint that Court Venture did not verify Ngo (a/k/a Jason Low)’s bona fides as an investigator eligible to use the service, Experian’s cross-complaint also alleges that Court Ventures engaged in web scraping and other possibly illegal acts to obtain the records in its database, despite having assured Experian in the sales agreement that Court Ventures was in compliance with all laws and Experian would have no legal issues when it took over the business.
To date, and based on media reports by others, it appears that Experian has not notified any consumers about this breach and now claims that they don’t know whose data were stolen. That’s noteworthy because in December 2013, Tony Hadley of Experian informed Senator Rockefeller’s committee that Experian knew who these people (victims of Ngo’s activity) were and would protect them. Perhaps Senators Rockefeller and McCaskill should send another letter to Experian asking them to explain Mr. Hadley’s misrepresentations or errors.
Jim Finkle provides some additional details on the litigation on Reuters.


Articles like this do not make me comfortable that anyone is in control. Apparently DHS will give the local police money (grants) to purchase any toy that attract them and local politicians don't care enough to ask why they need it or how it works. Do they really believe they can turn this device on and instantly find missing children?
Joel Kurth and Lauren Abdel-Razzaq report:
Oakland County commissioners asked no questions last March before unanimously approving a cellphone tracking device so powerful it was used by the military to fight terrorists.
Now, though, some privacy advocates question why one of the safest counties in Michigan needs the super-secretive Hailstorm device that is believed to be able to collect large amounts of cellphone data, including the locations of users, by masquerading as a cell tower.
Read more on Detroit News.
[From the article:
The technology can track fugitives and find missing children, but privacy advocates said they worry because similar machines can collect data from innocent smartphone users.
… Oakland County, like other agencies, obtained Hailstorm using money from a U.S. Homeland Security grant.


On the other hand...
Allie Bohm writes:
On Monday, Utah became the first state to enact legislation simultaneously protecting location information and electronic communications content, regardless of age, from government access—ensuring that state and local law enforcement can only access that sensitive information when there is good reason to believe that it will reveal evidence of a crime, or in true emergencies.
Read more on ACLU’s blog.
[From the article:
This is notable for two reasons.
  • First, these are the primary two reforms we seek to the outdated federal law that governs our privacy in the digital age, the Electronic Communications Privacy Act (ECPA).
  • Second, Utah’s new law is also remarkable because of its breadth.


Once something gets on the Internet, you can never get it off, so make it searchable and only scholars will bother to read it. Or my students, writing about security.
Introducing the ACLU’s NSA Documents Database
by Sabrina I. Pacifici on April 3, 2014
By Emily Weinrebe, ACLU National Security Project: “The public debate over our government’s surveillance programs has reached remarkable heights since the first set of NSA disclosures in June 2013 based on documents leaked by Edward Snowden. Since then, additional disclosures by both the press and government have illuminated our government’s vast and invasive surveillance apparatus. These documents stand as primary source evidence of our government’s interpretation of its authority to engage in sweeping surveillance activities at home and abroad, and how it carries out that surveillance. The ACLU hopes to facilitate this debate by making these documents more easily accessible and understandable. Toward that end, today we are launching the NSA Documents Database. This tool will be an up-to-date, complete collection of previously secret NSA documents made public since last June. The database is designed to be easily searchable – by title, category, or content – so that the public, researchers, and journalists can readily home in on the information they are looking for. We have made all of the documents text-searchable to allow users to investigate particular key words or phrases. Alternatively, the filter function allows users to sort based on the type of surveillance involved, the specific legal authorities implicated, the purpose of the surveillance, or the source of the disclosure. For example, you can have the database return all documents that both pertain to “Section 215″ and “Internal NSA/DOJ Legal Analysis.” We will update the database with new documents as they become available to the public.”


Deep Learning allows this software to learn how to recognize faces. What's next? Could be a security feature – the camera sees your face and signs you in...
Facebook working on facial recognition technology that can spot users from the side
Facebook is known for being creepy due to all its privacy issues, but the social network might seem extra creepy with its new facial recognition technology. There's a strong hate for facial recognition, and we doubt Facebook's implementation will make it any more acceptable.
Facebook's facial recognition software is quite advanced, probably something only the military or the NSA has access to. According to a new report from Facebook, the technology researchers are looking into has the ability to recognize a person's face just as accurate as a human being. If this is real, then the social network is turning into a scary place, and only a drastic change in Facebook's privacy policy and options could allow such a software to move forward.
Bear in mind that Facebook has already implemented facial recognition in its software, you might have noticed it when tagging your friends or family in photos. However, this software is far from accurate, and many times require the user to figure out who person's are, manually.
The social network's new facial recognition software, now known as "DeepFace", is aimed at fixing the accuracy issue, along with recognizing a person even if their face is turned sideways.


So easy, even your three year old will be able to use it! Repeatedly! Voice or scan! Sign up for an invitation.
The free gadget that Amazon hopes will compel you to order more stuff — lots more stuff
Amazon just launched a slick-looking website for the Amazon Dash, a handheld gadget for adding products to your shopping list.
“Every member of the family can use Dash to easily add items to your AmazonFresh shopping list,” reads the site. Just aim the business end at the barcode on an empty peanut butter jar, press the scan button, and it retrieves the data from the code and beams it to the cloud. Next time you place an order with AmazonFresh, that peanut butter will already be on your shopping list.


I have to ask, it this had been done by ‎the Berkman Center at Harvard, would people applaud?
The Fall of Internet Freedom: Meet the Company That Secretly Built ‘Cuban Twitter'
The United States discreetly supported the creation of a website and SMS service that was, basically, a Cuban version of Twitter, the Associated Press reported Thursday. ZunZuneo, as it was called, permitted Cubans to broadcast short text messages to each other. At its peak, ZunZuneo had 40,000 users.
And what government agency made ZunZuneo? It wasn’t the CIA. No, it was the U.S. Agency for International Development, USAID, working with various private companies, including the D.C. for-profit contractor Creative Associates and a small, Denver-based startup, Mobile Accord.


This is “hacking” in its pure form. “What happens when I do this?”
5-year-old finds flaw in Xbox Live security
A 5-year-old San Diego boy has outwitted the sharpest minds at Microsoft — he's found a backdoor to the Xbox.
Kristoffer Von Hassel managed to log in to his father's Xbox Live account. When the password log-in screen appeared, Kristoffer simply hit the space button a few times and hit enter.
Robert Davies tells KGTV-TV (http://bit.ly/1hmrTan ) that just after Christmas he noticed his son playing games he supposedly couldn't access.
Davies, who works in computer security, says he reported the issue to Microsoft, which fixed the bug and recently listed Kristoffer on its website as a "security researcher."


For my fellow geezers..
Pew – Older Adults and Technology Use
by Sabrina I. Pacifici on April 4, 2014
Aaron Smith – April 3, 2014: “America’s seniors have historically been late adopters to the world of technology compared to their younger compatriots, but their movement into digital life continues to deepen, according to newly released data from the Pew Research Center. In this report, we take advantage of a particularly large survey to conduct a unique exploration not only of technology use between Americans ages 65 or older and the rest of the population, but within the senior population as well. Two different groups of older Americans emerge. The first group (which leans toward younger, more highly educated, or more affluent seniors) has relatively substantial technology assets, and also has a positive view toward the benefits of online platforms. The other (which tends to be older and less affluent, often with significant challenges with health or disability) is largely disconnected from the world of digital tools and services, both physically and psychologically. As the internet plays an increasingly central role in connecting Americans of all ages to news and information, government services, health resources, and opportunities for social support, these divisions are noteworthy—particularly for the many organizations and individual caregivers who serve the older adult population.”


For my students
Bypass Georestrictions By Changing Your Smartphone’s DNS Settings
DNS tunneling services allow you to access geo-restricted services just by changing your DNS server. In other words, you can watch American Netflix or Hulu by changing one setting. Services like UnoDNS and Unblock-Us aren’t just for your computer. They’ll work on smartphones, tablets, and even game consoles.


We are in the “education business” like the shoemaker's children.
… New York State has pulled out of inBloom (which according to Politico, leaves the data infrastructure organization with no customers). While some are hailing this as a victory for student privacy, Funnymonkey’s Bill Fitzgerald notes it’s “only good news for the other players in the space” – players like Pearson.
… “The University of Florida will pay Pearson Embanet an estimated $186 million over the life of its 11-year contract — a combination of direct payments and a share of tuition revenue — to help launch and manage the state’s first fully online, four-year degree program,” reports The Gainesville Sun. Phil Hill clarifies some of the numbers.
… Textbook publisher Cengage has emerged from bankruptcy.

Friday, April 04, 2014

Clearly out of touch. I would imagine hundreds of people have posted “Presidential Selfies.” Just because Samsung wasn't a large contributor to the President's campaign (like Google) is no reason to brand them as Capitalist Dogs.
White House objects to Samsung Ortiz and Obama selfie
The White House has objected to the tweeting of a selfie snapped by a member of a leading baseball team which included President Obama in the photograph.
The White House said the President's image should not be used for commercial gain.
David Ortiz denied that he was paid by Samsung to take the picture, as Alpa Patel reports.


It's war! Granted, it's polite war, but it's still war. (At $100 per user, consider the winner in this war could have 7 billion users.)
Why Facebook Should Worry About Tencent
From the moment Facebook announced in February 2014 that it had bought the mobile messaging service WhatsApp, everyone’s been talking about the price that CEO Mark Zuckenberg parted with for the acquisition. Nineteen billion dollars (albeit $4 billion in cash and the rest in Facebook shares) is one of the largest sums ever paid for a venture-capital-backed start-up that is just five years old.
What’s really significant, though, is that by buying WhatsApp, Facebook has signaled its intention of taking on Tencent, China’s biggest Internet company, which is trying to become the global leader in the instant messaging market. Tencent’s mobile messaging service, WeChat (known as Weixin in China), has over 300 million users worldwide, and standalone, it is already valued at around $30 billion compared to WhatsApp’s $19 billion price-tag.


Very early days yet, but think of them as low-level communication satellites.
Google's Project Loon balloon goes around the world in just 22 days


Perhaps a way to introduce my students to programming?
Microsoft eases development for Windows and Windows Phone with new App Studio
Microsoft’s App Studio beta test has been expanded to allow novice developers to build applications for Windows tablets and PCs, in addition to Windows Phone.
Last year Microsoft introduced a beta version of Windows Phone App Studio in an effort to increase the number of apps for its smartphone OS by letting almost anyone build an application. The company has now expanded the platform to let users build for tablets and PCs at the same time, and renamed the service Windows App Studio, it said in a blog post on Friday.
Materials for teachers
Check out the 5-hour App Studio Curriculum at App Studio Education. Get your students building apps and extending them with code today!

Thursday, April 03, 2014

Okay, they look like large balsa wood kit models. And neither one looks like the ones displayed in their military parades. But consider a bit larger model that could carry a nuke and you have a primitive cruise missile.
Take a closer look at North Korea’s alleged drones
If these unmanned aircraft look rudimentary, it's probably because they are: Not only did they all crash, but with only a poor quality camera that could not take video, and no way to broadcast the images, their use as a spy plane is severely limited.
Despite their lack of sophistication, however, the sudden appearance of these drones in South Korea is causing some serious concern.


This is consistent with “our customers are ignorant but really like playing with their mobile devices.” If they work well enough to allow customers to buy stuff, they work well enough.
Domingo Guerra writes on Appthority:
Recently Wal-Mart and Walgreens have both been noted to have security vulnerabilities connected to their mobile applications. Following recent revelations about the insufficient security of mobile apps from other major corporations, such as Target, Neiman Marcus, and Starbucks, it is clear that big company names are still struggling to iron out flaws in their mobile apps.
We recently put the Wal-Mart and Walgreens apps through our mobile app reputation analysis via the Appthority Service and found their ratings to be the following:
  • The Walmart iOS app earned an app reputation score of 23 out of a possible 100 points.
  • The Walgreens app earned an app reputation score of 19 out of a possible 100 points.
These findings are another reminder that big companies must prioritize and invest further in security and privacy when it comes to rolling out their mobile apps.


Since I get my news via RSS feeds, and email claiming to be from a news website would be highly suspicious.
News Junkies Make Great Targets
Unfortunately, the truth remains that individuals are a weak link in the battle against cyber criminals. Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.
The 2013 Verizon Data Breach Investigations Report finds that sending just three emails per phishing campaign gives the attacker a 50 percent chance of getting one click. With six emails the success rate goes up to 80 percent and at 10 it is virtually guaranteed. Social media helps spur success, enabling cyber criminals to gather information about us so they know how to more effectively entice targets to click on that malicious email.


Nothing really new, but worth putting on the “response” bookshelf (in the “response” folder) Note the lack of communication. If different agencies are having problems with different components, they could ask for help from agencies who did not have difficulty with that component. If everyone is having problems with the same component, they need to revise the component. (If a manager can't figure that out, they need a new manager.)
From a GAO report (GAO-14-487T) released today, the highlights:
The number of reported information security incidents involving personally identifiable information (PII) has more than doubled over the last several years (see figure).
As GAO has previously reported, major federal agencies continue to face challenges in fully implementing all components of an agency-wide information security program, which is essential for securing agency systems and the information they contain—including PII. Specifically, agencies have had mixed results in addressing the eight components of an information security program called for by law, and most agencies had weaknesses in implementing specific security controls. GAO and inspectors general have continued to make recommendations to strengthen agency policies and practices.
In December 2013, GAO reported on agencies’ responses to PII data breaches and found that they were inconsistent and needed improvement. Although selected agencies had generally developed breach-response policies and procedures, their implementation of key practices called for by Office of Management and Budget (OMB) and National Institute of Standards and Technology guidance was inconsistent. For example,
  • only one of seven agencies reviewed had documented both an assigned risk level and how that level was determined for PII data breaches; two agencies documented the number of affected individuals for each incident; and two agencies notified affected individuals for all high-risk breaches.
  • the seven agencies did not consistently offer credit monitoring to affected individuals; and
  • none of the seven agencies consistently documented lessons learned from their breach responses.
Incomplete guidance from OMB contributed to this inconsistent implementation. For example, OMB’s guidance does not make clear how agencies should use risk levels to determine whether affected individuals should be notified. In addition, the nature and timing of reporting requirements may be too stringent.
Download the full report from GAO


Interesting. Worth a read...
This new report from Pam Dixon and Bob Gellman for the World Privacy Forum explores the issue of predictive scores that use information about your past to predict your future. How accurate are these predictions? What impact can they have on your life? What scores are predicting you?
Brief Summary of report (provided by WPF):
This report highlights the unexpected problems that arise from new types of predictive consumer scoring, which this report terms consumer scoring. Largely unregulated either by the Fair Credit Reporting Act or the Equal Credit Opportunity Act, new consumer scores use thousands of pieces of information about consumers’ pasts to predict how they will behave in the future. Issues of secrecy, fairness of underlying factors, use of consumer information such as race and ethnicity in predictive scores, accuracy, and the uptake in both use and ubiquity of these scores are key areas of focus.
The report includes a roster of the types of consumer data used in predictive consumer scores today, as well as a roster of the consumer scores such as health risk scores, consumer prominence scores, identity and fraud scores, summarized credit statistics, among others. The report reviews the history of the credit score – which was secret for decades until legislation mandated consumer access — and urges close examination of new consumer scores for fairness and transparency in their factors, methods, and accessibility to consumers.
You can download the report here (.pdf)


How can broadcast TV possibly survive without fees from Cable? How did they do it before cable?
Dish Network, Echostar and the American Cable Assn. are among those supporting Aereo in its showdown with broadcasters in the Supreme Court.
They were among the companies and organizations which filed briefs to the high court on Wednesday, the deadline for amicus briefs in favor of Aereo. Oral arguments in the Supreme Court are scheduled for April 22.
If Aereo is allowed to continue, broadcasters say that cable and satellite operators could merely start their own similar services and bypass having to compensate them for retransmitting station signals, in what is now a multi-billion dollar revenue stream.


I should be simple to flag your WiFi, “Private.” Absent that, what should I assume?
From the hard-to-believe-this-wasn’t-an-April-Fool’s-joke dept.:
David Kravets reports:
Google wants the Supreme Court to reverse a decision concluding that the media giant could be held liable for hijacking data on unencrypted Wi-Fi routers via its Street View cars.
The legal flap should concern anybody who uses open Wi-Fi connections in public places like coffee houses and restaurants. That’s because Google claims it is not illegal to intercept data from Wi-Fi signals that are not password protected.
Read more on Ars Technica.


Virtual tourism? Can I still buy the T-shirts?
Angkor Wat at Google: Just like being there (video)
Google street view technology in Google Maps now offers detailed views of Cambodia's ancient temple complex Angkor Wat that enables virtual tourism [See here]. One can now travel to Angkor Wat without ever leaving your living room


For my Statistics students (and the other professors) Windows, Mac or Online.
– If you’ve ever tried to do anything with data provided to you in PDFs, you know how painful this is — you can’t easily copy-and-paste rows of data out of PDF files. Tabula allows you to extract that data in CSV format, through a simple interface. And now you can download Tabula and run it on your own computer, like you would with OpenRefine.

Wednesday, April 02, 2014

Ask yourself how data gathering for “Behavioral Advertising” differs from data gathering for “detecting terrorists.”
Bruce Schneier writes:
If you’ve been reading the news recently, you might think that corporate America is doing its best to thwart NSA surveillance.
Google just announced that it is encrypting Gmail when you access it from your computer or phone, and between data centers. Last week, Mark Zuckerberg personally called President Obama to complain about the NSA using Facebook as a means to hack computers, and Facebook’s Chief Security Officer explained to reporters that the attack technique has not worked since last summer. Yahoo, Google, Microsoft, and others are now regularly publishing “transparency reports,” listing approximately how many government data requests the companies have received and complied with.
On the government side, last week the NSA’s General Counsel Rajesh De seemed to have thrown those companies under a bus by stating that — despite their denials — they knew all about the NSA’s collection of data under both the PRISM program and some unnamed “upstream” collections on the communications links.
Yes, it may seem like the the public/private surveillance partnership has frayed — but, unfortunately, it is alive and well. The main focus of massive Internet companies and government agencies both still largely align: to keep us all under constant surveillance. When they bicker, it’s mostly role-playing designed to keep us blasé about what’s really going on.
Read more on Schneier on Security.


Surely this information is in the literature? Google uses a program for extracting Behavioral Advertising data from emails. Couldn't that be modified to look for specific evidence?
Ryan Abbott reports:
A federal judge denied another search-and-seizure warrant application for an iPhone because the government can’t explain how it will avoid snagging information falling outside the scope of the warrant.
U.S. Magistrate Judge John Facciola, who last week denied four applications for search-and-seizure warrants for child pornography, also denied the government’s most recent request to search an iPhone 4S.
“Specifically, the government fails to articulate how it will limit the possibility that data outside the scope of the warrant will be searched,” Facciola wrote in the ruling.
Read more on Courthouse News.


Something to meditate on?
Automated ethics
When is it ethical to hand our decisions over to machines? And when is external automation a step too far?
… If your vehicle encounters a busload of schoolchildren skidding across the road, do you want to live in a world where it automatically swerves, at a speed you could never have managed, saving them but putting your life at risk? Or would you prefer to live in a world where it doesn’t swerve but keeps you safe? Put like this, neither seems a tempting option. Yet designing self-sufficient systems demands that we resolve such questions.


I can fold paper, but it just looks like folded paper.
How To Make Your Own Papercraft Millenium Falcon
We’ve shown you how to make papercraft figurines of Obi-Wan Kenobi, R2-D2 and other Star Wars characters but today, things get a little more exciting. We’ll share instructions on how to make your very own papercraft Millenium Falcon. This is slightly more advanced stuff than the Cubeecraft models we’re shared in the past, but it’s well worth the time and effort.

Tuesday, April 01, 2014

Clearly, I don't think were anywhere near done here.

We'll see your “We think Putin is a meany” and raise you 40,000 troops. (By the way, Glendale, Colorado has a large Russian population. Can we have that too?)
Russia sets terms for Ukraine deal as 40,000 troops mass on border
Russia on Sunday night repeated its demand that the US and its European partners accept its proposal that ethnic Russian regions of eastern and southern Ukraine be given extensive autonomous powers independent of Kiev as a condition for agreeing a diplomatic solution to the crisis over its annexation of Crimea.

(Related) I don't think this impacts the EU, yet. Perhaps Russia thinks they could by the country in a bankruptcy sale?
Russia hikes gas price for Ukraine
Russia on Tuesday sharply hiked the price for natural gas to Ukraine and threatened to reclaim billions previous discounts, raising the heat on its cash-strapped government, while Ukrainian police moved to disarm members of a radical nationalist group after a shooting spree in the capital.
… Russia has used financial levers to hit Ukraine, which is teetering on the verge of bankruptcy. Gazprom’s Miller said that the decision to charge a higher price in the second quarter was made because Ukraine has failed to pay off its debt for past supplies, which now stands at $1.7 billion.
On Tuesday the Russian parliament moved to annul agreements with Ukraine on Russia’s navy base in Crimea. In 2010, Ukraine extended the lease of Russia’s Black Sea Fleet’s base until 2042 for an annual rent of $98 million and discounts for Russian natural gas. The lower house voted to repeal the deal Monday, and the upper house was to follow suit.

(Related) Not all are equally likely, but it is food for thought.
Ten ways the Ukraine crisis may change the world


The simple answer is that someone offers credit cards used by “Target shoppers” for sale.
Ellen Messmer reports:
By all accounts, many of the massive data breaches in the news these days are first revealed to the victims by law enforcement, the Secret Service and Federal Bureau of Investigation (FBI). But how do the agencies figure it out before the companies know they have been breached, especially given the millions companies spend on security and their intense focus on compliance?
Their efforts aren’t always appreciated, either:
In the course of all of this monitoring, Henry says, law enforcement often finds itself in the odd position of having to show companies evidence they have been victimized. And they aren’t always thanked for their efforts. Sometimes, Henry says, companies say “’Please just go away.’” He adds, “It happens all the time.”
Read more on NetworkWorld. It’s an interesting article, and I find it especially interesting to think about situations where law enforcement decides not to come knocking to let a firm know that they are under attack or their data is being stolen or otherwise misused. As a case in point, Experian recently got a lot of very bad press over the Court Ventures/USInfoSearch situation that allowed an overseas criminal to access information in USInfoSearch’s database through a client contract with Court Ventures. Law enforcement was already on to and investigating Ngo when Experian acquired Court Ventures in March 2012, but reportedly never alerted Experian. And because Experian never did its due diligence in a timely fashion, the problem continued for approximately another nine months.
Would law enforcement make the same decision not to notify today? I wonder, but I wouldn’t be totally surprised if they did.


I recall a couple of post here about trades made milliseconds before the information was released. Trading fast has never been the problem. (But there is a new book about the evils of computer trading, perhaps that is why the FBI is talking like they've been working on this for years.)
FBI investigating high-speed trading outfits
U.S. federal agents are investigating whether high-speed trading companies violate U.S. laws by using fast-moving market information not available to other traders, a FBI spokesman confirmed on Monday.


Gee, I thought that by now this database would be “Big.” I guess this is another example of how slow the government works on computer systems. Colorado has “contributed” less than 200,000 records. (We're talking about “database entities” here, so a person, his wife, and his three kids are all “entities.”)
The Law Enforcement National Data Exchange (N-DEx) run by the FBI Criminal Justice Information Services (CJIS) Division now contains approximately 223 million records on nearly two billion entities. An FBI CJIS presentation from February 2014 posted on the website of the Integrated Justice Information Systems Institute includes detailed information on state and local data contributors including a tally of the total number of records contributed by state.
Read more on Public Intelligence. There’s a chart that shows how many records each state has contributed so far. Texas leads all states with 68,793,268 records, but other states contributing 10 million or more records each include Arkansas (24M), California (20M), Tennessee (11M), and Virginia (10M).


Well, we don't want to actually stop intelligence gathering, but we need to make it look like we do. (Long, interesting article.)
While details on the president’s proposal to end NSA bulk collection of telephony records remain sparse, we do now have an actual piece of legislation to look at from the House Permanent Select Committee on Intelligence—one that tracks the broad outlines of the White House plan even as it differs in several critical details. I’ve already done a quick take in broad brushstrokes over at The Daily Beast; here I want to get into the weeds a bit.


Your government in inaction! Or perhaps they were waiting for technology to catch up to their brilliance?
Backup cameras to be required in all new vehicles, starting in 2018
After years of delays and on the eve of a lawsuit against the government, U.S. safety regulators have announced that backup cameras will be required in all vehicles built in and after May 2018.
The Department of Transportation and its National Highway Traffic Safety Administration announced Monday that "rear visibility technology" would need to be standard equipment in all vehicles under 10,000 pounds. The move aims to reduce the average of 210 deaths and 15,000 injuries caused every year by back-up accidents.
… However, NHTSA has come under heavy criticism from safety advocates and families of children injured and killed in back-over accidents for not acting sooner.
A lawsuit was scheduled to be heard Tuesday in a federal appeals court that sought to force the DOT to act on a law Congress passed with bipartisan support in 2008. The Cameron Gulbransen Kids Transportation Safety Act was named after a 2-year-old who was killed when his father backed over him in 2002.
This law required the DOT to issue a standard for rear visibility by 2011. Yet the agency filed four extensions between 2011 and 2013 and had announced it did not intend to enforce the law until January 2015, according to Scott Michelman, an attorney with Public Citizen, the consumer advocate group that was headed to court Tuesday.


It's far easier to kill stolen phone and forget them than to trace the phone and arrest the thief! Phones are too trivial to bother with.
Report: Smartphone kill-switch could save consumers $2.6 billion per year
… Law enforcement officials and politicians are pressuring cellular carriers to make such technology standard on all phones shipped in the U.S. in response to the increasing number of smartphone thefts. They believe the so-called “kill switch” would reduce the number of thefts if stolen phones were routinely locked so they became useless.


For my lawyer friends...
Law Firms Are Pressed on Security for Data
Matthew Goldstein, New York Times: ”A growing number of big corporate clients are demanding that their law firms take more steps to guard against online intrusions that could compromise sensitive information as global concerns about hacker threats mount. Wall Street banks are pressing outside law firms to demonstrate that their computer systems are employing top-tier technologies to detect and deter attacks from hackers bent on getting their hands on corporate secrets either for their own use or sale to others, said people briefed on the matter who spoke on the condition of anonymity. Some financial institutions are asking law firms to fill out lengthy 60-page questionnaires detailing their cybersecurity measures, while others are doing on-site inspections. Other companies are asking law firms to stop putting files on portable thumb drives, emailing them to nonsecure iPads or working on computers linked to a shared network in countries like China and Russia where hacking is prevalent, said the people briefed on the matter. In some cases, banks and companies are threatening to withhold legal work from law firms that balk at the increased scrutiny or requesting that firms add insurance coverage for data breaches to their malpractice policies… The vulnerability of American law firms to online attacks is a particular concern to law enforcement agencies because the firms are a rich repository of corporate secrets, business strategies and intellectual property. One concern is the potential for hackers to access information about potential corporate deals before they get announced. Law enforcement has long worried that law firms are not doing enough to guard against intrusions by hackers… F.B.I. officials and security experts say, law firms remain a weak link when it comes to online security. But the push from corporate clients may have more impact on changing law firm attitudes than anything else.”


This kind of article comes every April and I have to explain the difference between avoiding and evading. Would the stockholders expect them to overpay their taxes?
Caterpillar dodged paying $2.4 billion in taxes: Senate report
… Starting in 1999, through 2012, Caterpillar paid PricewaterhouseCoopers more than $55 million to develop and implement a tax strategy built around redirecting to Switzerland its taxable profits from sales of Caterpillar-branded replacement parts, according to the report.
… In a prepared statement, PricewaterhouseCoopers said Monday: "Our advice to Caterpillar and its external counsel helped Caterpillar evaluate how best to organize its expanding global operations, aligning the economics of such global operations with carefully considered U.S. tax policies. Our advice was founded on years of extensive work overseas and in the United States and included detailed analyses of Caterpillar's global operations and the impact of various potential business reorganizations on Caterpillar's tax position.


Explaining the “benefits” of increasing the minimum wage.
AMERICAN SAMOA AND THE COMMONWEALTH OF THE NORTHERN MARIANA ISLANDS
Economic Indicators Since Minimum Wage Increases Began


For my programming students.
Move Over Shell-Scripts: Sh.py Is Here, And It’s Awesome.
… When I’m not writing for MakeUseOf, I’m writing code in Python for fun and profit. I really like Python due to its flexibility, its inherent beauty and how it mandates the writing of good code by design. If that sounds good to you, but you don’t already know this awesome language, why don’t you check out these five great websites to learn Python programming?
I came across this really awesome library a few months back called sh.py, which allows you to call programs, pass parameters and handle outputs, all within the confines of a Python program.
So, what does this mean? Simply put, it means that you have the full functionality of shell scripts, but from within a language that is easy to read, is modular in nature and supports object oriented programming.
… As it is right now, sh.py doesn’t work on Windows. However, if need be, you can always install a Linux virtual machine. My colleague Justin Pot has written a pretty useful article about this, which you can check out here.


It's spring, and my thoughts turn to statistics! (Or at lest one way to start talking about statistics)
Here Is Every U.S. County's Favorite Baseball Team (According to Facebook)
Happy Opening Day. What’s your favorite baseball team?
Wait, no, let me rephrase that: What’s the team you ‘like’ the most?
The Facebook Data Science has just answered that question for the whole country, at least at the county level.

Monday, March 31, 2014

So the lesson to be learned is, “complain that your privacy is worth more than the initial offer?”
Grimsby Telegraph has an update to a breach previously noted on this blog:
Barclays Bank has come under fire after offering just £250 in compensation to customers whose confidential files were stolen and sold to rogue City traders.
At least 2,000 of the bank’s customers were affected by the theft, which included details of their earnings, savings, health issues and insurance policies.
Read more on Grimsby Telegraph.
[From the article:
Barclays says it has contacted all customers affected and provided compensation for “distress and inconvenience.”
However, one customer described the compensation as “chicken feed”.
According to national media, a number of customers have been given higher sums after complaining about the amount initially awarded.


For your IT Managers.
IT Directors: Keep an eye on those iPads with Office
Office for iPad is a great solution for those wanting to do real work on the tablet. Microsoft has done a great job making Word, Excel, and Powerpoint for the iPad. That's a good thing, but IT directors better think long and hard about the implications.
The Office apps are being downloaded in great numbers by iPad owners. They are free so why not? Some of those downloaders, perhaps a lot of them, are buying that $99.99 Office 365 subscription to fully unlock the editing features of the apps. Perhaps they want to allow their kids to use the apps to do homework, or maybe they want to do home projects. That's well and good, but if they bring their iPads to work in a bring your own device (BYOD) program, better make sure it's not used for work.
The subscription that's being pitched with Office for iPad to unlock all the features is the Office 365 Home Premium subscription for $99.99. That's a reasonably priced option to use Microsoft Office, including the iPad apps. What corporate managers should remember is the subscription that workers may be paying for with the iPad apps prohibits commercial use. Microsoft's warning is quite clear about such use.


If they vacated the injunction, was that an admission of error?
If you’re interested in the issue of the public being able to videotape police officers in the performance of their duties and to disseminate the video, you should read this post by Eugene Volokh about a Missouri case, Klaffer v. Bledsoe. The ACLU of Missouri is representing Klaffer in the matter.
[From the article:
[Jordan] Klaffer is a gun owner who frequently fires his gun at objects on private property. On May 1, 2013, Jerry Bledsoe, a police officer, confronted Klaffer while responding to a noise complaint. Klaffer videotaped the interaction, where Bledsoe issued an ultimatum to Klaffer to surrender his guns or be arrested. Klaffer refused to give up his guns and was arrested for disturbing the peace.
To express his opinion that Officer Bledsoe was using his position to harass him for exercising his Second Amendment rights, Klaffer posted recordings of the May 1 encounter on YouTube and Facebook. And, on Instagram, he posted a picture of Bledsoe alongside a photo of Saddam Hussein, with the caption “Striking Resemblance.”
… You can read the ACLU complaint, the protection order — which was in effect for 12 days before being vacated — and Officer Bledsoe’s petition; you can also see the video embedded below.


Interesting that companies see profit in providing Internet access where governments are too slow or unable to provide it for their citizens. What will those governments do if their citizens opt for “government by corporations?” “Corporate Spring?”
Forget Google balloons: Facebook says drones are key to global Internet access
While Google is looking to use balloons to bring Internet to certain parts of the world, Mark Zuckerberg, CEO of Facebook, is placing his faith in drones while mocking Google in the process.
While Zuckerberg did not mention Google Loon by name, the Facebook CEO did touch on why drones are better than balloons in providing Internet for those who are not fortunate enough to have it.


Is the US concerned that Bitcoins may replace the US Dollar? Perhaps they don't like the “anonymous” aspect? Either way, we're way out in front on this. (More likely, we made a wrong turn somewhere and are completely lost.)
New IRS rules make using Bitcoins a fiasco
The Internal Revenue Service's notice last week will force the average Bitcoin user to keep a strict record of every purchase made all year long -- then perform difficult calculations to account for the changing value of a bitcoin.
It's meant to extract taxes from any gains in Bitcoin's value, and the rule applies to everything bought with electronic money, from coffee to cars.
That's problematic for two reasons. The going rate for a bitcoin fluctuates wildly -- easily by more than $10 a day. And no one diligently records the price of a bitcoin at every purchase.
… The complicated rules kick in, because the IRS deemed Bitcoin a property. If it were labeled a currency, users would be able to treat purchases like worry-free transactions made in euros or yen while traveling abroad. That's why the Tax Foundation says the IRS got it wrong, calling the compliance requirements "inappropriate."
The United States isn't alone in this approach. Finland applies capital gains taxes on Bitcoin gains, and Ireland is considering something similar.


Perspective. Perhaps companies who live by ad impressions will upgrade your computer for free?
Facebook dumped its Newsfeed redesign because its users have old computers.
Dustin Curtis, an entrepreneur who also writes a very popular blog, says he’s heard from Facebook employees the reason is that the beautiful, big-picture design was so popular with users that they weren’t using other parts of the site, and that this was driving ad impressions down.
In her own blog post, Facebook product designer Julie Zhuo says Curtis has it wrong.
She says the reason Facebook went with the older-looking design is that, unlike Facebook employees, Curtis, and the kinds of people who read blog posts about design, most Facebook users still have older computers with crappy monitors.”


How do we stop this? Void their insurance?
One in four car accidents caused by cell phone use while driving... but only five per cent blamed on texting
A recent study from the National Safety Council found that 26 per cent of all car accidents were caused by a driver using a cell phone, but remarkably attributed only five per cent to texting while driving.
… The number works out to about 1.3million total accidents, a one per cent rise from last year’s NSC report, but continues a growing trend.
… Experts say that laws prohibiting cell phone use behind the wheel aren’t providing much of a deterrent.


How can this not attract disruptive competition?
Commentary – How Copyright Laws Keep E-Books Locked Up
by Sabrina I. Pacifici on March 30, 2014
“…In many cases, it is the readers themselves who, through their taxes, pay the university authors whose studies they are then unable to access. It is also likely that many professors themselves cannot even afford a subscription to the journal in which their work is published. Subscription rates of up to €15,000 ($20,633) per year are hardly a rarity. The Journal of Comparative Neurology, for example, comes with a price tag of more than €20,000 annually. Authors who publish their works in such a journal usually don’t see a single cent for their labors. Publishing companies such as Reed Elsevier, by contrast, regularly achieve pre-tax profit margins of over 25 percent. ”Publishers of scientific journals make so much money because they collect their product for free from taxpayers and then sell it back at inflated prices,” says Günter M. Ziegler, a distinguished mathematician at Berlin’s Free University. Until two years ago, Ziegler was the co-publisher of two mathematics journals at Reed Elsevier. Then he joined a boycott that has since attracted the support of 14,000 others. He is now working for an academic journal that is available to everyone on the Internet according to open access principles. Elsevier says that the conflict has more to do with a misunderstanding than a conflict of interests.”

(Related) For all you IP lawyers...
IP in a World Without Scarcity
Mark A. Lemley Stanford Law School March 24, 2014
Abstract:
Things are valuable because they are scarce. The more abundant they become, they cheaper they become. But a series of technological changes is underway that promises to end scarcity as we know it for a wide variety of goods. The Internet is the most obvious example, because the change there is furthest along. The Internet has reduced the cost of production and distribution of informational content effectively to zero. In many cases it has also dramatically reduced the cost of producing that content. And it has changed the way in which information is distributed, separating the creators of content from the distributors.


Great news for my students who will write the systems that replace these workers! (And an indication that I have some serious job security!)
The Future of Employment: How Susceptible Are Jobs to Computerisation?
by Sabrina I. Pacifici on March 29, 2014
The Future of Employment: How Susceptible Are Jobs to Computerisation? Carl Benedikt Frey and Michael A. Osborne, September 17, 2013
“Nearly half of US jobs could be susceptible to computerisation over the next two decades, a study from the Oxford Martin Programme on the Impacts of Future Technology suggests. The study, a collaboration between Dr Carl Benedikt Frey (Oxford Martin School) and Dr Michael A. Osborne (Department of Engineering Science, University of Oxford), found that jobs in transportation, logistics, as well as office and administrative support, are at “high risk” of automation. More surprisingly, occupations within the service industry are also highly susceptible, despite recent job growth in this sector. “We identified several key bottlenecks currently preventing occupations being automated,” says Dr. Osborne. “As big data helps to overcome these obstacles, a great number of jobs will be put at risk.” The study examined over 700 detailed occupation types, noting the types of tasks workers perform and the skills required. By weighting these factors, as well as the engineering obstacles currently preventing computerisation, the researchers assessed the degree to which these occupations may be automated in the coming decades. “Our findings imply that as technology races ahead, low-skilled workers will move to tasks that are not susceptible to computerisation — i.e., tasks that required creative and social intelligence,” the paper states. “For workers to win the race, however, they will have to acquire creative and social skills.” Dr Frey said the United Kingdom is expected to face a similar challenge to the US. “While our analysis was based on detailed datasets relating to US occupations, the implications are likely to extend to employment in the UK and other developed countries,” he said.”


For my students.
Four Sources of Print-on-demand Graph Paper
Every mathematics teacher I know needs graph paper. If you're a mathematics teacher and find yourself running short on graph paper or you need a graph paper that is different from what your school purchases, try one of these four places for printing graph paper.
Incompetech offers more than forty different graph and lined paper templates. The offerings from Incompetech even includes sheet music ledger.
Print Free Graph Paper offers eight graph paper formats.  Print Free Graph Paper allows you to customize the size of the graph before printing.
Math Drills hosts fourteen templates for printing your own graph paper. The templates are in metric and imperial measurements.
Gridzzly is a free tool for designing lined, grid, and graph paper. Simply open the site, select the format for your paper (dots, lines, squares, or hexagons) then choose the spacing for the paper and print it. A ruler at the top of the page indicates the spacing of the dots, lines, squares, or hexagons on your page.