Saturday, March 26, 2016

Of course they did. The FBI blithely opened a can of worms and Apple wants to make they examine each one they try putting back in the can.
Citing FBI Hacking Efforts, Apple Requests Judge Delay Brooklyn iPhone Data Case
Apple wants a judge to delay government demands for data from a locked iPhone in a Brooklyn drug case while the FBI sees if it can get contents from a San Bernardino attacker’s phone without Apple’s help.
… Zwillinger said the Brooklyn case will be affected by the outcome in California regardless of what the Justice Department concludes regarding its methods of obtaining data without Apple’s help.
He said if the same method can be used to unlock the iPhone in the Brooklyn case, Apple’s assistance will no longer be needed. He added that Apple will seek to test any claims by the government that the method cannot work on the iPhone in Brooklyn or claims that other methods cannot be used.
The government is scheduled to update a California magistrate judge on April 5 about its efforts to access iPhones without the company’s assistance.

Not earth shaking, but amusing.
Shawn E. Tuma writes:
The Dallas Court of Appeals recently decided a civil case involving claims under Texas’ unauthorized access of computer law that provides some helpful guidance for this relatively new law that has very little case law construing it. The 3 takeaways that follow are the key legal principles that apply to this law as set forth in the case Miller v. Talley Dunn Gallery, LLC, 2016 WL 836775 (Tex. App.–Dallas, Mar. 3, 2016).

Not all that horrible.
The Dangers of Facebook Cozying Up to Beijing
Mark Zuckerberg’s Beijing publicity stunt was as craven as it was brilliant. There he was, the Facebook founder and his entourage jogging through smoggy Tiananmen Square not wearing a facemask less promotionally-minded runners wouldn’t dream of leaving home without.
The message from Zuckerberg’s gesture, and his meeting with Beijing’s propaganda minister, was impossible to miss: we at Facebook are so anxious to “friend” China that we’re willing to depart from the normative behavior we exercise everywhere else.
… The only way Facebook operates in Xi’s China is as a pawn in his censorship push.
… As I’ve argued before, China needs Zuckerberg’s blue and white pages and “like” buttons more than his company needs the No. 2 economy. It’s impossible for China to become an innovative powerhouse when its best minds are excluded from the mediums entrepreneurs everywhere else use to share notes, debate and test ideas. Social media platforms are where these conversations rage and crowdsourcing that drives change, sparks new industries and speaks truth to power thrives.
… It’s reasonable to expect, for example, that Facebook would need to partner with a local tech operation. Here, think LinkedIn entering China with the help of two joint ventures or Japanese messaging service Line connecting via Qihoo 360. Beijing is sure to demand client data be housed in China to allow ready government access. Also, Facebook would probably need to help Beijing delete posts it finds even remotely objectionable. Good luck, for example, enjoying the usual Facebook barrage of birthday greetings if you were born on June 4, the anniversary of the Tiananmen crackdown. Singer Taylor Swift walked into a political maelstrom when she named an album “1989,” the year Tiananmen went down. China uses sophisticated algorithms to flag words, dates and public figures it finds threatening to the state.
Chinese messaging apps like WeChat and the Twitter-esque Sina Weibo are policed aggressively, but they’re largely domestic and Mandarin-based. Facebook would be quite the wildcard as it connects mainlanders to more than 100 foreign tongues around the globe with its group pages.

There are limits and then there are people who ignore the limits. Hackers will always be attracted to free Internet access.
Angola’s Wikipedia Pirates Are Exposing the Problems With Digital Colonialism
Wikimedia and Facebook have given Angolans free access to their websites, but not to the rest of the internet. So, naturally, Angolans have started hiding pirated movies and music in Wikipedia articles and linking to them on closed Facebook groups, creating a totally free and clandestine file sharing network in a country where mobile internet data is extremely expensive.
… In 2014, Wikimedia partnered with Angolan telecom provider Unitel to offer Wikipedia Zero to its customers. Wikipedia Zero is a somewhat-controversial program that “zero rates” Wikipedia and other Wikimedia properties (such as image and video database Wikimedia Commons) on mobile phones in developing countries, meaning customers don’t have to pay for any data use on the Unitel network, as long as the data use is associated with a Wikimedia domain.
… Facebook’s program, called “Free Basics,” has come under fire—and was banned in India—because some see it as a user grab technique for Facebook, but Wikipedia Zero has gotten less flak because Wikimedia’s a nonprofit organization and its sites often skew to be purely informative.
The controversy usually ends with those two arguments—rarely does anyone ever consider what happens if creative people find loopholes in these zero rated services.
That brings us to what’s going on in Angola. Enterprising Angolans have used two free services—Facebook Free Basics and Wikipedia Zero—to share pirated movies, music, television shows, anime, and games on Wikipedia. And no one knows what to do about it.
Because the data is completely free, Angolans are hiding large files in Wikipedia articles on the Portuguese Wikipedia site (Angola is a former Portuguese colony)—sometimes concealing movies in JPEG or PDF files. They’re then using a Facebook group to direct people to those files, creating a robust, completely free file sharing network.
… But people in developing countries have always had to be more creative than those for whom access to information has always been a given. In Cuba, for instance, movies, music, news, and games are traded on USB drives that are smuggled into the country every week. A 20-year-old developer in Paraguay found a vulnerability in Facebook Messenger that allowed people to use Free Basics to tunnel through to the “real” internet.

The drone refused to comment.
This Drone Startup Just Achieved A Milestone In Doorstep Delivery
,,, Drone startup Flirtey said on Friday that it completed the first federally-sanctioned drone delivery in a U.S. urban area without the help of a human to manually steer it.
The half mile-drone flight took place on March 10 in Hawthorne, Nev., Flirtey CEO Matt Sweeny said in an interview with Fortune. Staff members programmed the drone’s flight path using GPS and then loaded a parcel of emergency supplies—including food, water, and a first-aid kit—into a box tethered to one of the company’s drones.
Flirtey then sent the flying robot to an uninhabited house where it eventually lowered the package to the home’s front porch using a rope while hovering above.
The Nevada-based startup performed the delivery with the help of its partner, the University of Nevada at Reno.
Last year, Flirtey made the first Federal Aviation Administration-approved drone delivery in a rural area by dropping off emergency supplies to a health clinic in Virginia.

Not sure we teach Swift. Should we?
The Best Languages for Mobile App Development in 2016

Probably all my students could use this.
Google Offers Nik Collection Of Photo Editing Suite For Free
… The Nik Collection comes with seven desktop plug-ins that were originally targeted toward expert photographers. From its original price tag of $149, Google is now dropping its price to nothing.
… In case you are interested in giving the Google Nik Collection a go, head to Nik Collection page to download it.

Another toy my geek friends will need.
Amazon shows you how to make an Echo with Raspberry Pi
If you're into messing with hardware and have some basic programming skills, you can put together an Amazon Alexa device of your very own. Amazon has even put together an official guide to do so on GitHub, Lifehacker reports. You'll need to snag a Raspberry Pi 2 and a USB microphone to make it happen, but you've probably got the other required hardware (a micro-SD card for storage, for example) lying around.

Every week. Ready or not.
Hack Education Weekly News
… “The U.S. Department of Education has rehired two of the debt collection companies that it said last year would be fired for misleading student loan borrowers, newly released federal records show,” Inside Higher Ed reports. “Department officials announced in February 2015 that they would ‘end’ the contracts of five debt collectors, accusing the companies of making ‘materially inaccurate representations’ to borrowers trying to get their loans out of default.”
… Interesting verb choice in this headline: “Sophisticated test scams from China invade U.S. college admissions.” And the subhead: “Students hire imposter ‘gunmen’ to take the SAT, the GRE and other tests.” [Because they all look alike? Bob]
Via the Atlanta Journal-Constitution: “A group of parents at a Cobb County elementary are upset over the school’s use of yoga and other mindfulness practices for students because they believe it endorses a non-Christian belief system.”
Via The Denver Post: “ The University of Colorado nutrition expert who accepted $550,000 from Coca-Cola Co. is stepping down as executive director of the Anschutz Health and Wellness Center. James Hill announced Friday that he was leaving, effective immediately, but he expects to continue researching causes of obesity.”
Via Politico: “LinkedIn, labor-market analysis organization Burning Glass and the Markle Foundation have joined forces to roll out a new kind of job website – – specifically designed for middle-skills workers, or people who have a high school diploma but not a bachelor’s degree. The site launched in Colorado this month with an initial emphasis on the information technology, advanced marketing and healthcare fields, with plans to branch into the greater Phoenix area as early as next month. The project has the support of Colorado’s state government as well as Arizona State University and MOOC provider edX.”

Friday, March 25, 2016

What is the right thing to do?
Influencers: FBI should disclose San Bernardino iPhone security hole to Apple
Now that American law enforcement may have a way into the iPhone used by the San Bernardino, Calif., shooter, it should also disclose details about the security hole to Apple, said 81 percent of Passcode’s Influencers.
… “The security of a product used by so many people – including and especially Americans – is part of national security,” said Jonathan Zittrain, professor of law and computer science at Harvard Law School. “While it is appropriate for law enforcement, with a warrant, to use a security flaw to gain access to which it is legally entitled, the flaw should be patched as soon as possible for everyone else’s sake.”...
… For its part, Apple says it would prefer the government share the details of its iPhone hack tactics if the case continues. But on Thursday, FBI Director James Comey declined to comment about whether he would tell Apple the details – and officials have so far said nothing about whether it would be subject to what’s known as the Vulnerability Equities Process.
The equities review, chaired by White House cybersecurity coordinator Michael Daniel, is a relatively secretive process in which multiple agencies help determine whether security flaws in government hands must be disclosed to companies for fixing – or kept secret for national security reasons. As part of the decision making process, officials consider whether keeping the vulnerabilities secret would result in significant risks to consumers, Mr. Daniel has previously explained in a 2014 blog post about how the US decides about when to disclose vulnerabilities. (Editor’s note: Daniel is also an Influencer.)

Another way to define the “right thing?” The alternative would be to retaliate, hack for hack.
In an indictment released this morning, the Justice Department charged seven Iranians with carrying out distributed denial of service (DDoS) attacks on US financial institutions and also charged one of the seven with hacking a dam in New York. The indictment is the latest instance of a ramped up effort by the US government to publicly attribute cyber intrusions to foreign governments and foreign government-linked hackers.
… Both indictments draw a line under behavior that the United States has pushed at the international level to have deemed off limits.
… The United States and China agreed in September 2015 that “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” In a report last summer, the UN Group of Governmental Experts, which includes the United States, China, and Russia, among others, agreed that states “should not conduct or knowingly support [information and communications technology] activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public” (para. 13(f)).

Perhaps the Terminator was intended to be helpful?
Microsoft silences its new A.I. bot Tay, after Twitter users teach it racism
Microsoft’s newly launched A.I.-powered bot called Tay, which was responding to tweets and chats on GroupMe and Kik, has already been shut down due to concerns with its inability to recognize when it was making offensive or racist statements. Of course, the bot wasn’t coded to be racist, but it “learns” from those it interacts with. And naturally, given that this is the Internet, one of the first things online users taught Tay was how to be racist, and how to spout back ill-informed or inflammatory political opinions. [Update: Microsoft now says it’s “making adjustments” to Tay in light of this problem.]

The French believe they are right and the rest of the world is wrong. There is no arguing with that.
PTI reports that France’s National Commission on Informatics and Liberty (CNIL) has gone and done it – they’ve fined Google $112,000 for failure to fully comply with requests to remove search results from people who have made requests under “right to be forgotten.”
The dispute between France’s data protection agency (CNIL) and Google has been going on since last June, when the CNIL demanded that Google delist results across all domains and countries – and not just county-specific results. Google appealed (of course!) but France denied the appeal in September, 2015.
That France believes it can impose its laws across all countries is …. cute? hubris? irrational? You can fill in the blank for yourself, but I do understand why Google has not complied.
Google had attempted to assuage the French regulators by basing search results for delisted urls on the IP addressses, so that someone in France searching for a delisted url would not find it even if they searched instead of
France was having none of that, however:
“Contrary to what Google says, delisting on all extensions does not impinge on freedom of expression in that it does not involve any removal of Internet content,” the CNIL said.
PTI reports:
Google says it has received 86,600 requests in France involving more than a quarter million Web pages, and has honoured just over half of them. Those turned away can appeal to a judge or, more often, to CNIL, which has received 700 complaints of which 45 per cent were deemed legitimate and forwarded to Google.
“As a matter of principle, we respectfully disagree with the idea that a national data protection authority can assert global authority to control the content that people can access around the world,” Google’s privacy chief Peter Fleischer said in July.
The fine is a drop in the bucket for Google, of course, but it’s clear that this battle is far from over.

An interesting research tool.
Podcat Is Pretty Much Like IMDb for Podcast Hosts
Podcasts are great. In fact, some podcasts are so popular, that their hosts are actually quite famous. Some listeners care more about who hosts the show than the show itself. So why don’t podcast hosts have a site like IMDb where listeners (and the hosts themselves) can find out on what shows anyone has appeared?
As it turns out, there’s a site called Podcat that does just that!

So I don't have to tutor students…
For those who are studying undergraduate calculus, Prof Leonard is another addition to the video tutorials I have already shared in Math and Multimedia. The Prof Leonard channel contains 76 Calculus I, II, and III videos ranging from 15 minutes up to more than 3 hours. Most of the videos are about 1 hour in length. The channel also contains videos on Intermediate Algebra and Statistics.
I have shared several Youtube channels in this blog about calculus particularly that of Khan Academy, MIT Open Courseware, and Patrick JMT tutorials. You can also visit more video tutorials here.

I'm teaching Spreadsheets in the Spring, this Infographic will make me seem smart.
These Excel Shortcuts Will Save You Time and Effort

Is nothing sacred?
Playboy for sale, reports say

Thursday, March 24, 2016

Should there be some small office somewhere in the vast government bureaucracy that reviews these half-vast security schemes before they fail spectacularly and embarrass every department or agency that tries to implement them?
From the we-should-have-expected-this dept., Adam Winer reports:
An IRS program that was supposed to help protect vulnerable taxpayers has been partially suspended, because it turns out the program wasn’t all that secure.
An “IP pin code” program is supposed to add another layer of security to those filing tax return forms, but in March, the IRS announced the “tool is unavailable until further notice.”
Tax experts say the IRS program was hacked.
Read more on ABC News.
[From the article:
Either way, it's down, and it's causing problems for people who were relying on the program.
"[If[ a client never receives a letter or maybe a client just misplaced the letter, they can't retrieve [the pin number] online because the system now has been suspended," explains tax specialist and certified fraud examiner Elina Linderman of La Rusa.
Linderman estimates about 5 to 6 percent of her client base has an IP PIN code from the IRS. Filing taxes for those people has become a nightmare for some, and many fear those PIN codes have been stolen altogether.

