Saturday, January 16, 2016

Since there have been laptops, there have been people who just can't imagine why anyone would steal them. I hope my Computer Security students don't fail like this.
Montana Public Radio reports that New West Health Services is notifying 25,000 members after a laptop with their PHI was stolen. Here’s the statement that was posted on New West Medicare’s site today, with one interruption by me for a short, but tasteful, rant:
New West Health Services d/b/a New West Medicare has unfortunately learned of an incident involving a company laptop computer that was stolen from an off-site location. The computer contained electronic files with personal information from past and present New West customers. The computer was password protected, [Worthless Bob] and there is no evidence to suggest that the information stored on the laptop was the target of the theft or that any customer information has been accessed or misused.
… Based on the forensic investigation, New West believes that the laptop contained customers’ names, addresses and, in certain instances, driver’s license numbers and Social Security numbers or Medicare claim numbers. The laptop may have also contained limited information related to some individuals’ payment of Medicare premiums, including electronic funds transfer information (bank account number, account holder name, account type and bank routing number) or credit card information (card holder name, credit card account number, expiration date and CVV (“Card Verification Value”) number). Additionally, the laptop may have contained some customers’ health information, including dates of birth, medical history and condition, diagnosis and/or prescription information.
… out of an abundance of caution, New West is proactively notifying impacted members so they can take steps to safeguard their personal information going forward.
Okay, they should not be allowed to claim that they are (only) notifying out of an “abundance of caution,” when they are required by law to notify.

These tools would allow us to write less ambiguous policies in many areas. Definitely worth looking at!
Automated Comparisons of Ambiguity in Privacy Policies and the Impact of Regulation
by Sabrina I. Pacifici on Jan 15, 2016
Reidenberg, Joel R. and Bhatia, Jaspreet and Breaux, Travis and Norton, Thomas B., Automated Comparisons of Ambiguity in Privacy Policies and the Impact of Regulation (January 9, 2016). Fordham Law Legal Studies Research Paper Forthcoming. Available for download at SSRN:
“Website privacy policies often contain ambiguous language that undermines the purpose and value of privacy notices for site users. This paper compares the impact of different regulatory models on the ambiguity of privacy policies in multiple online sectors. First, the paper develops a theory of vague and ambiguous terms. Next, the paper develops a scoring method to compare the relative vagueness of different privacy policies. Then, the theory and scoring are applied using natural language processing to rate a set of policies. The ratings are compared against two benchmarks to show whether government-mandated privacy disclosures result in notices less ambiguous than those emerging from the market. The methodology and technical tools can provide companies with mechanisms to improve drafting, enable regulators to easily identify poor privacy policies and empower regulators to more effectively target enforcement actions.”

Reasonable? Until they miss something…
The National Security Agency has released its Transparency Report on the implementation of the USA Freedom Act — as well as the minimization procedures to be used for the new non-bulk telephone metadata program — giving us a first glimpse of how the law’s reforms are being cashed out in practice. There are some useful points of clarification here — including one or two surprises — but also many questions left unanswered.

There is political puffery and then there is outright lying. Can Congress tell the difference?
FBI Director James Comey recently told the Senate Judiciary Committee that encryption routinely poses a problem for law enforcement. He stated that encryption has “moved from being available [only] to the sophisticated bad guy to being the default. So it’s now affecting every criminal investigation that folks engage in.”

Another case of government being government.
The Freedom of Information Act is Broken: A Report from House Oversight Cmte.
by Sabrina I. Pacifici on Jan 15, 2016
U.S. House of Representatives Committee on Oversight and Government Reform, Jason Chaffetz (UT-3), Chairman – FOIA Is Broken: A Report Staff Report, 114th Congress, January 2016.
“The Freedom of Information Act established a right for the public to access federal agency records. The statute simply requires requesters to reasonably describe the records they wish to receive and the agency is required to produce those records in 20 working days. In practice, however, the FOIA process is much more complicated and difficult to navigate. Many of the complications are engineered into the process by the federal agencies themselves. The FOIA process is broken. Unnecessary complications, misapplication of the law, and extensive delays are common occurrences. Agencies fail to articulate reasons for delays or explain how to navigate the process. Requesters wait months, not weeks, before receiving any response. Even a denial on a technicality can be significantly delayed because the agency may fail to read the request for months. Unreasonable requests for detail and repeated ultimatums to respond within narrow windows or start all over reinforce the perspective that the process is designed to keep out all but the most persistent and experienced requesters.”

They're crazy, right? What constitutes propaganda? The best propaganda is truth. ISIS is using Trump in their marketing pitch because “Trump hates Muslims” is seems as true. Will I be branded a terrorist for saying that?
Can Twitter Be Liable for ISIS Tweets?
Islamic State has been able to mobilize followers via social media sites like Twitter. Could those social media sites be held liable for such online activity?
A civil lawsuit filed against Twitter Inc. in California federal court this week could offer some answers.
The lawsuit was brought by a plaintiffs’ class-action law firm on behalf of the wife of a Florida defense contractor who was one of two Americans killed in a shooting spree attack in Jordan last November. It alleges that ISIS was responsible for the attack and that Twitter helped contribute to the bloodshed by allowing the terrorist group to use the site to spread propaganda, attract new recruits and raise money.
Twitter says the suit has no merit. “While we believe the lawsuit is without merit, we are deeply saddened to hear of this family’s terrible loss….. Violent threats and the promotion of terrorism deserve no place on Twitter and, like other social networks, our rules make that clear,” a Twitter spokesman said in a statement Thursday.
The lawsuit “will be a very big deal if it survives a motion to dismiss, but that is a very big if,” wrote Brookings Institution fellow Benjamin Wittes and Harvard Law School student Zoe Bedell in an analysis of the complaint posted on Lawfare Blog,

I'm sure the price is nice, but binge watching is good too.
Amazon Prime price slashed 25% this weekend to celebrate Golden Globe win
This weekend Amazon is celebrating its Golden Globe wins for the series Mozart in the Jungle with a price drop on an annual Prime membership. Starting at 9 p.m. Pacific on Friday and lasting until 11:59 p.m. local time on Sunday, Amazon is selling an annual Prime subscription for $73—a $26 dollar price cut.
… During the same time as Amazon is offering the cheap Prime price, the retailer is allowing free streaming of seasons one and two of Mozart in the Jungle for everyone—not just Prime subscribers.

A poster for the next time I teach spreadsheets.
Be The Smartest Person At Work With These Excel Tricks

For my Geeky students.
15 Incredible Firefox Addons For Geeks

More ways to harrass teach my students!
4 Free Tools for Creating & Playing Interactive Quiz Games
The following are interactive quiz game tools that I've used with great success in my classroom and or in my workshops.
This is the obvious one to include in this post as it did inspire the post. Kahoot provides a fun way to gather feedback from a group through their phones, iPads, Chromebooks, or any other device that has a web browser and an Internet connection. You can include pictures and or videos as part of each question that you create and share in a Kahoot activity. Players are awarded points for answering correctly and quickly. Or you can turn off the points system to use Kahoot in a non-competitive environment.
Socrative Space Race:
Socrative is a free student response system that allows you to gather feedback from students through any Internet-connected device. One of my favorite aspects of Socrative is the variety of ways in which you can pose prompts and questions to your students. The Space Race feature has been a hit everywhere that I've shown it over the years. The Space Race feature allows you to create virtual teams for answering questions or prompts. The screen students see masks their classmates' names, but as the teacher you can see your students' names and download a report of students' responses.
Quizalize is a free quiz game platform. Students play your quiz games on their laptops or tablets by going to the Quizalize website then entering their names and a class code. Students are awarded points for correctly answering questions quickly. Students are given feedback instantly on every quiz question that they answer. A total score is presented to students at the end of every quiz. Creating quizzes on Quizalize is a simple process. To get started just name your quiz and tag it with a subject label. As you write each quiz question you can include a picture and up to four answer choices. You can specify a time limit of 5 to 120 seconds for each question. Quizalize offers a marketplace in which you can find quizzes created by other users. Some of the quizzes are free and others are sold for a dollar or two. To be clear, creating and playing your own quizzes is completely free.
Triventy uses a concept that is similar to Kahoot. To play a Triventy quiz game the teacher projects the game questions at the front of the room and students answer the questions on their mobile devices or laptops. Points are awarded for answering correctly. Bonus points are awarded for answering quickly. Students join the quiz game by going to and entering the game pin assigned to your game.

Saturday silly.
Hack Education Weekly News
… President Obama delivered his final State of the Union address Tuesday evening . “Education” showed up several times in the speech, including the idea that every students need to learn to “write computer code.”
Via The Hill: “House Oversight Committee Chairman Jason Chaffetz (R-Utah) is warning that a hack on the Department of Education would dwarf last year’s massive breach at the Office of Personnel Management. ‘Almost half of America's records are sitting at the Department of Education,’ Chaffetz said at a Brookings Institution event on Thursday. ‘I think ultimately that’s going to be the largest data breach that we've ever seen in the history of our nation.’”
… “Bronx Science Bans Cellphones From Wi-Fi as Students Devour It,” says The New York Times. [Potentially dangerous Bob]
… Tech and business training company General Assembly is expanding to Denver.
The Apollo Education Group announced that it was exploring selling off the University of Phoenix, the biggest for-profit university in the US. More via Phil Hill.
… “Oral Roberts University is now requiring all freshmen to wear tracking devices to monitor their physical activity,” News on 6 reports. “It appears as though school staff and instructors will be able to access the fitness tracking information gathered by the students’ devices. ‘The Fitbit trackers will feed into the D2L gradebook, automatically logging aerobics points,’” according to the university’s website.
The opening paragraphs from Education Week’s look at “the future of big data and analytics” in education: “Imagine classrooms outfitted with cameras that run constantly, capturing each child’s every facial expression, fidget, and social interaction, every day, all year long. Then imagine on the ceilings of those rooms infrared cameras, documenting the objects that every student touches throughout the day, and microphones, recording every word that each person utters. Picture now the children themselves wearing Fitbit-like devices that track everything from their heart rates to their time between meals.” Imagine.
Via The Washington Post: “The U.S. Education Department’s new planned system of records that will collect detailed data on thousands of students – and transfer records to private contractors – is being slammed by experts who say there are not adequate privacy safeguards embedded in the project.”

No comments: