Wednesday, October 14, 2015

Do you suppose GCHQ read all of Hillary's emails too?
Alexander J. Martin reports:
The Investigatory Powers Tribunal (IPT) has ruled that GCHQ is allowed to collect the communications of MPs.
An IPT announcement stated that it “heard and resolved issues relating to the status, meaning and effect of what has been called the Harold Wilson Doctrine, or the Wilson Doctrine, originating in the statement in the House of Commons on 17 November 1966 by the Rt Hon Harold Wilson, the then Prime Minister.”
Wilson promised that MPs’ and peers’ phones would not be tapped by the security services. However, he also said that he might secretly remove this rule, and only tell parliament that he had done so at some later point decided by him. [The only time you can trust a politician is when they tell you they are not trustworthy. Bob]
Read more on The Register.

Interesting. I can use this for my Computer Security and Statistics students. More reporting (or more sensational reporting) does not change reality. Come to think of it, I should send this to my Risk Management students too.
Cyberattacks Are Not On the Rise, Researchers Say
… That's the finding of research from the University of New Mexico Department of Computer Science, which suggests that while cybersecurity should remain a priority, cyberattacks are not growing unabated.
The study published in the Journal of Interactive Marketing, "Hype and Heavy Tails: A Closer Look at Data Breaches," provides some reassuring news.
… By using a statistical modeling method known as the Bayesian approach, the authors conclude that the data provided by the PRC shows neither an increase in size nor in frequency of cyberattacks since 2005.
The study also differentiates between negligent and malicious data breaches; negligence implies the data was exposed accidentally through lack of security, while malicious breaches mean a hacker purposefully set out to bypass security measures in search of the data. The authors conclude that negligent breaches occur twice as often as malicious breaches do, meaning such the negligent variety are avoidable if the proper security measures are taken.

This is about “standing.” I wonder if Coca-Cola had a reason to keep employee data on those laptops? Six or seven years for notice to be sent to the employees?
Judy Greenwald reports:
A Coca-Cola employee who was the victim of identity theft after company laptops were stolen did suffer actual harm as a result, and can pursue a putative class action lawsuit against the company, says a Pennsylvania federal court.
Shane K. Enslin began working for a company that was eventually acquired by the Atlanta-based Coca-Cola Co. in 1996, according to the ruling by the U.S. District Court in Allentown, Pennsylvania, in Shane K. Enslin v. The Coca-Cola Company et al.
Read more on Business Insurance.
[From the article:
Mr. Enslin was required to provide the company with personal identification information including his social security number, address, bank account information, credit card numbers, driver's license information and motor vehicle records, according to the ruling.
Over nearly a six-year period beginning In January 2007 and continuing through November 2013, about 55 company laptops containing information on more than 74,000 people, including Mr. Enslin were stolen, according to the ruling.
By December 2013, all 55 laptops were recovered, and an employee who was responsible for retaining or destroying the laptops, was arrested and charged with felony and misdemeanor theft, according to the ruling.
In February 2014, Mr. Enslin received a letter from the company informing him of the theft and offering him one year of credit monitoring.
A few months later, Mr. Enslin began to experience identity theft, including the unauthorized purchase of thousands of dollars of merchandise on his credit cards and attempts to have his address changed. In July 2014, an identity thief was able to obtain a job using his name.
… While a number of Mr. Enslin's individual charges were dismissed, Judge Joseph F. Leeson Jr. held he had standing to file suit against the company based on the harm he suffered and that a connection could be drawn between the identity theft and the laptops' theft.

If you know the device I use, you can tie that to everything I do – and therefore who I am.
Venkat Balasubramani writes:
Many VPPA cases involve free online streaming services. Here, plaintiff alleged that he downloaded the Cartoon Network app, and Cartoon Network then disclosed to Bango, an ad network, plaintiff’s device ID and the videos he viewed. Plaintiff also alleged that Bango easily could derive his identity and thus knew both his identity and the videos he viewed.
The district court rejected plaintiff’s arguments, concluding that plaintiff was a “subscriber” of Cartoon Network, but it did not disclose personally identifiable information to Bango. (Blog post on the district court ruling here: “Android ID Isn’t Personally Identifiable Information Under the Video Privacy Protection Act“.) The Eleventh Circuit affirms on alternate grounds, holding that the plaintiff wasn’t a “subscriber.”

Interesting. How were they spending their time? Will the FTC take over for Justice because of the Wyndham decision?
Justice Department Data Reveal 29 Percent Drop in Criminal Prosecutions of Corporations
by Sabrina I. Pacifici on Oct 13, 2015
“Criminal prosecution of corporate violators by the U.S. Department of Justice declined by 29 percent between FY 2004 and FY 2014, despite repeated claims to the contrary by top officials. [They lost touch with reality long ago? Bob] Meanwhile over the same period, there has been little change in the number of times investigators at the various federal agencies have asked that criminal cases be brought against corporations; such referrals have actually increased by 2.6 percent. Moreover, the overall number of corporations in the country that could be investigated for criminal wrongdoing has grown by about 24 percent. These findings are based on a new analysis by Syracuse University’s Transactional Records Access Clearinghouse (TRAC) of hundreds of thousands of records developed and collected by the Justice Department. The case-by-case records were obtained by TRAC as the result of a 17-year litigation effort under the Freedom of Information Act (FOIA). Supporting data from the U.S. Sentencing Commission and the Internal Revenue Service also contributed to these findings. For an in-depth analysis of this observed decrease in the criminal prosecution of corporations, see the report at:

Perspective. Interesting read.
For a decade or two, for most people 'the internet' meant a web browser, a mouse and a keyboard. There were a few things around the edges, like IM, Spotify, Skype or Steam (or, for some people, email), but for most people and for almost all activities, the web was the internet. The web was the platform, not the PC operating system - people created services for the web, far more than for Windows or MacOS.
And once the browser wars died down, the browser was pretty much a neutral platform. Browser technology changed and that made new things possible (Google Maps, say), but the browser makers were not king-makers and were not creating or enabling entirely new interaction models.
… On mobile this is different - it's the operating system itself that's the internet services platform, far more than the browser, and the platform is not neutral.

There's an App for that? Looking for technical errors in how the ticket is written?
Fixed, The App That Fixes Your Parking Tickets, Gets Blocked In San Francisco, Oakland & L.A.
Fixed, a mobile app that fights parking tickets and other traffic citations on users’ behalf, has had its parking ticket operations blocked in three of its top cities, San Francisco, Oakland and L.A. after the cities increased the measures they were taking to block Fixed from accessing their parking ticket websites.
… Using its app, Fixed customers could snap a photo of their parking ticket using their phone’s camera, and then Fixed would check against a variety of common errors before writing a customized letter to the city on the user’s behalf. The app also cleverly tapped into Google Street View to check to see if the city had the proper signage in place in the area a ticket was received.
Founder David Hegarty once noted that over half of tickets have an issue that would make them invalid, but the city didn’t tend to play by its own rules when arbitrating disputes. That made Fixed’s “win” rate only 20%-30% on tickets, as of earlier this year. (When the company won, it charged a success fee of 25% of the original fine – a reduction in what a customer would have otherwise paid.)
… When Fixed began faxing its submissions to SFMTA last year, the agency emailed the startup to stop using their fax machine. When Fixed pointed out that it was legal to do so, the agency simply shut off their fax.

For my students.
Wix Editor Produces Modern, Code-Free Websites
The Wix Web-development firm wants small business owners to put away their HTML guides and CSS tutorials. The company just launched a new editor and design toolset that produces professional-level small business websites and requires no meddling with the underlying code.

I can use this in many classes to keep my students from going overboard.
How to Make Your Graphs & Tables Look More Professional
Whether you’re creating charts and graphs in Excel or formatting data tables in Word, there’s one thing you should always keep in mind: if it doesn’t look good, no one will read it.
… What’s the key takeaway? Less is more. Remove or mute all unnecessary elements so that the spotlight can shine on the data you want to present. After all, data is what it’s all about.

No comments: