Saturday, June 20, 2015

This reads as actually encouraging my Ethical Hackers and not such good news for other sports teams.
Robert Patrick interviews a number of attorneys and white-hat hackers about whether the government is likely to pursue charges under the Computer Fraud and Abuse Act in this piece in the St. Louis Post-Dispatch.
[From the article:
“You’ve got to be doing something bad. If you’re checking out the website and shouldn’t have been on there, that’s probably not actionable,” he said
… But Neil Richards, a Washington University Law School professor who specializes in privacy, First Amendment and information law, cautioned that the statute is outdated, poorly designed and is “much criticized.” He said that any unauthorized access to a protected computer could result in a charge. He said that in order for there to be serious penalties, there is a requirement that victims suffer loss or damage of more than $5,000. The Astros could easily have spent more than $5,000 responding to the attack, and lawyers could argue that the team suffered a competitive disadvantage that far exceeded that amount.
… “Frankly, if I were a federal prosecutor, I would not be looking to push charges here,” said Richards, who pointed out in the interests of impartiality that he was a Red Sox fan.
“This was very naughty by the Cardinals if they did it, but … on the scale of criminal hacking … (this) is really quite low on the list of bad things that are happening,” he said.




This will be like wading through a sea of worms. Who can make the request – must it be the victim? How would Google confirm that the person in the picture is the victim? What if the poster claims to have a 'release?'
Google to remove "revenge porn" links at victims' request
Google is taking steps to address a persistent problem of the digital age: What to do when people upload nude or sexually explicit pictures of others without their permission. On Friday, the company announced it will let victims of so-called revenge porn ask for the removal of certain webpages from Google’s search results.
“We’ve heard many troubling stories of “revenge porn”: an ex-partner seeking to publicly humiliate a person by posting private images of them, or hackers stealing and distributing images from victims’ accounts,” said Google in a blog post.
As the company acknowledges in the blog post, the new policy will not entirely solve the problem of “revenge porn” since Google cannot delete the underlying website from the internet. But it may bring victims some comfort by making the websites harder to find.




Another potential subject for a Privacy Foundation seminar. Should employers get this data or only insurers? If wearing a device gets me a significant insurance discount, the results of refusing on religious grounds is the same as being penalized.
Wearables for workplace wellness face federal scrutiny
Federal regulators are weighing reforms to widespread workplace wellness programs that could affect how personal data from consumer-grade fitness bands and smartwatches is kept confidential.
The U.S. Equal Employment Opportunity Commission (EEOC) issued a proposed rule that would amend regulations in Title 1 of the Americans with Disabilities Act (ADA) of 1990 as it relates to employer wellness programs used by as many as 580,000 U.S. companies. Public comments are being accepted online through today.
… "If the information the employer is obtaining is considered 'medical information' (e.g., a person's heart rate over a period of time), then the information would be subject to the ADA's confidentiality requirements regardless of how the employer obtains this information," said EEOC spokesman James Ryan in an email. "By contrast, information that would not be deemed medical information (e.g., how many steps a person takes per day, number of active minutes or calories burned) is not subject to the ADA's restrictions on disclosure."
… "Even if wellness programs are voluntary, if a high enough percentage of workers opt-in, then the ones who don't are marked, in a way," Raicu said.




Can't hurt...
  1. The Evolution of the Student Data Privacy and Security Paradigm:

Incorporating the Effective Data Privacy and Security Practices of Other Sectors in Education
A RESOURCE FOR EDUCATION POLICYMAKERS AND PRACTITIONERS
Authors: David F. Katz, Steven Y. Winnick, Reginal J. Leichty, & Katherine E. Lipper
… This publication first examines data privacy and security approaches in the financial services, healthcare, and software sectors. A landscape analysis of these three sectors is intended to help states, districts, and schools see how common issues are addressed in other fields as they consider how to best to address privacy and security in their unique contexts. The paper then makes recommendations regarding best practice standards for use in districts and schools
[…]
Download the paper from EducationCounsel.com.




If it is possible to connect an individual to a device or a video or a website, someone (attention students) will create an App that automates the process.
Kim Chemerinsky and Dominique R. Shelton of Alston & Bird write:
The District of Massachusetts’s decision in Yershov v. Gannett Satellite Information Network, Inc., 1:14-cv-13112-FDS (D. Mass. May 15, 2015), adds additional fuel to the debate among the courts as to whether a unique device identifier may constitute personally identifiable information (PII) and whether a “subscription” requires payment under the Video Privacy Protection Act (VPPA).
Plaintiff Alexander Yershov filed suit against defendant Gannett Satellite Information Network, Inc., alleging violations of the VPPA. Gannett publishes USA Today and has created the USA Today app, a mobile app designed to run on smartphones and other mobile devices and permit readers to view the online version of the newspaper. Users of the app can access video clips on various news, sports and entertainment topics. In his lawsuit, the plaintiff alleged that Gannett violated the VPPA by disclosing PII in the form of unique device identifiers to third parties such as Adobe Systems, Inc., an analytics company.
Read more on Lexology.


(Related) Create your own “personally identifiable?”
Jack Bouboushian reports:
A federal class action claims online photo sharing service Shutterfly illegally uses facial recognition software to create a “face print” of anyone in its database of 20 billion photos.
Brian Norberg of Chicago says he’s never used Shutterfly or its subsidiary ThisLife and never had an account with either of them.
He claims they’re violating the Illinois Biometric Information Privacy Act by “collecting, storing, and using – without providing notice, obtaining informed written consent or publishing data retention policies – the biometrics of millions of unwitting individuals who are not users of Shutterfly.”
Read more on Courthouse News.




So many articles on the failures of government make me think it must be time for another persidential election. (Everyone gets their own “Quemoy and Matsu” crisis to flog.)
Federal Auditor Finds Broad Failures at N.H.T.S.A.
Even as evidence poured into the nation’s top auto safety agency pointing to dangerous defects in millions of vehicles, regulators repeatedly failed for years to root out problems and hold carmakers accountable, according to a long-awaited internal audit by the Transportation Department.
The bluntly worded report, ordered last year after General Motors began recalling 2.6 million cars with a defective ignition switch, paints a bleak portrait of the National Highway Traffic Safety Administration, the agency charged with overseeing safety in the auto industry.




A couple (Okay, 3 out of 5) might be useful! Imagine that.
5 Sites That Teach You New Skills Quickly – Guitar, Mod Minecraft, & More
Instinct: Guitar Tutorials with Realtime Feedback
TweetType: Learn Typing While Reading Tweets
Grammarly (Chrome): Spell Check and Grammar Check for Your Browser
Grammarly is a Chrome extension that not only points your mistakes out, but also explains them.




Once a week is all I could probably take. (You can't make this stuff up)
Hack Education Weekly News
… New York has passed a bill that would require sexual assault charges be included on college transcripts.
The staircase at Utah Valley University that’s been painted with three lanes – one for walking, one for running, and one for texting
… Newark Memorial High School in California has become the first high school in the US to install “gunshot-sensing technology” which places microphones and sensors in hallways and classrooms.
… “Our findings, consistent with previous evidence, suggest that passage of state medical marijuana laws does not increase adolescent use of marijuana” according to a study published in The Lancet.
Via Education Week: “U.S. Millennials Know Technology, But Not How to Solve Problems With It, Study Says.”




Just because I love jazz. (and I'm old, if not old school)
An 11-year-old prodigy performs old-school jazz


Friday, June 19, 2015

Are they responding to new rules or AT&T's $100 million fine? I guess saying you will comply with the law sounds better.
Sprint stops throttling data in response to net neutrality
Sprint stopped slowing traffic on its network for customers who use a lot of data in order to make sure it is complying with the new net neutrality rules, The Wall Street Journal reported.




Explains a lot, doesn't it.
Top FAA Official Says 'Not My Problem'
The FAA’s VP of Safety and Technical Training says cheating on FAA air traffic control exams and corruption in the air traffic control hiring process is not his problem. Joseph Teixeira, the FAA administrator in charge of safety standards is also in charge of leading the agency’s technical training and certification of air traffic controllers and technicians.




The Art of CyberWar. What to do when the other guys are as smart as you are...
The US-led campaign against ISIL is going well in neither the terrestrial nor cyber realms. ISIL’s successful offensives against Ramadi in Iraq and Palmyra in Syria in late May triggered controversies that the Paris meeting of the anti-ISIL coalition in early June did little to resolve. The State Department followed this bad news with an unflattering post-Paris assessment of US and coalition efforts against ISIL’s online offensive. The New York Times described this document as painting a “dismal picture of the efforts by the Obama administration and its foreign allies to combat the Islamic State’s message machine, portraying a fractured coalition that cannot get its own message straight.” This perspective reinforced a Washington Post article from early May about problems with US counter-militant messaging in the Bush and Obama administrations.
Countering ISIL’s use of the Internet, especially social media, has clearly confounded the United States and its partners.
… Two new publications issued this week analyze the problems ISIL’s online activities create and offer recommendations to improve countermeasures. In a Council on Foreign Relations Cyber Brief, I focus on challenges the US government and tech companies face in taking down online content associated with ISIL without compromising commitments to free speech. In a Wikistrat report, Daveed Gartenstein-Ross and Nathaniel Barr argue that ISIL is “winning its propaganda war” against Western powers and advise the United States on how to strengthen online counter-messaging activities.
[You should check out WikiStrat http://www.wikistrat.com/ Bob]




Might fit into one of my Computer Security classes.
WikiLeaks Dumps 276,000 More Documents from Sony Hack
The new release adds to more than 30,000 documents published by WikiLeaks in April. Both groups of documents can be searched on the WikiLeaks page.




Hey, we've got all these users, how can we use them? (Aside from making them watch all those Ads)
Google News Lab launches three new projects focused on crowd-sourced journalism
The News Lab at Google, run by former YouTube executive Olivia Ma, launched three interesting projects on Thursday, all of which are focused to some extent on crowd-sourced or networked journalism. The first, known as YouTube Newswire, is a joint venture between the video platform and Storyful, the News Corp.-owned service that specializes in verifying content that comes from social media.
… The Google News Lab also announced the launch of another interesting project on Thursday called the First Draft Coalition. This is a working group of agencies focused on crowd-sourced journalism, including Storyful, the Eyewitness Media Hub, Bellingcat, the Reported.ly unit of First Look Media, Meedan, Emergent and Verification Junkie. All will be contributing to a new site for verification and ethics training, which will feature tools and research.
… Bellingcat also open-sources all of the data that it generates, including photos and video, using a database tool called Silk, which allows anyone to contribute their own content to the project or update information, and also allows other media outlets or sites to embed the content easily on their own sites.
The third project from Google is called The WITNESS Media Lab, and is a partnership with a non-profit group called WITNESS that trains non-journalists in how to report on injustice and human-rights violations around the world.


(Related) Why? Or, What Google learned by analyzing their data.
Google Trends Now Shows the Web’s Obsessions in Real Time
Google Trends has long been a tool for journalists tracking what people wanted to know about in the recent past. The function hasn’t changed, but the tense has: Trends now tracks stories in real time, giving unfettered access to what the Internet wants to know in the moment.
Trends had been largely unchanged since 2012, a helpful but slightly backdated look at subjects people were searching for over the last day or more. As of today, you can see minute-by-minute information culled from the 100 billion searches that take place on Google at any given month. Not only that, but Trends now pulls in information from Google News and YouTube, for a fuller view of what people want to know.




If I use a Google mapping App to guide a tour, am I a Google employee? (Digest Item #1)
Uber Drivers Are Employees In California
Basically no one works for Uber – at least, that’s what the $40 billion company claims. The more than 167,000 drivers around the world are all independent contractors, driving their own cars, all of whom just happen to use Uber’s technology to find customers.
That might be changing, at least in California. A ruling by The California Labor Commission this week awarded San Francisco resident Barbara Ann Berwick, a former Uber driver, $4,000 in “unpaid wages” – something independent contractors are not entitled to.
Uber, and other sharing economy companies like TaskRabbit and Handy, could end up seeing similar scrutiny throughout the golden state. Uber, for its part, claims the ruling applies only to Berwick.
[From the Reuters article:
Uber said in a statement that officials in five other states have found that its drivers are independent contractors.
And in 2012, the same California commission found that another Uber driver was an independent contractor, citing evidence such as the ability of the driver to determine his own hours.
… But the commission said Uber controls the tools [The software that summons a ride? Bob] driver use, monitors their approval ratings and terminates their access to the system if their ratings fall below 4.6 stars.




Perhaps there isn't a “One model fits all” solution?
Artist rebellion against Apple Music grows as independent labels say they won't participate in the launch
Independent record labels are concerned that by giving away their music for free during Apple Music's three month free trial, they will essentially be footing the bill for Apple's launch.
So they are bailing on the music-streaming app.




Took 'em long enough.
NHTSA’s Database Now Lists All Affected Vehicles
by Sabrina I. Pacifici on Jun 18, 2015
If your vehicle is manufactured by BMW, Chrysler, Daimler Trucks, Ford, General Motors, Honda, Mazda, Mitsubishi, Nissan, Subaru, or Toyota, you may be affected by a recall on airbags. The recall affects nearly 34 million vehicles in the U.S. If your vehicle is manufactured by the brands listed above use the National Highway Traffic Safety Administration’s (NHTSA) VIN search tool or a specific vehicle-maker’s site to confirm if you are affected by the recall. If your vehicle is listed, contact the manufacturer [Actually, the manufacturers want you to contact the dealers. Bob] to find out when you can get your vehicle fixed and at no cost to you. You can also continue to check for updates on this recall or subscribe to NHTSA’s Recall Notification E-mail System.”




A skill my students should master? Law and journalism as well as piloting tips...
The Best of Internet: Learn How to Pilot a Drone with These Handy Websites


Thursday, June 18, 2015

“Everybody does it!” But probably not after they think about this for a while.
AT&T hit with $100M fine for throttling "unlimited" data
The Federal Communications Commission announced on Wednesday it will impose a whopping $100 million fine on AT&T to punish the phone carrier for severely slowing down the data speeds of customers who have “unlimited data plans.”
According to the FCC, it received thousands of complaints over AT&T’s slow mobile internet, and that the carrier failed to notify subscribers it was providing slower-than-advertised speeds.
“The Enforcement Bureau’s investigation revealed that millions of AT&T customers were affected. The customers who were subject to speed reductions were slowed for an average of 12 days per billing cycle, significantly impeding their ability to use common data applications such as GPS mapping or streaming video,” said the FCC in a news release.
… “Unlimited means unlimited,” said FCC Enforcement Bureau Chief Travis LeBlanc. [Honesty, what a concept! Bob]




Interesting that AT&T does poorly here too.
EFF’s 2015 Data Privacy Report Lauds Apple, Dropbox, Slams Verizon
Digital rights organization the Electronic Frontier Foundation (EFF) has published its fifth annual Who has your back? report into online service providers’ transparency and privacy practices when it comes to government requests for accessing user data.
The organization notes a general transformation among major Internet players to be more transparent with users about data requests over the past four years. But for its latest report it’s tightened evaluation criteria, arguing that “it’s time to expect more from Silicon Valley”.




When innovation crosses the line?
Beware the Listening Machines
One of my great pleasures in life is attending conferences on fields I'm intrigued by, but know nothing about. (A second pleasure is writing about these events.) So when my friend Kate Crawford invited me to a daylong “Listening Machine Summit,” I could hardly refuse.
What's a listening machine? The example of everyone's lips was Hello Barbie, a version of the impossibly proportioned doll that will listen to your child speak and respond in kind.
… Barbie accomplishes this magic by recording your child’s question, uploading it to a speech recognition server, identifying a recognizable keyword (“New York”) and offering an appropriate synthesized response. The company behind Barbie’s newfound voice, ToyTalk, uses your child’s utterance to help tune their speech recognition, likely storing the voice file for future use.
… listening machines trigger all three aspects of the surveillance holy trinity:
  1. They're pervasive, starting to appear in all aspects of our lives.
  2. They're persistent, capable of keeping records of what we've said indefinitely.
  3. They process the data they collect, seeking to understand what people are saying and acting on what they're able to understand.
To reduce the creepy nature of their surveillant behavior, listening systems are often embedded in devices designed to be charming, cute, and delightful: toys, robots, and smooth-voiced personal assistants.




There are things your App can do that you really need to think about. Do you need to do what the App allows you to do?
'Find My Phone' Leads To Tragic Shooting Death Of Man Seeking Stolen Smartphone
... Location technology means that, at least while the phone is on, we can see right where it is on a map. This week, an 18-year-old’s attempt to retrieve his smartphone in Ontario, Canada ended in tragedy.
Jeremy Cook apparently left his smartphone in a taxi and then looked the phone up online, at which point he discovered that someone else had picked it up. He and a relative went out to locate the person carrying his phone and ended up confronting three people in a car outside a strip mall in London, Ont. During the confrontation, Cook was shot multiple times and died at the scene.




Another player thinks they can lock out the NSA and China. Is the apparent security a competitive advantage?
Reddit to fully encrypt traffic
Reddit, the self-described “front page of the Internet,” will start encrypting all of its traffic by the end of the month, joining other major Internet players that have made similar moves in recent months.
… Many digital giants, including Facebook, Google and Wikipedia, have all already transitioned to what’s known as HTTPS everywhere. Most websites continue to use the unencrypted HTTP protocol to communicate data.
… Even the U.S. government recently said all federal websites will only provide service through an encrypted connection by the end of 2016.
But the tech community has repeatedly clashed with the government over encryption, accusing it of not supporting strong, robust encryption.
Government officials maintain that while strong encryption is key to free speech and fighting oppression, it also enables criminals to operate without fear of detection.




Yet another branch of government being “managed” by people who can't manage? Are we guaranteeing that only second rate controllers are guiding planes?
DOT to Investigate FAA Based on FOX Business Report
The Department of Transportation is investigating the Federal Aviation Administration (FAA) following a FOX Business Network report, which uncovered misconduct and cheating in the air traffic controller program. The DOT released a statement on their investigation.
Earlier, the FAA launched its own internal investigation after a six month FOX Business Network report, Trouble in the Skies, uncovered misconduct and cheating in the FAA air traffic controller program.
… FAA administrator Michael Huerta says he is troubled by the reports of misconduct and ordered the investigation in response to a letter from the Subcommittee on Aviation chairman demanding answers.
The letter was signed by 14 members of congress after FOX Business broadcast recordings of FAA employees offering to help air traffic control applicants cheat on a key test.
The FBN investigation also uncovered shocking details of corruption within the FAA as it deals with the growing scandal. Critics of the FAA are calling Huerta's internal investigation the "same old dog and pony show" and are demanding Congress hold hearings.




Perhaps we should create a Forrest Gump award? (“Stupid is as stupid does”) This seems more like a Cristo art project than anything useful.
Project to move Wikipedia from computer to many books
by Sabrina I. Pacifici on Jun 17, 2015
NYT – “The Wikipedia entry for “quixoticism” runs only about 255 words. But if anyone could argue for a personal mention, it might be Michael Mandiberg. For the past three years, he has been fully engaged in a project that might make even the most intrepid digital adventurer blush: transforming the English-language Wikipedia into an old-fashioned print reference set running to 7,600 volumes. Mr. Mandiberg, an interdisciplinary artist who teaches at the College of Staten Island and the Graduate Center of the City University of New York, describes the project as half utilitarian data visualization project, half absurdist poetic gesture… [What is vast online is half vast in print. Bob] For the code-literate, the technical operations will be tracked on a monitor in the gallery and online at printwikipedia.com.”




Perspective.
It’s All About The Context - How Mobile Is Crucial For Marketers
The mobile is clearly no longer the second screen for customer engagement. Nearly a third of total digital traffic (31 percent) is now via mobile devices, with more consumers than ever using their mobile devices to engage with companies, be that shopping or interacting over social media.
Yet 71% of marketers still rank desktop as the primary route for providing a consistent customer experience, according to the Econsultancy/Adobe Quarterly Digital Intelligence Briefing: The Quest for Mobile Excellence.




Big Data just keeps getting bigger!
HathiTrust Research Center adds 5 billion pages
by Sabrina I. Pacifici on Jun 17, 2015
News release: “…Partnering with close to 100 research libraries from around the world, HathiTrust holds about 595 terabytes of digitized textual data — that’s about 157 miles, or 10,000 tons of text. In 2010, HathiTrust launched the HTRC to help researchers around the world accomplish tera-scale data mining and textual analysis. The HTRC is a collaborative effort among Indiana University; the University of Illinois, Urbana-Champaign (UIUC); and the University of Michigan. Until recently, the HTRC had access to less than a third of the full HathiTrust repository. That all changed this year, and now the HTRC is working with the University of Michigan to enable analysis of the entire 5 billion pages of textual data in the HathiTrust repository. “This will be the first time that a researcher could analyze, as data, a collection that is equivalent to some of the largest research libraries in the world,” says Robert McDonald, associate dean of libraries at Indiana University. This poses a new challenge for the HTRC. Most of the texts in the HathiTrust remain under copyright, so one of the chief HTRC goals is to ensure non-consumptive research access to these protected works. This stipulation has led the HTRC to create the Secure HathiTrust Analytics Research Commons (SHARC), a secure framework for researcher access to restricted content.”




It's never too early t think about stocking stuffers.
Why Stay Boring: Find Funny Office Supplies with These 8 Websites




Just because?
Need Food? 8 Best Social Restaurant Recommendation Apps Worldwide




Resources for my Math students.
MIT Open Courseware: Free Math Videos and Learning Materials
… The MIT Open Courseware is a website by the Massachusettes Institute of Technology where they publish actual class videos from the said Institute. This means that unlike Khan Academy where you see an electronic whiteboard/blackboard, in MIT Courseware you see real professors teaching and interacting with students.
… Aside from videos, they also contain audio course. The complete list of uploaded audio and video courses can be found here. The Youtube Channel can be found here.
… Aside from mathematics, the courses in MIT Open Courseware also include science, technology, engineering, and social science.




Surprising that they missed LibreOffice and IBM's Lotus Symphony.
4 Free Spreadsheet Alternatives to Microsoft Excel




Tools for students?
Your about.me profile is now a portable digital business card thanks to this new app
… About.me has always been a digital business card of sorts, a convenient place to list basic work experience and links to a user’s different social media accounts. The new Intro by about.me app aims to embrace that usage by offering users the ability to share and view about.me profiles on either Windows Phone or Windows devices.
The app allows users to control the specific information they share, send the info to an email address, phone number or about.me account, keep a history of about.me cards both sent and received, communicate with contacts either through the app directly or by adding their information to the device’s address book and of course, view a user’s entire about.me profile page.




Definitely something NOT for my students. (Digest Item #1)
Carry On Watching Cat Videos
That time you spend watching cat videos online may not actually be as wasteful and pointless as you have been led to believe. In fact, according to a new study published in the Computers in Human Behavior journal, watching cat videos may be good for you.


Wednesday, June 17, 2015

Potential jobs for my Computer Security students! (And my Ethical hacking students?)
Big league breach? Cardinals investigated for hacking the Astros
Employees of the St. Louis Cardinals are under federal investigation for hacking databases belonging to the Houston Astros, the New York Times reported on Tuesday.
The employees, who have not been named, are alleged to have hacked into a database used by the Astros to track player development.
The database was developed by a former Cardinals executive who had left to join the Houston team. Cardinals employees alleged used a list of master passwords belonging to the executive from his time with the team to access the system, according to the Times.




Beware of passengers playing Flight Simulator games? I think each of these problems have already been addressed and there is a “Best Practice” solution for them. The question as always is; “Have developers of these new technologies designed in security?”
The Ever-evolving Cyber Threat to Planes
Hackers and cyber-terrorists present an ever-evolving threat to airlines, with experts constantly testing for new vulnerabilities -- including the fear that drones could be used to throw a plane off course.
Most agree hacking a plane would be a near-impossible feat, but some professional hackers have claimed airline computer systems are riddled with weaknesses that could allow someone to break in, perhaps even through the in-flight entertainment system.
US computer security expert Chris Roberts recently claimed to have hacked into a plane's controls through the entertainment console and to have issued a "climb" command.
But speaking at the Paris Air Show this week, Alain Robic of Deloitte Consulting, an expert on cybersecurity, said the claims were not credible.
Robic was working for Airbus in 2005 when a hacker showed them how he could penetrate the flight controls from a passenger seat while they were designing the new A380.
"The bosses were shocked. It was a revolutionary moment. They re-engineered everything to separate the systems so it could never happen again," said Robic.
David Stupples, a professor of electronic and radio systems at City University in London who advises Airbus, said the latest threat he was exploring was whether a drone could be used to send radio signals to an aircraft and confuse its systems.
"If I could get a signal to the aircraft that caused it to become confused while it's on its final approach, could I cause an incident? My view is yes," said Stupples, adding that flying near to the plane could allow the drone to overpower signals from the ground.
Stopping this kind of activity means preventing drones from flying near airports -- something which has only recently become possible with new forms of radar capable of spotting tiny aircraft.
Stupples said there was a greater threat of an employee with access to the computer data hubs uploading malware to an aircraft's systems.


(Related) Making the right promises, but not moving with any sense of urgency? (I'm sure the photograph that accompanies the article is just a coincidence.)
First responder network will be secure, chief assures lawmakers
Strong cybersecurity will be built in to a nascent network for emergency first responders, its director said at a Tuesday hearing.
“We have a unique opportunity as we develop a network that’s going to be deployed that we can start from the beginning and bake in security from day one,” said TJ Kennedy, the acting executive director of FirstNet.
… “We’re not reinventing the wheel,” he told lawmakers. “We’re leveraging a lot of best practices that are in place both in the private sector and in government today.”
… FirstNet was conceived after the September 11 attacks, when many first responders had incompatible communication systems. It was authorized by Congress in 2012.




On Monday I posted an article about Google providing search for the Patent Office, because the government couldn't do it. Here's some more evidence that (for whatever reason) lots of government departments and agencies can't do IT.
Feds leveraging data from egov site
by Sabrina I. Pacifici on Jun 16, 2015
Via Government Executive: “It’s surprising how many agencies now use USASpending.gov to “access their own data,” said David Lebryk, the fiscal assistant Treasury secretary who on Monday delivered an upbeat assessment of governmentwide progress in implementing the 2014 Digital Accountability and Transparency Act. “We’re off to a great start on tough challenges, but outsiders don’t really appreciate how complex government is,” he said at a breakfast sponsored by the Johns Hopkins University Government Analytics program and REI Systems. “We’re not a small business,” Lebryk said, referring to the federal government. “We’re the biggest entity in the world. And at a time of budget constraints, there is more scrutiny of spending, of which the DATA Act is a part.” Lebryk and Comptroller David Mader are leading the team charged with implementing the DATA Act, which is designed to standardize spending information in machine-readable formats to make it accessible to the public. “With no new funding,” Lebryk said, “we’ve tried to think it through creatively, to use technology as our friend. We’re not doing massive system changes, and it’s important that the data be owned by the agencies.”




Not all new features are welcome.
How to turn off Twitter's annoying new autoplay feature
Twitter has introduced a new autoplay feature, meaning all videos, Vines and gifs in your timeline will automatically start playing as you scroll down.
While the sound is muted until you actively click on it, some users are already complaining about autoplay. Twitter said that during testing the feature generated more views and engagements for advertisers, so you're likely to see a whole lot more brand clips cropping up in your feed. Not happy about being bombarded by ever more adverts? Here's how to turn it off.




I suppose this could be social networking too.
Amazon’s Next Delivery Drone: You
In its ceaseless quest to speed delivery, Amazon.com Inc. wants to turn the U.S. into a nation of couriers.
The Seattle retailer is developing a mobile application that would, in some cases, pay ordinary people, rather than carriers such as United Parcel Service Inc., to drop off packages en route to other destinations, according to people familiar with the matter.
… But the concept faces many hurdles, from how Amazon will vet deliverers to whether physical retailers will cooperate with a key rival. Major shippers are efficient; it costs UPS an average of about $8 to deliver a package in the U.S.
Amazon ships an average 3.5 million packages a day, according to SJ Consulting Group, so it would need a lot of couriers to make a meaningful impact.




Do you think my students know about this? I've been surprised to learn how many don't know social networking. I try to learn what they do, but have to try much harder to see why I would use them. Perhaps I'm just anti-social?
What is Snapchat? App's founder explains social media phenomenon
Ever wondered what Snapchat is but been too embarrassed to ask? You're probably not the only one.
Evan Spiegel, the photo messaging app's co-founder and chief executive, has provided the parent's guide to the phenomenon in a four-minute YouTube video.




Perspective. What they do is interesting. Too tired/lazy to go to a restaurant? Food delivered to your home seems hot. (The service, not necessarily the food.)
The 13 European tech startups that are most likely to be worth $1 billion next
Roughly three European tech companies a year have been sold or floated on the stock exchange, or otherwise valued by investors, at $1 billion or more since 2000, according to data from British investment bank GP Bullhound.
But since April 2014, Europe has added 13 companies to its list of "unicorns."




A smart addition? I think so. It supports the businesses they rely on. (Digest Item #2)
Etsy Now Offers Crowdfunding
Etsy has launched its own crowdfunding platform designed to help Etsy sellers expand their businesses. Fund on Etsy is essentially Kickstarter for handmade products. It exists within the Etsy ecosystem, which means most of the buyers and sellers involved will already have some sort of relationship.
Right now, Etsy only exists as a marketplace for handmade products, but Fund on Etsy means small businesses can seek funding in order to launch a new product. They can then use the profits to add employees, purchase new tools, or expand their studio space. Which means that, potentially at least, everyone’s a winner.
Fund on Etsy is starting life as a U.S.-only pilot program for selected sellers. This will run from now until August 16th, at which point Etsy will decide whether it was successful enough to roll out on a larger scale. In the meantime, just remember that crowdfunding can be a bit of a gamble, as there are no guarantees that sellers will deliver on their promises.




Something for my techie students.
How to build a Twitter "Hello World" web app in Python
As the documenters of the API economy, ProgrammableWeb is producing a series of tutorials – the “Hello World of APIs” – that demonstrates how to integrate an application with the most significant API providers in the industry, using a variety of the programming languages to achieve it. Each tutorial will walk through the steps a developer will undertake in understanding the API in question and ultimately an example of an application to call the API.
… By the end of the tutorial a developer familiar with Python should have sufficient knowledge to be able to build an application of his or her own that integrates with the Twitter REST API.




A good article for my IT Governance and Risk Management class. This could have come directly from the textbook. (Students, you have been warned!)
Security Leaders - Welcome to the Spotlight
In my previous column, I discussed how many security leaders today are being thrust into the lime light and the resulting pressures on both careers and security needs. As I previously stated – being in the spotlight and suddenly accountable to the company for enterprise security is a double-edged sword.
Let me talk through some of the things successful security executives have shared with me from their accomplishments and challenges. I believe sharing struggles and failures is just as important as sharing successes, because I’d rather learn from someone else’s mistakes.
1. Learn and understand your business goals.
2. Leave your comfort zone.
3. Define your desired level of security
4. Fail fast, recover faster.




A resource for Big Data, and all my student researchers. I post a couple of my favorites, but scan the entire list.
15 Massive Online Databases You Should Know About
An invaluable tool for students and academics alike, CiteSeerX is a public search engine and digital library of academic and scientific papers. Often considered the first automated citation indexing system, it was the inspiration for Google Scholar and Microsoft Academic Search. Though the latter has since been integrated into the Bing search engine.
CiteSeerX focuses on indexing public scholarly documents.
The reference site documents the collections of over 72,000 libraries around the world, covering 170 countries and territories.




For ALL my students. Learn how to communicate in the digital age! (...and again, proofread!)
Before You Send an Email, Run it Through This Checklist
Are you getting ready to send an email to a friend or colleague? Wait! Don’t click the send button just yet! Take your email and run it through this email etiquette checklist! It will allow you make sure you don’t do anything you’ll regret!




At least learn what Poison Ivy looks like. Not quite a Leaf Recognition App, but headed that way. (If Face Recognition is called Facial Recognition, is this App a Leafal Recognition App?)
Try LeafSnap for Help Identifying Plants
LeafSnap is a free iPad app designed by Columbia University, Smithsonian, and the University of Maryland for the purpose of helping people identify plants by taking pictures of them on their iPads. With LeafSnap installed on your iPad or iPhone you can take a picture of a leaf, upload it to the app, and then the app’s visual recognition technology will help you identify the name of the plant. It doesn’t work for all leaves and you do need to isolate the leaf be before you take a picture of it. In other words, you can’t just snap a picture of a big tree and ask LeafSnap to identify it.
If taking pictures of leaves is not a practical option for you and your students, LeafSnap still has valuable content for you. LeafSnap offers a large gallery of pictures of leaves. The gallery is organized alphabetically. Tap on any picture in the gallery to see more pictures of the same leaf, descriptions of the tree that it grows on, and where those trees grow.
… Earlier this week I shared the Merlin Bird ID app that helps students identify birds.




Dilbert explains privacy in the age of drones.


Tuesday, June 16, 2015

A breach at a basket (site) where (some) users store all their eggs.
LastPass Breached, Users Advised to Update Master Passwords
Officials at password manager LastPass revealed the company has been compromised in a data breach.
According to LastPass CEO Joe Siegrist, an investigation into suspicious activity detected and blocked on the company's network Friday has revealed that LastPass user account email addresses, password reminders, server per user salts and authentication hashes were compromised.
"We are confident that our encryption measures are sufficient to protect the vast majority of users," he blogged. "LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed." [Which I read as a jargon laced admission that eventual compromise is inevitable. Bob]
Rapid7 Security Engineering Manager Tod Beardsley said that he was pleased to see that LastPass disclosed the breach in a weekend's time. He added however that the attackers apparently have all they need to start brute-forcing master passwords.
"The fact that the attackers are now armed with a list of LastPass users by e-mail means that we may see some targeted phishing campaigns, presenting users with fake “Update your LastPass master password” links," said Beardsley.




I wonder how many times I have urged organizations to turn on their logs. Without them it is very difficult to determine what happened during breaches. That's why so many organizations have difficulty determining what information was compromised.
Log management is leading use case for Big Data
Companies that have deployed Big Data solutions are most likely to be using them for log management, according to a study released last week by the SANS Institute. This security use case was followed closely by data archiving, operational data storage, advanced analytics, data discovery, and search.
According to the survey of more than 200 professionals in IT, security and compliance, more than half of the 55 percent of organizations that have deployed Big Data projects use the technology for log management. In addition, of those who plan to deploy Big Data in the next two years, 58 percent said that log management is a priority.
Log data, intrusion alerts, and other types of security-related information is a perfect fit for Big Data systems, said Sam Heywood, director of the Cloudera Security Center of Excellence at Cloudera, which sponsored the report.
The volumes are large, the information comes in a variety of data types, and it's coming in at a high velocity.
… The study shows the level of trust that companies are starting to put in their Big Data platforms, said Heywood.




“Just letting you know we're serious.”
Facebook taken to court by Belgian privacy watchdog
The country's Privacy Protection Commission (CPP) also accused Facebook of tracking the browsing habits of non-users, as well as its own members.
The action follows criticism of Facebook by the same body in May.
Facebook said it was surprised that the CPP had taken the "theatrical action" because it was due to meet the watchdog this week to discuss its concerns.
The CPP said it took the decision because Facebook did not provide "satisfactory answers" to the questions it raised last month, according to a spokeswoman.




Facial Recognition Stalemate Convinces Privacy Groups To Walk Out Of Tech Industry Talks
Nine civil liberties and consumer groups have abandoned talks with trade associations after the two sides failed to find common ground over facial recognition technology. Privacy groups have said companies like Facebook should obtain an individuals' authorization before putting someone's face in a database linked to their name and other personal details.
Industry and privacy groups have spent 18 months negotiating at the National Telecommunications and Information Administration, a division of the U.S. Department of Commerce, to create a voluntary code of conduct around the implementation of facial recognition software. That ended Tuesday when the Electronic Frontier Foundation, the Center for Democracy & Technology, the American Civil Liberties Union and six others walked away, citing a lack of cooperation.
“At a base minimum, people should be able to walk down a public street without fear that companies they've never heard of are tracking their every movement – and identifying them by name – using facial recognition technology,” the groups said in a statement to the New York Times. “Unfortunately, we have been unable to obtain agreement even with that basic, specific premise.”




Perspective.
Asia To Surpass North America As Wealthiest Region In 2016; Fintech Set To Change Wealth Management
Fast growth in Asia and strong market performance drove much of the wealth growth in 2014, when worldwide assets reached a record-high $164.3 trillion, according to the 2015 Global Wealth Report by the Boston Consulting Group, Winning the Growth Game. Wealth managers and advisory firms are also anticipating the coming digital revolution in financial services, though a tangible impact has yet to be felt.
… wealth in North America grew 5.6% to $50.8 trillion, making it the wealthiest region, but Asia-Pacific, not including Japan, grew at 29.4% to $47.3 trillion. (Japan grew 2.5% in 2014.)
In fact, Asia-Pacific is expected to surpass North America as the wealthiest region in 2016, with China (at 25% growth) and India (at 44% growth) being the main catalysts.


(Related)
Number of super rich in India tripled in 2014




One possible future?
What the Office of the Future Might Look Like (Infographic)
Your Jetsons-esque future could arrive sooner than you think, according to a recent study from Johnson Controls, a Milwaukee, Wis.-based tech and engineering firm that specializes in sustainable products. The company put together a study that looks ahead 25 years to predict what our offices and work days will look like in the future.
The authors of the study foresee a future that is dominated by adaptable technology and physical spaces.




Something I can use in many classes. I wish my Data Management students thought about social media this way!
How Do You Use Social Media? A 20-Something’s Theory of Social Media Niches
With the widespread use of major social media platforms, it can be hard to understand why new ones keep being created. Could this be because each social network actually only fills one or two specific niches for users?
… How Many Apps Do We Need?
The fact of the matter is, if Facebook (or an equivalent) was truly able to meet all of our online communication needs there would be a limited market for other social media platforms, and it would be unlikely for them to become successful.
Obviously, there are niches in communication that major social media platforms have not been able to fill — leading to the development and widespread use of new social media platforms.
Theory: A lot of these social media niches exist because the development of any communication feature comes at the expense of others.
For example, Facebook is impossible for other social networks to compete with directly because its popularity and use of your real name, real photos, and real-life friend groups makes it an unparalleled resource for sharing life events quickly with the people you care about. However, this same functionality can make it an impossible platform for discussing current events candidly, sharing photos as an event is occurring, or for meeting people who have similar interests to you. Twitter, Snapchat, and Tumblr, respectively, are three examples of apps that have been developed to meet these communication needs.
… What Niche Does Each Social Media Platform Fill?
[Nice summary of 15 social media types follows Bob]




This is why I read Science Fiction. (Because the future does not frighten SciFi authors.)
The Earliest Accurate Predictions of Wikipedia, Skype, Netflix, Online Learning, and The Internet Itself


Monday, June 15, 2015

Should we go tit-for-tat? Suppose we have already hacked China and this is their response? Where is Clausewitz when we need him? Anyone drafting “On CyberWar?” What “other means” are possible once politics fail?
Obama under pressure to retaliate for hack
The massive digital theft of millions of federal workers’ data is mounting pressure on President Obama to take a tougher stand against state-sponsored cyberattacks.
Since the infiltration of the Office of Personnel Management by suspected Chinese hackers, lawmakers, experts and 2016 hopefuls have pushed for a range of responses, from economic sanctions to currency restrictions to aggressively hacking back at Beijing officials.
The OPM hack is believed to be part of a broader Chinese cyber espionage scheme to construct a comprehensive database of millions of government workers that could allow hackers to imitate, blackmail and digitally exploit high-ranking officials.
… “I don’t know that frankly, in this case, in the absence of any independent evidence that doesn’t rely on [classified] intelligence sources, that it would make sense to do that,” said Chris Finan, a former Obama administration cybersecurity adviser. “What do you get in return?”
Finan and others believe such sanctions would simply provoke China and do little to change its hacking behavior.




Sounds like we need law professors with experience in both antitrust and privacy. I know there one at the Sturm College of Law (DU), are there any others?
Problems and Perils of Bootstrapping Privacy and Data into an Antitrust Framework
by Sabrina I. Pacifici on Jun 14, 2015
Manne, Geoffrey A. and Sperry, Ben, The Problems and Perils of Bootstrapping Privacy and Data into an Antitrust Framework (May 29, 2015). CPI Antitrust Chronicle, May 2015. Available for download from SSRN: http://ssrn.com/abstract=2617685
“Increasingly, people use the internet to connect with one another, access information, and purchase products and services. Along with the growth in the online marketplace have come concerns, as well, particularly regarding both the privacy of personal information as well as competition issues surrounding this and other data. While concerns about privacy and data are not unique to the internet ecosystem, they are in some ways heightened due to the ubiquitous nature of information sharing online. While much of the sharing is voluntary, a group of scholars and activists have argued that several powerful online companies have overstepped their bounds in gathering and using data from internet users. These privacy advocates have pushed the U.S. Federal Trade Commission (“FTC”) and regulators in Europe to incorporate privacy concerns into antitrust analysis. Here, we focus on the two most-developed theories of data-related antitrust harm: first, that privacy should be considered in mergers and other antitrust contexts as a non-price factor of competition; and second, that the collection and use of data can be used to facilitate anticompetitive price discrimination. In addition, we analyze the underlying conception of data as a barrier to entry that is a necessary precondition for supporting either proposed theory of harm. We argue that there are no plausible harms to competition arising from either non-price effects or price discrimination due to data collection online and that there is no data barrier to entry preventing effective competition.”




Google get full access to patent information because the USPTO can't do what Google can do?
USPTO Teams with Google to Provide Bulk Patent and Trademark Data to Public
by Sabrina I. Pacifici on Jun 14, 2015
News release: “Under Secretary of Commerce and Director of the United States Patent and Trademark Office (USPTO) David Kappos announced [June 2, 2015] that the USPTO has entered into a no-cost, two-year agreement with Google to make bulk electronic patent and trademark public data available to the public in bulk form. Under this agreement, the USPTO is providing Google with existing bulk, electronic files, which Google will host without modification for the public free of charge. This bulk data can be accessed at www.google.com/googlebooks/uspto.html (link is external). The USPTO does not currently have the technical capability to provide this public information in a bulk machine readable format that is desired by the intellectual property (IP) community. This arrangement is to serve as a bridge as the USPTO develops an acquisition strategy which will allow the USPTO to enter into a contract with a contractor to retrieve and distribute USPTO patent and trademark bulk public data. The contractor will be capable of acquiring this bulk data and providing it to the public.”




Perspective. This is likely to be implemented by all content providers.
Wikimedia Rolling Out HTTPS to Encrypt All Wikipedia Traffic
The Wikimedia Foundation announced on Friday that it’s in the process of implementing HTTPS by default in an effort to encrypt all traffic on Wikipedia and other websites operated by the organization.
By deploying HTTPS for all traffic, the Wikimedia Foundation wants to ensure that users can surf its websites without sacrificing safety and privacy. HTTPS creates an encrypted connection between the user’s computer and the website to protect data against snooping governments and other third parties that might be monitoring traffic. In this case, the secure protocol also makes it more difficult for ISPs to censor access to certain Wikipedia articles.
In addition to rolling out HTTPS, a process that is expected to be completed within a couple of weeks, Wikimedia also announced the use of HTTP Strict Transport Security (HSTS) to provide protection against attempts to break HTTPS and intercept traffic.




I'll say it again. There is a real business opportunity here for someone to create online, interactive journals (and textbooks), particularly in fields that change rapidly. (Note the profit margins)
The Oligopoly of Academic Publishers in the Digital Era
by Sabrina I. Pacifici on Jun 14, 2015
Larivière V, Haustein S, Mongeon P (2015) The Oligopoly of Academic Publishers in the Digital Era. PLoS ONE 10(6): e0127502. doi:10.1371/journal.pone.0127502
“The consolidation of the scientific publishing industry has been the topic of much debate within and outside the scientific community, especially in relation to major publishers’ high profit margins. However, the share of scientific output published in the journals of these major publishers, as well as its evolution over time and across various disciplines, has not yet been analyzed. This paper provides such analysis, based on 45 million documents indexed in the Web of Science over the period 1973-2013. It shows that in both natural and medical sciences (NMS) and social sciences and humanities (SSH), Reed-Elsevier, Wiley-Blackwell, Springer, and Taylor & Francis increased their share of the published output, especially since the advent of the digital era (mid-1990s). Combined, the top five most prolific publishers account for more than 50% of all papers published in 2013. Disciplines of the social sciences have the highest level of concentration (70% of papers from the top five publishers), while the humanities have remained relatively independent (20% from top five publishers). NMS disciplines are in between, mainly because of the strength of their scientific societies, such as the ACS in chemistry or APS in physics. The paper also examines the migration of journals between small and big publishing houses and explores the effect of publisher change on citation impact. It concludes with a discussion on the economics of scholarly publishing.”




For my students (and others) with cluttered computers.
Find Everything on Your PC Quickly and Easily With Lookeen Free
Windows has features that allow you to search for files, but let’s be honest, they’re not very good.
If your computer is packed with files that you need to get to, and Windows search is leaving you wanting more, Lookeen Free is the solution for you. You can download it right now for free and find everything on your computer with ease.




If nothing else, my students should check the LinkedIn book.
Ten of the Top Social Media Books for Your Enjoyment
Social media continues to play an increasingly important role in the marketing of a small business today. No longer is it deemed enough to only have a website for your business. You now MUST engage with your clients, provide interesting and valuable content, and build a brand that clients are happy to recommend to others.
For this reason the various social media platforms available to do this are continually changing as they compete to be the platform of choice. This means that business owners have a need to regularly revisit and amend their social media marketing strategy.
… The Small Business Trends editorial team has sifted through volumes of social media books and picked out a list of 10 that we believe will help you stay on top of your social media marketing game.