Saturday, January 07, 2017

…because they can help connect hackers to other data? 
Mark L. Krotoski and W. Scott Tester of Morgan Lewis remind entities that duty to notify of a breach depends on state definitions of “personal information,” and more states are now including usernames or email addresses as personal information:
Illinois, Nebraska, and Nevada are the latest to add usernames or email addresses to the definition of PI when they are combined with information that would permit access to an online account.  The Illinois law took effect on January 1, 2017, while the respective laws in Nebraska and Nevada took effect in 2016.
Three other states (California, Florida, and Wyoming) had previously enacted laws mandating that either a username or email address constitutes PI when combined with a password or security question and answer that would permit access to an online account.
Read more on Lexology

Perspective.  Pity the little old FBI agent charged with reading all of these.
Facebook says people sent 63 billion WhatsApp messages on New Year’s Eve
Facebook-owned WhatsApp today announced that people sent 63 billion messages on New Year’s Eve, setting a new record for the app that lets people have chats and make voice and video calls.
Within those 63 billion messages, there were 7.9 billion images and 2.4 billion videos, a WhatsApp spokesperson told VentureBeat in an email.

Somehow I doubt it. 
Trump Nominees’ Filings Threaten to Overwhelm Federal Ethics Office
Rex W. Tillerson owns more than $50 million of Exxon Mobil stock, has earned an annual salary of $10 million and holds a range of positions — from director at the Boy Scouts of America to the managing director of a Texas horse and cattle ranch.
But Mr. Tillerson is prepared to resign from all those posts, sell all his stock and put much of his money into bland investments like Treasury bonds if he becomes secretary of state, according to an “ethics undertakings” memo he filed this week with the State Department.  And, if he returns to the oil industry in the next decade, he could lose as much as $180 million.
   The disclosures are then used by the agencies they are to take over, along with the Office of Government Ethics, to identify potential conflicts of interest and to negotiate ethics letters to be signed by the nominees, committing to avoid conflicts of interest.
At the same time, this class of wealthy incoming officials could save hundreds of millions of dollars in income tax payments, thanks to a special tax benefit created so that affluent Americans do not avoid federal government jobs.

Can it be that simple?
AT&T-Time Warner deal likely to avoid FCC scrutiny
AT&T will likely circumvent Federal Communications Commission (FCC) oversight in its attempted purchase of Time Warner, according to an SEC filing released Friday.
In an S-4 filing, Time Warner said that it had completed a review of its FCC licenses and determined that it “will not need to transfer any of its FCC licenses to AT&T.”
If Time Warner and AT&T had decided to keep the licenses in the acquisition, the FCC would have had a chance to review and potentially block the $85 billion deal.  President-elect Donald Trump is reportedly still interested in blocking the sale, with some experts speculating that review of the deal by a Trump-appointed FCC chairman could thwart the company's’ intentions.

Friday, January 06, 2017

“Okay Bob, what did you screw up now?” 
Those Voices at the Call Center? They May Know a Lot About You
The next time you dial customer service, who answers your call may be determined by what you have said on Facebook.
Companies from casino operator Caesars Entertainment Corp. to wireless carrier Sprint Corp. are increasingly checking social media and other personal data to tailor calls for each customer.  The practice, however, raises concerns among privacy advocates.
   A startup called Afiniti International Holdings Ltd. is trying to change that.  Its artificial intelligence software, which has been installed in more than 150 call centers by dozens of companies, examines as many as 100 databases tied to landline and cellphone numbers to determine the best agent to answer each individual caller.  Such matching can result in more satisfied customers and more sales, the company says.
Afiniti’s technology not only pulls callers’ histories for a business and credit profile, but seeks insights into their behavior by scouring their public Facebook and Twitter posts as well as LinkedIn pages.

For my Data management students.  How would this data benefit the organization?
Why Bosses Can Track Their Employees 24/7
   The Fourth Amendment protects Americans from unreasonable searches and seizures, but it only constrains the government’s actions.  If local police or the FBI wants to track your car, they have to ask a judge for a warrant first.  But if your boss wants to track your phone, it’s likely within his or her rights.
In fact, businesses track their employees’ locations all the time.  Often, it’s to keep an eye on their equipment, like company vans or employer-issued cellphones.  Other times, tracking helps bosses make sure their workers are clocking in and out on time, and that remote employees—like a technician or a plumber who make house calls, for example—are indeed where they say they are.  Tracking systems can also help employers make sure their employees are reporting mileage correctly, and that they aren’t taking detours between jobs to pick up groceries.

(Related).  Why are these companies chasing technology?
Digital Dunkin’: Non-Tech Firms Crash CES, Looking to Connect
At the world’s largest consumer electronics show this week, Carnival cruise lines, Dunkin’ Donuts and the owner of Absolut vodka unveiled new technology and swapped tips.

It’s not that the security was bad, it’s that they said it was good?  
FTC takes D-Link to court citing lax product security, privacy perils
The Federal Trade Commission has filed a complaint against network equipment vendor D-Link saying inadequate security in the company’s wireless routers and Internet cameras left consumers open to o hackers and privacy violations.
   For its part, D-Link Systems said it "is aware of the complaint filed by the FTC.  D-Link denies the allegations outlined in the complaint and is taking steps to defend the action.  The security of our products and protection of our customers private data is always our top priority."  [Update: A full response fromD-Link can be found here]

According to the FTC’s complaint, D-Link promoted the security of its routers on the company’s website, which included materials headlined “Easy to secure” and “Advance network security.”  But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws, such as:
·         “Hard-coded” login credentials integrated into D-Link camera software -- such as the username “guest” and the password “guest” -- that could allow unauthorized access to the cameras’ live feed;
·         A software flaw known as “command injection” that could enable remote attackers to take control of consumers’ routers by sending them unauthorized commands over the Internet;
·         The mishandling of a private key code used to sign into D-Link software, such that it was openly available on a public website for six months; and
·         Leaving users’ login credentials for D-Link’s mobile app unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information.

The tech version of “too big to fail?” 
How Samsung Weathered the Galaxy Note 7 Recall
A strong earnings forecast from Samsung Electronics Co. on Friday offered a fresh reminder of the company’s central place in the global technology supply chain.
Even with the recall of its premium Galaxy Note 7 smartphone in early October last year that cost it at least $5 billion, Samsung projected profits for the last three months of 2016 that would be the highest in more than three years.
The boost in profits didn’t come from its own lineup of premium smartphones, but rather from competitors like Apple Inc., Dell Inc., HP Inc. and Sony Corp., whose smartphones, laptops and televisions rely on components manufactured by the South Korean technology giant.

“Mess with me and I’ll sue you!”  Probably not a viable threat in cyber-space. 
Law firms subject to same cyber risk as others, but is compliance required?
   ALM Legal Intelligence has reported the following facts on the legal sector.
  • Nearly 10% of firms have not performed a formal information security and privacy assessment.
  • Approximately one-third of firms do not hold cyber liability insurance policies.
  • More than 55% of firms have either already established a cybersecurity practice or have plans to form one.
  • A whopping 98% of law firm respondents to the ALM intelligence law firm survey believe that the legal industry is increasingly a target for attacks.
  • 22% of law firms don’t have a data breach plan in place
  • Only 50% of law firms have a cybersecurity team in place
  • 87% state they train users on basic security practices yet only 47% conduct drills
  • Most view cybersecurity as an IT issue vs the reality, it’s a business issue 
Additionally Daniel Solove, professor at George Washington University Law School and organizer of the privacy + Security forum, said “On a scale of 1 to 10, the risks law firms are facing are an 11.”

Another ‘talking car.’  Will all cars talk like KITT?  Is voice a ‘must have?’
Nissan is placing Cortana in the passenger seat
At the CES consumer electronics conference in Las Vegas today, Nissan announced that, as part of Microsoft’s existing partnership with the Renault-Nissan Alliance, it’s working with Microsoft around the use of the Cortana virtual assistant and other services that are part of a new Connected Vehicle Platform.
   This comes a day after Google said that Daimler and Hyundai will be integrating the Google Assistant, and Ford said Amazon’s Alexa virtual assistant will be coming to its cars.  Apple, for its part, fields CarPlay, which is integrated into hundreds of vehicles.

Technology for those IoT connected devices that don’t change much over the years.
Intel’s Compute Card wants to give your fridge a brain transplant
   Hardware manufacturers, which already include big names like HP, Dell, InFocus, Lenovo, LG, and Sharp, will use Intel’s specifications to build the Compute Card into their new products.
It’s an easy way for a company that doesn’t have experience producing tiny smart internals to add the functionality into a new device.  Now LG doesn’t have to figure out how to produce the computing portion of its fridge, it can just outsource the problem.  Even better, it means you don’t need to replace your fridge when you want new features — you can just upgrade the card.

Now children, let’s not get into another “did too!” did not!” shouting match.  The FBI didn’t think this was worth mentioning at the time? 
FBI Says Democrats Refused Access to Hacked E-Mail Servers
The Democratic National Committee rebuffed requests by federal agents to inspect computer servers that had been breached last year during the presidential campaign, forcing them to rely on third-party cyber security data to investigate the hack, the FBI said.

The next great time-waster?
The Internet Archive has created a repository dedicated to Donald Trump.  The Trump Archive is designed to be a public record of the views the next President of the United States of America has expressed in recent years.  Allowing us all to become fact-checkers.
   The Trump Archive contains more than 520 hours of Trump-related videos.  This includes speeches, interviews, debates, and other televised broadcasts concerning the president.  The earliest video dates back to December 2009, when Trump started expressing views relevant to his presidency.

(Related).  Presidents move markets.
New app alerts users when Trump tweets about stocks they own
Worried that a tweet from President-elect Donald Trump might sink your stocks?  There’s an app for that.

(Related).  Hardly unexpected. 
South Korea assigns official to monitor Trump’s tweets: report
South Korea’s government has assigned an official to monitor President-elect Donald Trumps Twitter account, according to a new report.
The officer will screen all of Trump’s tweets, The Korea JoongAng Daily said Thursday, paying special attention to those regarding Asia, North Korea and South Korea.

(Related).  Usually it takes a few years to sort out Presidential papers.
White House releases new Obama social media archive tools
The Obama administration's social media archive plan includes everything from GIFs to Vines, the White House revealed Thursday.
In a post, the White House shared links to several platforms that allow users to access a history Obama’s posts during his time in the White House.  Some of the sites included Giphy, which archived every GIF image ever used by the White House, and ArchiveSocial’s searchable database of every White House social media post.
The White House’s Twitter, Facebook and Vine posts are also available for anyone to download in their entirety and use to create their own data and archival projects.
Not all of the tools are purely archival. One, created MIT Media Lab’s Electome group, analyzed Obama’s tweets and categorized them into policy categories, tracking them against 2016 election discourse on Twitter.  The charts highlight discrepancies between the president’s tweets and other tweets in areas like healthcare and employment.
The charts reveal Obama's tweets focusing on these things much more than other politically focused Twitter users.  2016 political Twitter users did, however, spend a lot more time than Obama tweeting about foreign policy and national security matters.
In October, the White House announced its initial plans for its digital archival project, which included housing all of the president’s tweets on the Twitter account @POTUS44.
Obama has been called the first “Twitter president"

What will my geeks do with this?  Stay tuned!
You might have heard about PIXEL, the new Raspberry Pi desktop environment, that comes as part of the Raspbian Jessie operating system.  Basically it offers a slick, new user interface to the low-spec hobbyist mini-computer, and the results are stunning.
Given the spec of the Raspberry Pi (we’re talking ARM processors without much RAM and no hard disk drive) it would be rather great if this OS could be ported to Intel and AMD 32-bit and 64-bit processors, to pump some new life into older PCs, wouldn’t it?
Well, as fortune would have it, this is exactly what has happened.  The Raspberry Pi team has released a version of PIXEL for x86 and x64 computers, which means that there is a good chance that your old, low spec PC or laptop could be persuaded to run, and run well.
..   Your mileage may vary, but in short, if your computer will run Debian, then it should run PIXEL.

The traffic light is a fun little project, that can be completed in under an hour.  Learn how to build your own – using an Arduino – and how to modify the circuit for an advanced model.
Don’t worry if you’ve never used an Arduino before, we have a beginners guide.

Thursday, January 05, 2017

For my Computer Security students.
If you are following what’s happening with hackers attacking misconfigured MongoDB databases, wiping the data, and then demanding ransom for its return, then you’ll know that although this problem seemed to start on or around December 21 with an actor known as “Harak1r1,” within days of it garnering media attention, we saw almost identical warning messages from another actor “0wn3d” with a different bitcoin wallet.
By this morning there was a third actor, “0704341626asdf,” with yet a third bitcoin wallet
   This third actor, who Victor reports had struck 221 databases by early this morning, took the opportunity to educate and insult victims:
Your database has been pwned because it was publicly accessible at port 27017 with no authentication (wtf were you thinking?)
The full warning, more verbose than the other two warnings, and written in upper and lowercase with proper grammar and spelling, gives victims 72 hours to email the attacker(s) that the ransom has been sent to the bitcoin wallet.  The ransom amount is .15BTC
So are the second and third actors copycats or just different aliases of one attacker or group?  And if they are copycats, as they seem to be, how many more will we see?  The problem seems to be rapidly escalating.
Of note, since these MongoDB installations are often backup or test environments, how many victims will not even notice that they’ve been attacked before the 72-hour window expires?
As of the time of this posting, there have been 18 payments to the first bitcoin wallet, but none (yet) to the second and third bitcoin wallets.
Expect to see a lot more on this type of attack as word spreads.

Interesting ‘not-the-best practices’ for my Computer Forensics students. 
R. Scott Moxley writes:
FBI agents and prosecutors usually strut inside Santa Ana’s Ronald Reagan Federal Courthouse, knowing they’ve focused the wrath of the criminal-justice system on a particular criminal.  But an unusual child-pornography-possession case has placed officials on the defensive for nearly 26 months.  Questions linger about law-enforcement honesty, unconstitutional searches, underhanded use of informants and twisted logic.  Given that a judge recently ruled against government demands to derail a defense lawyer’s dogged inquiry into the mess, United States of America v. Mark A. Rettenmaier is likely to produce additional courthouse embarrassments in 2017.
Read more on OC Weekly.

(Related).  Is this normal?  
The FBI Never Asked For Access To Hacked Computer Servers
The FBI did not examine the servers of the Democratic National Committee before issuing a report attributing the sweeping cyberintrusion to Russia-backed hackers, BuzzFeed News has learned.
Six months after the FBI first said it was investigating the hack of the Democratic National Committee’s computer network, the bureau has still not requested access to the hacked servers, a DNC spokesman said.  No US government entity has run an independent forensic analysis on the system, one US intelligence official told BuzzFeed News.
“The DNC had several meetings with representatives of the FBI’s Cyber Division and its Washington (DC) Field Office, the Department of Justice’s National Security Division, and U.S. Attorney’s Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC’s computer servers,” Eric Walker, the DNC’s deputy communications director, told BuzzFeed News in an email.
The FBI has instead relied on computer forensics from a third-party tech security company, CrowdStrike, which first determined in May of last year that the DNC’s servers had been infiltrated by Russia-linked hackers, the U.S. intelligence official told BuzzFeed News.
   It’s unclear why the FBI didn’t request access to the DNC servers, and whether it’s common practice when the bureau investigates the cyberattacks against private entities by state actors, like when the Sony Corporation was hacked by North Korea in 2014.
BuzzFeed News spoke to three cybersecurity companies who have worked on major breaches in the last 15 months, who said that it was “par for the course” for the FBI to do their own forensic research into the hacks.

What were they (not) thinking?  Free power for my Ethical hacking students? 
Smart Meters Pose Security Risks to Consumers, Utilities: Researcher
   Between 2010 and 2012, several experts detailed the security and privacy implications of using smart meters, and SecureState even released an open source framework designed for finding vulnerabilities in such devices.
However, according to Netanel Rubin, who recently founded Vaultra, a company that develops security solutions for the smart industry, smart meters continue to lack proper security mechanism, allowing malicious actors to use these devices to target both consumers and utilities.
   The protocols used by smart meters include ZigBee, which is used for communicating with smart appliances in the consumer’s home, and GSM, which is used for communications between the meter and the electric utility.  Both ZigBee and GSM have been known to contain serious vulnerabilities, and they have been poorly implemented in smart meters.
In the case of GSM, many electric utilities still haven’t implemented any form of encryption, despite being warned of the risks several years ago.  Those that do use encryption, rely on the A5 algorithm, which is known to be vulnerable to attacks.
   According to the expert, a malicious actor who manages to hack a smart meter could obtain information on the targeted user’s power consumption and potentially determine when the victim is at home, or they could inflate [Or deflate?  Bob] the electricity bill.  The expert pointed to an incident in Puerto Rico, where an electric utility reported hundreds of millions of dollars in losses due to smart meter fraud conducted via hacking and other methods.

Much ado about something?  Guidance for my Ethical Hacking students?
On Thursday, Senator McCain will hold hearings of the Armed Services Committee on the Russian election hacking.  Several aspects of Russia’s election interference raise issues involving the international law of cyber operations.  For a quick tutorial, I recommend most highly an earlier Just Security post by Sean Watts, “International Law and Proposed U.S. Responses to the D.N.C. Hack.”  I thought to provide readers with a few additional points in light of more recent developments.

An interesting question for the technical age…  Are Congressional ‘selfies’ illegal?
GOP approves new fines for livestreaming protests on House floor
Republicans barreled ahead with a plan to fine members who use their phones to broadcast future floor protests, approving rules for the new Congress Tuesday that codify the penalties despite last-minute objections from Democrats.

(Related).  How about Tweets from the White house? 
When Donald Trump Tweets, It Is News to Sean Spicer
Donald Trump’s incoming White House press secretary said Wednesday the president-elect would continue his prolific use of Twitter when in office, adding that even he and other communication advisers aren’t consulted before a tweet is sent out.

Perhaps other tech companies could spend some pocket change for the same reason?  (Do they really care that mich?)
Amazon's rumored bid for American Apparel could solve its Trump problem in one master stroke
The rumored deal immediately raised speculation about Amazon's growing ambitions in the fashion business. 
But an acquisition of the struggling clothing retailer could also help Amazon by solving one of the biggest problems it currently faces: tension with president-elect Donald Trump.
Trump, who frequently criticized Amazon during his campaign, won his way to the White House in large part by promising to keep US manufacturing jobs in the country.  He claims some of his recent deals with Carrier and Ford helped save thousands of jobs from moving overseas.
American Apparel, best known for its "Made in the U.S.A" slogan, says it's the largest clothing manufacturer in North America.  With 4,500 workers employed, it also calls itself the "largest sewing facility in North America."
That means by acquiring American Apparel, Amazon would get to save thousands of US manufacturing jobs, while helping Trump continue to play up the "keep jobs in the US" rhetoric — and also win Trump's support in one master stroke.
And given that the starting price to buy part of American Apparel is currently $66 million, according to Reuters, Amazon could score a big win by spending a relative pittance (Amazon had roughly $12 billion in cash on its balance sheet at the end of the last quarter).

Useful tool or major distraction?  Will my car offer me ‘bargains’ as I drive? 
Amazon's Alexa is officially coming to Ford cars
   The integration will let Ford users with SYNC 3 access Alexa, Amazon's cloud-based voice service, inside the car to do things like check the weather, play audiobooks, add items to shopping lists, and even control Alexa enabled smart home devices.
For example, you could tell Alexa to set your smart thermometer to a certain temperature or turn on the lights at your house while you're driving.

(Related).  Yeah, it needs a bit of work. 
Alexa can now order takeaway from Amazon Restaurants
We’re only five days into 2017, but Amazon is on a tear with new updates and support for its digital assistant Alexa.  The latest lets you order food through the retailer’s own takeaway service Amazon Restaurants, which itself launched all the way back in 2014.
   Unfortunately, voice commands are terrible for ordering takeaway.  Abysmal, even.  No one wants to listen to a list of dishes and prices, and so Amazon, sensibly enough, only lets you reorder meals you’ve had in the past.

“ZUCK 2020?”  (Copyright that T-shirt NOW!)
Zuckerberg could run Facebook while serving in government forever
Mark Zuckerberg is not limited to just two years working in the government while still controlling Facebook, as has been widely misreported.  A closer examination of SEC documents reveals Zuck only needs to still own enough Facebook stock or have the board’s approval to be allowed to serve in government indefinitely.
Combined with Zuckerberg’s announcement yesterday that his 2017 personal challenge is to meet and listen to people in all 50 states, this fact lends weight to the idea that Zuckerberg may be serious about diving into politics.

A resource for my geeks.

Wednesday, January 04, 2017

For my Computer Security students.
The state’s announcement:
The Office of Consumer Affairs and Business Regulation today announced the online public availability of its Data Breach Notification Archive.
The Massachusetts Data Security Law (M.G.L. c.93H) requires any entity that keeps a Massachusetts resident’s personal information to notify affected residents, the Office of Consumer Affairs and Business Regulation, and the Attorney General’s Office anytime personal information is accidentally or intentionally compromised.  The information maintained by the Office of Consumer Affairs was previously only available through Public Records Requests.
Although the press release doesn’t seem to tell us where to actually find the archive, you can find it here.

But, suspicion is sufficient, right?  
Joe Cadillic writes:
Maine’s Marine Patrol is allowed to put secret surveillance devices inside boats.
According to an article in the Portland Press Herald, the Maine Department of Marine Resources (DMR) wants the Marine Patrol to secretly install electronic surveillance devices on the boats of fishermen suspected of violating state fishing regulations.
Did you catch that, police will secretly spy on anyone suspected of violating fishing regulations!
Read more on MassPrivateI.

What could possibly go wrong?  (A possible question on my Computer Security final.)
Her name is Aristotle, and she has eyes, and ears, inside your child's bedroom.
   To new parents, Mattel is positioning Aristotle as a smart baby monitor.  Unlike Google Home or Amazon Alexa, Aristotle is equipped with a camera that streams video through an encrypted cloud connection to your phone.  But with partners like Qualcomm (which makes key chips inside most smartphones) and Microsoft (which provides both Bing search intelligence and Cortana AI smarts), Aristotle is a lot more capable than the baby monitors of today.

Rapelcgvba vf tbbq!  Encryption is good!  (see: ROT13)  
EFF – The State of Crypto Law: 2016 in Review
by Sabrina I. Pacifici on Jan 3, 2017
Nate Cardozo – The State of Crypto Law: 2016 in Review – “This year was one of the busiest in recent memory when it comes to cryptography law in the United States and around the world…  In this post, we’ll run down the list of things that happened, how they could have gone wrong (but didn’t), how they could yet go wrong (especially in the U.K.), and what we might see in 2017…”

How to apply that dossier they’ve been building.  My Data Management students need to think about this. 
Carnival Corp.’s new ‘smart ships’ know your name, what you want and where you want it
Imagine a future world defined by technology so subtle you hardly know its there.
Servers know what you want ahead of time, so your food is ready when you sit down.  The “what should I do today?” question is answered by a list of curated options based on your personal interests.  Standing in line is a remnant of a life long ago.  And perhaps best of all, the technology works so smoothly that no users’ manual is required.
But this isn’t some distant, Trekkie future.  Within months, passengers will find these features aboard Princess Cruises’ Royal Princess.
   The Doral-based cruise company is set to announce its futuristic innovation at the 2017 Consumer Electronics Show in Las Vegas Wednesday, delivering what it promises will be the idea that changes how companies approach not only cruising, but the hospitality industry altogether.
   It starts with a medallion, a quarter-sized disc weighing just under 2 ounces emblazoned with a traveler’s name, ship and sail date.  Guests need only carry it around, or purchase a wristband or necklace to carry it in.
This medallion is like a starship room key embedded with information on the individual cruiser.  Like card keys and bands on some other ships, the medallion helps travelers unlock doors and pay for goods.  But here it does much more.  It can alert crew to know who guests are as they approach.  Guests preferences — such as dietary restrictions and dining reservations — will also be part of the information crew members see on tablets populated with information from the medallions.
The more cruisers do, the more the medallion knows what they like and the more customized their experience becomes.

Watson wants your job!  
Japanese white-collar workers are already being replaced by artificial intelligence
   One Japanese insurance company, Fukoku Mutual Life Insurance, is reportedly replacing 34 human insurance claim workers with “IBM Watson Explorer,” starting by January 2017.
The AI will scan hospital records and other documents to determine insurance payouts, according to a company press release, factoring injuries, patient medical histories, and procedures administered.  Automation of these research and data gathering tasks will help the remaining human workers process the final payout faster, the release says.
Fukoku Mutual will spend $1.7 million (200 million yen) to install the AI system, and $128,000 per year for maintenance, according to Japan’s The Mainichi.  The company saves roughly $1.1 million per year on employee salaries by using the IBM software, meaning it hopes to see a return on the investment in less than two years.
   Artificial intelligence systems like IBM’s are poised to upend knowledge-based professions, like insurance and financial services, according to the Harvard Business Review, due to the fact that many jobs can be “composed of work that can be codified into standard steps and of decisions based on cleanly formatted data.”  But whether that means augmenting workers’ ability to be productive, or replacing them entirely remains to be seen.

I wonder if he would like to talk to the Privacy Foundation?
Zuckerberg’s 2017 challenge is to meet and listen to people in all 50 states
   Facebook’s CEO Mark Zuckerberg is using his yearly challenge to educate himself on the needs and problems of his users around the United States.
   Zuckerberg writes “My work is about connecting the world and giving everyone a voice.  I want to personally hear more of those voices this year.”
   The pledge’s parallels to campaign tours might also draw speculation about whether Zuckerberg is seriously considering getting into politics.  The CEO filed documents asking Facebook’s board of directors to potentially allow him to work in government while retaining control of Facebook.  

Why India?  Just because of numbers? 
Google Turns Focus to India’s Small Businesses Amid Search for Users
Alphabet Inc.’s Google is ramping up its efforts to get India’s small businesses online, the latest step in its quest to win new users in the populous nation.
Google Chief Executive Sundar Pichai said on Wednesday that the Mountain View, Calif., company will launch later this year a tool that allows owners of small businesses that are now offline to create mobile-friendly websites for free.  Google says nearly three quarters of the country’s 51 million small businesses currently lack a web presence.
India will be the first country to get access to the feature, which will then be rolled out to other nations.

Amazon’s Third-Party Sellers Had Record-Breaking Sales in 2016 shipped 50 percent more items this holiday season than last for third-party vendors and doubled the amount for 2016 overall, the retail giant said on Wednesday.

Amazon’s robot army grows by 50 percent
The world’s largest e-commerce retailer said it has 45,000 robots in some 20 fulfillment centers.  That’s a bigger headcount than that of the armed forces of the Netherlands, a NATO member, according to World Bank data.  It’s also a cool 50 percent increase from last year’s holiday season, when the company had some 30,000 robots working alongside 230,000 humans.
We don’t know yet how many people Amazon is employing in the fourth quarter (that number is expected to be disclosed at the company’s earnings call in early 2017) so we can’t exactly compare the growth of the human versus the robotic workforce.  But from the fourth quarter of 2015 through the third quarter of 2016, Amazon reported a 46 percent, 12-month increase on average in staffers, not counting temporary recruits.

Maybe all my students could use this?
The strategies in this article may not add hours to your day, but you’ll be able to use the time you have more efficiently.

Tuesday, January 03, 2017

Another example of Russian hacking?  Hey, it sounds better than admitting the government is unable to keep their technology running. 
US Customs computer collapse leaves travellers waiting
A nationwide collapse of the US customs service computer system has left thousands of passengers lined up at airports awaiting clearance to officially enter the country, the authorities and US media said.
   A Customs and Border Protection department spokesman told NBC News that there had been a disruption at several airports and was "taking immediate action to address the technology disruption."

Because it’s important to Facebook! 
Know What Facebook Can See Inside Your Photographs
When you upload any photograph to your Facebook account, they look at the actual content of the photograph and try to determine what objects and scenes are inside the image.  You may not have added any description, yet Facebook can determine what that picture is all about.

Would this scare anyone familiar with guns and teenagers or just those who considered video games the gateway to mass murder? 
Is the take-home message that students should never criticize school personnel if they’ve ever worn a Soviet trench coat, or that they shouldn’t criticize gun control advocates?  Is this what we get when DHS issues lists of “warning signs” or “red flags” that could apply to so many people?  Or was the school right to want a psychiatric evaluation before letting the student back in school?  Would this have been better handled without police involvement? 
Eugene Volokh writes:
From M.V. v. Bd. of Ed. of the Borough of Manville, 2016 WL 7433235, a New Jersey administrative decision that stems from an incident that hit the news in September:
A teacher found a flash drive after school hours in a classroom, which she turned into the main office.  A staff person in the main office reviewed the flash drive.  It revealed satirical cartoon materials entitled Gun Control for Dummies.  It depicts alleged absurdities of gun control bans, specifically, various nationwide school incidents involving school attacks, with the perpetrators considering that the locations of the incidents had gun bans, providing the perpetrators with a degree of security that, “No one here can shoot back.”  The other cartoons had similar messages….
The staff person turned the material over to Ilana Kurtin, one of the school’s guidance counselors.  The staff at the main office or Ms. Kurtin, discovered that the flash drive belonged to [Frank Harvey].  She had previous experience with [Harvey].  She certified she knew him to be a loner, occasionally wore a Soviet trench coat and hat, and had a fascination with war and violent video games.  She related an incident from the previous year where [Harvey] critically commented on the staff’s inability to perform their jobs.
Read more on The Volokh Conspiracy.

Interesting.  Is this a response to all those nice Trump tweets?  (See Saturday’s blog)
With No Warning, House Republicans Vote to Gut Independent Ethics Office
House Republicans, overriding their top leaders, voted on Monday to significantly curtail the power of an independent ethics office set up in 2008 in the aftermath of corruption scandals that sent three members of Congress to jail.
The move to effectively kill the Office of Congressional Ethics was not made public until late Monday, when Representative Robert W. Goodlatte, Republican of Virginia and chairman of the House Judiciary Committee, announced that the House Republican Conference had approved the change.  There was no advance notice or debate on the measure.

Don’t we have enough trouble keeping our infrastructure maintained?
States Wire Up Roads as Cars Get Smarter
   Transit planners say these so-called smart roads will unlock bigger benefits from self-driving cars, including fewer accidents, faster trips and fuel savings.
So far, the technology is being built into just a few miles of highway in a handful of states, even as smartcars hit the roads.

Is Amazon taking on eBay and Craigslist?  Why start in India? 
You can now sell your old products on Amazon India
   Amazon has launched its "Sell as Individual" service in India, allowing users to sell their used goods.  The pilot program is currently operational in Bangalore.
Though still in the early phase, the move should worry Ebay, Quikr and Olx, some popular platforms in the space that allow individuals to sell their used products.
On its website, Amazon explains that people in Bangalore can list the products they want to sell and the company would handle the packaging and delivery of the product.
The products will be listed on the website, and when someone places an order for it, a representative from Amazon India would visit the seller and collect the product from their doorstep at their preferred time.

My students probably know all of these devices and Apps.  I sure don’t.
   As the popularity of cutting the cord continues to grow, so too do the number of apps and channels that offer a more “traditional” TV experience.
In this article, we’re going to introduce you to eight streaming apps that do all the hard work for you, allowing you to just sit back and relax while some televisual content washes over you.

Useful for programmers?
Whether you are an experienced Python developer, or you are just getting started, learning how to setup a virtual environment is essential for any Python project.  Join me as I cover everything you need to know about the Python virtual environment.

Monday, January 02, 2017

I thought this was a bit odd, but I didn’t expect the Post to fall for the “Russia did it” hysteria. 
Vermont Utility Refutes Reports of Russia Hacking U.S. Electric Grid
   The Washington Post has rewritten its story, clarifying that authorities had not actually found any evidence that the grid had been breached.  However, experts say even the new headline, “Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security,” is FUD.

Seems perfectly reasonable to me.  My Computer Security students will likely agree.  Why all the pushback?
New York State Imposes New Cybersecurity Regulation for Financial Services
New York State Department of Financial Services (DFS) has published its revised proposal for what it calls a 'first-in-the-nation cybersecurity regulation' for New York regulated financial services.  Publication was delayed by approximately one week following significant pushback from affected organizations on Dec. 22 2016.
"This updated proposal (PDF)," announced Financial Services Superintendent Maria T. Vullo, Dec. 28, "allows an appropriate period of time for regulated entities to review the rule before it becomes final and make certain that their systems can effectively and efficiently meet the risks associated with cyber threats."
   The new 14-page DFS regulation is effectively a very detailed high level security policy document.  It states what is required from financial services rather than how the requirements should be implemented.  As such it is yet another set of compliance regulations that relevant companies need to meet.
   In this instance, two of the main new requirements for New York financial institutions would be the need to employ a CISO; and the need for annual reports, effectively signed-off by the board with a certification document to be sent to the DFS.

Not sure my students are ready for this.  Interesting paper but I can’t find a link to the web App, so it may not be available yet. 
Paper – The legal macroscope: Experimenting with visual legal analytics
by Sabrina I. Pacifici on Jan 1, 2017
The legal macroscope: Experimenting with visual legal analytics, Nicola Lettieri, Antonio Altamura, Delfina Malandrino First Published December 28, 2016.
“This work presents Knowlex, a web application designed for visualization, exploration, and analysis of legal documents coming from different sources.  Understanding the legal framework relating to a given issue often requires the analysis of complex legal corpora.  When a legal professional or a citizen tries to understand how a given phenomenon is disciplined, his attention cannot be limited to a single source of law but has to be directed on the bigger picture resulting from all the legal sources related to the theme under investigation.  Knowlex exploits data visualization to support this activity by means of interactive maps making sense out of heterogeneous documents (norms, case law, legal literature, etc.).  Starting from a legislative measure (what we define as Root) given as input by the user, the application implements two visual analytics functionalities aiming to offer new insights on the legal corpus under investigation.  The first one is an interactive node graph depicting relations and properties of the documents.  The second one is a zoomable treemap showing the topics, the evolution, and the dimension of the legal literature settled over the years around the norm of interest.  The article gives an overview of the research so far conducted presenting the results of a preliminary evaluation study aiming at evaluating the effectiveness of visualization in supporting legal activities as well as the effectiveness of Knowlex, the usability of the proposed system, and the overall user satisfaction when interacting with its applications.”

My students do this, weather they mean to or not.
Think Like a Futurist to Be Prepared for the Totally Unexpected
   Predicting the future, it turns out, isn’t what futurists do.  And in a funny way, that’s what makes their work so vital.  Many futurists are convinced that, now more than ever, everyone needs to start thinking the way they do.
What futurists actually do is facilitate as groups of people work through a highly structured, sometimes months-long process of coming up with as many hypothetical futures as they can, in order to prepare for more or less anything.
   In the current moment, with political and economic uncertainty combining with rapid technological change, “it’s clear we’re not going to make it through this as passengers,” says Scott Smith, a futurist for 20 years and creator of the educational resource How To Future.

Perspective.  Clear charts if you want to grab them.
Facebook & Google dominate the list of 2016’s top apps
   Not surprisingly, Facebook again grabbed the number one spot on the list, with more than 146 million average unique users per month, and 14 percent growth over last year.  In fact, Facebook scored several spots on the top 10 chart, thanks to Messenger (#2) and Instagram (#8) – the latter which also showed some of the highest year-over-year growth, up 36 percent from 2015.
Messenger came in second place this year, with over 129 million average unique monthly users, followed by YouTube with over 113 monthly uniques.
However, it was Google, not Facebook, that grabbed the most spots on the year-end chart.
According to Nielsen, Google’s apps YouTube (#3), Google Maps (#4), Google Search (#5), Google Play (#6) and Gmail (#7) were among those people used the most throughout the year.
   Nielsen also took a brief glimpse into the state of smartphone penetration in the U.S., noting that 88 percent of mobile subscribers now use a smartphone, up from 86 percent at the beginning of the year.
Over half (53%) are on Android, with 45 percent on iOS, and just 2 percent on Windows Phone.  Blackberry is somehow still on the charts with a 1 percent share.