Saturday, July 19, 2014
The NSA is in the intelligence gathering business. How else can it act and still achieve its goals?
Alex Abdo writes:
Earlier today, a former State Department civil servant named John Tye published an important op-ed in the Washington Post, explaining that the NSA has created a giant loophole in Americans’ right to privacy. While we now know a good deal about the NSA’s spying on American soil, Tye explains, the NSA’s powers to conduct surveillance on foreign soil should trouble us even more.
Surveillance on foreign soil takes place under Executive Order 12333, an authority that contains few meaningful protections for the privacy of Americans.
Read more on ACLU.
Too good to be true?
– is a free smartphone app which gives you private texting and calling. Just tap “Wipe” and your messages are erased instantly, everywhere. Wiper wipes all sides of a conversation – your phone and your friend’s, as well as any temporary record kept on Wiper servers. See when messages have been read or wiped. Plus, get notified if a friend snaps a screenshot or forwards a photo or video.
[From the website:
Call worldwide for free with Wiper’s app-to-app calling. To ensure privacy, calls are encrypted and Wiper keeps no call log.
Another case of not seeing the “self-surveillance” built into the “cool technology?” (Also another case of “that only applies to second class citizens”).
The Rise of the Wedding Drone
When most people hear the word “drone,” they probably think of killing machines that patrol war zones.
Now a new kind of commercial drone phenomenon has taken off in the United States. People now use small quad copter drones to even shoot photos and videos for their weddings.
What seems like a stranger than fiction phenomenon is actually a new craze across the country. A congressman last month used a drone to record his own wedding and now is under investigation by the Federal Aviation Administration (FAA), the government agency that regulates the nation’s airspace, because the agency still has an explicit ban on drone flights for commercial purposes. New York representative Sean Patrick Maloney reportedly hired a local videography company to operate the drone to get aerial shots of his big day in New York’s picturesque Hudson Valley. Ironically, Maloney sits on the House Transportation and Infrastructure Aviation Subcommittee, which oversees the FAA.
...and then there are companies that try to grab everything the search engines are asked to remove.
There’s a “Right To Be Forgotten” Industry—and It’s Booming
… “Online image management has long been in the business of producing new content so you have a better persona online,” says Cayce Myers, a professor at Virginia Tech and legal research editor for the Institute for Public Relations. “Here they’re doing the reverse.”
Online reputation management is a growing business that is now being boosted by the E.U. ruling. For a fee that can amount to thousands of dollars a month, companies take on clients and scrub clean their search results by creating search engine-optimized content that hog up the first few pages of search results on Google.
… Bertrand Girin, the founder of a France-based reputation management company, Reputation VIP, has created a spin-off service that specifically to designed to help people make “right to be forgotten” requests to Google. Aptly named Forget.Me, it lets users choose from one of 40 boilerplate requests in nine separate categories in order to send Google a pre-formulated request. The service, which is free, allows users to bypass some of the thorny legal questions and the difficulty of properly structuring a request. “When Google put its form online, we looked at the demand from the public and we saw a gap,” says Girin. “We said, ‘let’s help people understand what their problem is.’”
Makes buying so easy you won't even notice that you bought something!
Let The Follower Beware: Facebook And Twitter Get Serious About Commerce
… Facebook is doing a “limited” test that involves putting a “Buy” button within ads on its platform. For Facebook, the big deal is that clicking on that button doesn’t take prospective purchasers out of Facebook. They can buy whatever it is that’s being advertised and go right back to lengthy brawls about politics or sharing Weird Al videos. Talk about nirvana!
For my Data Mining and Data Analysis students.
One Simple Reason You Need a Chief Data Officer
… articles and blog posts advocating for a chief data officer give me pause. On the one hand, I firmly believe data is an enterprise-wide endeavor and an incredibly important strategic asset. But I also realize I’ve become biased since covering the topic for all these years.
Data integration expert David Linthicum seems to shares my hesitation.
“I’m not a big fan of creating positions around trends in technology,” he writes in a recent Actian post.
… Nonetheless, he’s arguing that there is a very real business need for a Chief Data Officer — within the ranks of IT — because data, he writes, is not a trend.
… Linthicum offers a bulleted list of advantages that large organizations could gain from appointing a CDO. For instance, he says a CDO could help the organization achieve a common approach to data integration. I suspect that alone would pay for the position.
… Reading through his thorough and rational argument for a CDO, I realized there’s actually a very simple, single reason why a CDO makes sense: No one else is doing the job.
For my Math students.
From the MathCentre this very clear nine page leaflet describes symbols and notation in common use in Mathematics, for each symbol we learn what to say, what the symbol means and where appropriate an example is given; it is also possible to search the Math Centre site for further details.
I'd say this is something for the student bike club, but in Colorado we actually look for hills (they're much smaller than mountains).
