Saturday, January 30, 2016

...and they secure it just like Hillary Clinton?
Evan Halper writes about an issue I’ve raised in my own commentary on the risks of the explosion of voter profiling.
…. But as presidential campaigns push into a new frontier of voter targeting, scouring social media accounts, online browsing habits and retail purchasing records of millions of Americans, they have brought a privacy imposition unprecedented in politics. By some estimates, political candidates are collecting more personal information on Americans than even the most aggressive retailers. Questions are emerging about how much risk the new order of digital campaigning is creating for unwitting voters as the vast troves of data accumulated by political operations become increasingly attractive to hackers.
Read more on Government Technology.

What control do I have? If I don't allow the car in my garage to use my secure WiFi to connect to the manufacturer, will it update when I drive by a Starbucks?
Your next car will update itself while you sleep, and maybe watch you too
… Automakers tell us that the average 2016 model year car has up to 100 million lines of software code resident in various systems throughout the vehicle. About 20 million of those lines of code are required just to run a standard navigation and infotainment system.
… According to Forbes Business, “20 percent of vehicles sold worldwide in 2015 will include some form of embedded connectivity while the number of connected cars sold globally will grow more than sixfold to 152 million by 2020.”
… “By the turn of the decade, every new car sold around the world will have a data communications modules. It’s not just about infotainment. It’s more about the functionality of the vehicle,” Pisz told Digital Trends. “It’s about the car telling the customer that it’s not feeling well before the customer knows. If a fault code comes up, it goes to a big data center and it’s noted as an exception. The information goes back to the dealer or back to the customer.” This kind of feature uses the same data connection that provides you with real-time navigation information and safety services.
… In order to update the engine management and related systems – including transmission control, braking and stability controls, adaptive cruise control, and passenger safety systems – the automaker must be absolutely certain that the update is received and implemented correctly, or the vehicle could be left inoperable.
… One key thing to mention regarding OTA updates is that the door swings both ways. While your car is being updated, the potential exists for your car to report back to the automaker. Some of the data that can be reported is personal, and may be used to market to you, or potentially to challenge you.

For my Computer Security students. Notice that this is exactly what the book says.
NSA Hacker Chief Explains How to Keep Him Out of Your System
… In the world of advanced persistent threat actors (APT) like the NSA, credentials are king for gaining access to systems. Not the login credentials of your organization’s VIPs, but the credentials of network administrators and others with high levels of network access and privileges that can open the kingdom to intruders. Per the words of a recently leaked NSA document, the NSA hunts sysadmins.
The NSA is also keen to find any hardcoded passwords in software or passwords that are transmitted in the clear—especially by old, legacy protocols—that can help them move laterally through a network once inside.
… In general, Joyce noted, spies have little trouble getting into your network because they know better than you what’s on it.
“We put the time in …to know [that network] better than the people who designed it and the people who are securing it,” he said. “You know the technologies you intended to use in that network. We know the technologies that are actually in use in that network. Subtle difference. You’d be surprised about the things that are running on a network vs. the things that you think are supposed to be there.”
… Another nightmare for the NSA? An “out-of-band network tap”—a device that monitors network activity and produces logs that can record anomalous activity—plus a smart system administrator who actually reads the logs and pays attention to what they say.

Prof van Schewick also offers solutions. How un-lawyerly!
Is T-Mobile's Binge On Legal? Law Professor Says No
… The Stanford report by law school professor Barbara van Schewick contends that Binge On "gives providers in the program a competitive advantage" and that "T-Mobile's selection of services harms competition and stifles free expression." It even goes as far as to say that "Binge On's discriminatory effects are here to stay," and that "Binge On sets us on a slippery slope."

What I most feared, evidence that her server had been hacked, has still not surfaced. It really doesn't matter if they were “marked classified.” (Or what the definition of “is” is.)
State Department Declares 22 Clinton Emails 'Top Secret'
The Obama administration has confirmed for the first time that Hillary Clinton's home server contained closely guarded government secrets, censoring 22 emails that contained material requiring one of the highest levels of classification. The revelation came three days before Clinton competes in the Iowa presidential caucuses.
State Department officials also said the agency's Diplomatic Security and Intelligence and Research bureaus are investigating if any of the information was classified at the time of transmission, going to the heart of Clinton's defense of her email practices.

How will this change IBM? Ask Watson!
New IBM Watson Chief David Kenny Talks His Plans For 'AI As A Service' And The Weather Company Sale
When IBM announced the close of its acquisition of The Weather Company on Friday, it added another veteran CEO in Weather’s David Kenny to work under Big Blue boss Ginni Rometty. And IBM’s not wasting Kenny’s time on integrating his former company into the fold. So hours after the announcement, the newly-appointed chief of the critical IBM Watson unit shared his top priority: to bring Watson together into a more cohesive product that will introduce ”artificial intelligence as a service.”
… The Weather Company had made a priority to connect hundreds of millions of sensors to produce more than 20 terabytes of data a day for its apps and websites.
That expertise will now go into IBM’s other Internet of Things units, scanning information from medical equipment, smartphones as well as trains, planes and automobiles.
… Watson already solves “deep problems,” Kenny says, in areas including law, healthcare and financial risk. But those clients can’t always share their stories, he admits, and IBM could do a better job unifying the various Watson capabilities into one coherent product. Make those offerings more repeatable and easier to plug-and-play and get running almost immediately with a customer big or small, and Watson could democratize machine learning in a way that other AI companies can’t offer at the same scale, Kenny says.

Opportunity! Would the NRA help us create an online marketplace for weapons?
It’s now a lot harder to buy a gun from someone on Facebook
While Facebook itself doesn't sell guns, it has dealt for years with the right way to handle sales of regulated goods such as firearms, adult toys and prescription drugs on its social media network.
On Friday, the firm changed its policy regarding firearms, completely banning any peer-to-peer firearms sales on its network. That means users can no longer offer or coordinate the private sale of firearms on the site. This policy also applies to the sale of gun parts and ammunition, said a Facebook spokeswoman.

