Saturday, July 05, 2014

2012 was the first time encryption kept the cops from the plaintext (4 times) Perhaps now my lawyer friends will encrypt?
Andy Greenberg reports:
The spread of usable encryption tools hasn’t exactly made law enforcement wiretaps obsolete. But in a handful of cases over the past year—and more than ever before—it did shut down cops’ attempts to eavesdrop on criminal suspects, the latest sign of a slow but steady increase in encryption’s adoption by police targets over the last decade.
In nine cases in 2013, state police were unable to break the encryption used by criminal suspects they were investigating, according to an annual report on law enforcement eavesdropping released by the U.S. court system on Wednesday.
Read more on Wired.
[From the 2013 report:
The number of state wiretaps in which encryption was encountered increased from 15 in 2012 to 41 in 2013. In nine of these wiretaps, officials were unable to decipher the plain text of the messages. Encryption was also reported for 52 state wiretaps that were conducted during previous years, but reported to the AO for the first time in 2013. Officials were able to decipher the plain text of the communications in all 52 intercepts.

(Related) Why would they not?
NSA tracking users of privacy applications and monitoring services
by Sabrina I. Pacifici on Jul 4, 2014
NSA targets the privacy-conscious - von J. Appelbaum, A. Gibson, J. Goetz, V. Kabisch, L. Kampf, L. Ryge. “The investigation discloses the following:
  • Two servers in Germany – in Berlin and Nuremberg – are under surveillance by the NSA.
  • Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.
  • Among the NSA’s targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states
  • The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called “the Linux Journal – the Original Magazine of the Linux Community”, and calls it an “extremist forum”.
  • Via EFF – “Learning about Linux is not a crime—but don’t tell the NSA that. A story published in German on Tagesschau, and followed up by an article in English on today, has revealed that the NSA is scrutinizing people who visit websites such as the Tor Project’s home page and even Linux Journal. This is disturbing in a number of ways, but the bottom line is this: the procedures outlined in the articles show the NSA is adding “fingerprints”—like a scarlet letter for the information age—to activities that go hand in hand with First Amendment protected activities and freedom of expression across the globe.”

How to fight city hall without fighting? Zen and the art of legal protest? There's more than one way to skin a court?
Google Super Successful At Spinning Europe’s Right To Be Forgotten Ruling As Farce
Blink and you’ll still see it. Google’s strategy to spin the European Court of Justice’s right to be forgotten ruling as ‘unworkable’ is in full swing.
The ruling, made in late May, requires Google to process requests by private individuals to de-index outdated or irrelevant personal information when a search is made for their name.
The data is only de-indexed from European Google search results, not And refers specifically to private individuals — those with a public profile would be exempt on the grounds of public interest. Google says it’s had about 70,000 requests for data to be de-indexed so far.
Google started de-indexing links at the end of last month to comply with the law. But this week it’s clear that the advertising giant is outsourcing a public campaign of ‘censorship outrage’ to the media organizations whose business models entirely align with its own.
… Google has barely had to lift a finger to find a sympathetic mouthpiece from media outlets that also rely on people finding information on their sites to drive their own digital businesses.
Still, there is evidently more than a little behind the scenes string-pulling going on. For starters Google has been emailing news websites to flag up when it’s removed a link to their content in its search results — to give them the required nudge to get to work on a piece attacking the ruling as censorship. (Google declined to specify how many notification emails it has sent out when I asked.)
… So far Google’s spin strategy has been spectacularly successful. By publishing stories about the removed links, the media is neatly turning a right to be forgotten on its head — shining the spotlight back on private individuals who may have been seeking to de-emphasize outdated or irrelevant information about them.

Amazon wants to enable “impulse buying” wherever possible.
Amazon ready to fight the FTC over in app purchases
Amazon is risking the wrath of the Federal Trade Commission (FTC) over the company's policies regarding in app purchases, and it seems the online retailer turned hardware maker doesn't care. The FTC has asked Amazon to update its policies on the already controversial in-app purchase policy, but the company is ignoring the request and could be willing to fight its corner in the courts.
… Amazon insists that its policies are fine as they are and the company says it has refunded any customers who have complained about wrong purchases. The company is so adamant about its stance that it is willing to let the FTC take it to court, a move that could cost Amazon some pretty hefty fines and added regulation.
… Besides, it just seems like obvious practice to make users write their password before making in app purchases, the slight inconvenience can make a difference in the long run, especially to parents.
Although, it was not until June that Amazon implemented any kind of authentication for purchases, so the company has sort of been asking for this.

...and these people teach children?
… The New York Court of Appeals struck down an Albany County law that had made cyberbullying a crime, ruling that the law violated the First Amendment.
… Despite initially supporting efforts to require schools offer healthier lunches, the School Nutrition Association is now lobbying to allow schools to opt out of new nutritional requirements.
LAUSD will allow 27 of its high schools to buy laptop computers instead of iPads. The new devices will cost $40 million. (That’s in addition to the $30 million contract the district signed with Apple last year. The entire cost of the project – to equip every student in the district with an iPad… computing device: $1 billion.)
Marginal Revolution University’s goal, reads The Chronicle of Higher Education headline: “MOOC Lectures That Go Viral”

For my students. Useful stuff!
Search Less & Learn More: Explore Online Courses, Books & More On Bing
Some search engine wars are being fought in classrooms. If there’s Google for Education, there’s also Bing in the Classroom. It’s less of a sibling rivalry and more of a backyard brawl as the two search giants rapidly make changes to the way learners search for information.
In the latest volley, Bing brings in two nice touches for students who look to the Web for learning.
  • Search for free online courses by the Khan Academy.
  • Search for a book title available at a library, for free download, or for viewing online.

For my iStudents... More in the article.
Start Your Diary Today: DayOne for iPhone & iPad Is Free [iOS Sales]
DayOne ($4.99, now free)
Apple’s App of the Week, and thus free until Wednesday, is the much-celebrated journal app DayOne. It’s a universal app that syncs with either iCloud or Dropbox, and supports the separate Mac version (also currently reduced at 30% off). Whether you’ve kept a journal for years and are upgrading it to a digital version, or if you’ve never tried before and would like to improve your writing then DayOne is the gold standard for iOS diary keeping.
Halftone 2 ($1.99, now free)
The original Halftone app allowed you to create simple comic strips from your images, and Halftone 2 takes it even further by throwing whole comic books and videos into the mix.

We might get more students to read the style guide if we replaced the APA guide with these...
CIA Style Manual Available Online
by Sabrina I. Pacifici on Jul 4, 2014
  • “National Security Counselors law firm has obtained a copy of the CIA Directorate of Intelligence Style Manual, Eighth Edition, 2011. It is entitled Style Manual & Writers Guide for Intelligence Publications. The CIA Guide is not alone. Each of the members of the Intelligence Community - IC - have one or more Style Manuals to conform the reports and documents of that agency to a consistent writing style and usage. This is highly important to achieving clear and unambiguous communications of such matters.
  • Here is another example: the NSA SIGINT Style Guide
  • The National Security Counselors web site publishes a large number of interesting documents released under FOIA, or under litigation arising from FOIA requests.”

Friday, July 04, 2014

Local. If it crashed on my property, I'd keep it. Does the “Make my day” law allow me to shoot down the drone?
CBS in Denver reports:
A drone crashed into a Brighton man’s backyard and now the homeowner wants answers.
George Ray said the drone had a GoPro camera mounted on it and was videotaping over his property located off Interstate 76 near 136th Ave. early this morning.
Ray said he heard a strange sound outside his bathroom, “All I could hear was a ‘Beep, beep, beep.”
When he looked outside he saw a drone with a camera.
“What dummy would be flying around a drone at 3:30, 3:45 in the morning? It doesn’t make sense,” said Ray.
Shortly after the drone made an unexpected landing, “This is where it landed at. Apparently it crashed right here, fell to the ground.”
So here’s the kicker: the man turns the fallen drone into the sheriff’s department, who returned it to the embarrassed drone owner. But CBS reports that “Although what happened is not a crime, it is considered out of the ordinary.”
This hits all the “creepy” notes. I suppose one could argue that if he’d never known a drone was recording his property at 3:30 in the morning, there’s no real harm. But to think that your neighbor or a stranger is having a drone hover over your property and be recording it, well, how secure would you feel in your privacy? This incident highlights some of the issues concerning drones, privacy, and the need for regulations and a societal respect for privacy.

Making sure all those “Things” can exchange the data they gather about you?
Microsoft Joins The AllSeen Alliance Internet of Everything Open-Source Project
The AllSeen Alliance, the broadest Internet of Everything open-source project, today announced that Microsoft has joined the group’s multi-company effort as a Premier Member to make it easier for a broad range of everyday devices, objects and services to interoperate seamlessly and intelligently.
… The AllSeen Alliance was established in December 2013 to address a major challenge facing the Internet of Things, which according to McKinsey Global Institute has the potential to create an economic impact of $2.7 trillion to $6.2 trillion annually by 2025: Making sure smart connected devices and objects can work together regardless of brand, operating system and other infrastructure considerations.
AllSeen Alliance members are collaborating on a universal software framework, based on AllJoyn open source code, that allows devices to autonomously discover and interact with nearby products regardless of their underlying proprietary technology or communications protocols.

The NSA Revelations All in One Chart
by Sabrina I. Pacifici on Jul 3, 2014
By Julia Angwin and Jeff Larson, ProPublica, illustrations by Alberto Cairo: “This is a plot of the NSA programs revealed in the past year according to whether they are bulk or targeted, and whether the targets of surveillance are foreign or domestic. Most of the programs fall squarely into the agency’s stated mission of foreign surveillance, but some – particularly those that are both domestic and broad-sweeping – are more controversial. Just as with the New York Magazine approval matrix that served as our inspiration, the placement of each program is based on judgments and is approximate. For more details, read our FAQ or listen to our podcast. Also, take our quiz to test your NSA knowledge.

Only four?
Here Are Four Threats the Internet Faces in the Next Decade
… Here are four threats that came up most often in the report by Janna Anderson and Lee Rainie, with a sampling of responses plucked from Pew’s Internet Project report.
Threat 1: Meddling by Countries
Threat 2: Evaporation of Trust
Threat 3: Companies Control the Internet
Threat 4: Backlash to ‘TMI’

Perhaps my students will write an App to “summon” a drone to snap your picture.
Forget selfies -- make way for 'dronies'
Forget selfies. Those are so 2013.
Make way, instead, for a new way so show your handsome, or lovely, mug to the Internet -- a budding Web movement that combines high-tech geekery with the human desire to be seen.
Call them "dronies."
As personal drones find their way into more and more hands, folks have begun using the personal, unmanned aircraft, kitted out with video cameras, to add a little flare to the Internet's ubiquitous "look at me" self-shots.

Perspective. IBM used to make (almost) all the computers. Their mainframes owned the corporate world. Now their website talks about their Cloud services.
The Chinese Ministry of Commerce’s anti-monopoly bureau has approved Lenovo Group’s proposed $2.3 billion deal to buy IBM Corp’s low-end server business.

Perspective. Unfortunately, it is hard for CEOs to fire Board members.
Boards Still Don’t See the Value of Digital
Companies across the world are ramping up their digital initiatives, according to a new survey from McKinsey, with the C-suite increasingly leading the way. “Digitization has become a critical asset in many companies’ quest for growth,” write the report’s authors, noting the increased involvement by CEOs and other top executives.
There’s only one problem. Boards don’t seem interested.
… For firms looking to make the transition to digital but lacking supportive boards, it may be time to think about replacing a director or two. Research has shown that companies that replace three to four directors every three years outperform their peers. And even a couple digitally savvy board additions can go along way toward building support for new initiatives.

Perhaps a Rose by any other name stinks? (Well, I find this interesting.)
The effect of wording on message propagation
by Sabrina I. Pacifici on Jul 3, 2014
The effect of wording on message propagation: Topic- and author-controlled natural experiments on Twitter. In Proceedings of the 52nd Annual Meeting of the Association for Computational Linguistics (ACL’14).
“How does one make a message “successful”? Thisquestion is of interest to many entities, including political parties trying to frame an issue (Chong and Druckman, 2007), and individuals attempting to make a point in a group meeting. In the first case, an important type of success is achieved if the national conversation adopts the rhetoric of the party; in the latter case, if other group members repeat the originating individual’s point. The massive availability of online messages, such as posts to social media, now affords researchers new means to investigate at a very large scale the factors affecting message propagation, also known as adoption, sharing, spread, or virality.”

Navy has its first female four-star admiral
The Navy has its first female four-star admiral.
She is Michelle Janine Howard, promoted on Tuesday to the service's highest rank. The ceremony was held at the Women in Military Service for America Memorial at the Arlington National Cemetery, near the Pentagon.
… Howard has served 32 years in the Navy. She is a 1978 graduate of Gateway High School in Aurora, Colorado. She graduated from the U.S. Naval Academy in 1982.

Dilbert raises an interesting question. What is the opposite of a Turing Test?

Thursday, July 03, 2014

For every financial tool there are criminals. It's not the tool nor the “thrill of the chase” that attracts them, it's the money.
Brazilian ‘Boleto’ Bandits Bilk Billions
With the eyes of the world trained on Brazil for the 2014 FIFA World Cup, it seems a fitting time to spotlight a growing form of computer fraud that’s giving Brazilian banks and consumers a run for their money. Today’s post looks at new research into a mostly small-time cybercrime practice that in the aggregate appears to have netted thieves the equivalent of billions of dollars over the past two years.

Isn't this what I've been telling you?
Businesses Learn Security the Hard Way: Survey
Organizations consider defending against phishing and social engineering attacks a priority, worry about Web-facing applications, and know the importance of having an incident response plan, according to a survey of 200 senior-level IT and security professionals conducted by IT training firm TrainACE.
Some of the results painted a surprisingly rosy picture, with more than half, or 54 percent, of survey participants claiming their organizations had not been hacked or breached in the last 12 months. About 59 percent also claimed their organizations have a cyber-incident response plan. Approximately 81 percent of respondents said their companies followed a set of update guideline procedures, and 90 percent claimed to have formal password policies.
The situation was grimmer among the 17 percent who had been hacked or experienced a data breach, TrainACE found. In this group, nearly a fifth of the respondents said their companies did not have a cyber-incident response plan, but were considering one. Many of these respondents said they did not have set update guidelines and only 68 percent of the companies actually had password policies.
The full results of the survey are available online in PDF format.

No doubt this will become a legal specialization. Start studying now law school students.
Last month (and somewhat unnoticed — at least by many of us here), the International Law Committee of the NYC Bar Association released a report evaluating the legality of the U.S. drone program in the context of international law. Released on June 19, the 181-report covers a wide array of issues including related to jus ad bellum and jus in bello and evaluating the existence of an armed conflict.
… Interested readers can access the report and the executive summary from the NYC Bar Association’s website.

The Court must have realized that Google does not “create” content, and therefore only “Content Creators” are actually impacted. I wonder if there is a Google form for undoing the “Right to be Forgotten” or if they must apply to the Court?
BBC's Robert Peston: 'Why has Google cast me into oblivion?'
BBC economics editor Robert Peston has criticised Google after he said the search engine deleted some of his blogs to comply with European law.
Peston said received a “notice of removal” from Google, informing him that an article that he had published in 2007 about former Merrill Lynch boss Stan O'Neal would no longer be shown in European Google search results.
The article, “Merrill’s Mess” describes how O'Neal was forced to leave the investment bank after it endured significant losses on the back of careless investments.
… Peston pointed out on Wednesday, that this effectively means that no one will see the blog post from now on. “To all intents and purposes the article has been removed from the public record, given that Google is the route to information and stories for most people,” he wrote.
He questioned whether the content of the article was inadequate, irrelevant or no longer relevant, and therefore whether Google was justified in removing it. He adds that the action will consolidate fears present among many that the new rule is detrimental to freedom of expression.

It looks like this is dying out – no angry mobs with pitchforks and torches... Besides, users are merely things on the vast Internet of Things.
Sheryl Sandberg not sorry for Facebook mood manipulation study
On Wednesday, Facebook’s second-in-command, Sheryl Sandberg, expressed regret over how the company communicated its 2012 mood manipulation study of 700,000 unwitting users, but she did not apologize for conducting the controversial experiment. It’s just what companies do, she said.
… It seems that until now, Facebook data scientists have been pretty much free to do as they please. “There’s no review process, per se,” Andrew Ledvina, who worked at Facebook as a data scientist from 2012 to 2013, told the Journal. “Anyone on that team could run a test,” he said. “They’re always trying to alter people’s behavior.” Ledvina told the Journal that tests were so frequent that some data scientists worried that the same users might be used in different studies, tainting the results.

What is it with websites in Colorado? The Healthcare website is almost impossible to navigate and DMV can't handle a moderate volume. My students could have done better after an Intro class.
Colorado DMV website overwhelmed as noncitizens try to get driver's licenses
Late Wednesday, the Department of Motor Vehicles appointment website was still not working, the day after non U.S. citizens were allowed to start making appointments to get their driver's licenses.
… The DMV said the Schedule an Appointment website averaged 70,000 hits an hour with a high of 107,500 hits hourly.
A total of 823 appointments were scheduled.

For my Computer Science students. See why we teach so much Math?
The Hardest Roles to Hire For
Not all jobs are equally easy to fill. It’s an obvious point, but one that sometimes gets missed in the debate over whether the American economy is suffering from a “skills gap.” Companies complain that there is a shortage of talent, economists counter that if that were true it would be evidenced by rising wages. With wages stagnant, where’s the skills gap?
Into this debate comes a new report from Brookings that aims to get past discussion at the aggregate level, to determine where there are or are not skills shortages. Using U.S. job opening data collected by the firm Burning Glass, it argues persuasively that there are very real skills shortages in certain fields, namely computers and health care

Wednesday, July 02, 2014

Similar to my concern that no one is looking at logs. Managers must “control!” not just produce analysis reports that they don't bother to read.
T-Mobile charged customers for 'hundreds of millions' of dollars in bogus fees - FTC
The Federal Trade Commission filed a lawsuit Tuesday alleging that T-Mobile (TMUS) earned a windfall in recent years from third-party merchants offering bogus text message subscriptions for things like flirting tips, horoscopes and celebrity gossip. Those charges frequently weren't authorized by customers. The charges were allegedly concealed on customers' monthly bills.
As many as 40% of those customers hit with these monthly charges sought refunds, a fact that the FTC says should have been "an obvious sign to T-Mobile that the charges were never authorized." The complaint alleges that the charges took place between 2009 until December of last year, and T-Mobile had documentation of high complaint levels as early as 2012.

Perhaps this kerfuffle has legs. Releasing it on a weekend doesn't seem to have buried it.
Facebook Lawyer: That Emotion-Manipulation Study Was About Customer Service
During a session on freedom of speech at the Aspen Ideas Festival, [Another year without an invitation – and it's only a few miles up in the hills. (sigh) Bob] hosted by the Aspen Institute and The Atlantic, Facebook's Head of Global Policy Management, Monika Bickert, was asked about the emotion-manipulation study that has been a subject of controversy over the past few days.
"Do you see some regulation about this," an audience member asked, "and how free speech might be influenced by what users of social networks are shown?" What if, he continued, governments began asking Facebook to do that kind of manipulation not for science, but for politics—to affect, essentially, the moods of their citizens by asking the company to influence the content those people are shown?

Data Science: What the Facebook Controversy is Really About
Facebook has always “manipulated” the results shown in its users’ News Feeds by filtering and personalizing for relevance. But this weekend, the social giant seemed to cross a line, when it announced that it engineered emotional responses two years ago in an “emotional contagion” experiment, published in the Proceedings of the National Academy of Sciences (PNAS).
Since then, critics have examined many facets of the experiment, including its design, methodology, approval process, and ethics. Each of these tacks tacitly accepts something important, though: the validity of Facebook’s science and scholarship. There is a more fundamental question in all this: What does it mean when we call proprietary data research data science?

This will change when dumpsters are added to the Internet of Things.
John Wesley Hall writes:
New Mexico adopts the Greenwood dissent and holds that there is a reasonable expectation of privacy in trash left out for collection in an opaque bag, even in a communal dumpster. City ordinances on trash collection help create the expectation of privacy by regulating it. State v. Crane, 2014 N.M. LEXIS 245 (June 30, 2014)

CBS News reports:
While more people and places are switching to energy-saving LED light bulbs, a California company has found a way to turn them into smart networks that can collect and feed data. However, the new technological opportunities are also raising privacy concerns, reports CBS News’ Bill Whitaker.
A building in Silicon Valley is one of the few places in the country where a smart light network has been installed. They’re used primarily for security. The 40 lampposts in the parking lot holds 83 LED lights, and they’re connected to seven cameras in a seamless grid that tracks and records people’s moves.
“We do use the license plate recognition, and we also can detect people,” said Kevin Kirk, chief engineer for the Shorenstein Company, which owns the building.
The company plans to install smart lights at its properties across the country.
Read more on CBS.
Joe Cadillic, a frequent contributor to this blog, reminds us that he has been blogging about streetlamp surveillance since last year:

Concern about surveillance of US citizens. Surveillance starts with the overseas end, but if I called Evil McBadguy (or he called me), wouldn't they want to know a bit about me?
On Tuesday evening, the Privacy and Civil Liberties Oversight Board (PCLOB)—an independent body within the Executive Branch—released a major report concerning the National Security Agency’s electronic surveillance program under section 702 of the Foreign Act Surveillance Act. (The full text of the report entitled, “Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act,” is available here).
… The Executive Summary of the Report contains a section on “Legal Analysis,” a section on “Policy Analysis,” and 10 specific recommendations.

(Related) Ha! Let me repeat that for you, HA!
In a provocatively entitled essay, Are National Security Lawyers a National Security Threat? Marshall Erwin, a research fellow at the Hoover Institution and former “lead intelligence specialist” at the Congressional Research Service, asks if national security lawyers are a “security threat” because, as he claims, they “distract us from important questions about national security and intelligence community efficacy,” and “this hurts America’s national security bottom line.”
… Neither Mr. Erwin nor anyone else should be especially surprised that lawmakers concerned about the adequacy of the law would want to hear from lawyers. Given that the key issues in the post-Snowden era mostly relate to privacy and civil liberties, subjects about which lawyers – not intelligence specialists – have real expertise and experience, congressional interest in what lawyers have to say hardly should be unexpected.

How should we market our students? Perhaps a Blog titled, “Sooner or later...”
Sooner or Later You'll Get Hacked and Hire a CISO
I always thought the marketing campaign for AAA was genius; sooner or later you’ll breakdown and join AAA. A few wise individuals will hand over the cash when they proactively decide to curb their risk, and the rest will find themselves trying to sign up while stranded on the side of the highway. We’re seeing a similar storyline play out in the world of security. In our case, not only do we have a few insightful leaders recognizing the risk and others experiencing security system breakdowns – we are also seeing immense pressure from customers, regulators and shareholders.

My Computer Security students know all about encryption. This article is for the (really smart) CEO that hires them.
PGP Me: Pretty Good Privacy Explained
If you’re concerned about online and electronic privacy, encryption is the best thing to set your mind at ease. By using strong encryption protocols, you can make sure that your data is safe from prying eyes, and that only the people who you decide should see your information have access to it. One of the most common methods for encryption is called PGP, and this article will guide you through what it is, what it’s good for, and how to use it.
… How Secure Is PGP?
While it’s impossible to say that any particular encryption method is 100% secure, PGP is generally regarded as being extremely safe. The two-key system, digital signatures, and the fact that PGP is open-source and has been heavily vetted by the public all contribute to its reputation as one of the best encryption protocols. Bruce Schneier once called PGP “the closest you’re likely to get to military-grade encryption,” and says that there are “no practical weaknesses.”

BEER! There's an App for that! (Okay, a device, but connect it to the Internet of Things and I can have one waiting when I get home.)
Beer Maker Envisions Individual Pints Anywhere, Anytime
For anyone who has dreamed of one day being able to brew a personal pint of beer anywhere imaginable, the new Synek draft system hopes to make it a reality. Reminiscent of single-cup coffee brewing, Synek has the ability to serve a personal beer fresh from the tap.

For my students – particularly the Math students. Perhaps now those who assert that they “can't get math” will be less surprised when they get an “A” or “B” in my class.
Wisdom Is a Slippery Construct
Are truly wise people wise enough to know that they have a great deal of wisdom? Or does their wisdom make them acutely aware of how little wisdom they really possess? Research by Uwe Redzanowski and Judith Glück of Alpen-Adria Universität Klagenfurt, Austria, shows that there is zero correlation between self-assessments and peer ratings of wisdom, so those who think they’re wise are no more likely than anyone else to be judged as wise by their peers. Of course, it’s unclear whether peer ratings are a good measure of wisdom…

Most of the new students this quarter use Chrome. (I asked them at Orientation)
Browser Wars: Firefox vs. Chrome vs. Opera, The Definitive Benchmark
… The war between web browsers has become more diverse as Internet Explorer, the former giant of the space, has given up ground. That space has been filled by Chrome, Firefox and Opera, a trio of free competitors known across the globe.
You really only need one browser, though, and once you choose you’re likely to feel locked in as you accumulate plugins and bookmarks. We’ve taken a close look at each browser to see which comes out on top for a variety of benchmarks.

Tuesday, July 01, 2014

Interesting thought.
Susan Landau focuses on what the Supreme Court’s opinion in Riley didn’t discuss:
Riley has no discussion regarding expectation of privacy, the two-part test based on whether an individual has sought to keep certain information private and whether society views the individual’s expectation of privacy as reasonable. Expectation of privacy underlies decisions in such cases as United States v. Miller and Smith v. Maryland. In Riley, much of the information on the cell phone might have been held by third parties in the “cloud,” but the justices did not focus on that issue.
Read more on Lawfare Blog
[From the article:
In Riley, the court avoided relying on a social construct, expectation of privacy, that may be changing in ways that deeply disrupt society’s basic fabric. The justices’ reliance on search in deciding a warrant was needed provides important insight to their thinking. For privacy’s sake, one hopes this decision is a marker for future ones.

From the FTC:
The Federal Trade Commission (FTC or Commission) is an independent U.S. law enforcement agency charged with protecting consumers and enhancing competition across broad sectors of the economy. The FTC’s primary legal authority comes from the Federal Trade Commission Act, which prohibits unfair or deceptive practices in the marketplace. The FTC also has authority to enforce a variety of sector specific laws, including the Truth in Lending Act, the CAN-SPAM Act, the Children’s Online Privacy Protection Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act. This broad authority allows the Commission to address a wide array of practices affecting consumers, including those that emerge with the development of new technologies and business models.
Read their annual report, which provides examples of different types of cases, on their site (pdf).

Are most police departments too small to have adequate resources? (Tech expertise and cooperation with other organizations spread all over the globe)
Why Do We Call It Cyber Crime If We Don’t Treat It Like a Crime?
… Earlier this year, Gary Warner gave a presentation at the TEDxBirmingham conference in which he challenged the conventional wisdom of cyber crime in America. Warner is a world-renowned researcher on cyber crime and has been recognized by the FBI for his exceptional service in the public interest.
If you can spare 14 minutes, you should watch Warner’s very entertaining but informative presentation here:

(Related) Some corporations see the fight against cybercrime as “good for business.” Do they have the resources and skill to do it right?
Microsoft Darkens 4MM Sites in Malware Fight
Millions of Web sites were shuttered Monday morning after Microsoft executed a legal sneak attack against a malware network thought to be responsible for more than 7.4 million infections of Windows PCs worldwide.
In its latest bid to harness the power of the U.S. legal system to combat malicious software and cybercrooks, Microsoft convinced a Nevada court to grant the software giant authority over nearly two dozen domains belonging to, a company that provides dynamic domain name services.
… Microsoft was supposed to filter out the traffic flowing to and from those 18,400+ hostnames, and allow the remaining, harmless traffic to flow through to its rightful destination. But according to marketing manager Natalie Gogun, that’s not at all what happened.
“They made comments that they’d only taken down bad hostnames and were supposedly redirecting all good traffic through to users, but it’s not happening, and they’re not able to handle our traffic volumes,” Gogun said. “Many legitimate users that use our services have been down all day.”
Gogun said while Microsoft claimed that there were more than 18,000 malicious hostnames involved, could only find a little more than 2,000 from that list that were still active as of Monday morning. Meanwhile, some four million hostnames remain offline, with customer support requests piling up.
“So, to go after 2,000 or so bad sites, [Microsoft] has taken down four million,” Gogun said.
… The complaint against no-ip, the accused malware authors, and the rest of Microsoft’s various legal filings in this case are available at this link.

Perspective. Just in case you didn't think we have the whole world under surveillance.
– is a world-wide, real-time, community based lightning detection and lightning location network with live lightning maps. By looking at the map of anywhere in the world, you can see where the lightning currently is. Just click on the desired continent and it will tell you how many strikes there have been, and in what time-frame.

Tools & Techniques. Just because...
How to Save Tweets for any Twitter Hashtag

Maybe there is hope for America.
Reading Rainbow Breaks Kickstarter Record
The crowdfunded effort to bring back Reading Rainbow has become the most popular Kickstarter campaign of all time. At the time of writing it has gained 95,496 backers, beating the 91,585 that backed the Veronica Mars movie.
The Reading Rainbow revival originally had a target of $1 million but has smashed through that to raise at least $4.7 million. Reading Rainbow exists to encourage kids to read, which is surely more important than any piece of nonsense hardware.

For my Computer Forensics students.
The 1s and 0s behind cyber warfare
… In this engaging talk, he shows how researchers use pattern recognition and reverse engineering (and pull a few all-nighters) to understand a chunk of binary code whose purpose and contents they don't know.

Monday, June 30, 2014

It will be interesting to see how big a fuss this makes. There appears to be no specific benefit to Facebook (unlikely to attract new users or increase profits) Are there enough Facebook friends to tip the “emotional contagion” into a Class Action lawsuit or perhaps a lynch mob? (Announcement timed for a weekend to reduce the number of people who see it?)
Facebook is learning the hard way that with great data comes great responsibility
Facebook released the results of a study where its data scientists skewed the positive or negative emotional content that appeared in the news feeds of nearly 700,000 users over the course of a week in order to study their reaction. The study found evidence of “emotional contagion,” in other words, that the emotional content of posts bled into user’s subsequent actions.

Professions online.
Maanvi Singh reports on the uptick in online psychotherapy services, but notes that there are concerns not only about efficacy, but licensing and privacy. With respect to privacy, Singh reports:
Some studies suggest that therapy online can be as effective as it is face to face. “We have a lot of promising data suggesting that technology can be a very good means of providing treatment,” says Lynn Bufka, a clinical psychologist who helps develop health-care policy for the American Psychological Association.
“I don’t think we have all the answers yet,” Bufka says. There are cases where therapy online may not work, she notes. Therapists usually don’t treat people with severe issues online, especially if they are contemplating suicide. That’s because in case of a crisis, it’s much harder for online therapists to track down their patients and get them help. [Clearly, they have not been paying attention to GPS tracking. Bob]
Privacy is another a concern. Instead of Skype, many online therapy companies choose to use teleconferencing software with extra security. Arthur at Pretty Padded Room says her company takes measures to protect her clients’ records.
But it can be hard for people to know exactly how secure the website they’re using really is, Bufka says.
Read more on NPR.

Worth reading
Last week’s National Post features an op-ed written by Ontario’s Information and Privacy Commissioner Dr. Ann Cavoukian and the founder and co-chair of the Future of Privacy Forum think tank Christopher Wolf commenting if a recent European Court of Justice judgement requiring Internet search providers to remove links to embarrassing information should also be applied to Canadian Citizens. The full article is below:
A man walks into a library. He asks to see the librarian. He tells the librarian there is a book on the shelves of the library that contains truthful, historical information about his past conduct, but he says he is a changed man now and the book is no longer relevant. He insists that any reference in the library’s card catalog and electronic indexing system associating him with the book be removed, or he will go to the authorities.
The librarian refuses, explaining that the library does not make judgments on people, but simply offers information to readers to direct them to materials from which they can make their own judgment in the so-called “marketplace of ideas.” The librarian goes on to explain that if the library had to respond to such requests, it would become a censorship body — essentially the arbiter of what information should remain accessible to the public. Moreover, if it had to respond to every such request, the burden would be enormous and there would be no easy way to determine whether a request was legitimate or not. The indexing system would become swiss cheese, with gaps and holes. And, most importantly, readers would be deprived of access to historical information that would allow them to reach their own conclusions about people and events.
The librarian gives this example: What if someone is running for office but wants to hide something from his unsavory past by blocking access to the easiest way for voters to uncover those facts? Voters would be denied relevant information, and democracy would be impaired.
The man is not convinced, and calls a government agent. The government agent threatens to fine or jail the librarian if he does not comply with the man’s request to remove the reference to the unflattering book in the library’s indexing system.
Is this a scenario out of George Orwell’s Nineteen Eighty-Four? No, this is the logical extension of a recent ruling from Europe’s highest court, which ordered Google to remove a link to truthful information about a person, because that person found the information unflattering and out of date. (The scale of online indexing would of course be dramatically more comprehensive than a library indexing system.)
The European Court of Justice ruled that Google has a legal obligation to remove, from a search result of an individual’s name, a link to a newspaper containing a truthful, factual account of the individual’s financial troubles years ago. The individual, a Spanish citizen, had requested that Google remove the newspaper link because the information it contained was “now entirely irrelevant.” This concept has been described as the “right to be forgotten.” While one may have sympathy for the Spanish man who claimed he had rehabilitated his credit and preferred that his previous setback be forgotten, the rule of law that the highest European Court has established could open the door to unintended consequences such as censorship and threats to freedom of expression.
The European Court relied on the fundamental rights to privacy and to the protection of personal data contained in the Charter of Fundamental Rights of the European Union, without so much as citing, much less analyzing, one of the other fundamental rights contained in the Charter, namely the right to free expression.
Moreover, the Court did not provide sufficient instruction on how the “right to be forgotten” should be applied. When do truthful facts become “outdated” such that they should be suppressed on the Internet? Do online actors other than search engines have a duty to “scrub” the Internet of unflattering yet truthful facts? The Court didn’t say. The European Court of Justice has mandated that the Googles of the world serve as judge and jury of what legal information is in the public interest, and what information needs to be suppressed because the facts are now dated and the subject is a private person. Under penalty of fines and possibly jail time, online companies may err on the side of deleting links to information, with free expression suffering in the process.
The European Court’s own Advocate General argued that a right to be forgotten “would entail sacrificing pivotal rights such as freedom of expression and information” and would suppress “legitimate and legal information that has entered the public sphere.” Further, the Advocate General argued, this would amount to “censuring” published content. In the First Amendment parlance of the U.S. Supreme Court, the European Court’s decision may amount to “burning the house to roast the pig.” [Being quite literate, I recognize this as a reference to “A Dissertation Upon Roast Pig,” by Charles Lamb (Just showing off) Bob]
You might think this problem is limited to Europe, and that the search results in North America will remain unaffected by the Court’s ruling. But earlier European efforts to cleanse the Internet (in the context of hate speech) suggested that even materials on North American domains would be subject to European law.
As privacy advocates, we strongly support rights to protect an individual’s reputation and to guard against illegal and abusive behaviour. If you post something online about yourself, you should have the right to remove it or take it somewhere else. If someone else posts illegal defamatory content about you, as a general rule, you have a legal right to have it removed. But while personal control is essential to privacy, empowering individuals to demand the removal of links to unflattering, but accurate, information arguably goes far beyond protecting privacy. Other solutions should be explored to address the very real problem posed by the permanence of online data.
The recent extreme application of privacy rights in such a vague, shotgun manner threatens free expression on the Internet. We cannot allow the right to privacy to be converted into the right to censor.

A few items in the slideshow that I hadn't thought of. I'm clearly not thinking “ubiquitously” enough.
The Internet of Things at home: Why we should pay attention
What is the Internet of Things (IoT), exactly? If you're a consumer, then the first thing that leaps to mind might be a Nest Wi-Fi thermostat, or perhaps those smart health bands that let you monitor your activity level from an app on your smartphone.
That's part of it. But if you're an engineer, you might think of the smart sensors that General Electric embeds in locomotives and wind turbines, while a city manager might be considering smart parking meters, and a hospital administrator might envision swallowable smart pill sensors that monitor how much medication you've taken or blood pressure cuffs and blood glucose monitors that can monitor patient health in the field and wirelessly stream updates into clinical systems.
[[Note: This article accompanies our slideshow The Internet of Things at home: 14 smart products that could change your life; you can get more info about these products by checking out The Internet of Things at home: 14 smart products compared.]]

Perhaps the MPAA has outlived its usefulness? (Was it ever more that a source of amusement?)
The MPAA Targets A Subreddit & Opens Everyone’s Eyes To Free Movies
SOPA and PIPA terrified those of us who cherish the Internet for what it has become today. In light of these bills, the MPAA embarrassed itself on numerous occasions, once even citing countries like China, Iran, and Syria as role models of sorts when it comes to how they think the Internet should be censored by the US.
This week, they’re at it again, opening our eyes to a beautiful example of the Streisand effect
… The MPAA’s latest attempt at thwarting the piracy of movies on the Internet sent them after a subreddit that many people never even knew existed.
That subreddit is /r/fulllengthfilms, which up until a couple hours from before I started this post was unkempt, had an obscenity in the header, and included CSS and a general color scheme that made you want to claw your eyes out.
… In this particular case, what the MPAA needs to consider is that Reddit is not a content delivery network. The things that are posted and linked on Reddit are not uploaded or hosted on Reddit. The only things that you’ll find on Reddit are links and text. Everything linked in the /r/fulllengthfilms subreddit is hosted on servers away from Reddit, and these are the websites that they should first be targeting. [If they had gone after the hosting servers, there would have been no “Reddit kerfuffle.” Makes you wonder if this was deliberate rather than merely stupid. Bob]

We push our students to use Linkedin...
New on LLRX – Fourteen LinkedIn Tips for (the Rest of) 2014
by Sabrina I. Pacifici on Jun 29, 2014
With over 300 million users, LinkedIn is the most popular social media platform for business and professional use, and attorneys Dennis Kennedy and Allison C. Shields clearly and concisely outline how to leverage this space with smart, targeted and effective ways that positively identify you in communities of best practice, proactively communicate with peers and potential clients, and expand your business reach.