New Google Maps 8.2 shows elevation and allows voice commands
… The maps not only show you the cycling routes, but also the elevation. Along every route, small images are placed, letting the user know about the elevation. This information helps the cyclists on deciding whether it is wise to take a route, especially when it is uphill. It estimates the slope and distance of the hill.
… Australia’s head of curriculum review, Kevin Donnelly, says that corporal punishment is “very effective.” [I'm gonna make this into a BIG poster! Bob]
… From law professor James Grimmelman, who’s been leading the charge questioning the ethics of the research and publication of the infamous “Facebook study”: a lengthy letter (PDF) demanding a retraction of the PNAS article and a review of the practices surrounding human research and social media.
For all my students. I found this article on my RSS reader.
What Is RSS and How Can It Improve Your Life?
… Just three simple words can change the way you use and consume information – forever: Really Simple Syndication, or RSS.
Functioning like a customizable, digital newspaper, RSS benefits almost everyone – from working professionals wanting to keep abreast of the latest in their field to hobbyists looking for distractions.
… RSS simplifies, organizes and delivers web content, without visiting a website.
Friday, July 18, 2014
We know this can happen, yet we choose to ignore that troubling little fact.
Report – Elite Russian hackers breached Nasdaq and inserted a digital bomb
by Sabrina I. Pacifici on Jul 17, 2014
BloombergBusinessWeek – Mike Riley: “In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq. It looked like malware had snuck into the company’s central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country. More troubling still: When the U.S. experts got a better look at the malware, they realized it was attack code, designed to cause damage… While the hack was successfully disrupted, it revealed how vulnerable financial exchanges—as well as banks, chemical refineries, water plants, and electric utilities—are to digital assault. One official who experienced the event firsthand says he thought the attack would change everything, that it would force the U.S. to get serious about preparing for a new era of conflict by computer. He was wrong.”
(Related) Gee, maybe everyone should read “The Prince.”
Global Cybercrime: The Interplay of Politics and Law
by Sabrina I. Pacifici on Jul 17, 2014
The Centre for International Governance Innovation (CIGI) - Aaron Shull, June 2014
“Examining global cybercrime as solely a legal issue misses an important facet of the problem. Understanding the applicable legal rules, both domestically and internationally, is important. However, major state actors are using concerted efforts to engage in nefarious cyber activities with the intention of advancing their economic and geostrategic interests. This paper explores the recent unsealing of a 31-count indictment against five Chinese government officials and a significant cyber breach, perpetrated by Chinese actors against Western oil, energy and petrochemical companies. The paper concludes by noting that increased cooperation among governments is necessary, but unlikely to occur as long as the discourse surrounding cybercrime remains so heavily politicized and securitized. If governments coalesced around the notion of trying to prevent the long-term degradation of trust in the online economy, they may profitably advance the dialogue away from mutual suspicion and toward mutual cooperation.”
“If you build it, they will come.” (Makes me think I should start a new blog, titled: Field of Memes.)
Hogan Lovells today published Pan-American Governmental Access to Data in the Cloud, the fifth installment in a series of White Papers examining government access to data held by Cloud service providers. Examining the right of governments in the United States and Latin America to access data in the Cloud, the White Paper concludes that the physical location of Cloud servers does not significantly affect government access to data stored on those servers, and that it is fundamentally incorrect to assume that the United States government’s access to data in the Cloud is greater than that in the Latin American countries examined.
Read more on Hogan Lovells Chronicle of Data Protection.
“As goes France, so goes only France...”
One year of Data Protection Enforcement in France: what the CNIL’s Activity Report 2013 Reveals and what to expect in 2014
Marianne Le Moullec writes:
With regards to of the CNIL’s auditing and sanctions in 2013, the CNIL’s priorities remained committed to training, promoting awareness on data protection and issuing guidance for companies. Imposing financial penalties remains an exception. Statistics of the CNIL’s auditing and sanctions activities in 2013 demonstrate this quite clearly
Read more on Proskauer
Good marketing. Now owning a multimillion dollar mansion, a yacht and a Ferrari don't mean a thing if you aren't recognized by Facebook as being a “real celebrity.” (Will you be able to opt out, so you can pretend to be humble?)
Facebook Launches New App for Celebrities Only
Facebook has launched a new app aimed at celebrities only that will let public figures more easily interact with their fans.
The app called 'Mentions' is aimed at helping the Facebook-recognised or verified celebrities manage their public figure pages on the social network.
“What we got here, is failure to communicate!”
Lawmakers ask GM to fire its top lawyer, Michael Millikin
On Thursday, a Senate subcommittee asked automaker General Motors (GM) - which is currently dealing with a safety recall crisis of sorts - to dismiss the company's chief corporate counsel, Michael Millikin.
… The report alleged that the GM lawyers did not alert the company's engineers or top executives to a potential safety issue.
Against the backdrop of Valukas' report, McCaskill questioned why Millikin has failed to inform the GM board or the US Securities and Exchange Commission of the potential for punitive damages when the cases involving faulty ignition switches were being settled by GM. McCaskill said Millikin's actions amounted to "either gross negligence or gross incompetence on the part of a lawyer."
My Math students already know this. (I hope.)
5 Cool Math Calculations You Can Do with Google Search
1.) Perform Basic Math Calculations
2.) Perform Advanced Math Computation
This includes trigonometric function, inverse trigonometric functions, hyperbolic functions, logarithms (base 10, e, and 2), exponential functions, factorial, and combinations.
3.) Convert Measures
it can convert currency, mass, length, volume, area, time, electricity, energy, and power. It is also capable of converting information (bytes, kilobytes, etc.) and number systems.
4. Set Timer or Alarm
5.) Graph Functions
Note that you can also display the Google calculator on your browser just by typing calculator on Google search.
For my researching students.
7 Free Online PDF Tools That Could Save You A Lot Of Work
Thursday, July 17, 2014
Apparently, every state is already doing this. (Note to students: You can get SAS software FREE.)
The Florida Department of Children and Families (DCF) is using data analysis to identify children and families most at risk, and thus inform how time and money is allocated. When the DCF started this project two years ago, the goal was to see fewer dead children — and that’s what the department says is happening while spying on children & families.
The SAS report helped DCF identify what the highest-risk children looked like on paper, creating a detailed profile. “We needed to understand a lot more of the common factors in those cases,” Carroll said, “and we needed to be able to take that information and refine what we were doing from a case practice standpoint to see if we couldn’t intervene in a more effective way to prevent some of those child deaths.”
Florida is one of 50 states [So, all of them? Bob] conducting the Behavioral Risk Factor Surveillance System (BRFSS) with financial and technical assistance from the Centers for Disease Control and Prevention (CDC).
Read more on MassPrivateI..
(Related) Did anyone ask why they started doing this? Was anyone in charge? Anyone?
It’s been an issue in Minnesota for years, but now WTHR alerts the public that Indiana also stores newborns’ blood and DNA without parental consent. Bob Segall reports:
As word of an Eyewitness News investigation spreads through Holliday Park, parents admit they are surprised.
“You’re kidding, right? I had no idea,” said Ramon Moore, playing catch with his 7-year-old son, Xavier.
“I didn’t know that at all,” agreed Holly Ruth, holding her 3-month old son, Lincoln.
“Nobody ever told me,” echoed Mallory Ervin, chasing her 4-year-old son, Theo, on the playground.
Xavier, Lincoln, Theo and millions of other Indiana children all have something in common: the state of Indiana is storing their blood and DNA in an undisclosed state warehouse.
“I’m curious why they didn’t share that,” said Ervin. “It now makes me think ‘what are they hiding?’ As a parent, I’d absolutely like to know.”
13 Investigates has discovered the Indiana State Department of Health is holding the blood samples of more than 2.25 million Hoosier children – without their parents’ permission. If your children were born in Indiana since 1991, chances are their blood and DNA is among the state’s massive collection.
Following WTHR’s investigation, state health officials are now seeking input on what to do with the blood samples after admitting they don’t have the consent needed to use them for anything.
Read more on WTHR.
(Related) When your hammer is substance abuse, every patient looks like a nail? If the doctors tell you they need this information to treat your broken leg, would you be in a position to refuse to answer?
Massachusetts General Hospital plans to begin questioning all patients about their use of alcohol and illegal drugs starting this fall, even if they are at MGH for a totally unrelated issue.
Dr. Sarah Wakeman, director of substance abuse disorders at Mass. General, told WBZ NewsRadio 1030’s Carl Stevens the purpose is to make substance abuse treatment part of mainstream medical care.
Read more on CBS.
Students: Should we start a Surveillance degree or just a specialization under Criminal Justice and Homeland Security?
From Public Intelligence:
The following presentation was produced by an Ohio-based company called Persistent Surveillance Systems that produces systems for wide area surveillance of large sections of a city for law enforcement purposes. The company has been the focus of numerous media reports over the last few months, including a long profile in the Washington Post and a recent video piece produced by PBS and the Center for Investigative Reporting. Despite several pieces about the company, no outlet has provided the public with access to the promotional materials that the company is providing to journalists.
Public Intelligence has made the materials available for download on their site (pdf).
(Related) I wonder what happens if you refuse?
Jon Cassidy reports:
The Texas Department of Public Safety has quietly embarked on a project to take the fingerprints of every Texan old enough to drive over the next 12 years, and add them to a statewide criminal history database.
Not only has the department made that momentous decision on its own, it doesn’t even have clear legal authority to do so.
Read more on Watchdog.org.
[From the Dallas News article:
Quietly, earlier this year, the Texas Department of Public Safety began requiring full sets of fingerprints from everyone who obtains a new driver’s license or photo identification card. This applies to those who come in as required for periodic renewals, but it doesn’t apply to mail-in renewals.
… Previously, DPS took only a thumbprint.
“We know where you are, we know what you search for, we know what you buy. What makes you think we don't know everything?”
Erin McCann writes:
Sure, HIPAA adds a layer of privacy protection for certain health data — if organizations actually comply with it — but there remains myriad avenues of mining health data and selling to the highest bidder that do not fall under the purview of HIPAA’s privacy and security rules. And they may surprise you.
Anything from what health data one Googles, to what medical products you purchase through online retailers are fair game for data brokers. What’s more, these companies are not liable under HIPAA and are able, without an individual’s consent, to track and collect health data for various purposes, says a new July report from the California Healthcare Foundation.
Often unknown by consumers, data elements including Googling for health data; using medical-related social networks; purchasing health products through online retailers; entering retail store preferences and locations into smartphones; or even buying any item related to health like fast food and cigarettes, can all be tracked.
Read more on HealthcareITNews.
I'm shocked, shocked I tell you!
Global Survey: Widespread Opposition to US Communications Surveillance, Drones
by Sabrina I. Pacifici on Jul 16, 2014
“A new survey from Pew Research finds overwhelming opposition to the US monitoring of emails and phone calls. There appears to be little variation by region or culture, with high levels of opposition found in countries in Europe, South America, Asia, and the Middle East. According to the survey “Global Opinions of U.S. Surveillance,” the four countries that believe US surveillance is acceptable are the United States, the Philippines, India, and Nigeria. A related Pew Survey found widespread opposition to drone strikes. For more information, see EPIC: Public Opinion on Privacy.”
Not sure it's “excellent,” but may be worth looking at.
Parker Higgins and Katitza Rodriguez write:
The UN High Commissioner on Human Rights has released an excellent report today on the right to privacy in the digital age, blasting the digital mass surveillance that has been taking place, unchecked, by the U.S., the U.K, and other world governments. The report is issued in response to a resolution passed with unanimous approval by the United Nations General Assembly in November 2013. That resolution was introduced by Brazil and Germany and sponsored by more than 50 member states.
Read more on EFF.
Another case of poor reporting? The “double-blind” reported here must be missing something. Unless Nielsen has access to the mobile devices Facebook will have to pull the name of the show and assign it a number on their servers. If Nielsen has access to the mobile devices, why do they need Facebook?
Facebook, Nielsen will soon track your TV habits on tablets, smartphones
Attempting to get a better grasp on how many television shows consumers are watching on mobile devices, the Nielsen company is partnering up with Facebook in order to track television viewing habits of U.S. consumers. According to representatives of the social network, if you have logged into Facebook on a mobile device, Facebook has the ability to pull data about what the user is watching on the device assuming the user hasn’t specially opted out of tracking. Detailed by the Los Angeles Times, the tracking collaboration should kick off as the Fall 2014 television season goes into full swing.
While privacy advocates aren’t thrilled at this collaboration, the two companies are keeping the data anonymous be using a double-blind study. Basically, Nielsen assigns numbers to the names of television shows and supplies those to Facebook. Facebook isn’t aware of which numbers correspond to which shows. In return, Facebook returns an aggregate of the age and gender of all Facebook users that watched a specific television show.
“Ready! Fire! Aim!” Perhaps they didn't think this through.
EU Invites Google, Microsoft to Discuss 'Right to Be Forgotten'
European Union privacy watchdogs plan to raise concerns about the implementation by Google Inc. of the bloc's new "right to be forgotten" rule at a meeting with search engines next week, EU privacy officials said Thursday, raising the specter of a conflict over the implementation of the controversial court decision.
The main body grouping and the EU's 28 national privacy regulators have invited Google, Microsoft Corp. and Yahoo Inc. to a meeting next Thursday in Brussels to discuss the surprise May ruling that gives individuals the right to request the removal of information about them from search results, the officials said.
Microsoft confirmed that it plans to attend the meeting. Google and Yahoo have said they plan to cooperate with privacy officials, but declined Thursday to comment on any specific meetings.
The ruling has already become a battleground in the war over where to draw the line between freedom of speech and the right to online privacy in an era of instant access to data.
… One flash point is Google's refusal to remove name-search results from its main Google.com search engine. It prefers to make a narrower removal of name searches in the European versions of its search engine, such as google.fr or google.co.uk. That position has already raised hackles with regulators in Germany and elsewhere, privacy officials have said.
The value of “Big Data” comes only with analysis.
Pratt & Whitney Taps IBM to Capture Value of Big Data to Improve Aircraft Engine Performance
… "Today's aircraft engines can generate up to a half terabyte of data per flight. This data deluge can be made into a critical resource if coupled with predictive analytics, creating a valuable asset for early warning or fault detection and improved visibility in to the overall health of aircraft engines," said Alistair Rennie, general manager, Business Analytics, IBM. "By applying real time analytics to structured and unstructured data streams generated by aircraft engines, we can find insights and enable proactive communication and guidance to Pratt & Whitney's services network and customers."
This could be cool.
Amazon appears to be testing an unlimited Kindle ebook subscription
Amazon.com appears to be testing a new subscription model that would give members all-you-can-read access to more than 600,000 ebooks for $9.99 a month.
The Kindle Unlimited program was first spotted by eagle-eyed users over at a Kindle forum. Most details have since been removed from Amazon's website, although a cached version can be viewed here.
… The bulk of titles appeared to be from smaller publishers.
… The program also appears to include access to thousands of audiobooks.
… Kindle Unlimited would compete with similar offerings from digital libraries Oyster and Scribd. Oyster offers unlimited access to more than 500,000 books for $9.95 a month. Scribd users, meanwhile, can read unlimited books for $8.99 a month.
For my iStudents...
The Best iPhone OCR Apps Tested
For those of us dedicated to going paperless, the ability to scan documents and have the text recognized and converted to text is an essential time saver.
There are many iOS apps that scan and manage documents, but apps with optical character recognition (OCR) are a little more difficult discern for their features and effectiveness.
PDFpen Scan+ ($6.99)
Pixter Scanner OCR ($2.99)
Wednesday, July 16, 2014
Local: Another “we don't need no stinking encryption” breach. Also note that one of the first things we teach our Computer Security students is how to bypass “password protection.” (Who write these headlines? Did the laptop really cause the breach?)
Stolen laptop causes security breach for DougCo schools
… The district sent a letter to all of its employees recently stating the stolen computer contained some workers' Social Security numbers and bank account information.
The district said the computer was password protected but were notifying employees out of an "abundance of caution."
(Related) One of many, many encryption options.
Bring-Your-Own-Encryption: Is It the Right Choice for Your Enterprise?
Following the recent issues surrounding encryption and encryption tools, some organizations are turning to Bring-Your-Own-Encryption (BYOE), but experts warn that there are some aspects that need to be take into consideration before making the move.
To learn more about the advantage, disadvantages and the challenges posed by BYOE, SecurityWeek reached out to several experts in the field.
BYOE is a cloud computing security model that enables organizations [NOT indoviduals. Bob] to use their own encryption software and manage their own encryption keys. This is done by deploying a virtualized instance of the encryption software alongside applications hosted in the cloud to securely encrypt data.
Did you think you were immune?
1 in 6 Say Their Organization Had At Least 5 Significant Security Incidents in Past Year: Survey
A new report from ForeScout Technologies described a challenging world for IT security - one where one in six IT pros say their organization has had five or more significant security incidents in the past year.
The research, titled the '2014 Cyber Defense Maturity Report', was conducted by IDG Connect and features responses from 1,600 IT information security decision makers in organizations with more than 500 employees across five industries in the U.S. and Europe.
… Ninety-six percent of the 1,600 respondents said their organizations had at least one significant security event in the last 12 months, while 39 percent said there had been two or more. Though the majority of those surveyed said they were aware that some of their security measures were immature or ineffective, just 33 percent had high confidence their organizations would improve those controls.
"The top five sources of compromise recorded by survey respondents were phishing attacks, compliance policy violations, unsanctioned device use, unsanctioned application use and [unauthorized] data access, with as much as 25 percent of organizations across all vertical sectors experiencing five or more instances of phishing specifically in the past 12 months," according to the report (PDF).
This should be obvious. Apparently, it isn't.
Why Prompt Breach Notification Is Important
… According to a 2014 Identity Fraud Report by Javelin, nearly 1 out of 3 data breach victims in 2013 suffered identity fraud, compared with 1 in 9 in 2010. Obviously the connection between data breaches and fraud is growing. But the good news is that consumer awareness of breaches – and the potential for fraud on their accounts – is on the rise, too. This is probably because so many people have been notified one or more times about their personal data being compromised.
But notification is a good thing because it often prompts consumers to sign up for email or mobile alerts about their credit or checking accounts or to put fraud alerts on their credit reports. This makes data breach victims 15% less likely to suffer multiple fraud events compared with all fraud victims (i.e., the fraud doesn’t necessarily stem from a breach).
Tools & Techniques. Security for every small business. Something like this might work for lawyer-client communication... Just thinking...
Wireless Live CD Alternative: ZeusGard
I’ve long recommended that small business owners and others concerned about malware-driven bank account takeovers consider adopting a “Live CD” solution, which is a free and relatively easy way of temporarily converting your Windows PC into a Linux operating system. The trouble with many of these Live CD solutions is that they require a CD player (something many laptops no longer have) — but more importantly – they don’t play well with wireless access. Today’s post looks at an alternative that addresses both of these issues.
… The device I’ll be looking at today is not free, nor is the the tiny dongle that enables its ability to be used on a wireless network.
