Saturday, October 11, 2014

For my Ethical Hackers, a challenge: I don't think anyone liked the conclusions we reached at yesterday's Privacy Foundation seminar. As the world fills (and I mean that literally) with sensors connected to the Internet, it will be increasingly difficult to avoid, evade or escape being “sensed” as you move through the world.
Marriott found a way to force your wifi devices to use their wifi so they could charge you for that “service.” The FBI can force your cell phone to connect via their “simulated” cell phone towers, so they can collect metadata (and perhaps intercept your conversation).
If we can collect similar technologies to override all the sensors we might contact and make it small enough to carry in your pocket, we could become a “roach motel” for sensor data. Data enters but never leaves.
Our task then is to replace the actual sensor data with simulated data that properly reports that it has “nothing to report.” This is significantly more difficult than using a certain law school professor's name on your King Sooper's loyalty card. We will need to identify each unique type of device (and there will be thousands upon thousands) and then generate an accurate “false signal.”
Merely blocking all sensor data turns us into a “Black Hole” which flags us as “highly suspicious, probably terrorists” and may automatically summon the black helicopters or even a drone-launched smart bomb.
I'm not sure that even IBM's Watson could do this. (But it might be fun to try.)

(Related) Knowing the tools used to surveil you, allows you to take anti-surveillance measures.
Hackers Show the NSA's Capabilities Are Not Magic
A group of security researchers, hardware hackers, hardware developers and hobbyists have set out to demonstrate that many of the tools similar to those used by the United States National Security Agency (NSA) for surveillance operations can be reproduced on a low budget with open source software and hardware components. The project, called the "NSA Playset," came out of a collaboration between security researcher Dean Pierce and Michael Ossmann, founder of Great Scott Gadgets. Shortly after the NSA's ANT catalog was leaked online, they recruited several others who had already implemented or were working on implementing capabilities that were similar to the ANT tools.
The ANT catalog is a 48-page classified document containing information on the technologies used by the NSA's Tailored Access Operations (TAO) unit for cyber surveillance. The document is one of the many files obtained by the former NSA contractor Edward Snowden.


Local. See how easy it is to “breach” privacy? If they had put the survey in an envelope, there would have been no breach.
Colorado health officials announce privacy breach
Colorado health officials say they accidentally violated the medical privacy of about 15,000 people in a recent postcard mailing.
… Whether someone receives behavioral health care services is considered protected private medical information.


Soon it will be easier to list the retailers who have not been breached.
Kmart Stores Hit by Data Breach
Sears Holdings Corp. said the payment systems at its Kmart stores were breached by malicious software, the latest in a string of major retailers that have been successfully attacked by hackers.
The breach, believed to have started in early September, was discovered Thursday, Sears said, noting some debit and credit-card numbers of customers who shopped at Kmart were compromised.
… Chris Brathwaite, a Sears spokesman, declined to say how many credit and debit cards were affected. [They don't know? Bob]


Not the most compelling argument, but still worth watching this 20 minute video.
Why Privacy matters
Glenn Greenwald was one of the first reporters to see — and write about — the Edward Snowden files, with their revelations about the United States' extensive surveillance of private citizens. In this searing talk, Greenwald makes the case for why you need to care about privacy, even if you’re “not doing anything you need to hide."


I could use this in my classroom. Smile and nod, your grade goes up. Frown and shake your head, your grade goes down.
Joe Cadillic sends along this eyebrow-elevating news from BBC:
A comedy club in Barcelona is experimenting with charging users per laugh, using facial-recognition technology to track how much they enjoyed the show.
The software is installed on tablets attached to the back of each seat at the Teatreneu club.
Each laugh is charged at 0.30 euros (23p) with a cap of 24 euros (£18). Takings are up so far.
The project was developed to combat falling audience numbers.
Partnering with advertising agency The Cyranos McCann, the experiment was a reaction to increased government taxes on theatre tickets, which in turn led to drastic drops in audience numbers.
Read more on BBC.
OK, but apart from the obvious surveillance/privacy issues, wouldn’t this encourage the audience not to laugh too much – so they save money?


Would this money be better spent ensuring that all students have digital tools? That they are trained to use them? That they work better than non-digital tools?
Benjamin Herold reports:
The National Science Foundation earlier this month awarded a $4.8 million grant to a coalition of prominent research universities aiming to build a massive repository for storing, sharing, and analyzing the information students generate when using digital learning tools.
The project, dubbed “LearnSphere,” highlights the continued optimism that “big” educational data might be used to dramatically transform K-12 schooling.
It also raises new questions in the highly charged debate over student-data privacy.
Read more on Education Week (reg. Required).


I suppose it's always a matter of interpretation. I look at this as proof that there was no plan for dealing with “too big to fail” bank failures, and that they are scrambling to come up with one. Eventually, they will need to through someone off the troika to appease the wolves.
US and UK to play financial ‘war game’
Britain and the US will stage the first transatlantic simulation of a crisis in a large bank on Monday. It is a sign of growing confidence that the authorities can now deal with the failure of large institutions.
All of the main players who would need to be involved in a failure of a company such as Bank of America, Goldman Sachs, Barclays or HSBC will gather in Washington DC to make sure they would know what to do, who to call and how to inform the public.
The move reflects the authorities’ view that they are getting close to solving the “too big to fail” problem, even for cross-border banks, outside a full-blown system-wide crisis.


Biometrics: Be sure to bring your (someone's) finger!
Check in with your finger: Alaska Airlines testing ‘e-thumb’ technology
Physical boarding passes — and even mobile ticketing — may be a thing of the past if the new “e-thumb” technology that Alaska Airlines is currently testing catches on.
Bloomberg reports that the Seattle-based airliner has installed fingerprint readers in four of its airport lounges as a way for fliers to check-in without having to show an employee a boarding pass and physical identification.


Logic like this is what convinces me I'd never make it as a lawyer.
Andy Greenberg reports:
Lawyers for Ross Ulbricht have spent the last two months shifting the focus from their client, charged with creating the billion-dollar drug market the Silk Road, and putting it onto the potential illegality of the FBI’s investigation. Now the judge in that case has spoken, and it’s clear she intends to put Ulbricht on trial, not the FBI.
In a 38-page ruling Friday, Judge Katherine Forrest dismissed the defense’s motion to suppress evidence that hinged on the argument that law enforcement had violated Ulbricht’s Fourth Amendment right to privacy from unreasonable searches.
Read more on Wired.
[From the article:
But the Judge’s rejection of that argument comes down to what may be seen as a fateful technicality: she argues that even if the FBI did hack the Silk Road server, Ulbricht hadn’t sufficiently demonstrated that the server belonged to him, and thus can’t claim that his privacy rights were violated by its search.


Definitely, positively, absolutely something for my students! Can we find one that does this on other phones?
– is an Android application, which offers a solution to those who wish to keep their mobile phones on silent mode for specific geographical locations, time, occasions and for specific contacts. You simply need to provide the desired conditions – occasions, times and geographical locations when you would like to keep your mobile silent.


I probably shouldn't laugh at these...
… For-profit giant Kaplan University launchesOpen College,” which “will include free online services and personalized mentoring to help people identify and organize prior experience and skills that could count toward a degree or move them closer to a new career.
The Academy of Art University used to grant students permanent licenses for the Adobe CS6 Master Collection as part of their tuition. But apparently Adobe has deactivated these licenses, without any warning, demanding students now pay a $60/month subscription fee to continue access.
… Hackers have released a cache of 13GB of Snapchat users’ photos. Although users believe Snapchats disappear after viewing, a third-party app has apparently been collecting these images for several years. About half of Snapchats’ users are between age 13 and 17. “4chan users say the collection of photos has a large amount of child pornography, including many videos sent between teenagers who believed the files would be immediately deleted after viewing.”

Friday, October 10, 2014


I'll be at the Privacy Foundation seminar ( http://www.law.du.edu/index.php/privacy-foundation ) today, learning what could possibly go wrong with Internet connected eCigarettes.
The Cigarette That Charges for Every Puff
A recent patent from Phillip Morris imagines a web-connected e-cig. It could help users quit—but it could also open their pipe up to tracking and hacking.
… Once smartened-up, the Internet-connected pipe can do many things. Not-so-usefully, it could let users initiate a puff from the computer—in case, I suppose, old-fashioned inhaling gets too hard. Slightly-more-usefully, it could automatically send doctors information about how much tobacco was burned and for how long. That feature could be especially handy if the cigarette’s user is participating in a clinical trial, or trying—with someone or something else’s help—to stop smoking.
… In the patent’s ninth column, its authors propose one feature that might help them understand smoking’s costs: pay-as-you-puff. Smokers, it says, might want to charge themselves a little bit of money every time they take a hit:
… Goldman Sachs has identified e-cigarettes of all sorts as one of the eight great disruptive technologies of 2014, and it’s named the Internet of Things as the “next mega-trend.”
… when you connect some previously dumb object to the Internet, it can be both hacked, and you can be tracked.
… And—perhaps most importantly, and as pay-as-you-smoke testifies—when you connect an object to the Internet, you don’t quite own it the same way as you did before.


“Contained?” Bold words.
International Dairy Queen Confirms Data Breach
International Dairy Queen Inc. became the latest company to confirm a data breach, announcing Thursday the “Backoff” malware affected payment card information at 395 of its 4,500-plus U.S. locations.
… The company said “based on our investigation, we are confident that this malware has been contained.”

(Related) Listed so you know when to panic!
12 Colorado Dairy Queen stores hit by data breach
Twelve Colorado Dairy Queen and Orange Julius locations were among the 395 hit by information-thieving hackers nationwide since Aug. 1, the company says.


Government, thy name is not clarity. Something to keep an eye on.
Drew Hansen reports:
As we reported, the Office of Personnel Management’s decision not to renew two contracts with Falls Chuch-based US Investigations Services LLC led to the loss of 2,500 jobs. But it might also have set a precedent for how government handles contractor breaches.
As a reminder, in July, the background checks division at USIS was hit by a cyber attack that reportedly affected 25,000 government employees. USIS suspected it to be “state-sponsored.” The government quickly suspended work with USIS and then opted to drop its contracts with the company.
If the government was going to set a precedent of terminating contracts for security or data breaches, they probably should have set it years ago after a number of breaches involving SAIC, no?
In this case, I wonder if the government would have cancelled the USIS contract if it had not been for an earlier problem with USIS not running the background checks it was supposed to run.
So is it really one strike and you’re out? I think the answer is “not really, but if your security is really abysmal, maybe.”


Picture this...
Hundreds Of Thousands Of Teens Have Had Their Snapchat Photos And Videos Intercepted By Hackers
A giant database of intercepted Snapchat photos and videos has been released by hackers who have been collecting the files for years. Shocked users of the notorious chat forum 4chan are referring to the hack as "The Snappening," noting that this is far bigger in scale than the iCloud hacks that recently targeted celebrities.
Underground photo trading chatrooms have been filled in recent weeks with hints that something big was coming. Thursday night it finally arrived: A third-party Snapchat client app has been collecting every single photo and video file sent through it for years, giving hackers access to a 13GB library of Snapchats that users thought had been deleted.


This has potential but has no RSS feed! Good idea poorly executed.
EFF Launches IFightSurveillance.org and Counter-Surveillance Success Stories
“The Electronic Frontier Foundation (EFF) today launched IFightSurveillance.org, a new site showcasing digital privacy advocates from around the world who are leading the fight against mass surveillance. The site includes figures from the organization’s growing list of Counter-Surveillance Success Stories, a set of guides showing how individuals and organizations have taken on state and corporate spying in their own countries—and won. Translated into 16 languages, IFightSurveillance.org highlights images and quotes from activists, business leaders, lawyers, and technologists.


Is this a “Right to be Forgotten” issue or a “Free Speech” issue?
Megumi Fujikawa reports:
Google Inc. has suffered another setback on privacy issues, this time in Japan, following a European court ruling that gave Internet users the right to ask the company to remove information about them from search results.
The Tokyo District Court on Thursday issued an injunction, ordering Google to remove some Internet search results about a Japanese man that are considered to be violating his privacy, representatives from both sides said.
Though the Tokyo court order has far less sweeping implications than the precedent-setting ruling by the European Court of Justice, it touches on similar issues.
Read more on WSJ.


Not sure I get this. None of this is new. All of this has been addressed and (more or less) solved.
Report Examines Ways to Bridge Cybersecurity Workforce Gap
A new report from the (ISC)² Foundation and University of Phoenix highlights the challenges posed by the shortage of cybersecurity professionals and identifies key ways for schools and businesses to address the situation.
Culled from conversations with tech industry, higher education and talent development leaders, the report identifies key gaps challenging employers related to competency, professional experience and "education speed-to-market."
… "With the rising demand for qualified cybersecurity talent, industry leaders are increasingly calling for a common definition of the scope of work that cybersecurity covers—and agreed-upon competencies that cybersecurity professionals must demonstrate," according to the report. [The Common Body of Knowledge has been out there for some time. http://www.techrepublic.com/article/build-your-skills-learn-these-10-security-domains-to-obtain-cissp-certification/ Bob]
… On the higher education level, the report recommends among other things that schools build case studies into the curriculum to ensure students have to apply their knowledge and skills in real-world scenarios. [There are several Computer Security lab tools to walk students through security software or analysis tools. Bob]
In regards to professional experience, the report recommends industry associations support student membership, and advises employers to hire interns and partner with universities. Colleges meanwhile should create networking opportunities for students to use to build their resumes and experience, the report (PDF) adds.


Have a GoPro camera? Planning to do something truly stupid? Be sure to broadcast it live!
– Watch or broadcast live events from your iPhone or iPad. Watch live local news, sports, music, conferences and thousands of other events broadcasting live from all over the world. Follow your friends and get notified when they go live. Broadcast live from your device camera to viewers watching on Livestream.com or Livestream apps.