How strong will the backlash be?
DOJ knew of possible iPhone-cracking method before Apple case
Weeks before the FBI sought a court order forcing Apple to help it break into an iPhone used by one of the San Bernardino gunmen, a sister agency was already using an Israeli security firm's technology to attempt to crack a similar device.
… more than two weeks before a judge ordered Apple to assist the FBI, the Drug Enforcement Administration, also a division of the DOJ, filed a warrant request in a Maryland court asking to use technology from security firm Cellebrite to defeat the password protections on a suspected drug dealer's iPhone.
… A Maryland judge approved the search warrant on Feb. 16, the same day California Magistrate Judge Sheri Pym ordered Apple to provide technical assistance to the FBI in the San Bernardino case.
… In the Maryland drug case, the warrant application describes how Cellebrite would be used to defeat password protections on a suspect's iPhone 6 and other smartphones.
"The device and all readable and searchable contents will be attempted to be downloaded to a 'CellBrite' [sic] device," the Maryland warrant application says. "The 'CellBrite' device allows the user to bypass any password protected utility on the phone."
The iPhone contents "will then be copied to a readable computer disc" and reviewed by the court, the warrant application says.
… Critics of the FBI's case against Apple are now questioning whether the agency should have moved forward with its case without disclosing the possibility of using Cellebrite to hack Farook's phone.
The FBI and DOJ now appear to be backing down in the Apple case because of public opinion and a possibility they won't get the court precedent they seek, said Evan Greer, campaign director for digital rights group Fight for the Future.
"The FBI’s last minute excuse is about as believable as an undergrad who comes down with the flu the night before their paper is due," Greer said via email. "They should come clean immediately."

I don't think they have given Privacy much thought.
Driverless-Car Makers on Privacy: Just Trust Us
… This topic came up last week at a Congressional hearing on driverless cars, and the companies potentially doing the data-collecting were, and this is putting it gently, evasive.
“Do you think there should be a mandatory minimum for privacy protection?” asked Senator Ed Markey, a Democrat from Massachusetts.
The witnesses, representing car makers and the ride-sharing company Lyft, had well-rehearsed platitudes—privacy is important, we look forward to cooperating with the federal government, that kind of thing—but none agreed that mandatory privacy standards should apply to them.

Think this one through for a minute. The NSA is regularly tapping the phone of an ISIS commander who calls a number in the US he never called before. During the conversation it become obvious that the person on the US end is about to walk a suicide bomb into a school/airport/sporting event. Should the NSA remain silent? Do the rules change if the call originates in the US?
Lawmakers warn of 'radical' move by NSA to share information
“If media accounts are true, this radical policy shift by the NSA would be unconstitutional, and dangerous,” Reps. Ted Lieu (D-Calif.) and Blake Farenthold (R-Texas) wrote in a letter to the spy agency this week. “The proposed shift in the relationship between our intelligence agencies and the American people should not be done in secret.
… The NSA has yet to publicly announce the change, but the New York Times reported last month that the administration was poised to expand the agency's ability to share information that it picks up about people’s communications with other intelligence agencies.
The modification would open the door for the NSA to give the FBI and other federal agencies uncensored communications of foreigners and Americans picked up incidentally — but without a warrant — during sweeps.
Robert Litt, the general counsel at the Office of the Director of National Intelligence, told the Times that it was finalizing a 21-page draft of procedures to allow the expanded sharing.
Separately, the Guardian reported earlier this month that the FBI had quietly changed its internal privacy rules to allow direct access to the NSA’s massive storehouse of communication data picked up on Internet service providers and websites.

I'd like to report that my Data Management students predicted this strategy. Unfortunately, this isn't one of our successes. I wonder how things were managed before?
White House Puts Clamps on Data Center Development
The federal program for improving the operation of thousands of government data centers has entered a new phase that will impact significantly how electronic information is stored and managed. Proposed updates to data center operations will affect providers of data management products and could spur the use of cloud technology.
… Federal CIO Tony Scott recently released proposals for major changes in government policy regarding federal data centers. The proposals include prohibiting government agencies from developing new data centers – or significantly expanding existing centers – unless such efforts are approved by the CIO and the Office of Management and Budget. The office of the federal CIO operates as a unit within OMB.

For some reason, this industry is an early adopter of new technologies. I must study them closely. (I'm just doing it for the free Google Cardboard thingies.)
… The world’s biggest adult site partnered with established VR porn store BaDoink to offer free 360-degree content. It is obviously NFSW.
If you’ve never tried VR porn, let me tell you: It is a weird, wild ride. I tested out the new site using both iOS and Android setups and a couple different headsets. The video I saw was not exactly virtual reality as the footage wasn’t entirely 3D. Pornhub does say that the new channel will have lots of full 360-degree content, so you really feel like you’re in some San Bernardino McMansion having sex with a stranger.
… The VR site just went live on Pornhub, so click through if you dare. Pornhub is also giving away 10,000 free Google Cardboard-like devices if you sign up.

Wednesday, March 23, 2016

Well, that explains everything. Maybe.
FBI enlists Israeli firm to unlock encrypted iPhone
Israel’s Cellebrite, a provider of mobile forensic software, is helping the U.S. Federal Bureau of Investigation’s attempt to unlock an iPhone used by one of the San Bernardino, California shooters, the Yedioth Ahronoth newspaper reported on Wednesday.
If Cellebrite succeeds, then the FBI will no longer need the help of Apple Inc, the Israeli daily said, citing unnamed industry sources.
Cellebrite officials declined to comment on the matter.

(Related) Logic, as to what might be happening. Very interesting read!
My Take on FBI’s “Alternative” Method
… All of this paints a pretty clear picture: the leading theory at present, based on all of this, is that an external forensics company, with hardware capabilities, is likely copying the NAND storage off the chip and frequently re-copying all or part of the chip’s contents back to the device in order to brute force the pin – and may or may not also be using older gear from iOS 8 techniques to do it. The two weeks the FBI has asked for are not to develop this technique (it’s most likely already been developed, if FBI is willing to vacate a hearing over it), but rather to demonstrate, and possibly sell, the technique to FBI by means of a field test on some demo units.
… The FBI is rumored to have classified this technique, only 24 hours after requesting a two-week window to give report. If true, FBI wouldn’t classify something that they haven’t validated, which means they validated it too. This suggests the technique *could* also be an exploit, so now we’ve two different possibilities to consider. The classification also suggests a little bit about the company. The company must have engineers capable of holding (or already holding) clearances, suggesting it’s a rather large company.

(Related) I liked some of these too. Perhaps I can get a laser drill for my Ethical Hacking students?
Acid? Laser drill? How the FBI might hack into an iPhone without Apple’s help
… federal officials have been mum about who came forward and what method they’ve proposed. Here are some of the leading options outside experts think the FBI might be exploring.
Another approach, sometimes known as “chip de-capping,” calls for physically removing the casing of the iPhone’s processor chip, using acid or a laser drill. In theory, investigators could then connect electronic probes capable of reading the phone’s unique identification code bit by bit from the location where it is “fused” into the phone’s hardware. This method would also have to read the algorithm that combines that code with the user passcode to unlock the phone.
Once they get that information, investigators could then load it onto another computer, where they can run thousands of attempts at guessing the passcode without worrying about triggering the auto-erase function on the phone itself.

What's in your water?
Attackers Alter Water Treatment Systems in Utility Hack: Report
Verizon’s data breach digest for March 2016 describes several attacks investigated by the company, including one aimed at the systems of an unnamed water utility referred to by Verizon as the Kemuri Water Company (KWC).
The water district had asked Verizon to conduct a proactive assessment as part of its efforts to keep systems and networks healthy, but experts soon discovered clear signs of malicious activity.
They immediately noticed that the organization had a poor security architecture, with Internet-facing systems plagued by high-risk vulnerabilities known to be exploited in the wild, and outdated operation technology (OT) systems that had been more than ten years old.
The water utility’s SCADA platform was powered by an IBM AS/400 system, which was first introduced by the vendor in 1988. This system was used to connect both OT functions, such as the water district’s valve and flow control applications, and IT functions, such as financial systems that stored customer and billing information.
Verizon investigators believe the hackers exploited a vulnerability in the payment application web server. This server stored the internal IP address and admin credentials for the AS/400 system, from which the attackers are believed to have stolen 2.5 million records containing customer and payment information.
Since the compromised AS/400 system also ran valve and flow control applications used to manipulate the utility’s hundreds of programmable logic controllers (PLCs), the hackers managed to access this software and alter settings related to water flow and the amount of chemicals used to treat the water.

Sometimes a sentence just does not seem to fit with the rest of the talk (or article). Does this strike you funny too?
Abraham J. Rein of Post & Schell has a nice recap of some of the recurring themes at last week’s PHI Protection Network conference in Philadelphia. Here’s a snippet of his post from the section about about law enforcement’s message to attendees:
…. Michael Stawasz, Deputy Chief of the U.S. Department of Justice Computer Crime and Intellectual Property Section (“CCIPS”), and Rich Goldberg, Chief of the Economic Crimes Unit for the U.S. Attorney’s Office of the Eastern District of Pennsylvania, both worked to assuage corporate anxiety around reporting a data breach to law enforcement. Such anxiety is reasonable, given the risk of the company finding itself on the wrong end of enforcement scrutiny. But Stawasz and Goldberg both emphasized that, when a company suffers a data breach, “you [the company] are our victim” – indeed, “our goal is to protect you.” Companies need not be concerned, according to Stawasz, about turning information over to the government to assist in its investigation of the breach: “Your information will not be FOIA’d,” Stawasz told the audience; moreover, “it won’t be immediately shared with your regulators,” because “I’m not interested in holding you liable for unreasonable security.”
Read more on Post & Schell.

Interesting. Is this an indication that Privacy is becoming a large part of legal practices or that you can't get anything done on the FTC Board?
FTC commissioner to resign at end of month
The Federal Trade Commission's Julie Brill is slated to leave the agency at the end of the month, opening up the second vacancy on the five-person panel.
Brill, a Democrat, is slated to join Hogan Lovells to help lead the law firm's privacy and security practices. She will also help out with the firm's antitrust work.

Perspective. Well, I find it interesting.
Report: Half of all mobile games revenue comes from only 0.19% of players
Mobile games publishers have to take incredible care when acquiring new users, since the vast majority of them don’t buy anything. In fact, only 0.19 percent of all players contribute 48 percent of revenue, according to a new report from mobile marketing automation and engagement firm Swrve.
Swrve also found that a full 64 percent of players who spend money in games only do so once in the month (up from 49 percent in the original study last year). But it’s not all bad news for publishers. Total volume of spending per month increased by nearly $3 per player to $24.66.

US recorded-music revenues rose slightly in 2015 says RIAA
US music industry body the RIAA has published its figures for 2015, revealing that recorded-music revenues rose by 0.9% last year to $7bn.
That’s estimated retail value: the amount of money people spent on physical music, downloads and streams. The wholesale value – the money flowing back to rightsholders – rose 0.8% to $4.95bn.
Another key point from the RIAA’s announcement: streaming is now the biggest chunk of US recorded-music revenues, rising from 27% in 2014 to 34% in 2015 – overtaking download sales in the process.

Perspective. Anecdotes, not strategy.
Leveraging the Internet of Things for Competitive Advantage
… John Deere offers a case in point. The company has been making steel ploughs since 1837 and the name brand is synonymous with farming and tractors in the U.S. But beginning in 2012, John Deere embedded new sensors in its products and marketed connectivity as a key product benefit. Today, those sensors provide farms with decision-support information on where to plow, what crops to plant and when to plant. That information is potentially more valuable over time than the tractor pulling the plow.

How strange. My students seem to have a problem with class-long learning.
Pew – Lifelong Learning and Technology
by Sabrina I. Pacifici on Mar 22, 2016
A large majority of Americans seek extra knowledge for personal and work-related reasons. Digital technology plays a notable role in these knowledge pursuits, but place-based learning remains vital to many and differences in education and income are a hallmark of people’s learning activities.. Most Americans feel they are lifelong learners, whether that means gathering knowledge for “do it yourself” projects, reading up on a personal interest or improving their job skills. For the most part, these learning activities occur in traditional places–at home, work, conferences or community institutions such as government agencies or libraries. The internet is also an important tool for many adults in the process of lifelong learning. A new Pew Research Center survey shows the extent to which America is a nation of ongoing learners:
  • 73% of adults consider themselves lifelong learners.
  • 74% of adults are what we call personal learners– that is, they have participated in a t least one of a number of possible activities in the past 12 months to advance their knowledge about something that personally interests them. The se activities include reading, taking courses or attending meetings or events tied to learning more about their personal interests.
  • 63% of those who are working (or 36% of all adults) are what we call professional learners – that is, they have taken a course or gotten additional training in the past 12 months to improve their job skills or expertise connected to career advancement.”

Tuesday, March 22, 2016

Using throw away phones is far simpler than coordinating encryption keys for these guys. (Think: Occam's razor.)
Burner phones, not encryption, kept Paris terrorists off the authorities’ radar
New details of the Paris attacks carried out last November reveal that it was the consistent use of prepaid burner phones, not encryption, that helped keep the terrorists off the radar of the intelligence services.
As an article in The New York Times reports: "the three teams in Paris were comparatively disciplined. They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims."
The article goes on to give more details of how some phones were used only very briefly in the hours leading up to the attacks. For example: "Security camera footage showed Bilal Hadfi, the youngest of the assailants, as he paced outside the stadium, talking on a cellphone. The phone was activated less than an hour before he detonated his vest." The information come from a 55-page report compiled by the French antiterrorism police for France’s Interior Ministry.

This Times has the facts. Question: Can Apple sue to make the FBI release the security flaw they are using? (So they can patch it)
U.S. Says It May Not Need Apple’s Help to Unlock iPhone
In a new court filing, the government said an outside party had demonstrated a way for the F.B.I. to possibly unlock the phone used by the gunman, Syed Rizwan Farook.
… While the Justice Department must test this method, if it works “it should eliminate the need for the assistance from Apple,” it said in its filing. The Justice Department added that it would file a status report by April 5 on its progress.
… Late on Monday, Judge Sheri N. Pym, the federal magistrate judge in the United States District Court for the Central District of California who was set to hold the hearing, agreed to grant the Justice Department’s motion to postpone the hearing.
The emergence of a potential third-party method to open the iPhone was a surprise, as the government said more than a dozen times in court filings that it could open the phone only with Apple’s help. The F.B.I. director, James B. Comey Jr., also reiterated that point several times during a hearing before Congress on March 1.

(Related) ...and from the other coast, speculation.
Five theories why the FBI postponed a major hearing in case against Apple
… The general public and cybersecurity experts have been throwing ideas the FBI's way for several weeks, and experts said it's unlikely that someone devised a new technical workaround at the last moment. Could there be more to the 11th-hour postponement than the Justice Department is saying?
Here are some theories.
The FBI is giving the ACLU's method a try -- at last.
The FBI is bluffing because it needs more time -- or wants the case to die down.
The NSA stepped in.
Apple tipped off the FBI.
John McAfee, or someone like him, cracked the iPhone.

(Related) A logical approach?
A Coherent Middle Ground in the Apple-FBI All Writs Act Dispute?

(Related) Maybe not

(Related) This is where the world is moving. Will the FBI subpoena everyone?
Google, Microsoft, Yahoo, Other Tech Titans Unite For Proper Email Encryption

Of course they do!
How Self-Driving Cars Will Threaten Privacy

I would have considered this “classified” if for no other reason to protect the Google executive from retaliation. Now, let's consider the legal issues involved when a company tried to overthrow a government.
Clinton email reveals: Google sought overthrow of Syria's Assad
Google in 2012 sought to help insurgents overthrow Syrian President Bashar Assad, according to State Department emails receiving fresh scrutiny this week.
Messages between former secretary of state Hillary Clinton's team and one of the company's executives detailed the plan for Google to get involved in the region.
… "Please keep this very close hold and let me know if there is anything [else] you think we need to account for or think about before we launch. We believe this can have an important impact," Cohen concluded.
The message was addressed to deputy secretary of state Bill Burns; Alec Ross, a senior Clinton advisor; and Clinton's deputy chief of staff, Jake Sullivan. Sullivan subsequently forwarded Cohen's proposal to Clinton, describing it as "a pretty cool idea." [Not sure I would categorize it as “cool” Bob]

And here I thought the purpose of prepaid cards was to avoid connecting me to my purchases.
Agencies Release Guidance to Issuing Banks on Applying Customer ID Program Requirements to Holders of Prepaid Cards
by Sabrina I. Pacifici on Mar 21, 2016
Federal financial institution regulatory agencies today issued guidance clarifying the applicability of the Customer Identification Program (CIP) rule to prepaid cards issued by banks. The guidance applies to banks, savings associations, credit unions, and U.S. branches and agencies of foreign banks (collectively “banks”). The guidance clarifies that a bank’s CIP should apply to the holders of certain prepaid cards issued by the institution as well as holders of such prepaid cards purchased under arrangements with third-party program managers that sell, distribute, promote, or market the prepaid cards on the bank’s behalf. The guidance describes when, in accordance with the CIP rule, the bank should obtain information sufficient to reasonably verify the identity of the cardholder, including at a minimum, obtaining the name, date of birth, address, and identification number, such as the Taxpayer Identification Number of the cardholder. Agencies issuing the guidance include the Federal Deposit Insurance Corporation, Federal Reserve Board, National Credit Union Administration, Office of the Comptroller of the Currency, and Financial Crimes Enforcement Network.”

For my Ethical Hacking students.
New Pluralsight course: Ethical Hacking, Denial of Service

They'll have to remake that Nick Cage movie, now it's “Gone in 60 nanoseconds!”
Radio Attack Lets Hackers Steal 24 Different Car Models
For years, car owners with keyless entry systems have reported thieves approaching their vehicles with mysterious devices and effortlessly opening them in seconds. After having his Prius burgled repeatedly outside his Los Angeles home, the New York Times‘ former tech columnist Nick Bilton came to the conclusion that the thieves must be amplifying the signal from the key fob in the house to trick his car’s keyless entry system into thinking the key was in the thieves’ hand. He eventually resorted to keeping his keys in the freezer.
Now a group of German vehicle security researchers has released new findings about the extent of that wireless key hack, and their work ought to convince hundreds of thousands of drivers to keep their car keys next to their Pudding Pops. The Munich-based automobile club ADAC late last week made public a study it had performed on dozens of cars to test a radio “amplification attack” that silently extends the range of unwitting drivers’ wireless key fobs to open cars and even start their ignitions, as first reported by the German business magazine WirtschaftsWoche. The ADAC researchers say that 24 different vehicles from 19 different manufacturers were all vulnerable, allowing them to not only reliably unlock the target vehicles but also immediately drive them away.

I thought for a second this would make a great disciplinary tool, but then the “cruel and unusual” elements sprang to mind.
You Can Now Run Windows 98 in Any Browser Without Plug-Ins
… A few weeks ago, we showed you where you can run Windows 95 in your browser with no extra software. Now it’s Windows 98’s turn; you can run it entirely on’s Windows 98 page. Feel free to check out Minesweeper, listen to those classic Windows sounds, or try to connect to dial-up just to relive the old days.

Monday, March 21, 2016

Interesting. He not only chickened out on the suicide bombing bit, now he is ratting out other terrorists? We need to bottle whatever he's been drinking. Although I would be surprised if he knew much.
Captured Paris attack suspect 'worth weight in gold' to police: lawyer
The only suspected participant in Nov. 13 Paris attacks to be captured alive has been cooperating with police investigators and is "worth his weight in gold", his lawyer said on Monday.
… French investigator Francois Molins told a news conference in Paris on Saturday Abdeslam had admitted to investigators he had wanted to blow himself up along with others at the Stade de France on the night of the attack claimed by Islamic State; but he later backed out.
Abdeslam's lawyer Sven Mary said he would sue Molins for making the comment public, calling it a violation of judicial confidentiality.
Mary said Abdeslam was now fully cooperating with investigators.
… Belgian prosecutors said in a statement they were looking for Najim Laachraoui, 25, using the false name of Soufiane Kayal. His DNA had been found in houses in Belgium used by the Paris attackers. [I wonder how they knew whose DNA it was? Bob]

Interesting. Should be “interesting times” tomorrow.
Tim Cook, Meet Aaron Burr: Why The Encryption Fight Is As Old As The Constitution
Midway through its latest brief arguing why Apple needs to unlock the iPhone used by one of the San Bernardino shooters, the U.S. Justice Dept. cites a surprising case: U.S. v. Burr, the 1807 prosecution of Aaron Burr for treason.
According to the lawyers at Justice, none other than Chief Justice John Marshall of the U.S. Supreme Court concluded in that case that Burr’s clerk, identified only as Willie, must decrypt a coded letter Burr sent to one of his accomplices.
Not so, says Apple: Marshall only ordered Willie to say whether he understood the contents of the letter. And even that would be heading down the slippery slope toward self-incrimination, Burr’s lawyers argued at the time. Though the initial question “may be an innocent one,” one lawyer said, “yet the counsel for the prosecution might go on gradually from one question to another, until he at last obtained matter enough to criminate him.”

(Related) Never say no to a politician? In short, everything was buddy-buddy until the government wanted something Apple would not give them.
The Behind-the-Scenes Fight Between Apple and the FBI
Obama administration officials and Apple initially shared some common ground on data encryption. Then terrorists struck in San Bernardino, and everything changed.

Scott Greenfield writes:
Near as I can tell, the first person to pick up on footnote 9 in the government’s response to Apple was Marcy Wheeler a Empty Wheel.
DOJ has submitted its response to Apple in the Syed Farook case. Amid invocations of a bunch of ominous precedents — including Dick Cheney’s successful effort to hide his energy task force, Alberto Gonzales effort to use kiddie porn as an excuse to get a subset of all of Google’s web searches, and Aaron Burr’s use of encryption — it included this footnote explaining why it hadn’t just asked for Apple’s source code.
Screen Shot 2016-03-10 at 6.17.50 PM
That’s a reference to the Lavabit appeal, in which Ladar Levison was forced to turn over its encryption keys.
That it was a threat is beyond question. The snideness of “if apple would prefer” leaves no doubt. This refers to a court ordering Apple to turn over its code to the government, handing over the keys to the technological Kingdom.
Read more on Simple Justice.
And no, I’m not posting this to dump on Levison, but to point out the relationship to his case and why it isn’t precedent, as Scott explains.
Related: Cryptome has uploaded a number of filings from the Lavabit case, here.

Not sure all of these are legal.
8 Ways to Prevent Drones Infringing on Your Privacy

An introduction to some “attractive” social media.
What Your Teen Doesn’t Want You To Know They Use Their Phone For

Those Brits are so boring and straight laced – until they start drinking.
Experts could overrule 'Boaty McBoatface' name choice for polar ship
The name of a new polar research vessel will be chosen by a panel of experts, even if the public overwhelmingly votes to call it Boaty McBoatface.
Lord West, ex-First Sea Lord, said he was rather proud "silly names" had been suggested but hoped none were chosen.
The Natural Environment Research Council had urged people to name its ship in a competition, which saw Boaty McBoatface easily topping the poll.
The final name will be selected by the NERC, according to competition rules.
Boaty McBoatface is currently leading with more than 27,000 votes, while the second place pick trails with around 3,000.