Saturday, January 09, 2016

Sony continues to ignore reality. Do they have no lawyers at all or do they just ignore them?
Sony tries to trademark Let’s Play and pisses off the Internet

Another outfit that doesn't want to look bad. (Too late, OPM. Much too late.)
Shaun Nichols reports:
The US Office of Personnel Management (OPM) – which handles sensitive files on millions of government workers and was thoroughly ransacked by hackers – is withholding thousands of documents from Congress, which is probing the cyber-attack.
This is according to members of the House Committee on Oversight, who took OPM to task for what the panel calls an unwillingness on the part of the agency to provide it with information related to last year’s devastating IT security breach.
Read more on The Register.

This may impact some of my students.
Michael Jackson reports:
The Indian Institute of Management – Ahmedabad (IIM-A) conducted the CAT Exam 2015 last year very successfully on 29th November 2015 and according to the latest news received, some hackers have hacked the official website of IIM-A and released the result of 2015 CAT exams of about 2,00,000 students. Every year, lakhs of students appear for one of most prestigious exam – Common Admission Test to get admitted in the top B-school of India, Indian Institute of Management (IIM).
Read more on The Courier Daily.

Inevitable claim, but hasn't this always been the way with stings?
Defense Lawyers Claim FBI Peddled Child Porn in Dark Web Sting
On Tuesday, Motherboard reported that the FBI had carried out an “unprecedented” hacking campaign, in which the agency targeted at least 1,300 computers that were allegedly used to visit a site hosting child pornography.
While it looks like several of those already charged will plead guilty to online child pornography crimes, one defense team has made the extraordinary step of arguing to have their client's case thrown out completely. Their main argument is that the FBI, in briefly running the child pornography site from its own servers in Virginia, itself distributed an “untold” amount of illegal material.

Nothing is as confusing as lawyerspeak.
Keith Paul Bishop of Allen Matkins writes:
Article I, Section 1 of the California Constitution provides that “all people” have an inalienable right of privacy. Does this right extent to corporations? Seemingly it would if corporations are considered “people”. Some might cite the U.S. Supreme Court’s holding in Citizens United v. FEC, 558 U.S. 310, 394 (U.S. 2010) and argue that the corporations are people. However, the Citizens United decision was concerned with a federal statute and the First Amendment to the United States Constitution. More significantly, the Court in Citizens United did not hold that corporations are people.
Those troubled by the idea that corporations may be people too might be cheered by a recent decision by a panel of the California Court of Appeal. Noting that Article I, Section 1 of the California Constitution refers only to “people”, the Court held that corporations do not have a constitutional right of privacy. SCC Acquisitions, Inc. v. Superior Court, 2015 Cal. App. LEXIS 1180 (2015). That was not the end of the Court’s analysis, however. The Court went on to conclude that corporations do have a right of privacy, just not a constitutional right.
Read more on National Law Review.

Interesting. Could I use it to see if my students are understanding my lecture?
Rick Martinez of Robins Kaplan LLP has an article on LegalTech News:
Most people know Facebook and Google can “read” a face and identify the person. Next generation software goes much further: uncovering moods and emotions. Courts and trial counsel alike should consider now the implications of possible courtroom use.
Read more on LegalTech News. [Free registration required Bob]
[From the article:
Attorneys could perfect their message by applying the software to determine which case theme is working or what line of questions clearly is not. Lawyers can capture this potential by using the software on jurors in mock trials and focus groups. So long as these mock jurors consent, the software promises a powerful advantage.

Well, it's a start.
Silicon Valley appears open to helping US spy agencies after terrorism summit
Technology giants appeared to be open to helping the US government combat Islamic State during an extraordinary closed-door summit on Friday that brought together America’s most senior counter-terrorism officials with some of Silicon Valley’s most powerful executives.
The remarkable rendezvous between Apple, Facebook, Twitter, Microsoft and others and a delegation from the White House revealed a willingness on the part of tech firms to work with the government, and indicated that the Obama administration appears to have concluded it can’t combat terrorists online on its own.
Top officials – including National Security Agency director Michael Rogers, White House chief of staff Denis McDonough and FBI director James Comey – appeared to want to know how they could launch a social media campaign to discredit Isis, a person familiar with the conversation said.
A briefing document sent to tech executives Friday morning in advance of the meeting and shared with the Guardian laid out a wish list from the government delegation, which included America’s most senior spy, director of national intelligence James Clapper.
… In Washington earlier, White House press secretary Josh Earnest told reporters “many of these technology companies that are participating in the meeting today are run by patriotic Americans” and would want to cooperate. [Anyone who does not cooperate is unpatriotic? Bob]

(Related) Not how I would have categorized it, but again at least it is something.
White House sees child porn efforts as model for fighting terrorism

“You will want to do it our way, because otherwise the Internet is visibly slower!”
T-Mobile Confirms It Slows Connections to Video Sites
Though T-Mobile still wants to play games with words, the company has admitted it’s slowing down streams as part of its unlimited video service.
T-Mobile customers who activate the company’s controversial Binge On video service will experience downgraded internet connection speeds when viewing videos on YouTube or other sites that don’t take part in Binge On, a T-Mobile spokesperson confirmed today . They’ll also experience slower speeds when trying to download video files for offline use from websites that do not participate in Binge On, at least until the customer deactivates the service.

Perhaps the government will offer cash (i.e. tax dollar) incentives?
The government says Internet service isn’t expanding fast enough
… A new report from the Federal Communications Commission finds that while providers have done a decent job building out high-speed Internet, as many as 10 percent of Americans — roughly 34 million people — lack access to what the government considers broadband.
As a result, the FCC has concluded that the expansion of broadband isn't happening in a "reasonable and timely" fashion, and the agency says the law calls on the FCC to "take immediate action" to speed things up.
… "Advanced telecommunications capability is not being deployed in a reasonable and timely fashion to all Americans," according to an FCC factsheet.
[Find the data here:

(Related) ...because they do such a good job with Privacy.
Laura Hautala reports:
Maybe I’m naive to expect a certain savviness about privacy from the FTC, especially just before it convenes a group of experts in privacy and cybersecurity at a conference in Washington, DC, next week. I certainly didn’t expect the agency to accidentally send out a list of every attendee’s email address. But, it did.
The Federal Trade Commission on Friday sent an email advising participants to show up early to get a seat, and left all the recipients on the list visible to each other. A classic email blunder — using the “cc” function instead of the “bcc” function — in any normal situation, this particular mistake smacked of irony.
Read more on CNET.

Former Qwest CEO Nacchio Awarded $14M in Court Victory
Former Qwest Communications CEO Joseph Nacchio was awarded $14 million in a civil case he brought against a former financial advisor whose testimony years ago helped land Nacchio in jail on insider trading charges.
Although the two cases were unrelated, Nacchio said in an interview with that the jury’s decision in the recent trial in New Jersey left him feeling “vindicated” because the jury believed his testimony despite efforts by defense attorneys to impugn his character.

This will change the view at the beach.
How L’Oreal Built a UV-Measuring Temporary Tattoo
… The beauty company has its own tech incubator, run by L’Oreal tech guru Guive Balooch. His team partnered with sensor-maker MC10 and design firm PCH to create a wearable called the My UV Patch. It attaches directly to your skin and measures UV exposure, relaying the information back to an app. You access the app by scanning the sticker (using NFC or your phone’s camera), which you obviously want to put somewhere the sun will indeed shine. The app gives you information about your UV exposure, using a pattern of blocks of color made of photosensitive dyes that measure your baseline skin tone and change colors when you’re out in the sun, depending on its strength.
You apply it like any other sticker, except this one hangs around a little longer—three to five days, usually.

Charge for free stuff. What a country!
LiberGov Search – US Govt Reports, Documents, News, & Social Media
by Sabrina I. Pacifici on Jan 8, 2016
Via James R. Jacobs – “There have been several new subscription databases popping up in the last couple of years which scrape freely available public domain govt information (inc Congressional member & committee sites, members’ social media, news etc) index it and then sell (IMHO exorbitant) subscriptions to libraries and others. [James R. Jacobs] created a google custom search engine that does *almost* the same thing (google doesn’t — or isn’t allowed to — index Facebook so he has not included). Check out the spreadsheet of urls being indexed and let me know if there are any you’d like to add. Also, if you’d like to embed the search in a web page or lib guide, email James off list and he will send you the javascript.”

Just the Science Fiction bits make this interesting to me. – Periodicals, Books, and Authors
by Sabrina I. Pacifici on Jan 8, 2016
“The website is intended to provide convenient access to a large quantity of high-quality content material, mostly published over the last 150 years in America and England, including both articles and books, encompassing over one million readable items and titles of another million items not readable due to copyright. Much of this material has never previously been available anywhere on the Internet and should be useful for researchers and intellectual historians.
Q: Why do you include non-readable articles and books?
A: The inclusion of the copyright-excluded material allows users to examine a more nearly complete collection of a given author’s writings, even if many of the particular items themselves are currently unavailable due to copyright. If necessary, many of these other items can often be accessed and read on other websites or content systems, especially in the case of extent publications. Furthermore, there is a chance that at some future point these publications will be released for reading on this website as well.”

For my next Statistics class. Improbable things do happen.
The $800 Million Powerball Jackpot Is A Stat Nerd Dream Come True
… I’ve developed a model that estimates turnout for the Powerball lottery based on the advertised jackpot. Right now, by plugging $800 million into the model, we’d estimate 428 million tickets sold. Based on that data and the probability of a given ticket winning, there’s a 77 percent chance that, based on historical turnout, there’s at least one winner.

For my Data Management class.
Application Data Management's Role in Post-Modern ERP
… In the past, it was difficult to maintain a hybrid architecture due to limitations in integration and master data management (MDM) applications. Inclusion of Big Data sources and data lakes further complicate hybrid implementation strategies.
Fortunately, the ability to connect financial, HR, supply chain, CRM and other systems is far superior and more flexible today than ever before. This innovation allows businesses to source from best-in-class vendors based on customer-specific business requirements. Service-centric industries will center-weight application selection based on finance, HCM and service management, for example, whereas product-centric industries will also need manufacturing, supply chain and PLM systems.

Disk Storage Falling out of Favor in the Data Center: Survey
… Currently, just 1 percent of data centers have gone all-flash, according to the report. Six percent of data centers are using flash for more than half of their storage needs.

Party online with all my relatives? Scary. Now Offers Free Video Conference Calls
Last summer I wrote about how pleased I was with the performance of We continue to use it at MindRocket Media Group for all of our conference call needs. This morning I learned that now offers free video conference calls.
The video conference call feature of allows you to have up to 25 people in your call. You can use your computer's audio or your phone to connect to the call. An attendee list shows you who is in the call and allows you to instantly chat by text with anyone in the call.
… you do have to install the desktop client in order to use the video conference calling feature. The desktop client is available for Mac and Windows users.

Saturday funnies.
Hack Education Weekly News
… Also looking to have his case picked up by the Supreme Court: Taylor Bell, a high school student who claims his first amendment rights were violated when he was suspended for writing a rap song about his school’s coaches.
… “Penn State World Campus is partnering with the National Football League Players Association (NFLPA) to offer union members the opportunity to finish their degrees online,” Campus Technology reports.
… Wheaton College announced that it is taking steps to fire tenured professor Larycia Hawkins because of statements she made about Christians and Muslims worshiping the same god.
… Fortune has a special report on business interests behind the Common Core State Standards.
Via The New York Times: “Putting the Heat on Yik Yak After a Killing on Campus.”
… Bill Fitzgerald looks at school directory information and how much can be gleaned from this data, despite the privacy protections that FERPA purports to provide.

Friday, January 08, 2016

Would the response be similar in any jurisdiction? I would think so.
Andrew Paplowski reports:
Montreal Police will not confirm, but there is a report this morning they are going all out to try to recover sensitive information stolen from the private vehicle of a senior police officer, while he was attending a Christmas party.
The Journal de Montreal says the bag of Captain Patrice Vilceus was taken in a smash and grab near Union Street December 17.
The bag contained files and other confidential information regarding ongoing police investigations.
Read more on CJAD. If this info was really left in an unattended vehicle, well…. Yikes.
[From the article:
It also included a USB memory stick which contained the numbers of several police sources, information about misconduct involving several police officers and details of a criminal investigation that had just been concluded which was going to be sent on to the Director of Criminal and Penal Prosecutions.

Less than encouraging words.
Your Tax Refund May Take Longer, But at Least You'll Get It
Last year's income tax season was marked by an explosion of refund theft. Will this year be any different?
Increased protections may cut down on fraud but will likely draw out the wait for your money. Changes will be visible when you use tax preparation firms and filing software, with warnings akin to those from your bank if you try to log in from a new device or change account information. Less visible will be broader changes, such as revamped fraud-sniffing programs used by the IRS, states, and the tax prep industry, as well as new information-sharing agreements among all three.
Whether theses measures will make it appreciably harder for someone to use your identity to claim your refund isn't clear. One of the best consumer defenses against refund fraud is to file as early as possible, starting Jan. 19, beating would-be thieves who depend on your procrastination. But the best defense is to set your deductions ahead of time so that you get no refund at all.

How quickly will this deviate from Census data?
Joe Cadillic writes:
Under a proposed new law, Missouri cops will record a person’s race, their perceived sexual orientation, religion, disability and their English language proficiency!
Reams of data now show that “driving while black” is a real offense in the eyes of some Missouri officers and departments and it’s about to get worse!
Below are a some excerpts taken from the new law….
Read more on MassPrivateI.
The law reads as if the intent is to collect data, aggregate it, and determine if there is a problem reflecting bias. There is no indication that the observations will be tied to any individual’s name. Disturbingly, however, the data will not be tied to any officer’s name or ID, either, meaning that if a police officer is biased, the public will not know who s/he is…? One of the provisions of the law:
iv. Provide for the protection of the privacy of individuals whose data is collected by not providing to the public individual names and identifying information regarding the particular law enforcement officers who made the stops and the pedestrians, drivers, and passengers who were stopped.
And if this is all about “perceived” sexual orientation, etc., why does Joe say that police will ask? I put the question to Joe, who responded:
Officers conduct what’s know as ‘threshold inquiries’ which allow them lots of
latitude to question (interrogate) a person(s).
Knowing the police world as intimately as I do, what they’re really saying is
question them about everything.
Once DHS took over our Police, everything’s changed.

Will other major content providers follow? I don't think so. So are these the major players of the future?
ProPublica Launches the Dark Web’s First Major News Site
… On Wednesday, ProPublica became the first known major media outlet to launch a version of its site that runs as a “hidden service” on the Tor network, the anonymity system that powers the thousands of untraceable websites that are sometimes known as the darknet or dark web. The move, ProPublica says, is designed to offer the best possible privacy protections for its visitors seeking to read the site’s news with their anonymity fully intact. Unlike mere SSL encryption, which hides the content of the site a web visitor is accessing, the Tor hidden service would ensure that even the fact that the reader visited ProPublica’s website would be hidden from an eavesdropper or Internet service provider.
Everyone should have the ability to decide what types of metadata they leave behind,” says Mike Tigas, ProPublica’s developer who worked on the Tor hidden service. “We don’t want anyone to know that you came to us or what you read.”

“Give us a decade or two and we'll figure out what we're supposed to be doing.” See the next article for their next attempt.
Alan L. Friel and Gerald J. Ferguson of Baker Hostetler provide their interpretation of recent rulings:
Both the administrative law judge’s decision in LabMD and the Third Circuit’s recent decision in Wyndham, which we previously blogged about, put the FTC on notice that it cannot assume that in the wake of a security breach, allegedly inadequate data security will necessarily constitute an unfair practice under Section 5 of the FTC Act. Further, the FTC’s body of data security consent orders – basically private settlements of uncontested and unadjudicated cases (most of which also include deception claims), where the remedies include “fencing in” that goes beyond what the law requires – are merely indications of best practices and not some sort of “common law” as some have contended. Indeed, to treat consent orders as precedential would fly in the face of Congress’ purposeful curtailment of the FTC’s rulemaking authority under Mag Moss, as compared to the APA standards applicable to other federal agencies. Finally, the decisions suggest that the application of Section 5 unfairness authority to consumer privacy, especially in the context of interest-based advertising, is limited.
Read more on Data Privacy Monitor.

(Related) “How's this?”
Adam H. Greene of Davis Wright Tremaine LLP discusses the consent order Henry Schein Practice Solutions signed to settle an FTC complaint, and finds it noteworthy for a number of reasons. One of the reasons, he writes, is that it is the first consent order in a data security case to involve a monetary penalty.
Greene also mentions some take-home messages, beginning with:
HIPAA compliance may not be enough.
Read Greene’s full article on Privacy & Security Law Blog.

The criminal justice system in China works a bit differently.
Another Chinese billionaire goes missing
The billionaire founder of Metersbonwe, one of China’s best-known fashion brands, has gone missing, the latest in a series of Chinese business people and financiers apparently embroiled in the country’s anti-corruption campaign.
Metersbonwe suspended trading in its shares on the Shenzhen stock exchange on Thursday while the company said it was investigating reports in the Chinese media that Zhou Chengjian, its chairman, had been picked up by police.
The company is a household name on the Chinese high street and Mr Zhou was China’s 65th-richest man last year, according to the Hurun Rich list, with a fortune of Rmb26.5bn ($4.01bn).
The company said in a second statement on Thursday night that it was unable to reach Mr Zhou or the secretary of the board, Tu Ke. The statement gave no further details.

Oh look. They drew pretty pictures so even Congress can understand.
CBO Releases New Budget Infographics
by Sabrina I. Pacifici on Jan 7, 2016
“View CBO’s budget infographics to see how much the federal government spent and took in during fiscal year 2015, as well as broader trends in the budget over the past few decades.”

Like self-driving cars, but for indoor commuting – cuts the twenty minute walk from the front door to the master bedroom.
Segway’s Hoverboard Robot Uses Intel RealSense To Find Its Way Around
… When a rider hops off of the hoverboard, the Ninebot Segway can shape shift into a robot that'll follow that person around, taking pictures and commands.
The robot uses Intel's RealSense camera to make its way around dynamic environments and it can interact with both users and sensors in the home. The robot also has an Intel Atom processor inside.
But just because this thing is a bot doesn't mean it slacks on speed and performance. The Ninebot Segway can hit a top speed of over 11 mph and can travel up to 18 miles on a single charge.

Perspective. What can Watson do for you?
IBM's Rometty Takes Watson to CES
… at CES Rometty announced that Under Armour and IBM have developed a new cognitive coaching system that will serve as a personal health consultant, fitness trainer and assistant by providing athletes with timely, evidence-based coaching about health and fitness-related issues, including outcomes achieved based on others "like you."
… Omar Ishrak, CEO of Medtronic joined Rometty onstage to unveil the latest advances in applying Watson for diabetes management.
Softbank Robotics and IBM announced plans to take their partnership on a Watson-powered robot global. Through their joint work, Softbank has infused Watson into their "empathetic" robot Pepper, enabling it to understand and answer questions in real time, opening up new possibilities for the use of robotics in business scenarios such as banking, retail and hospitality.
… And Whirlpool and IBM announced that real-time data from Whirlpool's connected appliances will be combined with analytics in the Watson IoT cloud to create a range of new cognitive products and services. For example, a cognitive oven, over time, could learn about a family's eating habits, health issues and food preferences—and suggest healthy recipes customized for each family member.

Do you suppose this means teens are accepting of surveillance or have found simple ways to avoid detection? That's a survey I'd like to see.
Pew – Parents, Teens and Digital Monitoring
by Sabrina I. Pacifici on Jan 7, 2016
“The widespread adoption of various digital technologies by today’s teenagers has added a modern wrinkle to a universal challenge of parenthood – specifically, striking a balance between allowing independent exploration and providing an appropriate level of parental oversight. Digital connectivity offers many potential benefits from connecting with peers to accessing educational content. But parents have also voiced concerns about the behaviors teens engage in online, the people with whom they interact and the personal information they make available. Indeed, these concerns are not limited to parents. Lawmakers and advocates have raised concerns about issues such as online safety, cyberbullying and privacy issues affecting teens. A Pew Research Center survey of parents of 13- to 17-year-olds finds that today’s parents take a wide range of actions to monitor their teen’s online lives and to encourage their child to use technology in an appropriate and responsible manner.”

Implications for teaching, too.
Trump Supporters Appear To Be Misinformed, Not Uninformed
Donald Trump has a consistently loose relationship with the truth. So much so, in fact, that the fact-checking website PolitiFact rolled his numerous misstatements into one big “lie of the year.” But all the fact-checking in the world hasn’t pushed Trump toward a more evidence-based campaign, and his support has held steady or even increased in some polls. What explains Trump’s ability to seemingly overcome conventional political wisdom?
… Trump’s backers tend to be whiter, slightly older and less educated than the average Republican voter. But perhaps more importantly, his supporters have shown signs of being misinformed. Political science research has shown that the behavior of misinformed citizens is different from those who are uninformed, and this difference may explain Trump’s unusual staying power.
… Furthermore, in 2010, political scientists Brendan Nyhan1 and Jason Reifler2 found that when misinformed citizens are told that their facts are wrong, they often cling to their opinions even more strongly with what is known as defensive processing, or the “backfire effect.”

I do try to get better, but not too hard.

Thursday, January 07, 2016

...and eventually it will be your company, Computer Security students. Interesting that the FBI had to tell them about the passwords being on the Dark Net, but they immediately knew for certain that they had not been breached.
Another Day, Another Hack: Up to 320,000 Time Warner Cable Email Passwords
US telecoms company Time Warner Cable Inc announced on Wednesday that up to 320,000 customers could have had their email and password details stolen, Reuters reports.
According to the news wire, Time Warner Cable said that no evidence of a breach was found in the company's systems. Instead, the details may have been obtained by directly targeting customers themselves, perhaps through phishing emails or malware, or by reusing credentials obtained via a data breach of another company. A Time Warner Cable spokesperson told Reuters the company was notified of the issue by the FBI.

So by default they were secure, but they changed it to be less secure. What genius made that decision?
Greg Otto reports:
Nearly 12,000 Interior Department laptops are inadequately protected against the theft of personally identifiable information due to poorly configured software.
In a management advisory obtained by FedScoop, the department’s Deputy Inspector General Mary Kendall wrote that a large number of laptops have their full-disk encryption software configured to run post-boot user authentication, which can be hacked relatively easily. Interior laptops were previously set to run pre-boot authentication, the software’s default setting and the one recommended by the National Institute of Standards and Technology.
Read more on FedScoop.

Too big to care?
Doug Drinkwater reports what regular readers have likely already noticed: following a data breach, customers are upset, some will be reluctant to do business again with the entity, there may be brand or reputation damage to the firm, but big businesses survive and will continue to grow or rebound. So there may or may not be reputation damage, but even if there is, it hasn’t turned out to be as impactful as previous surveys and clarion calls might suggest.
Although incident response impacts reputation damage, reputation damage may not be as damaging to the bottom line as companies had been told to fear.
Read more on CSO. They’re only talking about big corporations (not surprisingly). What about small businesses? Do they rebound or do they fold? Over the years, I’ve reported on some cases where a business did not recover from a breach and folded. And recently, I reported on two data exposures where neither company has as yet recovered and it appears at least one of them has just disappeared.

I have nothing to hide.
Oscobo is a UK-based search engine trying to appeal to the privacy-conscious folks who do not want to be tracked. From their privacy policy:
It’s pretty simple really. We are on your side. We will NOT store or mess around with your personal data.

What we don’t do…

We DO NOT store ANY data on our users:

NOT when you use our site.
NOT when you leave.
NOT when you type words in the search box.
NOT when you come back.

No cookies, No tracking, No IP, nuttin…., zip…, nada….

We DO NOT know WHO you are, WHERE you have been or where you are GOING and we certainly DO NOT compile any profiles.

Set the fine low, settle fast, claim that a lot of victories proves you are a champion of the people!
I’m not seeing any press release from NYS Attorney General Schneiderman’s office yet, but Kenneth Lovett of the NY Daily News reports that Uber has settled two probes stemming from both its “God View” privacy breach scandal and delayed notification of a breach involving drivers’ information.
In addition to paying the $20,000 fine to settle both probes, Uber, whose latest valuation was $62.5 billion, voluntarily agreed to comply with a number of provisions, according to a source who read the agreement.
Uber also agreed to encrypt rider geo-location information and adopt “multi-factor authentication” that would be required before an employee could access riders’ personal information.
In addition, the company formally agreed to conduct annual privacy and security training for employees, designate someone to supervise a privacy and security program, and maintain reasonable security practices, the source said.
Read more on the NY Daily News.
Attorney General Schneiderman seems to be going lightly with monetary penalties. His recent settlement with U. of Rochester over another breach involved a $15,000 penalty. It looks like he’s trying to make a point and is more focused on correction rather than punitive measures.

But sometimes, you have to fight. What constitutes the “line” that Turkey crossed?
Twitter files lawsuit against Turkish fine over 'terrorist propaganda': source
Micro-blogging site Twitter filed a lawsuit in an Ankara court on Thursday, seeking to annul a fine by the Turkish authorities for not removing content Turkey says is "terrorist propaganda", a source familiar with the case told Reuters.
A Turkish official said much of the material in question was related to the Kurdistan Workers Party (PKK) which Ankara deems as a terrorist organization.
… Ankara has taken a tough stance on social media under President Tayyip Erdogan and the ruling AK Party he founded. It has temporarily banned access to Twitter site several times in the past for failing to comply with requests to remove content.
But the 150,000 lira ($50,000) fine, imposed by the BTK communications technologies authority, was the first of its kind by Turkish authorities on Twitter.
Twitter, in its lawsuit, is arguing that the fine is against the law and should be annulled, the source said.

My Data Management class was arguing about this yesterday. (This could be a fun Quarter)
Groups press Facebook to stop ‘disingenuous’ advocacy in India
Dozens of Internet rights groups are pressing Facebook to clean up its “unfounded and divisive” advocacy in India around Free Basics, the social media company’s program to offer limited Internet access for free.
The groups believe the program is at odds with net neutrality. And in an open letter to Facebook CEO Mark Zuckerberg, they accuse Facebook of making “disingenuous” claims that the opposition is coming from a small group of critics.
… Facebook’s program is a partnership between the social media company and a number of mobile carriers to bring Internet access to many unconnected parts of the world. In a process known as zero-rating, the Free Basics app allows mobile phone users to have free access to dozens of different websites, including news and jobs sites, Bing search, Wikipedia, ESPN, ACCuWeather, Facebook and others.
The program has faced an uphill battle in India since being unveiled last year. Many argue the plan goes against net neutrality, the principle that no Internet traffic or app should be prioritized above another. And the business model of zero-rating — or exempting certain Internet traffic from data caps — is a controversial topic that is still being debated in the United States.
… UPDATE 3:19 p.m. — A Facebook Spokesperson responded: "We respect the authors of the letter, but strongly disagree with their facts and conclusions. First, in the only nationally representative poll conducted in India, 86% of Indians support free basics. Those who aren’t connected want inexpensive, innovative new opportunities to come online. Second, there is no credible evidence that this program discourages access to the full internet — indeed, data from more than 35 countries suggests the opposite. We do not believe it makes sense to halt a program that accelerates economic development for those most in need. Third, the Free Basics program does not discriminate between content providers. The program has transparent technical requirements and any service that meets them can participate. Fourth, while we share the signers' commitment to net neutrality, we do not believe this important principle was ever intended to deprive poor people of the opportunity to experience the benefits of basic Internet services. Finally, regulators around the world who have looked at this issue have concluded that these types of programs can exist alongside strong net neutrality rules."

Because symptoms are easier to address than causes. Even if they can't articulate their concern, they do know owning a gun makes them feel safer than anything politicians do.
Gun Stocks Surge As Obama Issues Executive Orders On Gun Safety
… So in the wake of President Obama’s efforts to strengthen existing gun laws, guns and ammo stocks are once again jumping.
Shares of Sturm, Ruger & Co jumped 6.8% in Tuesday trading, hitting their highest level in a full year. The 164-year-old Smith & Wesson, meanwhile, saw its stock surge more than 12% and reach its highest price since July of 2007.

Can China lead us into a recession? I kind of doubt it. Not likely to bring down the government either.
World stock markets slide as panic in China spreads
… China’s share market traded for less than 30 minutes Thursday, slumping 7 percent before triggering the second emergency market closure this week and generating talk of a crisis.
In Europe, the FTSE 100 index fell 2.5 percent in early London trading, while Germany's Dax index slipped 3.5 percent. In overnight trading, Standard & Poor’s 500-stock index futures in the United States were 2.2 percent lower.
Against a backdrop of a weak economy and, some argue, an overvalued currency, confidence in China had long been in short supply. But investors also blamed ill-considered and poorly explained moves by the authorities for fueling the panic this week.

Perspective. (Note that China was left out)
At CES, Netflix Adds Over 130 Countries to Streaming Service
… Yet one major region on Netflix’s world map remains dark: China, home to nearly a quarter of the world’s broadband households. And in many of the 190 countries where Netflix now is available — including Turkey, Russia and Poland — the service is available in English, but not the local language.
“We still have a lot of work to do,” Reed Hastings, chief executive of Netflix, said in a telephone interview Wednesday afternoon. “Because of the number of countries, it seems like we are ahead of plan. But we still have China — we still have a quarter of the world to go.”

Want to bet that Congress jumps on this? 'cause everyone else is betting it will sink without a ripple.
This is absolutely disgraceful. Morgan Chalfant reports:
More than 40,000 backlogged mail packages of veterans’ disability claims material were discovered at a VA regional office in Florida, according to a new report from the VA inspector general.
Investigators also found more than 1,600 boxes of unprocessed veterans’ claims material at a scanning facility with which the St. Petersburg, Florida, regional office was contracting.
Read more on Washington Free Beacon.

Looks like hours of fun!
The New York Public Library's Remarkable New Digital Collection
… The New York Public library has digitized more than 187,000 images, all in the public domain—meaning they’re freely available for anyone to use.

Is Dilbert pointing out the major difference between my students and the managers they will work for?

Wednesday, January 06, 2016

Interesting. How will defense lawyers react? Stay tuned.
The FBI's 'Unprecedented' Hacking Campaign Targeted Over a Thousand Computers
… Just a month after launch, Playpen had nearly 60,000 member accounts. By the following year, this number had ballooned to almost 215,000, with over 117,000 total posts, and an average of 11,000 unique visitors each week. Many of those posts, according to FBI testimony, contained some of the most extreme child abuse imagery one could imagine, and others included advice on how sexual abusers could avoid detection online.
… A month before this peak, in February 2015, the computer server running Playpen was seized by law enforcement from a web host in Lenoir, North Carolina, according to a complaint filed against Peter Ferrell, one of the accused in New York.
… But after Playpen was seized, it wasn't immediately closed down, unlike previous dark web sites that have been shuttered by law enforcement. Instead, the FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4, reads a complaint filed against a defendant in Utah. During this time, the FBI deployed what is known as a network investigative technique (NIT), the agency's term for a hacking tool.
… Magistrate Judge Theresa C. Buchanan in the Eastern District of Virginia, who signed the warrant used for the NIT, did not respond to questions on whether she understood that the warrant would grant the power to hack anyone who signed up to Playpen, or whether she consulted technical experts before signing it, and her office said not to expect a reply.
But Fieman said that the warrant “effectively authorizes an unlimited number of searches, against unidentified targets, anywhere in the world.”

For my Computer Security students (and my Ethical Hacking students) Make sure you are not using the defaults!
Researchers Publish Default Passwords for ICS Products
The list, dubbed “SCADAPASS,” contains default credentials for industrial routers, programmable logic controllers (PLC), wireless gateways, servers and network modules

The SEC thinks there is some hanky-panky going on, but doesn't know how to detect it. So they create a non-profit to detect it and report it to the people doing it in the hope that they will stop doing it?
Wall Street to Get Graded on How Much Spoofing It's Facilitating
U.S. regulators have grown so concerned that traders are using high-speed computers to manipulate markets that they’re planning a new tactic to clamp down on the practice -- rating brokers on how much spoofing flows through their order books.
The Financial Industry Regulatory Authority said it plans to issue report cards this year that will grade firms on how many phony bids to buy or sell stock they might have a role in facilitating. Finra, a market cop funded by Wall Street, expects brokers to use the assessments to root out any misconduct, the regulator said Tuesday in its annual letter on exam priorities. The reports won’t be made public.

DHS and TSA are looking for the most favorable spin on the laws governing them. Sometimes “interpretation” becomes “wishful thinking.” Sometimes they spin out of control.
From Papers, Please!:
In response to a flurry of publicity kicked off by a story last week in the New York Times in which we were quoted, the DHS has posted several new or updated pages about the REAL-ID Act on its website, including a new page headed, “REAL ID and You: Rumor Control“.
Not surprisingly, the DHS is still lying about what the REAL-ID Act requires.
Read more on Papers, Please!

I kinda thought we had not heard the end of this.
Cyrus Farivar reports:
The Kentucky man whose drone was shot down by his neighbor last year has now filed a federal lawsuit, asking the court to make a legal determination as to whether his drone’s July 2015 flight constituted trespass. In the case, plaintiff David Boggs also wants the court to rule that he is entitled to damages of $1,500 for his destroyed drone.
Read more on Ars Technica.
[From the article:
"The United States Government has exclusive sovereignty over airspace of the United States pursuant to 49 U.S.C.A. § 40103," Boggs' lawyer, James Mackler, wrote in the civil complaint. "The airspace, therefore, is not subject to private ownership nor can the flight of an aircraft within the navigable airspace of the United States constitute a trespass."

(Related) The first of many?
Drone user sues feds over registration rules
… The lawsuit, filed in the U.S. Court of Appeals for the District of Columbia, argues that the drone registration rules put in place last month violate a federal law that prohibits the FAA from regulating recreational drones.

Everyone believes that the Internet of Things means we will measure everything. I wonder if that is true.
Intel embraces Internet of Things, puts sensors on everything
More sensors means more data... which means more chips to be sold... which means more revenue.

(Related) Do we really need 24/7 surveillance of our refrigerator?
CES 2016: Here Is Why Samsung’s Family Hub Is A Fridge Of The Future
People will soon have a fridge equipped with cameras and a huge display, allowing them to see anything inside without the need to open its door.

(Related) This follows like night follows day.
The Extortionist in the Fridge

Perspective. Does this suggest the auto makers are taking this seriously?
Automakers, not Silicon Valley, lead in driverless car patents: study
… "Automakers aren’t as good as technology companies in tooting their own horns," Tony Trippe, principal author of the report, told Reuters in an interview. "But when you look at the patent data, the automakers are all over this."
Toyota is, far and away, the global leader in the number of self-driving car patents, the report found. Toyota is followed by Germany’s Robert Bosch GmbH [ROBG.UL], Japan’s Denso Corp (6902.T), Korea’s Hyundai Motor Co (005380.KS) and General Motors Co (GM.N). The tech company with the most autonomous-driving patents, Alphabet Inc's (GOOGL.O) Google, ranks 26th on the list.

An interesting area of law.
Brian Schaller of InfoLawGroup provides yeoman service by recapping legislative news in 2015 in ed-tech:
There was a lot of legislative movement for the educational technology (ed-tech) industry in 2015 with states placing additional privacy regulations on the industry, and the effects of those new acts should be felt this year. The states that passed this type of legislation in 2015 were following California’s lead. California’s governor signed the Student Online Personal Information Protection Act (SOPIPA) (2014 Cal SB 1177) back in 2014. Even though these states enacted legislation after SOPIPA, at least one of these acts came into effect before SOPIPA became operative (which was January 1, 2016). Maryland’s Student Data Privacy Act of 2015 (2015 MD H.B. 298) was approved by the governor on May 12, 2015 and took effect July 1, 2015. On August 7, the influential and often business friendly state of Delaware saw its governor approve the Student Data Privacy Protection Act (2015 Del. SS 1 for SB 79). Some of the Delaware act’s provisions became effective upon its enactment into law, but the provisions that have the most impact are effective “August 1 the first full year following the Act’s enactment into law”. Georgia’s Student Data Privacy, Accessibility, and Transparency Act (2015 GA S.B. 89) was signed by the state’s governor on May 6, 2015 and will become effective July 1, 2016. Additional states passed similar legislation such as Arkansas and Virginia. According to an article by the National Association of State Boards of Education released last June, 111 state bills “were aimed at establishing better safeguards for the collection, use, and disclosure of student data.”
Read more on InfoLawGroup.

5 Staggering Email Stats That Are Hard to Believe

Big Data is useless by itself.
Sebastian Wernicke: How to use data to make a hit TV show
Does collecting more data lead to better decision-making? Competitive, data-savvy companies like Amazon, Google and Netflix have learned that data analysis alone doesn't always produce optimum results. In this talk, data scientist Sebastian Wernicke breaks down what goes wrong when we make decisions based purely on data — and suggests a brainier way to use it.

For my next Spreadsheet class.
8 Tips for How to Learn Excel Quickly

(Related) Dilbert lists the errors my Spreadsheet Students make.

I don't think there is anything new here.
Paper – Staying Smart: How Today’s Graduates Continue to Learn Once They Complete College
by Sabrina I. Pacifici on Jan 5, 2016
Project Information Literacy Research Report: “Staying Smart” | January 5, 2016 | Alison J. Head
Staying Smart: How Today’s Graduates Continue to Learn Once They Complete College – “This report presents findings about the information-seeking behavior of relatively recent college graduates used for lifelong learning in personal life, the workplace, and the local communities where they lived. Included are results from online surveys of 1,651 respondents and telephone interviews with 126 study participants who graduated from one of 10 US colleges and universities between 2007 and 2012. Findings indicated that most graduates needed to learn a combination of basic and complex life skills during the past year, such as money-management, how to make household repairs, and how to advance in their careers and communicate better on the job. They consulted friends, family , and coworkers almost as much as the Web. Graduates preferred information sources that had currency, utility, and interactivity. They also placed a high premium on curated information systems that were organized and kept up-to-date, such as libraries, museums, and bookstores. A model of shared utility is introduced for explaining graduates’ use of contemporary social media technologies as well as personal connections they had established with trusted allies. Graduates reported four barriers to their continued learning efforts: lack of time, finding affordable learning sources, staying on top of everything they needed to know, and staying motivated to keep learning after college. As a whole, graduates prided themselves on their ability to search, evaluate, and present information, skill s they honed during college. Yet, far fewer said that their college experience had helped them develop the critical thinking skill of framing and asking questions of their own, which is a skill they inevitably needed in their post-college lives. Ten recommendations are presented for improving educational strategies, resources, and services that foster lifelong learning.”

An Infographic for our “Success Coaches” to pass along?
Studying Doesn’t Have To Be a Struggle If You Do It Right

Almost cool enough to convince me to buy a smartphone.
“Like Google Translate for music”
ScoreCloud instantly turns your songs into sheet music. As simple as that!
  • Instant Score from MIDI or Audio
  • Arrange and Edit your Score
  • Print, Export and Share

Tuesday, January 05, 2016

Again? Sony doesn't know what is going on?
PSN is down for gamers around the world (update: it’s back up)
… PlayStation Network is down, according to Sony Computer Entertainment America. The company has updated its status page to confirm the outage. This is preventing gamers on both PlayStation 4 and PlayStation 3 from loading up online multiplayer sessions in blockbusters like Destiny: The Taken King and Call of Duty: Black Ops III. It’s even causing issues with some players trying to log into primarily single-player experiences like Assassin’s Creed: Syndicate and Metal Gear Solid V: The Phantom Pain. On top of that, PlayStation owners are running into problems launching video apps, such as Hulu and Netflix.
… It’s also worth noting that while both PSN and Xbox Live.have gone offline a number of times over the last 12 months, cyberattackers had nothing to do with most of those incidents.

Unfortunate, unless you're a hacker.
Users Lax on Mobile Security: Survey
According to the study (PDF), which had nearly 12,000 respondents from 27 countries, users are increasingly concerned about online threats, and many are looking install security software on their devices. Furthermore, the report reveals that consumers use more connected devices than before, with an average of 8 connected devices per household.

Them Dutch guys, they be pretty smart, you betcha.
Dutch Government Opposes Encryption Backdoors
The government in the Netherlands believes authorities should seek new solutions to address the issues posed by the use of encryption during their investigations, but weakening encryption is not the answer. Dutch officials have pointed out that introducing a backdoor that would allow authorities to access encrypted data could also be abused by criminals, terrorists and foreign intelligence services, and it could have undesirable consequences.

For my Computer Security students.
Data Security and Breach Notification Legislation: Selected Legal Issues
by Sabrina I. Pacifici on Jan 4, 2016
CRS – Data Security and Breach Notification Legislation: Selected Legal Issues, Alissa M. Dolan, Legislative Attorney. December 28, 2015. “Recent data breaches at major U.S. retailers have placed a spotlight on concerns about the security of personal information stored in electronic form by corporations and other private entities. A data breach occurs when data containing sensitive personal information is lost, stolen, or accessed in an unauthorized manner, thereby causing a potential compromise of the confidentiality of the data. Existing federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH Act), and the Gramm-Leach-Bliley Act, impose security and breach notification requirements on specific industries or types of data. Additionally, 47 states, the District of Columbia (D.C.), and three territories have enacted laws requiring breach notification, while at least 12 states have enacted data security laws, designed to reduce the likelihood of a data breach. Alabama, New Mexico, and South Dakota have not enacted breach notification laws.”

Some articles start me giggling before I read beyond the headline.
Can Robots Be Lawyers? Computers, Lawyers, and the Practice of Law
by Sabrina I. Pacifici on Jan 4, 2016
Remus, Dana and Levy, Frank S., Can Robots Be Lawyers? Computers, Lawyers, and the Practice of Law (December 30, 2015). Available at SSRN: or
“We assess frequently-advanced arguments that automation will soon replace much of the work currently performed by lawyers. Our assessment addresses three core weaknesses in the existing literature: (i) a failure to engage with technical details to appreciate the capacities and limits of existing and emerging software; (ii) an absence of data on how lawyers divide their time among various tasks, only some of which can be automated; and (iii) inadequate consideration of whether algorithmic performance of a task conforms to the values, ideals and challenges of the legal profession. Combining a detailed technical analysis with a unique data set on time allocation in large law firms, we estimate that automation has an impact on the demand for lawyers’ time that while measureable, is far less significant than popular accounts suggest. We then argue that the existing literature’s narrow focus on employment effects should be broadened to include the many ways in which computers are changing (as opposed to replacing) the work of lawyers. We show that the relevant evaluative and normative inquiries must begin with the ways in which computers perform various lawyering tasks differently than humans. These differences inform the desirability of automating various aspects of legal practice, while also shedding light on the core values of legal professionalism.”

The pendulum swings back. ...and I don't understand the logic.
In August, 2014, I noted a report involving a transcription contractor of Boston Medical Center exposing patient information on the Internet. BMC notified approximately 15,000 patients and fired MDF Transcription Services because of the incident. Of note, BMC told patients in a notification letter that it had no reason to believe their information had been misused – or even accessed. The incident, which had been reported to HHS in April 2014, appears on HHS’s breach tool under MDF’s name as the Business Associate. There is no indication in the breach tool that OCR has closed its investigation into that incident as of today’s date.
Unbeknownst to me, there was a lawsuit that followed the incident: Walker et al v. Boston Medical Center Corp. Not surprisingly, the defendants moved to dismiss for lack of standing. After all, there was no evidence the data had even been accessed, much less misused, and because… Clapper.
BMC must have gotten a real shock when the opinion was issued. Kevin M. McGinty of Mintz Levin explains:
A Massachusetts Superior Court judge held that a plaintiff has standing to sue for money damages based on the mere exposure of plaintiff’s private information in an alleged data breach. The court concluded that the plaintiff had pleaded a “real and immediate risk” of injury despite failing to allege that any unauthorized persons had even seen or accessed that information.
Read more on Mintz Levin.
[From the article:
Although the Walker plaintiffs did not allege that their medical records had been accessed, or their personal information used, by any unauthorized person, the court’s holding indicates that the mere exposure of patient data to the potential to be accessed by unauthorized persons may still adequately plead an injury. In this case, the plaintiffs alleged facts that, if true “suggest[ed] a real risk of harm from the data breach at BMC” (internal quotations omitted) because BMC’s letter notifying the plaintiffs of the data breach supported an inference that “plaintiffs’ medical records were available to the public on the internet for some period of time and that there is a serious risk of disclosure.” Based on this inference, the court found it was reasonable to draw the further inference that the records “either were accessed or likely to be accessed by an unauthorized person.” This “general allegation of injury from the data breach” was sufficient to demonstrate standing.

Play with this a bit. Could be very interesting.
How The Internet* Talks
*Well, the mostly young and mostly male users of Reddit, anyway.
… To get a sense of the language used on Reddit, we parsed every comment from late 2007 through August 2015 and built the tool above, which enables you to search for a word or phrase to see how its popularity has changed over time.

The Rise of Visual Content Online
While the explosion of data and information has been a topic of considerable interest in recent years, another phenomenon has received comparably less attention: The explosion of visual content. To put this growth in perspective, it is estimated that 3.8 trillion photos were taken in all of human history until mid-2011, but 1 trillion photos were taken in 2015 alone. And that’s without counting the number of people making, viewing, or sharing videos [YouTube alone boasts over a billion users worldwide], Vines [40 million users], and gifs.