Saturday, June 28, 2014

Outlining a new (and much larger challenge) for my Computer Security students. (Mobile Device and Mobile Application Management) Does your employer “certify” your BYOD device?
Enterprises Need More Than MDM to Address Mobile Security Risks: Analysis
… Organizations need to expand their mobile worldview to include data leakage, insider threats, and mobile malware and develop incident response plans that consider mobile devices, according to the latest report from GigaOm Research, released Tuesday.
They need to be able to see what is happening across mobile devices, detect security incidents, and resolve incidents effectively, all things that mobile device managements systems are not designed to handle. Along with improved incident response, organizations need to beef up their forensics capabilities to extract valuable data from mobile devices in the case of a security incident, the report suggested.

I should have thought of this. What a great way to gather the information people want to hide!
– is the best solution for efficiently handling your Google removal requests. helps you to easily find all your irrelevant, outdated, or otherwise inappropriate information that is publicly available on Google search results. helps you to justify your removal request to Google thanks to the predefined standard texts written by experts in order to increase your chance of success.

For instance, one “target” is China.
Kim Zetter reports:
About 89,000 foreigners or organizations were targeted for spying under a U.S. surveillance order last year, according to a new transparency report. The report was released for the first time Friday by the Office of the Director of Intelligence, upon order of the president, in the wake of surveillance leaks by NSA whistleblower Edward Snowden.
But the report, which covers only surveillance orders issued in 2013, doesn’t tell the whole story about how many individuals the spying targeted or how many Americans were caught in the surveillance that targeted foreigners. Civil liberties groups say the real number is likely “orders of magnitude” larger than this.
Read more on Wired.

What would keep your employees from doing this? Should we create a Social Media Policy?
Eric Goldman writes:
Jane Stewart, a company manager, posted the following on her Facebook page:
Isn’t [it] amazing how Jimmy experienced a 5 way heart bypass just one month ago and is back to work, especially when you consider George Shoun’s shoulder injury kept him away from work for 11 months and now he is trying to sue us.
The complaint says the post concluded “Love for everyone to hear the real truth! What a loser!” but this sentence wasn’t referenced in the court’s opinion.
Shoun didn’t appreciate these remarks, so he sued for confidentiality violations of the Americans With Disabilities Act (ADA).
I don’t have an opinion about the likely success of this lawsuit, but I’m less sanguine about the wisdom of this post. Employers, when is it appropriate to mock an employee online for allegedly malingering due to health issues? Answer: NEVER.

(Related) How about a non-manager's use of Social Media? No First Amendment rights here?
Jeff D. Gorman reports on another case involving use (or misuse) of social media in the workplace:
An Idaho nurse who ranted on Facebook that he wanted to slap a patient is not entitled to unemployment benefits, the state’s highest court ruled.
Joseph Talbot had been working as a nurse at Desert View Care Center for about five months when he made a January 2013 post on Facebook that got him in hot water.
“Ever have one of those days when you’d like to slap the ever loving bat snot out a patient who is just being a jerk because they can?” he asked. “Nurses shouldn’t have to take abuse from you just because you are sick. In fact, it makes me less motivated to make sure your call light gets answered every time when I know that the minute I step into the room I’ll be greeted by a deluge of insults.”
Read more on Courthouse News.
Note that there is no suggestion that any patient’s protected health information (PHI) was disclosed. This case turned simply on whether the employee violated the center’s social media policy.
Taken together with the previous blog post pointing to Eric Goldman’s comments on another workplace case involving social media, I can only wonder when people are going to really learn that Facebook isn’t a smart choice for venting about work – even if you do not name individuals. Yes, some speech is protected, but if you have signed an agreement with your employer about social media use or prohibitions, expect to be held to it.

Perspective. Living “off the grid” is really going to stand out.
Internet of Things: Connected Home – Survey
by Sabrina I. Pacifici on Jun 27, 2014
“Fortinet® – a global leader in high-performance network security released the results of a global survey that probes home owners about key issues pertaining to the Internet of Things (IoT). Independently administered throughout 11 countries, the survey titled, “Internet of Things: Connected Home,” gives a global perspective about the Internet of Things, what security and privacy issues are in play, and what home owners are willing to do to enable it. Completed in June 2014, the survey asked 1,801 tech-savvy homeowners questions relating to the Internet of Things as it pertains to the connected home. These were the top findings:
  • Homeowners are concerned about data breaches – A majority of all respondents voiced their concern that a connected appliance could result in a data breach or exposure of sensitive, personal information. Globally, 69 percent said that they were either “extremely concerned” or “somewhat concerned” about this issue. Sixty-eight percent of U.S. respondents said that they were “extremely concerned” or “somewhat concerned.”
  • Privacy and trust are concerns – When asked about the privacy of collected data, a majority of global respondents stated, “privacy is important to me, and I do not trust how this type of data may be used.” India led the world with this response at 63 percent. Fifty-seven percent in the U.S. agreed with this statement.
  • Data privacy is an extremely sensitive issue – Relating to privacy, respondents were also asked how they would feel if a connected home device was secretly or anonymously collecting information about them and sharing it with others. Most (62 percent) answered “completely violated and extremely angry to the point where I would take action.” The strongest responses came from South Africa, Malaysia and the United States. Sixty-seven percent of Americans also agreed with this statement.
  • Consumers look to their government for data regulation – Many respondents (42 percent) around the world stated that their government should regulate collected data, while 11 percent said that regulation should be enforced by an independent, non-government organization. The U.S. scored lower than most countries. Here, only 34 percent agreed that the government should regulate collected data.
  • Homeowners are willing to pay for a connected home – When asked, “would you be willing to pay for a new wireless router optimized for connected home devices,” 40 percent responded with “definitely” and another 48 percent said “maybe.” In a follow-on question, more than 50 percent said they would pay more for their Internet service in order to “enable connected devices to function” in their home. Similar to the rest of the world, U.S. homeowners would pay more; less than 25 percent said that they would not.

Perhaps some of this will translate to rules for domestic drone use?
Like Steve, I strongly recommend to Just Security readers the report on drone policy that the Stimson Task Force published yesterday. The report is very thoughtful and balanced, and raises a number of very important questions about the relative costs and benefits of particular aspects of the U.S.’s use of drones.

Parking and the First Amendment? Perhaps San Francisco should take note that parking is valuable and raise the meter rates. Or they cold ban parking all together and increase the use of public transportation. What they probably can't do is enforce this interpretation of whatever law this is based on.
San Francisco parking app refuses shut-down order
The company behind a mobile app that allows San Francisco drivers to get paid for the public parking spaces they exit has rejected an order from the city attorney to stop its operations.
MonkeyParking CEO Paolo Dobrowolny said in an email Friday that City Attorney Dennis Herrera is misapplying a police code that prohibits the sale or lease of San Francisco's streets.
Dobrowolny said MonkeyParking doesn't sell parking spots, but convenience. He cites freedom of speech, saying people have the right to tell others they're leaving a parking spot and get paid for it.

A nice summary of the music market.
Amazon Prime Music Just Set Streaming Music's Price
For much of the last year, companies have been scrambling to create their own Pandora and take a piece of the growing -- but poorly monetized -- music streaming market. Amazon may have just stumbled upon the solution.

So here's my question. What would I do with a smartphone? (Yes, I see all the Apps and gadgets. But I don't call anyone.)
Wal-Mart slashes iPhone price to just $29
… Radio Shack stores are also offering a similar deal.

Guaranteed to get your message read? Apparently not. Students in high school can't read cursive.
I Sent All My Text Messages in Calligraphy for a Week

For my student Vets.
Report on Veterans Affairs Finds 'Corrosive Culture'
An interim report on the Veterans Affairs Department delivered to President Barack Obama found that the VA’s medical system is hobbled by management with little accountability and a “corrosive culture” that has led to widespread personnel problems.

For my students preparing to run for office.
Beyond Red vs. Blue: The Political Typology – Pew
by Sabrina I. Pacifici on Jun 27, 2014
“Even in an increasingly Red vs. Blue nation, the public’s political attitudes and values come in many shades and hues. Partisan polarization – the vast and growing gap between Republicans and Democrats – is a defining feature of politics today. But beyond the ideological wings, which make up a minority of the public, the political landscape includes a center that is large and diverse, unified by frustration with politics and little else. As a result, both parties face formidable challenges in reaching beyond their bases to appeal to the middle of the electorate and build sustainable coalitions. The latest Pew Research Center political typology, which sorts voters into cohesive groups based on their attitudes and values, provides a field guide for this constantly changing landscape… The new typology has eight groups: Three are strongly ideological, highly politically engaged and overwhelmingly partisan – two on the right and one on the left. Steadfast Conservatives are staunch critics of government and the social safety net and are very socially conservative. Business Conservatives share Steadfast Conservatives’ preference for limited government, but differ in their support for Wall Street and business, as well as immigration reform. And Business Conservatives are far more moderate on social issues than are Steadfast Conservatives. At the other end of the spectrum, Solid Liberals express liberal attitudes across almost every realm – government, the economy and business and foreign policy, as well as on race, homosexuality and abortion – and are reliable and loyal Democratic voters.”

For all my students. (Philosophy from the Harvard “B” School? Who'd a thunk?)
Reframe a Moral Dilemma with Just One Word

For my Statistics students. (Told ya!)
The Mathematics of Shuffled Cards
It is said that each time you shuffle a 52-card deck, each arrangement you make may have never existed in all history, or may never exist again. Why? Because of the enormous number of arrangements that can be made using 52 objects. [52! Bob]

Friday, June 27, 2014

What now, Vladimir?
Ukraine crisis: Putin warns Ukraine faces 'serious consequences' after signing EU deal
Russia has warned there could be 'serious consequences' for Ukraine after its President Petro Poroshenko signed up to a trade and economic pact with the European Union, in a deal that has been central to the crisis in the country.
… Dmitry Peskov, a spokesman for Mr Putin, told Russian news agencies that the Kremlin would respond to the EU-Ukraine accord "as soon as negative consequences arise for the economy". [What does that mean? Bob]
… The European Union signed similar association agreements with two other former Soviet republics, Moldova and Georgia.

Perspective. Roughly one card in seven.
Study: 14 Percent of Debit Cards Exposed by Breaches in 2013
The upsurge is chronicled in the 2014 Debit Issuer Study. The report is now in its ninth edition...
… According to the report, 84 percent of financial institutions reissued all exposed cards in response to Target, compared to only 29 percent that typically reissue all exposed cards as a standard response to breaches.

Unexpected... This one seems to have grabbed their attention. (Ten times more work/cost?)
Chris Sonderby, Facebook Deputy General Counsel, has an update on Facebook’s attempts to fight bulk warrants from the government:
… Since last summer, we’ve been fighting hard against a set of sweeping search warrants issued by a court in New York that demanded we turn over nearly all data from the accounts of 381 people who use our service, including photos, private messages and other information. This unprecedented request is by far the largest we’ve ever received—by a magnitude of more than ten—and we have argued that it was unconstitutional from the start.
Of the 381 people whose accounts were the subject of these warrants, 62 were later charged in a disability fraud case. This means that no charges will be brought against more than 300 people whose data was sought by the government without prior notice to the people affected. The government also obtained gag orders that prohibited us from discussing this case and notifying any of the affected people until now.
We’ve gone to court and repeatedly asserted that these overly broad warrants–which contain no date restrictions and allow the government to keep the seized data indefinitely–violate the privacy rights of the people on Facebook and ignore Fourth Amendment safeguards against unreasonable searches and seizures. We fought forcefully against these 381 requests and were told by a lower court that as an online service provider we didn’t even have the legal standing to contest the warrants. We complied only after the appeals court denied our application to stay this ruling, and after the prosecutor filed a motion to find us in criminal contempt.
Last Friday, we filed an appellate brief in support of our continuing efforts to invalidate these sweeping warrants and to force the government to return the data it has seized and retained. Immediately after we filed our appeal, the government moved to unseal the warrants and all court filings, which has allowed us to finally notify the people whose accounts were affected about the warrants and our ongoing legal efforts.
But we feel strongly that there is more work to do, and we will continue our legal fight to retrieve data that has been seized and retained by the government. We recognize that law enforcement needs to investigate potential crimes, but we believe all government data requests must be narrowly tailored, proportionate to the case, and subject to strict judicial oversight. Moreover, we believe search warrants for digital information should be specific and narrow in scope, just like warrants for physical evidence. These restrictions are critical to preventing overreaching legal requests and protecting people’s information.
We will continue to fight on your behalf, and we recognize the importance of this responsibility. We look forward to keeping you updated about our progress.
Under the post, you can see a chronology of developments in the case.
I don’t often say this, but in this case, good for Facebook! [Ditto! Bob]

Is there a review procedure that caught this (if not, why not?) or just a smart defense attorney?
Andrew Duffy reports:
A Superior Court judge has tossed out most of the evidence in a drug trafficking case after ruling that an Ottawa police officer authored a deliberately misleading application for a cellphone wiretap order.
In a decision released Thursday, Justice Robert Beaudoin said the bulk of the evidence obtained against Temorshah Hafizi, 40, must be excluded because of the police transgression, which offended the accused’s privacy rights.
Such orders are rarely made by judges assessing the constitutionality of wiretap warrants.
Read more on Ottawa Citizen.

A huge database that makes it possible for every law enforcement organization to act lke they know you personally (and intimately?)
J.D. Tuccille writes:
The FBI’s facial recognition database, into which it wants to put 52 million of our mugs by the end of 2015, is only part of its larger Next Generation Identification (NGI) program. The NGI program is intended to give the feds a full range of means to identify us according to biometric markers, including facial feature, digitized fingerprints, photographs of tattoos, scans of the irises of human eyes…
It’s a lot of data for tagging people, all going into a centralized system. That has plenty of people worried about misuse, abuse, and the overall nudge this sort of capability gives us toward a total surveillance state.
Yesterday, 32 organizations from across the political spectrum, including the American Civil Liberties Union, the Electronic Frontier Foundation (EFF), and R Street Institute, asked Attorney General Eric Holder to explain just how the United States government plans to use the system it’s building and the data contained therein.
Read more on Reason.

Is this what I'm left with after the Aereo decision?
App Watch: FilmOn Has Much More Than Broadcast TV
… Like Aereo, FilmOn offers over-the-air TV channels through a website and mobile apps. Also similar to Aereo, FilmOn's offerings are affected by Wednesday's Supreme Court decision saying that such a setup is prohibited under U.S. copyright law, at least without paying broadcasters.
While the case was being argued in court, FilmOn founder Alki David told me that broadcast channels represent less than 5 percent of what FilmOn offers, so there's plenty to watch — regardless of the outcome. In anticipation of the court ruling, I spent part of a recent trip assessing that claim using a laptop, an iPad, an iPhone and a Samsung Android phone.
While Aereo's monthly service starts at $8, FilmOn is free. But you have to put up with a short video ad before you start watching. You can watch on Windows and Mac computers, iOS, Android and BlackBerry 10 devices and Roku's streaming player. You can watch channels live or record up to 10 hours of shows for free. You can also buy more space to store the shows you record.
… Besides over-the-air channels, FilmOn offers more than 600 on all sorts of topics, including fashion, travel, comedy and news.
Most of the channels are packaged by FilmOn based on programming it owns or licenses. FilmOn also offers some cable TV channels outright — little-known ones such as Pivot, a channel launched last year to target 18 to 34 year olds. It also has TV channels from abroad.
… There's some truth to that, as long as the content is interesting. One problem is that FilmOn seems geared toward a young male audience, so the channels that come up first include College Hotties, Hooters' Calendar Girls and Live Boxing. In fact, David told me the bikini and horror channels are among the most popular on FilmOn.
It takes some patience to find other things to watch. War buffs will appreciate FilmOn's extensive library of documentaries on World War II. Immigrants will appreciate news channels from their home country.

For some of my students...
31 Premium Android Apps Available for Free on Amazon
… The Amazon Appstore is giving away 31 paid Android apps, worth more than $100, for free. The offer will remain valid until tomorrow (28th June) and you can head over to to download the various apps that are available as part of this package.

There are some things technology was not meant to do! Apparently, lots of folks haven't gotten the word.
– is a site that enables you to put your Instagram photos on marshmallows. Costing $26 for a box of 9, this British service transforms your photos into multi-sensory delicacies. How about some selfie marshmallows for your partner? Or perhaps some of your ex to roast over a fire? The possibilities are endless. What would YOU put on your marshmallows?

So that's what my students are doing!

Thursday, June 26, 2014

“The right of the people to be secure in their persons, houses, papers, cellphones, and effects, against unreasonable searches and seizures, shall not be violated...” Perhaps I'll have my Criminal Justice students build a “Get a Warrant!” App.
'Get a warrant' to search cellphones, Justices say
In an emphatic defense of privacy in the digital age, a unanimous Supreme Court ruled Wednesday that police generally may not search the cellphones of people they arrest without first getting search warrants.
Cellphones are unlike anything else police may find on someone they arrest, Chief Justice John Roberts wrote for the court. They are "not just another technological convenience," he said, but ubiquitous, increasingly powerful computers that contain vast quantities of personal, sensitive information.
"With all they contain and all they may reveal, they hold for many Americans the privacies of life," Roberts declared.

(On the other hand) If he refuses, is he automatically guilty of whatever crime he is charged with? Do they lock him up until he complies? What is proper?
Elizabeth Barber reports:
Police can order an accused criminal to decrypt his computer without violating his constitutional right against self-incrimination, Massachusetts’ top court said on Wednesday.
In the latest U.S. ruling on the contentious issue, the 5-2 ruling by the Massachusetts Supreme Judicial Court reverses a lower court’s finding that police could not force Leon Gelfgatt, charged with mortgage fraud, to decrypt four computers seized in an investigation, since doing so would violate his Fifth Amendment right.
The court found that since Gelfgatt had told investigators that the computer belonged to him and that he had the encryption key, police could compel him to decrypt his files.
Read more on Reuters.

Sometimes you win, sometimes the justices make a HUGE error. I don't see how Aereo is like a cable system other than the very early “community antenna” services. But here's a potential business opportunity. What if I buy the antennas from Aereo and put them in stand-alone boxes. Then I sell the boxes to individuals who can grab over the air signals and send them to their computer.
Supreme Court Rules Against Aereo, a TV Streaming Service
… The 6 to 3 decision handed a major victory to the broadcast networks, which argued that Aereo’s business model was no more than a high-tech approach for stealing their content.
… Justice Stephen G. Breyer, writing for the majority, said the service was “not simply an equipment provider,” but acted like a cable system in that it transmitted copyrighted content. “Insofar as there are differences,” he wrote, “those differences concern not the nature of the service that Aereo provides so much as the technological manner in which it provides the service.”
… In a dissent that expressed distaste for Aereo’s business model, Justice Antonin Scalia said that the service had nevertheless identified a loophole in the law. “It is not the role of this court to identify and plug loopholes,” he wrote. “It is the role of good lawyers to identify and exploit them, and the role of Congress to eliminate them if it wishes.”
… Chet Kanojia, Aereo’s founder and chief executive, said that Aereo had worked to create a technology that complied with the law. “Today’s decision clearly states that how the technology works does not matter,” he said.
… Subscribers to Aereo paid $8 to $12 a month to rent one of the start-up’s dime-size antennas that captured over-the-air television signals. Users then could watch near-live TV and record programs on major broadcast networks such as ABC, CBS, NBC and Fox.
In combination with other Internet services like Netflix and Hulu, it could provide much of a viewer’s television diet at a fraction of the cost of a cable or satellite television bill.
… The case, ABC Inc. v. Aereo, No. 13-461, turned on a part of the copyright law that requires the permission of copyright owners for “public performances” of their work. The law defines such performances to include retransmission to the public.
Aereo had argued that its transmissions were private performances because it assigned an individual antenna to every viewer, but Justice Breyer rejected that argument as well.

Aereo and the Strange Case of Broadcasters Who Don’t Want to Be Broadcast

Right now, my Ethical hackers have to go state by state. Imagine how much easier this will be when the Feds have all the data in one place!
Montana Health Department Hacked
Hackers breached a server in the State of Montana's Department of Public Health and Human Services, prompting officials to notify 1.3 million people of the incident.
There is no evidence this information was used inappropriately -- or even accessed -- but the state is offering free credit monitoring and identity protection insurance to potentially affected individuals, said Richard Opper, DPHHS director. Montana also is alerting family members of deceased patients.
Officials discovered the breach after an independent forensic investigation determined a DPHHS server had been hacked. The department ordered the May 22 investigation from Kroll after DPHHS officials first noticed "suspicious activity" on May 15, Jon Ebelt, DPHHS public information officer, told InformationWeek.

Perhaps I could get access to the requests and publish them (and archived web pages). I'll call my site, “Hey! Look what this guy's trying to hide!”
Google removes first search results after EU ruling
… Google received over 41,000 requests over four days after it put up an online form allowing Europeans to request that search results be removed.

We may be teaching classes on how to do this. It's really quite simple.
How Police Are Scanning All Of Twitter To Detect Terrorist Threats
When Boston officials decided to monitor Twitter during this year's marathon, they didn't scan the site's 500 million daily posts for signs of trouble.
Dataminr did that for them.
The company's software sorts through millions of tweets for clues about major events or emerging threats, flagging mentions of everything from fires to suspicious packages and sending real-time alerts to customers.
… Dataminr is one of several companies marketing such products to police departments. A company called BrightPlanet is selling a tool called Blue Jay that allows law enforcement officers to listen to what gang members say on Twitter and track their movements. The FBI is also building its own application to monitor social media posts for words like "bomb," "suspicious package" and "white powder."
… "The problem is if you don't have a specific law enforcement purpose for using the monitoring tools," said Keenan. "Why are you monitoring tweets? What type of information are you going to be collecting? How long are you going to retain it? That has to be addressed before you employ the technology."
… Bailey said Dataminr customers can only use the software to track major events on Twitter and can't use it to single out individuals or anti-government tweets. He added that Dataminr customers can't store tweets permanently. [We can fix those problems. Bob]

(Related) Hey, it's for your own good! (As determined by us)
So no sooner do I post Dr. Deborah Peel’s talk about commercial entities data-mining and selling our information, then Joe Cadillic sends me a link to an article by Shannon Pettypiece and Jordan Robertson of Bloomberg:
You may soon get a call from your doctor if you’ve let your gym membership lapse, made a habit of picking up candy bars at the check-out counter or begin shopping at plus-sized stores.
That’s because some hospitals are starting to use detailed consumer data to create profiles on current and potential patients to identify those most likely to get sick, so the hospitals can intervene before they do.
Information compiled by data brokers from public records and credit card transactions can reveal where a person shops, the food they buy, and whether they smoke. The largest hospital chain in the Carolinas is plugging data for 2 million people into algorithms designed to identify high-risk patients, while Pennsylvania’s biggest system uses household and demographic data. Patients and their advocates, meanwhile, say they’re concerned that big data’s expansion into medical care will hurt the doctor-patient relationship and threaten privacy.
Read more on Bloomberg. And then maybe watch Dr. Peel’s talk if you didn’t watch it before.

The kind of quote you want to use in your advertising. I wonder if that was part of the contract? (Or if they want more targets to use an easily accessible service?)
SHOCKER: CIA CIO CAN confirm that AWS cloud safe for big government
In an eyebrow raising presentation the chief information officer for the US's foreign spying wing, the CIA, has praised the cloud computing capabilities of Amazon Web Services and said the agency wants to expand its use of the company's tech.
CIA CIO Doug Wolfe spoke at an event in Washington on Tuesday where he said he was confident the spy group would "end up in a very good quality product, and a very secure product," after awarding a procurement contract to the company worth as much as $600m.
… "You're going to start seeing exactly what your consumption cost, and start understanding exactly how server storage processing, et cetera, was applied to the problem. So we see this as a tremendous opportunity to sharpen our focus and be very efficient." [Information you get from analyzing your logs. Anyone could do it. Bob]

See? Anyone can do it!
16 Year Old Coder Launches Browser Extension That Reveals Congressional Campaign Financing
by Sabrina I. Pacifici on Jun 25, 2014
“A free browser extension for Chrome, Firefox, and Safari that exposes the role money plays in Congress. Displays on any web page detailed campaign contribution data for every Senator and Representative, including total amount received and breakdown by industry and by size of donation. Puts vital data where it’s most relevant so you can discover the real impact of money on our political system. A free browser extension for Chrome, Firefox, and Safari that exposes the role money plays in Congress. Displays on any web page detailed campaign contribution data for every Senator and Representative, including total amount received and breakdown by industry and by size of donation. Puts vital data where it’s most relevant so you can discover the real impact of money on our political system.”

For my Statistics students. (I just love reading about standard deviation...)
For PGA Players, Driving Now Beats Putting as the Most Lucrative Skill
As golf courses used by the Professional Golfers’ Association have changed in recent years—with the fairways getting longer, the grass height in the rough being cut shorter, and the cups being shifted to locations that are harder to reach—driving has replaced putting as the professional golfer’s top money-making skill, according to a study by Carson D. Baugher and Jonathan P. Day of Western Illinois University and Elvin W. Burford Jr. of Junior’s Shaft Shack in Forest, Virginia. Previous studies showed that putting was a player’s most lucrative capability, but drawing on recent PGA Tour data, the researchers found that a 1-standard-deviation increase in driving distance would have boosted a player’s earnings by an average of $671,779.15 in 2013, whereas the same relative increase in putting skills would have raised his earnings by just $510,195.91. Iron, chipping, and sand skills remain significantly less important than driving and putting.

For my students.
5 Easy Tools To Listen To Online Radio Stations On Windows

Wednesday, June 25, 2014

So, add a “smiley face” and don't bump your victim and all is good?
Joanna Small reports:
A woman called police to report a Peeping Tom, but not the traditional kind. She says a drone was looking into her downtown Seattle apartment window at Stewart Street and Terry Avenue, and the people operating it had camera equipment.
Seattle police say there’s only one way it could constitute a crime, and it’s hard to prove.
Read more on KIRO.
[From the article:
"People do have an expectation of privacy, and they should. But if somebody is outside and they can get a picture of you through your window, that's just living in the city, sorry,” Detective Patrick Michaud with the Seattle Police Department explained.
Seattle police admit there's not much they can do about drone complaints -- with one exception.
"If you feel threatened by it, or you get hit by it, feel free to tell a person, ‘Hey look, that's not cool,’ or you can call police and we can do the talking for you, if you wish,” Michaud concluded.
That's what happened in this case, and police say they're investigating as best they can. SPD actually tried to launch its own drone program, but the former mayor shut it down last year, citing privacy concerns.

“We can, therefore we must!”
Melissa Melton writes:
You think the big brother surveillance state is getting creepy here in America, check out what central banks are doing in other countries.
In line with the ongoing initiative of the Central Bank of Nigeria (CBN) and the Bankers’ Committee (comprising Chief Executives of the nation’s deposit money banks), banks across the country are to begin capturing of customer biometric data as part of Bank Verification Numbers (BVN).
The rollout of the BVN solution for the identification and verification of bank customers is expected to begin in 1,000 selected bank branches across Lagos, as a prelude to a nationwide rollout.
This is in alignment with the phased approach adopted in executing the three-tiered Know-Your-Customer (KYC) and cashless policy of the CBN.
Read more on Activist Post.
[From the Article:
… a new biometric program will require customers to sign up for a Bank Verification Number and present themselves at any branch for fingerprinting (all 10 fingers), facial image capture, and more.
No customer will be able to do any banking whatsoever without those fingerprints.
Some articles have also tossed around voice recognition and retina scans as well.

Is this merely, “See? We're the good guys!” Or, is there a business reason for this – it can't cost that much, can it? Or am I missing something entirely?
Microsoft's top lawyer: 'Future is bleak' if gov't bulk data collection continues
… Speaking Tuesday at a talk held at the Brookings Institution in Washington, DC, Smith said the US’s secret surveillance court is not held unaccountable [Doesn't anyone not edit no more? Bob] to the public, and as a result, is not "inclined to promote justice," as reported by the Wall Street Journal.
… Smith has upheld a public campaign for reform over this year. There is also a context to Smith's advocation of privacy, as Microsoft is currently resisting a warrant issued late last year by US authorities to force the tech giant to hand over email records of a European customer stored in Dublin, Ireland. Microsoft's reluctance to comply did not help the company win the case, and the firm is now appealing the judge's decision. However, Smith's comments have placed Microsoft firmly on one side of the surveillance row and may assure customers that even if the company fails, it will at least try to stop governmental overreach.

(Contrast with...)
Jonathan Brown reports:
Public bodies and private corporations including Internet giant Google are flouting the public’s right to access personal data being held on them, according to a major new international study.
Researchers found that nearly half of data holders either failed to disclose the private information they stored on citizens or did not give a legitimate reason for not doing so when asked.
Read more on The Independent.

(Related) One of several news snippets. Simplifies Right To Be Forgotten
A new site called has simplified the process of requesting Google grants you the right to be forgotten. “Anyone resident in Europe can request Google remove a link concerning them and their past behavior, and aims to make it as easy as possible to disappear from search results. Unfortunately, you need to sign up for an account, which is rather annoying.

In lieu of “Due Process” TSA has “No Particular Process.”
Speaking of due process, here’s a very significant decision by Judge Brown in the Latif case in the District of Oregon, about which Shirin Sinnar (in a guest post) and our very own Jen Daskal have blogged previously. In a nutshell, Judge Brown has ruled that the internal redress mechanisms provided by the government for getting off the no-fly list (along with the unclear appeals process) fails to afford adequate due process. I’m sure we’ll have much more to say about Judge Brown’s analysis in the coming days, but although this is only a district court decision, it’s potentially a Very Big Deal going forward.

Oh look, a burglar alert App!
Nest to Share User Information With Google for the First Time
Nest Labs is set to share some user information with corporate parent Google for the first time since its February acquisition.
Matt Rogers, a co-founder of the smart-thermostat maker, said in an interview that Google will connect some of its apps to Nest, allowing Google to know when Nest users are at home or not.
The integration will allow those users to set the temperature of their homes with voice commands to a Google mobile app. It will also allow Google’s personal digital assistant, Google Now, to set the temperature automatically when it detects, using a smartphone’s location-tracking abilities, that a user is returning home.
Users will have to opt in for their information to be shared with Google, Rogers said.
… The news comes as Nest said it will allow developers of appliances, light fixtures, garage door openers and more to access user information, part of Nest’s bid to be the operating system for the smart home.

Have we become “over-Apped?” Why is there an App for that? Do I really need to watch a video of my garage door opening when I'm 20 feet away? (and why would I open it from anywhere else in the world?)
Introducing the First Smartphone-Based Garage Door Opener With Built-in Video and Recording Functionality
… The company announced today an enhancement to its popular GoGogate product, allowing existing and new GoGogate customers to use video and video recording to track opening and closing of their garage doors via their smartphone, computer or tablet anywhere in the world.

“Hey, we're Californians. We'll vote for anything we find amusing – logical or not.”
TurnItOff reports:
In the face of opposition lobbying from the California Sheriffs Association and two former NSA analysts, the California Assembly Public Safety Committee voted unanimously to approve a bipartisan bill which creates a mechanism to turn off all material support and assistance, including water and electricity resources, from California to federal mass surveillance programs. The vote was 7-0.
Dubbed the 4th Amendment Protection Act, Senate Bill 828 (SB828) passed the State Senate last month by a vote of 29-1, and is just two votes away from reaching Gov. Brown’s desk.
Well, okay, it still has to get out of another committee and then survive a full vote by the Assembly, but even so, I’m impressed the bill’s gotten this far. Here’s the text of the bill:
Chapter 32.5 (commencing with Section 7599) is added to Division 7 of Title 1 of the Government Code, to read:
CHAPTER 32.5. The 4th Amendment Protection Act
7599. The state shall not provide material support, participation, or assistance to any federal agency attempting the illegal and unconstitutional collection of electronic data or metadata, without consent, of any person not based on a valid warrant that particularly describes the person, place, and thing to be searched or seized, seized or a court order, or in accordance with judicially recognized exceptions to warrant requirements.
Read more on TurnItOff.

(On the other hand...)
Nigel Duara of AP reports:
A federal judge has affirmed the legality of the U.S. government’s bulk collection of phone and email data from foreign nationals living outside the country — including their contact with U.S. citizens — in denying a man’s motion to dismiss his terrorism conviction.
It was the first legal challenge to the government’s bulk data-collection program of non-U.S. citizens living overseas after revelations about massive, warrantless surveillance were made public by former National Security Agency employee Edward Snowden.
Read more on Huffington Post.
You can access the opinion and order in United States v. Mohamud here (pdf)

For my Computer Security students.
Researchers Out Spy Tools That Let Governments Hack Your Smartphone
Researchers from Kaspersky Lab and Citizen Lab have uncovered new details on advanced surveillance tools offered by the Italian company HackingTeam, including never before seen implants for smartphones running on iOS and Android.
Sergey Golovanov, Principal Security Researcher at Kaspersky Lab and Marquis-Boire presented the research (PDF) at a press event in London on Tuesday.

For all my students.
Do the Benefits of College Still Outweigh the Costs?
by Sabrina I. Pacifici on Jun 24, 2014
In recent years, students have been paying more to attend college and earning less upon graduation—trends that have led many observers to question whether a college education remains a good investment. However, an analysis of the economic returns to college since the 1970s demonstrates that the benefits of both a bachelor’s degree and an associate’s degree still tend to outweigh the costs, with both degrees earning a return of about 15 percent over the past decade. The return has remained high in spite of rising tuition and falling earnings because the wages of those without a college degree have also been falling, keeping the college wage premium near an all-time high while reducing the opportunity cost of going to school.”

Tuesday, June 24, 2014

If the public had been made aware of this breach, would the penalty have been greater? Have they really been negotiating for 5 years?
From HHS, this press release today about an incident that never appeared in their public breach tool:
Parkview Health System, Inc. has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule with the U.S. Department of Health and Human Services Office for Civil Rights (OCR). Parkview will pay $800,000 and adopt a corrective action plan to address deficiencies in its HIPAA compliance program. Parkview is a nonprofit health care system that provides community-based health care services to individuals in northeast Indiana and northwest Ohio.
… On June 4, 2009, Parkview employees, with notice that the physician was not at home, left 71 cardboard boxes of these medical records unattended and accessible to unauthorized persons on the driveway of the physician’s home, within 20 feet of the public road and a short distance away from a heavily trafficked public shopping venue.

I think this should have happened sooner.
Jeanne Price reports:
One of the most memorable privacy stories of 2013 involved Aaron’s Rent-To-Own affiliates accused of spying on consumers who’d rented computers with secret software. While federal charges against Aaron’s Inc. were settled last year, that didn’t satisfy a pair of Colorado attorneys who were themselves clients of affiliate Aspen Way Enterprises in Fort Collins. Yesterday the duo filed a lawsuit in Georgia federal court that revealed just how deep the computer snooping went.
The case is based on the premise that rent-to-own doesn’t mean right-to-spy. Details provided yesterday include a statement from Herman Gerel LLP of Atlanta, the firm representing attorney plaintiffs Michael Peterson and Matthew Lyons. It stated that the spyware on Peterson’s and Lyons’ computers was responsible for “remotely capturing 4,702 screen shots, and 2,464 key log entries with undetectable software. [Are they saying they can't prove this software was on their computers? Bob] The images and logs include attorney work product and privileged communications regarding the lawyers’ clients in 2010 and 2011.”

“We don't like him. Let's kill him!” This is just legal babble...
This morning the 2nd Circuit published a redacted version of the long-sought Department of Justice OLC memo that authorized [Wrong word. Bob] the killing of U.S. citizen, Anwar al-Awlaki. We’ve got the entire 2nd Circuit opinion (full text) and the OLC memo itself (full text) available here on Just Security.

Survey, but no link yet. Perhaps they just made up this “data?”
Fortinet Reveals “Internet of Things: Connected Home” Survey Results
… Completed in June 2014, the survey asked 1,801 tech-savvy homeowners questions relating to the Internet of Things as it pertains to the connected home. These were [some of] the top findings:
Homeowners are concerned about data breaches
Privacy and trust are concerns
Data privacy is an extremely sensitive issue
Homeowners are willing to pay for a connected home

It's called “Traffic Analysis” and it shows much more than they mention here. Should be a good paper to point my Cryptography students to.
Jeremy Kirk reports:
Analyzing encrypted Web traffic can potentially reveal highly sensitive information such as medical conditions and sexual orientation, according to a research paper that forecasts how privacy on the Internet may erode.
In a paper titled “I Know Why You Went to the Clinic,” researchers show that by observing encrypted Web traffic and identifying patterns, it is possible to know what pages a person has visited on a website, giving clues to their personal life. The paper will be presented July 16 at the Privacy-Enhancing Technology Forum in Amsterdam.
Read more on Computerworld.

Why? What governmental projects are aided by this? None apparently, so why do it?
David Heinzmann reports:
The curled metal fixtures set to go up on a handful of Michigan Avenue light poles later this summer may look like delicate pieces of sculpture, but researchers say they’ll provide a big step forward in the way Chicago understands itself by observing the city’s people and surroundings.
The smooth, perforated sheaths of metal are decorative, but their job is to protect and conceal a system of data-collection sensors that will measure air quality, light intensity, sound volume, heat, precipitation and wind. The sensors will also count people by measuring wireless signals on mobile devices.
Read more on the Chicago Tribune.
[From the article:
Researchers have dubbed their effort the "Array of Things" project. Gathering and publishing such a broad swath of data will give scientists the tools [It might point out what tools are needed, but data are not tools. Bob] to make Chicago a safer, more efficient and cleaner place to live, said Catlett, director of the Urban Center for Computation and Data, part of a joint initiative between the University of Chicago and Argonne National Laboratory, near Lemont.
The novelty of a permanent data collection infrastructure may also give Chicago a competitive advantage in attracting technological research, researchers contend.
… Data-hungry researchers are unabashedly enthusiastic about the project, but some experts said that the system's flexibility and planned partnerships with industry beg to be closely monitored. Questions include whether the sensors are gathering too much personal information about people who may be passing by without giving a second thought to the amount of data that their movements — and the signals from their smartphones — may be giving off.
City officials don't have firm expectations about what the data may yield [I thought not... Bob] but share researchers' desire to push "Chicago as a test bed of urban analytical research," said Brenna Berman, the city's commissioner of information and technology.

Interesting. A change to the training we need to give our Criminal Justice students. However, searching for social media should be simple.
Social media 'at least half' of calls passed to front-line police
Chief Constable Alex Marshall, head of the College of Policing, said the number of crimes arising from social media represented "a real problem".
He said it was a particular problem for officers who deal with low-level crimes.
About 6,000 officers were being trained to deal with online offences, he said.
He said the police and public were still trying to understand when online insults became a crime.
Mr Marshall told BBC Radio 4's Law in Action: "As people have moved their shopping online and their communications online, they've also moved their insults, their abuse and their threats online, so I see that it won't be long before pretty much every investigation that the police conduct will have an online element to it.
Currently, online crimes are recorded under traditional headings such as harassment or threats to kill and not as a cybercrime, so each record is required to be read individually to ascertain if the crime originated on social media.
Mr Marshall said because of that, the force was missing out on information.
The College of Policing was currently carrying out research to quantify how many crimes actually originate on social media, he said, and was expecting the results in the next couple of months.

(Related) Can they do this? How will they enforce this ban? Can police in San Francisco detect “bad App-ers” in real time and ticket their cars?
San Francisco bans parking space app
Parking is a huge problem in the city and Rome-based start-up MonkeyParking thought it had come up with a solution.
The app lets users auction off public parking spaces that they are using and wait for the buyer to arrive before pulling out.
But the city says it is illegal to auction off public land and has threatened to fine anyone doing so.
San Francisco lawyer Dennis Herrera sent a cease-and-desist order to MonkeyParking and has also asked Apple to remove it from the app store for violating local law.
… He said that the company would be subject to fines of up to $2,500 (£1,470) per violation and it has been given until 11 July to stop operating in the city. Users of the app would also be subject to a $300 fine.

How do I explain this to my Computer Forensics students? There are limits to a “temporary overseize.”
Orin Kerr writes:
I blogged last week about the Second Circuit’s important decision in United States v. Ganias, on the ‘right to delete’ seized computer files. A prosecutor I know sent me a thoughtful e-mail responding to the decision. I asked the prosecutor if I could post the e-mail (as it was intended just for me), and I received that permission.
Read the email and Orin’s comments on it on WaPo The Volokh Conspiracy.

...for some values of “work.”
Daniel Barth-Jones writes:
In a FierceBigData article which ran last Wednesday, Pam Baker posed some compelling questions regarding a recent “Big Data and Innovation, Setting the Record Straight:De-identification Does Work” whitepaper (.pdf) released by Ann Cavoukian, the Ontario information and privacy commissioner, and Daniel Castro, Information Technology and Innovation Foundation Senior Analyst. Of these, the most salient question was also the simplest: “Does de-identification work or not?
How we answer this question really boils down to whether we will define de-identification as “working” only if it provides absolute privacy guarantees. Or whether, as we do with many other areas of life (like door locks, seatbelts and other protections), we accept a dramatic reduction from the original risks (without the protection in place) as being worthwhile.
Read more on FierceBigData.

I love the little insights in these articles.
Make Customers Want to Buy Offline
Showrooming, once a worry primarily for consumer electronics retailers, is expanding into markets we might have thought exempt. Today we can investigate everything from cars to books to groceries in person and then proceed to order them online, often with greater ease and significant savings.
Chalk this up to the efficiency of digital retailers, who’ve systematically dismantled every obstacle to online shopping. Shipping is fast and cheap, returns are a snap, and customer service is often better than what you find in a store. Price competition these days is a guaranteed losing strategy, especially with Amazon, whose long cash floats and high inventory turnover allow them to stay profitable even with no margin. [Obvious, in retrospect. Bob] Stores like Best Buy and Walmart once seemed unstoppable as they displaced independent retailers; now the Goliath has become David.
… Not every retail environment can be a community center, of course, but the demand for such spaces is huge and unmet, and there are endless ways to build community — even in surprising environments, like financial institutions. Since its “Slow Banking” redesign in 2003, Oregon-based Umpqua Bank has provided ample seating, free coffee, and wifi to its customers, and offered up its branches for meetings, workshops, and concerts. In that time, it’s grown from less than 70 branches to nearly 400, becoming the largest regional bank in the Western US.

Getting the pro-noun-say-shun just perfect.
'Why-Fi' or 'Wiffy'? How Americans Pronounce Common Tech Terms
Okay, once and for all: Is it "gif" or "jif"?
EBay Deals, which runs a blog, decided to find out. Its team surveyed 1,100 people—U.S. residents, ranging in age from 18 to 45—asking them about the terms they use to describe some of the most common objects and actions of digital life.