… The device, called ZeusGard, is a small, silver USB flash drive that boots into a usable browser within about 30 seconds after starting the machine. The non-writeable drive boots directly into the browser (on top of Debian Linux), and if your system is hard-wired to your router with an Ethernet connection, you should be good to go.
… At $24.95 for the basic ZeusGard and $14.95 for the wireless adapter, this device is likely to be more appealing to small businesses than the average Internet user.
Self-surveillance – 'cause you don't know where you've been?
– automatically records any walking, cycling, and running you do. You can view the distance, duration, steps, and calories burned for each activity. The app is always on, so there’s no need to start and stop it. Just keep your phone in your pocket or your bag. The app consumes battery power, so nightly charging is recommended.
– With visits you can browse your location histories and explore your trips and travels. The unique map timeline visualization shows the places you have visited and how long you have stayed there. Add photos from Flickr to your visits and share your journey with your family and friends. Visits works with geo-tagged Flickr albums, data from Openpaths and Google Location Histories.
The “Right to be Forgotten” falls on hard times. I told you there would be a market for this service.
What Has Been Hidden From Google?
Hidden From Google is a new effort to track search results being hidden from Google as a result of the “right to be forgotten.” There are currently only a handful of examples of articles that have disappeared from Google search results, but Afaq Tariq, who created Hidden From Google, is asking for more tip-offs from eagle-eyed users.
As a rather fitting irony, the original articles are once again appearing in search results as a consequence of appearing on Hidden From Google. And people’s attentions are more likely to be drawn to them now than they were previously. The Streisand Effect strikes yet again.
One of those, “what's going on here” moments. Strangely, it looks like Western Union (and other “currency exchanges?”) sell the city stickers.
Clerk’s Office Extends Deadline For City Stickers After Outages
… Major outages with the city’s computer system led to long delays at currency exchanges throughout the city as Chicagoans raced to meet the original deadline of midnight Tuesday.
Another reason to move my students into the Cloud. (Does this mean Amazon gets to arm their drones?)
The partnership between the CIA and Amazon will revolutionize intelligence
The intelligence community is about to get the equivalent of an adrenaline shot to the chest. This summer, a $600 million computing cloud developed by Amazon Web Services for the Central Intelligence Agency over the past year will begin servicing all 17 agencies that make up the intelligence community. If the technology plays out as officials envision, it will usher in a new era of cooperation and coordination, allowing agencies to share information and services much more easily and avoid the kind of intelligence gaps that preceded the Sept. 11, 2001, terrorist attacks.
… For the risk-averse intelligence community, the decision to go with a commercial cloud vendor is a radical departure from business as usual.
Another opportunity for my Ethical Hackers.
Google On Quest To Hire Elite Zero-Day Hackers
… On Tuesday Google said it would create a new, “well-staffed” security team called Project Zero with the objective to significantly reduce the number of people harmed by targeted attacks.
“You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” Chris Evans, Researcher Herder at Google wrote in a blog post Tuesday. “Yet in sophisticated attacks, we see the use of “zero-day” vulnerabilities to target, for example, human rights activists or to conduct industrial espionage.”
This needs to stop, Evans said.
… Under Project Zero, Google says it will be committed to transparency, explaining that every bug they find will be entered in an external database.
– is described as a “browser for the HTML5 era”. Everything in the browser is a module, a web-app running in its own process. Construct your own browsing experience by selecting the right modules for you. The entire technological stack is open-source. Modify existing modules and create your owns to extend the behavior of Breach.
Al may be Weird, but he's also a genius.
Weird Al Details ‘Word Crimes’
Weird Al’s latest song, Word Crimes, tackles the tricky subject of bad grammar, particularly on the Internet. Word Crimes is a cover of Blurred Lines by Robin Thicke, but the original misogynistic lyrics have been replaced by examples of common grammatical errors.
As a grammar Nazi who has previously argued that typos need to be eradicated, I love Weird Al for writing this song. Let’s just hope people take notice of Word Crimes and stop making the ridiculous mistakes he rallies against.
Tuesday, July 15, 2014
Now here's an article I think every manager should read.
Trust but Verify: How Security Loopholes Can Undermine Online Compliance Training
Compliance training and supervision has always been the first line of enterprise- defense against legal, operational and reputational risk. Now, it is increasingly the final line of defense that determines how enforcement officials view an institution and, in turn, exercise their considerable discretion in assigning liability for regulatory violations.
Corporations face an evidentiary burden built upon the foundations of the late Senator Howard Baker’s Watergate inquiries. Institutions must not only be able to respond to the question, “What did you know, and when did you know it?”– they also must have a credible answer for: “What did you do to prevent this?”
By the same logic, does this ban the taking of fingerprints? How about mug shots?
VT: Pre-conviction DNA testing of arrestees after arraignment violates the search provision of state constitution
John Wesley Hall writes:
In a comprehensive opinion, the Vermont Supreme Court held Friday that pre-conviction DNA testing of arrestees after arraignment violates the search provision of the Vermont Constitution. It failed every point of analysis. State v. Medina, 2014 VT 69, 2014 Vt. LEXIS 71 (July 11, 2014)
Read more about this case on FourthAmendment.com.
Apparently, there is no specific penalty for stupidity. (There but for 50 or 60 IQ points, go I?)
Mex Cooper reports:
A medical centre that kept sensitive health records of nearly 1000 patients in a garden shed on a disused property in Melbourne’s south-east has been reprimanded for breaching privacy laws.
Boxes of records containing the personal details of patients were discovered at the Narre Warren South site when the shed at the Amberley Park Drive property was broken into in November 2013.
Australian Privacy Commissioner Timothy Pilgrim investigated and found the medical centre that owned the property had breached the Privacy Act by failing to properly secure the information.
The neglected files included names, addresses, Medicare numbers, dates of birth, occupations and results of medical investigations of about 960 patients who used the Amberley Park Medical Centre that operated at the address until April 2011. Most of the records related to patients who visited the centre prior to 2004.
Read more on The Age. I’d say the centre got off really easy – too easy – if all it has to do is do what it should have done in the first instance. What do you think?
“Look, you're just an ignorant parent. We're trained educators. You don't need to see the data we've been gathering for the government. Just trust that anything we tell you must be true.”
Student Data Tied To Common Core Off-Limits To Parents
States that were awarded grants from President Obama’s Race to the Top (RttT) stimulus bill program agreed to implement the Common Core standards and to comply with the “Four Assurances,” one of which was the requirement of “Building data systems that measure student growth and success.”
The problem? Private student data is off-limits to parents.
In July of 2009, U.S. Secretary of Education Arne Duncan said, ”[W]e have more than $300 million available to help states build data systems that will drive reforms.”
In Colorado, for example, in addition to its $73 million RttT award, the state also received $17.4 million additional dollars to build the State Longitudinal Data System (SLDS) in 2010. Since all states now have an SLDS database, regional data centers have also formed that allow states to share and compare student data, creating what amounts to a national database of student information.
As Watchdog Wire reported in late June, local Colorado school districts are collecting detailed educational and psychological data on their students for use by private companies and the federal government. Parents, however, are having a hard time getting their hands on their own children’s information.
I think this takes us back to a “Black Hole” for data. Load the data without alteration into a trusted database. Provide only summarized answers to researchers – no actual data fields. Of course it's not perfect but is it adequate?
No silver bullet: De-identification still doesn’t work
by Sabrina I. Pacifici on Jul 14, 2014
“Paul Ohm’s 2009 article Broken Promises of Privacy spurred a debate in legal and policy circles on the appropriate response to computer science research on re-identification techniques. In this debate, the empirical research has often been misunderstood or misrepresented. A new report by Ann Cavoukian and Daniel Castro is full of such inaccuracies, despite its claims of “setting the record straight.” In a response to this piece, Ed Felten and I point out eight of our most serious points of disagreement with Cavoukian and Castro. The thrust of our arguments is that (i) there is no evidence that de-identification works either in theory or in practice and (ii) attempts to quantify its efficacy are unscientific and promote a false sense of security by assuming unrealistic, artificially constrained models of what an adversary might do. Specifically, we argue that:
- There is no known effective method to anonymize location data, and no evidence that it’s meaningfully achievable.
- Computing re-identification probabilities based on proof-of-concept demonstrations is silly.
- Cavoukian and Castro ignore many realistic threats by focusing narrowly on a particular model of re-identification.
- Cavoukian and Castro concede that de-identification is inadequate for high-dimensional data. But nowadays most interesting datasets are high-dimensional.
- Penetrate-and-patch is not an option.
- Computer science knowledge is relevant and highly available.
- Cavoukian and Castro apply different standards to big data and re-identification techniques.
- Quantification of re-identification probabilities, which permeates Cavoukian and Castro’s arguments, is a fundamentally meaningless exercise.
Data privacy is a hard problem. Data custodians face a choice between roughly three alternatives: sticking with the old habit of de-identification and hoping for the best; turning to emerging technologies like differential privacy that involve some trade-offs in utility and convenience; and using legal agreements to limit the flow and use of sensitive data. These solutions aren’t fully satisfactory, either individually or in combination, nor is any one approach the best in all circumstances. Change is difficult. When faced with the challenge of fostering data science while preventing privacy risks, the urge to preserve the status quo is understandable. However, this is incompatible with the reality of re-identification science. If a “best of both worlds” solution exists, de-identification is certainly not that solution. Instead of looking for a silver bullet, policy makers must confront hard choices.”
From a collection of articles...
[For my Ethical Hackers:
British Spies Manipulate The Internet
Another day, another revelation into how the security services are affecting our everyday lives. This one concerns British spies working at GCHQ (Government Communications Headquarters) who, according to documents obtained by NSA whistleblower Edward Snowden, regularly manipulate the Internet.
As detailed by The Intercept, the Joint Threat Research Intelligence Group (JTRIG) allegedly has the capability to
“change [the] outcome of online polls,” [and online elections? Bob]
enact the “disruption of video-based websites hosting extremist content,”
“artificially increase traffic to a website,” and
launch a “distributed denial of service using P2P,” amongst other things.
This document has been revealed at a time when the British Government is rushing through legislation giving them greater surveillance powers over ordinary citizens.
Oh, the horror, the horror... Wait a minute. Maybe they just like my blog?
Your Interest in Privacy Will Ensure You’re Targeted By The NSA
Have you ever wondered if you’re on an NSA observation list? Turns out that if you’ve even thought about it (or online privacy in general), you’re probably more likely to be on one. A few concerning news updates regarding mass surveillance by the NSA within the past week, including revelations from an analysis of the XKeyscore data collection system, have given us an idea of who might be among the NSA’s “targeted” individuals.
Dilbert illustrates the slippery slope of Privacy.
If I know all your friends, can't I easily deduce your identity by seeing who is NOT listed?
Secret App Raises $25 Million, Shifts Focus
The fast-growing anonymous mobile app Secret said Monday it had raised $25 million in venture capital and would expand as a social network connecting Facebook friends.
A new feature announced by Secret -- which up to now was an anonymous messaging board -- allows users to log in with Facebook and share with friends without revealing their identities.
"Facebook Login has been our top requested feature, for good reason," the Secret team said in a blog post. "Our community members want more friend content in their stream, beyond simply the contacts from their phone.
Facebook Login gives any user the option to (completely anonymously) connect Secret to Facebook and populate your stream with Facebook friends."
Next, Congress will want the FDA to approve all hand-held technology.
Got a rash? iPad, other devices might be the cause
Recent reports in medical journals detail nickel allergies from a variety of personal electronic devices, including laptops and cellphones.
… Jacob said evidence suggests nickel allergies are become more common, or increasingly recognized. She cited national data showing that about 25 percent of children who get skin tests for allergies have nickel allergies, versus about 17 percent a decade ago.
For my students and a few friends I've been trying to talk into writing a blog. (You know who you are!)
Turn Your Blog Into a Book
BlogBooker is a free service that allows you to turn your the contents of your Blogger blog into a PDF. Using BlogBooker is a fairly straight-forward process. BlogBooker walks you through each step of the process except for the very first step which might sound a little too "techy" for some Blogger users, but it's actually quite easy. The first step in using BlogBooker is to export the contents of your blog as an XML file. This is actually easy to do in Blogger. Step one is to open the "settings" menu of your Blogger blog. Step two is to select "export blog" under "basic" menu. Step three is to click "download." Don't worry, exporting the contents of your blog will not remove any content from your blog. After you've completed the export process, jump over to BlogBooker and follow their directions for completing the transition from XML file to PDF.
Applications for Education
Turning a classroom blog into a book is a great way to show students and their parents how much they have written in a semester.
Perhaps someone who actually teaches this stuff can set me straight. Is this useful?
Storyboard That Releases New Teacher Guides
Storyboard That provides templates in which you can create your stories in a comic strip style. To help you create your story Storyboard That provides dozens of scenes, characters, and text bubbles to fill your storyboard's frames. Each element that you drag into your storyboard's frames can be re-sized, rotated, and re-positioned to your heart's content. Your completed storyboard can be saved as a comic strip, saved as a set of images (one image for each frame), or saved as a set of PPTX slides.
This week Storyboard That added three new guides for teaching classic literature with storyboards. The new guides provide great ideas for teaching Macbeth, Romeo & Juliet, and The Great Gatsby with storyboards. Each of the guides include a set of essential questions, alignment to Common Core standards, and templates for character analysis. The templates also include ideas for using comics in which students analyze the elements of plot in each story.
A heads-up for my students.
Scams target people struggling with student loan debt, Illinois says
… Broadsword Student Advantage LLC, requested money upfront, Brown said. It wanted $299 the first month, $199 the second month, then $99 — then the student-loan reduction would kick in, she said.
"If it sounds too good to be true, it probably is," she said.
When she called the U.S. Department of Education, a representative warned her against giving money to debt-settlement firms. The federal program that the company said she could use — the Public Service Loan Forgiveness Program — wouldn't take effect until 2017, he said, according to Brown.
For my students, who never heard of note taking Apps...
5 Ways To Get Productive With Microsoft OneNote
… It was about two years ago that Saikat described just how awesome OneNote can be. In that article, he explained that you could sync your offline OneNote to itsAndroid or iPhone apps – transforming this desktop organizational tool into a mobile productivity toolkit.