Saturday, February 13, 2016

It could be a hack for ransom or it could be a terrorist testing a new tool. We had better find out which.
NBCLA reports:
A Southern California hospital was a victim of a cyber attack, interfering with day-to-day operations, the hospital’s president and CEO said.
Staff at Hollywood Presbyterian Medical Center began noticing “significant IT issues and declared an internal emergency” on Friday, said hospital President and CEO Allen Stefanek.
A doctor who did not want to be identified said the system was hacked and was being held for ransom.
Read more on NBCLA. There is no statement on the hospital’s web site at the time of this posting, and I don’t see where there are any tweets from entities claiming responsibility for the hack.
[From the article:
The unnamed doctor said that departments are communicating by jammed fax lines because they have no email and that medical office staff does not have access to email.
The computers are essential for documentation of patient care, transmittal of lab work, sharing of X-rays and CT scans, the doctor said. Also, previous medical records for patients who have been admitted previously and who are newly admitted are inaccessible, "very dangerous."
Many patients there were transported to other hospitals.

And here I thought any conversation between an attorney and client was privileged. I guess in Missouri you have make prior arrangements. Interesting article.
The Intercept follows up on its earlier report in which a hack of Securus revealed that 70 million phone calls had been recorded – many involving what should be privileged communications between attorneys and their clients.
Jordan Smith and Micah Lee report:
The Intercept’s analysis, to the contrary, estimated that the hacked data included at least 14,000 records of conversations between inmates and attorneys. In the wake of the story’s publication, we informed Bukowsky that her phone number had been found among the records and provided her a spreadsheet of the calls made to her office — including the name of the client and the date, time, and duration of the calls. In turn, Bukowsky searched her case files for notes and other records, ultimately confirming that at least one call with McKim — which was prearranged with the Missouri DOC to be a private attorney call — was included in the data. The privileged call, more than 30 minutes long, was made at the height of Bukowsky’s preparations for McKim’s hearing. A unique recording URL accompanied each of Bukowsky’s calls included in the data, suggesting that audio had been recorded and stored for more than two years — and ultimately compromised by the unprecedented data breach.
Read more on The Intercept.

See? Double secret probation is not adequate. You actually have to tell someone and take appropriate action!
Shawn E. Tuma writes:
When an employer intends to keep a network folder restricted from employees, but fails to (1) objectively communicate this intention or (2) secure the folder from general access, an employee who accesses the folder and takes data from it does not violate the Computer Fraud and Abuse Act (CFAA), even if he does so for an improper purpose.
In Tank Connection, LLC v. Haight, 2016 WL 492751 (D. Kan. Feb. 8, 2016), the court granted the former employee’s motion for summary judgment against the employer’s CFAA claim.
Read more on the Cybersecurity Law Blog.

What is it with teenage hackers in the UK?
Cops arrest teen for hack and leak of DHS, FBI data
A 16-year-old boy living in England has been arrested in connection with the recent hack of FBI and DHS data, as well as the personal email accounts of CIA director John Brennan and homeland security chief Jeh Johnson.
Fox has confirmed that British authorities have arrested the still- unnamed teen with help from the FBI and that they are looking for possible accomplices.
The alleged hacker had told Motherboard webzine that he had swiped the names, titles and contact information for 20,000 FBI employees and 9,000 Department of Homeland Security employees. He told Motherboard this was possible through a compromised Department of Justice email.
Authorities believe this is the same hacker who compromised the private email accounts of Brennan and Johnson in October, though officials say neither man used these accounts for government use.

(Related) Is this serious or script-kidde hyperbole?
DOJ Hacker Also Accessed Forensic Reports and State Department Emails
… The hacker also took several screenshots while he was inside the Department of Justice’s intranet, highlighting what a serious data breach this really was. However, the obtained cache is much smaller in size than the 200GB originally claimed, totaling only around 20MB, and it has not been publicly released. It is not totally clear whether the hacker downloaded more data than what has been shared with Motherboard.
… According to CNN's report of the arrest, investigators found that the hacker had reached sensitive documents such as those related to investigations and legal agreements. The cache of files obtained by Motherboard seem to support that.
The hacker also seemingly downloaded just under 400 emails from the State Department. However, many of these appear to be from the HR division, and are marked as unclassified.

Try to keep up.
2015 Reported Data Breaches Surpasses All Previous Years
We are pleased to release our Data Breach QuickView report that shows 2015 broke the previous all-time record, set back in 2012, for the number of reported data breach incidents. The 3,930 incidents reported during 2015 exposed over 736 million records.
Risk Based Security’s newly released 2015 Data Breach QuickView report shows that 77.7% of reported incidents were the result of external agents or activity outside the organization with hacking accounting for 64.6% of incidents and 58.7% of exposed records.

I suspect we have already crossed this line. Interesting article, if a bit too late.
Voter targeting becomes voter surveillance
Political candidates have always done everything in their power to target voters. But in the current election cycle, with primary election season officially under way, technology is giving them a lot more power than before.
It is at the point where privacy advocates are referring to it as “voter surveillance.”
… What is new, and more ominous, according to Evan Selinger, senior fellow with the Future of Privacy Forum and a professor at Rochester Institute of Technology, is what he calls, “an asymmetry of knowledge.
“Average voters have no idea how much information campaigns have compiled on them and how fast a dossier can be updated,” he said. “If they did know, they might object to some of it being taken out of its original context of use, and being put to new use as political fodder.”
That is also one of the major arguments in an article titled “Engineering the public: Big data, surveillance and computational politics” by Zeynep Tufekci, who wrote that while the Internet has enabled much more powerful social movements due to “horizontal communication” that can connect people throughout nations and the world, those same digital technologies, “have also given rise to a data-analytic environment that favors the powerful, data-rich incumbents.”
… The title of a 2012 paper published by the University of Pennsylvania’s Annenberg School for Communications summed it up rather bluntly: “Americans Roundly Reject Tailored Political Advertising.”
… There is also the potential security problem. Colin J. Bennett, in an article titled “Trends in Voter Surveillance in Western Societies,” wrote that sensitive voter data, “can be put in the hands of multiple volunteers and campaign workers, who may have no privacy or security training.

Ah the French. It's like they have a whole different legal system. Could we ever agree on a “virtual jurisdiction” where the laws are the same for everyone?
French Court Rules Facebook Can Be Sued for Censorship in Nude Painting Case
… Back in 2011, Frederic Durand-Baissas, a 57-year-old teacher from Paris, discovered that his Facebook account had been deleted immediately after he posted a well-known nude painting by 19th century painter Gustave Courbet, called L'Origine du Monde (The Origin of the World).
Durand-Baissas sued the company, demanding it restore his account and pay him 20,000 euros (around $25,000) in damages. Facebook's legal team argued that the case could only go before a court in Santa Clara, Calif., where the company is headquartered, because of a provision in the site's terms and conditions. Last year, a high court in Paris ruled that the case should be heard in France, and last week, a Paris appeals court upheld that decision.

What is the best way? I like the idea of comedians poking holes in their logic, but we probably need multiple avenues of approach
Facebook Adds New Tool to Fight Terror: Counter Speech
Tuesday mornings, Monika Bickert and her team of content cops meet to discuss ways to remove hate speech and violent posts from Facebook Inc., the world’s largest social network. Recently, the group added a new tool to the mix: “counter speech.”
Counter speakers seek to discredit extremist views with posts, images and videos of their own. There’s no precise definition, but some people point to a 2014 effort by a German group to organize 100,000 people to bombard neo-Nazi pages on Facebook with “likes” and nice comments.
… Members also debated how to raise the visibility of counter speech on Facebook and Instagram. Once such content is created, “How do you get it to the right people?” Ms. Bickert asked.
… Facebook also has provided ad credits of up to $1,000 to counter speakers, including German comedian Arbi el Ayachi. Last year, Mr. el Ayachi filmed a video to counter claims from a Greek right-wing group that eating halal meat is poisonous to Christians. The one-minute video “was our take on how humor can be used to diffuse a false claim,” Mr. el Ayachi said.

The Amazon-Netflix Alliance
Netflix has completed its "cloud transition" to cloud services.
… Netflix now accounts for 37% of the Internet's traffic during peak viewing times - you can think of it as the 900-pound gorilla of Internet streaming. But after a seven-year transition, during which it did everything it could have done, technically, to reduce its dependence on Amazon Web Services, Netflix is signaling that it's more dependent than ever.
… Facebook bit the bullet on this years ago, and began building its own cloud data centers, using cash flow from its basic business to do so. Alphabet can easily afford the $1 billion/quarter cost of being in the game from its search business, and now from YouTube revenue. Microsoft has used software as an ante into the cloud game, and Apple is now investing the necessary cash to get into it, according to Oppenheimer analyst Tim Horan.
But Amazon's lead now has less to do with raw capital power and more to do with hard-won lessons learned in making that investment. Cloud has consolidated, and Amazon is the winner.
… Amazon has several billion-dollar "competitors" who use its delivery infrastructure to serve their customers. It has many other companies using its payment infrastructure, especially now that sales taxes on online sales are becoming routine, raising the cost of compliance beyond what many small players can afford.
Amazon is an infrastructure company. Do not analyze it as a retailer. Do not analyze it as a streaming company. Don't even analyze it based on cloud revenues. Amazon is infrastructure, infrastructure on which global commerce is increasingly dependent.

For my Data Management students.
How GM Uses Social Media to Improve Cars and Customer Service
… Because of the exponential growth of social media in recent years, and the fact nearly half of U.S. social media users actively seek customer service through social media, according to Nielsen and McKinsey Incite, we’ve made getting globally aligned one of GM’s priorities.

Another week of things worth knowing?
Hack Education Weekly News
… “A Florida proposal requiring public high schools to offer virtual or in-person computer science classes – and classifying those courses as foreign language – has passed in the Florida House of Representatives,” Edsurge reports.
… You thought the president of Mount St. Mary’s comment about treating struggling students bunnies needing to be drowned was bad? Oh man. It’s gotten worse. The provost who challenged the president’s retention plans has been fired, as have two professors (one tenured) – charged with “lack of loyalty,” whatever the hell that means. The school’s accreditor says it’ll investigate. The latest (at time of publishing) from The Chronicle of Higher Education: “Mount St. Mary’s Tells Tenured Professor It Fired That He Remains on the Payroll but Is Suspended.” “Tenure Protects Nothing,” Slate’s Rebecca Schuman concludes.
Via the News Tribune: “A $100 million computer software system for Washington’s 34 community colleges is so far behind schedule and operating so poorly that it will likely cost another $10 million before it’s installed in all schools.”

I'll teach spreadsheets again in the Spring.
35 Everyday Microsoft Excel Keyboard Shortcuts for Windows & Mac

I learned a bit, but not too much.
The Perfect Email
Okay, here’s a little test. See if you can decide which email is most likely to elicit a response:
1. Hey, I was thinking about you earlier. Do you want to get pizza?
2. Hey, I’d definitely like to get together next week. Do you want to get pizza?
3. Hey, it would be really great to see you and catch up. Do you want to get pizza?
4. Hey! It would be absolutely wonderful to see you! Do you want to get pizza? I’m so excited!
The correct answer is—drumroll—the second one. It’s in the Goldilocks zone of email tonality: not too positive, not too negative, not flat-out neutral. Just right. That’s according to a new analysis by the email-efficiency service Boomerang. The company anonymized and aggregated data from more than 5.3 million messages, and figured out which qualities made an email most likely to prompt a response.
… Boomerang found that emails that were slightly positive or slightly negative were most likely to get responses. Asking a couple of questions is good, but more than three starts working against you. “Flattery works, but excessive flattery doesn’t,” they wrote in a blog post about the findings.
… So, you know, play it cool. But not too cool. Also, no need to write long. The optimum length for an email is 50 to 125 words.

Friday, February 12, 2016

“Or it may all be gibberish. It's hard to tell.”
A Worldwide Survey of Encryption Products
by Sabrina I. Pacifici on Feb 11, 2016
“In this paper, [available for download as part of the Berkman Publication Series on SSRN at:] which is modeled on a similar effort in 1999 by researchers from George Washington University, Berkman Fellow Bruce Schneier and collaborator Kathleen Seidel together with Harvard College student Saranya Vijayakuma identify and survey 865 encryption products from 55 different countries, 546 of them from outside the United States. In contrast, the 1999 survey found 805 encryption products from outside the US. Very few products from the earlier survey appear in the new one, indicating much change in this market over the last 17 years. The new survey also identified 587 entities that sell or give away encryption products, and of those, two-thirds are outside the US. Schneier argues in the paper that the survey findings call into question the efficacy of any US mandates forcing backdoors for law-enforcement access. He asserts that they show that anyone who wants to avoid US surveillance has hundreds of competing products to choose from. The report findings indicate that foreign products offer a wide variety of secure applications—voice encryption, text message encryption, file encryption, network-traffic encryption, anonymous currency—providing the same levels of security as US products do today. Additional findings include:
  • The most common non-US country for encryption products is Germany, with 112 products. This is followed by the United Kingdom, Canada, France, and Sweden, in that order.
  • The five most common countries for encryption products—including the US—account for two-thirds of the total. But smaller countries like Algeria, Argentina, Belize, the British Virgin Islands, Chile, Cyprus, Estonia, Iraq, Malaysia, St. Kitts and Nevis, Tanzania, and Thailand each produce at least one encryption product.
  • Of the 546 foreign encryption products we found, 56% are available for sale and 44% are free. 66% are proprietary, and 34% are open source. Some for-sale products also have a free version.
  • At least 587 entities—primarily companies—either sell or give away encryption products. Of those, 374, or about two-thirds, are outside the US.
  • Of the 546 foreign encryption products, 47 are file encryption products, 68 e-mail encryption products, 104 message encryption products, 35 voice encryption products, and 61 virtual private networking products…”

Hey! There's a lot of money to be made here!
Zenefits Is Under Investigation By Regulators In California
The California insurance commissioner is expected to announce on Thursday an investigation into the business practices of Zenefits, the richly valued human resources startup whose CEO resigned this week in the wake of compliance failures.
… Evidence of compliance failures at Zenefits was first uncovered by BuzzFeed News. Last fall, our investigation found that Zenefits repeatedly failed to enforce legal requirements that anyone selling a health insurance policy have an appropriate state license. The Washington state insurance commissioner is examining whether Zenefits operated there without licenses.
In a followup report last week, we revealed that 83% of Zenefits’ insurance deals in Washington state through August 2015 were done by employees without necessary state licenses.

Zenefits Software Helped Brokers Cheat On Licensing Process
Zenefits, the $4.5 billion startup whose CEO resigned this week, created a secret software tool to let California sales reps fake the completion of an online training course that health insurance brokers must take before getting a license, according to an email sent to staff on Thursday.
The program, known as a macro, made it appear that aspiring health insurance brokers were completing a mandatory online course, while in fact allowing them to spend less than the legally required 52 hours on the training, said David Sacks, who took over as Zenefits CEO this week, in the staff email.
After they faked the training course, sales reps were directed to sign a certification, under penalty of perjury, that they had spent the required 52 hours doing the work, a lawyer for Sacks told BuzzFeed News.

An extremely interesting map.
The Facebook Primary
If Facebook likes were votes, Bernie Sanders would be on pace to beat Hillary Clinton nationwide by a nearly 3-to-1 margin and Donald Trump to garner more support than Ted Cruz and Marco Rubio combined. Anything seems possible this year, but, still, be careful how you interpret these numbers: Facebook likes are not votes.
According to the Pew Research Center, 58 percent of American adults use Facebook. But this share is not a representative sample of the country — Facebook users are disproportionately young (although not as young as users of other social media networks), low-income and female. And the sample may be even more skewed because only some people on Facebook have liked a presidential candidate's page and because those pages haven't existed for the same amount of time.

I bet they can't wait for self-driving cars.
Uber to pay $28 million to settle safety lawsuits
Uber has agreed to pay $28.5 million to settle a pair of class-action lawsuits that allege the ride-hailing company misled users about the safety of its service.
The settlement announced Thursday would require Uber to divide up the settlement to 25 million riders in the United States. That means each rider would only be eligible for a small rebate.
The terms still must be approved by a judge.
The news Thursday afternoon stems back to a pair of court cases filed back in 2014. In those cases, plaintiffs accused Uber of unlawful and unfair business practices related to its "Safe Rides Fee," which currently stands at $1.35 in D.C. but varies by city.
The complaints against Uber noted that Uber did not use fingerprint identification to background check its drivers. The complaint also alleged that the "Safe Rides Fee" was not used at the time of the complaint to provide regular car checks, driver safety or launch any nationwide safety features.
As part of the settlement, Uber said it would rename the "Safe Ride Fee" as a "Booking Fee."

What a shock!
Women Also Know Stuff
by Sabrina I. Pacifici on Feb 11, 2016
Women Also Know Stuff: “So often while planning a conference, brainstorming a list of speakers, or searching for experts to cite or interview, it can be difficult to think of any scholars who aren’t male. We’ve all been there… you just know that a woman has got to be studying that topic… but who? This site is intended to provide an easily accessible database of female experts in a variety of areas. This site was created and is maintained by political scientists and, as such, focuses on politics, policy, and government, but also on methods in the social sciences. (We’re certain that women know stuff in other fields too, though!)
Please submit your information to WomenAlsoKnowStuff using the Google Form linked below:

Microsoft's latest iPhone app can identify your dog's breed based on a photo
Microsoft introduced a new app on Thursday that anyone with a dog should play with because it's a lot of fun.
It's called Fetch!, and it's available for iPhones and on the web. It uses artificial intelligence techniques to classify images of real-world dogs into breeds. On the web, users can upload a photo of a dog, or you can take a picture of your pet using your phone's camera.

(Related) I am not amused!
Drop everything. Microsoft wants to tell you what dog your face is
… Should you go to, you will find such glorious entertainment that your day will be complete. The site invites you to upload a picture, then it tells you what dog your (or someone else's) face is.
… Donald Trump is a Siberian Husky. That might explain his deep respect for Vladimir Putin. Peyton Manning is a Golden Retriever. I didn't know Retrievers drank Budweiser. Miley Cyrus is an English Cocker Spaniel: Outgoing; needs to be told again and again.

The Best 13 Informative Resources for Studying Shakespeare
… This list of resources will take you further than simply reading Sparknotes on the subject. They will help you get to grips with The Bard (as he was called), and to understand what enabled him to stand the test of time as well as he has.

Thursday, February 11, 2016

How big a loss is this?
Google Will Further Block Some European Search Results
… The American technology giant will soon remove certain disputed links from all of its domains, including, when people in Europe use its online search engine, according to a person with direct knowledge of the matter. The person spoke on the condition of anonymity because he was not authorized to discuss the matter publicly.
The links to be removed are those that people have successfully petitioned Google or a national regulator to have blocked because of privacy concerns.

Uber is that big a threat?
Ford is launching an on-demand bus service in Kansas City
Public transportation in Kansas City is about to get a lot brand-ier. Next month, Ford is teaming up with Bridj, a data-driven pop-up bus company, and the Kansas City Area Transportation Authority (KCATA) to roll out a fleet of shuttle vans that residents can summon with the tap of an app. Ten Ford Transit shuttle buses, manufactured in Kansas City and sporting both Ford and Bridj's logos, will start picking up and dropping off passengers in those KC neighborhoods underserved by existing public transportation.
This is how it will work: Kansas City residents call up the Bridj app (available in iOS and Android), input their location and their destination, and then choose from a list of available prearranged times that one of Ford's shuttles will arrive at a nearby pop-up bus stop. By selecting one of the times, the rider is reserving a seat on that shuttle, each of which can only carry 14 passengers.
… Ford is not the only legacy automaker to dip its toes into ridesharing and public transit. Last month, General Motors announced it was launching a new car-sharing service called Maven in Ann Arbor, Michigan. This spurt of activity is meant to signal that the auto industry does not intend to let Uber, Lyft, and all those millennials trending away from car ownership and toward ride- and car-sharing negatively effect into its bottom line.

Tools & Techniques. Gather your documents.
More than a year ago, I shared to you Genius Scan, a portable scanner app. There is also a similar app called Tiny Scanner which is both available as iOS and Android Apps.
Tiny Scanner is an app that turns your iOS or Android device into a portable scanner by letting you take a photo of a document and saving it as PDF or as images.

Wednesday, February 10, 2016

How to win friends and influence Congress?
US intelligence chief: we might use the internet of things to spy on you
The US intelligence chief has acknowledged for the first time that agencies might use a new generation of smart household devices to increase their surveillance capabilities.
… In an appearance at a Washington thinktank last month, the director of the National Security Agency, Adm Michael Rogers, said that it was time to consider making the home devices “more defensible”, but did not address the opportunities that increased numbers and even categories of connected devices provide to his surveillance agency.
However, James Clapper, the US director of national intelligence, was more direct in testimony submitted to the Senate on Tuesday as part of an assessment of threats facing the United States.
In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” Clapper said.

Intelligence chief warns of threats from AI
… “Implications of broader Al deployment include increased vulnerability to cyberattack, difficulty in ascertaining attribution, facilitation of advances in foreign weapon and intelligence systems, the risk of accidents and related liability issues, and unemployment,” Director of National Intelligence James Clapper will say at a Senate Select Committee on Intelligence hearing, according to prepared remarks.
Clapper will also say that “Al systems are susceptible to a range of disruptive and deceptive tactics that might be difficult to anticipate or quickly understand” and will cite instances in which the use of artificial intelligence has caused fluctuations in the stock market.

Joe Cadillic writes:
Coming to an apartment and home near you, “smart’ sensors that spy on everything we do.
According to the video, IOTAS’s CEO, Sce Pike claims their surveillance technology allows your home to know you and become your ALLY! If spying on us in our homes is considered our ally then I’ve got a ‘bridge‘ to sell you in Arizona. Fyi, IOTAS is also dba as
IOTAS partners with property developers and owners, to install apartments with smart outlets, light switches, and motion sensors before they’re rented. The typical IOTAS apartment has about 40 sensors in it!
Good luck trying to op-out of a “smart” apartment filled with over 40 surveillance devices. Sorry, I meant 40 “smart” sensors. Esource, reveals how truly invasive IOTAS’s “smart” sensors really are…
Read more on MassPrivateI.

This never happens in my Ethical hacking classes. (Wink, Wink) Makes a good hypothetical though.
WINK News reports:
The Florida Department of Law Enforcement is now investigating after one man allegedly hacked in to the Lee County’s Supervisor of Elections website.
Dan Sinclair, who is running for Supervisor of Elections, says his friend, David Levin, accidentally hacked in to the website. Sinclair and Levin posted a video online showing the hack and say they presented the information to current Supervisor of elections Sharon Harrington. Sinclair said his friend, Dave Levin, was trying to show how a good website should be secure then accidentally hacked into the Supervisor of Elections site.
Levin works for a cyber security company and is the former campaign manager for April Freeman. He said he is bracing for possible criminal charges.
Read more on WINK.
[From the article:
No voter information was comprised, according to Lee County Supervisor of Elections Sharon Harrington. She said Levin hacked into an old server and is working with Sinclair to make her look bad before elections.
“Our system is safe,” Harrington said. “The server had no pertinent information, not anything of any value.”
But in a video posted online, Levin shows how he was able to obtain Harrington’s login information.

Camera angles are everything?
Cristian Farias reports:
A federal appeals court on Monday ruled it is not unconstitutional for law enforcement to set up a camera on a public utility pole and record a suspect’s moves for 10 weeks straight.
Such warrantless recording is permitted, the U.S. Court of Appeals for the 6th Circuit said, because people have “no reasonable expectation of privacy in video footage recorded by a camera that was located on top of a public utility pole and that captured the same views enjoyed by passersby on public roads.”
Read more on Huffington Post.

...and they may learn which doors to knock on next fall. Behavioral advertising – grouping Hillary and Trump because of NASCAR?
Donovan Slack reports:
Who needs exit polls when you can track caucusgoers’ phones?
That’s what one company did. Dstillery, which has been called “Picasso in the dark art of digital advertising,” turned its intelligence-collection capabilities to the Iowa caucuses last week.
The company used location data to identify more than 16,000 devices at caucus locations across the state.
“We can take a population in a discrete location — in this case a polling, a caucus site — and sample that population and go and then look at characteristics of that population that no one’s been able to discern before, because we have this incredibly rich behavioral view of American consumers based on all the digital behaviors we observe,” Dstillery CEO Tom Phillips said in an interview.
Read more on USA Today.
[From the article:
The company could not tell how individual caucusgoers came down by candidate but could determine, in counties decisively won by certain candidates, the dominant online behaviors of attendees:
  • Caucusgoers who were expecting a child or had a young baby tended to be Republican, and they showed up in greater numbers where Florida Sen. Marco Rubio was victorious.
  • Other family behaviors – those associated with both working and stay-at-home parents, buyers of kids’ clothing and back-to-school supplies – were high at caucus sites that went to Texas Sen. Ted Cruz. On the Democratic side, they were split between Hillary Clinton and Sen. Bernie Sanders.
  • Caucusgoers in counties won decisively by Donald Trump tended to have stronger household interests – grillers, do-it-yourselfers, lawn and garden and hardware. He didn't do well with business leaders — those whose online behavior indicates they are business owners or executives. More of those folks showed up where Rubio support was decisive.
  • Sports fans (NCAA, NFL, NBA, NHL, baseball and fantasy leagues) showed up in greater numbers at caucuses won by Rubio and Sanders. NASCAR fans, however, correlated with Trump and Clinton support.
  • Techies – information-technology decision-makers and technology buyers – correlated with Rubio and Sanders support.
In a harbinger of more (slightly spooky) technologies that could be ahead for political campaigning — if they aren't already in use — Dstillery also cross-referenced which devices had been used on university campuses during the previous two weeks to determine how many caucusgoers were students — roughly 5.4%, according to the analysis. And those voters showed up in greater numbers where Sanders and Rubio scored decisive wins.
Phillips said caucusgoers should not be concerned that their privacy was compromised.

How many games does this change? Transportation companies can eliminate all those union truckers? Car Rental agencies could rent to anyone, not just licensed drivers. Insurance premiums would be based on how smart (accident free?) your software is? Google might assume some liability for accidents?
Google Cars Just Got a Major Boost From U.S. Vehicle Regulators
… Google‘s self-driving car unit on Nov. 12 submitted a proposed design for a self-driving car that has “no need for a human driver,” the letter to Google from National Highway Traffic Safety Administration Chief Counsel Paul Hemmersbaugh said.
“NHTSA will interpret ‘driver’ in the context of Google‘s described motor vehicle design as referring to the (self-driving system), and not to any of the vehicle occupants,” NHTSA’s letter said.

Well, that didn't take long.
Iran Violates UN Resolution with New Ballistic Missile Program
Despite the short span of time since Western (including US) economic sanctions on Iran have been lifted, the Islamic Republic has announced it will upgrade its Emad missile. Because it is capable of carrying nuclear warheads, the United States charged that the test firing of the Emad in October violates a United Nations Resolution. Accordingly, the US imposed new sanctions on Iran, but it appears to be a futile gesture as Tehran promises to fast-track development of the weapon starting in March. It is also receiving the Russian S-300 batteries that were delayed until the deal with the West could be completed. The American sanctions also appeared weak as they targeted some individuals and companies but avoided any direct confrontation with the government itself despite the numerous assertions by President Obama and Secretary of State Kerry that violations of resolutions by the Iranian government would warrant swift and serious response. It’s also been reported that Iran is negotiating purchase of sophisticated Sukhoi-30 fighter jets from Russia.

Now that annoying song will be everywhere!
Warner to Pay $14 Million Settlement in 'Happy Birthday' Lawsuit
Finally bringing the fight to an end, Warner Music Group will officially give up its rights to the most recognized song in the English language -- “Happy Birthday to You.”
Ending the legal dispute that began in 2013, the company will pay a $14 million settlement to those who previously paid fees to use the song, reports The Los Angeles Times.
The payment comes as a result of U.S. District Judge George H. King’s ruling in September stating the company didn’t have a valid copyright since it never appropriately acquired the rights for the song. In an effort to avoid trial in December, lawyers from both sides agreed on a settlement and made “Happy Birthday to You” public domain, according to Hollywood Reporter.

Interesting. I didn't know it was popular in China. The first deal must have failed or maybe it's a misprint.
Qihoo 360-Led Chinese Consortium Makes $1.2 Billion Offer for Opera
A consortium of Chinese investors including security software firm Qihoo 360 Technology Co. has agreed to pay $1.2 billion to buy Norwegian browser maker Opera Software AS A.
The consortium offered 71 Norwegian krone per share for Oslo-based Opera Software, representing a premium of about 56%
… The deal comes as Qihoo 360 is in the process of delisting from New York after agreeing to a buyout by a consortium including its chairman for $9 billion in December.
Opera Software, known for its series of Opera Web browsers, said it expects revenues of $690 million to $740 million this year, compared with $616 million in 2015.
… The deal is the latest in a wave of outbound acquisitions by Chinese companies this year amid China’s slowing economy and falling currency. Chinese firms have made more than $60 billion worth of takeover offers in 2016, including China National Chemical Corp., known as ChemChina, which recently agreed to pay $43 billion to buy Swiss pesticide maker Syngenta AG.
Opera Software was set up in 1994 as a research project within Norway’s biggest telecom provider, Telenor ASA. Opera is the world’s sixth-biggest online browser with a market share of about 5.7% in the fourth quarter, according to Statfinder.

Purely for the amusement value…
Group restarts tool tracking deleted tweets of US politicians
The Sunlight Foundation's tool to catch and save the deleted tweets of lawmakers and political candidates is back online in the United States.
In late December, Twitter came to an agreement with a group of transparency groups to allow the tool, known as Politwoops, to restart — a reversal after the social media company last year essentially killed it off for violating its terms of service.
… The Open State Foundation, which runs the tool in dozens of other countries, restarted its tool back in early January. But the United States version, run by the Sunlight Foundation, had not been active until Tuesday.
… After years of allowing Politwoops to operate, Twitter last year unexpectedly revoked use of its application program interface (API), which gave access to Twitter's stream and allowed developers to build the deletion archive around it.
Twitter justified the move by saying the Politwoops tool violated its privacy terms of service, but the explanation received harsh blowback from those who said the tweets of public officials should warrant an exception. Twitter's new guidelines offers that exception.

Because it's predictive?
Which Presidential Candidates Have Spent The Most On Dunkin' Donuts? [Infographic]

Tuesday, February 09, 2016

When is a hack not a hack? When it would embarrass the hackee.
Hackers Get Employee Records at Justice and Homeland Security Depts.
In the latest cyberattack targeting the federal government, an intruder gained access to information for thousands of employees at the Justice Department and the Department of Homeland Security, but officials said Monday that there was no indication that sensitive information had been stolen.
Most of the information appeared to have been culled from internal government directories, including employees’ email addresses, phone numbers and job titles.
… The new breach does not appear to have resulted from an attack using an outside computer to penetrate the system. Instead, officials said, they believe that the intruder impersonated a government employee and used that information to get into other parts of the system.

Scary yes. New? Not so much. But I'll ad the article to my Computer Security student reading list.
Scott Allan Morrison writes:
…. now, new cross-device technologies are enabling the advertising industry to combine all our information streams into a single comprehensive profile by linking each of us to our desktop, mobile phone, and iPad. Throw in wearable devices like a Fitbit, connected TVs, and the Internet of Things, and the concept of cross-device tracking expands to potentially include anything that gives off a signal.
There are two methods to track people across devices. The more precise technique is deterministic tracking, which links devices to a single user when that person logs into the same site from a desktop computer, phone, and tablet.
Read more on Daily Beast.

(Related) Also for my Computer Security students.
It’s time that you – the vulnerable human – brush up on your social engineering skills with Pluralsight
… I’ve just wrapped up Ethical Hacking: Social Engineering and when reflecting on what I should write here, it was honestly hard to know where to even start. I’ll start somewhere that’s familiar to a lot of people – with this:
It’s now four years since I recorded this and it has well over a million views.

All this comes down to “do what you are supposed to do.” Nothing revolutionary.
Report: 100 Ways to Improve Federal Cybersecurity
… The initiative generated 127 recommendations for strengthening federal cyber protections.
In the process of gathering suggestions, a panel ACT-IAC assembled turned up five major factors at work in the federal cyber environment:
  • Not rocket science: While improved technology is crucial, much of what is required for boosting protection is already known but hasn't been fully or properly implemented government-wide.
  • Talk to each other: Cybersecurity experts and federal agency business executives need to improve communications "more directly and diligently" about the connection between cybersecurity and agency missions.
  • Risk and IT connections: It seems logical, but ACT-IAC found that emerging cadres of executive-level risk managers such as chief risk officers and chief data officers need to work with their traditional counterparts in IT, such as agency CIOs.
  • Boosting cyber IQ: Cybersecurity-related training in government is largely deficient. Greater emphasis is needed on competencies, practice sessions and drills, and shared cyber knowledge management.
  • See something, say something: "Enhanced and timely operational information sharing (threats, incidents, solutions and responses) between industry and government" is critical to improving cyber safeguards, ACT-IAC found.
… More generally, contributors to the report noted the potential value to government agencies of the National Institute of Standards and Technology's Framework for Improving Critical Infrastructure Cybersecurity. Issued in 2014, the NIST framework has gotten traction in the private sector as a sound baseline reference for dealing with cyberthreats – and it has relevance to government agencies as well.

(Related) Take your own advice? What a concept!
Danny Yadron reports:
On Tuesday, the White House is expected to announce that it is seeking to hire its first chief information security officer, a role filled at many companies and local governments but one that has long been absent at the federal level, despite complaints for security experts and lawmakers.
Read more on The Guardian.

For the discussion in my Data Management class. It ain't simple.
A simple guide to Facebook’s complicated problem in India
… To participate in Free Basics, these groups have to agree to play by Facebook's rules — what it calls the Free Basics participation guidelines.
… The biggest problem, as the Indian government has said, is that companies who aren't a part of the program could get left behind while others who've hitched their wagon to Facebook get promoted to Indian consumers — for free.
… Some consumer advocates claim Facebook has an even darker agenda: To centralize people's experience of the Web so that, for all intents and purposes, they think Facebook is the Internet.
… Virtually everyone who works on Internet policy is watching this unfold. India is one of the world's biggest potential Internet markets, and its decision marks a turning point in a major struggle for Facebook and other tech companies as they seek to gain more traction in developing countries. It also comes amid an intense debate over the same issue in the United States.

(Related) As goes India, so goes …?
Facebook's India stumble could embolden other regulators
… In Facebook posts after Monday's ruling, founder Mark Zuckerberg said Free Basics was just one part of a larger initiative that includes solar-powered planes, satellites and lasers, and pairing with local entrepreneurs to provide wireless hotspots.
… Facebook could also challenge the ruling in the courts, but a more likely move, said Marc Einstein, Asia-Pacific director at Frost and Sullivan, would be to sit down with the TRAI "to try to come up with a solution that's deemed a little more neutral."

(Related) The French didn't even wait for India. (Perhaps Mark Zuckerberg should have learned French.)
Horia Ungureanu reports:
The French data-protection regulator threatened Facebook with financial sanctions, should the company keep invading the privacy of its own users, as well as others.
The Commission Nationale de l’Informatique et des Libert├ęs (CNIL) published a paper detailing the charges last Monday. The 17-page document points out how Facebook collects and uses information about its users or about others who do even not have a Facebook account.
Read more on TechTimes.

Perhaps tasers should be mandatory?
Study: Suspects shocked by Taser “more likely” to waive Miranda Rights
A new study says the obvious: suspects' brains are briefly scrambled when they are on the receiving end of a Taser stun gun and its 50,000-volt delivery. But the study, "TASER Exposure and Cognitive Impairment: Implications for Valid Miranda Waivers and the Timing of Police Custodial Interrogations," (PDF) questions whether suspects who were just shocked have the mental capacity to validly waive their Miranda rights and submit to police questioning.

I wonder if we could make an App to identify “legal issues” for any technologies? Questions like, “Do you capture images of faces?” would lead to “Right of Publicity” issues, etc. (We really need one for Academia)
Legal Warnings for Small Businesses Using Periscope
… Periscope is a great tool to promote your small business and build your brand. Household brands like Doritos and Red Bull are using Periscope to engage consumers in real time, and so can you. However, as with most things in business, there are some legal considerations that you should think about before you dive into the world of live streaming. Just because everyone is doing it, doesn’t mean you’re not at risk.
Copyright Matters in Live Streaming
Right of Publicity Affects Live Streaming
Trade Secrets and Proprietary Information Should Stay Secret in Live Streaming

Some legal issues are easy to identify.
Ross Todd reports:
A coalition of technology companies is backing Twitter Inc.’s legal push to expand what companies can divulge about government surveillance requests in national security investigations.
In an amici curiae brief filed on Friday, a group that includes the operators of WordPress, Medium, Reddit, and Wikipedia contend that their free speech rights are violated by regulations that permit them to disclose the number of national-security requests they receive, but only in wide bands.
“Reporting national security requests under the rubric approved by the United States government obfuscates rather than illuminates the volume” of requests, wrote Marcia Hofmann of Zeitgeist Law PC on behalf of eight separate organizations.
Read more on The Recorder.

Should laws be written for future possibilities? Does new technology change the underlying basis of a law?
Prominent Authors Join Amicus Brief in Google Book Scanning Case
by Sabrina I. Pacifici on Feb 8, 2016
Via FindLaw via WSJ Law Blog – “Several famous authors filed a brief with the Supreme Court, asking it to hear a lawsuit over Google digital book library. Malcolm Gladwell, Margaret Atwood, Yann Martel, Steven Sondheim and others lent their names to the brief, contending Google is guilty of “massive copyright infringement… One of the writers’ main arguments contends that copyright law and recent court decisions could not have foreseen the growth of the Internet or the mass digitization of millions of documents, written works included. According to the brief, “the technological changes of the past 20 years, especially the mass digitization of works and their easy and fast transmission over the Internet, was never contemplated by either the Congress that enacted the 1976 [Copyright] Act.” The Supreme Court has yet to decide whether it will hear an appeal from the Second Circuit Court’s decision..

So, have a woman write your sales pitch?
Women Raise More Money With Crowdfunding, Research Shows
… Women generally use words that talk about positive emotions -- for example, “excited” and “happy” -- and inclusivity -- such as preferring the pronoun “we” and words such as “together.” That kind of language is associated with crowdfunding campaigns that, all other factors being relatively equal, raise more money, says UC Berkeley Haas School of Business Assistant Professor Andreea Gorbatai.

I might know a few students who could supplement their income this way.
We’re Hiring Now – Available Vacancies
The following positions are available to be filled immediately. If interested, please follow the application instructions below.

Just because this sums things up perfectly.
Cam Newton Never Had A Chance

Monday, February 08, 2016

Have these systems really been hacked? Which would be worse: They really have this data and will dump it OR they found data for thousands of randomly chosen non-FBI individuals but claim the data is accurate.
Joseph Cox reports:
A hacker, who wishes to remain anonymous, plans to dump the apparent names, job titles, email addresses and phone numbers of over 20,000 supposed Federal Bureau of Investigation (FBI) employees, as well as over 9,000 alleged Department of Homeland Security (DHS) employees, Motherboard has learned.
The hacker also claims to have downloaded hundreds of gigabytes of data from a Department of Justice (DOJ) computer, although that data has not been published.
Read more on Motherboard. After the publication of the story, Cox updated it:
Update 8 February 2016: After the publication of this article, a Twitter account with a pro-Palestinian message published the apparent details of the 9,000 DHS employees. The account also tweeted a screenshot supposedly from the Department of Justice computers that the hacker claimed to have accessed.

So, something for nothing is illegal. Everything for nothing is okay? Would everything for something be okay too?
Facebook Faces Setback as India Bans Differential Data Pricing
India’s telecom regulator ruled against cellular operators offering plans that charge different rates for access to the Web depending on the content – a setback to Facebook Inc.’s push for its limited Internet plan in the South Asian nation.
Telecom operators cannot offer discriminatory tariffs for data services based on content, and are not allowed to enter into agreements with Internet companies to subsidize access to some websites, the Telecom Regulatory Authority of India said in a statement Monday.

The Tragedy of Ethiopia's Internet
… The only way to access the internet in Ethiopia is through the government-owned provider, Ethio Telecom, which has unilateral control over the telecom industry. A burgeoning tech scene in neighboring Kenya, which has an internet penetration rate of 69.6 percent, has garnered the name “Silicon Savannah.” But in Ethiopia, the monopoly on internet access has created one of the most disconnected countries in the world.
Only 3.7 percent of Ethiopians have access to the internet, according to the latest data, one of the lowest penetration rates in the world. By comparison, South Sudan, which lacks most basic government services, has an internet penetration rate of 15.9 percent. There are only ten countries with lower internet penetration than Ethiopia. Most of them, such as Somalia and North Korea, are hampered by decades-long civil wars or largely sealed off from outside world.

A backgrounder for my Computer Security and Data Management classes.
Get Ready: How EU's New Privacy Law Will Affect Your Business
… The final text of the GDPR includes the following provisions, as reported by TechCrunch:
  • Anyone involved in processing EU consumer data, including third-party entities involved in processing data to provide a particular service, can be held liable for a breach.
  • When an individual no longer wants his or her data to be processed by a company, the data must be deleted, "provided that there are no legitimate grounds for retaining it."
  • Companies must appoint a data protection officer if they process sensitive data on a large scale or collect information on many consumers (small and midsize enterprises are exempt if data processing is not their core business activity).
  • Companies and organizations must notify the relevant national supervisory authority of serious data breaches as soon as possible.
  • Parental consent is required for children under a certain age to use social media (a specific age within a group ranging from ages 13 to 16 will be set by individual countries).
  • There will be a single supervisory authority for data protection complaints aimed at streamlining compliance for businesses.
  • Individuals have a right to data portability to enable them to more easily transfer their personal data between services.

Is there still value in the education business? Someone seems to think so.
Apollo Education Group, University of Phoenix Owner, to Be Taken Private
Apollo Education Group, the owner of the University of Phoenix and other for-profit educational institutions, said on Monday that it had agreed to be taken private by a consortium of investors in a deal valued at $1.1 billion.
The consortium of investors includes the private equity firms, the Vistria Group, funds affiliated with Apollo Global Management and Najafi Companies. Apollo Education Group is not affiliated with Apollo Global Management.
Under the terms of the agreement, the investor consortium would pay $9.50 a share in cash for the outstanding shares of Apollo Education Group, representing a 44 percent premium over its closing price on Jan. 8, before the company announced that it was exploring strategic alternatives.

Perspective. Is I real or is I Memorex?
Smart Email and the Path to Digital Immortality
I attended IBM Connect last week, where I checked out one of the most interesting products you've likely never heard of – a new email offering called "IBM Verse." While there was a lot of discussion about how it better integrated social networking, what really intrigued me was the idea of putting cognitive computing inside an email client.
"Cognitive computing" is the new way of saying "artificial intelligence," because, you know, the industry likes to change terms every once in a while just to mess with our heads.
… A lot of what we do with email is repetitive. That's why executives in the past rarely handled their own correspondence; their secretaries would do it for them. Secretaries, apprentices or assistants set up meetings, offered birthday wishes, responded to inquiries -- even sent direct messages. They often still do, which makes those roles especially powerful.
The fact is, if you get an email from a politician, chances are pretty good that it wasn't written by that politician. It might not have been written by a human at all -- but rather by some machine regurgitating the same text over and over again, mostly to annoy us.
If you could make an email system smart, it could do not only what secretaries used to do, but also a whole lot more -- and likely better.
… An email system generally will handle most all of your daily correspondence, though, and if it were a smart email system tied into social networking, then over time, it likely would come to know you better than you know yourself.
As it gained insight, it not only could prioritize messages and automatically handle tasks like setting and changing appointments, but also could begin to respond for you, if you let it. You could opt to increase its responsibilities with your oversight.
… Let's push the envelope a bit. There are a number of projects designed to create an immortal digital concept of a person – a digital avatar, if you like. At the core of these projects is some process to capture what makes every person unique. The easiest way to do that would be to mine a person's email for insights into personality, speech patterns, history and knowledge.
By increasingly being able to emulate someone, a smart email system eventually could create a decent digital clone that initially could interact over email, and perhaps with a good sound sample from the individual and the right speech integration, also do a pretty decent job of vocal emulation.
… What IBM Verse does is funnel your email accounts and social network feeds into one client. It then learns to organize your communications based on priority. No more last in first out -- you see your important stuff up front and can blow off your unimportant stuff more easily.

Should I trust this to provide my students with background? Definitions? Could I build an entire textbook?
4 Easy Ways to Export Wikipedia for Offline Use
… Here are four ways to export Wikipedia for various needs.
Using the Book Creator, you can choose any articles you like and turn them into a book. Or, try visiting the book collections page to download books made by others!
If you only need a single article, just click the Download as PDF on the left sidebar of any article (it’s under the Print/export heading).
Those who haven’t yet gone paperless can utilize the Printable version in the same sidebar heading to easily print an article out, perhaps for a friend who doesn’t have Internet access.
Finally, anyone who wants to go big can actually download the entirety of Wikipedia.

Free for everyone. Take note, students.
Google Search Education Online
by Sabrina I. Pacifici on Feb 7, 2016
  • Learn tips and tricks to become a fast and effective fact-finder with Power Searching with Google.
  • Deepen your understanding of solving complex research problems using advanced Google search techniques with Advanced Power Searching with Google.
  • Join a growing global community of Power Searchers.”
[From Google:
This course will run from Monday February, 8th through Sunday, February 21st. But if you can’t make that time, don’t worry, as we’ll be running this class continuously every two weeks until June. The next class will begin on Feb 22, then again on March 7, then March 21, and so on.