Saturday, July 04, 2015

Just a couple observations: There is nothing in metadata that flags a particular communication as attorney-client. After all, if I call a lawyer that does not mean I've hired him. On the other hand, it has been my experience that what one intelligence agency does they all do. But that does not mean they share those conversations with the local prosecutor.
Global Legal Post reports:
The District Court of The Hague has ruled that surveillance of lawyers by intelligence agencies constitutes an infringement of fundamental rights and orders the State to stop all surveillance of lawyers’ communications.
The Court was questioned on the legality of eavesdropping on lawyers’ calls and communications by domestic intelligence agencies in a challenge brought against the Dutch State by the law firm Prakken d’Oliveira, the Dutch Association of Criminal Defence Lawyers (NVSA), and the Council of Bars and Law Societies of Europe (CCBE). In its verdict, the Court recognised that the ability to communicate confidentially with a lawyer is a fundamental right which is currently being breached by Dutch surveillance policy.
Read more on Global Legal Post.

Is it a cultural thing or a bureaucratic thing?
Yomiuri Shimbun reports:
An investigation into the recent unauthorized access of personal information from the Japan Pension Service found that 99 percent of the files accessed were not protected by passwords, sources said.
This contrasts with multiple reports issued since 2013 by all JPS offices nationwide claiming full compliance on password rules. If the files accessed were not protected by passwords, it would suggest that most of these reports were false.
Read more on The Japan News.

“So, what did you learn in school today?”
Steven Ertelt and Rebecca Downs write:
Earlier this month, reported on a high school in Seattle, Washington that is now implanting intrauterine devices (IUD), as well as other forms of birth control and doing so without parental knowledge or permission.
The high school, Chief Sealth International, a public school, began offering the devices in 2010, made possible by a Medicaid program known as Take Charge and a non-profit, Neighborcare. Students can receive the device or other method free of cost and without their parent’s insurance. And while it’s lauded that the contraception is confidential, how can it be beneficial for a parent-child relationship when the parents don’t even know the devices or medication their daughter is using?
Read more on LifeNews.
Confidential health care provided by schools has always been a hot-button issue (this blogger happens to support it), and it’s not surprising an anti-abortion site would try to call attention to this issue, but it does provide food for thought for parents.

An article for my IT Governance students. How should IT learn about this law (before the security breach)?
Linn Freedman writes:
On June 26, 2015, Rhode Island Governor Gina Raimondo signed Senate Bill S0134, the Rhode Island Identity Theft Protection Act of 2015, which substantially revises the old law, including breach notification.
Specifically, the new law requires municipal agencies, state agencies and any “person” that “stores, collects, processes, maintains, acquires, uses, owns or licenses personal information about a Rhode Island resident” to implement “a risk-based information security program” which “contains reasonable security procedures and practices…in order to protect the personal information from unauthorized access, use, modification, destruction or disclosure…”
Read more on JDSupra.

Is this supposed to be one of those deep ethical conundrums? Why would you recommend telling a searcher only what he wants to hear?
Should Google Always Tell the Truth?
What is Google’s responsibility to its searchers? In a Thursday panel at the Aspen Ideas Festival, Ashkan Soltani, the Federal Trade Commission’s chief technologist, offered a hypothetical that captured why that question is so difficult to answer.

Do they think this stuff up in a Finance class or in a bar, you be the judge.
MasterCard app plans to let you pay for things with a selfie
… The credit card company is experimenting with a mobile app that uses facial recognition to verify your identity. After downloading the app, you pay for things by simply looking at your phone and blinking once. The blink prevents thieves from showing the app a picture of your face in an attempt to fool it. Alternatively, the app can read your fingerprint.
… The new biometric methods for verifying your identity could replace passwords or PIN codes. MasterCard currently asks for a password to verify purchases with its SecureCode system.
The company is also experimenting with voice recognition and even a method of verifying your identity by reading your heartbeat.

Boy, that Capitalism thing is sure confusing.
China brokerages pledge to buy $19.3 billion in shares to steady plunging market
China's top securities brokerages said on Saturday that they would collectively buy at least 120 billion yuan ($19.3 billion of shares in a bid to stabilize the country's stock markets after a slump of nearly 30 percent since mid-June.
The pledge follows near-daily official policy moves over the past week, including an interest rate cut and a relaxation of margin lending rules, that have so far failed to arrest the sell-off, which some market watchers fear could turn into a full-blown crash.
… China stocks had more than doubled over the past year, fueled in large part by investors using borrowed money to speculate on further gains.
… Just a few months ago, state media had been exhorting the market's rise, saying China's bull market had just begun and denying that it was in a bubble. Investors big and small took that as a government signal to buy.
Now, Beijing is struggling to find a policy formula to restore confidence in the market before too much damage is done to the world's second-largest economy.

I think this is a bit behind the times, but my students might find some value here.
Digital Tools to Make Your Next Meeting More Productive

Good to see the old Alma Mater isn't standing still.
ICS-ISAC Merges With Webster University
The Industrial Control System Information Sharing and Analysis Center (ICS-ISAC) announced this week that it would merge with Webster University's Cyberspace Research Institute (CRI).
The non-profit ICS-ISAC is a knowledge sharing center established to help facilities develop situational awareness in support of local, national and international security.
The ICS-ISAC creates and maintains the Situational Awareness Reference Architecture (SARA) to foster knowledge sharing capabilities. SARA is a compilation of industry standards, technical practices and processes designed to enable situational awareness both at industrial facilities as well as across shared infrastructure.

Something for my students who want to be considered “experts.”
5 Sites to Easily Start Your Blog Using Evernote, Trello or WordPress

Something to start the new Quarter with.
Hack Education Weekly News
… The University of Phoenix is making massive layoffs and cutting degree programs. It let go 600 people on Monday, after revealing that it had already laid off 900 employees this year. MindWires Consulting’s Phil Hill also observes that the university is “Losing hundreds of millions of dollars on adaptive-learning LMS bet.”

Friday, July 03, 2015

You need to demonstrate harm. Spending money to prevent harm is part of everyday risk management. How could you show that something Home Depot did (or didn't do) resulted in a specific, uniquely identifiable risk that you needed to take specific actions to avoid?
David Allison reports that Home Depot is seeking dismissal of a lawsuit filed by financial institutions by arguing that the financial institutions haven’t demonstrated any concrete injury traceable to Home Depot:
Home Depot goes to on say that “No individual bank alleges any harm that it specifically incurred as a result of the Home Depot data breach, and the majority of the types of damage the banks seek to recover are expenses voluntarily incurred to protect against possible future harm.”
The home improvement giant adds that “the banks’ complaint should be dismissed because the banks have not stated a single actionable claim against Home Depot.”
To read Home Depot’s complete response to the financial institutions’ lawsuit, click here.

My favorite kind of moron.
In Congress, bad policy ideas are like vampires: They are very hard to kill because they’re always somehow coming back from the dead. Such is the case with this year’s iteration of the Senate’s “cybersecurity information sharing” legislation, the Cybersecurity Information Sharing Act (CISA), offered by the chairman of the Senate Intelligence Committee, Sen. Richard Burr (R-NC).
The bill has been roundly criticized by a wide range of privacy and civil liberties groups, many of whom view the legislation as a de facto surveillance bill. Even though an attempt to attach CISA to the annual National Defense Authorization Act failed last month, rumors persist on Capitol Hill that CISA will rise from the dead in July and get another shot on the Senate floor, with the recent and massive hack of the Office of Personnel Management’s databases being used to justify moving forward with the bill.

Double Secret law? Like Dean Wormer treats Animal House (and in this case, the Animal Senate)
Alex Newman writes:
Senator Rand Paul (R-Ky.) and the group Republicans Overseas Action are planning a lawsuit against the Obama administration’s Treasury Department and the Internal Revenue Service, the latest effort to stop a deeply controversial scheme known as the Foreign Account Tax Compliance Act (FATCA) that turns constitutional privacy protections upside down. Represented by a leading constitutional attorney, Senator Paul is taking aim at a barrage of pseudo-treaties — so-called “Intergovernmental Agreements” (IGAs) — negotiated by the administration with foreign governments and dictatorships under FATCA to share personal data. Critics contend that the information-sharing agreements and the statute itself are unconstitutional for numerous reasons.
Read more on The New American.

Interesting. Has nothing to do with reality. Go figure...
Unisys Security Insights – Report for US
by Sabrina I. Pacifici on Jul 2, 2015
Consumers in the U.S. are most concerned about data breaches at retailers and government agencies. U.S. consumers indicated relatively lower levels of concern about data breaches at other organizations such as airlines, healthcare and telecom companies. Interestingly, the perceived threat of data breaches is low for banks and utilities, possibly reflecting traditional high levels of trust in the security of these organization
  • 44 percent American respondents are most concerned about their personal data held by retailers, as many consumers seem to be losing trust in retail data security owing to recent high profile breaches.
  • Concerns about unauthorized access to personal data held by U.S. government agencies is somewhat high (39 percent), also possibly due to the recent publicized breaches.
Perceptions concerning the effectiveness of biometrics on personal devices are mixed in the U.S. About one-third view biometrics as effective, while a similar proportion is unsure.”

Very Zen headline, very loud communication, very annoying students? Why it probably won't spread much beyond China.
How to Use a Texting App Without Sending a Text
Voice messaging—or sending short audio clips instead of text messages—has taken China by storm. Step on a Beijing subway and you’ll see people barking into their phones intermittently, as if they’re using walkie-talkies.
… In theory, voice messaging (also known as “push-to-talk”) should be popular everywhere. Rather than fumbling with a tiny pixelated keyboard, users simply press a button and speak. [Have you ever seen a Chinese keyboard? Bob] Typos are an impossibility, because the recipient gets a recording, not text. You can free up your other hand, and watch where you’re going—much safer than texting while you walk (or drive).

Not just for my programming students. Good advice translated to any area of study.
10 Tips To Becoming A Better Programmer

A cautionary tale for ALL my students.
Paper – Internet searching not a substitute for knowledge
by Sabrina I. Pacifici on Jul 2, 2015
“Searching the Internet for information may make people feel smarter than they actually are, according to new research published by the American Psychological Association. “The Internet is such a powerful environment, where you can enter any question, and you basically have access to the world’s knowledge at your fingertips,” said lead researcher Matthew Fisher, a fourth-year doctoral candidate in psychology at Yale University. “It becomes easier to confuse your own knowledge with this external source. When people are truly on their own, they may be wildly inaccurate about how much they know and how dependent they are on the Internet.” In a series of experiments, participants who searched for information on the Internet believed they were more knowledgeable than a control group about topics unrelated to the online searches. In a result that surprised the researchers, participants had an inflated sense of their own knowledge after searching the Internet even when they couldn’t find the information they were looking for. After conducting Internet searches, participants also believed their brains were more active than the control group did. The research was published online in the Journal of Experimental Psychology: General.”

Thursday, July 02, 2015

Interesting that a judge had to explain attorney-client privilege to lawyers in his courtroom. If this turns out to be widespread, I think even Warren Buffet will be impressed with the cost. (I would never recommend this type of hacking to my Ethical Hacking students.)
Mike Heuer reports:
Major worker’s compensation insurers, including a Berkshire Hathaway company, hacked into thousands of confidential legal files to save money on judgments and settlements, an Angeleno claims in a federal class action.
Hector Casillas claims the insurers “hacked into privileged and confidential litigation files of thousands of individuals litigating worker’s compensation cases against them. The defendants stole these files from servers used by law firms representing the individual litigants and used the illegally obtained information to obtain a litigation advantage.”
Casillas claims the insurers hacked into tens of thousands legal files, including about 5,000 from Reyes & Barsoum, a prominent worker’s compensation law firm in California.
Read more on Courthouse News.
Courthouse News was unable to reach counsel for the parties to obtain any statements about this lawsuit, but it’s certainly one to watch.
[From the article:
He claims that attorneys for Reyes & Barsoum first suspected the hacking during an April 20, 2014 hearing when attorneys Ching and Mendoza revealed they had Casillas' "attorney-privileged intake packet" that bore Rony M. Barsoum's name at the top of the first page and contained the retainer agreement Casillas had signed.
When the judge asked how Ching and Mendoza had obtained the confidential file, they gave several explanations before saying they didn't know, Casillas says.
The judge declared the documents to be protected by attorney-client privilege and ordered Ching and Mendoza to turn them over to Reyes & Barsoum, along with any others that might turn up after a "diligent search," the complaint states.

Does Harvard teach Computer Security?
Melanie Y. Fu reports:
Harvard is investigating a security breach to its Faculty of Arts and Sciences and central administration information technology networks that administrators say may have compromised email login information.
The breach was discovered on June 19, according to a joint statement from Provost Alan M. Garber ’76 and Executive Vice President Katie N. Lapp released Wednesday, and the University is working with federal law enforcement officials and security experts on an investigation.
Garber and Lapp’s statement maintained that officials currently “have no indication that personal data or research data have been exposed,” [Translation: “We asked the security guys to keep us in the dark.” Bob] but administrators are urging affiliates of several University schools to change their Harvard email passwords in response to the incident. 
Read more on Harvard Crimson.
The breach had previously been noted on Vulnerable Disclosures on June 24:

Probably not related to “Trump the Presidential candidate.”
Donald Trump's hotel chain is likely victim of credit card data breach
Donald Trump’s hotel chain appears to be the latest victim of a credit card data breach, according to cybersecurity blog Krebs on Security.
Sources at major banks say they’ve traced patterns of fraudulent debit and credit card charges to accounts that have been used at Trump Hotel Collection resorts since at least February. Affected locations include Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York.

Something for my Computer Security students to play with in the Security lab.
Deutsche Telekom, Intel Partner to Develop IoT Honey Pots
German telecom giant Deutsche Telekom has teamed up with Intel Security on a joint research project to develop and deploy honey pots that can be embedded in any device, including smartphones and other connected (IoT) devices.
Deutsche Telekom's honeypot project was started in 2010, and currently runs about 180 honeypot sensors as part of its early warning system, which identifies upwards of 600,000 attacks per day.
Under the alliance, the network will be expanded by adding new sensors, which will “attract criminals looking for open ports or systems that do not have the latest security software.”
For those interested in deploying their own honey pot, Deutsche Telekom's Community Honey Pot Project offers a number of different honey pot options, along with resources, including ISO Images for Ubuntu, Scripts, and documentation.

A good article for my Risk management students. Best Practices?
Defending Against the Insider - Strategies From the Field
… The threat from insiders is very real, and in many cases an insider has significantly greater potential to harm an organization than an external attacker does.
Role-Based Access – It may sound like advice from 1997, but role-based access is one of the most overlooked and under-developed pieces of many enterprise IT strategies. As companies grow, expand and add employees, roles and responsibilities tend to shift. Coupled with the cumbersome processes of provisioning and de-provisioning access which takes time and resources, many companies simply opt for an “all-access” strategy. This generally means that the administrator who is watching the front desk has access to the same human resources files containing salary information as the vice president of the human resources department.
Privileged Access Management (PAM) – Every enterprise needs administrators and those with ‘root’ access to critical resources. These people are the watchers, and a higher level of trust is placed in them to do what is right and be good corporate stewards. But whether unintentionally or otherwise, those with privileged access can make mistakes. ... They should not use built-in ‘administrator’ or ‘root’ accounts in lieu of personal accounts tied to a specific person. In the event something goes wrong, the organization has a way of determining who is doing something questionable, rather than trying to understand who was using the root account.
Privileged-Role Separation – One organization not only has user and privileged accounts for each of their system administrator users, but they also have separate physical computers (now moving to virtual machines) for administrative and non-administrative activity.
Honeypots – Where allowed by local and corporate laws, honeypots can be a valuable indicator of malicious activity.

I think it's more likely to be “Social Media Attention Deficit Disorder.”
Snapchat Debuts Tap To View And Nearby Friends Tool, Boosts Security Features
A few months ago, Snapchat’s CEO Evan Spiegel hinted that the app’s hold-to-watch feature was on its way out. As of Wednesday, users no longer need to keep a finger on their screens to view a snap or story. Users can now tap to view content instead.
The new feature is one of several product updates Snapchat announced on Wednesday in a post. ‘Tap to view’ could dismay some advertisers who liked that users needed to actively touch their screens to view an ad on the service. However, the feature should please avid users with restless fingers and could encourage them to watch even longer videos, including ads.
This means no more tired thumbs while watching a several-hundred-second Story… and a little getting used to for anyone who has been Snapchatting for a while,” the company said.

Perspective. Who is in the “four comma” club? If the limit is roughly $2.2 Trillion, how many possible mergers would be “forbidden?”
Federal Reserve Board releases first determination of aggregate consolidated liabilities of all financial companies
by Sabrina I. Pacifici on Jul 1, 2015
“The Federal Reserve Board on [July 1, 2015] released its first determination of the aggregate consolidated liabilities of all financial companies in accordance with section 622 of the Dodd-Frank Act, which prohibits any financial company from combining with another company if the resulting company’s liabilities exceed 10 percent of the aggregate consolidated liabilities of all financial companies. As of December 31, 2014, aggregate financial sector liabilities was equal to $21,632,232,035,000. This number will be the measure of aggregate consolidated liabilities for the purposes of section 622 of the Dodd-Frank Act from July 1, 2015 through June 30, 2016. Aggregate financial sector liabilities generally equal the sum of the financial sector liabilities of all financial companies.

IE falls below 55% market share as Chrome and Firefox gain
In June 2015, we saw Microsoft Edge branding finally show up in Windows 10, as well as the first full month of Chrome 43 and Firefox 38 availability. Now we’re learning that Microsoft’s current browser, Internet Explorer, has finally fallen below the 55 percent market share mark.
The news is a stark reminder that for many months to come, we’ll be watching Edge slowly but surely steal share from IE. It will take years before IE becomes completely irrelevant on the Web.

Suggests an area of specialization my students might want to explore.
5 facets of the coming Internet of Things boom
Predictions that the Internet of Things (IoT) will usher in a new era of prosperity get some backing in a new study by consulting firm McKinsey & Company.
The study estimates that the annual value of IoT applications may be equivalent – in the best case – to about 11% of the world's economy in 2025. That's based on a number of assumptions, including the willingness of governments and vendors to enable interoperability through policies and technologies.
[From the study:
Currently, most IoT data are not used. For example, on an oil rig that has 30,000 sensors, only 1 percent of the data are examined. That’s because this information is used mostly to detect and control anomalies—not for optimization and prediction, which provide the greatest value.

Perspective. Is this because we talk (and text) only with “Friends” as defined by Facebook.
Pew – Americans, Politics and Science Issues
by Sabrina I. Pacifici on Jul 1, 2015
“One of the key trends in public opinion over the past few decades has been a growing divide among Republicans and Democrats into ideologically uniform “silos. A larger share of the American public expresses issue positions that are either consistently liberal or conservative today than did so two decades ago, and there is more alignment between ideological orientation and party leanings. Against this broader backdrop, some have come to worry that many – if not all – the issues connected to science are viewed by the public through a political lens. However, the Pew Research Center finds in a new analysis of public opinion on a broad set of science-related topics that the role of party and ideological differences is not uniform. Americans’ political leanings are a strong factor in their views about issues such as climate change and energy policy, but much less of a factor when it comes to issues such as food safety, space travel and biomedicine. At the same time, there are factors other than political party and ideology that shape the public’s often-complex views on science matters. For instance there are notable issues on which racial and generational differences are pronounced, separate and apart from politics.

Will “in my Smartphone” replace “under my mattress” as the world-wide bank of choice? (Digest Item #3)
PayPal Transfers Money to Xoom
PayPal has acquired Xoom for around $900 million (or $25 per share). The two companies are a natural fit, with money transfer service Xoom allowing people to send money to themselves or others online or on mobile devices.
This acquisition augments PayPal’s payments service. However, the real reason PayPal is buying Xoom is to gain a foothold in countries such as Mexico, India, the Philippines, China, and Brazil, where Xoom has a significant presence.

(Related) Upgrade your distracted driving from texting to video phone calls.
Best Smartphone Apps for Free Cross-Platform Video Calls
… As the leader in this area, Microsoft’s Skype is the app by which we compare all others. With versions for all three major desktop platforms, and for the main three mobile platforms, Skype is the big player. It’s easy to pickup your mobile and make a video call to a friend on their PC, smartphone or tablet. The Xbox One, PlayStation Vita, and various Smart TVs also have Skype apps.

I'm guessing that Facebook has noticed that their users have ears and they want to pull money out of them.
Facebook is in talks with major music labels — but nobody knows why
Apple Music has only just launched, but the music streaming business could be about to get even more crowded: Facebook is apparently in talks with multiple major labels.
The Verge's Micah Singleton reports that the social network is talks with Sony Music Entertainment, Universal Music Group, and Warner Music Group about "getting into music," according to "multiple sources." It plans to do something "unique," that may tie into video — but it's all still early days.

(Related) See what I mean?
Facebook tests a new way to show video - and make money from it

Wednesday, July 01, 2015

For my Risk Management students. The “attack” does not have to be aimed at you.
SF Bay Area Residents Cut Off from the Internet by Unidentified Attackers
Federal investigators are currently conducting an investigation on a series of attacks directed at high-capacity Internet cables located in San Francisco Bay Area, in California. Federal agents said that the latest attack was reported this Tuesday, but other acts of vandalism date back a year.
… But the first attacks in the area occurred July 6, 2014, according to the FBI.
… Cyber security experts believe that the series of attacks underscore the vulnerability of the “critical” internet infrastructure in the region.
… Five years ago, California’s internet cables were sliced in four sites, leaving tens of thousands with no cell phone connectivity and Internet service for several hours. The FBI believes that California attackers may test the capabilities, impact and response time of authorities. [Translation: “We're unlikely to catch these guys.” Bob]
… The agency also disclosed that cutting the cables required dedicated tools because they have a tough protective outer layer although their diameter is not larger than that of a pencil.

For my Computer Security students. “We're changing the definition of 'Secure.'” So change your set-up procedures to “uncheck” the default opt-in.
Simon Rockman reports:
A Windows 10 feature, Wi-Fi Sense, smells like a significant security risk: it shares access to password-protected Wi-Fi networks with the user’s contacts. So giving a wireless password to one person grants access to everyone who knows them.
Wi-Fi Sense doesn’t reveal the password to your family, friends, acquaintances, and the chap at the takeaway who’s an contact, but it does allow them, if they are also running Wi-Fi Sense, to log in to your Wi-Fi. The password must be stored by Microsoft, and transferred to a device for it to work; Microsoft just tries to stop you looking at it.
Read more on The Register.
[From the article:
… There is method in the Microsoft madness – it saves having to shout across the office or house “what’s the Wi-Fi password?” – but ease of use has to be teamed with security.
… In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the corporate wireless network.
The feature has been on Windows Phones since version 8.1. If you type the password into your Lumia, you won’t then need to type it into your laptop, because you are a friend of yourself. Given the meagre installed base of Windows Phones it's not been much of a threat – until now.
With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.
… In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense.
(So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.)
Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect. Choosing to switch it off may make it a lot less useful, but would make for a more secure IT environment.

Also for my Computer Security students.
FTC- Start with Security: A Guide for Business
by Sabrina I. Pacifici on Jun 30, 2015
… Companies that consider security from the start assess their options and make reasonable choices based on the nature of their business and the sensitivity of the information involved. Threats to data may transform over time, but the fundamentals of sound security remain constant. As the Federal Trade Commission outlined in Protecting Personal Information: A Guide for Business, you should know what personal information you have in your files and on your computers, and keep only what you need for your business. You should protect the information that you keep, and properly dispose of what you no longer need. And, of course, you should create a plan to respond to security incidents. In addition to Protecting Personal Information, the FTC has resources to help you think through how those principles apply to your business. There’s an online tutorial to help train your employees; publications to address particular data security challenges; and news releases, blog posts, and guidance to help you identify – and possibly prevent – pitfalls.

Using Social Media to engage. A model for the rest of us?
Treasury Public Engagement Pages
AGENCY: Departmental Offices, Treasury
ACTION: Notice and request for comment.
SUMMARY: The Department of the Treasury (Treasury) is issuing this notice to inform the public and solicit comments about a new method it is using to collect information and opinions posted on social media platforms. Relying on Treasury-generated “hashtags” and other social media identifiers, Treasury is aggregating public posts relating to Treasury activities and missions from third-party social media websites. Treasury is collecting and, in some cases, republishing this material to facilitate public engagement and awareness of Treasury and bureau initiatives. In this manner, social media will enable Treasury to interact with the public in effective and meaningful ways; encourage the broad exchange of and centrally locate a variety of viewpoints on proposed and existing Treasury missions; and educate the general public about evolving Treasury initiatives.

The pendulum swings...
Charlie Savage reports:
The Foreign Intelligence Surveillance Court ruled late Monday that the National Security Agency may temporarily resume its once-secret program that systematically collects records of Americans’ domestic phone calls in bulk.
But the American Civil Liberties Union said Tuesday that it would ask the United States Court of Appeals for the Second Circuit, which had ruled that the surveillance program was illegal, to issue an injunction to halt the program, setting up a potential conflict between the two courts.
Read more on NY Times.

This seems to be a common strategic goal. Perhaps they shouldn't let the machines set the strategy?
Mark Zuckerberg on how Facebook's AI will be "better than humans"
… In a question and answer session on Facebook, the Facebook founder and CEO wrote about why the social media company is developing AI tools focused on areas such as facial and voice recognition.
… Facebook has various projects developing AI to improve the services the social network offers. It runs AI labs looking at how to use deep learning to do everything from voice translation to image recognition in New York, Silicon Valley, and Paris, and earlier this year acquired voice-recognition AI startup
"In order to do this really well, our goal is to build AI systems that are better than humans at our primary senses: vision, listening, etc.
"For vision, we're building systems that can recognize everything that's in an image or a video. This includes people, objects, scenes, etc. These systems need to understand the context of the images and videos as well as whatever is in them.
"For listening and language, we're focusing on translating speech to text, text between any languages, and also being able to answer any natural language question you ask."

Gosh, maybe Apple should hire a lawyer. Or not believe everything the book publishers (or music labels) tell them.
Apple conspired to fix ebook prices: US court
Apple violated antitrust laws by colluding with publishers to raise electronic book prices when it entered a market in 2010 that had been dominated by, a divided federal appeals court panel said.
A three-judge panel of the 2nd US Circuit Court of Appeals in Manhattan ruled 2-to-1 that a lower-court judge correctly found Apple Inc violated the law to upset Inc 's control of the market.

Something for my Data Analysis students?
The New Data Republic: Not Quite a Democracy
… Lack of data knowledge hamstrings people in two ways: First, they are unable to use the readily accessible data well themselves, and second, they are unable to tell when others are using data poorly or disingenuously. Consequently, people with limited understanding of how to use and assess data (as well as evaluate the insights derived from data analytics) become second-class citizens in a data-ocracy.

Interesting article. Are we looking at a new type of “undue reliance?”
… Radio stations run on ratings, and Nielsen is by far the dominant ratings provider, as it is in television. It has a near-monopoly on the biggest markets in the U.S. But many in the industry are starting to wonder if Nielsen has been getting the ratings wrong.
What if people kept listening, but weren’t all being counted anymore? What if a new Nielsen counting method wasn’t working as it was intended to? That failing would hurt many stations in the ratings, but some more than others, and possibly none more than smooth jazz.
That, at least, is how an alternative theory goes. And it’s a theory that’s gaining supporters because of a new device that’s helping stations of all types regain some of the listeners they lost. All they have to do is turn it on.

So, have I become obsolete – again?
Have LinkedIn and Medium Killed the Old-Fashioned Blog?
… Twitter has made it possible to demonstrate expertise by sharing links and short insights, 140 characters at a time. If you’re in a visual field—whether that’s fashion, design or even real estate—sites like Pinterest, Instagram, and Houzz may offer the fastest route to establishing a vision, following and clientele. For folks who like to talk or shoot more than write, creating a podcast or YouTube channel can be a better fit than a blog, and just as effective at sharing your ideas.
But the real blog-killer isn’t any of these alternatives: it’s the hosted publishing that’s emerged on sites like LinkedIn and Medium, where anyone can just log in and start posting. In a world where you can now showcase your ideas on the site where you’re hosting your virtual résumé—LinkedIn—do you really need to have your own independent publishing platform?

Tuesday, June 30, 2015

Who listens to U.S. intelligence agencies? Not US bureaucrats.
Shane Harris reports:
Five years ago, U.S. officials refused to merge a database containing classified personnel records of intelligence agency employees with another run by the Office of Personnel Management, fearing that if the two systems were linked up, it could expose the personal information of covert operatives to leakers and hackers.
Those concerns look prescient now that the OPM, the government’s human resources department, has been overwhelmed by hackers who exploited the agency’s weak computer security and made off with huge amounts of personal information on millions of government employees and contractors. But that incident has also raised troubling questions about whether U.S. spy agencies actually heeded their own advice and have kept their records physically segregated from the OPM systems that were recently hacked, presumably by spies in China.
Read more on The Daily Beast.

(Related) 4-6 weeks? Seems a long time to patch an identified bug.
OPM Suspends Background Check System to Patch Security Bug
The U.S. Office of Personnel Management (OPM) announced on Monday that it has temporarily suspended its Electronic Questionnaires for Investigations Processing (e-QIP) system after discovering the existence of a security bug.
Following the recent data breach, in which attackers are said to have gained access to the details of as many as 18 million federal employees, the OPM started conducting a comprehensive security review of its IT systems.
The audit revealed the existence of a vulnerability in e-QIP, a web-based system used to conduct background checks for federal security, fitness, suitability, and credentialing purposes.
According to the OPM, the temporary shutdown of the e-QIP system is not related to the recent breach; it is a proactive step taken to ensure the security of the organization’s network. There is no evidence that the security flaw uncovered during the review has been exploited, the agency said.
The background investigations system will be offline for 4-6 weeks while security enhancements are put into place.
The American Federation of Government Employees (AFGE) has filed a class action lawsuit against the OPM, its director, and its chief information officer. The complaint also names KeyPoint Government Solutions, a private contractor that handled a majority of OPM’s background checks. KeyPoint announced suffering a data breach in December 2014.
The AFGE has pointed out that the audits conducted by the OPM’s Office of Inspector General over the past years have revealed the existence of several security issues. The report published by the OIG in November 2014 revealed that the cyber security deficiencies “could potentially have national security implications.”
The AFGE said the OPM failed to take proper measures to protect sensitive information despite knowing of the KeyPoint hack and the security weaknesses that plagued its own systems.

Your Privacy is important to us, unless we can make more money by selling you out.”
Natasha Singer and Jeremy B. Scahill report:
The privacy policy for Hulu, a video-streaming service with about 9 million subscribers, opens with a declaration that the company “respects your privacy.”
That respect could lapse, however, if the company is ever sold or goes bankrupt. At that point, according to a clause several screens deep in the policy, the host of details Hulu can gather about subscribers — names, birth dates, email addresses, videos watched, device locations and more — could be transferred to “one or more third parties as part of the transaction.” The policy does not promise to contact users if their data changes hands.
Provisions like that act as a sort of data fire-sale clause.
Read more on Seattle Times.

How does this help Google strategically?
Google manipulates search results and hurts users in the process, new Yelp-funded study says
Google manipulates its search results in a way that hurts both its competitors and its users, according to a new research paper from prominent law professor and Internet scholar, Tim Wu and funded by Google critic Yelp.
The study claims that when Google privileges its own content over the “organic” results its search algorithm picks, as in the case of restaurant reviews, it actually reduces “social welfare.”
… “The main surprising and shocking realisation is that Google is not presenting its best product,” Wu told Re/Code. “In fact, it’s presenting a version of the product that’s degraded and intentionally worse for consumers.”

“Surveillance, there's a whole bunch of Apps for that!”
Apple's new music streaming app can scan your music library to find out what genres and artists you like
Apple's new music streaming service, Apple Music, launches today, and a handful of publications got an early look at the service. One interesting detail picked up by both Rolling Stone and Re/code is that Apple Music has a clever way of figuring out what music you like.
Rolling Stone writes that when you first sign into Apple Music, it encourages you to let it scan your existing music library.

(Related) Flagging everyone you meet and how you greet them.
Apple Watch may get handshake, hug gesture recognition
A new Apple patent posted on the World Intellectual Property Organization site suggests a gesture-based way where Apple Watch can exchange information with a similar device.
“The exchange of information can be wholly or partially automated and can occur in response to a device detecting a ‘greeting event.’ In some embodiments, a greeting event is detected when two user devices belonging to different users are in proximity and the users of the devices concurrently execute a greeting gesture, such as a handshake, bow, hand slap, hug, or the like,” it said.
… The device can then send contextual information such as current location, access to particular networks or other resources, or even information about the user of the sending device.
On the other hand, a sending device can generate a cryptographic key and can use this key to encrypt information it sends to the receiving device.

Facebook is monitoring videos you watch
Facebook has yet again tinkered with its news feed algorithm -- this time to show you more videos similar to ones you expand to full-screen, un-mute or opt to watch in HD.
Facebook would take it for granted that you loved that particular video, even if you do not like, share or comment.
Those same signals will tell Facebook that a video is enjoyable so the News Feed shows it to more people, TechCrunch reported.
The more Facebook understands which videos are great and which are boring to which people, the faster it will grow its view count, which has already reached four billion per day. That is enormous growth considering it was at one billion per day in September.
Just a few weeks ago, Facebook's algorithm started factoring in how long you linger looking at posts and videos.

Android app secretly mines for Dogecoin, FTC not amused
When you say your app is free of malware but does exactly the opposite, you aren't just lying, you could also be committing a crime. That is exactly what Prized app developers Equiliv Investments and Ryan Ramminger learned the hard way when they were slapped with an FTC complaint because their app actually used infected smartphones to help the developers mine for cryptocurrency like Dogecoin. The defendants wisely decided to settle out of court, which included a monetary judgment of $50,000, which is no small amount for someone desperately hunting for digital currency.

Surveillance from space. Because satellite technology is amusing. Interesting gif and videos.
A View From Space So Clear You Can See the Cars Moving
Even from outer space, Fenway Park is immediately recognizable.
… Here’s footage from UrtheCast’s ultra high-definition camera aboard the International Space Station:
… “Impressive stuff,” another Vimeo commenter wrote of UrtheCast’s latest offerings. “Only a matter of time before Google Earth is live.”
UrtheCast also posted videos of London:

Perspective. It sounds much worse than it is.
So long and thanks for all the ads! Here's why Microsoft is exiting the $74 billion display advertising business
Microsoft just announced a big shift in operations that signals it is close to exiting the highly-competitive display advertising business.
… Microsoft's share of the $74 billion global display advertising market has been eroding over recent years. EMarketer predicts its share of the sector will decline to 1.2% this year, down from a 1.4% share in 2014 and a 2.1% share in 2013.
And while the global display ad market grew 22.4% last year, Microsoft's display revenues dropped 15.5% in 2014, according to eMarketer.
… However, rumors of an exit from advertising have been looming for some time. In 2012, Microsoft took a $6.2 billion write-down on aQuantive, the company it acquired in 2007 in the hope of taking on Google. Microsoft ended up selling off the remnant parts of that business, the Atlas ad server, to Facebook last year. In the US, Facebook is the biggest seller of display advertising, estimated by eMarketer to take a 25% share of the market in 2015. Google will have a 15% share, eMarketer predicts.

Interesting, if measurable. Another indicator of well managed risk?
How Disaster Risk Is Priced into the Stock Market
If stock prices fall in the event of a disaster — and that is an important risk that investors take into account — that can explain why in normal times we have such high returns on stock prices, which has long been a puzzle. It can also explain why stock prices are so volatile, because this risk is hard to calculate, and as investor’s perceptions of it move around, that can move around stock prices.

How should my IT Governance students change their strategy based on this article?
The Internet of Things Changes the Company-Customer Relationship
… It used to be that most of the value we derived from our devices was the result of direct physical interaction: For example, we turned a key in a door look, flipped a light switch, or twisted the dial on a thermostat. Now, however, our interaction with devices is profoundly changing – they are becoming more like interconnected services than products. Soon it will be common to drive up to one’s house – which has adjusted heating or cooling in anticipation of your arrival — and have the garage door automatically open, the security system disarm, the doors unlock and lights come on. This impending future creates a conundrum for “thing makers” as the way that services must be supported is profoundly different from the way that devices are.
… Some firms may look at this situation and see operational headaches and increased service costs. Others — the companies that will be the winners in the IoT — will see opportunity.
… The companies that see service in an IoT world as a competitive differentiator — a brand and growth opportunity — will thrive; those that continue to view service as an episodic cost obligation will lose out.

An Infographic to help my students with their presentations.
9 Steps to Becoming a Better Public Speaker
… Make sure your public speaking skills are up to par with by following the 9 simple steps outlined on the infographic below.

Monday, June 29, 2015

The FBI names no names, but others say they are talking about OPM. (TLP is Traffic Light Protocol. How cute)
Public Intelligence reports:
The following bulletin was released to private industry partners June 5, 2015. According to an article from Reuters, one of the remote access tools (RAT) described in the bulletin, called Sakula, is directly linked to the hack of the Office of Personnel Management (OPM) that was disclosed earlier this month. Other publications have directly linked the bulletin to the OPM hack, though have not made the bulletin available publicly.
FBI Cyber Division
  • 7 pages
  • June 5, 2015
Download FBI Alert A-000061-MW from Public Intelligence.

Reminds me of a friend that teachers were very concerned about. Everything he drew was in Purple and Black. They brought in a psychiatrist to ask him about it. Turned out the teacher had her students line up alphabetically to select their crayons and little Johnny Zebrowski had to use the colors no one else wanted.
Farai Chideya reports:
On Facebook, it’s the season where parents are posting pictures of K-12 graduations, including moppets in tiny mortarboards. But unlike a generation ago, today’s smallest graduates are amassing a big data trail. Just as medical and government files have been digitized — some to be anonymized and sold; all susceptible to breaches — student data has entered the realm of the valuable and the vulnerable. Parents are paying attention. A recent study by the company The Learning Curve found that while 71 percent of parents believe technology has improved their child’s education, 79 percent were concerned about the privacy and security of their child’s data, and 75 percent worried about advertiser access to that data.
Read more on The Intercept.
[From the article:
“What if potential employers can buy the data about you growing up and in school?” asks mathematician Cathy O’Neil, who’s finishing a book on big data and blogs at In some of the educational tracking systems, which literally log a child’s progress on software keystroke by keystroke, “We’re giving a persistence score as young as age 7 — that is, how easily do you give up or do you keep trying? Once you track this and attach this to [a child’s] name, the persistence score will be there somewhere.” O’Neil worries that just as credit scores are now being used in hiring decisions, predictive analytics based on educational metrics may be applied in unintended ways.
Such worries came to the fore last week when educational services giant Pearson announced that it was selling the company PowerSchool, which tracks student performance, to a private equity firm for $350 million.

“eWitness for the Prosecution?”
Mariella Moon reports:
When you wear Fitbit or any other fitness tracker and smartwatch, you not only monitor your physical activities, you also collect data about yourself — data that can apparently be used against you in investigations. In Lancaster, Pennsylvania cops responded to a 911 call by a woman who claimed she was raped by a home invader. The woman told the police she woke up around midnight with the stranger on top of her, and that she lost her tracker while struggling against her assailant. Unfortunately authorities found her Fitbit, and the device recorded her as active, awake and walking around all night. Combined with the evidence that was missing (tracks outside in the snow from boots she said the attacker was wearing, or any sign of them inside), an investigation led to her facing misdemeanor charges.
Read more on engadget.

Asking to be forgotten is news! (Digest Item #4)
BBC Disregards Right to be Forgotten
The BBC (British Broadcasting Corporation) has published a list of articles Google has been forced to remove from search results because of the “right to be forgotten” ruling enacted by the European Court of Justice in 2014.
The articles still won’t appear in search results, but they can be viewed openly on this BBC Blogs post, which will be updated every month. The right to be forgotten means anyone can ask Google to remove specific articles when people search for their name.

Is there a “Drone season?” If not, why not? (Digest Item #2)
Don’t Shoot Your Neighbors’ Drones
As we discovered last year, many Americans’ first instinct would be to shoot a drone out of the sky if it impinged on their airspace. However, if a recent legal case, as revealed by Ars Technica, is anything to go on, doing so may not be the best course of action.
Eric Joe was flying his drone above his parents’ orchard in Modesto, California, when neighbor Brett McBay blasted it out of the sky using his shotgun. McBay is alleged to have accused Joe of flying the drone over his property and “testing surveillance”. Joe took McBay to court to force him to pay for the damages to the drone.
The judge believed Joe’s version of events, which suggest the drone wasn’t actually flying over McBay’s property. Which means McBay allegedly shot down someone else’s property without any jurisdiction over the airspace it was occupying.
There’s an important lesson to be learned here. Because as much as the average American wants to right to privacy, shooting first and asking questions later is a ridiculous stance when talking about drones. Yes, the government is probably spying on you, but they’re unlikely to do so by flying a drone outside your window.

What could go wrong? Reading the definitions, re-posting a “selfie” could become a crime.
Anna M. Tinsley reports that after the courts threw out Texas’s first attempt at a revenge porn law:
Texas lawmakers worked on a replacement measure this year, the Relationship Privacy Act, to crack down on a growing number of revenge porn cases.
“This will help those who have been victimized by the horrific practice of posting a nude or sexually explicit photo on the Internet without their permission get justice against the cowardly perpetrators,” said state Sen. Sylvia Garcia, D-Houston, who wrote the measure.
Critics say the new law, which takes effect Sept. 1, isn’t the right law to have in Texas.
“We think it is too broad,” said Terri Burke, executive director of the American Civil Liberties Union of Texas.
Read more on Star-Telegram.
Meanwhile, Arizona’s revenge porn law is tied up in the courts in a legal challenge by the ACLU there, as AP reports.

Perspective. Much more likely to cause problem that the Y2K hype.
With 61 Seconds in a Minute, Markets Brace for Trouble
… Since 1967, when clocks went atomic, human timekeeping has been independent of the earth’s rotation. The problem is, the planet is slowing down and clocks are not. So every few years, to get everything back in sync, scientists add a second. They’ve done it 25 times since 1972. The last time was 2012, but that was on a weekend. June 30 will be the first leap second during trading hours since markets went electronic.
It’s scheduled for 8 p.m. in New York, just when markets in Asia are opening, and exchanges around the world are taking no chances. U.S. stock markets are ending some after-hours trading early and others from Sydney to Tokyo are recalibrating their clocks ahead of time.
In one second
1.4 million Order messages sent to U.S. equity-trading venues
$4.6 million Amount of stocks traded every second all day around the world
$3.7 billion Amount of stocks changing hands at the bell in Korea, Japan and Australia

Lower cost but we're not likely to see lower prices.
Breakthrough study could lead to cheaper, faster internet
In a breakthrough that could lead to superfast, cheaper internet, researchers have increased the maximum power, and the distance, at which optical signals can be sent through optical fibres.
Electrical engineers have broken key barriers that limit the distance information can travel in fibre optic cables and still be accurately deciphered by a receiver. This advance has the potential to increase the data transmission rates for the fibre optic cables that serve as the backbone of the internet, cable, wireless and landline networks, researchers said.
… The new findings effectively eliminate the need for electronic regenerators placed periodically along the fibre link. These regenerators are effectively supercomputers and must be applied to each channel in the transmission.

It's a start...
Free Ebook Foundation to promote access preservation of knowledge literature culture
by Sabrina I. Pacifici on Jun 28, 2015
“Two projects that have been building towards a sustainable ecosystem for free ebooks have joined together in a new non-profit corporation. The Free Ebook Foundation envisions a world where ebooks will be funded, distributed and maintained for the benefit of all, by coordinating the efforts and resources of many. and GITenberg, the two projects to be supported by the Free Ebook Foundation, have shared the goals of making free ebooks more available while focusing on different problems. launched in 2012 with a focus on sustainable funding models for freely-licensed ebooks. For the last two years, it has worked to improve the access and distribution of these books by building a database of over 1200 Creative Commons licensed ebooks. has been incubated by Gluejar, Inc., a privately held company founded by Eric Hellman GITenberg began in 2013 when Seth Woodworth wanted to improve some ebooks from Project Gutenberg. He decided to load the ebooks onto GitHub, a version control and collaborative software development platform. There are now 43,000 public domain ebooks in GITenberg, open to use and improvement by anyone. Earlier this year, GITenberg received a prototype grant from the Knight Foundation, and has been operating with fiscal sponsorship of the Miami Foundation.”

I imagine Colorado would have ranked much higher if they counted my Blog!
America’s Knowledge Economy: A State-by-State Review
by Sabrina I. Pacifici on Jun 28, 2015
Council of State Governments – America’s Knowledge Economy: A State-by-State Review: “The United States’ long-term economic growth will be determined by its ability to encourage the research and development that fosters innovation. In this presentation, The Council of State Governments and Elsevier, a world-leading provider of information solutions, discuss their newly released report, America’s Knowledge Economy: A State-by-State Review, which analyzes the research strengths of the United States and demonstrates ways states can capitalize on their comparative advantages in research to foster innovation and economic growth.”
Main Takeaways:
• US produces a large amount of highly impactful research.
• Although the level of output and funding varies, quality research is distributed across the entire country.
• Through a variety of metrics, each state can identify its relative comparative research strengths.
• Research requires substantial focused investment, but the payoffs–driving innovation and future economic growth at the state level–are worth it.”

Find LinkedIn Profiles with Google Search
… LinkedIn has a useful search function to help you find potential candidates but do you know that Google search can also help to find people on LinkedIn. Google indexes every public profile of LinkedIn and if you perform people search on LinkedIn via Google, you get a few additional features:
  • While LinkedIn will only show 10 results per search query in one page, Google can return up to 100 results in one search results page.
  • You can perform date-limited searches in Google and this is helpful when you are only looking for profiles that have been created or updated in a particular date range.
  • You can automatically easily save your LinkedIn search results in a spreadsheet using the Google search Scraper for further analysis.

Free with registration.
EIU – Long-term macroeconomic forecasts
by Sabrina I. Pacifici on Jun 28, 2015
Long-term macroeconomic forecasts. Key trends to 2050. A special report from The Economist Intelligence Unit. June 2015.
“China is expected to overtake the United States in 2026 in nominal GDP in US dollar terms and maintain its position as the largest economy to 2050. India is expected to move up the rankings to third place, with real growth averaging close to 5% up to 2050. Indonesia and Mexico are expected to leap into the top ten world economies from 16th and 15th place in 2014 to fourth and ninth place respectively by 2050. We do not expect the representation of Western economies within the top-ten listing to become insignificant. The United States, Germany, the United Kingdom and France will all move down the rankings, but only Italy will lose its place within the top ten.”

For my Risk Management students.
The Board’s Responsibility for Crisis Governance
by Sabrina I. Pacifici on Jun 28, 2015
Trautman, Lawrence J., The Board’s Responsibility for Crisis Governance (June 26, 2015). Available for download at SSRN:
A clear strategy and implementation plan for reasonably foreseeable industry disasters — before they take place, helps to prevent mistakes made under conditions of severe stress. Low probability but survival-threatening disasters such as the BP Gulf of Mexico oil spill, Massey Energy West Virginia coal mining disaster, or natural disasters such as hurricanes, fires, or the March 11, 2011 Japanese earthquake and tsunami, constitute any board’s worse nightmare. I have attempted to draw upon lessons from each of these disasters and explore how they may be applied more generally across all industries when crisis strikes. While effective risk management is perhaps the topic highest on every board’s agenda, it is imperative that thought be given to crisis management and what a board might expect to confront when a corporate disaster strikes. This paper proceeds as follows. First, a few thoughts about contemporary threats are offered. Second, is an examination of the board of director’s responsibility in crisis. Third, is a discussion of the necessity of commitment at the top of every enterprise if progress is to be made toward crisis preparation, mitigation, and response. Fourth, an examination of several major corporate disasters is presented: the Japanese earthquake and tsunami of 2011; Deepwater Horizon drilling rig debacle; Massey Energy coal mining disaster; and General Motors ignition switch crisis. Fifth, a framework for analysis is presented, followed by some thoughts about what to do when crisis hits. Sixth, I present a few thoughts about what to do in those situations where management is implicated, use of special committees of the board, and emergence of the role for special counsel. Workplace and data security issues are then discussed with emphasis on Toyota’s 2010 social media recall strategy, and the Target and Sony data breaches. Next, the following enterprise nightmare scenarios are presented: supply chain disruptions; Foreign Corrupt Practices Act (FCPA) violations; internet failure, or data loss from virus or hacker attack; nationalization of assets; natural disasters; adverse political developments; pandemics such as the 2014-15 ebola scare; prolonged power disruption; strikes and labor actions; and war. Succession planning is the next topic having corporate crisis implications. And last, I conclude. Despite the best efforts of management to focus on industrial safety, nuclear energy and the extractive industries such as oil and gas or coal mining appear to be inherently dangerous over long periods of time such that fatal accidents are an unfortunate fact of life. We know from experience that human error or natural disasters will continue to place certain companies engaged in these endeavors in crisis. Therefore, every board should consider what actions they will take when the foreseeable crisis takes place.”