Saturday, April 12, 2014

I would wager that the NSA would have loved knowing about this hole for a few years before anyone else. Let's see if anyone is fired for “bogus reporting.”
Michael Riley reports:
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.
The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.
Read more on Bloomberg News, who really really need to be more specific about the two sources “familiar with the matter.”
NSA has denied the Bloomberg report in a tweet this afternoon:
Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public.
NSA/CSS (@NSA_PAO) April 11, 2014
Now will Bloomberg be forthcoming about their sources for their reporting?
Update 2: The ODNI has posted this statement on their website:
Statement on Bloomberg News story that NSA knew about the “Heartbleed bug” flaw and regularly used it to gather critical intelligence
April 11, 2014
NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report. Reports that say otherwise are wrong.
Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report. The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.
When Federal agencies discover a new vulnerability in commercial and open source software – a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.
In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.
ODNI Public Affairs Office

Interesting legal opinion. (Would anyone else agree?) That's quite different from having any use for that data – or even a budget large enough to search through it in any meaningful way.
Mike Masnick writes:
During a recent House Judiciary Committee hearing concerning oversight, Rep. Zoe Lofgren decided to quiz Attorney General Eric Holder about the federal government’s surveillance efforts, starting off with a rather simple question. She notes that the bulk phone record collection program is considered to be legal by its supporters, based on Section 215 of the Patriot Act, which allows for the collection of “business records.” So, she wonders, is there any legal distinction between phone records and, say, internet searches or emails? In other words, does the DOJ believe that it would be perfectly legal for the US government to scoop up all your search records and emails without a warrant? Holder clearly does not want to answer the question, and first tries to answer a different question, concerning the bulk phone records program, and how the administration is supposedly committed to ending it. But eventually he’s forced to admit that there’s no legal distinction:
Read more on TechDirt.

As we covered in yesterday’s Early Edition, Sir Anthony May, the UK’s Interception of Communications Commissioner (the UK’s surveillance watchdog), has concluded in his 2013 Annual Report (full text) to the Prime Minister that the UK’s spy agencies do not carry out “random mass intrusion into the private affairs of law abiding UK citizens.” In the 87-page annual report released yesterday, Sir Anthony states that the UK government “does not misuse [its] powers under the Regulation of Investigatory Powers Act (RIPA).” This is undoubtedly an important and compelling report, and in this post, we aim to outline some of its highlights, analyze a few of its important findings, and discuss shortcomings in the report.

Interesting idea for getting a larger Security budget?
When Your Insurer Says "Um, No" to Cyber Protection
Maybe it’s my actuarial background, but I’ve always seen IT security as an activity that should work hand-in-glove with insurance. After all, both domains are about planning for, and if possible preventing, disaster. Both have trouble showing they are “working” until something really bad happens. Both therefore have to go to special efforts to make the case to a CFO for the expenses involved. And of course, insurance has a few centuries of experience that can teach us IT secfolks plenty.
You can’t just walk in off the street and buy a cyber insurance policy; wisely, the insurers want to review your security practices first, to see if your defensive strategy amounts to anything more than hope or a tin foil hat.
Don’t forget – the insurance companies want to take your money if they possibly can. For them to decide you’re just not insurable means you represent an existential threat to them.
So in effect, if you go to Lloyd’s of London, and they look you up and down and send you on your way, you have to take that as a serious message – you’re just not doing what needs to be done to pass a basic inspection. Indeed, the good folks who make up the Lloyd’s exchange are very smart at what they do, but nobody takes them to be world experts on APT and the like – they don’t even work in IT security, and they can tell that our defenses aren’t good. It’s a sobering thought.

Interesting cheap or free I-phone Apps... (Android is another day)
Remote Mouse ($1.99, now free)
Ever wanted to use your iPhone, iPad or iPod Touch as a wireless trackpad for your Mac or PC? That’s exactly what Remote Mouse does, though users need to install the free server before everything will work. Once installed the app provides full use of multi-touch gestures, media remote, an application launcher and slideshow presentation functionality.

Something for my Excel students?
Do Visionary Web Research Studies Using Deep Web Data & Excel Web Queries
What would you say if I told you that you have the tools at your disposal to do ground-breaking, Earth-shattering research? Well, you do, and I’ll show you how.
Governments, academic institutions and non-profit research organizations publish tables full of data to the public domain. Without anyone using this information, its true value will never be known. Unfortunately, few people have the insight, the skills or the tools to take the data and make interesting correlations between seemingly unconnected information.
A lot of the research that I do for my own blog involves digging through what’s known as the invisible web, to uncover data that has been released to the public, but hidden from search engines inside an online database. This is the deep web, and it’s rife with valuable data. Very often, I come across webpages just chock-filled with some of the most valuable data on topics that run the gamut from census data to epidemiological studies on rare diseases. I constantly have new ideas on how to try and correlate those disparate data sources using various tools – and one of the most valuable tools that I’ve found is the Web Query inside of Microsoft Excel.

Friday, April 11, 2014

Perspective Actually a “suspicions confirmed” article.
More Than Half of Enterprise Employees Receive No Security Training: Survey Finds
A new study by Enterprise Management Associates (EMA) indicates more than half of enterprise employees may not receive any security awareness training.
In a survey of 600 employees sponsored by security training firm Security monitor, 56 percent of employees said they did not get security or policy awareness training from their organizations. This lack of training, the report argues, often results in policy violations and other risky behavior. For example, 33 percent said they use the same password for both work and personal devices. Fifty-nine percent of those surveyed said they store work information in the cloud, where enterprises sometimes do not have the same level of visibility or control over data.
In addition, 58 percent of the survey's participants said they store sensitive information on their mobile devices - a potentially problematic figure given that 30 percent also admitted to leaving mobile devices unattended in their vehicles. Some 35 percent said they have clicked on an email link from an unknown sender.

Just One-Third of Organizations Discover Breaches on Their Own: Mandiant
Based on Mandiant’s investigations, breaches were discovered in 229 days on average in 2013 vs. 243 in 2013. While these improvements are a positive, it still means attackers are still spending 2/3rds of the year inside an organization’s network before being discovered.
In 2012, 37 percent of organizations detected breaches on their own; this number dropped to just 33 percent in 2013.
The full report is available online in PDF format.

(Related) Also says something about how big “Big Data” really is...
What Is Eating Up The World’s Bandwidth?
Here’s an interesting bit of trivia: streaming services make up 65 percent of all Internet traffic during peak hours, one third of which is attributed to Netflix. According to this infograph by, Internet traffic will probably surpass the zettabyte threshold – or 83 exabytes per month – in 2015. By 2017, that figure will rise to 120 exabytes a month.

Why that's barely time to send out tickets from those “Red Light” and “Speeding” cameras! reports:
Government plans to store footage of car number plates for up to four weeks to help solve ‘serious crimes’ may conflict with European privacy law, legal experts say in Thursday’s Trouw.
On Tuesday, the European court of justice said government schemes to store private individual’s phone and internet data is illegal because of the implications for privacy.
This may also apply to justice minister Ivo Opstelten’s plans to store car number plate information, lawyers told Trouw.

This could be interesting. The same picture in any of the supermarket tabloids would pass unremarked.
Katherine Heigl Lawsuit to Explore Nature of Corporate Tweets (Analysis)
… The actress is upset that the drug store [Duane Reade] posted on Twitter and Facebook a paparazzi photo of her carrying the chain's shopping bags. She's suing in New York federal court with claims that the defendant has violated the false advertising provision of the Lanham Act, as well as New York civil rights statutes protecting use of likenesses for purpose of trade.
… It's likely that as the case proceeds, Duane Reade will put up a First Amendment defense that will attempt to protect its social media postings as expressive rather than commercial speech. Thus, the nature of how corporations tweet will be subject to a judge's analysis.
… In Heigl's complaint (read here), she attempts to put Duane Reade into the realm that's outside the boundaries of free speech.

Nothing new?
Joe Arnold reports:
A bill aimed at protecting the personal data of both Kentucky consumers and students was signed into law Thursday by Governor Steve Beshear (D-Ky).
Sponsored by Rep. Steve Riggs (D-Louisville) with an amendment sponsored by Sen. Mike Wilson (R-Bowling Green), the bipartisan legislation (House Bill 232) requires businesses to notify consumers if a data breach reveals personally identifiable information.
The General Assembly also agreed to additional language from Republican Senate Bill 89, which protects student information from use by software vendors.
Websites such as Facebook and Google generate revenue by selling user information to advertisers. The legislation prevents those companies from harvesting students’ private information, such as test results or practice assignments, for the purpose of marketing products to school systems.
Related: House Bill 232.

Is there a “you can't change your mind” law?
US regulators warn Facebook, WhatsApp to keep privacy promise
… In a letter to both Facebook and WhatsApp, the federal trade commission (FTC) said that WhatsApp has made clear privacy promises to consumers, and that both companies have told consumers that after any acquisition, WhatsApp will continue its current privacy practices.
“We want to make clear that, regardless of the acquisition, WhatsApp must continue to honour these promises to consumers,” the FTC said and warned the two companies that anything other than this would be considered to be in violation of the US laws.
In 2011, Facebook settled FTC charges that it deceived consumers by failing to keep its privacy promises.
Under the terms of the FTC’s order against the company, it must get consumers’ consent before making changes that override their privacy settings, among other requirements, an official release said.
The FTC letter notes that before making any material changes to how they use data already collected from WhatsApp subscribers, the companies must get affirmative consent.

I would never have considered this a problem. Am I wrong? Is there ever an issue if the staff functions share?
US Says Cybersecurity Sharing Not an Antitrust Issue
Officials at the Justice Department and Federal Trade Commission said they issued formal guidance telling companies that there would be no antitrust issues from the sharing of technical information about cyber attacks, malware or similar threats.
"Some companies have told us that concerns about antitrust liability has been a barrier to being able to openly share cyber threat information with each other.

I can remember early Science Fiction speculating that the government would have drones delivering the mail because it was so much cheaper than people. Today the reality seems to be that corporations are doing the “government's job” for profit – and doing it cheaper than the government could.
Amazon’s Bezos: We have eighth generation drones in the works
… If Bezos gets his way, Amazon’s compact unmanned "octocopter" will be delivering shoe-box sized parcels across the US well before the five-year timeline he initially outlined.
While some saw Bezos' announcement of its drone project last December as a publicity stunt, he's reassured investors in his 2013 Letter to Shareholders that he's deadly serious about getting the delivery service off the ground.
… Amazon said on its FAQ page for Prime drones that it hopes the Federal Aviation Administration (FAA) will have set rules for drones "as early as sometime in 2015". So far the FAA has only acknowledged that drones could be useful in some commercial and civilian scenarios, and is weighing up what minimum safety requirements it would need to support them.
The FAA's caution is with good reason. A drone being used to film a triathlon in Western Australia last week was responsible for hospitalising a competitor after the vehicle fell about 10 metres and struck her on the head. According to the drone's operator, the device, which operated on the 2.5GHz frequency, was hacked by someone channel hopping. An illegal unmanned drone in NSW also had a near-collision with a Westpac rescue helicopter earlier this month.
Bezos noted that Amazon's drones are the pointy-end of its wider international delivery services, including its partnership with the US Postal Service for Sunday deliveries; its "last-mile" distribution network in the UK and bike couriers in India and China.

To coin a phrase, this is about e-state planning. (Or is it e-Estate?)
– helps you build your digital legacy. If you have important files in clouds such as Dropbox, iCloud or Google Drive and don’t want them to be lost, Tellmebye lets you designate heirs to them. Receiving birthday notifications or people still posting on your wall after your death is not pleasant for anyone. Avoid situations like this and exercise your right to be forgotten in a fast, efficient and practical way.

I'm just guessing here, but I'd say the demand for an inexpensive 3D Printer is fairly strong.
Updated: Micro $299 3D Printer Passes $2M On Kickstarter In 3 Days
The consumer-focused, low-cost Micro 3D printer that’s currently raising money on Kickstarter to get its prototype to market, has pushed passed the $2 million mark in pledged crowdfunds — just three days after the campaign kicked off.
… The Micro maker’s original fundraising target — of $50,000 — was pledged in just 11 minutes.

Thursday, April 10, 2014

Any “strategy” is better than nothing. At minimum, it stimulates discussion.
McAfee Outlines Strategy for Securing Internet of Things
Intel's McAfee security division offered some details today about its strategy for protecting the Internet of Things as the number of connected devices continues to grow.
Analyst firm IDC has projected that by the end of 2020, the installed base of the Internet of Things (IoT) will reach roughly 212 billion devices around the world - roughly two dozen devices for every person on earth.
Recently both researchers and attackers alike seem to be paying more attention to the Internet of Things. At last year's Black Hat conference in Las Vegas for example, there were presentations on hacking everything from smart TVs to surveillance cameras. Meanwhile, researchers at Proofpoint said earlier this year they had spotted possibly the first proven cyber-attack leveraging the Internet of Things.

Not yet able to replace a real lawyer, but it's a start!
if you run a website, a Facebook app, or a mobile app, you may have a legal obligation to set out clearly your privacy policy. Or at the very least, show your visitors that their data is safe with you. iUbenda helps you to generate a privacy policy in seconds.

I don't like this at all. If we're going to play a cops & robbers version of “Six degrees of Kevin Bacon” then I need to stop associating with good and noble lawyers who associate with the scum of the earth! And I need to stop associating with anyone who associates with people who associate with them...
Kay Fate reports:
The smartphones Rochester Police officers carry are about to get a whole lot smarter.
For Tim Heroff, captain of the services division, it also means his officers will be a whole lot safer.
The department has been using an IBM-created investigative software called Identity Insight, or i2, for a little more than a year “to help us understand the non-obvious relationship associations” between people they encounter on a relatively regular basis.
More useful data
Most record management systems have the ability to tell officers who’s been directly associated with a vehicle; the i2, Heroff explained, “takes that out to several degrees of separation.
“That’s what sets us apart from others,” he said. “It’s easy to keep track of who’s associated with that vehicle, but when you add that next layer or two on, it’s possible to see other associations.
“If we can map those connections, those associations, out a few layers, all of a sudden it makes sense that this guy would be out in that car” during any given crime, because he’s linked with someone who’s been linked with that vehicle in the past.
Heroff isn’t aware of any other agencies in the country using it, but the department’s programmers took it a step further.
“We actually wrote an Android app in-house that interfaced with the Identity Insight analytics,” Heroff said.
Read more on Post Bulletin.

Think not? Follow the money.
Surveillance is the Business Model of the Internet: Bruce Schneier
Data is a natural consequence of computing, and as search tools get better, it shifts the balance of power towards mass collection and surveillance, renowned security expert Bruce Schneier said at the SOURCE Boston conference on Wednesday.
Surveillance is the business model of the Internet,” Schneier told attendees. “We build systems that spy on people in exchange for services. Corporations call it marketing."
… “That's how you get weird situations where Syrian dissidents use Facebook to organize, and the government uses Facebook to arrest its citizens,” Schneier said.

New tech buys old tech – who benefits more?
Alaska Dispatch to buy Anchorage Daily News from McClatchy Co.
The McClatchy Co. announced Tuesday that it has reached an agreement to sell the Anchorage Daily News to Alaska Dispatch Publishing. The transaction is expected to close in May.
… "We are proud to return the Anchorage Daily News to Alaska ownership once again," said Alice Rogoff, owner of Anchorage-based Alaska Dispatch Publishing LLC, which publishes the news website.

Is this bio-warfare? (Who does not eat pork?)
Bacon prices rise as virus kills baby pigs
A virus never before seen in the U.S. has killed millions of baby pigs in less than a year, and with little known about how it spreads or how to stop it, it’s threatening pork production and pushing up prices by 10 percent or more.

For my students. A bit late, but better than no backups.
– is a campaign which encourages people to backup the contents of their computers, in case of catastrophic hard-drive failure. The site gives you several options for backing up your data, and then shows you what to do to get it done.

Wednesday, April 09, 2014

At this level, it is much more difficult to determine what was breached and what was taken.
Tom McKay reports:
Security researchers have identified a very, very serious security hole in one of the fundamental technologies protecting personal data all across the Internet. OpenSSL, the cryptographic software library that an estimated two-thirds of web servers worldwide use to connect with end users and guard against digital eavesdropping, has been vulnerable to hackers for as long as two years. It may be the biggest security breach in the history of the Internet.
In a blog post published Monday, the OpenSSL researchers dubbed the critical flaw “Heartbleed,” admitted that the glitch allows for easy, untraceable breaches of secure systems, and announced the release of an immediate fix.
Read more on PolicyMic.
[From the article:
It's not theoretical. The research team provided evidence that with awareness of the bug, they were able to breach Yahoo security and steal email logins and passwords without leaving a trace.
… Until everyone updates their servers, widespread knowledge of the bug could mean open season for hackers. A Tor Project blog post ominously said that "If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle." Tumblr advises that you change all of your passwords immediately, including for their own service

(Related) Probably not, but a good start.
Everything you need to know about the Heartbleed SSL bug

It's not yet “Skynet” but it suggests that poor software testing can allow deadly bugs to slip through. (When we create technology that can make decisions autonomously, you car may choose to let you die.)
GM Air-Bag Software Blamed in U.S. Petition to Recall Impala
… The Center for Auto Safety, in a letter to U.S. regulators today, cited a government petition by a former GM researcher who said he found a software fault that can misread a passenger’s weight and render frontal air bags inoperative.
… “This is a design defect in every GM vehicle with the flawed algorithm” in the software, said Clarence Ditlow, executive director of the Washington-based Center for Auto Safety, which has been tracking recalls and defects since it was founded in 1970.
NHTSA’s databases don’t pinpoint the cause of air-bag failures, so it’s not clear how many cases can be tied to a flawed algorithm, Ditlow said.

As the value of “Big Data” becomes more apparent, companies that are no longer “required” to keep data may “Choose” to keep data.
This is huge.
AFP reports:
Europe’s top court on Tuesday struck down an EU law forcing telecoms operators to store private phone and email data for up to two years, judging it too invasive, despite its usefulness in combating terrorism.
By allowing EU governments to access the data, “the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data,” the European Court of Justice (ECJ) said.
Read more on Raw Story.
The Court of Justice’s press release can be found here (pdf).

Apparently, there is no App for that.
Cellphone use in court keep interrupting this trial about smartphones
… U.S. District Judge Lucy Koh has become increasingly frustrated during the first few days of the trial pitting Apple against Samsung because the many personal Wi-Fi signals interfere with a network the judge relies on for a real-time transcript of the proceedings.
The phones also ring, buzz and jingle, and can be used to take photos, a serious violation of court rules.

Short answer: no! But what if things change?
Richard Raysman and Peter Brown write:’
… courts have begun to confront a myriad of legal questions arising from these incidents. Companies and employees have heretofore been subject to suit in myriad jurisdictions as a result of data breaches and disclosures. Heretofore, the results have not been consistent and remain largely contingent on the facts of a specific controversy. This article will discuss several pressing issues in the rapidly evolving area of law responsive to data breaches, including: litigating class action claims following a breach of consumer personal data; instances of settlement of data breach claims; and particularized data breach claims that arise after an involuntary divulgence of medical records.
Read more on New York Law Journal.

Scary stuff from the insurance guys? Apparently profits aren't going up as much as premiums.
588% more for health insurance? It's true, survey finds
… Based on information collected from 148 brokers, premiums around the country increased an average 11% for group plans and 12% for individual policies. And in some parts of the country, the rate increases are even higher.
Premiums for individual plans in Delaware increased a whopping 100%, followed by New Hampshire at 90% and Indiana at 54%. In the small group market, Washington state held the dubious honor with rates increasing 588%. Pennsylvania small groups faced a 66% increase and in California, employers can expect to pay premiums 37% higher than last year.
Morgan Stanley said that while the rate hikes are “largely due to changes under the [Affordable Care Act]” like the minimum essential benefit requirement or increased insurer taxes, there are other factors at work.

A Privacy Resource.
Welcome to the home page of the European Data Protection Supervisor
by Sabrina I. Pacifici on April 8, 2014
“The EDPS is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. He does so by:
  • monitoring the EU administration’s processing of personal data;
  • advising on policies and legislation that affect privacy; and
  • cooperating with similar authorities to ensure consistent data protection.”

A Security Resource
2014 Internet Security Threat Report, Volume 19
by Sabrina I. Pacifici on April 8, 2014
Symanted – “The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from the Symantec Global Intelligence Network, which Symantec’s analysts use to identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.”

Obamacare links.
Affordable Healthcare Act
by Sabrina I. Pacifici on April 8, 2014 - “You can read the Affordable Care Act by visiting the links below. The health care law, sometimes known as “Obamacare,” was signed March 23, 2010. Read the full law: The law has 2 parts: the Patient Protection and Affordable Care Act and the Health Care and Education Reconciliation Act. You can view them in PDF or HTML formats below. You can also view an unofficial, consolidated version that is more readable. In all cases, the documents are searchable using the “Control + F” keys on your computer and typing in the word or phrase you are looking for.
Official certified full-text of the laws in PDF form:
Summary and certified full-text version in HTML (web page) format:

For my students.
David Miller's SlugBooks Out To Disrupt College Textbook Market
… Simply-said, SlugBooks is a resource that helps college students save money on their text books.

For my students.
You Need No Development Skills To Create Professional Windows Phone Apps

For my students...
Who knew
Did you?
Me too, 
10 Ways To Celebrate National Poetry Month

Tuesday, April 08, 2014

Perspective. Is it “We'll charge you for disintermediation” or “We'll Balkinize this process and charge for each step!” Actually, both options are available. (This article could be the plot of a Woody Allen movie)
Of Toasters And Smartphones: Apps And The Economy
Your relationship with your toaster is pretty simple – at least, I hope it is.
You bought your toaster, and now you can toast things with it. Sure: there are various bakers out there vying to sell you bread, and you need to pay your electricity bill to keep things working. But the company that makes your toaster isn’t hoping to take home a percentage of these sales – and it isn’t showing ads based on your past toasting history.
… Compare this to your relationship with your smart phone. Yes, you did buy it, but you likely didn’t pay full price up front: your wireless contract subsidizes the phone. This contract, which you pay for monthly, gives you the right to use a certain amount of data.
… Some apps are sold for a set price; some require subscriptions. In most cases the maker of your smartphone’s operating system – which may or may not be the same company that made your phone – gets a cut of what you paid for the app, or even your ongoing subscription.
… You know where this is going, of course: advertising. But on today’s web, this is not a simple matter of showing you ads and getting paid. Most sites use the information you provide them – the topics you discuss on Facebook, the videos you watch on YouTube and your Google search terms – to show you relevant ads. Some sites take this a step further, using your name and picture as part of the ads other users see.

Poor Kim.
Hollywood Sues Megaupload, Kim Dotcom
Megaupload was taken offline and dismantled in January 2012, but that hasn’t stopped Hollywood chasing down the people behind it. Twentieth Century Fox, Disney, Paramount Pictures, Columbia Pictures, and Warner Bros. are amongst the studios seeking damages of up to $175 million for the copyright infringements they allege took place on the file-hosting service.
The studios involved not only claim to be entitled to the maximum statutory damages of $150,000 per copyright infringement, but also all of the profits generated through the site. The defendants are Megaupload Ltd., its founder Kim Dotcom, the majority shareholder Mathias Ortmann, and the Chief Technical Officer Bram van der Kolk.

A Simple Theory for Why School and Health Costs Are So Much Higher in the U.S.
The costs of education, health care, and the live performing arts are growing at about the same rate in all the OECD countries—and yet the costs of these services are much higher in the United States. For example, U.S. total educational spending, as a share of GDP, is about is 26% higher than the average of the other OECD countries. A team led by Edward N. Wolff of Bard College points out that because the humans who provide these services aren’t replaceable by machines, costs tend to rise inexorably, and that America got a long head start on spending in the nineteenth century when a rapidly expanding economy led to huge expenditures on universities, hospitals, and cultural institutions.

For all my students, but my Statistics students in particular.
Gallup – Americans Say College Degree Leads to a Better Life
by Sabrina I. Pacifici on April 7, 2014
Gallup: “Americans believe in the importance of postsecondary education, with more than nine in 10 (94%) saying a postsecondary degree or credential is at least somewhat important and 70% saying it is very important, similar to last year’s findings. However, most also say higher-education institutions must evolve to better serve the needs of today’s students. These results are from a Nov. 25-Dec. 15, 2013, study by Gallup and the Lumina Foundation with a random sample of U.S. adults. While Americans in every age group are equally likely to see the importance of higher education, more than three-quarters (77%) of those who have completed postsecondary education themselves say it is very important to attain a certificate or degree, compared with 60% who have some college experience and 66% who have a high school diploma or less education.”

Could be interesting.
The Thomas Jackson Letters
by Sabrina I. Pacifici on April 7, 2014
Here you will find a unique collection of previously unpublished letters describing facts and feelings about slavery and the civil war as seen from the grass roots level in Reading, Pennsylvania. These detailed, authentic, contemporary reports, most in excellent condition, have all been left to us in the letters of rope-maker Thomas Jackson. The author had been born and spent his early years in England but emigrated to USA in 1829 and spent the rest of his life in Reading. He became a fervent abolitionist and, as the war progressed, wrote back to his cousins asking that they try to get his letters published in the English newspapers. For this reason, many of the letters contain virtually no reference to family matters but concentrate instead on reporting his first hand experiences of the civil war and the injustices of slavery. By following Thomas Jackson’s passionate descriptions, you can now re-live a little history and become a witness through his eyes to some of the key events of the American civil war. In one way, you might see these letters as propaganda seemingly intended to help persuade the English people to not give their support to the southern confederate states despite the massive importance of Southern cotton to the British economy. His viewpoint was clearly one sided and did not give the slightest consideration to the southern case for secession and state’s rights. His support for the abolition of slavery dominated every aspect of his political life. His obituary in the Reading Times-Dispatch, August 7 1878 declared him to be “an original abolitionist and a warm friend and admirer of Horace Greeley and Thurlow Weed, and other (nationally known) antislavery agitators.” [via Jan Swanbeck, George A. Smathers Libraries, University of Florida]

Monday, April 07, 2014

Will Russia need to invade Ukraine to “protect ethnic Russians?”
Ukraine: Pro-Russians storm offices in Donetsk, Luhansk, Kharkiv
Pro-Russian protesters have stormed government buildings in three eastern Ukrainian cities.
In Donetsk, Luhansk and Kharkiv they clashed with police, hung Russian flags from the buildings and called for a referendum on independence.
Ukraine's acting president called an emergency security meeting in response.
… In a message posted on his Facebook account, he said: "The people who have gathered are not many but they are very aggressive. The situation will be brought under control without bloodshed. But at the same time, a firm approach will be used against all who attack government buildings, law enforcement officers and other citizens."

I'm assuming this is not related to the Ukraine. Probably not to Snowden, either. But, like Putin, this could be someone with an old KGB mindset.
Michael Riley reports:
Hackers who raided the credit-card payment system of Neiman Marcus Group Ltd. belong to a sophisticated Russian syndicate that has stolen more than 160 million credit-card numbers from retailers over seven years, according to people with knowledge of the matter.
The Russian group is well known to U.S. authorities, who have indicted several members and linked it to pillaging more than 100 companies, including Citigroup Inc. and J.C. Penney Co.
Read more on Bloomberg Businessweek.

TSA again. If you have no choice (“You wanna fly? Den youse gotta get soiched!) have you given “consent?”
Orin Kerr writes:
My co-blogger David Post says that the Fourth Amendment allows air travelers to leave airport security screening areas if they wish without the TSA’s permission:
I am permitted to leave [the screening area] without TSA permission, whether they like it or not, because the Fourth Amendment’s prohibition on “unreasonable . . . seizures” gives me that permission. We have a word for this, too, in the law, when government agents don’t allow us to leave freely: ”being in custody.” And the government cannot put me in custody when they have absolutely no reason to believe that I have broken the law – the 4th Amendment prohibits that. Nor can they say “you’ve consented to being in custody when you go to the airport,” any more than they can say “you’ve consented to being in custody whenever you leave your home, so we can grab you and hold you whenever we damn please.”
It’s perhaps worth noting that the caselaw is generally to the contrary.
Read more on WaPo Volokh Conspiracy.

Perhaps governments should not be allowed to build government systems. Did no one notice this?
Diane Rado reports:
Just hours after the state launched a new, multimillion-dollar teacher licensing system last year, an educator logging in was shocked to find a serious security breach.
“I discovered that by doing a public search using any educator’s name, ALL of our personal information is available to everyone. This is alarming!” the educator emailed to a colleague. “I was able to put in your name and find out your address, phone number, and Social Security.”
During the months ahead, the glitch-prone system that has been compared to the Obama administration’s troubled Affordable Care Act website incorrectly labeled one educator a felon. Others were mistakenly listed as delinquent on child support, which could block them from getting a license, according to records obtained by the Tribune.
In late January, the Illinois State Board of Education abruptly canceled its $3.6 million contract with the company hired to build the system. That sparked a dispute over unpaid bills that remains unresolved.
Read more on Chicago Tribune, but subscription required to read full article.
Savvy readers will just nod their heads and know this stuff happens, and frequently. But that doesn’t make exposure of personal information and Social Security numbers any less concerning.

This is much more “touchy-feely” than my suggestion that the government give every citizen a kilo of pure cocaine. It should remove addiction from the gene pool.
Pew – America’s New Drug Policy Landscape
by Sabrina I. Pacifici on April 6, 2014
“The public appears ready for a truce in the long-running war on drugs. A national survey by the Pew Research Center finds that 67% of Americans say that the government should focus more on providing treatment for those who use illegal drugs such as heroin and cocaine. Just 26% think the government’s focus should be on prosecuting users of such hard drugs. Support for a treatment-based approach to illegal drug use spans nearly all demographic groups. And while Republicans are less supportive of the treatment option than are Democrats or independents, about half of Republicans (51%) say the government should focus more on treatment than prosecution in dealing with illegal drug users. By wide margins, the public views marijuana as less harmful than alcohol, both to personal health and to society more generally. Moreover, just as most Americans prefer a less punitive approach to the use of drugs such as heroin and cocaine, an even larger majority (76% of the public) – including 69% of Republicans and 79% of Democrats – think that people convicted of possessing small amounts of marijuana should not have to serve time in jail.”

Perspective for my fellow professors. (and a hint why there are so many “for profits”)
Whoa. Education Is A 7 Trillion Dollar Industry.
… A handy infographic.

Perspective. (So far, my students haven't asked me this question.)
Why won't you DIE? IBM's S/360 and its legacy at 50
IBM's System 360 mainframe, celebrating its 50th anniversary on Monday, was more than a just another computer.
The S/360 changed IBM just as it changed computing and the technology industry.
… Big Blue introduced new concepts and de facto standards with us now: virtualisation - the toast of cloud computing on the PC and distributed x86 server that succeeded the mainframe - and the 8-bit byte over the 6-bit byte.
… Success was a mixed blessing for IBM, which got in trouble with US regulators for being "too" successful and spent a decade fighting a government anti-trust law suit over the mainframe business.

An Adroid App for the Bicycle club?
– tracks and records your path, speed, distance when you drive or walk. Path Finder shows real time data, maps out your path, shows suggestions and allows you to save your route for future reference. It uses the GPS Sensor in your phone to record the geographic statistics. It works on both Driving and Walking mode.

I'm starting three Math classes this week. These may help my students.
Calculators & Tools
The ultimate Calculator has to be WolframAlpha which as you can see has a page of its own with several slideshows to help you learn how to use it.
For drawing and exploring graphs, use the outstanding Desmos Graphing Calculator.
For some other useful calculators and tools and accompanying notes see the following pages.
The pages in the series:

Sunday, April 06, 2014

“This was such a bad idea Yachnukovy was forced to leave the country. Let's try it here!” (Are Crimean ripples becoming waves of change in Moscow?)
After Ukraine, Russians brace for repressions
Russians are facing a new wave of repressive measures in a Kremlin bid to bolster domestic control after its annexation of Ukraine's breakaway Crimea, say human rights activists.
Several bills proposed by lawmakers here this week seek to prevent the kind of street demonstrations that gripped Ukraine's Kiev earlier this winter, leading to the ouster of Ukraine President Viktor Yanukovych.
… Anti-Kremlin activists say Moscow is introducing the same restrictions on protests that were passed in January by Yanukovych's government and led to an uproar among the people and Yanukovych's ouster.
"This is exactly what caused the protests in Kiev to get violent in January," Ponomaryov said.
"There is nothing good about this," Ponomaryov added. "Lawmakers are scrambling to show the president how loyal and patriotic they are."

I didn't know that the TSA (Coast Guard, actually) had their own (not quite) judges. Perhaps some of my lawyer friends could explain that what I see as bias is in fact objective justice?
Papers, Please! reports:
The TSA has assessed a $500 civil penalty against “Naked American Hero” John Brennan, who removed all his clothes at a TSA checkpoint at the Portland, Oregon, airport in 2012 to show that he wasn’t carrying any weapons or explosives and in protest of the TSA’s practices.
Read more on Papers, Please!
[From the article:
Just as the checkpoint staff the TSA calls “Transportation Security Officers” are not law enforcement officers, so-called “Administrative Law Judges” are not judges or officers of any court. The “formal administrative hearing” was held in a courtroom (rented for the day by the TSA from the U.S. Bankruptcy Court), but it was not a trial and was not a proceeding of any actual court.
ALJ Jordan explicitly recognized that he had no authority to consider whether Mr. Brennan’s conduct was protected by the First Amendment or whether the TSA’s regulations or actions were otherwise invalid.
… We’ve posted our own complete audio recording of the formal administrative hearing, as well as ALJ Jordan’s decision and findings. The rest of the TSA’s records about this case remain secret. On May , 2013, we filed a FOIA request for all TSA or Coast Guard records related to the TSA’s complaint against Mr, Brennan. The TSA denied our request for expedited processing of this request, and to date has provided neither any response nor any estimated date for when it will respond.
ALJ Jordan found, among other things, that Mr. Brennan “was not angry, belligerent or abusive to any TSA officer” or Port of Portland police officer. “He did not use profanity or vulgarity; nor did he try to assault any TSA officer” or police officer. He “was polite and courteous” according to the testimony of both TSA and police personnel.
Mr Brennan “was never ‘ordered’ to put his clothes on,” according to uncontested TSA testimony, and he “was never told that his actions were interfering with TSA officers’ duties… that his actions were interfering with the screening process [or] that his actions were causing TSA to be less efficient in the performance of their duties.”
In spite of this, ALJ Jordan decided that Mr. Brennan had “interfered with screening personnel in the performance of their screening duties” because, he alleged, some TSA staff were “distracted” from their duties by his nudity (although none of them actually testified that they or anyone else were distracted). ALJ Jordan found that Mr. Brennan’s “actions constituted a distraction” and that “TSA screeners do not have to warn someone that their actions are interfering with their duties.”

We discussed this in last Friday's Privacy Seminar. The Panel strongly recommended this site.
HHS has recently added another training module to its offerings. The latest is on EHRs and HIPAA:
OCR has six educational programs for health care providers on compliance with various aspects of the HIPAA Privacy and Security Rules. Each of these programs is available with free Continuing Medical Education (CME) credits for physicians and Continuing Education (CE) credits for health care professionals. They are available at and on OCR’s Medscape Destination page:

'cause we don't have enough lobbies?
Apple, IBM, others form patent reform lobby
Major US companies including Ford, Apple and Pfizer have formed a lobbying group aimed at pushing back at some changes to the patent system members of Congress have proposed, saying these measures would hinder protection of valuable inventions.
The group is concerned about pending legislation aimed at fighting so-called patent assertion entities (PAEs), companies which produce nothing but instead buy up patents and then attempt to extract licensing fees or sue for infringement.
Called the Partnership for American Innovation, the group warned that steps to stop the PAEs could also hurt truly innovative companies.

For my students, who should be learning to write for today's technology.
How To Write A Great Lede When Writing For The Web
Writing for the Web is a skill that’s easy to learn but difficult to master. One of the hardest elements is concocting a great lede; ledes being the one chance you have of persuading readers to commit to an article in full. Which is exactly what you’re doing in your head right about now.

For my musical students – if they can get those buds out of their ears.
– With MusicBox you’ll get bundles of kickass songs – customized to your tastes – from independent artists delivered straight to your inbox twice per month. The list of participating artists is deep and wide, so you’re going to get exposure to a variety of genres. Hip hop, country, rock ‘n roll, blues, jazz, mash-ups. The Boxes usually consist of 2-3 songs.