Why is this not available to the public?
Tweeting at a Federal Agency? The New ‘US Digital Registry’ Can Tell You for Sure
A new registry of verified government social media accounts could help the public beware of online digital doppelgängers and allow developers to create tailored applications that pull in data from thousands of official government social media accounts.
The U.S. Digital Registry aims to be the authoritative source for all official social media accounts used by federal agencies. The registry also lists official government mobile apps and mobile websites.
… Accessing the U.S. Digital Registry requires an OMB Max ID, which is available to federal government employees and contractors with a valid .gov, .mil, or email address. Register for an OMB Max ID if you need one.

Only basic access is free unless you are in law school…
Ravel law – California Case Law Now Live
by Sabrina I. Pacifici on Jan 29, 2016
Daniel Lewis – Jan 20, 2016: “We just took a big step forward in making the law freely and easily available. Starting today, as part of the Harvard-Ravel digitization project, the comprehensive, authoritative collection of California case law is available online at Ravel. For the first time, anyone can search and read all California court opinions for free, including landmark rulings on every topic, from same-sex marriage (In re Marriage Cases, 2008) to separation of powers (Houston v. Williams, 1859). Each case is accompanied by a high-quality scan of the original book in which it was published, providing an authentic version that can not be found anywhere else but Ravel. For lawyers, law students, academics and the general public, this is an extraordinary resource that was previously out of reach to many. California’s court opinions are a critical part of our country’s legal “operating system,” yet until today these rulings have been locked behind expensive paywalls and printed in books available only to a limited few. Ravel now makes this vast legal database available to everyone, along with powerful tools to sift through it. We’re incorporating Harvard’s case law collection into the rest of our platform as well. For professionals who subscribe to our suite of analytical tools, you’ll soon find California state judges as part of our Judge Analytics feature and will be able to explore in powerful detail how these judges make decisions…”
… Ravel Advanced is free for law students and legal academics. Create an Educational Account

Not much.
What a Million Syllabuses Can Teach Us
… Over the past two years, we and our partners at the Open Syllabus Project (based at the American Assembly at Columbia) have collected more than a million syllabuses from university websites. We have also begun to extract some of their key components — their metadata — starting with their dates, their schools, their fields of study and the texts that they assign.
This past week, we made available online a beta version of our Syllabus Explorer, which allows this database to be searched. Our hope and expectation is that this tool will enable people to learn new things about teaching, publishing and intellectual history.

Another week of devolving education.
Hack Education Weekly News
The EFF asks why so many universities are opposing the Department of Education’s proposed OER policy (that federally funded educational resources would be openly licensed). One possible answer: patent$.
… “Colman Chadam carries genetic markers for cystic fibrosis, but doesn't have the disease itself, according to his parents.” Buzzfeed looks at the legal battle his parents are waging against a Palo Alto school district which dismissed him from a school, charging he posed a health risk to other students.
Via Inside Higher Ed: “Students waste about one-fifth of class time on laptops, smartphones and tablets, even though they admit such behavior can harm their grades.”

Friday, January 29, 2016

Interesting. Read the whole post.
Jon Swaine and George Joseph report:
Private files belonging to America’s biggest police union, including the names and addresses of officers, forum posts critical of Barack Obama, and controversial contracts made with city authorities, were posted online Thursday after a hacker breached its website.
The Fraternal Order of Police (FOP), which says it represents about 330,000 law enforcement officers across the US, said the FBI was investigating after 2.5GB of data taken from its servers was dumped online and swiftly shared on social media. The union’s national site,, remained offline on Thursday evening.
“We have contacted the office of the assistant attorney general in charge of cyber crime, and officials from FBI field offices have already made contact with our staff,” Chuck Canterbury, the FOP’s national president, said in an interview.
Read more on The Guardian.
Joseph Cox of Motherboard takes a more critical look at the data and questions why FOP’s statement about the incident attributed the hack to Anonymous, as there’s nothing about this incident to suggest the involvement of Anonymous. The FOP’s statement not only misattributes the hack (perhaps that’s intentional, though?), but consistently misspells “breach:”
… An individual known as @CthulhuSec on Twitter took responsibility for dumping the data, but not for hacking/acquiring it, as explained in this statement.

Worth browsing.
FTC Announces Significant Enhancements to
by Sabrina I. Pacifici on Jan 28, 2016
“For the first time, identity theft victims can now go online and get a free, personalized identity theft recovery plan as a result of significant enhancements to the Federal Trade Commission’s website. The new one-stop website is integrated with the FTC’s consumer complaint system, allowing consumers who are victims of identity theft to rapidly file a complaint with the FTC and then get a personalized guide to recovery that helps streamline many of the steps involved. The upgraded site, which is mobile and tablet accessible, offers an array of easy-to-use tools, that enables identity theft victims to create the documents they need to alert police, the main credit bureaus and the IRS among others.”

Trust but verify? What would advance notice of an attack on Iranian nuclear facilities be worth?
Snowden files reveal US and UK spied on feeds from Israeli drones and jets
A joint UK-US intelligence programme has been spying on electronic feeds – including video – from Israel’s military drones and jet fighters going back to 1998.
In a potentially embarrassing disclosure for Israel, which prides itself on its technical capabilities, a new release from material held by the former NSA contractor Edward Snowden has revealed that UK and US intelligence officials have been regularly accessing Israeli cockpit cameras even in the midst of operations in Gaza and Lebanon.
Codenamed Anarchist, the programme was revealed by the Intercept, a US website edited by Glenn Greenwald.
… The drone feeds were reportedly hacked using freely available software similar to that used to access subscriber-only TV channels, the report said.
… In one memo reporting on interception of an Israeli drones, an official in Cyprus noted: “Our ability to collect and track and report this activity is important for the initial detection and tip-off for any potential pre-emptive or retaliatory strike against Iran.” [Thought so. Bob]

Somehow I don't see this as a victory. The attack tried to deny access to your website. Shutting it down did exactly that. Where is your victory?
Cyber Attack Targets Britain's HSBC Bank
"HSBC UK Internet banking was attacked this morning. We successfully defended our systems," HSBC UK tweeted. "We are working hard to restore services, and normal service is now being resumed," it said.
A spokesman specified that the attack was a "denial of service attack", which slows down or disables a network by flooding it with communication requests.
Users attempting to access the bank online were met with a message saying: "Sorry, there appears to be a system problem. Please try again later."

We don't need no stinking encryption!” “We do need to follow existing procedures!”
VICTORIA—In an investigation report released today, B.C. Information and Privacy Commissioner Elizabeth Denham found that the Ministry of Education failed to protect the personal information of 3.4 million B.C. and Yukon students stored on a portable hard drive.
… The ministry used the portable hard drive as a backup for the purpose of disaster recovery of ministry research data. The information was moved from a secure server to the hard drive in an attempt to decrease electronic storage costs, and was ultimately sent to an off-site warehouse for storage.
The ministry declared the hard drive to be lost when employees were unable to locate it in the warehouse after a series of extensive searches.
… The ministry did not ensure the information was encrypted, did not store the portable hard drive in an approved off-site warehouse and did not adequately document the contents or location of the portable hard drive.
… “There are many important lessons to be learned from this investigation, not only for the Ministry of Education, but for other public agencies as well. This is an example of a breach that was completely preventable. If the ministry had implemented any one of a number of safeguards and followed existing policy, the breach would not have happened.
… Investigation Report F16-01: Ministry of Education is available at:

Drones could get really expensive.
Unmanned Aircraft Operations in Domestic Airspace : U.S. Policy Perspectives and the Regulatory Landscape
by Sabrina I. Pacifici on Jan 28, 2016
Via FAS – CRS report – Unmanned Aircraft Operations in Domestic Airspace: U.S. Policy Perspectives and the Regulatory Landscape. Bart Elias, Specialist in Aviation Policy. January 27, 2016.
“…Many of the commercial applications envisioned for UAS, such as express package delivery, remote monitoring of utilities and infrastructure, and imagery collection and analysis to support precision agriculture, most likely will not be viable without development of technological capabilities that allow for the complete integration of UAS in the national airspace. These include technologies to enable drones to sense and avoid other air traffic ; manage low-altitude airspace and detect and prevent unauthorized use of airspace; mitigate risks to persons and property on the ground; provide secure command and control linkages between drone aircraft and their operators; and enable automated operations. There are also issues related to operator training and operator qualification standards. A number of bills introduced in the 114th Congress address UAS safety, and these topics may be considered in further detail in forthcoming FAA reauthorization debate…”

Who is gullible here? Journalists? Politicians? The public?
The myth of the ISIS encrypted messaging app
Despite widespread media reports to the contrary, an app created for Islamic State militants to send private encrypted messages does not exist, a Daily Dot investigation found.
On Jan. 12, Defense One reported that the Islamic State allegedly built a new Android app called Alrawi for exchanging encrypted messages, based on claims from self-proclaimed online counterterrorism outfit Ghost Security Group (GSG). The claim was quickly reprinted by Newsweek, Fortune, TechCrunch, and the Times of India—the largest English-language newspaper in the world—among many others.
… Followers of ISIS, excited by the news of a custom encrypted messaging app, asked on forums and social media where they could find the app, but we found no instances of anyone able to share it. Western security experts wondered why they couldn’t find a copy on any of the official or unofficial ISIS channels. [Anyone who asked is a terrorist? Bob]

Amusing and perhaps thought provoking.
Hype vs. Reality: A Reality Check on the Internet of Things
The Internet of Things has plenty of hype — it’s going to be big, really big — but also plenty of detractors. The naysayers breathily predict everything from the surveillance state to a wrecked economy to people enslaved by machines. Here are nine bits of information to consider:

We'll pay you to borrow money from us. The rate is -0.1%
Stocks Rally on BOJ Surprise Cut
… “I’m amazed at the power central banks have over markets,” said Mr. Dryden. “We saw it last week with the European Central Bank, and now Japan—it just takes a little bit of action for a big move in equities,” he added.
By applying negative rates, the Bank of Japan is trying to keep the yen from strengthening while demonstrating its resolve to stimulate inflation, strategists said.

This is one my students did not come up with this week. (I can't tell you about some of the others because they might start those businesses themselves.)
This Startup That Fills Your Gas Tank on Demand Just Raised $9 Million
… With the Booster app, you can request your car to be filled up with gas while you are at work.
The team has hit a nerve. Billed as the “Uber for gas” in its Crunchbase profile, Booster announced today that it has raised a $9 million series A round from Madrona Venture Group, Version One Ventures and RRE Ventures, according to the public fundraising database. Currently, Booster services are available in the San Francisco Bay area and the Dallas-Fort Worth area.
… To “order” a tank of gas, customers download the free app and then order a fill up between 7 a.m. and 4 p.m. Booster uses “proprietary” GPS technology to locate your vehicle and confirms it is yours with the make, model, color and license plate. A large industrial truck full of gas then fills your tank. Customers must leave their tanks ajar while waiting for the service. [Opportunity! We need an APP to allow Booster to unlock your gas cap. Could be worth billions! Bob]

(Related) They had several variations of this one.
Uber wants to be your express delivery service for everything
Uber announced today its plans to expand its application program interface, or API, project to its nascent delivery service, UberRUSH. By adding just a few lines of code, businesses such as Nordstrom and 1800flowers can now integrate UberRUSH's one-hour delivery service directly into their digital products.

Amazon shares plunge as record profit still misses estimates
… "By comparative retail standards, Amazon's level of profitability is still painfully weak," said Neil Saunders, head of retail analyst firm Conlumino, who is still positive on Amazon's prospects. "For every dollar the company takes, it makes just 0.75 of a cent in profit."

Coming soon?
Starry Eyes Speedy Internet Access
Project Decibel on Wednesday announced Starry, a company that promises easy broadband Internet access at speeds of up to 1 GB with no caps….
Initial deployment will be a beta in Boston in the summer.
Starry has an FCC license to run pilots for 24 months in Boston and 14 other cities: New York, Washington, Los Angeles, San Francisco, Dallas, Houston, Philadelphia, Detroit, Atlanta, Miami, Minneapolis-St. Paul, Seattle, Denver and Chicago.

All my students should read this.
Facebook for Business: Everything You Need to Know
… If you're ready to take on Facebook for your business, here's everything you need to know to get you started.

(Related) and this!
This is how you live stream on Facebook

Thursday, January 28, 2016

Today is Data Privacy Day!

Not much detail here.
Wendy's Is Looking Into Reports of a Credit Card Breach
Burger chain operator Wendy‘s said on Wednesday it was investigating reports of unusual activity with payment cards used at some of its 5,700 locations in the U.S.

(Related) Krebs is better connected.
Wendy’s Probes Reports of Credit Card Breach
When KrebsOnSecurity initially began hearing from banking industry sources about a possible breach at Wendy’s, the reports were coming mainly from financial institutions in the midwest. However, this author has since heard similar reports from banks on the east coast on the United States.

Spend too much time in D.C. and all that sea-level oxygen rots your brain?
Cory Bennett reports:
Sen. Michael Bennet (D-Colo.) on Wednesday called on his colleagues to move a bill that would strengthen the government’s ability to sanction North Korea for hacking.
“North Korea’s repeated acts of aggression and hostility call for stronger sanctions,” Bennet said in a statement.
The bill, known as the North Korea Sanctions Act, would also empower the government to sanction property and seize funds from the organizations and individuals supporting Kim Jong Un’s regime.
Read more on The Hill.
[From the article:
Bennet's measure mirrors a bill from Sen. Cory Gardner (R-Colo.), who chairs the Senate Foreign Relations subcommittee on East Asia and cybersecurity.
Gardner's legislation, the so-called North Korean Sanctions and Policy Enhancement Act, would force President Obama to create a strategy to thwart and sanction North Korean hackers.

It's politics, not logic.
Conservative attorney and thinker Mark J. Fitzgibbons is unhappy. In an OpEd in the Washington Examiner, he writes:
California Attorney General Kamala Harris must be so ambitious that she is willing to tempt fate of multiple civil lawsuits and even criminal charges so she can intimidate her ideological opponents — and even her supporters. Ms. Harris oversees licensing of charities across the country that ask Californians for contributions. She’s also a candidate for the United States Senate.
In disregard of the 1958 landmark civil rights decision NAACP v. Alabama and post-Watergate reforms to the Internal Revenue Code to protect tax information privacy, Ms. Harris is now telling charities and other nonprofit organizations that in order to get from her a charitable solicitation license they must first provide her office a confidential federal tax schedule listing their most valuable donors.
Read more on Washington Examiner.
[From the article:
Harris is an uber-liberal Democrat. Knowing the names of donors to causes not only allows her to target individuals who are on the opposite side of her ideology, but lets her know which Democrats may have contributed to causes she opposes. Besides its lawlessness, what Ms. Harris is doing is just plain creepy.

Not very specific as to what they were marketing.
Kevin Lessmiller reports:
LexisNexis and a police reports website obtained North Carolina Motor Vehicle Department records and illegally used them for marketing purposes, a class action lawsuit claims.
Deloris and Leonard Gaston are licensed drivers living in Charlotte, N.C., who say they were involved in car accidents in Mecklenburg County.
The Gastons sued LexisNexis Risk Solutions Inc. and PoliceReports.US LLC earlier this month in North Carolina Federal Court. The class action complaint was filed on behalf of a proposed class of people whose motor vehicle records were obtained by LexisNexis and PoliceReports without their consent.
Read more on Courthouse News.

Perspective. Does this explain why Facebooks wants everyone in the whole world to have access to Facebook for free?
This is how much money you’re worth to Facebook
The social network reported its earnings for its fourth quarter and all of 2015 on Wednesday, revealing in a presentation that it makes an average of $3.73 off of each user around the world. In the United States and Canada, that figure is $13.54, up from $10.49 from the third quarter. That's largely thanks to an increase in mobile and video views — an impressive statistic, considering both are relatively new ventures for Facebook.
… The company also reported that it's making more money than ever from mobile advertising, which now accounts for 80 percent of its revenue. At the end of 2014, mobile advertising comprised just 69 percent of Facebook's ad revenue.

Could this be real? Do they form the breading and then insert the cheese? Curious.
Some McDonald's Mozzarella Sticks Are Missing the Cheese
A lot of McDonald’s customers are complaining that the fast food chain’s new mozzarella sticks are seriously lacking in mozzarella.
People have taken to Twitter to share their ire, accusing the restaurant of selling them what appear to be just fried bread crumbs that are hollowed out and filled with nothing but disappointment.

Wednesday, January 27, 2016

Governments can make glaciers look speedy.
Rep. Will Hurd writes that Congress and officials still don’t have answers about the discovery in December by software developer Juniper Networks of a backdoor in its ScreenOS software that could have allowed foreign entities to decrypt and read government communications. The backdoor is thought to have been inserted in 2013. And while the OPM breach garnered massive public and media attention, less attention has been paid to this breach.
The federal government has yet to determine which agencies are using the affected software or if any agencies have used the patch to close the backdoor. Without a complete inventory of compromised systems, lawmakers are unable to determine what adversaries stole or could have stolen.
If government systems have yet to be fixed then adversaries could still be stealing sensitive information crucial to national security. The Department of Homeland Security is furiously working to determine the extent to which the federal government used ScreenOS. But Congress still doesn’t know the basic details of the breach.
Read more on WSJ.
Hurd, who is one of Congress’s few members who “gets” the nerdy stuff, points out that this situation is a good example of why any backdoor that puts a hole in encryption is a bad idea.

Might make an interesting case study.
Adrianne M. Haney reports:
The now-former state employee who was fired after a data breach exposed Georgia voter’s personal information is disputing, in detail, the Secretary of State’s internal investigation report that pinned blame on him.
Read more on 11Alive.

For my Computer Security students.
The 3 People Most Likely to Hack Your Data & Privacy
… Mikko Hypponen is a well-known security expert who has been giving security-related talks and advice for several years now, and in this relatively short TED Talk, he explores the most common types of online attacks:

For my Ethical Hacking students.
Free eBook: Kali Linux Cookbook ($24 Value)
… Well, are you familiar with Kali Linux? It’s all about penetration testing and ethical hacking. It can do some pretty amazing things, but you need to learn how to use it.
… you can get it for free until February 3rd!

Drugs (and devices like pacemakers) become “Things” on the Internet of Things.
John Miller reports:
Novartis wants every puff of its emphysema drug Onbrez to go into the cloud.
The Swiss drugmaker has teamed up with U.S. technology firm Qualcomm to develop an internet-connected inhaler that can send information about how often it is used to remote computer servers known as the cloud.
This kind of new medical technology is designed to allow patients to keep track of their drug usage on their smartphones or tablets and for their doctors to instantly access the data over the web to monitor their condition.
Read more on Reuters.

Go Canada?
Davis Fraser writes on Canadian Privacy Law Blog:
For anyone who was wondering: the arc of the common law is long and it bends towards privacy. [??? Bob] The Ontario Superior Court of Justice has this past week expressly recognized the tort of “public disclosure of private facts”.
This is a huge deal, as it explicitly expands the scope of privacy protection under the common law and stands as an example of how the traditional courts (and perhaps new-ish torts) can be called upon to help victims of cyberbullying.
Arising from a horrific case of revenge porn where the defendant had uploaded to the internet an explicit sexual video of the plaintiff, the Court in Doe v D., 2016 ONSC 541 (CanLII) [Edit: this link should work soon …], said this about the ability to sue for invasion of privacy:
C. Invasion of Privacy[34] In Jones v. Tsige, 2012 ONCA 32 (CanLII), the Court of Appeal for Ontario recognized the existence of the tort of invasion of privacy in the context of intrusion upon seclusion. In that case, the Court found that the defendant had committed the tort of intrusion upon seclusion when she used her position as bank employee to repeatedly examine private banking records of her spouse’s ex-wife. While that case dealt with a significantly different fact situation, many of the Court’s comments are germane to this case, and I will therefore refer extensively to that decision.
[Skipping a lot here… Bob]
The Court commented that if the plaintiff in Jones had a right of action, it fell into the first category of intrusion upon seclusion, described by Prosser as comprised of the following elements:
• there must be something in the nature of prying or intrusion;
• the intrusion must be something which would be offensive or objectionable to a reasonable person;
• the thing into which there is prying or intrusion must be, and be entitled to be, private; and
• the interest protected by this branch of the tort is primarily a mental one. It has been useful chiefly to fill in the gaps left by trespass, nuisance, the intentional infliction of mental distress, and whatever remedies there may be for the invasion of constitutional rights.
[Skipping a lot here too… Bob]
[41] While the facts of this case bear some of the hallmarks of the tort of “intrusion upon seclusion”, they more closely fall within Prosser’s second category: “Public disclosure of embarrassing private facts about the plaintiff.” That category is described by the [Restatement (Second) of Torts (2010) at 652D as follows: “One who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that (a) would be highly offensive to a reasonable person, and (b) is not of legitimate concern to the public.”
[And here… Bob]
[47] In the present case the defendant posted on the Internet a privately-shared and highly personal intimate video recording of the plaintiff . I find that in doing so he made public an aspect of the plaintiff’s private life. I further find that a reasonable person would find such activity, involving unauthorized public disclosure of such a video, to be highly offensive. It is readily apparent that there was no legitimate public concern in him doing so.
[48] I therefore conclude that this cause of action is made out.

...and there is nothing you can do about it!
An Unprecedented Threat to Privacy
Throughout the United States—outside private houses, apartment complexes, shopping centers, and businesses with large employee parking lots—a private corporation, Vigilant Solutions, is taking photos of cars and trucks with its vast network of unobtrusive cameras. It retains location data on each of those pictures, and sells it.
It’s happening right now in nearly every major American city.
The company has taken roughly 2.2 billion license-plate photos to date. Each month, it captures and permanently stores about 80 million additional geotagged images.
… The company counts 3,000 law-enforcement agencies among its clients. Thirty thousand police officers have access to its database.
… Supreme Court jurisprudence on GPS tracking suggests that repeatedly collecting data “at a moment in time” until you’ve built a police database of 2.2 billion such moments is akin to building a mosaic of information so complete and intrusive that it may violate the Constitutional rights of those subject to it.
The company dismisses the notion that advancing technology changes the privacy calculus in kind, not just degree. An executive told the Washington Post that its approach “basically replaces an old analog function—your eyeballs,” adding, “It’s the same thing as a guy holding his head out the window, looking down the block, and writing license-plate numbers down and comparing them against a list.

Monitoring employees, or contractors, or whatever they are…
Uber using smartphone sensors to spot erratic drivers
… The company’s chief security officer, Joe Sullivan, wrote in a blog post that the Uber can use the sensors in smartphones used by its drivers to verify customer feedback.
“If a rider complains that a driver accelerated too fast and broke too hard, we can review that trip using data,” Sullivan wrote. “If the feedback is accurate, then we can get in touch with the driver. And if it’s not, we could use the information to make sure a driver’s rating isn’t affected.”
According to the Guardian, which was the first to report on the existence of the pilot program, the test started late last year in Houston. The newspaper reported that drivers are not explicitly told that the data is being recorded.

Does every new technology require us to start from scratch? If we use it to communicate, then it is communications technology, be it email, Twitter, YikYak or Slack.
Are Slack Messages Subject to FOIA Requests?
According to Slack CEO Stewart Butterfield, the General Services Administration, NASA, and the State Department are all experimenting with using Slack for internal communication.
The move is a potential boon to government productivity (notwithstanding the tide of emoji it will likely bring into the work lives of our nation’s public servants). But it could also be a threat to a vital tool for government accountability.
… Slack, for its part, is trying to make it easier for organizations to comply with strict document-retention requirements. Usually, the lead user of a group that uses Slack is allowed to export a transcript of all messages sent and received in public channels and groups. But a change the company made in 2014 allows organizations to apply for a special exemption that allows them to export every message sent and received by team members—including one-on-one messages and those sent in private groups.

