Friday, March 06, 2015

No matter how logical it was to hold off on the audit (and there are many good reasons to do so) the perception will be that they were not concerned about security.
Shaun Nichols reports:
A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant’s computer security – but was rebuffed.
And, after miscreants looted Anthem’s servers and accessed up to 88.8 million private records, the watchdog again offered to audit the insurer’s systems, and was again turned away.
No real surprise there, as now that everyone’s suing them, why would they want an audit that could become more fodder for litigation? [To confirm they had found and fixed all the problems? Bob]
But why did they decline last year?
“We do not know why Anthem refuses to cooperate,” government officials told The Register today.
The Office of the Inspector General (OIG) for the US Office of Personnel Management (OPM) told us it wanted to audit Anthem’s information security protections back in 2013, but was snubbed by the insurer.
According to the agency, Anthem participates in the US Federal Employees Health Benefits Program, which requires regular audits from the OIG, audits that Anthem allegedly thwarted. Other health insurers submit to Uncle Sam’s audits “without incident,” we’re told.
Read more on The Register.
Will Anthem live to regret its decision not to permit an audit last year? And will HHS/OCR take that refusal into account in its own investigation of the Anthem breach?

Interesting that civilian researchers are “discovering” techniques that the military has been using for decades. Perhaps next they will realize that they do not need to break encryption to determine who is calling whom.
Researchers can work out your location based on who you talk to on Twitter
Researchers from Cornell University have worked out how to track Twitter users' locations — even when they have location services disabled.
A paper from Ryan Compton, David Jurgens and David Allen explains a new method for tracking the location of Twitter users to around 6km based on who they interact with. Using the method, the researchers say, they're able to "geotag over 80% of public tweets."

(Related) A way to “discover” what can be learned from metadata. I wonder if US companies would see this as a significant (money making) idea?
Simon Sharwood reports:
Australia’s dominant carrier, Telstra, will give its customers the chance to access their metadata, for a fee.
The new policy, explained in a post from chief risk officer Kate Hughes, is based on the principle that “offering the same access to a customer’s own metadata as we are required to offer to law enforcement agencies.”
Read more on The Register.

Hard to block all access on the Internet, but 100,000 is a very small percentage of the population.
Indians Find Ways to See Rape Documentary Despite Ban
A British-made documentary about a grisly gang rape in India spread throughout social media on Thursday, thwarting official efforts to block it and gaining a wide audience despite a government ban.
A spokesman for YouTube in India, Gaurav Bhaskar, said that the company had agreed to a government request to block channels of multiple users who had uploaded the documentary. The original link posted by the BBC, however, was still available, he said. By Thursday night, the film had been viewed more than 100,000 times from that link, not including viewings from other sources.

This talk could have been titled, “Once upon a time, we had this thing called Privacy”
Andy Yen: Think your email's private? Think again
Sending an email message is like sending a postcard, says scientist Andy Yen in this thought-provoking talk: Anyone can read it. Yet encryption, the technology that protects the privacy of email communication, does exist. It's just that until now it has been difficult to install and a hassle to use. Showing a demo of an email program he designed with colleagues at CERN, Yen argues that encryption can be made simple to the point of becoming the default option, providing true email privacy to all.

The implications of your new hip, or pacemaker as just another thing on the Internet of Things? We have no group we trust to gather, store and analyze sensitive data and take all our personal secrets to the grave. No matter how beneficial, we expect to see our data compromised.
Medical device surveillance on the horizon
Thousands of people around the world have been exposed to toxic chemicals generated by their metal hip implants. Similarly, many patients have contracted infections from pieces of implanted mesh used in hernia-repair surgery, even though materials less prone to causing complications were available.
In these cases, and many more like them, experts say the health care system is failing to quickly detect and react to problematic medical devices. It’s all the more puzzling because the health care system is generating more data than ever on patients, and the safety gaps in the system have long been recognized by Congress and health care researchers.
Quicker detection and communication could spare scores of patients from suffering complications, if researchers could tap the vast troves of health data that doctors and hospitals have begun to collect on their patients.
That’s why harnessing the potential of data on patients is one of the main goals of a national device surveillance system proposal being unveiled Monday by the health care arm of the Brookings Institution, the Washington think tank.
The report, “Strengthening Patient Care,” written at the behest of the Food and Drug Administration’s device-safety division, lays out an ambitious seven-year, $250 million proposal to study and then launch the National Medical Device Postmarket Surveillance System.

Every state will need laws that address drones. I wonder how many will bother to pass them.
Derrick Nunnally reports:
The Washington state House of Representatives passed a series of bills Wednesday to strengthen privacy rights against emerging incursions from surveillance technology and drone aircraft.
Under the bills sent to the Senate by wide, bipartisan margins, it would become a state misdemeanor and civil liability for a private citizen to use a drone to peep on another person, and police would need specific legislative permission to buy new drones or other types of advanced surveillance technology.
And a piece of technology already in use by police to sweep up data from cellphone signals would require a warrant for any future usage.
Read more from AP on KOMO News.

I wonder if Google runs their business through their smartphones? The “little guys” Google is partnering with are the ones in direct contact with users.
Android for Work pushes Google further into enterprise
Google's push into the enterprise gained steam last week when the company finally launched Android for Work, a containerization platform and standalone app for older Android devices that lets IT administrators create separate corporate and personal workspaces on Android smartphones and tablets.
Android for Work is Google's latest attempt to address two of Android's most significant challenges for IT: security and fragmentation. The latest version of Android, v5.0, known as "Lollipop," now supports separate spheres for personal and work. Devices running older versions of the OS can access some of the same features in a separate Android for Work app.
Google is taking a partner-centric approach in hopes of encouraging more businesses to adopt Android for enterprise applications and protocols. To this end, the company partnered with many well-known enterprise mobility management (EMM) providers, including BlackBerry, Citrix, IBM, MobileIron, SAP, Soti and Vmware.

Four one-hour talks. Might be worth watching.
Join Me for An Afternoon of Free Webinars About Google Apps
On March 31st Simple K12 is hosting an afternoon of free webinars about Google tools for teachers. The webinars will start at 1pm Eastern Time and run until 5pm Eastern Time.
These free webinars are designed for folks who are new to using Google tools. Teachers who would like to pick up some tips for teaching others how to take advantage of the great things that Google has to offer will also enjoy the content of these webinars.
Click here to register for this free PD opportunity.
… We will make the recordings available for 2 weeks following the event.

First, I need to get my students to talk in class. Then I might try this collaboration stuff.
10+ No-Signup Collaboration Tools You Can Use in 10 Seconds
  • No sign-up
  • No download
  • Shareable link
  • Quick to start (10 seconds or less)
  • Accessible from any Internet-enabled device

An infographic that covers almost everyone. Then there are us non-users who completely ignored the fad.
9 Types of Facebook Users – Which One Are You?
Have you heard of a website called Facebook? Of course you have! It’s one of the most popular sites on the Internet. Everyone and their mom (literally) is on the social network for one reason or another, and comically, most users seem to fall into one of nine different categories.
Via Optify

No comments: