Thursday, July 23, 2015

Not sure of these statistics, or why they need to be in this article. This kind of article panics CEO's to no purpose.
Humans: A Data Security Strategy's Worst Enemy
Sixty percent of hackers can breach an organization's system defenses within minutes. Risks and security incidents used to be managed on a case-by-case basis, but that's no longer a viable option. The number of security incidents increased by 48 percent from 2013 to 2014, and notable companies including Adobe, eBay, Target, and The Home Depot were among the victims.
… Training your employees to create strong passwords and to securely share information is critical. Small business owners must address any weaknesses among their employees. But the question remains; how can you hold your employees accountable for information security if you haven’t defined their responsibilities? The answer is simple; you can't.

(Related) and a follow-up.
Iain Thomson reports:
Iowa state lottery’s IT security boss hacked his employer’s computer system, and rigged the lottery so he could buy a winning ticket in a subsequent draw.
On Tuesday, at the Polk County Courthouse in Des Moines, Iowa, the disgraced director of information security was found guilty of fraud.
Eddie Tipton, 52, installed a hidden rootkit on a computer system run by the Multi-State Lottery Association so he could secretly alter the lottery’s random number generator, the court heard. This allowed him to calculate the numbers that would be drawn in the state’s Hot Lotto games, and therefore buy a winning ticket beforehand.
Read more on The Register.

Difficult job.
The Secret Agents Who Stake Out the Ugliest Corners of the Internet
When President Obama launched his Twitter account in May, people noticed his rapid accumulation of followers, a silly back-and-forth with President Clinton, but also something more serious: the number of hostile and threatening messages directed at the president.
… Context is crucial for evaluating the seriousness of threats—both digital and analog—but online threats offer a slightly different set of contextual clues than their offline counterparts. And while much of the hate-filled commentary on the Internet is routinely written off as hyperbole and ranting, threats directed at the president are not so easily dismissed. So, every day, the Secret Service Internet Threat Desk is faced with the unenviable task of taking seriously some of the most extreme online rhetoric and trying to identify potential assassins or terrorists in the deluge of venomous messages directed at the president and his family.

Just a reminder to my lawyer friends: There's this new thing called encryption, it's available free and you could avoid all this notifying and apologizing stuff. (I'm betting this was a partner because underlings would not risk their job by failing to secure the data.)
The California law firm of Atkinson, Andelson, Loya, Ruud & Romo is notifying clients after a personal laptop belonging to a member of the firm was stolen while the attorney was on the MTS Trolley in downtown San Diego on April 23.
Since that time, the firm has been working with law enforcement but, to date, they have been unable to locate or recover the stolen laptop computer.
According to the notification letter signed by James H. Palmer, their General Counsel:
Working with outside computer forensic experts, we have confirmed that the laptop may have contained confidential information. We believe based on that investigation that the laptop contained personally identifiable information, including names, addresses, telephone numbers and social security numbers. The laptop did not contain driver’s license numbers but may have contained certain financial information and/or medical records of individuals. We have no reason to believe that the laptop was stolen for the information it contained. We also have no information indicating that this information has been accessed or used in any way.
Those being notified are offered free credit monitoring and protection services with ID Experts service, MyIDCare.

Completely unrelated to the article above. Honest!
Helen Lewis has a lengthy, and thought-provoking piece on Nieman Reports that asks,
Journalists have been accused of invading privacy, threatening national security, and breaching copyright by publishing such stories, and their sources might lose their jobs, their freedom, or even their lives. So how should reporters and editors decide whether to publish and how much to redact? And what technical know-how do they need to protect whistleblowers?
It’s an issue I grapple with every week, if not every day, and while I’ve established a general “policy” for my sites based on my ethical standards and understanding of journalistic ethics, I understand that others in the same position may reach very different conclusions about what to do in any one situation.
Read more on Nieman Reports.

To offer a worthwhile opinion of this article, you'd need an expert in both Privacy and Anti-trust. Fortunately, there is such an expert just down the road at the Sturm College of Law and I can probably get Professor Soma to explain all this over lunch. (And I'm always ready for a good lunch)
By Maureen K. Ohlhausen and Alexander Okuliar
in Antitrust Law Journal No. 1 (2015)
Many people view Samuel Warren and Louis Brandeis’s 1890 work, The Right to Privacy, as the starting point for the consumer privacy laws in the United States. Warren and Brandeis’s concerns about the ability of technology to invade the private sphere continue to resonate today, 125 years later. The technology encroaching on privacy now is, of course, the Internet – or, to be more precise, the technologies that permit the tracking and aggregation of individual consumers’ online behavior and that support the many services that financially sustain the broader Internet ecosystem. As was the case in Warren and Brandeis’s day, numerous proposals have surfaced for how to defend expectations of personal privacy while still realizing the benefits of commercialized technology. Those defending free market principles argue that the best solution is little-to-no government intervention – consumer demand for privacy will create a market for privacy protections. Other commentators propose increased governmental scrutiny of the collection and use of consumer data online, and some even advocate unifying the competition and consumer protection laws to examine privacy through a competition lens. We focus this paper on evaluating this last proposal.
This article proceeds in three main parts. We begin with the historical development of privacy protections in the United States and the tension between privacy concerns and the growing value of consumer data in the digital arena. Next, we explore how the agencies and courts have applied the FTC Act and antitrust law in this area over the years and the reasoning behind the bifurcation of the FTC Act into separate spheres of competition and consumer protection law. This explains the historical separation of privacy as a consumer expectation from commercialized privacy and data. Third, we synthesize analytical factors from the historical approaches to privacy and offer them as guidance for distinguishing between competition and consumer protection issues at the intersection of competition law, consumer protection law, and privacy
Download the full article from FTC’s site.

For my Ethical Hacking students: Write an App that causes the bad guy's phone to dial the law enforcement agency of your choice. Hard to believe this comes up very often
Kevin Koeninger reports:
A person who “pocket-dials” a third party during a conversation does not have a reasonable expectation of privacy, the Sixth Circuit ruled.
A panel determined that widespread knowledge of accidental calling and the availability of preventative measures mean that an individual on the receiving end of such a call does not violate privacy laws by recording the conversation. [Translation: If you screw up your security, don't ask the court for retroactive protection. Bob]
Read more about Huff v. Spaw on Courthouse News.

India (the government anyway) says any Right to Privacy is not intentional.
The Tribune of India reports:
The central government told the Supreme Court on Wednesday that the right to privacy was not a fundamental right under the Constitution.
Central government’s arguments came when a Bench headed by Justice J Chelameswar and also composed of Justices SA Bobde and C Nagappan was hearing several petitions challenging the decision of some states to make Aadhaar cards compulsory for a several benefits such as salary, PF disbursements and marriage and property registration.
“Right to privacy is not a fundamental right under our Constitution. It flows from one right to another right. Constitution makers did not intend to make Right to Privacy a fundamental right. There is no fundamental right to privacy so these petitions under Article 32 should be dismissed,” Attorney General Mukul Rohatgi argued, adding that the Right to Privacy could be invoked to scrap the Aadhar scheme.
Read more on The Tribune (India)

Some courts (Ninth Circuit) are headed that way.
On July 8, in noting NTEU’s lawsuit over the OPM hack, I had questioned the suit’s claim that the government breach constituted a violation of their “constitutional right to informational privacy.”
Jennifer E. Canfield of Montgomery McCracken Walker & Rhoads LLP also picked up on that point and discusses the issue on Montgomery McCracken Data Privacy Alert.

Any restriction has to be rational.
Jared Owens reports:
The NSW Court of Criminal Appeal has unanimously overturned a controversial decision that confined police use of surveillance devices to prosecuting the most serious offences, such as murder, terrorism and organised crime.
The judgment, handed down early this month, clears the way for listening devices to be used to obtain admissions from suspects for any indictable offence, even if they have asserted their right to silence.
Read more on The Australian.

Might make an interesting demonstration for my Computer Forensics students. All my students actually.
Google – Download your past searches
by Sabrina I. Pacifici on Jul 22, 2015
Google: “You can download all of your past searches. This gives you access to your data when and where you want.
Download a copy of your past searches
  1. Visit your Web & App Activity page.
  2. In the top right corner of the page, touch Menu >  Download searches.
  3. Choose Create Archive.
  4. When the download is complete, you’ll get an email confirmation with a link to the data.
Note: Downloading your past searches does not delete it from your Web & App Activity page. Learn how to delete your searches and browsing activity.
Where your downloaded data goes
When you download your past searches, a copy of your activity will be saved securely to the Takeout folder in Google Drive. You can download the files to your computer if you want a copy on your computer. Depending on the amount of data you’re downloading, you may be have more than one file in your Takeout folder with your activity in it.”

I would not have thought first of Sony as a drone company. Is “autopilot” legal in the US?
Sony to Swoop Into Drone Market for Business Customers
Sony Corp. is starting a drone subsidiary to serve business customers, a foray into a frontier already crowded with upstarts and technology giants.
Sony said on Wednesday it plans to create a drone company called Aerosense through a joint venture with Tokyo-based startup ZMP Inc., which specializes in autopilot technology. Aerosense will offer services such as inspecting aged infrastructure and surveying land that is difficult to access.

Confusing. At what point does an encounter turn into an “arrest?” Is a traffic stop not recordable? What if you happen to be talking to your attorney? (Not while driving of course.)
Did Sandra Bland have a right to record her police confrontation? Maybe not.
… "Get off the phone!" the officer, Brian Encinia, told Bland after she got out of the car.
"I'm not on the phone. I have a right to record, this is my property," Bland responded.
"Put your phone down, right now!" Encinia ordered.
But did Bland actually have a right to record the encounter? Maybe not.
"There are narrow circumstances in which police can interfere with your right to record, and the fact that they are arresting you is one of them," said Jay Stanley, a senior policy analyst with the American Civil Liberties Union. "Without commenting on the specifics of this case, if a police officer is in the course of arresting a person it's legitimate for them to order the person to put down a device. But it's not legitimate for the police officer to ask you to put down a phone just for the purpose of prohibiting photography."

...or maybe we could gang a bunch of Smartphones together and build our own Watson?
Your Smartphone Will Power Stephen Hawking's Massive Extraterrestrial Search
A $100 million alien life form search backed by famed scientist Professor Stephen Hawking and web billionaire Yuri Milner simply would not work without the public’s computer processing power – and you have the opportunity to participate with your PC, Mac, tablet or even your phone.
Leaders of the massive Breakthrough Listen search have rightly put crowdsourced processing – and open source computing – front and center in their 10 year search for extra terrestrial life.
… The project will use the BOINC (Berkeley Open Infrastructure for Network Computing) collaborative processing platform which is available to a number of astrophysics, medical and mathematical endeavours. The free BOINC app is available for Android phones (alas, not iPhones) and the computer download is here. The cellphone app relies on Wifi and promises not to eat up phone data.

I like the cars, can I afford the stock? Will investing in cars you want to drive, rather than driverless cars, still be a good idea when the states start forcing them off the road?
Ferrari files for NYSE IPO

Might be useful for students or teachers.
50+ Google Tools Tutorial Videos
Earlier today I conducted three webinars about various Google tools for teachers. Each of those webinars was only thirty minutes long so there wasn't a lot of time for individual questions. Since the webinars ended I've had a bunch of emails from folks looking for more instruction. My playlist of Google tools tutorials currently has more than 50 videos covering topics like Google Sites, Blogger, YouTube tricks, Google Calendar settings, and Google Drive features. The playlist can be found here

Should make for some interesting student “research.”
AP Video Archive available on YouTube
by Sabrina I. Pacifici on Jul 22, 2015
The rise of video is undeniable – search has progressively moved from words and concepts to images – and the AP Archive is yet another example a shift from reading to watching. Via YouTube – “The AP Archive is the film and video archive of The Associated Press — the world’s largest and oldest news agency. The entire AP Archive collection [170,000 video clips] is now viewable on YouTube. New material is added every day.” Google owns YouTube.

“He manages best who manages least?” OR “Go away, Bob!”

No comments: