Saturday, June 20, 2015

This reads as actually encouraging my Ethical Hackers and not such good news for other sports teams.
Robert Patrick interviews a number of attorneys and white-hat hackers about whether the government is likely to pursue charges under the Computer Fraud and Abuse Act in this piece in the St. Louis Post-Dispatch.
[From the article:
“You’ve got to be doing something bad. If you’re checking out the website and shouldn’t have been on there, that’s probably not actionable,” he said
… But Neil Richards, a Washington University Law School professor who specializes in privacy, First Amendment and information law, cautioned that the statute is outdated, poorly designed and is “much criticized.” He said that any unauthorized access to a protected computer could result in a charge. He said that in order for there to be serious penalties, there is a requirement that victims suffer loss or damage of more than $5,000. The Astros could easily have spent more than $5,000 responding to the attack, and lawyers could argue that the team suffered a competitive disadvantage that far exceeded that amount.
… “Frankly, if I were a federal prosecutor, I would not be looking to push charges here,” said Richards, who pointed out in the interests of impartiality that he was a Red Sox fan.
“This was very naughty by the Cardinals if they did it, but … on the scale of criminal hacking … (this) is really quite low on the list of bad things that are happening,” he said.

This will be like wading through a sea of worms. Who can make the request – must it be the victim? How would Google confirm that the person in the picture is the victim? What if the poster claims to have a 'release?'
Google to remove "revenge porn" links at victims' request
Google is taking steps to address a persistent problem of the digital age: What to do when people upload nude or sexually explicit pictures of others without their permission. On Friday, the company announced it will let victims of so-called revenge porn ask for the removal of certain webpages from Google’s search results.
“We’ve heard many troubling stories of “revenge porn”: an ex-partner seeking to publicly humiliate a person by posting private images of them, or hackers stealing and distributing images from victims’ accounts,” said Google in a blog post.
As the company acknowledges in the blog post, the new policy will not entirely solve the problem of “revenge porn” since Google cannot delete the underlying website from the internet. But it may bring victims some comfort by making the websites harder to find.

Another potential subject for a Privacy Foundation seminar. Should employers get this data or only insurers? If wearing a device gets me a significant insurance discount, the results of refusing on religious grounds is the same as being penalized.
Wearables for workplace wellness face federal scrutiny
Federal regulators are weighing reforms to widespread workplace wellness programs that could affect how personal data from consumer-grade fitness bands and smartwatches is kept confidential.
The U.S. Equal Employment Opportunity Commission (EEOC) issued a proposed rule that would amend regulations in Title 1 of the Americans with Disabilities Act (ADA) of 1990 as it relates to employer wellness programs used by as many as 580,000 U.S. companies. Public comments are being accepted online through today.
… "If the information the employer is obtaining is considered 'medical information' (e.g., a person's heart rate over a period of time), then the information would be subject to the ADA's confidentiality requirements regardless of how the employer obtains this information," said EEOC spokesman James Ryan in an email. "By contrast, information that would not be deemed medical information (e.g., how many steps a person takes per day, number of active minutes or calories burned) is not subject to the ADA's restrictions on disclosure."
… "Even if wellness programs are voluntary, if a high enough percentage of workers opt-in, then the ones who don't are marked, in a way," Raicu said.

Can't hurt...
  1. The Evolution of the Student Data Privacy and Security Paradigm:

Incorporating the Effective Data Privacy and Security Practices of Other Sectors in Education
Authors: David F. Katz, Steven Y. Winnick, Reginal J. Leichty, & Katherine E. Lipper
… This publication first examines data privacy and security approaches in the financial services, healthcare, and software sectors. A landscape analysis of these three sectors is intended to help states, districts, and schools see how common issues are addressed in other fields as they consider how to best to address privacy and security in their unique contexts. The paper then makes recommendations regarding best practice standards for use in districts and schools
Download the paper from

If it is possible to connect an individual to a device or a video or a website, someone (attention students) will create an App that automates the process.
Kim Chemerinsky and Dominique R. Shelton of Alston & Bird write:
The District of Massachusetts’s decision in Yershov v. Gannett Satellite Information Network, Inc., 1:14-cv-13112-FDS (D. Mass. May 15, 2015), adds additional fuel to the debate among the courts as to whether a unique device identifier may constitute personally identifiable information (PII) and whether a “subscription” requires payment under the Video Privacy Protection Act (VPPA).
Plaintiff Alexander Yershov filed suit against defendant Gannett Satellite Information Network, Inc., alleging violations of the VPPA. Gannett publishes USA Today and has created the USA Today app, a mobile app designed to run on smartphones and other mobile devices and permit readers to view the online version of the newspaper. Users of the app can access video clips on various news, sports and entertainment topics. In his lawsuit, the plaintiff alleged that Gannett violated the VPPA by disclosing PII in the form of unique device identifiers to third parties such as Adobe Systems, Inc., an analytics company.
Read more on Lexology.

(Related) Create your own “personally identifiable?”
Jack Bouboushian reports:
A federal class action claims online photo sharing service Shutterfly illegally uses facial recognition software to create a “face print” of anyone in its database of 20 billion photos.
Brian Norberg of Chicago says he’s never used Shutterfly or its subsidiary ThisLife and never had an account with either of them.
He claims they’re violating the Illinois Biometric Information Privacy Act by “collecting, storing, and using – without providing notice, obtaining informed written consent or publishing data retention policies – the biometrics of millions of unwitting individuals who are not users of Shutterfly.”
Read more on Courthouse News.

So many articles on the failures of government make me think it must be time for another persidential election. (Everyone gets their own “Quemoy and Matsu” crisis to flog.)
Federal Auditor Finds Broad Failures at N.H.T.S.A.
Even as evidence poured into the nation’s top auto safety agency pointing to dangerous defects in millions of vehicles, regulators repeatedly failed for years to root out problems and hold carmakers accountable, according to a long-awaited internal audit by the Transportation Department.
The bluntly worded report, ordered last year after General Motors began recalling 2.6 million cars with a defective ignition switch, paints a bleak portrait of the National Highway Traffic Safety Administration, the agency charged with overseeing safety in the auto industry.

A couple (Okay, 3 out of 5) might be useful! Imagine that.
5 Sites That Teach You New Skills Quickly – Guitar, Mod Minecraft, & More
Instinct: Guitar Tutorials with Realtime Feedback
TweetType: Learn Typing While Reading Tweets
Grammarly (Chrome): Spell Check and Grammar Check for Your Browser
Grammarly is a Chrome extension that not only points your mistakes out, but also explains them.

Once a week is all I could probably take. (You can't make this stuff up)
Hack Education Weekly News
… New York has passed a bill that would require sexual assault charges be included on college transcripts.
The staircase at Utah Valley University that’s been painted with three lanes – one for walking, one for running, and one for texting
… Newark Memorial High School in California has become the first high school in the US to install “gunshot-sensing technology” which places microphones and sensors in hallways and classrooms.
… “Our findings, consistent with previous evidence, suggest that passage of state medical marijuana laws does not increase adolescent use of marijuana” according to a study published in The Lancet.
Via Education Week: “U.S. Millennials Know Technology, But Not How to Solve Problems With It, Study Says.”

Just because I love jazz. (and I'm old, if not old school)
An 11-year-old prodigy performs old-school jazz

No comments: