Saturday, January 30, 2016
...and they secure it just like Hillary Clinton?
Evan Halper writes about an issue I’ve raised in my own commentary on the risks of the explosion of voter profiling.
…. But as presidential campaigns push into a new frontier of voter targeting, scouring social media accounts, online browsing habits and retail purchasing records of millions of Americans, they have brought a privacy imposition unprecedented in politics. By some estimates, political candidates are collecting more personal information on Americans than even the most aggressive retailers. Questions are emerging about how much risk the new order of digital campaigning is creating for unwitting voters as the vast troves of data accumulated by political operations become increasingly attractive to hackers.
Read more on Government Technology.
What control do I have? If I don't allow the car in my garage to use my secure WiFi to connect to the manufacturer, will it update when I drive by a Starbucks?
Your next car will update itself while you sleep, and maybe watch you too
… Automakers tell us that the average 2016 model year car has up to 100 million lines of software code resident in various systems throughout the vehicle. About 20 million of those lines of code are required just to run a standard navigation and infotainment system.
… According to Forbes Business, “20 percent of vehicles sold worldwide in 2015 will include some form of embedded connectivity while the number of connected cars sold globally will grow more than sixfold to 152 million by 2020.”
… “By the turn of the decade, every new car sold around the world will have a data communications modules. It’s not just about infotainment. It’s more about the functionality of the vehicle,” Pisz told Digital Trends. “It’s about the car telling the customer that it’s not feeling well before the customer knows. If a fault code comes up, it goes to a big data center and it’s noted as an exception. The information goes back to the dealer or back to the customer.” This kind of feature uses the same data connection that provides you with real-time navigation information and safety services.
… In order to update the engine management and related systems – including transmission control, braking and stability controls, adaptive cruise control, and passenger safety systems – the automaker must be absolutely certain that the update is received and implemented correctly, or the vehicle could be left inoperable.
… One key thing to mention regarding OTA updates is that the door swings both ways. While your car is being updated, the potential exists for your car to report back to the automaker. Some of the data that can be reported is personal, and may be used to market to you, or potentially to challenge you.
For my Computer Security students. Notice that this is exactly what the book says.
NSA Hacker Chief Explains How to Keep Him Out of Your System
… In the world of advanced persistent threat actors (APT) like the NSA, credentials are king for gaining access to systems. Not the login credentials of your organization’s VIPs, but the credentials of network administrators and others with high levels of network access and privileges that can open the kingdom to intruders. Per the words of a recently leaked NSA document, the NSA hunts sysadmins.
The NSA is also keen to find any hardcoded passwords in software or passwords that are transmitted in the clear—especially by old, legacy protocols—that can help them move laterally through a network once inside.
… In general, Joyce noted, spies have little trouble getting into your network because they know better than you what’s on it.
“We put the time in …to know [that network] better than the people who designed it and the people who are securing it,” he said. “You know the technologies you intended to use in that network. We know the technologies that are actually in use in that network. Subtle difference. You’d be surprised about the things that are running on a network vs. the things that you think are supposed to be there.”
… Another nightmare for the NSA? An “out-of-band network tap”—a device that monitors network activity and produces logs that can record anomalous activity—plus a smart system administrator who actually reads the logs and pays attention to what they say.
Prof van Schewick also offers solutions. How un-lawyerly!
Is T-Mobile's Binge On Legal? Law Professor Says No
… The Stanford report by law school professor Barbara van Schewick contends that Binge On "gives providers in the program a competitive advantage" and that "T-Mobile's selection of services harms competition and stifles free expression." It even goes as far as to say that "Binge On's discriminatory effects are here to stay," and that "Binge On sets us on a slippery slope."
What I most feared, evidence that her server had been hacked, has still not surfaced. It really doesn't matter if they were “marked classified.” (Or what the definition of “is” is.)
The Obama administration has confirmed for the first time that Hillary Clinton's home server contained closely guarded government secrets, censoring 22 emails that contained material requiring one of the highest levels of classification. The revelation came three days before Clinton competes in the Iowa presidential caucuses.
State Department officials also said the agency's Diplomatic Security and Intelligence and Research bureaus are investigating if any of the information was classified at the time of transmission, going to the heart of Clinton's defense of her email practices.
How will this change IBM? Ask Watson!
New IBM Watson Chief David Kenny Talks His Plans For 'AI As A Service' And The Weather Company Sale
When IBM announced the close of its acquisition of The Weather Company on Friday, it added another veteran CEO in Weather’s David Kenny to work under Big Blue boss Ginni Rometty. And IBM’s not wasting Kenny’s time on integrating his former company into the fold. So hours after the announcement, the newly-appointed chief of the critical IBM Watson unit shared his top priority: to bring Watson together into a more cohesive product that will introduce ”artificial intelligence as a service.”
… The Weather Company had made a priority to connect hundreds of millions of sensors to produce more than 20 terabytes of data a day for its apps and websites.
That expertise will now go into IBM’s other Internet of Things units, scanning information from medical equipment, smartphones as well as trains, planes and automobiles.
… Watson already solves “deep problems,” Kenny says, in areas including law, healthcare and financial risk. But those clients can’t always share their stories, he admits, and IBM could do a better job unifying the various Watson capabilities into one coherent product. Make those offerings more repeatable and easier to plug-and-play and get running almost immediately with a customer big or small, and Watson could democratize machine learning in a way that other AI companies can’t offer at the same scale, Kenny says.
Opportunity! Would the NRA help us create an online marketplace for weapons?
It’s now a lot harder to buy a gun from someone on Facebook
While Facebook itself doesn't sell guns, it has dealt for years with the right way to handle sales of regulated goods such as firearms, adult toys and prescription drugs on its social media network.
On Friday, the firm changed its policy regarding firearms, completely banning any peer-to-peer firearms sales on its network. That means users can no longer offer or coordinate the private sale of firearms on the site. This policy also applies to the sale of gun parts and ammunition, said a Facebook spokeswoman.
Why is this not available to the public?
Tweeting at a Federal Agency? The New ‘US Digital Registry’ Can Tell You for Sure
A new registry of verified government social media accounts could help the public beware of online digital doppelgängers and allow developers to create tailored applications that pull in data from thousands of official government social media accounts.
The U.S. Digital Registry aims to be the authoritative source for all official social media accounts used by federal agencies. The registry also lists official government mobile apps and mobile websites.
… Accessing the U.S. Digital Registry requires an OMB Max ID, which is available to federal government employees and contractors with a valid .gov, .mil, or .fed.us email address. Register for an OMB Max ID if you need one.
Only basic access is free unless you are in law school…
Ravel law – California Case Law Now Live
by Sabrina I. Pacifici on Jan 29, 2016
Daniel Lewis – Jan 20, 2016: “We just took a big step forward in making the law freely and easily available. Starting today, as part of the Harvard-Ravel digitization project, the comprehensive, authoritative collection of California case law is available online at Ravel. For the first time, anyone can search and read all California court opinions for free, including landmark rulings on every topic, from same-sex marriage (In re Marriage Cases, 2008) to separation of powers (Houston v. Williams, 1859). Each case is accompanied by a high-quality scan of the original book in which it was published, providing an authentic version that can not be found anywhere else but Ravel. For lawyers, law students, academics and the general public, this is an extraordinary resource that was previously out of reach to many. California’s court opinions are a critical part of our country’s legal “operating system,” yet until today these rulings have been locked behind expensive paywalls and printed in books available only to a limited few. Ravel now makes this vast legal database available to everyone, along with powerful tools to sift through it. We’re incorporating Harvard’s case law collection into the rest of our platform as well. For professionals who subscribe to our suite of analytical tools, you’ll soon find California state judges as part of our Judge Analytics feature and will be able to explore in powerful detail how these judges make decisions…”
… Ravel Advanced is free for law students and legal academics. Create an Educational Account
… Over the past two years, we and our partners at the Open Syllabus Project (based at the American Assembly at Columbia) have collected more than a million syllabuses from university websites. We have also begun to extract some of their key components — their metadata — starting with their dates, their schools, their fields of study and the texts that they assign.
This past week, we made available online a beta version of our Syllabus Explorer, which allows this database to be searched. Our hope and expectation is that this tool will enable people to learn new things about teaching, publishing and intellectual history.
Another week of devolving education.
Hack Education Weekly News
… The EFF asks why so many universities are opposing the Department of Education’s proposed OER policy (that federally funded educational resources would be openly licensed). One possible answer: patent$.
… “Colman Chadam carries genetic markers for cystic fibrosis, but doesn't have the disease itself, according to his parents.” Buzzfeed looks at the legal battle his parents are waging against a Palo Alto school district which dismissed him from a school, charging he posed a health risk to other students.
… “Kaplan Test Prep Survey: Percentage of College Admissions Officers Who Check Out Applicants' Social Media Profiles Hits New High.”
… Via Inside Higher Ed: “Students waste about one-fifth of class time on laptops, smartphones and tablets, even though they admit such behavior can harm their grades.”