What did they buy? Is this a permanent win or only until the next lawsuit. (What happens if Uber loses their case?)
Lyft settles worker misclassification lawsuit for $12.25 million
… As part of the settlement, the San Francisco company will change its terms of service so that its treatment of drivers clearly complies with California law governing independent contractors.
… The news of the settlement comes as rival Uber continues its fight against a similar lawsuit in federal court in San Francisco, also filed by Liss-Riordan. Unlike the Lyft case, Uber is fighting a class action lawsuit that is expected to go to trial before a jury on June 20.
The lawsuit against Lyft, which was filed in 2013, was not a class action because of an arbitration clause in the company’s driver agreements that prevented Lyft drivers from participating in a class action.
… Although it was a California lawsuit, the new terms of service will apply to drivers nationwide. As of the end of last year, Lyft had more than 300,000 drivers actively using its platform.
In settling, Lyft may have avoided a more costly lawsuit.
If the company had lost in court, it would have had to recognize its drivers as employees, potentially putting it on the hook for back wages and expense reimbursements. According to labor experts, recognizing workers as employees can increase the cost of doing business by about 30%.

Perspective. Do more teens have smartphones than credit cards?
New Chase eATMs Will Use Smartphone App Instead Of Debit Or Credit Card
… JPMorgan Chase is ready to roll out the next generation of ATMs across the country, where customers can access their money directly using their smartphones as opposed to plastic debit or credit cards.

Perspective. (Just one company)
The world's biggest advertising company spent a whopping $4 billion with Google last year — and $1 billion with Facebook
Here are the figures, for 2015:
Google: $4 billion (up 38%, from $2.9 billion in 2014)
Facebook: $1 billion (up 56%, from $640 million in 2014)
Yahoo: $400 million to $430 million (flat or slightly up on $400 million in 2014)
AOL: $100 million to $125 million (flat or slightly up on $100 million in 2014)
Twitter: $150 million to $225 million (flat or slightly up on $150 million in 2014)

Because if you're going to records it, you might as well broadcast it at the same time?
GoPro Inc (GPRO) Integrating With Periscope to Livestream User Video
… Live video feeds will be broadcast to the video app, and only video coming from the Hero4 Black and Hero4 Silver will be livestreamed. Older GoPro devices and the Hero4 Session won’t be able to broadcast live. Any livestreaming on GoPro will continue recording in full-quality mode and saved to the local SD card during the broadcast.
The update to Periscope’s iOS app is available now. The app will also allow you to switch between your iPhone camera and the GoPro throughout the stream.

For my student entrepreneurs.
How to Choose the Right Crowdfunding Model for Your Business
What kind of crowdfunding model is right for you? It depends on the life cycle of your business, according to Sally Outlaw, founder of crowdfunding consulting company
“If your idea is on a napkin, you’re probably not going to do equity-based crowdfunding -- because you’re going to be giving up shares of a company that you don’t even have or know how to value,” said Outlaw at Entrepreneur’s inaugural Entrepreneur 360 conference last fall in New York City.
While most businesses should look to rewards-based crowdfunding in order to first launch, Outlaw believes that it’s possible to raise money throughout your company’s entire life cycle while remaining within the crowdfunding ecosystem. “You can go from $0 to $50 million right now in a raise,” she says.
Check out more in the video above.

For my SfiFi reading students.
10 of the Best Science Fiction Books All Geeks Should Read

Just for fun, I'm asking my students what other flavors could be created.
Ben & Jerry's Cofounder Unveils Bernie Sanders Ice Cream
Ben Cohen, the cofounder of the Vermont-based ice cream brand Ben & Jerry's, is showing his personal support for Democratic presidential candidate Bernie Sanders with an extremely limited-edition ice cream flavor he named "Bernie's Yearning."

Tuesday, January 26, 2016

We have different understandings of “no damage.”
Don’t Tap That Link! This Website Will Crash Your Phone
There’s a new prank floating around the Internet and there’s no word as to when — or if — it will be fixed. For those who aren’t aware, the prank involves tricking people into visiting the website. Don’t do it, but if you do, make sure you visit using a computer.
In short, the website employs a bit of JavaScript code to recall the HTML5 history in an infinite loop, which eventually causes the browser to run out of memory. What happens next depends on your device.
On iPhones and iPads, visiting the site forces your phone to reboot after about 20 seconds. On Android devices, the site slows your device to a crawl and causes it to overheat until you close whichever browser you used to visit it.
On computers using Safari, the site causes the browser to crash. With any other browser, the site slows the machine to a crawl until the tab is closed or the browser is exited.
The good news is that this prank causes no damage.
Here’s the prank aspect: People have been linking to the site using URL shorteners that disguise the actual address. If you encounter a shortened URL, you might be able to check its validity using one of these URL expander services.

Sort of a “hire a third-party, get out of jail free” decision? Am I reading this right?
Lisa A. Carroll, Martin B. Robins, David G. Kern and James M. Fisher II of Fisher Broyles write:
A recent 11th Circuit case may – if followed elsewhere and not reversed by the US Supreme Court – reduce a company’s potential exposure under conventional contract language requiring sensitive materials to be held in confidence. Many companies have been concerned that such language would make them liable if they were the victim of a third-party data breach as opposed to an intentional disclosure by one of their employees or contractors.
In Silverpop v. Leading Market Technologies, 2016 U.S. App. LEXIS 196, the US Court of Appeals for the Eleventh Circuit held that losses associated with a data breach “are best characterized as consequential” and recovery on a contract claim should be barred when the contract contains a prohibition the award of consequential damages. The Court further found that negligence claims for such data breaches would be barred due to the lack of an applicable standard of care, as well as by the economic loss rule. Thus, absent proof of negligence or specific contractual language that is on-point, a data breach of itself does not constitute a breach of the obligation to take reasonable measures to safeguard confidential material under a confidentiality provision.
Read more on Lexology while I go pour some more coffee and try to find someone to translate this into non-legalese for me.

Not clear if the police knew their suspect had a cell phone or if this was just a fishing expedition. If they knew the suspects cell phone, the volume of data would have been much easier to deal with.
Michael Geist writes about a recent court ruling of note:
Earlier this month, an Ontario court escalated the privacy rights of subscribers in a high-profile case involving Rogers and Telus, who were asked by police to provide “tower dump” records that would have revealed information on thousands of cellphone users. The two telecom companies rejected the request, noting that the disclosure would affect tens of thousands of people who were merely located in the vicinity of a cellphone tower during the specified period.
Given the detailed information that would have been available (including billing and credit card information), the lack of safeguards over the information and the over-breadth of the request, the companies argued that an order to produce the information would breach the reasonable expectation of privacy of the affected cellphone users.
Read more on Toronto Star.
[From the Star article:
Lawyers representing the police had questioned whether the telecom companies were entitled to raise the privacy rights of their subscribers. The court noted that individual cellphone users were unlikely to appear in court to defend their privacy interests, meaning their concerns would be unaddressed unless the companies took it upon themselves to question the production order.
Moreover, since customer contracts reference privacy rights, the court reasoned that the companies were contractually obligated to assert the privacy interests of their subscribers.
The confirmation that telecom and Internet providers are obligated to defend the privacy interests of their subscribers represents a sea change in approach. For years, companies have been largely content to remain on the sidelines, arguing that they are merely intermediaries without the ability to step into the shoes of their customers. In fact, even in the Telus and Rogers tower dump case, Bell was conspicuously absent.
The courts are now sending the unmistakable message that the privacy interests of subscribers are too important to be left without representation.

Should every lawyer use these Apps? Who should find them mandatory?
Use these apps to expose cell phone surveillance:

For my Computer Security students.
3 Undeniable Reasons Why You Need Online Anonymity
Identity Protection
Personal Harassment
Sensitive Issues

Is Online Anonymity Even Possible?
Perhaps that’s the real question to ask. Even if we all agreed that online anonymity is absolutely necessary, is it something that could be achieved? We’ve asked this before and the answer is clear: pseudo-anonymity is possible, but true anonymity isn’t.
You can be slightly more anonymous by using an encrypted system like Tor, but even that has its drawbacks and flaws.

I can feel myself working up to an article on encryption (or at least a significant rant in this Blog).
Eric Geller reports:
The encryption debate raging inside the U.S. government peeked out into the open at an Internet policy conference on Monday, as a high-ranking Justice Department official and an FTC commissioner offered dueling views of the proper balance between liberty and security.
The back-to-back comments by Assistant Attorney General Leslie Caldwell and FTC Commissioner Terrell McSweeny at the State of the Net conference offered a distilled version of the battle over government access to encrypted products.
Read more on The Daily Dot.
[From the article:
While Caldwell, the head of the Justice Department's Criminal Division, admitted that encryption was vital to all facets of online activity, she also warned that it was one of several “obstacles that can and do stop our investigations in their tracks.” [The kind of flippant remark that politicians toss out with no justification. Bob]

Something for my programing students to play with?
Microsoft Open Sources Its Artificial Brain to One-Up Google
… The company has open sourced the artificial intelligence framework it uses to power speech recognition in its Cortana digital assistant and Skype Translate applications. This means that anyone in the world is now free to view, modify, and use Microsoft’s code in their own software.

(Related) Here's why you might want the software – delete this “feature.” (Even better: Use it to remind politicians that they haven't done what they promised… Ever.)
Cortana was already a fairly capable personal assistant, but she’s still learning new tricks. Her latest? Nagging you about promises you’ve made to people in your emails.
It’s sort of like Outlook’s built-in missing attachment reminders. If the program notices words in your subject or message that seem to reference a file that you should have paper clipped to your email, it’ll nudge you and ask if you’ve forgotten to attach something.
Cortana’s improved reminder service works in a very similar way. The team at Microsoft Research already knew that people make numerous commitments to each other in email threads. Let’s do lunch. I’ll pick up the prototypes from engineering. Yes, I booked the conference room. They also knew that a lot of those commitments never make it into your calendar, where Outlook could actually remind you that promises have been made to people and you’d best follow through. The solution? Tweak Cortana’s contextual awareness so that she can sniff out things that look like they require your attention.

Instagram Is Showing You a Lot More Ads Than It Used To
… Instagram cryptically announced back in June that it was going to start serving more ads, and then it launched an ads API in August to let third-party companies sell ad vacancies for them.
Brand Networks, an ad network that is one of Instagram’s official ad partners, released data Monday in two charts that show just how quickly Instagram ramped up its ad efforts.
Brand Networks served 50 million ad impressions on Instagram in August, a number that doubled to 100 million in September and reached 670 million for the month of December.
… CPMs for all Instagram ads — that includes video and carousel ads, too — were $5.21 in September, peaked in November at $7.20, and then fell back to $5.94 in December.
A few things worth noting here: These numbers come from just one ad partner, so it’s possible that Instagram’s overall figures are different. But the general trend, that Instagram is showing more ads and those ads are holding their value, is a major positive for Facebook.

Perspective. One of the costs of doing business?
Uber is facing a staggering number of lawsuits
Last year, 50 lawsuits were filed against Uber in U.S. federal court. You might be wondering whether that’s a lot; after all, Uber operates in 68 countries, employs more than 5,000 people and is the most highly valued start-up in the world. We’re here to tell you that it is a lot, and that all this litigation is a serious problem for Silicon Valley’s favorite start-up.
… Lawsuits have long been the proverbial thorn in the side of the gig economy. The most high-profile of Uber’s legal lot is a class action challenging Uber’s classification of drivers as independent contractors, as Uber claims they are, rather than employees. That suit, if successful, might entitle up to 160,000 drivers to recoup back wages from Uber and fundamentally change Uber’s business model

Would my students use these? Perhaps someone looking to buy a house in a new neighborhood?
5 Apps for Discovering Your Neighborhood

For my student website builders.
5 Best (and Easy) Open Source Website Builders

For my students who are seriously looking?
This Simple Process Will Make Your Job Search Insanely Productive

Monday, January 25, 2016

An important question because we might want to do it here.
How secure are New York City's new Wi-Fi hubs?
The first of New York City's public Wi-Fi hubs went live yesterday, offering free gigabit-fed Wi-Fi to anyone within 150 feet of the stations on Third Avenue. These are the first of 7,500 such hubs, each equipped with USB charging ports and custom-built tablets for web browsing, spread throughout the five boroughs. As part of the LinkNYC project, these hubs will create the largest public municipal Wi-Fi system in the world once they're completely installed.

Is it a fight or merely a debate? (Moving at the speed of government.)
5 things to watch in Internet privacy fight
Advocates are pressing the Federal Communications Commission to quickly propose strong Internet privacy rules, one of the unfinished parts of last year’s net neutrality order.
The agency is expected to release a proposal any month now. It'll come after nearly a year of meetings with stakeholders about the scope of the commission’s new authority.
… As the clock ticks and pressure mounts, here are five important factors shaping the debate.
Scope of FCC authority
New tracking technologies
Pressure from tech and consumer groups
Data access
Consumer protections

Who vets this stuff? Does no one ask any questions? Just grab a suggested program and run with it?
From the road-to-student-privacy-hell dept., WPXI reports that what was intended as an anti-bullying “kindness” program at West Allegheny Middle School went too far in asking the students personal questions.
According to school officials, a variety of exercises were put together for students to get students to “become aware of others’ experiences and their role of being supporters to one another.”
However, some parents claim the workshop had the opposite effect. “All they did was give the bullies more ammunition,” parent Marie-Noelle Briggs said.
During one of the exercises, the students were given masks and asked a series of questions, including whether they had one or more parent who did not go to college, whether someone close to them had been imprisoned and whether their families ever worried about not having enough money. If the answer was “yes,” students were instructed to move towards the center of the circle.
Read more on WPXI.
[From the article:
“I would never expect a middle school to ask 13-year-old kids if your parents have ever been in jail, if they're same sex, if they're having financial issues. Why would my 13-year-old son know any of this?” Briggs said.
Lippert did not personally look at the questions before the workshop.
“I didn't personally look at the questions ahead of time, I trusted the team,” said Lippert. “It's a national age appropriate model,
School officials said students were given the option to opt out, but parents said they were never informed of the personal nature of what was passed off as a “kindness workshop.”

“'cause we can't compete with good schools?”
Bill Hormann reports:
A school district is wrongly shielding names and addresses of students from an organization that promotes options to traditional public schools, according to a lawsuit before the Ohio Supreme Court attracting interest from several statewide education groups.
Columbus-based School Choice Ohio says it has long obtained the information through public records requests to districts around Ohio. It then uses the data to alert parents to scholarships – sometimes referred to as vouchers – that poor students and others can use to attend private institutions in the state.
After providing the information in the past, Springfield city schools is now refusing to hand over the data.
Read more on ABC13.
[From the article:
"The Court should reject Springfield's cynical attempt to avoid competition and preserve its state funding by keeping its students and their families ignorant of their options under Ohio law," Movius said.
Up to 60,000 scholarships are available this year, worth up to $5,000 for high school students or $4,250 for those in kindergarten through eighth grade. But fewer than a third of the scholarships are actually used.

'cause lobbyists know best?
Drone Lobbying Heats Up on Capitol Hill
The last time Congress weighed in on rules for nonmilitary drones, in 2012, the flying machines were hardly a hit with consumers. And companies said little about using them for commercial purposes.
Now Congress is set to make a stand again. But this time, hundreds of thousands of recreational drones are in use, and companies like Amazon have their hearts set on using drones to deliver packages — and they are taking their case to Capitol Hill.

Perhaps if there was a free public source, like maybe a website?
Clinic Works With Law Scholars to Argue Against Copyright in Legal Codes
by Sabrina I. Pacifici on Jan 24, 2016
Cyberlaw Clinic – Harvard Law School – [January 16, 2016], “the Harvard Law School Cyberlaw Clinic, on behalf of a group of esteemed law scholars, filed an amicus brief (pdf) in the United States District Court for the District of Columbia in American Society for Testing and Materials (ASTM) v. Amici argue in the brief that model codes incorporated into law are not, and should not be, copyrightable. Several standards developing organizations (SDOs) – including ASTM, the National Fire Protection Association (NFPA), and the American Society of Heating, Refrigerating, and Air Conditioning Engineers (ASHRAE) – filed the lawsuit against Public Resource back in 2013, alleging copyright and trademark infringement. After a lengthy discovery process, the federal District Court in D.C. is currently considering motions for summary judgment from both parties.”

2016 will be the year of conversational commerce
… Before I begin, I want to clarify that conversational commerce (as I see it) largely pertains to utilizing chat, messaging, or other natural language interfaces (i.e. voice) to interact with people, brands, or services and bots that heretofore have had no real place in the bidirectional, asynchronous messaging context. The net result is that you and I will be talking to brands and companies over Facebook Messenger, WhatsApp, Telegram, Slack, and elsewhere before year’s end, and will find it normal. Indeed, there are several examples of this phenomenon already, but those examples are few and far between, and fit in a Product Hunt collection rather than demand an entire App Store (wait for it).

Interesting graphics!
Advocacy group documents privatizing of US criminal justice system
by Sabrina I. Pacifici on Jan 24, 2016
Via In the Public Interest – “Today, private companies hold contracts that allow them to profit from all corners of America’s criminal justice system. Consequently, many people charged with crimes are exposed to the profit-seeking of companies every step of the way, from entering the system to being released. These graphics depict the possible paths of people charged with different offenses, revealing the various privatized services provided by the corrections industry…”

Eventually, all that computing in the cloud ties back to brick & mortar data centers.
Facebook Expanding To Ireland With Second European Data Center Coming Near Dublin
… Facebook opened its first European data center in Sweden in 2013.
… According to a press release from Tim Cook's company in February 2015, Apple will open two data centers in Europe, with one of them in Athenry, County Galway, Ireland. Both data centers will span over 166,000 square meters (1,787,000 square feet) and should start functioning in 2017.

For my Data Management class.
What do you do when you need to ensure data can be stored, shared and retrieved not for just the next five years, but for the next one hundred? I recently stumbled across a system called iRODS (integrated rule-oriented data system) that’s currently in use at multiple government and research organizations to solve this long-term data management problem. iRODS, open sourced under the BSD license, consists of four components or features:
  • Storage virtualization, typically through a storage gateway, but JBOD configurations are support.
  • Data discovery using standard and user-defined metadata. Future releases will support discovery on data content via ElasticSearch.
  • Workflow automation through a rules engine microservice supporting event-triggered process automation.
  • Secure collaboration via a data federation capability.
… Today, no vendors offer support for, or a commercial product based on, iRODS.

Einstein said time is relative. Dilbert provides an example.