Saturday, August 19, 2017

Of course, they do.
Hackers Exploit Microsoft Word Auto-Updating Links To Install Spyware
A freelance security consultant and Handler at SANS Internet Storm Center has discovered a rather interesting exploit in Microsoft Word, one that allows an attacker to abuse the productivity program's ability to auto-update links.  This is a feature that is enabled by default—when you add links to external sources like URLs, World with automatically update them without any prompts.  Therein lies the issue.
   In this case, the Word files tries to access the malicious RTF file.  If it succeeds, it downloads a JavaScript payload.  According to Mertens, the link update is triggered without user interaction or without a prompt warning to the user that such an action will take place.

Getting serious about Cyber Security or merely politics?
CYBERCOM Just Got A Major Pentagon Promotion From The President
In a highly anticipated move, President Donald Trump announced on Aug. 18 that the U.S. Cyber Command would be elevated to the status of a “unified combatant command,” putting it on a par with the likes of Central Command and Special Operations Command.
   But its elevation by the president is the latest product of years of debates over how the United States should structure, support, and prioritize its cybersecurity operations — debates that will probably intensify now, rather than resolve themselves.
For example, Trump added in his statement that Defense Secretary James Mattis was looking into “the possibility of separating United States Cyber Command from the National Security Agency.”  Since its creation in 2009, CYBERCOM has lived under the NSA’s roof at Fort Meade, depended on NSA’s resources, and shared its commander with NSA, as well: The commanding officer of CYBERCOM has historically been the “dual hatted” NSA director.
There are plenty of pros and cons to a CYBERCOM-NSA split, most of which boil down to bureaucratic wranglings over who’s responsible for what and when.  But one issue that’s helped spur the divorce talk is the evolution of different missions for the two agencies.  NSA has historically operated as a “collection” entity, stealthily intercepting communications and hoovering up all the details in them.  CYBERCOM, on the other hand, has been trying its hand as a “disruption” entity, taking offensive actions against hackers and enemies.  It’s hard to run both kinds of ops on a single target through a single point of entry.

I haven’t made many comments about the capability of satellite imaging recently.  Apparently, at least one company has found even commercial grade images adequate for its purpose.
Roofr uses satellite imagery to evaluate the state of your roof
Roofr, which will be graduating from Y Combinator (YC) next week, developed a satellite imagery software that analyzes the state of your roof to determine whether it needs to be replaced.
   The Toronto-based startup offers customers a free online quote using its satellite imagery software, which takes the square footage and slope of the roof.  It is currently using a Google API to capture satellite images from Google Earth.
The team then connects customers with vetted contractors who provide full replacements for any type of roof, including cedar, slate, and metal.

Another step towards replacing lawyers with AI?  (Are you sure that’s a human Judge on the other end?) 
Chinese 'cyber-court' launched for online cases
China has launched a digital "cyber-court" to help deal with a rise in the number of internet-related claims, according to state media.
The Hangzhou Internet Court opened on Friday and heard its first case - a copyright infringement dispute between an online writer and a web company.
Legal agents in Hangzhou and Beijing accessed the court via their computers and the trial lasted 20 minutes.
The court's focus will be civil cases, including online shopping disputes.
Judges were sworn in and the first case was presented on a large screen in the courtroom.
   Defendants and plaintiffs appear before the judge not in person, but via video-chat.
   In some other countries, online portals to allow people to resolve legal disputes in cyber-space already exist.
Canada's Civil Resolution Tribunal starting accepting claims for $5,000 (£3,000) or less in British Columbia in June.

Perspective.  Because they succeeded they must be cheating? 
The walls are closing in on tech giants
Tech behemoths Google, Facebook and Amazon are feeling the heat from the far-left and the far-right, and even the center is starting to fold.
Why it matters: Criticism over the companies' size, culture and overall influence in society is getting louder as they infiltrate every part of our lives.  Though it's mostly rhetoric rather than action at the moment, that could change quickly in the current political environment.
Here's a breakdown of the three biggest fights they're facing.

(Related).  Is it really so hard to start a new company?
Trapped in Tech’s Unicorn Land
The land of unicorns looks considerably less magical these days.
Not that private investors have noticed. The IPO market remains anemic for technology companies, and the M&A market isn’t faring that much better.  Yet investors continue to pour money into venture-capital firms, and those firms continue to pour money into technology startups—even the so-called unicorns valued at more than $1 billion.

This has got to be better than forcing everyone in the room to listen to the entire score of Der Ring des Nibelungen each time you get a call.  (Okay, maybe not numbers 5 and 8)

Friday, August 18, 2017

It seems that Security is never considered when using a new technology.  Is there some assumption that someone else will take care of all that “Security Stuff?”  Also, what makes anyone believe that a password is sufficient security? 
A leading US supplier of voting machines confirmed on Thursday that it exposed the personal information of more than 1.8 million Illinois residents.
State authorities and the Federal Bureau of Investigation were alerted this week to a major data leak exposing the names, addresses, dates of birth, partial Social Security numbers, and party affiliations of over a million Chicago residents.  Some driver’s license and state ID numbers were also exposed.
Jon Hendren, who works for the cyber resilience firm UpGuard, discovered the breach on an Amazon Web Services (AWS) device that was not secured by a password.  The voter data was then downloaded by cyber risk analyst Chris Vickery who determined Election Systems & Software (ES&S) controlled the data. ES&S provides voting machines and services in at least 42 states.

Perfect for my Software Assurance class.
Well, this sounds like an epic FAIL on the City of Yonker’s part, doesn’t it?
City of Yonkers – Information Technology (Westchester County)
The IT department’s acceptable computer use policy was not signed or acknowledged by all employees and city officials have also not classified personal, private and sensitive information based on its level of sensitivity and the potential impact should that data be disclosed, altered or destroyed without authorization.  In addition, city officials have not ensured that employees received adequate cyber security training and have not adopted a breach notification policy or a disaster recovery plan.
You can access the full report here (.pdf).

Gosh, you don’t think the government would lie do you?  (Me too!) 
Dems want independent probe into FCC cyberattack
Democratic lawmakers are calling for an independent investigation into how the Federal Communications Commission responded to a reported cyberattack in May that crippled the agency’s comment filing system.
Sen. Brian Schatz (D-Hawaii) and Rep. Frank Pallone Jr. (D-N.J.) sent a letter to the Government Accountability Office (GAO) on Thursday that cast doubt on the FCC’s version of the incident.
“While the FCC and the FBI have responded to Congressional inquiries into these [distributed denial of service] attacks, they have not released any records or documentation that would allow for confirmation that an attack occurred, that it was effectively dealt with, and that the FCC has begun to institute measures to thwart future attacks and ensure the security of its systems,” the letter reads.
“As a result, questions remain about the attack itself and more generally about the state of cybersecurity at the FCC — questions that warrant an independent review.”

Perspective.  A partial list of victims.
NotPetya Attack Costs Big Companies Millions

Obvious security? 
Facebook Awards $100,000 Prize for Spear-Phishing Detection Method
   To test their method, the researchers analyzed more than 370 million emails received by a large enterprise’s employees between March 2013 and January 2017.
The first part of the detection method relies on the analysis of two key components: domain reputation features and sender reputation features.  The domain reputation feature involves analyzing the link included in an email to see if it poses a risk.  A URL is considered risky if it has not been visited by many employees from within an organization, or if it has never been visited until very recently.
The sender reputation feature aims to identify spoofing of the sender’s name in the From header, a previously unseen attacker using a name and email address closely resembling a known or authoritative entity, exploitation of compromised user accounts, and suspicious email content (i.e. messages that reference accounts and credentials, or ones that invoke a sense of urgency).

If it’s good enough for Russia…
Natalia Gulyaeva, Maria Sedykh, and Bret Cohen write:
On 31 July, the Russian data protection authority, Roskomnadzor, issued guidance for data operators on the drafting of privacy policies to comply with Russian data protection law.  Russia’s 2006 privacy law – Federal Law No. 152-FZ of 27 July 2006 “On Personal Data” (Personal Data Law) – requires, among other things, that Russian data operators must adopt a privacy policy that describes how they process personal data.  This notice requirement is similar to the approach in Europe.  Furthermore, data operators shall publish such a policy online when personal data is collected online or otherwise provide unrestricted access to the policy when personal data is collected offline.  The guidance – although non-binding and recommendatory in nature – emphasizes the regulator’s compliance expectations and should therefore be taken into account by organizations acting as data operators in Russia.

How to write Terms of Service?  More important: How to read them! 
2nd Circuit’s Uber arbitration ruling huge win for app industry
On Thursday, the 2nd U.S. Circuit Court of Appeals ruled that Uber user Spencer Meyer assented to the company’s mandatory arbitration requirement when he clicked a button to complete his registration for the Uber smartphone app.  The 2nd Circuit’s decision, written by Judge Denny Chin for a panel that also included Judges Reena Raggi and Susan Carney, rejected Meyer's argument that he wasn’t on fair notice of the arbitration provision because the Uber registration process presented the app’s terms of service only via hyperlink.  
That's great news for companies with smartphone apps – and not just because the court held that app purchasers can be bound by a “sign-in wrap” that folds assent to terms of service into registration for the app.  The 2nd Circuit also confirmed the obvious: Now that Internet-connected devices have become nearly ubiquitous, smartphone users ought to know that registering for an app has legal consequences.

A project for my students.
Algorithmic Transparency for the Smart City
by on
Brauneis, Robert and Goodman, Ellen P., Algorithmic Transparency for the Smart City (August 2, 2017).  Available at SSRN:
“Emerging across many disciplines are questions about algorithmic ethics – about the values embedded in artificial intelligence and big data analytics that increasingly replace human decision making.  Many are concerned that an algorithmic society is too opaque to be accountable for its behavior.  An individual can be denied parole or denied credit, fired or not hired for reasons she will never know and cannot be articulated.  In the public sector, the opacity of algorithmic decision making is particularly problematic both because governmental decisions may be especially weighty, and because democratically-elected governments bear special duties of accountability.  Investigative journalists have recently exposed the dangerous impenetrability of algorithmic processes used in the criminal justice field – dangerous because the predictions they make can be both erroneous and unfair, with none the wiser.  We set out to test the limits of transparency around governmental deployment of big data analytics, focusing our investigation on local and state government use of predictive algorithms.  It is here, in local government, that algorithmically-determined decisions can be most directly impactful.  And it is here that stretched agencies are most likely to hand over the analytics to private vendors, which may make design and policy choices out of the sight of the client agencies, the public, or both.  To see just how impenetrable the resulting “black box” algorithms are, we filed 42 open records requests in 23 states seeking essential information about six predictive algorithm programs.  We selected the most widely-used and well-reviewed programs, including those developed by for-profit companies, nonprofits, and academic/private sector partnerships.  The goal was to see if, using the open records process, we could discover what policy judgments these algorithms embody, and could evaluate their utility and fairness.  To do this work, we identified what meaningful “algorithmic transparency” entails.  We found that in almost every case, it wasn’t provided.  Over-broad assertions of trade secrecy were a problem.  But contrary to conventional wisdom, they were not the biggest obstacle.  It will not usually be necessary to release the code used to execute predictive models in order to dramatically increase transparency.  We conclude that publicly-deployed algorithms will be sufficiently transparent only if (1) governments generate appropriate records about their objectives for algorithmic processes and subsequent implementation and validation; (2) government contractors reveal to the public agency sufficient information about how they developed the algorithm; and (3) public agencies and courts treat trade secrecy claims as the limited exception to public disclosure that the law requires.  Although it would require a multi-stakeholder process to develop best practices for record generation and disclosure, we present what we believe are eight principal types of information that such records should ideally contain.”

Keeping my students busy.

For my Geeks.

A reminder.

Last chance to get eclipse glasses?
Community College of Denver Solar Eclipse Party
Community College of Denver will be setting up two telescopes to safely view the 93% partial solar eclipse on August 21st.  One telescope is a Coronado Solarmax 60mm with an H-alpha solar filter, the other is a 6" Celestron scope with a broadband solar filter.  Safe viewing glasses provided.

Thursday, August 17, 2017

They purchased a company with less than perfect security and paid an additional price for that mistake. 
Shipping company Maersk says June cyberattack could cost it up to $300 million
Container shipping company A.P. Moller Maersk on Tuesday said it expects that computer issues triggered by the NotPetya cyberattack will cost the company as much as $300 million in lost revenue.
"In the last week of the [second] quarter we were hit by a cyber-attack, which mainly impacted Maersk Line, APM Terminals and Damco," Maersk CEO Soren Skou said in a statement.  "Business volumes were negatively affected for a couple of weeks in July and as a consequence, our Q3 results will be impacted.  We expect that the cyber-attack will impact results negatively by USD 200-300m."
Maersk Line was able to take bookings from existing customers two days after the attack, and things gradually got back to normal over the following week, the company said.  It said it did not lose third-party data as a result of the attack.

A change is coming.  Is that good or bad?
Privacy and Court Records: Online Access and the Loss of Practical Obscurity
by on
Ardia, David S., Privacy and Court Records: Online Access and the Loss of Practical Obscurity (August 4, 2017).  University of Illinois Law Review, Vol. 2017, No. 5, 2017.  Available at SSRN:
“Court records present a conundrum for privacy advocates.  Public access to the courts has long been a fundamental tenant of American democracy, helping to ensure that our system of justice functions fairly and that citizens can observe the actions of their government.  Yet court records contain an astonishing amount of private and sensitive information, ranging from social security numbers to the names of sexual assault victims.  Until recently, the privacy harms that attended the public disclosure of court records were generally regarded as insignificant because court files were difficult to search and access.  But this “practical obscurity” is rapidly disappearing as the courts move from the paper-based world of the twentieth century to an interconnected, electronic world where physical and temporal barriers to information are eroding.  These changes are prompting courts — and increasingly, legislatures — to reconsider public access to court records.  Although this reexamination can be beneficial, a number of courts are abandoning the careful balancing of interests that has traditionally guided judges in access disputes and instead are excluding whole categories of information, documents, and cases from public access.  This approach, while superficially appealing, is contrary to established First Amendment principles that require case-specific analysis before access can be restricted and is putting at risk the public’s ability to observe the functioning of the courts and justice system.  This article pushes back against the categorical exclusion of information in court records.  In doing so, it makes three core claims.  First, the First Amendment provides a qualified right of public access to all court records that are material to a court’s exercise of its adjudicatory power.  Second, before a court can restrict public access, it must engage in a case-specific evaluation of the privacy and public access interests at stake.  Third, per se categorical restrictions on public access are not permissible.  These conclusions do not leave the courts powerless to protect privacy, as some scholars assert.  We must discard the notion that the protection of privacy is exclusively the job of judges and court staff.  Instead, we need to shift the responsibility for protecting privacy to lawyers and litigants, who should not be permitted to include highly sensitive information in court files if it is not relevant to the case.  Of course, we cannot eliminate all private and sensitive information from court records, but as long as courts continue to provide physical access to their records, the First Amendment does not preclude court administrators from managing electronic access in order to retain some of the beneficial aspects of practical obscurity.  By minimizing the inclusion of unnecessary personal information in court files and by limiting the extent of electronic access to certain types of highly sensitive information, we can protect privacy while at the same time ensuring transparency and public accountability.”

Do they blame the Russians?  Partly. 
Partisanship, Propaganda, and Disinformation: Online Media and the 2016 U.S. Presidential Election
by on
“The Berkman Klein Center for Internet & Society at Harvard University today released a comprehensive analysis of online media and social media coverage of the 2016 presidential campaign.  The report, “Partisanship, Propaganda, and Disinformation: Online Media and the 2016 U.S. Presidential Election,” documents how highly partisan right-wing sources helped shape mainstream press coverage and seize the public’s attention in the 18-month period leading up to the election.
“In this study, we document polarization in the media ecosystem that is distinctly asymmetric.  Whereas the left half of our spectrum is filled with many media sources from center to left, the right half of the spectrum has a substantial gap between center and right.  The core of attention from the center-right to the left is large mainstream media organizations of the center-left.  The right-wing media sphere skews to the far right and is dominated by highly partisan news organizations,” co-author and principal investigator Yochai Benkler stated.  In addition to Benkler, the report was authored by Robert Faris, Hal Roberts, Bruce Etling, Nikki Bourassa, and Ethan Zuckerman.
The fact that media coverage has become more polarized in general is not new, but the extent to which right-wing sites have become partisan is striking, the report says.  The study found that on the conservative side, more attention was paid to pro-Trump, highly partisan media outlets.  On the liberal side, by contrast, the center of gravity was made up largely of long-standing media organizations.  Robert Faris, the Berkman Klein Center’s research director, noted, “Consistent with concerns over echo chambers and filter bubbles, social media users on the left and the right rarely share material from outside their respective spheres, except where they find coverage that is favorable to their choice of candidate.  A key difference between the right and left is that Trump supporters found substantial coverage favorable to their side in left and center-left media, particularly coverage critical of Clinton.  In contrast, the messaging from right-wing media was consistently pro-Trump.”  Conservative opposition to Trump was strongest in the center-right, the portion of the political spectrum that wielded the least influence in media coverage of the election.  In this recently-emerged universe, Breitbart stands at the center of a right-wing media ecosystem and is surrounded by sites like Fox News, the Daily Caller, the Gateway Pundit, the Washington Examiner, Infowars, Conservative Treehouse, and Truthfeed, according to the report’s analysis.”

I’ve been trying to tell my International students about the rules of discovery.  They seem to find it a very difficult concept.
Waymo v. Uber: Judge says Uber lawyers ‘misled the court,’ wants to tell jurors so
Waymo may get an edge over rival Uber as the two head into an explosive trade secrets trial this fall after a federal judge on Wednesday said he’ll likely tell the jury how Uber’s lawyers “misled the court” and repeatedly failed to produce documents that could be important in the case. 
   Uber’s lawyers from Morrison & Foerster recently disclosed that their firm has some information taken from Levandowski’s electronic devices.  Waymo is convinced that information contains stolen documents, which it says Uber’s team spent months hiding from the court.
“Wrong,” Uber’s lawyer, Arturo Gonzalez, said Wednesday.  His firm has some information, he said, but not the allegedly stolen documents.
But U.S. District Judge William Alsup, who is presiding over the case, seemed to side with Waymo.
“I am concerned that Mr. Gonzalez failed to disclose that he had the documents and took a long time to come clean,” Alsup said.  “Maybe he can get on the stand and explain it away.  But I am inclined … to tell the jury exactly this scenario: that he was ordered to come clean, did not come clean, ordered to come clean again, and did not come clean — finally in June or July came clean.”

Might be amusing.
An Augmented Reality Hackathon for Teachers
Earlier this week I shared some ideas for creating and using your own augmented reality experiences in school.  Metaverse is the free platform that makes it possible for teachers and students to create their own augmented reality experiences.  If you haven't tried it yet, I highly recommend taking a crack at making your own augmented reality experience.  As some participants in my workshops this summer demonstrated, you really can create your own augmented reality experiences in as little as ten minutes.  Of course, the more time you spend using Metaverse, the more complex and robust you can make your augmented reality applications.
This weekend Metaverse is kicking-off a hackathon for teachers.  The Metaverse Hackathon starts on Saturday, August 19th and runs through Saturday, August 26th.  The purpose of the hackathon is to showcase the creative augmented reality experiences that teachers make for educational uses.  The winner of the Metaverse Hackathon will receive $200 in classroom supplies.  You can get all of the details and register for the Metaverse Hackathon here.  I can't wait to see what everyone creates.

Perspective.  Is this the start of something?   
How artists can (finally) get paid in the digital age

For all my students.
   everyone should check out Wolfram Alpha’s Problem Generator.  But every dumbfounded student knows that you need more than one lasso to tame the perils of mathematics… so enter Symbolab Math Solver.
   Symbolab is meant to be a search engine for discovering the meaning of an equation, and it helps you do that not with search keywords but with mathematical symbols.
   The step-by-step solution helps you work through the explanation.  You have the option to hide the steps and work through it on your own.  Here are some key features:
  • The engine has more than 300 calculators. You can use the calculators (and graphing calculators) to solve a variety of equations and download the results in PDF.
  • Pick a topic and practice math equations. You can choose from pre-algebra, matrices, vectors, functions, exponents, trigonometry, calculus, and word problems.
  • Test yourself with quizzes. Check your progress with the quizzes on the site and also make your own.
  • Download PDF Cheatsheets. Print them and carry them around for handy reference (not to cheat during your exams).
  • Save your work in an online notebook. Register for an account and save your practice problems in a personal notebook.
  • Create groups. Make your own group and interact with other students.

I’m beginning to think this is for real!
   MoviePass has actually been around for several years, but high prices and countless restrictions have prevented it from really taking off.  But that may all be about to change…
MoviePass is now offering unlimited movies in theaters for $9.95-per-month.  The only restrictions are that you’re limited to one film every day, and 3D and IMAX movies are off the menu entirely.  But beyond that it’s anything goes.  Which sounds too good to be true, to be honest.
How it works is that you pay MoviePass $9.95 every month via a debit card.  You then visit your local movie theater as usual, but MoviePass will pay for your ticket.  If you go once a month you’ll just about break even, but if you go more often than that you’ll be saving some serious cash.
This could be a win-win for everyone involved.  However, according to Variety, AMC is already trying to prevent MoviePass subscriptions from being used at its theaters.  The chain claims the pricing makes this an unsustainable model which will harm the movie business in the long run.

Wednesday, August 16, 2017

This nearly 500-page draft kind of sums everything up neatly.
NIST – Security and Privacy Controls for Information Systems and Organizations
by on
This publication provides a catalog of security and privacy controls for federal information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats including hostile attacks, natural disasters, structural failures, human errors, and privacy risks.  The controls are flexible and customizable and implemented as part of an organization-wide process to manage risk.  The controls address diverse requirements derived from mission and business needs, laws, Executive Orders, directives, regulations, policies, standards, and guidelines.  The publication describes how to develop specialized sets of controls, or overlays, tailored for specific types of missions and business functions, technologies, environments of operation, and sector-specific applications.  Finally, the consolidated catalog of controls addresses security and privacy from a functionality perspective (i.e., the strength of functions and mechanisms) and an assurance perspective (i.e., the measure of confidence in the security or privacy capability).  Addressing both functionality and assurance ensures that information technology products and the information systems that rely on those products are sufficiently trustworthy.” 

Helping my students understand the need to design security and privacy into systems from the beginning.  And to provide some kind of Metric as part of the design! 
Uber Settles FTC Allegations that It Made Deceptive Privacy and Data Security Claims
Uber Technologies, Inc. has agreed to implement a comprehensive privacy program and obtain regular, independent audits to settle Federal Trade Commission charges that the ride-sharing company deceived consumers by failing to monitor employee access to consumer personal information and by failing to reasonably secure sensitive consumer data stored in the cloud.

“We don’t care about this case, but…”
Apple, Facebook, Google and other tech giants tell the Supreme Court to protect cellphone data in a key, upcoming case
   The case before the nation’s justices is Carpenter vs. United States, and it stems from a 2011 investigation into a series of robberies in Detroit.  As part of the probe, law enforcement officials obtained information from nearby cell towers to determine the whereabouts of one of the suspects, Timothy Carpenter, without first obtaining a warrant.
As the Supreme Court considers the matter — including questions as to whether law enforcement must demonstrate probable cause before it can seek that location data — tech giants stressed in a new amicus brief that they “do not take a position on the outcome of this case.”
But the major players that signed it — including Airbnb, Cisco, Dropbox and Verizon, the only telecom giant to sign — do argue the need for greater Fourth Amendment safeguards “to ensure that the law realistically engages with Internet-based technologies and with people’s expectations of privacy in their digital data.”  

I want to play the “sound of doom” when my students open their exams.  Is that cruel?  I certainly hope so!
   The YouTube Audio Library launched in 2013 with 1,000+ free musical tracks.
   The channel now hosts more than five times that initial number.  All are high-quality 320 Kbps audio tracks and sound effects with a royalty-free license.

Another way to bug my students?

For the Movie Club. 
Ticket prices too high? MoviePass gets you into theaters for $10 a month
   even if audiences are currently fed up with the movie industry, a company called MoviePass is betting it can get them back in the seats, offering a movie a day for only $10 per month.
Founded in 2011, MoviePass is a subscription service that allows users to see movies in theaters (one movie per day) without buying a ticket each time.  Instead, the company pays for your ticket when you swipe your MoviePass card.
If it sounds crazy that a company could afford to let users watch movies every day for only $10 a month, it’s not.  The idea was similar to insurance: Not every user will actually see $10 worth of movies a month, so they end up subsidizing the users who do.
An iPhone or an Android phone is required to use MoviePass.

Because research should be cheap?  No doubt it’s the paid opinion that will sink your case. 
Free Law Project – We Have Every Free PACER Opinion on
by on
“At Free Law Project, we have gathered millions of court documents over the years, but it’s with distinct pride that we announce that we have now completed our biggest crawl ever.  After nearly a year of work, and with support from the U.S. Department of Labor and Georgia State University, we have collected every free written order and opinion that is available in PACER.  To accomplish this we used PACER’s “Written Opinion Report,” which provides many opinions for free.  This collection contains approximately 3.4 million orders and opinions from approximately 1.5 million federal district and bankruptcy court cases dating back to 1960.  More than four hundred thousand of these documents were scanned and required OCR, amounting to nearly two million pages of text extraction that we completed for this project.  All of the documents amassed are available for search in the RECAP Archive of PACER documents and via our APIs.  New opinions will be downloaded every night to keep the collection up to date.”

So that’s where my students got the idea!

Tuesday, August 15, 2017

Continuing our discussion of management decisions that were (or should have been) obviously wrong. 
Costco made $3.7 million selling ‘Tiffany’ rings. Now it must pay $19 million to the real Tiffany.
Costco must pay the storied jewelry company Tiffany & Co. more than $19 million for selling about 2,500 diamond rings falsely identified on store signs as “Tiffany” rings, a federal judge ruled Monday.
Costco’s management “displayed at best a cavalier attitude toward Costco’s use of the Tiffany name in conjunction with ring sales and marketing,” U.S. District Judge of the Southern District of New York Laura Taylor Swain wrote in her opinion.
   Swain wrote Costco “provided credible evidence” of the practice of using the terms “Tiffany setting” and “Tiffany style” generically throughout the jewelry industry.
The problem is Costco only used the word “Tiffany” when describing the rings in its signage, suggesting they were made by the jeweler rather than an imitation of its famous design.

This is obvious, isn’t it?
Judge says LinkedIn can't block startup from user’s public data
Judge Edward Chen in the northern district of California granted hiQ labs, an employment startup, a preliminary injunction that forces LinkedIn to remove any barriers keeping hiQ from accessing public profile information within 24 hours. 
HiQ’s operations depend on its ability to access public LinkedIn data.  The company sells analytics to clients including eBay, Capital One and GoDaddy that aim to help them with employee retention and recruitment. 
   LinkedIn argued that users might not want to have employers tracking changes on their profiles, for example if they are seeking a new job.
In his order, Chen argued that LinkedIn’s argument was flawed.
   HiQ argues that Linkedin’s attempts to limit the startup’s ability to use public profile data is anti-competitive and is a violation of so-called data-scrappers free speech rights.

Taking the lead from the President or something DoJ thought up on their own? 
DreamHost fights government request seeking 1.3 million IP addresses of DisruptJ20 website visitors
Webhosting service DreamHost has said that the U.S. Department of Justice (DOJ) has requested information on everyone who visited, a website that was set up to organize political protests against the U.S. administration. 
   Central to the request was information on the website itself and its owner, but where things get contentious is in relation to the site’s visitors.  According to DreamHost, the DOJ’s request includes 1.3 million IP addresses covering each device that connected to the website.  This was in addition to “…contact information, email content, and photos of thousands of people — in an effort to determine who simply visited the website,” according to a blog post.  “This is, in our opinion, a strong example of investigatory overreach and a clear abuse of government authority,” the DreamHost statement added.
After challenging the DOJ’s request based on the “overbreadth” of the warrant, DreamHost received a copy of an “order to compel” filed by the DOJ in the Superior Court of the District of Columbia that sought to dismiss DreamHost’s counterarguments.  Last week, DreamHost filed its legal arguments in response.

Will this improve health or allow Aetna to more accurately calculate their risk? 
Apple and Aetna reportedly held secret meetings, plan to offer Apple Watch to 23 million insurance customers
Top executives from both companies met last Thursday and Friday in Southern California, according to CNBC. Myoung Cha, who heads up Apple’s special health projects, led the talks, with hospital chief medical information officers from across the U.S. also in attendance.
   Aetna currently provides the Apple Watch to its more than 50,000 staffers.  The Hartford, Conn.-based insurance company also announced last September that it would subsidize the cost of Apple Watches for select large employers and individual customers.

(Related)  True or not, would this change the perception of Apple/Cisco security? 
Apple and the future of the insurance industry
   Apple CEO Tim Cook joined Cisco CEO, Chuck Robbins at Cisco Live to reveal the firms are working to deliver lower cost cybersecurity insurance to customers choosing to use Cisco equipment in combination with Apple kit.
"If your company is using Cisco and Apple, then the combination of these should make that insurance cost significantly less for you than it would if you were using some other personal network side and the other operating system in the mobile area," Cook said.
The idea is that insurers will be convinced to deliver lower premiums to enterprises who standardize around Apple/Cisco solutions.
Those who do will not be required to subsidize those who choose to use less secure combinations.

A great victory for the Dear Leader!  And no doubt the President will take full credit for it.
North Korea Stands Down On Threat To Guam

This has not been a problem with my students, but it might be useful in other classes.
Library Guides for Detecting Fake News – AALL Spectrum July 2017
by on

I would never, ever do this. 

I should remind my students, but I bet they all know about this.

Monday, August 14, 2017

Every class I teach is impacted by Big Data.  Remember, I started with 80 column punch cards.
New on LLRX – Even When Big Data Favors Your Clients, Doesn’t Mean You’ll Sleep at Night
by on
Via LLRX.comEven When Big Data Favors Your Clients, Doesn’t Mean You’ll Sleep at Night: Attorney Carolyn Elefant discusses what she has learned from her recent experience with data-driven decision making – specifically, although data improves the accuracy of predictions, it doesn’t remove all risk.

Quasi-vigilante?  Name someone you think might have been there?  With a little tech (Phones that record video, video editors that can isolate a face, facial recognition) this could become a popular game.  Looks like it’s back to those pointy hood for these people. 
Yes, You're Racist: Twitter user names Virginia protesters
The internet gave white nationalists a platform to organize their Unite The Right rally in Charlottesville, Virginia. It's also giving counter-protesters a way to strip them of their anonymity. 
A Twitter account called Yes, You're Racist has been naming and shaming white supremacists who over the weekend protested a decision by Charlottesville to remove a statue of Confederate general Robert E. Lee.
The user of the account on Saturday asked followers, who currently total more than 240,000, to send names and social media profiles of anyone they recognized at the protests.  The site has identified at least nine protesters so far.
   The rapid use of Twitter to crowdsource the identification of rally participants in real time marks a new use of the platform.  Twitter has strict rules about disclosing personal information, such as intimate photos, Social Security numbers and financial information.  Identifying individuals from photographs taken in public settings, such as the rally, doesn't appear to violate those rules. 

I haven’t seen much evidence of this.
Another view on the Google book scanning project
by on
What Happened to Google’s Effort to Scan Millions of University Library Books?: “…many librarians and scholars see the legacy of the project differently.  In fact, academics now regularly tap into the reservoir of digitized material that Google helped create, using it as a dataset they can query, even if they can’t consume full texts.  It’s a pillar of the humanities’ growing engagement with Big Data….  That rich resource has been put to several good uses.  Through the HathiTrust Research Center, scholars can tap into the Google Books corpus and conduct computational analysis—looking for patterns in large amounts of text, for instance—without breaching copyright.  And print-disabled users can use assistive technologies to read scanned books that might otherwise be difficult if not impossible to find in accessible formats…”

Marketing gone to the dogs.  I’m guessing they mean “wet dog” smell? 
Celebrate National Dog Day with 'new dog smell' air fresheners
Now you can have your car smell like your best friend or fur baby.  For National Dog Day on August 26 -- yes, that's a real thing and should be a federally recognized holiday -- you'll be able to claim a free "new dog smell" air freshener from Autotrader.
It might seem like a cheap gimmick to get readers to click on a site, but it's for a good cause.  For every doge-smelling air freshener, Autotrader will donate to  You'll be able to claim your air freshener and contribute to the cause at this link starting on August 24.

Sunday, August 13, 2017

Free Speech, as long as it complies with the Terms of Service?
Twitter users want Trump’s account suspended for ‘threatening violence’ against North Korea
Can a president be suspended from Twitter for threatening to attack another country?
That's what some Twitter users, including actor and former Barack Obama aide Kal Penn, are demanding, after President Trump tweeted Friday morning that U.S. “military solutions are now fully in place, locked and loaded, should North Korea act unwisely.”
Critics of the president's tweet say the rhetoric reflects a threat of violence against North Korea that violates Twitter's rules and terms of service.

Keeping up with your competitors or looking for ideas to steal?  Call it “surveillance of the competition?”  
Facebook’s Onavo Gives Social-Media Firm Inside Peek at Rivals’ Users
Information from data-security app shows company what people do on their phones beyond suite of firm’s apps
Months before social-media company Snap Inc. publicly disclosed slowing user growth, rival Facebook Inc. already knew.
Late last year, Facebook employees used an internal database of a sampling of mobile users’ activity to observe that usage of Snap’s flagship app, Snapchat, wasn’t growing as quickly as before, people familiar with the matter said.

A cutesy article or a look into the future of IoT?  
10 ‘smart’ gadgets that are just plain dumb

My wife purchased a Thundershirt for her Border Collie.  It seems to relax my wife more than the dog.