Wednesday, January 27, 2016

Governments can make glaciers look speedy.
Rep. Will Hurd writes that Congress and officials still don’t have answers about the discovery in December by software developer Juniper Networks of a backdoor in its ScreenOS software that could have allowed foreign entities to decrypt and read government communications. The backdoor is thought to have been inserted in 2013. And while the OPM breach garnered massive public and media attention, less attention has been paid to this breach.
The federal government has yet to determine which agencies are using the affected software or if any agencies have used the patch to close the backdoor. Without a complete inventory of compromised systems, lawmakers are unable to determine what adversaries stole or could have stolen.
If government systems have yet to be fixed then adversaries could still be stealing sensitive information crucial to national security. The Department of Homeland Security is furiously working to determine the extent to which the federal government used ScreenOS. But Congress still doesn’t know the basic details of the breach.
Read more on WSJ.
Hurd, who is one of Congress’s few members who “gets” the nerdy stuff, points out that this situation is a good example of why any backdoor that puts a hole in encryption is a bad idea.

Might make an interesting case study.
Adrianne M. Haney reports:
The now-former state employee who was fired after a data breach exposed Georgia voter’s personal information is disputing, in detail, the Secretary of State’s internal investigation report that pinned blame on him.
Read more on 11Alive.

For my Computer Security students.
The 3 People Most Likely to Hack Your Data & Privacy
… Mikko Hypponen is a well-known security expert who has been giving security-related talks and advice for several years now, and in this relatively short TED Talk, he explores the most common types of online attacks:

For my Ethical Hacking students.
Free eBook: Kali Linux Cookbook ($24 Value)
… Well, are you familiar with Kali Linux? It’s all about penetration testing and ethical hacking. It can do some pretty amazing things, but you need to learn how to use it.
… you can get it for free until February 3rd!

Drugs (and devices like pacemakers) become “Things” on the Internet of Things.
John Miller reports:
Novartis wants every puff of its emphysema drug Onbrez to go into the cloud.
The Swiss drugmaker has teamed up with U.S. technology firm Qualcomm to develop an internet-connected inhaler that can send information about how often it is used to remote computer servers known as the cloud.
This kind of new medical technology is designed to allow patients to keep track of their drug usage on their smartphones or tablets and for their doctors to instantly access the data over the web to monitor their condition.
Read more on Reuters.

Go Canada?
Davis Fraser writes on Canadian Privacy Law Blog:
For anyone who was wondering: the arc of the common law is long and it bends towards privacy. [??? Bob] The Ontario Superior Court of Justice has this past week expressly recognized the tort of “public disclosure of private facts”.
This is a huge deal, as it explicitly expands the scope of privacy protection under the common law and stands as an example of how the traditional courts (and perhaps new-ish torts) can be called upon to help victims of cyberbullying.
Arising from a horrific case of revenge porn where the defendant had uploaded to the internet an explicit sexual video of the plaintiff, the Court in Doe v D., 2016 ONSC 541 (CanLII) [Edit: this link should work soon …], said this about the ability to sue for invasion of privacy:
C. Invasion of Privacy[34] In Jones v. Tsige, 2012 ONCA 32 (CanLII), the Court of Appeal for Ontario recognized the existence of the tort of invasion of privacy in the context of intrusion upon seclusion. In that case, the Court found that the defendant had committed the tort of intrusion upon seclusion when she used her position as bank employee to repeatedly examine private banking records of her spouse’s ex-wife. While that case dealt with a significantly different fact situation, many of the Court’s comments are germane to this case, and I will therefore refer extensively to that decision.
[Skipping a lot here… Bob]
The Court commented that if the plaintiff in Jones had a right of action, it fell into the first category of intrusion upon seclusion, described by Prosser as comprised of the following elements:
• there must be something in the nature of prying or intrusion;
• the intrusion must be something which would be offensive or objectionable to a reasonable person;
• the thing into which there is prying or intrusion must be, and be entitled to be, private; and
• the interest protected by this branch of the tort is primarily a mental one. It has been useful chiefly to fill in the gaps left by trespass, nuisance, the intentional infliction of mental distress, and whatever remedies there may be for the invasion of constitutional rights.
[Skipping a lot here too… Bob]
[41] While the facts of this case bear some of the hallmarks of the tort of “intrusion upon seclusion”, they more closely fall within Prosser’s second category: “Public disclosure of embarrassing private facts about the plaintiff.” That category is described by the [Restatement (Second) of Torts (2010) at 652D as follows: “One who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that (a) would be highly offensive to a reasonable person, and (b) is not of legitimate concern to the public.”
[And here… Bob]
[47] In the present case the defendant posted on the Internet a privately-shared and highly personal intimate video recording of the plaintiff . I find that in doing so he made public an aspect of the plaintiff’s private life. I further find that a reasonable person would find such activity, involving unauthorized public disclosure of such a video, to be highly offensive. It is readily apparent that there was no legitimate public concern in him doing so.
[48] I therefore conclude that this cause of action is made out.

...and there is nothing you can do about it!
An Unprecedented Threat to Privacy
Throughout the United States—outside private houses, apartment complexes, shopping centers, and businesses with large employee parking lots—a private corporation, Vigilant Solutions, is taking photos of cars and trucks with its vast network of unobtrusive cameras. It retains location data on each of those pictures, and sells it.
It’s happening right now in nearly every major American city.
The company has taken roughly 2.2 billion license-plate photos to date. Each month, it captures and permanently stores about 80 million additional geotagged images.
… The company counts 3,000 law-enforcement agencies among its clients. Thirty thousand police officers have access to its database.
… Supreme Court jurisprudence on GPS tracking suggests that repeatedly collecting data “at a moment in time” until you’ve built a police database of 2.2 billion such moments is akin to building a mosaic of information so complete and intrusive that it may violate the Constitutional rights of those subject to it.
The company dismisses the notion that advancing technology changes the privacy calculus in kind, not just degree. An executive told the Washington Post that its approach “basically replaces an old analog function—your eyeballs,” adding, “It’s the same thing as a guy holding his head out the window, looking down the block, and writing license-plate numbers down and comparing them against a list.

Monitoring employees, or contractors, or whatever they are…
Uber using smartphone sensors to spot erratic drivers
… The company’s chief security officer, Joe Sullivan, wrote in a blog post that the Uber can use the sensors in smartphones used by its drivers to verify customer feedback.
“If a rider complains that a driver accelerated too fast and broke too hard, we can review that trip using data,” Sullivan wrote. “If the feedback is accurate, then we can get in touch with the driver. And if it’s not, we could use the information to make sure a driver’s rating isn’t affected.”
According to the Guardian, which was the first to report on the existence of the pilot program, the test started late last year in Houston. The newspaper reported that drivers are not explicitly told that the data is being recorded.

Does every new technology require us to start from scratch? If we use it to communicate, then it is communications technology, be it email, Twitter, YikYak or Slack.
Are Slack Messages Subject to FOIA Requests?
According to Slack CEO Stewart Butterfield, the General Services Administration, NASA, and the State Department are all experimenting with using Slack for internal communication.
The move is a potential boon to government productivity (notwithstanding the tide of emoji it will likely bring into the work lives of our nation’s public servants). But it could also be a threat to a vital tool for government accountability.
… Slack, for its part, is trying to make it easier for organizations to comply with strict document-retention requirements. Usually, the lead user of a group that uses Slack is allowed to export a transcript of all messages sent and received in public channels and groups. But a change the company made in 2014 allows organizations to apply for a special exemption that allows them to export every message sent and received by team members—including one-on-one messages and those sent in private groups.

What did they buy? Is this a permanent win or only until the next lawsuit. (What happens if Uber loses their case?)
Lyft settles worker misclassification lawsuit for $12.25 million
… As part of the settlement, the San Francisco company will change its terms of service so that its treatment of drivers clearly complies with California law governing independent contractors.
… The news of the settlement comes as rival Uber continues its fight against a similar lawsuit in federal court in San Francisco, also filed by Liss-Riordan. Unlike the Lyft case, Uber is fighting a class action lawsuit that is expected to go to trial before a jury on June 20.
The lawsuit against Lyft, which was filed in 2013, was not a class action because of an arbitration clause in the company’s driver agreements that prevented Lyft drivers from participating in a class action.
… Although it was a California lawsuit, the new terms of service will apply to drivers nationwide. As of the end of last year, Lyft had more than 300,000 drivers actively using its platform.
In settling, Lyft may have avoided a more costly lawsuit.
If the company had lost in court, it would have had to recognize its drivers as employees, potentially putting it on the hook for back wages and expense reimbursements. According to labor experts, recognizing workers as employees can increase the cost of doing business by about 30%.

Perspective. Do more teens have smartphones than credit cards?
New Chase eATMs Will Use Smartphone App Instead Of Debit Or Credit Card
… JPMorgan Chase is ready to roll out the next generation of ATMs across the country, where customers can access their money directly using their smartphones as opposed to plastic debit or credit cards.

Perspective. (Just one company)
The world's biggest advertising company spent a whopping $4 billion with Google last year — and $1 billion with Facebook
Here are the figures, for 2015:
Google: $4 billion (up 38%, from $2.9 billion in 2014)
Facebook: $1 billion (up 56%, from $640 million in 2014)
Yahoo: $400 million to $430 million (flat or slightly up on $400 million in 2014)
AOL: $100 million to $125 million (flat or slightly up on $100 million in 2014)
Twitter: $150 million to $225 million (flat or slightly up on $150 million in 2014)

Because if you're going to records it, you might as well broadcast it at the same time?
GoPro Inc (GPRO) Integrating With Periscope to Livestream User Video
… Live video feeds will be broadcast to the video app, and only video coming from the Hero4 Black and Hero4 Silver will be livestreamed. Older GoPro devices and the Hero4 Session won’t be able to broadcast live. Any livestreaming on GoPro will continue recording in full-quality mode and saved to the local SD card during the broadcast.
The update to Periscope’s iOS app is available now. The app will also allow you to switch between your iPhone camera and the GoPro throughout the stream.

For my student entrepreneurs.
How to Choose the Right Crowdfunding Model for Your Business
What kind of crowdfunding model is right for you? It depends on the life cycle of your business, according to Sally Outlaw, founder of crowdfunding consulting company
“If your idea is on a napkin, you’re probably not going to do equity-based crowdfunding -- because you’re going to be giving up shares of a company that you don’t even have or know how to value,” said Outlaw at Entrepreneur’s inaugural Entrepreneur 360 conference last fall in New York City.
While most businesses should look to rewards-based crowdfunding in order to first launch, Outlaw believes that it’s possible to raise money throughout your company’s entire life cycle while remaining within the crowdfunding ecosystem. “You can go from $0 to $50 million right now in a raise,” she says.
Check out more in the video above.

For my SfiFi reading students.
10 of the Best Science Fiction Books All Geeks Should Read

Just for fun, I'm asking my students what other flavors could be created.
Ben & Jerry's Cofounder Unveils Bernie Sanders Ice Cream
Ben Cohen, the cofounder of the Vermont-based ice cream brand Ben & Jerry's, is showing his personal support for Democratic presidential candidate Bernie Sanders with an extremely limited-edition ice cream flavor he named "Bernie's Yearning."

No comments: