Saturday, September 30, 2017

Not a breach, but it was software related… I wonder how much they thought the cheating software was going to save them?
Volkswagen diesel emissions fixing bill hits $30bn
The diesel emissions cheating scandal will cost Volkswagen an extra $3bn (€2.5bn), because engines are proving "far more technically complex and time consuming" to adapt the company said.
The additional cost, for fixing engines in the United States, takes the total bill to $30bn.
… Shares in the German carmaker initially fell sharply on Friday although they later recovered most of the lost ground.
"This is yet another unexpected and unwelcome announcement from VW, not only from an earnings and cash flow perspective but also with respect to the credibility of management," said Arndt Ellinghorst, analyst at Evercore ISI.
VW first admitted in September 2015 that it had used illegal software to cheat US emissions tests.

Is Russia saying the US is already doing this? Are they worried that we might? Perhaps it isn’t fake news after all?
Russia warns US not to take action against its media outlets
Russia is warning the U.S. not to take action against its government-backed media outlets, such as RT and Sputnik, threatening retaliation, CNN reports.
"When it comes down to a fight with no rules, when the law is twisted and turned into an instrument for the destruction of a TV company, every step against a Russian media outlet will be met with a corresponding response," said Russian Foreign Ministry spokeswoman Maria Zakharova on Thursday.
"And whom this response will be aimed at, that is what Washington needs to figure out as well," she added. "The clock is ticking."

For my Statistics class. (And for my amusement)
Got the munchies? These are the best fast food joints, ranked by pot smokers
McDonald’s just received a big nod from what is becoming an influential consumers group -- weed smokers.
In a study conducted by the industry site Green Market Research, McDonald’s was the fast food of choice for legal cannabis consumers -- and by a wide margin.
Over the four week study period, 43 percent of legal marijuana customers said they had eaten at McDonald’s.
By contrast, Taco Bell came in second at just 18 percent and Wendy’s was in third place with 17.8 percent. Burger King and Subway round out the top five.

It might be fun to have my students do this as a project. Marketing themselves.
Top Tips to Create Facebook Videos to Market Your Business (Infographic)

For the student toolkit. My students often take pictures of the whiteboard (esp. in Math classes). These might be better tools.
Gone are the days of taking documents to the library to scan or spending a bunch of money on a scanner for your home. You can find many applications for Android, iOS, and Windows that put scanning at your fingertips no matter where you go.
These seven awesome apps provide more than just scanning. They are smart enough to adjust and correct items for you, let you save them where you need to, and are perfect for both business and personal use.

Friday, September 29, 2017

Sound familiar?
Whole Foods is investigating a credit-card security breach
The grocery chain, which Amazon acquired for $13.7 billion in late August, announced Thursday it "recently received information regarding unauthorized access of payment card information."
People who only shopped for groceries at Whole Foods should not be affected, according to the company, which said only venues such as taprooms and table-service restaurants located within stores — which use a different point-of-sales system — were affected.

Something for my Computer Security students.
There are a lot – too many – sites where you can look up individuals’ information.
If you haven’t seen this one already, check out and see if you or your family members have personal information revealed there.
If you find yourself in their records and you want to get your information OUT of there, see:

Welcome to the “Internet of Advertising.”
I used to love just jumping in the car and heading out for an open road. At worst, I’d have to worry about radar traps. Nowadays, it’s smart billboards, license plate readers, and God knows what else.
Joe Cadillic writes:
Imagine driving down a highway and seeing a personalized billboard ad directed at you. Now imagine advertisers using billboards to send messages to your smartphone.
That’s the future of’ ‘advertised spying’ in America. (Yes, I made that term up.)
An article in McClatchy, warns that a new generation of “smart digital billboards will detect the make, model and year of oncoming vehicles and project ads tailored to the motorist.”
The article ominously warns, that smart billboards can guess a motorist’s home address, age, race and income level based on the vehicle they are driving. And also claims, advertisers will be able to send messages to a person’s smartphone as they pass by a smart billboard.
Read more on MassPrivateI.

We don’t have enough yet to form a clear picture of the users of Facebook or Twitter (and what else?) Perhaps it will take a serious academic study, because the intelligence services aren’t going to publish their tricks. What? You thought the US was above such tampering? Silly you!
Twitter says it has found 201 Russia-linked accounts
Following Facebook’s own disclosure, Twitter says that it has identified more than 200 accounts on its service that are linked to Russia. Using the approximately 450 accounts that Facebook shared as part of its own review, Twitter says it found 201 corresponding accounts on its own service. It has also been transparent about advertisements purchased by the Russian publication Russia Today (RT).
… In addition, Twitter says that post-Soviet states and Russia have long been responsible for the majority of spammy and automated content on its platform. The company has automated systems in place to try to catch this kind of content, and it takes down in excess of 3.2 million of these accounts across the world every week. However, Twitter says that it is planning to roll out several changes to the ways it detects suspicious and otherwise spam-ish activity on the service.

(Related). Are all of these Twitter users Russians or merely Russian dupes?
Study: Twitter users shared more 'junk news' than real stories during the 2016 election
During the height of the 2016 campaign, Twitter users shared more “misinformation, polarizing and conspiratorial content,” than actual news stories, an Oxford University study released Thursday says.
Researchers found that voters on Twitter shared large amounts of content linked to Russia, Wikileaks and other “junk news sources,” with the help of bots — automated Twitter accounts, programmed to simple tasks like spread news.
The study also found that levels of misinformation on Twitter were higher on average in swing states than in than in uncontested states. Researchers culled the information from 22,117,221 tweets collected between Nov. 1 and Nov. 11.
The Senate Intelligence Committee’s top Democrat, Sen. Mark Warner (Va.) ripped Twitter after the company shared its analysis with the committee.
Their response was frankly inadequate on almost every level,” he said after the briefings.

Understand what you regulate? Not in this administration.
FCC Chairman wants Apple to enable FM in iPhones for emergencies (update)
… FCC Chairman Ajit Pai is asking Apple to activate these FM chips already in iPhones. "Apple is the one major phone manufacturer that has resisted (activating the chips)," said Pai in a statement. "But I hope the company will reconsider its position, given the devastation wrought by Hurricanes Harvey, Irma, and Maria."
Update: Apple has responded to Pai's request with the statement below, claiming that its most recent models don't actually have FM capability which exec Phil Schiller also noted in a tweet.

To inspire my students.
How Sarahah became one of the most popular iPhone apps in the world
The App Store's most popular free app isn't what you think it is.
It's called Sarahah, and in the past week, it's surged to the top of the App Store in regions like Australia, Ireland, the U.S, and the UK.
Created by Saudi Arabian developer Zain al-Abidin Tawfiq, the app is essentially a social network that lets you send and receive anonymous messages.

This records only what you click on, so it might be useful to demo selected features of a website.
Webrecorder – Create high-fidelity, interactive web archives of any web site you browse
by Sabrina I. Pacifici on Sep 28, 2017
Webrecorder is both a tool to create high-fidelity, interactive web archives of any web site you browse and a platform to make those recordings accessible.”

Thursday, September 28, 2017

How do you control vendor security?
Third-Party Cyber Risks a Rising Threat, Research Shows
The Ponemon study (PDF), commissioned by risk and compliance firm Opus, questioned 625 individuals familiar with their organizations' third-party risk management posture. The BitSight study (PDF) took a different approach and examined the visible security posture of more than 5,200 legal, technology, and business services companies known to be third-parties to finance organizations. Both surveys show a significant gap in the security posture of primary organizations and their third-party suppliers.
For many large organizations, this gap is increasingly exploited by malicious actors as the soft underbelly route into the company. The Ponemon study shows that this situation is, if anything, worsening; while the BitSight study highlights some of the security weaknesses commonly found in third-party vendors.
Ponemon found that 56% of respondents had suffered a third-party data breach in the last year -- an increase of 7% over the previous year.
Part of the problem is that organizations have little visibility of, or into, their supply chain. Fifty-seven percent of Ponemon's respondents don't have an inventory of the third-parties with which they share sensitive data, and the same number don't know if their suppliers' policies would prevent a data breach.

What have I been telling my Computer Security students?
The Strange Case of Gas Pumps & Bluetooth Skimmers
You might not think of an IEEE Summit as the most likely place to hear an intense talk about the lack of security at America's gas pumps, but that's exactly what happened last week at the The 38th IEEE Sarnoff Symposium in Newark, N.J.
Scott Schober, president and CEO of Berkeley Varitronics Systems (BVS) , used his 20 minutes on the podium to talk about how unsuspecting customers are putting themselves at risk using a debit or credit card at a gas pump in the US.
"Security and convenience don't go in hand-in-hand," he chided the crowd.
… A couple of people in the crowd asked about chip and PIN systems -- where you insert the card and it reads the chip rather than a magnetic strip -- and while Schober allowed that these were moderately more secure, he reminded people: "There's no chip and pin in any gas stations in the US," and there is unlikely to be until 2020.

Trends in cyber-crime.
DDoS Attacks More Likely to Hit Critical Infrastructure Than APTs: Europol
While critical infrastructure has been targeted by sophisticated threat actors, attacks that rely on commonly available and easy-to-use tools are more likely to occur, said Europol in its 2017 Internet Organised Crime Threat Assessment (IOCTA).
The report covers a wide range of topics, including cyber-dependent crime, online child exploitation, payment fraud, criminal markets, the convergence of cyber and terrorism, cross-cutting crime factors, and the geographical distribution of cybercrime. According to the police agency, we’re seeing a “global epidemic” in ransomware attacks.
When it comes to critical infrastructure attacks, Europol pointed out that the focus is often on the worst case scenario – sophisticated state-sponsored actors targeting supervisory control and data acquisition (SCADA) and other industrial control systems (ICS) in power plants and heavy industry organizations.

Is this their gameplan for November?
11 ways Facebook tried to thwart election interference in Germany
Facebook may have dropped the ball with the U.S. presidential election, but it was much better prepared for last weekend’s federal election in Germany. Today, Facebook outlined all its efforts to prevent malicious actors from meddling in the election.
“These actions did not eliminate misinformation entirely in this election – but they did make it harder to spread, and less likely to appear in people’s News Feeds,” wrote Richard Allan, Facebook’s VP of Public Policy for EMEA.
That includes:
  • Deleting tens of thousands of suspicious accounts
  • Fighting fake news in video and text clickbait
  • Showing alternative perspectives on news stories via Related Articles
  • Offering space where political parties could describe stances on core issues
  • Providing a comparison tool for the political parties
  • Launching an Election Hub to see which candidates were on the ballot
  • Sending in-app notifications for people to learn about and follow their newly elected leaders
  • Working with the German Federal Office for Information Security
  • Training political candidates about online security issues
  • Establishing a dedicated support channel for reports of election security and integrity issues
  • Giving news outlets access to its Berlin studio for distributing Facebook Live reports on election results

Just because this job is so rare…
Why your ‘personal’ data is anything but: Q&A with Washington state’s first chief privacy officer
In the digital age, it’s hard to know which data about ourselves is really ours. Who is allowed to have data on your internet use? Your shopping habits? What about data on your body, your voting record or how furniture is laid out in your home?
It may surprise you that various companies and government agencies around the U.S. may already have that data, even if you never consented to give it to them.
For Alex Alben, this is a huge problem. Alben is a privacy advocate and he’s Washington state’s first-ever chief privacy officer. It’s his job to try and protect the personal data and the privacy of citizens in Washington, and by extension, around the country.
We speak with Alben on this episode of the GeekWire Podcast to learn about how our personal data ends up in the hands of unfamiliar people, as well as what citizens and organizations can do to help protect privacy.

Equifax updates.
Equifax Will Offer Free Credit Locks for Life, New CEO Says
Equifax Inc. will debut a new service that will permanently give consumers the ability to lock and unlock their credit for free.
The service will be introduced by Jan. 31, Chief Executive Officer Paulino do Rego Barros Jr. wrote in a Wall Street Journal op-ed Wednesday, a day after taking the helm. The company will also extend the sign-up period for TrustedID Premier, the free credit-monitoring service it’s offering all U.S. consumers, he said.
… Most significantly, the service will be offered free, for life.”
… TransUnion, a rival credit-reporting company, also offers a free credit lock called TrueIdentity “and we have for some time,” company spokesman David M. Blumberg said in an emailed statement.
… A representative for Experian Plc, another rival, didn’t immediately return a message seeking comment.

(Related). Oh, the horror!
Equifax CEO to collect $90 million: report
… Smith, who announced his retirement Tuesday, will collect about $72 million this year and $17.9 million in coming years, according to Fortune. This reportedly adds up to about 63 cents for each customer who was potentially exposed in the company’s data breach.

I forget. What was this Tweet supposed to distract us from?
Trump suggests Facebook colluded with media against him
President Trump on Wednesday seemed to suggest that Facebook had colluded with the news media against him during the 2016 presidential race.
"Facebook was always anti-Trump. The Networks were always anti-Trump hence, Fake News @nytimes (apologized) & @WaPo were anti-Trump. Collusion?" the president tweeted.

(Related). And remember, he’s not running for office…
Zuckerberg defends Facebook against Trump attack
Mark Zuckerberg defended Facebook on Wednesday after President Trump accused the company of being “anti-Trump.”
Every day I work to bring people together and build a community for everyone,” Zuckerberg wrote on the site. “We hope to give all people a voice and create a platform for all ideas.”
Trump says Facebook is against him,” he continued. “Liberals say we helped Trump. Both sides are upset about ideas and content they don't like. That's what running a platform for all ideas looks like.”

The financial equivalent of a President Trump Tweet? Over the top?
In Boeing victory, U.S. Commerce Dept. slaps massive tariff on small jets from Canada’s Bombardier
… A decision in favor of Boeing was widely expected, but the size of the tariff imposed on Bombardier — 219.63 percent, to be precise — shocked all sides, especially the Canadians.
Mike Nadolski, Bombardier’s vice president of communications, called the amount “absurd and divorced from the reality about the financing of multibillion-dollar aircraft programs.”
In its petition, Boeing had asked for a 79 percent tariff because of the subsidies.

I’ll have to think about this. Should I create the dullest book ever? But it might be useful for pulling posts on specific topics.
Turn a Blog Into a Book
One of the reasons that I continue to encourage teachers to blog with students is that it helps to create a record of what your students have observed, learned, created, and shared throughout the school year. At the end of the year, you may want to take that blog and turn it into a physical item that your students can share with their parents. BlogBooker is a tool that can help you do that.
BlogBooker is a service that allows you to turn your the contents of your Blogger or WordPress blog into a PDF. Using BlogBooker is a fairly straight-forward process. BlogBooker walks you through each step of the process including the first step which is exporting the contents of your blog as an XML file. The second step is entering the URL for your blog. After completing those two steps just sit back and wait as BlogBooker creates a PDF or Word file based on the text and images in your blog posts.
The free version of BlogBooker limits you to three books and one year's worth of blog posts. There are upgrades available that will allow you to include more blog posts and will include higher resolution images.

Wednesday, September 27, 2017

Like many breach victims, Sonic did not detect their own breach.
Fast-food chain Sonic notified of unusual credit card activity
Sonic Corp said Tuesday that its credit card processor notified the company of unusual credit card activity at its drive-in restaurants.
The chain was informed that the activity could have affected a number of its payment systems, according to Reuters.
The news was first reported by security blog, KrebsonSecurity, who also claimed that the activity could have led to massive amounts of stolen credit and debit card numbers.
Sonic has more than 3,600 locations in 45 states across America, but there is no word yet on how many people may have possibly been affected.

Crime is becoming automated and therefore easier.
Europol Warns Banks ATM Cyber Attacks on the Rise
Previously criminals used physical 'skimming' devices or USB sticks or CDs to install malware within ATMs but since 2015 "a new and unnerving trend... has been picking up speed," Europol said in a 40-page report on the latest ATM crime trends.
"The criminals have realised that not only can ATMs be physically attacked, but it is also very possible for these machines to be accessed through the (bank's) network," the report said, which was published in conjunction with the Trend Micro security software company.
One of the tricks used by hackers is to send a so-called phishing email to bank employees which once opened, contains software to penetrate the bank's internal computer network.
Once the ATM has been targeted and told to dispense the money "standby money 'mules' will pick up the cash and go."

We need an App. We’ll worry about security when and if it bites us?
Stock trading apps rife with security problems, says new research
Top stock-trading mobile apps have security problems that are easy to uncover and exploit, to the point that they could be used to hijack accounts or profile victims for other types of crime, according to new research.
Alejandro Hernandez at IOActive looked at 21 top trading apps, including TD Ameritrade, Charles Schwab, E-Trade, Fidelity and others.
“It’s certainly worse than I was expecting,” he told The Hill.
Twelve of the 21 apps did not validate the security certificate for, making it possible for an attacker to eavesdrop or even alter logins or transactions.
Two did not use encryption at all.
All but one of the apps would operate on a phone that had been “rooted,” meaning that core permissions for who could have full access to the phone. Banking apps commonly will not operate on rooted phones.
Many apps saved passwords and account data in unencrypted text on the phone, placed data that should be kept secret into the source code in ways attackers could find it or contained other security flaws.

Should you assume this is happening in all Chinese (and other) Apps?
Android App Siphons Data on 200 Million Users
A popular Android keyboard application with over 200 million downloads was found gathering user information sending the data a remote server, Adguard reveals.
The offending application, GO Keyboard, has two versions available in Google Play, namely GO Keyboard - Emoji keyboard, Swipe input, GIFs and GO Keyboard - Emoticon keyboard, Free Theme, GIF, each with over 100 million downloads to date.
The keyboard is developed by Chinese firm GOMO, which has numerous applications in the mobile app store, under two developer accounts, namely GOMO Dev Team and GOMO Apps.
According to Adguard security researchers, the applications were designed to siphon a large amount of user data, including Google account emails, device language, IMSI, location, network type, screen size, Android version and build, and device model.
The data is gathered and sent to a remote server without explicit user consent, the researchers reveal. Furthermore, the practice also contradicts the application’s privacy policy, which claims that the software will never collect user personal information.

I suppose this will help them find terrorists who talk a lot about being a terrorist, but what about those who don’t?
DHS planning to collect social media info on all immigrants
The Department of Homeland Security has moved to collect social media information on all immigrants, including permanent residents and naturalized citizens.
A new rule published in the Federal Register last week calls to include "social media handles and aliases, associated identifiable information and search results" in the department's immigrant files.
BuzzFeed News first reported the new rule on Monday. It is set to go into effect on Oct. 18 after a public comment period.

Will this mean fewer, but more understandable Tweets from President Trump? Somehow, I doubt it.
Twitter just doubled the character limit for tweets to 280
… Twitter said today that it has started testing 280-character tweets, doubling the previous character limit, in an effort to help users be more expressive. “Our research shows us that the character limit is a major cause of frustration for people tweeting in English,” the company said in a blog post. “When people don’t have to cram their thoughts into 140 characters and actually have some to spare, we see more people Tweeting — which is awesome!”

How to tweet with 280 characters right now

Strange and interesting.
The Coming Software Apocalypse
A small group of programmers wants to change how we code—before catastrophe strikes.
There were six hours during the night of April 10, 2014, when the entire population of Washington State had no 911 service. People who called for help got a busy signal. One Seattle woman dialed 911 at least 37 times while a stranger was trying to break into her house. When he finally crawled into her living room through a window, she picked up a kitchen knife. The man fled.
The 911 outage, at the time the largest ever reported, was traced to software running on a server in Englewood, Colorado. Operated by a systems provider named Intrado, the server kept a running counter of how many calls it had routed to 911 dispatchers around the country. Intrado programmers had set a threshold for how high the counter could go. They picked a number in the millions.
Shortly before midnight on April 10, the counter exceeded that number, resulting in chaos. Because the counter was used to generating a unique identifier for each call, new calls were rejected. And because the programmers hadn’t anticipated the problem, they hadn’t created alarms to call attention to it.
… software becomes unruly because the media for describing what software should do—conversations, prose descriptions, drawings on a sheet of paper—are too different from the media describing what software does do, namely, code itself. Too much is lost going from one to the other.

For the student toolkit.
Do you need to digitize any printed text so you can maintain a soft copy of it? After all, there are a lot of advantages to going paperless. If so, all you need is an optical character recognition (OCR) tool.
We’ve covered several online OCR tools in the past, but nothing really beats the convenience of being able to digitize documents right from your Android phone.

Tuesday, September 26, 2017

Another attempt to find information for insider trading?
Nick Hopkins reports:
One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal.
Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.
One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.
Read more on The Guardian, and then see Brian Krebs’ report for additional details that dispute some of Deloitte’s statements, perhaps?

Update. When you have lost faith in management ability, offer the pretense of “retirement?” Say what you mean (and we all know you mean), fire the bum!
Equifax CEO retires after data breach
The chief executive officer of Equifax retired from the company after a data breach affecting approximately 143 million people was reported earlier this month.
Equifax’s board announced Richard Smith’s retirement, which is effective Tuesday, in a statement that also appointed an interim CEO.

No security by default? Probably as backwards as it can be!
Catalin Cimpanu reports:
During the past year, there has been a surge in data breach reporting regarding Amazon S3 servers left accessible online, and which were exposing private information from all sorts of companies and their customers.
In almost all cases, the reason was that companies, through their staff, left Amazon S3 “buckets” configured to allow “public” access. This means that anyone with a link to the S3 server could access, view, or download its content.
Read more on BleepingComputer.

It’s pretty simple to determine what was wrong based on the “fixes” management(?) immediately implements. Of course, they may still lack the understanding needed to really protect their data.
The SEC is hiring more cybersecurity help after breach that may have allowed hackers to profit from stock trades
… In the wake of the breach, the SEC is immediately hiring additional personnel to aid in its cybersecurity efforts, Clayton plans to tell the committee. “I also directed the staff to enhance our escalation protocols for cybersecurity incidents in order to enable greater agencywide visibility and understanding of potential cyber vulnerabilities and attacks,” he plans to testify.

It’s hard to be Big Brother. Narrowing the scope and eliminating pesky encryption makes the job far easier.
China Blocks WhatsApp, Broadening Online Censorship
… In mid-July, Chinese censors began blocking video chats and the sending of photographs and other files using WhatsApp, and they stopped many voice chats, as well. But most text messages on the app continued to go through normally. The restrictions on video, audio chats and file sharing were at least temporarily lifted after a few weeks.
WhatsApp now appears to have been broadly disrupted in China, even for text messages, Nadim Kobeissi, an applied cryptographer at Symbolic Software, a Paris-based research start-up, said on Monday. The blocking of WhatsApp text messages suggests that China’s censors may have developed specialized software to interfere with such messages, which rely on an encryption technology that is used by few services other than WhatsApp, he said.
“This is not the typical technical method in which the Chinese government censors something,” Mr. Kobeissi said. He added that his company’s automated monitors had begun detecting disruptions of WhatsApp in China on Wednesday, and that by Monday the blocking efforts were comprehensive.
… The censorship has prompted many in China to switch to communications methods that function smoothly and quickly but that are easily monitored by the Chinese authorities, like the WeChat app of the Chinese internet company Tencent, which is based in Shenzhen.

Is anything that a President of the United States says NOT newsworthy? The least they could do is point to the news President Trump is attempting to distract us from (and succeeding all too often).
Twitter pledges to update public policies after Trump threatens North Korea
Twitter didn’t act to remove President Donald Trump’s tweet threatening North Korea in part because it is newsworthy, the company said today. Twitter says it will update its public guidance on what factors may lead to a tweet being pulled from the platform — or allowed to stay on it — to include a consideration of newsworthiness, as part of an effort to make the rules clearer to users.

Okay, some people are more easily amused than I am.
Paper – Lawyers’ Abuse of Technology
by Sabrina I. Pacifici on Sep 25, 2017
Preston, Cheryl B., Lawyers’ Abuse of Technology (August 11, 2017). Cornell Law Review, Forthcoming; BYU Law Research Paper No. 17-25. Available at SSRN:
“The Article is a thorough analysis of how the current scheme for regulating lawyers has failed to adapt to technology and why that failure is disastrous. It discusses (1) why technology, electronic communications, and social media require specialized attention in lawyer regulation, (2) what mechanisms can be harnessed to meet this need, and (3) the (sometimes entertaining) ways in which lawyers’ use of emails, tweets, texts, social media, data storage, computerized research, and so forth cross the lines of ethical and professional values. The ABA recently amended the Model Rules to add the following language to the Comment of Rule 1.1: “[A] lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” A few lawyers are still behind in embracing the many technological tools available to assist in their practice. Others are taking full advantage of the benefits of technology – while turning a blind eye to the significant ethical and professionalism risks. In an area where the mistakes are easy to make and the resultant harms can be extensive and severe, lawyers need to be warned and trained; expectations need to be standardized, and those standards enforced. The need for formal guidance on the lines between appropriate and inappropriate electronic behavior is much more acute than the need for training with respect to long recognized practice hazards. As the recent ABA 20/20 Commission’s failures amply illustrate, the ABA cannot be expected to address the risks of technology within any reasonable time. While increasing pressure on the ABA to shore up the Model Rules, bar associations must take action now. One option is formal ethics opinions that a lawyers can research by jurisdiction, if the lawyer is alert enough to ask questions. A better option is a statement of best practices standards adopted by state, local, and practice group bar associations. Some jurisdictions already have professionalism and civility creeds, but almost all of these are devoid of guidance on technology use, as well as fraught with drafting and definitional problems. Standards need to be rewritten to clarify the nuances of technology use and ethics. This Article offers specific language to serve this purpose.”

Why we have so many Criminal Justice majors?
FBI Releases 2016 Report On Crime In The United States
by Sabrina I. Pacifici on Sep 25, 2017
“The Federal Bureau of Investigation today released the 2016 edition of its Crime in the United States (CIUS) report, a part of the FBI’s Uniform Crime Reports (UCR). The report, which covers January-December 2016, reaffirms that the worrying violent crime increase that began in 2015 after many years of decline was not an isolated incident. The violent crime rate increased by 3.4 percent nationwide in 2016, the largest single-year increase in 25 years. The nationwide homicide rate increased by 7.9 percent, for a total increase of more than 20 percent in the nationwide homicide rate since 2014…

It probably won’t help my Spreadsheet class.
The ultimate guide to searching CIA’s declassified archives
by Sabrina I. Pacifici on Sep 25, 2017
“While the Agency deserves credit for compiling a basic guide to searching their FOIA reading room, it still omits information or leaves it spread out across the Agency’s website. In one egregious example, the CIA guide to searching the records lists only three content types that users can search for, a review of the metadata compiled by Data.World reveals an addition ninety content types. This guide will tell you everything you need to know to dive into CREST and start searching like a pro.”

Free is good.
Get Office 365 for free
It's not a trial! Students and teachers are eligible for Office 365 for Education, which includes Word, Excel, PowerPoint, OneNote, and now Microsoft Teams, plus additional classroom tools. All you need to get started is a valid school email address. Get started.

Some free is better than others.
A Tribute to Our Readers
Today and tomorrow, we are offering open access to all of the articles, reports, videos, blogs, and essays we have published on our site. We do this as a show of appreciation for our readers, both old and new, without whom MIT SMR would not exist. There’s over 30 years’ worth of material on the site, so I encourage you to explore!

Monday, September 25, 2017

Why can’t it happen here?
It was not the first time Muhammad Rabbani had problems when returning to the United Kingdom from travels overseas. But on this occasion something was different — he was arrested, handcuffed, and hauled through London’s largest airport, then put into the back of a waiting police van.
… Particularly unusual about Rabbani’s case is that he had been stopped on many prior occasions — dating back to 2008 — and never before did police arrest him when he declined to turn over his phone or laptop passwords. He is already well known to the authorities due to his employment with Cage, and he has never been accused of involvement in any sort of terrorism plot.
… While the existence of Schedule 7 is widely known in the U.K., the government has kept secret some significant details about its function.
Those who are examined under the law will usually be searched and questioned by officers. Like Rabbani, they may also have cellphones or laptops they are carrying inspected or confiscated.
Unknown to people who have gone through this process, however, is that police may also have covertly downloaded the contents of their phone and sent copies to the British eavesdropping agency Government Communications Headquarters, or GCHQ.
Every month the agency was receiving a copy of phone data that had been “downloaded from people stopped at U.K. ports (i.e. sea, air and rail),” according to a classified GCHQ document obtained by The Intercept from Edward Snowden.

As long as you think it through…
The Ethics of Running a Data Breach Search Service
No matter how much anyone tries to sugar coat it, a service like Have I been pwned (HIBP) which deals with billions of records hacked out of other peoples' systems is always going to sit in a grey area. There are degrees, of course; at one end of the spectrum you have the likes of Microsoft and Amazon using data breaches to better protect their customers' accounts. At the other end, there's services like the now defunct LeakedSource who happily sold our personal data (including mine) to anyone willing to pay a few bucks for it.

Even systems that seem quite complex may be simple to break. Just saying.
Distrustful U.S. allies force spy agency to back down in encryption fight
An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies.
In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them.

As in ‘Standing?’
The Federal Trade Commission will host a workshop on informational injury on December 12, 2017. The FTC’s three main goals for hosting the workshop are to:
  1. “Better identify the qualitatively different types of injury to consumers and businesses from privacy and data security incidents;”
  2. “Explore frameworks for how the FTC might approach quantitatively measuring such injuries and estimate the risk of their occurrence;” and
  3. “Better understand how consumers and businesses weigh these injuries and risks when evaluating the tradeoffs to sharing, collecting, storing and using information.”
FTC Acting Chairwoman Maureen Ohlhausen announced the workshop during her speech [PDF] to the Federal Communications Bar Association, titled “Painting the Privacy Landscape: Informational Injury in FTC Privacy and Data Security Cases.” The speech focused on the five different types of consumer informational injury alleged in the FTC’s body of privacy and data security case law: (1) deception injury or subverting consumer choice; (2) financial injury; (3) health or safety injury; (4) unwarranted intrusion injury and (5) reputational injury.
Acting Chairwoman Ohlhausen noted that the FTC initiates many of its cases under the agency’s deception authority, stating that “from an injury standpoint, a company’s false promise to provide certain privacy or data security protections harms consumers like any false material promise about a product.” The Acting Chairwoman further highlighted that the most commonly alleged injuries in the FTC’s body of privacy and data security case law are financial injury and health and safety injury. She also emphasized that the type of injury is not dispositive in the FTC’s decision of whether to bring a privacy or data security case. The FTC also evaluates the strength of the evidence linked to the consumer injury, the magnitude of the injury (both to individuals and groups of consumers), and the likelihood of future consumer injury. In closing her speech, Acting Chairwoman Ohlhausen rhetorically raised three questions: (1) whether the list of consumer informational injuries is representative, (2) whether these or other informational injuries require government intervention, and (3) how the list maps to the FTC’s statutory deception and unfairness standards. Acting Chairwoman Ohlhausen plans to address these issues in depth at the December 12 workshop.

Too late for summer reading?
Life 3.0’ gives you a user’s guide for superintelligent AI systems to come
Do we need to be concerned about the rapid rise of artificial intelligence? Some people say there’s nothing to worry about, while others warn that a Terminator-level nightmare is dead ahead.
MIT physicist Max Tegmark says both sides of that argument are exaggerations.
In his newly published book, “Life 3.0: Being Human in the Age of Artificial Intelligence,” Tegmark lays out a case for what he calls “mindful optimism” about beneficial AI — artificial intelligence that will make life dramatically better for humans rather than going off in unintended directions.
Tegmark, who’s also the co-founder and president of the Future of Life Institute, says AI won’t be beneficial unless it incorporates safety measures yet to be developed.

Sunday, September 24, 2017

Convenience over security? I’ve got nothing to hide?
Moneycontrol reports:
WeChat has confirmed what has been rumoured all along i.e. it gives all user information to the Chinese government. The popular app in a privacy statement is now informing the users that virtually all the private user information will be disclosed to the authorities.
WeChat, owned by the Chinese firm Tencent, is a messaging app similar to the WhatsApp. With over 662 million users, the app, besides being the dominant messaging app in China, it is one of the largest in the world.

What we know about the 21 states targeted by Russian hackers
The Department of Homeland Security was short on details when it said Friday that it had notified 21 states of Russian efforts to hack their election systems in 2016. For one thing, the department didn't publicly identify the states. For another, it didn't say how many of the hacking attempts were successful — or to what degree.
Based on reporting by The Washington Post, Associated Press and other news outlets — plus statements issued by some state officials — we now have a complete list of the affected states. The Fix has mapped and categorized them, according to what we know about the success or failure of the cyberattacks.
Secretary of State Wayne W. Williams downplayed the hacking threat. “This was a scan, and many computer systems are regularly scanned,” he said in a statement. “It happens hundreds, if not thousands, of times per day. That's why we continue to be vigilant and monitor our systems around the clock.”

Perspective. An effective way to counter “fake news” on either side of the political spectrum? Is this really all it takes?
The mysterious group that’s picking Breitbart apart, one tweet at a time
Hardly anyone paid attention last November when a strangely named Twitter account, Sleeping Giants, sent its first tweet into the digisphere. “Are you aware that you’re advertising on Breitbart, the alt-right’s biggest champion, today?” read the tweet, aimed at a consumer lending outfit called Social Finance. “Are you supporting them publicly?”
Within 30 minutes, Social Finance replied, tweeting that it would stop running ads on Breitbart.
It was, it turns out, the start of an odd, and oddly effective, social media campaign against Breitbart, the influential conservative news site headed by Stephen K. Bannon, President Trump’s former campaign chairman and ex-chief White House strategist.
Sleeping Giants is a mysterious group that has no address, no organizational structure and no officers. At least none that are publicly known. All of its leaders are anonymous, and much of what it claims is difficult to independently verify. A spokesman for the group wouldn’t identify himself in interviews for this article.
But the group does have a singular purpose, pursued as relentlessly as Ahab chasing a whale: It aims to drive advertisers away from Breitbart. “We’re trying to defund bigotry,” the spokesman says.
Sleeping Giants’ basic approach is to make Breitbart’s advertisers aware that they are, in fact, Breitbart advertisers. Many apparently don’t know this, given that Web ads are often bought through third-party brokers, such as Google and Facebook. The brokers then distribute them to a network of websites according to algorithms that seek a specific target audience (say, young men) or a set number of impressions.
As a result of such “programmatic” buying, advertisers often are in the dark about where their ads end up. Advertisers can opt out of certain sites, of course, but only if they affirmatively place them on a blacklist of sites.

The music business is growing again — really growing — and it’s because of streaming
Familiar song, new tempo: Music streaming is big, and getting bigger fast. Digital downloads are falling off a cliff.
Oh, and one more familiar refrain: The music industry loves the money it’s getting from subscription services like Spotify and Apple Music, but it wants YouTube to pay them much more.
… More than 30 million people are now paying for a subscription streaming service in the U.S., which pushed streaming revenue up 48 percent, to $2.5 billion, in the first half of the year. Streaming now accounts for 62 percent of the U.S. music business.
… Retail sales were up 17 percent, to $4 billion, and wholesale shipments were up 14.6 percent, to $2.7 billion.
Meanwhile, iTunes-style digital download sales continue to fall. They’re down 24 percent. Because why buy songs for a dollar when you can legally stream (almost) anything you want for a price that ranges between zero and $10 a month?