Thursday, October 09, 2014

Interesting that the Privacy Foundation had selected the Internet of Things as tomorrow's seminar topic months before Gartner published this list. Join us! Go to http://www.law.du.edu/index.php/privacy-foundation and register today!
Gartner lays out its top 10 tech trends for 2015
The Internet of Things, and everything that's part of its universe, including smart machines, pervasive analytics and 3D printing, are on Gartner's annual list of strategic technologies for the year ahead.
1: Computing Everywhere. To Gartner, this simply means ubiquitous access to computing capabilities.
2: The Internet of Things (IoT).
3: 3D printing.
4: Advanced, Pervasive and Invisible Analytics. Every application is an analytical app today.
5: Context Rich Systems. Knowing the user, the location, what they have done in the past, their preferences, social connections and other attributes all become inputs into applications.
6: Smart Machines.
7: Cloud and Client Computing.
8: Software Defined Applications and Infrastructure.
9: Web-Scale IT.
10: Security. In particular, Gartner envisions more attention to application self-protection.


We can does not mean we must.
Alistair Barr reports:
Google already scans users’ Gmail email accounts to show more relevant ads. Now the Internet giant is scouring emails for bills.
The company said Tuesday that its Google Search mobile app can now remind users when bills are due by spotting emailed bills in their Gmail accounts and automatically reading the important details.
Users can tap the microphone icon in the app and ask “Show me my bills” or “My bills due this week,” and it will show upcoming bills, how much is owed, as well as a summary of past bills.
Read more on WSJ.


Interesting. I don't think they mean their targets are dumb, rather that they don't think their security needs through. For instance, Al Queda leaders used their cellphones normally until President Clinton mentioned that we could track (target) them using the cellphone signal. They all stopped using cellphones.
Kevin Gosztola writes:
In a case involving a Freedom of Information Act request for information related to government policies and procedures for law enforcement use of cell phone tracking, a federal judge has ordered the release of records, which the Justice Department sought to keep secret by claiming they would “alert law violators”—otherwise known as criminals—to how to evade detection.
The ACLU in Northern California and San Francisco Bay Guardian filed a lawsuit seeking documents on location tracking technology on July 31, 2012. The Justice Department has produced a few documents but has continued to insist that many of the documents requested are “work product” so they are protected from disclosure. The agency has also refused to search for documents that were requested.
Read more on Firedoglake.


e-Drugs for recreation? What could possibly go wrong? If you can elevate your mood, can my Ethical Hackers bring you back down? Will there be a record of this mind alteration after the (inevitable) accident? Could this be why Facebook was conducting those “experiments” on its users?
Thync to Launch First Mood-Altering Wearable With $13M Led by Khosla
… After working in stealth for several years, Thync Inc. has announced that next year it will launch the first wearable health gadget for the mind, and that it has raised $13 million from venture capitalists to do so.
… People world-wide spend billions every year on various products to change or enhance their mood, including energy drinks, alcohol, coffee and other stimulants and depressants. Thync will attempt to bring consumers to their happy place by using electrical waveforms and neuro-signaling algorithms, Dr. Tyler said.
The head-worn device will send electrical signals to regions of the brain, he said. Though it will be subject to regulation, the company will seek to sell the wearable as a consumer device, meaning it will have a less rigorous pathway to approval than new drugs or many medical devices.


Sort of like stalking you based on your phone's unique “fingerprint.” ...and Facebook isn't the only one doing this.
Even More Facebook Ads Will Now Appear in Your Other Apps
Facebook is extending the reach of its ad-targeting talents—again.
On Tuesday, the social networking giant invited all mobile app developers and publishers onto the Facebook Audience Network, a mobile advertising network that extends beyond Facebook itself and onto third-party mobile apps.
… That means any developer or publisher can sign up to display the network’s ads inside their apps—and take a cut of the revenue.
… The Audience Network is just one way that Facebook is expanding this sort of ad targeting beyond its own social network. Last week, the company unveiled Atlas, a separate tool that allows companies to grab ads from all sorts of sources and serve them across all sorts of sites and services, and it too can target ads based on Facebook data.
With the Audience Network, Sriram Krishnan explains, Facebook targets users via a mobile device identifier—a software token that’s specific to a particular phone or tablet.


We'll need to integrate this into our Data Mining and Data Analysis classes.
Martin Abrams writes:
The Foundation has released the first paper from its Big Data Ethics Project. The project’s purpose is to establish tools for both companies and enforcement agencies to assure people get the benefits of big data but are not boxed in by inappropriate analysis or application. Part A of the project establishes the basis for the other three parts that will follow. (Read Part A.)
The term algorithmist was invented a few years ago to define the person who would fix all the ethical problems associated with big data. Since then, I have been interested in just how they would they do that.
Read more on IAF.


Everything you ever wanted to know about Microsoft but were afraid to ask? Hardly.
The Empire Reboots


Definitely something for my students.
If you purchased a Red Bull since 2002, they owe you $10 – here’s how to get it
Customers who purchased a Red Bull product between 2002 and Oct. 3, 2014 are owed $10 cash or $15 in Red Bull products, according to a settlement the company agreed to last month.
… To receive a $10 cash payment or $15 in Red Bull products, you must submit a claim form. No proof of purchase is necessary to obtain settlement benefits.


As it happens, I'm teaching a spreadsheet class. This will be a useful “handout.”
10 Helpful Spreadsheet Templates To Help Manage Your Finances

Wednesday, October 08, 2014

The Adobe eBook reader. This will likely go well beyond kerfuffle. Fortunately, I use DE2 – downloaded from my local library.
Nate Hoffelder reports:
Adobe has just given us a graphic demonstration of how not to handle security and privacy issues.
A hacker acquaintance of mine has tipped me to a huge security and privacy violation on the part of Adobe. That anonymous acquaintance was examining Adobe’s DRm for educational purposes when they noticed that Digital Editions 4, the newest version of Adobe’s Epub app, seemed to be sending an awful lot of data to Adobe’s servers.
My source told me, and I can confirm, that Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.)
Read more on The Digital Reader.
Update: The Register now reports that they have also confirmed the allegations, and that Adobe is “looking into the matter.” Because such slurping seems to violate Adobe’s representations to customers, I hope the FTC is “looking into the matter” too.
[From the article:
But wait, there’s more.
Adobe isn’t just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.
In. Plain. Text.
And just to be clear, this includes not just ebooks I opened in DE4, but also ebooks I store in Calibre and every Epub ebook I happen to have sitting on my hard disk.


As April showers bring May flowers... Hacks that grab customer information invite spear phishing. (Perhaps this will be Russia's way of giving their hackers a “Bonus.”)
JPMorgan Bracing For 'Spear Phishing' Campaign: Sources
JPMorgan Chase (NYSE: JPM) officials are bracing for a massive spear phishing campaign launched by cyber thieves who broke into the bank’s servers in the biggest cyber-attack on a U.S. bank to date. Cyber criminals thought to be emanating from Russia or former Soviet satellite states hacked into numerous JPMorgan computer servers and accessed contact information like names and email addresses for 76 million customers and seven million small businesses.


For my Ethical Hackers. I see a business opportunity here.
Your USB Devices Aren’t Safe Anymore, Thanks To BadUSB
… The earth-shattering revelations that USB isn’t as secure as first thought was first disclosed by security researchers Karsten Nohl and Jakob Lell in July, 2014. The malware they created – dubbed BadUSB – exploits a critical vulnerability in the design of USB devices which allowed them to hijack a user’s Internet traffic, install additional malware and even surreptitiously gain control of a user’s keyboard and mouse.
The BadUSB malware isn’t stored on the user-accessible storage partition, but rather on the firmware of a USB device – including Keyboards, phones and flash drives. This means that it’s virtually undetectable to conventional anti-virus packages, and can survive the drive being formatted.
Fortunately, would-be attackers have been unable to take advantage of BadUSB, due to Nohl and Lell not publishing the code in order to give the industry an opportunity to ready a fix. Until recently, that is.
In a talk given at DerbyCon – a computer security conference held in Louisville, Kentucky – Adam Caudill and Brandon Wilson demonstrated their successful reverse-engineering of BadBSD, and published their exploit code on code-sharing platform GitHub.


There is always more to learn.
Data Breaches in Europe: Reported Breaches of Compromised Personal Records in Europe, 2005‐2014
Philip N. Howard
… You can download the full report here (pdf)


Pledges don't protect anything. Will their actions match their words?
Microsoft pledges to keep students’ data private
Microsoft announced today that it is one of the first companies to sign a new pledge designed to protect students’ privacy at a time when more technology is flooding into the classroom.
The “K-12 School Service Provider Pledge to Safeguard Student Privacy,” which was organized by the Future of Privacy Forum and the Software & Information Industry Association, is designed to identify companies that will keep data from students safe.
… Today’s announcement comes a week after California Governor Jerry Brown signed a law that restricts what companies can do with student data.


For my Data Mining students.
WSJ: Microsoft has signed letter of intent to acquire Israeli text analysis firm Equivio
According to a Wall Street Journal (WSJ) report, US software giant Microsoft has signed a letter of intent to purchase Israeli text analysis firm Equivio.
… The company's clients include the US Department of Justice, the Federal Trade Commission, KPMG and Deloitte.
The text analysis software developed by Equivio can, with the help of machine learning algorithms, group together relevant texts from massive amounts of documents, including emails as well as other organizational social and collaboration networks.
The list of the users of Equivio's text analysis software clearly indicates that the company's technology is currently being used by organizations that provide litigation support services to law firms and corporate legal departments trying to dig out relevant data - like legal contracts - from large amounts of documents.


“I keep finding all these new continents that people are adding to the world.” C. Columbus
The Quiet Rise of the Satellite Spy Agency
As far as intelligence agencies go, the National Geospatial-Intelligence Agency has remained relatively low profile—attracting neither the intrigue of, say, the CIA nor the umbrage directed toward the National Security Agency.


For my students.
GitHub Gives Away Free Developer Tools
GitHub has launched the GitHub Student Developer Pack, a set of developer tools aimed exclusively at students. The GitHub Student Developer Pack, released as part of GitHub Education, includes hackable text editor Atom, cloud applications manager Bitnami, crowdsourcing enrichment platform Crowdflower, and database portfolio Orchestrate, as well as a host of other tools.
To be eligible for the GitHub Student Developer Pack, you need to be “a student aged 13+ and enrolled in degree or diploma granting course of study,” and provide a “school-issued email address, valid student identification card, or other official proof of enrollment.” Which seems fairly generous to us.
Interested parties should be aware that while some of the tools are being given away for free, others are being offered by platform credits which may quickly run out. But even with that caveat, it’s still a great initiative.

Tuesday, October 07, 2014

Food for thought?
Éloïse Gratton writes:
Last spring I was invited to testify and present with Dr. Avner Levin before the Standing Committee on Access to Information, Privacy and Ethics, House of Commons, in the context of their study conducted on the “Growing Problem of Identity Theft and its Economic Impact“.
I discussed why there are no real incentives for Canadian businesses to protect the personal information of their employees and customers. I also elaborated on the fact that we should have, in Canada, mandatory breach notification.


Call it an “e-Sting?”
U.S. Government Creates Fake Facebook Profile
A special agent working for the U.S. Drug Enforcement Administration (DEA) allegedly hijacked a woman’s identity online, and the Department of Justice (DoJ) claims he had the right to do so. The story, as reported by BuzzFeed, centers on Sondra Arquiett, who was known at the time as Sondra Prince.
Arquiett was arrested and accused of being part of a drug trafficking ring. While awaiting trial, DEA special agent Timothy Sinnigen created a Facebook account in the name of Sondra Prince, posted pictures of her and members of her family, and communicated with “at least one wanted fugitive.” This was all done without Arquiett’s knowledge, but the U.S. Government claims she “implicitly consented by granting access to the information stored in her cell phone and by consenting to the use of that information to aid in an ongoing criminal investigations [sic].
Facebook’s Community Standards make it clear that, “Claiming to be another person, creating a false presence for an organization, or creating multiple accounts undermines community and violates Facebook’s terms.” While Facebook refused to comment on this particular case, a spokesperson stated that “there is no exception to this policy for law enforcement.” Arquiett was eventually sentenced to five years of probation which was terminated earlier this year.


A tool for finding “like thinkers” is not a tool for finding “right thinkers.”
Commentary – How Social Media Leads to a Less Stable World
While social media provides myriad benefits, the advances in connectivity and wealth may come at the expense of the state and the world’s stability, writes Curtis Hougland, CEO of Attentionusa.com, a global social marketing agency.
“James Foley. David Haines. Steven Sotloff. The list of people beheaded by followers of the Islamic State of Iraq and Syria (ISIS) keeps growing. The filming of these acts on video and distribution via social media platforms such as Twitter represent a geopolitical trend in which social media has become the new frontline for proxy wars across the globe. While social media does indeed advance connectivity and wealth among people, its proliferation at the same time results in a markedly less stable world. That social media benefits mankind is irrefutable. I have been an evangelist for the power of new media for 20 years. However, technology in the form of globalized communication, transportation and supply chains conspires to make today’s world more complex. Events in any corner of the world now impact the rest of the globe quickly and sharply. Nations are being pulled apart along sectarian seams in Iraq, tribal divisions in Afghanistan, national interests in Ukraine and territorial fences in Gaza. These conflicts portend a quickening of global unrest, confirmed by Foreign Policy magazine’s map of civil protest. The ISIS videos are simply the exposed wire. I believe that over the next century, even great nations will Balkanize — break into smaller nations. One of the principal drivers of this Balkanization is social media.”

(Related) An App for protestors that we all my be using soon.
What Firechat's Success in Hong Kong Means for a Global Internet
Look at pictures of any protest and you’ll see a mix of high and low technology.
… And you’ll hear about one thing more—a piece of software protesters are downloading to their phones. It’s helping them communicate digitally across the miles-long protest site, asking for supplies or reinforcements, and it stays useful even when the Internet is blocked or down. It’s called Firechat.
Firechat is a messaging app. It places users in chatrooms—both large and small, either across the Internet or locally—and allows them to talk with each other. Everything its users say inside it is public. And, crucially, it doesn’t need the Internet to work. It connects users directly to each other through their phone’s wi-fi or Bluetooth.
As my colleague Adrienne LaFrance wrote in June, many see mesh networking as a new, more promising kind of Internet. Mesh networks are more secure and resilient. They’re not as easy to dominate. As such, they seem ideal for disaster and protest situations.
… Eventually, Shalunov hopes to use Firechat’s two-pronged nature—as easy as an app, as resilient as a network—to connect the billions of would-be phone owners who, right now, cannot afford an Internet connection.


No indication of the cost, but four regional centers suggests a rather large investment of taxpayer dollars.
Brittany M. Hughes reports:
The Department of Homeland Security flew drones equipped with video cameras over the United States–away from border and coastal areas–for 1,726 hours from fiscal 2011 through this April, according to the Government Accountability Office.
Read more on CNSNews.


“We're teachers so you should do whatever we say without question. Except for what that teacher says.”
Christopher Placek and Susan Sarkauskas report:
A Batavia High School teacher who advised his students that they had a constitutional right not to fill out a school survey on risky behavior is retiring from his position, officials said.
Social studies teacher John Dryden submitted his letter of resignation to Batavia School District 101 officials Friday, said Superintendent Lisa Hichens.
Read more on Daily Herald. (via @funnymonkey)
I had blogged about this case in May 2013, and feel even more strongly today that we need more teachers like John Dryden who educate students about their constitutional rights and privacy rights. And parents need more teachers like John Dryden in a day and age where tremendous amounts of personal and sensitive information are being collected and possibly shared – and where parents do not know enough to opt their children out where they can. The district may have had good intentions, but the survey in question is extremely problematic and should have had broader discussion with parents and children’s rights advocates before it was distributed.
[From the article:
Then-Superintendent Jack Barshinger said the Fifth Amendment didn't apply because the surveys would have become student records and subject to student privacy laws, and police wouldn't have been able to prosecute based on a survey alone.


For my App programming students! Great idea that can be translated for any venue.
AP reports:
Levi’s Stadium is home to the first mobile app designed to enhance every aspect of a fan’s stadium experience, from steering fans to their parking spots to identifying the least-crowded restrooms. No more waiting in line for a $10 beer and $6 hot dog. During the game, fans can order food and drinks that can be delivered directly to their seats or picked up at express windows. Don’t agree with that call? Use the app to watch instant replays from four camera angles.
Apple co-founder Steve Wozniak says he saw the app’s potential as soon as he downloaded it for the 49ers’ Sept. 14 regular-season opener.
“Everybody’s connection to the outside world now really is their phone, so that has to become part of the (game-day) experience,” he said.
Mike Roberts of Martinez, California, appreciated being able to order popcorn from his seat for pickup at an express window with no lines.
“Everyone living around here is pretty tech savvy,” notes Roberts, “so this is the perfect place to try something like this.”
The app will ask fans if they want to order food and drinks at certain times during the game, depending on past behavior patterns. [Behavioral information is kept and analyzed. Bob]
Read more on AP.


Smarter researching.
Use LOC Subject Headings In Google Books Searches
Google Books is one of the under-utilized search tools that I like to share with teachers and students. I offer an overview of how to use it here. Last week I read Daniel Russell's search challenge of the week and learned to use Library of Congress subject headings in my Google Books searches.
In his post Dr. Russell explains that by using LOC subject headings in your Google Books searches you can use fairly generic terms and get results in the context of the subject heading. He gave the example of using the subject heading "World War, 1939-1945" in his search for book content addressing armor in World War II. Once you have your Google Books search results you can use the built-in search refinement tools to identify content published during a range of dates and to find content that is freely available online (not everything returned in a Google Books search is freely available online). Click here for Dr. Russell's full explanation and visuals of the ins and outs of using LOC subject headings in Google Books searches.


Some very interesting numbers. Infographic.
How The Internet Is Making The Whole World Richer
The Internet has revolutionized many businesses. Rather than jumping in the car and driving to a store, we can simply order what we need online. Because of that, a lot more money is changing hands.
The image below breaks down how the Internet is making the world richer. We often think of the web as a place to kill time and learn something new, but it’s quite fascinating to see how it has actually changed the financial state of the world in which we live!


A 20 minute TED talk (easier than his TL;DR book)
Thomas Piketty: New thoughts on capital in the twenty-first century
French economist Thomas Piketty caused a sensation in early 2014 with his book on a simple, brutal formula explaining economic inequality: r > g (meaning that return on capital is generally higher than economic growth). Here, he talks through the massive data set that led him to conclude: Economic inequality is not new, but it is getting worse, with radical possible impacts.

Monday, October 06, 2014

Just a reminder. The Privacy Foundation at DU is hosting a seminar and lunch on Friday, October 10th. The subject is “The Internet of Things” Details are at http://www.law.du.edu/index.php/privacy-foundation


Could this...
Surprise talks: North Korea officials arrive to South for highest-level visit in years
… After giving a 24-hour notice, North Korean delegates arrived to South Korea to formally attend the closing ceremony of the Asian Games on Saturday, according to South Korea’s state news agency and the Ministry of Unification. The South's ministry was only informed of the visit late on Friday.

...be because of this?
Former North Korean spy believes Kim Jong-un has been overthrown in ‘silent coup’
… Jang Jin-sung, once a key element in former leader Kim Jong-il’s counterintelligence and propaganda machine, says the dictator is being quietly but firmly sidelined by a powerful group called the Organisation and Guidance Department (OGD).
The OGD was set up by Kim Jong-un’s father in the Nineties, and the group remains loyal to the policies and direction of the former leader.
… He said the OGD has taken control of the long-term strategy for North Korea – not so much in open and aggressive defiance of Kim Jong-un, rather they simply ignore any of the leader’s orders.
… Recent reports say that the cheese-loving, heavy-smoking Kim Jong-un is suffering from gout, diabetes and high blood pressure – so the need for the OGD to do the day-to-day driving may become more of a necessity if he dies.


I suspect there are swarms of lawyers sending their wifi-detecting minions out to find similar evil doers.
Marriott blocked guests' personal hotspots, fined by FCC
While some hotel chains have embraced providing guests with cheap (or free) connectivity, others continue to charge exorbitant daily rates for it. The Marriott's Gaylord Opryland Hotel and Convention Center was actively blocking all hotspots in the convention center to force guests to use its own expensive wi-fi network.
The FCC has fined Marriott $600,000 for the practice, determining that this is in violation of the right for individuals to take advantage of their own connectivity. While the Marriott hotel didn't jam signals, a violation of law, it used its network hardware so that the hotel hotspots were the only ones that guest devices could see and access.

(Related) Not worth the effort to route calls through another country? India cracking down? What's happening here?
Skype users in India will no longer be able to call India-based phones
Starting on November 10, you will no longer be able to call landlines or mobile phones through Skype in India. Microsoft has not issued a specific reason, but has apologized to users and those affected will receive full refunds.
To clarify, Skype users in India will not be able to call phone lines in India. They will still be able to call phones that are based in other countries. Users not in India can still call phones in India. Calls to Skype users are still, of course, available.
The Indian Government regulates companies with VoIP services and does not let them make internet-based calls from India. The companies had to reroute calls from Indian users to other countries to comply with this law and still deliver the functionality to Indian users.
While Skype has apparently decided to stop, there are still companies such as Viber that still have this functionality.


Cute. Quote-able. Typical FBI self-promotion.
China Cybercrime Costing US Billions: FBI Chief
China is waging an aggressive cyber-war against the United States which costs American business billions of dollars every year, Federal Bureau of Investigation director James Comey said Sunday.
The FBI chief told CBS television's "60 Minutes" program China topped the list of countries seeking to pilfer secrets from US firms, suggesting that almost every major company in America had been targeted. "There are two kinds of big companies in the United States," Comey said.
"There are those who've been hacked by the Chinese, and those who don't know they've been hacked by the Chinese."
Annual losses from cyber-attacks launched from China were "impossible to count," Comey said, but measured in "billions."


Is HP following IBM? Perhaps, like TVs, all personal computers will be made by non-US companies.
Hewlett-Packard says to split in two
Hewlett-Packard Co said it would split into two listed companies, separating its computer and printer businesses from its faster-growing corporate hardware and services operations.
HP said its shareholders would own a stake in both businesses through a tax-free transaction next year.
Shares of the company, which has struggled to adapt to the new era of mobile and online computing, rose 6.3 percent to $37.40 in premarket trading on Monday.
Each of the two businesses contribute about half of HP's current revenue and profit.


I wonder if MIT will share some of that data for academic “Big Data” research, or if I need to go directly to Twitter?
MIT researchers given access by Twitter to all public tweets
Joshua Brustein – Bloomberg: “Twitter is giving $10 million to the Massachusetts Institute of Technology over the next five years to study patterns of public discourse on the Internet, and potentially to build technology that will make online civic action more effective. The research will happen as part of the MIT Media Lab under a vaguely ominous moniker—the Laboratory of Social Machines—and will be headed by Deb Roy, an associate professor at MIT who already spends one day a week serving as Twitter’s chief media scientist. The idea of sifting through tweets for patterns and insights is hardly new. The company made $70 million in 2013 licensing use of its so-called fire hose—the entire, massive flow of tweets flowing through its servers. Commercial and academic research comes out regularly, shining light on the six types of Twitter conversations, the impossibility of keeping political affiliations hidden on the network, or which countries are the saddest. “There are a lot of people at Twitter who are interesting in leveraging Twitter for social good,” says Roy. “This serves as kind of an outlet for that.”


For iPhone or Android. Now with Text-to-speech.
Instapaper Is Now Available For Free
Instapaper is now available for free on Android and iOS. This is thanks to a new business model which offers the basic version of the app for free, with a premium version of Instapaper — costing $3 per month or $30 per year — bringing additional features. Follow these links to download Instapaper for Android or Instapaper for iOS.
[Why that might be interesting: http://www.youtube.com/watch?v=cL-FbYcyX-Y#t=57