Saturday, February 10, 2018

For my Computer Security and my Data Management students. Organizations rarely know what information has been accessed or downloaded immediately following the breach.
Equifax hack exposed more information than we thought, documents show
The credit-reporting company announced in September that the personal information of 145.5 million consumers had been compromised in a data breach. It originally said that the information accessed included names, Social Security numbers, birth dates, addresses and — in some cases — driver's license numbers and credit card numbers. It also said the personal information from thousands of dispute documents was accessed.
However, Atlanta-based Equifax Inc. recently disclosed in a document submitted to the Senate Banking Committee, which was shared with Associated Press, that a forensic investigation found criminals accessed other information from company records. That included tax identification numbers, email addresses and phone numbers. Details, such as the expiration dates for credit cards or issuing states for driver's licenses, were also included in the list.
… Equifax waited months to disclose the hack. After it did, anxious consumers experienced jammed phone lines and uninformed company representatives. An Equifax website set up to help people determine their exposure was described as sketchy by security experts and provided inconsistent and unhelpful information to many. The company blamed the online customer help page's problems on a vendor's software code after it appeared that it had been hacked as well.

I suspect US numbers would be similar.
The Canadian Press reports:
A new study suggests nearly 90 per cent of Canadian organizations suffered at least one security breach last year and sensitive data was exposed almost half of the time.
The survey found that one in five breaches was classified as “high impact” because sensitive customer or employee information was exposed.
Read more on Canadian Business.

Not sure I agree with the ECHR. I think Spain got it right.
DAC Beachcroft writes:
The use of hidden cameras did violate the right to privacy of employees who were dismissed for theft, according to the European Court of Human Rights.
The facts
A Spanish supermarket, MSA, identified discrepancies between stock levels and what was supposedly being sold in store. The monthly losses ranged from around €7,500 to €24,000. As part of an investigation, it installed surveillance cameras. Some of these cameras, aimed at detecting customer theft, were pointed towards the entrances and exits of the supermarket, and were visible. Other cameras, which zoomed in on the checkout counters and covered the area behind the cash desk, were hidden. These were aimed at detecting thefts by employees. MSA gave its workers prior notice of the installation of the visible cameras. Neither the workers nor the company’s staff committee were informed of the hidden cameras.
Read more on Lexology.

Similar to a case the US Supreme Court will decide soon.
Newfoundland Provincial Court refuses to issue production order for data stored in the U.S., expressly disagreeing with recent BCCA decision on point
Judge Wayne Gorman of the Newfoundland Provincial Court recently issued a decision on the extraterritorial reach of production orders seeking stored data. In the Matter of an application to obtain a Production Order pursuant to section 487.014 of the Criminal Code of Canada involved an investigation by the Royal Newfoundland Constabulary into an alleged case of cyber-extortion, in which nude pictures of a child were sent from somewhere in Newfoundland, via Facebook, and threats made to release the pictures publicly if money was not paid. The police applied for a production order compelling a company located in the United States (not Facebook, it would appear) to produce data, despite the fact that the company has no physical presence in Canada.

Free Money! Trust me!
'Nigerian Prince' Financial Scam Roars Back To Life In The Bitcoin Cryptocurrency Age
If you're well-seasoned internet user, surely you have seen scams over the years that revolved around a Nigerian prince who needs your help to move money out of the country. We all know that it is a scam, yet for a long time, people have fallen for it. That Nigerian Prince scam is now back and has a new twist while spreading via Twitter.
The scam sees nefarious users making Twitter handles that are very close to legitimate and well-known Twitter users. The scammer then responds to one of the real poster's tweets to give the appearance that they started the thread. The scammer then puts up a tweet offering to provide a Bitcoin "reward" to anyone who sends a smaller amount of cryptocurrency to a specific wallet.
Shockingly, people are falling for the scam, and then the scammer is reaping all the Bitcoin sent to the wallet without paying anything out. One of the scams impersonated Elon Musk and with his oddball persona it might be easy for some to see Musk giving away Bitcoin.
… "It's like a social media impersonation mixed with a classic Nigerian prince scam," says Crane Hassold, a threat intelligence manager at the security firm PhishLabs. "Twitter will likely start blocking the accounts making the posts, but the level of effort needed for this scam is so low that it'll probably be a cat and mouse game, and the return on investment at the beginning will be pretty good for the actor."

Will this be as much fun if it’s legal?
EFF Files For DMCA Exemption To Jailbreak Amazon Echo, Google Home, Apple HomePod
The jailbreaking community is alive and well, and people frequently install "unauthorized" software on their smartphones and tablets once they’ve cracked the bootloader. This practice is often frowned upon by device OEMs (especially Apple), but it is legal to do so under an exemption in Section 1201 of the Digital Millennium Copyright Act (DMCA).
The Electronic Frontier Foundation (EFF), however, wants to extend the exemption to include another hot segment in the consumer electronics market: smart AI speakers. That would means that owners of devices like the Amazon Echo, Google Home, and Apple HomePod would be free to hack into these devices to see what makes them tick without fear of retribution.

It’s a slapdown for management, but no managers were harmed?
Wells Fargo's Hard Slap From the Fed Is Going to Hurt
Wells Fargo was stunned by a blow dealt by the Federal Reserve at the beginning of February. In an unprecedented move, the Fed has prohibited the bank from growing its assets from the level they reached at the end of 2017, among other penalties.
… Wells Fargo's reputation has been in the doghouse since late 2016, when it was discovered that the bank opened millions of new accounts for existing customers. That wouldn't be a problem, except those clients apparently neither requested nor authorized them. Before long, it came to light that this "fake accounts scandal" was more widespread than first reported. All told, the bank admitted that around 3.5 million bogus accounts were created.
Wells Fargo soon dropped the ball again, and more than once. It was also accused of malfeasance with auto insurance products and, worse, mortgages – a crucial segment for the company.

Interesting idea. I’ll have to think about this one.
The End of Scale
For more than a century, economies of scale made the corporation an ideal engine of business. But now, a flurry of important new technologies, accelerated by artificial intelligence (AI), is turning economies of scale inside out. Business in the century ahead will be driven by economies of unscale, in which the traditional competitive advantages of size are turned on their head.
Economies of unscale are enabled by two complementary market forces: the emergence of platforms and technologies that can be rented as needed. These developments have eroded the powerful inverse relationship between fixed costs and output that defined economies of scale. Now, small, unscaled companies can pursue niche markets and successfully challenge large companies that are weighed down by decades of investment in scale — in mass production, distribution, and marketing.

Something I’ll point my student to when they complain that I take points off for poor writing.
Oxford comma dispute is settled as Maine drivers get $5 million
Ending a case that electrified punctuation pedants, grammar goons and comma connoisseurs, Oakhurst Dairy settled an overtime dispute with its drivers that hinged entirely on the lack of an Oxford comma in state law.
The dairy company in Portland, Maine, agreed to pay $5 million to the drivers, according to court documents filed Thursday.
The relatively small-scale dispute gained international notoriety last year when the U.S. Court of Appeals for the 1st Circuit ruled that the missing comma created enough uncertainty to side with the drivers, granting those who love the Oxford comma a chance to run a victory lap across the internet.
… The case began in 2014, when three truck drivers sued the dairy for what they said was four years’ worth of overtime pay they had been denied. Maine law requires time-and-a-half pay for each hour worked after 40 hours, but it carved out exemptions for:
The canning, processing, preserving, freezing, drying, marketing, storing, packing for shipment or distribution of:
(1) Agricultural produce.
(2) Meat and fish products.
(3) Perishable foods.
What followed the last comma in the first sentence was the crux of the matter: “packing for shipment or distribution of.” The court ruled that it was not clear whether the law exempted the distribution of the three categories that followed, or if it exempted “packing for” the shipment or distribution of them.
… Since then, the Maine Legislature addressed the punctuation problem. Here’s how it reads now:
The canning; processing; preserving; freezing; drying; marketing; storing; packing for shipment; or distributing of:
(1) Agricultural produce.
(2) Meat and fish products.
(3) Perishable foods.
So now we get to replace Oxford comma pedantry with semicolon pedantry.

These tools might help create an interesting project. Write about a Computer Security breach, pointing out all the obfuscation, blame shifting, lack of planning, etc.
Newspaper Templates for Google Docs & Word
This morning I answered an email from a reader who was looking for suggestions on tools that his students can use to collaboratively create a newspaper. My first suggestion was to try LucidPress. My second thought was to try using some Google Docs templates.
I didn't have any Google Docs templates of my own so I did a quick Google search for "newspaper templates Google Docs" and I found this collection put together by students at Westlake Girls High School in Auckland, New Zealand. There are ten newspaper templates in the collection. You can make your own copy of the templates by opening them and then selecting, "file" and "make a copy" in Google Docs.
If you're a Microsoft Word user, you can try these templates to create newsletters and newspapers. Word Online is free and supports collaborative writing too.
The person who emailed me this morning was going to use the newspaper templates in a history class to have students write articles as news reports about historical events.

Friday, February 09, 2018

I wonder if the FBI grabbed a copy?
Key iPhone Source Code Gets Posted Online in 'Biggest Leak in History'
Update, February 8, 08:27 a.m.: Apple filed a copyright takedown request with GitHub and forced the company to remove the code.
Someone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve.
The GitHub code is labeled “iBoot,” which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone.

Poor management! Still no ‘requirement,’ but we’ll fine you anyway?
Sean Tassi reports:
Until recently, colleges and universities that experienced a data breach had no unique reporting obligations to the U.S. Department of Education. Institutions were expected to analyze security incidents under applicable federal and state laws and, when appropriate, notify affected individuals and appropriate federal and state agencies. Because the Family Educational Rights and Privacy Act (FERPA) does not contain a breach reporting obligation, ED had taken the position that a report directly to ED was optional.
ED, however, has now changed its stance and has started levying Cleryesque fines — up to $56,789 per violation — against institutions that fail to report a data breach directly to ED. The importance of data security and the prevention of cybercrimes are unquestioned, but ED’s new stance on breach reporting raises practical problems.
Read more on Campus Technology.
[From the Article:
ED has taken an informal approach to notifying institutions about its new breach reporting expectations. Instead of publishing official guidance, ED is notifying institutions about the new obligations at Federal Student Aid conferences and via webinars (such as the Nov. 14, 2017 webinar available here.) Attendees are taking the mandate back to their campuses, but the change is being met with resistance from administrators and practitioners — in large part, because the new expectations contradict ED's previous written guidance in documents like the Data Breach Response Checklist published by ED's Privacy Technical Assistance Center in 2012 (which was still available on the PTAC's website as of the date that this article was written). ED's informal approach to notification means that some institutions likely do not know that ED's reporting expectations have changed and, more importantly, institutions will continue to be confused in 2018.

A long and detailed post. I’ve pulled some bits and pieces...
Camille Fischer writes:
This week, Senators Hatch, Graham, Coons, and Whitehouse introduced a bill that diminishes the data privacy of people around the world.
The Clarifying Overseas Use of Data (CLOUD) Act expands American and foreign law enforcement’s ability to target and access people’s data across international borders in two ways. First, the bill creates an explicit provision for U.S. law enforcement (from a local police department to federal agents in Immigration and Customs Enforcement) to access “the contents of a wire or electronic communication and any record or other information” about a person regardless of where they live or where that information is located on the globe. In other words, U.S. police could compel a service provider—like Google, Facebook, or Snapchat—to hand over a user’s content and metadata, even if it is stored in a foreign country, without following that foreign country’s privacy laws.
… This bill would also moot legal proceedings now before the U.S. Supreme Court. In the spring, the Court will decide whether or not current U.S. data privacy laws allow U.S. law enforcement to serve warrants for information stored outside the United States. The case, United States v. Microsoft (often called “Microsoft Ireland”), also calls into question principles of international law, such as respect for other countries territorial boundaries and their rule of law.
… The CLOUD Act would give unlimited jurisdiction to U.S. law enforcement over any data controlled by a service provider, regardless of where the data is stored and who created it. This applies to content, metadata, and subscriber information – meaning private messages and account details could be up for grabs

Thursday, February 08, 2018

When “Security” is not part of the design…
Automation Software Flaws Expose Gas Stations to Hacker Attacks
Gas stations worldwide are exposed to remote hacker attacks due to several vulnerabilities affecting the automation software they use, researchers at Kaspersky Lab reported on Wednesday.
The vulnerable product is SiteOmat from Orpak, which is advertised by the vendor as the “heart of the fuel station.” The software, designed to run on embedded Linux machines or a standard PC, provides “complete and secure site automation, managing the dispensers, payment terminals, forecourt devices and fuel tanks to fully control and record any transaction.”
Kaspersky researchers discovered that the “secure” part is not exactly true and more than 1,000 of the gas stations using the product allow remote access from the Internet. Over half of the exposed stations are located in the United States and India.
Before the research, we honestly believed that all fueling systems, without exception, would be isolated from the internet and properly monitored. But we were wrong,” explained Kaspersky’s Ido Naor. “With our experienced eyes, we came to realize that even the least skilled attacker could use this product to take over a fueling system from anywhere in the world.”
According to the security firm, the vulnerabilities affecting SiteOmat could be exploited by malicious actors for a wide range of purposes, including to modify fuel prices, shut down fueling systems, or cause a fuel leakage.

Why would a “sales partner” have access to this data? Sounds like they just gave them full access!
Jason Murdock reports:
A Swiss mobile phone operator has admitted its data systems were breached late last year and the contact details of about 800,000 customers were compromised.
Swisscom said on Wednesday (7 February) that the names, addresses, telephone numbers and dates of birth of customers were accessed by an unknown party, which got the data through a sales partner of Swisscom. The company was not named.
Read more on IBT Times.
[From the Article:
"Although the misappropriated personal data is classified as non-sensitive under data protection legislation, investigating the incident is a top priority for Swisscom," the notice continued. "The relevant partner company access was blocked immediately."
A number of changes have been made to "better protect access to such non-sensitive personal data by third-party companies," the company added.
The firm said changes included the introduction of two-factor authentication on sales partners' accounts and cutting back the ability to run high-volume queries.
It said any unusual activity on third-party accounts would now trigger an alarm and block access.

For my Computer Security students to consider. No new kinds of security, only failure to implement the old ones.
Surviving Your Digital Transformation
2018 is lining up to be the year of Digital Transformation. Just about every organization looking to remain viable in the growing digital marketplace has some sort of digital transformation in progress or one in the planning stages for this year. These projects range from implementing basic applications to better interact with online consumers, to converging OT and IT networks, or even pushing their entire infrastructure to the cloud.
But digital transformation without an equivalent security transformation is leaving organizations more vulnerable than ever.

It does not have to be ‘surveillance technology’ to be used for surveillance.
PinMe: Tracking a Smartphone User around the World
PinMe: Tracking a Smartphone User around the World. Arsalan Mosenia, Xiaoliang Dai, Prateek Mittal, Niraj Jha (Submitted on 5 Feb 2018). arXiv:1802.01468 [cs.CR]
“With the pervasive use of smartphones that sense, collect, and process valuable information about the environment, ensuring location privacy has become one of the most important concerns in the modern age. A few recent research studies discuss the feasibility of processing data gathered by a smartphone to locate the phone’s owner, even when the user does not intend to share his location information, e.g., when the Global Positioning System (GPS) is off. Previous research efforts rely on at least one of the two following fundamental requirements, which significantly limit the ability of the adversary: (i) the attacker must accurately know either the user’s initial location or the set of routes through which the user travels and/or (ii) the attacker must measure a set of features, e.g., the device’s acceleration, for potential routes in advance and construct a training dataset. In this paper, we demonstrate that neither of the above-mentioned requirements is essential for compromising the user’s location privacy. We describe PinMe, a novel user-location mechanism that exploits non-sensory/sensory data stored on the smartphone, e.g., the environment’s air pressure, along with publicly-available auxiliary information, e.g., elevation maps, to estimate the user’s location when all location services, e.g., GPS, are turned off.”

“We know what you like better than you know what you like.”
Fiction is outperforming reality’: how YouTube’s algorithm distorts truth
theguardian – An ex-YouTube insider reveals how its recommendation algorithm promotes divisive clips and conspiracy videos: “There are 1.5 billion YouTube users in the world, which is more than the number of households that own televisions. What they watch is shaped by this algorithm, which skims and ranks billions of videos to identify 20 “up next” clips that are both relevant to a previous video and most likely, statistically speaking, to keep a person hooked on their screen. Company insiders tell me the algorithm is the single most important engine of YouTube’s growth. In one of the few public explanations of how the formula works – an academic paper that sketches the algorithm’s deep neural networks, crunching a vast pool of data about videos and the people who watch them – YouTube engineers describe it as one of the “largest scale and most sophisticated industrial recommendation systems in existence”…

(Related) Can lots of data make a company creative?
Do you still use Yahoo? Do you still remember MySpace? Compaq? Kodak? The cases of startups with superior ideas dethroning well-established incumbents are legion. This is the beauty of “creative destruction” – the term coined by innovation prophet Joseph Schumpeter almost a century ago. Incumbents have to keep innovating, lest they be overtaken by a new, more creative competitor. Arguably, at least in sectors shaped by technical change, entrepreneurial innovation has kept markets competitive far better than antitrust legislation ever could. For decades, creative destruction ensured competitive markets and a constant stream of new innovation. But what if that is no longer the case?
The trouble is that the source of innovation is shifting – from human ingenuity to data-driven machine-learning. Google’s self-driving cars are getting better through the analysis of billions of data points collected as Google’s self-driving cars roam the street. IBM Watson detects skin cancer as precisely as the average dermatologist because it has been training itself with hundreds of thousands of skin images. Siri and Alexa are getting better at understanding what we say because they never stop learning. Of course, it takes plenty of talented, creative people to build these products. But their improvement is driven less by a human “aha-moment” than by data and improvements in how machines learn from it.

For my Data Management students.
Cliff Notes for Managing the Data Science Function
William Vorhies – Data Science Central: “There are an increasing number of larger companies that have truly embraced advanced analytics and deploy fairly large numbers of data scientists. Many of these same companies are the one’s beginning to ask about using AI. Here are some observations and tips on the problems and opportunities associated with managing a larger data science function.”

The simpler the better.
Common Craft Explains Blockchain
Turn on any of the 24/7 cable news networks today and you're likely to hear about Bitcoin and or blockchain. Bitcoin is in the news because of its wild fluctuations in value over the last year. Blockchain is what makes cryptocurrencies like Bitcoin possible. If that seems clear as mud, you should watch Common Craft's new video titled Blockchain Explained by Common Craft. The video does a great job of using a concept that we're all familiar with, ownership of physical property, to explain the Blockchain concept.
After watching Common Craft's video about blockchain, watch this video from Financial Post to learn how the blockchain concept is applied to Bitcoin and other cryptocurrencies.

Use the technology potential customers use.
TD Ameritrade to Allow Trading via Twitter
TD Ameritrade is letting customers initialize trades over Twitter, the latest attempt by the discount brokerage to attract digitally savvy and younger investors.
The firm’s Twitter “chatbot” resembles the one it launched via Facebook Messenger in August, and it is powered by an algorithm that produces “social signals.” The algorithm sifts through tweets and then rates the relevance of the information to provide “intelligence” to investors, such as volume spikes, live trading quotes and company news.

Perspective. Makes me feel very, very old.
5,000 single people have revealed what they think about calling and texting on a date and whether having sex with a robot is 'cheating'

Wednesday, February 07, 2018

Computer Security fails?
There’s nothing like some dramatic numbers to get attention to data breaches. Risk Based Security, Inc. has released their 2017 statistics, and yes, some of the numbers are dramatic. Here are just two snippets from their blog post about the report:
There were 5,207 breaches recorded last year, surpassing 2015’s previous high mark by nearly 20%. The number of records compromised also surpassed all other years with over 7.8 billion records exposed, a 24.2% increase over 2016’s previous high of 6.3 billion.
In addition to the number of breaches and amount of data lost, 2017 stood out for another reason. For the past eight years, hacking has exposed more records than any other breach type. In 2017, breach type Web – which is largely comprised of accidentally exposing sensitive data to the Internet – took over the top spot compromising 68.8% or 5.4 billion records. Hacking still remained the leading breach type, account for 55% of reported incidents, but its impact on records exposed fell to the number two spot, with 2.3 billion records compromised. For the first time since 2008, inadvertent data exposure and other data mishandling errors caused more data loss than malicious intrusion into networks.
Read more on RBS, where you can also learn how to obtain the full report.
I wish they had frequency data as well as percentages so that I could try to compare their data from the medical sector to what Protenus and found for our U.S. health data. But it appears that both studies found that hacking accounted for a smaller percentage of breached records in 2017 than they had in 2016, so there’s some consistency across methods and findings on that. The fact that we found breached records decreased in 2017 compared to 2016 differs from their overall finding, but is not surprising because the business sector accounts for so much of their data and findings and our data and findings are restricted to health data breaches in the U.S. Also of interest to me is their findings on internal-external. Our data in from health data studies has fairly consistently found that internal and external are fairly similar in frequency (although not in number of breached records). RBS’s report shows many more external incidents than internal ones.

Improving the Mark 1 Eyeball? Is this the equivalent of the Automatic License Plate Recognition systems in US Police cars or something far more sinister?
Chinese Police Go RoboCop With Facial-Recognition Glasses
As hundreds of millions of Chinese begin traveling for the Lunar New Year holiday, police are showing off a new addition to their crowd-surveillance toolbox: mobile facial-recognition units mounted on eyeglasses.
China is already a global leader in deploying cutting-edge surveillance technologies based on artificial intelligence. The mobile devices could expand the reach of that surveillance, allowing authorities to peer into places that fixed cameras aren’t scanning, and to respond more quickly.

Rebecca Hill reports:
South Wales Police deployed facial recognition technology in Cardiff this weekend, making multiple arrests using the controversial kit.
The force has been using an automated facial recognition (AFR) system since June last year, when it launched a pilot during the Champions League finals week.
Campaigners have also voiced concerns about the fact innocent people’s faces are being scanned against criminal databases, arguing this is edging the UK closer to a surveillance state.
“It is a great infringement of fans’ rights,” said Silkie Carlo, director of Big Brother Watch, adding that the police “have no clear basis” for using the tech.
Read more on The Register.

You can’t even park your car in private?
There are days when I think that if I keep reading Joe Cadillic’s stuff, I will go totally paranoid. Then I realize it’s not Joe who’s making me feel paranoid… it’s the police state government tactics he’s reporting on. And maybe we should all feel concerned about those.
Today, Joe writes:
As more and more cities and towns privatize everything, the use of smart meter parking apps (SMPA) continues to grow.
Which is a good thing right?
Wrong, cities and towns are using SMPA’s like ParkMobile, StreetLine, ParkMe, Park Smarter and SmartParking to collect all kinds of personal information.
According to numerous privacy policies, SMPA’s collect much more information than most people realize.
A look at ParkMobile’s privacy policy reveals the types of personal information SMPA’s collect.
Read more on MassPrivateI. Thumbs up to Joe for looking at these apps’ privacy policies and how lenient they are with respect to them turning over your personal information to law enforcement.
[From the article:
"Personal Information consisting of, at a minimum, your name, email address, mobile phone number, vehicle license tag number and issuing jurisdiction, Payment Method, Payment Information, Username and password. Over the course of your Use of the Platform, we may collect additional Personal Information such as: your mailing address, billing address, Transaction data; GPS data; information that you voluntarily provide like User Content; information received from your credit card provider, digital wallet, or financial institution".

Perspective. This should not surprise anyone. (I haven’t found the survey, yet.)
Survey says – digital technology may not always improve worker productivity – surprise!
Impact of technology on productivity depends on company culture: “Economists have been puzzled in recent years by the so-called “productivity paradox,” the fact that the digital revolution of the past four decades hasn’t resulted in big gains in output per worker as happened with earlier technological upheaval. Many developed economies have actually seen productivity stagnate or decline. A survey from Microsoft Corp. is bolstering one theory about this disconnect. In a poll of 20,000 European workers released Monday, Microsoft, which became one of the world’s most profitable companies by marketing office productivity software, acknowledges new digital technology can, in some circumstances, sometimes not lead to any increase in productivity and actually result in less employee engagement with their work.”
[From the article:
The survey also found digital culture had a big impact on how new technology changed employees’ feelings of engagement with their work. In businesses with a strong digital culture, increased use of technology also boosted employees’ feelings of passion and focus. But, in companies with a weak digital culture, it had the opposite effect: the more technology the company deployed, the less attached workers became.

How to win the next election?
Polarization, Partisanship and Junk News Consumption over Social Media in the US
“What kinds of social media users read junk news? We examine the distribution of the most significant sources of junk news in the three months before President Donald Trump’s first State of the Union Address. Drawing on a list of sources that consistently publish political news and information that is extremist, sensationalist, conspiratorial, masked commentary, fake news and other forms of junk news, we find that the distribution of such content is unevenly spread across the ideological spectrum. We demonstrate that (1) on Twitter, a network of Trump supporters shares the widest range of known junk news sources and circulates more junk news than all the other groups put together; (2) on Facebook, extreme hard right pages—distinct from Republican pages—share the widest range of known junk news sources and circulate more junk news than all the other audiences put together; (3) on average, the audiences for junk news on Twitter share a wider range of known junk news sources than audiences on Facebook’s public pages.” Vidya Narayanan, Vlad Barash, John Kelly, Bence Kollanyi, Lisa-Maria Neudert, and Philip N. Howard. “Polarization, Partisanship and Junk News Consumption over Social Media in the US.” Data Memo 2018.1. Oxford, UK: Project on Computational Propaganda.
“The Computational Propaganda Research Project (COMPROP) investigates the interaction of algorithms, automation and politics. This work includes analysis of how tools like social media bots are used to manipulate public opinion by amplifying or repressing political content, disinformation, hate speech, and junk news. We use perspectives from organizational sociology, human computer interaction, communication, information science, and political science to interpret and analyze the evidence we are gathering. Our project is based at the Oxford Internet Institute, University of Oxford.”

Russian Trolls Ran Wild On Tumblr And The Company Refuses To Say Anything About It
Russian trolls posed as black activists on Tumblr and generated hundreds of thousands of interactions for content that ranged from calling Hillary Clinton a “monster” to supporting Bernie Sanders and decrying racial injustice and police violence in the US, according to new findings from researcher Jonathan Albright and BuzzFeed News.
… “The evidence we've collected shows a highly engaged and far-reaching Tumblr propaganda-op targeting mostly teenage and twenty-something African Americans. This appears to have been part of an ongoing campaign since early 2015,” said Albright, research director of the Tow Center for Digital Journalism at Columbia University.

(Related) Harsh!
What to Do When Social Media Inspires Envy
If we’re Facebook friends, I probably hate you. Not all the time, but intermittently, and with the burning hatred that only envy can inspire.

For teachers with an Android phone?
Vysor - Mirror Your Android Device to Your Computer's Screen
Vysor is a program that makes it easy to mirror your Android phone or tablet to your Windows, Mac, Linux, or Chrome OS computer. To mirror your Android device to your computer you do have to install the Vysor software. After installing Vysor you can mirror your phone to your computer by simply connecting the two with a USB cable.
Vysor is offered in a free version and in a premium version. The free version mirrors via USB cable. The free version will also display an advertisement from time to time. I used the free version this afternoon during an hour long webinar and the advertisement only appeared twice. The premium version of Vysor offers wireless mirroring, no advertisements, and a drag-and-drop file transfer between your phone and computer.
Vysor is a convenient tool to have at your disposal when you want to demonstrate an Android app during a webinar as I did this afternoon. Vysor is also useful if you don't have another way to project your phone's or tablet's screen to an LCD projector. You can do that by mirroring your phone to your computer that is connected to a projector.

For my Pi Geeks.

Tuesday, February 06, 2018

Who enforces Net Neutrality in NJ?
ISPs must follow net neutrality in New Jersey, governor declares
New Jersey is enforcing net neutrality with a new executive order that requires ISPs to follow neutrality rules if they sell Internet service to state agencies.
The executive order announced today by Governor Phil Murphy is similar to ones previously signed by the governors of New York and Montana. States are taking action because the Federal Communications Commission repealed federal net neutrality rules.
The executive order says that New Jersey state agencies may only buy Internet service from ISPs that adhere to net neutrality principles. But the net neutrality protections will cover ordinary residents as well as government officials. That's because the order says that "adherence to 'net neutrality' principles means that an ISP shall not [violate the rules] with respect to any consumers in New Jersey (including but not limited to State entities)."
ISPs doing business with the state would not be allowed to block or throttle lawful Internet traffic for any consumer in New Jersey. Paid prioritization will also be off-limits.
… Separately, New Jersey Attorney General Gurbir Grewal announced today that his state will join 21 other states and the District of Columbia in a lawsuit against the FCC. The suit attempts to reverse the net neutrality repeal.

Bad news, good news? How companies should respond to security failures.
Security hole meant Grammarly would fix your typos, but let snoopers read your every word
A Google vulnerability researcher has found a gaping security hole in a popular web browser extension, that could have potentially exposed your private writings on the internet.
… Ormandy discovered that a simple piece of JavaScript hidden on a malicious website could secretly trick the Grammarly extension for Firefox and Chrome into handing over a user’s authentication token.
With such a token, a malicious hacker could log into your Grammarly account, access Grammarly’s online editor, and unlock your “documents, history, logs, and all other data.”
The good news is that Grammarly responded with impressive speed after being informed of the problem by Ormandy. Even though the Google security researcher gave Grammarly 90 days to fix the issue, it was actually resolved within a few hours – a response time that Ormandy described as “really impressive.”

Do we condemn it or emulate it? Each time we adopt one of China’s surveillance techniques, I have to wonder.
China's Surveillance State Should Scare Everyone
The country is perfecting a vast network of digital espionage as a means of social control—with implications for democracies worldwide.
Imagine a society in which you are rated by the government on your trustworthiness. Your “citizen score” follows you wherever you go. A high score allows you access to faster internet service or a fast-tracked visa to Europe. If you make political posts online without a permit, or question or contradict the government’s official narrative on current events, however, your score decreases. To calculate the score, private companies working with your government constantly trawl through vast amounts of your social media and online shopping data.
When you step outside your door, your actions in the physical world are also swept into the dragnet: The government gathers an enormous collection of information through the video cameras placed on your street and all over your city.

All businesses get a “Get out of jail free” card?
Exclusive: U.S. consumer protection official puts Equifax probe on ice - sources
Mick Mulvaney, head of the Consumer Financial Protection Bureau, has pulled back from a full-scale probe of how Equifax Inc failed to protect the personal data of millions of consumers, according to people familiar with the matter.
Equifax said in September that hackers stole personal data it had collected on some 143 million Americans. Richard Cordray, then the CFPB director, authorized an investigation that month, said former officials familiar with the probe.
But Cordray resigned in November and was replaced by Mulvaney, President Donald Trump’s budget chief. The CFPB effort against Equifax has sputtered since then, said several government and industry sources, raising questions about how Mulvaney will police a data-warehousing industry that has enormous sway over how much consumers pay to borrow money.
… Three sources say, though, Mulvaney, the new CFPB chief, has not ordered subpoenas against Equifax or sought sworn testimony from executives, routine steps when launching a full-scale probe. Meanwhile the CFPB has shelved plans for on-the-ground tests of how Equifax protects data, an idea backed by Cordray.
The CFPB also recently rebuffed bank regulators at the Federal Reserve, Federal Deposit Insurance Corp and Office of the Comptroller of the Currency when they offered to help with on-site exams of credit bureaus, said two sources familiar with the matter.
Equifax has said it is under investigation by every state attorney general and faces more than 240 class action lawsuits.

For my Data Management students.
How Big Data and AI are Driving Business Innovation in 2018
After years of hope and promise, 2018 may be the year when artificial intelligence (AI) gains meaningful traction within Fortune 1000 corporations. This is a key finding of NewVantage Partners’ annual executive survey, first published in 2012.
The main finding of the 2018 survey is that an overwhelming 97.2% of executives report that their companies are investing in building or launching big data and AI initiatives. Among surveyed executives, a growing consensus is emerging that AI and big data initiatives are becoming closely intertwined, with 76.5% of executives indicating that the proliferation and greater availability of data is empowering AI and cognitive initiatives within their organizations.

Eventually, someone will want to research even Grover Cleveland?
Presidential research resources: A guide to online information
DELUCA, Lisa. Presidential research resources: A guide to online information. College & Research Libraries News, [S.l.], v. 79, n. 2, p. 93, feb. 2018. ISSN 2150-6698. Available at: <>. Date accessed: 05 feb. 2018. doi: “This article highlights the breadth of freely available digital collections of presidential documents. These repositories are excellent resources for presidential, political science, history, and foreign relations research. From the resources listed in this article, librarians can choose multiple starting points for student and faculty research inquiries for primary and secondary sources that include handwritten documents by the founding fathers, interview transcriptions, digitized documents, and photographs, to name a few. This article does not contain public opinion, election, or media content sources, which are an important component of presidential research.”

Monday, February 05, 2018

Why would you ever put these documents in the seat pocket rather than back in your briefcase? Are they that trivial?
Sensitive Super Bowl anti-terror documents left on commercial plane: report
Department of Homeland Security (DHS) documents detailing a simulated biological warfare attack in preparation for the Super Bowl were left in the seat pocket of a commercial aircraft, CNN reported Monday.
An employee for the news network reportedly found the documents, which included the phrases "important for national security” and “For Official Use Only.”
Included with the documents were a travel schedule and boarding pass for an individual who manages the DHS BioWatch program, according to CNN, which noted it was not able to confirm who forgot the documents on the plane.
… CNN held off publishing its report until after the Super Bowl Sunday evening, citing government fears that doing so before the annual game could risk security. [How? Bob]

Gee, maybe we’re not a global community yet.
UK Judges Block US Extradition of Alleged Hacker Lauri Love
British judges on Monday rejected a US request for the extradition of a man accused of hacking into thousands of US government computers in a ruling that could set a precedent for similar pending cases.
Lauri Love, 33, faces charges in the United States for allegedly hacking into the networks of the US Federal Reserve, US Army and NASA, among others, in 2012 and 2013.
"The reason I've gone through this ordeal is not just to save myself from being kidnapped and locked up for 99 years in a country I've never visited, said Love, who has dual British and Finnish citizenship.
Love suffers from Asperger's syndrome and has also been diagnosed with depression. He was arrested at his home in Britain in October 2013.
"But it's to set a precedent whereby this will not happen to other people in the future," Love told reporters outside High Court in London.
"It has also been recognised that mental health provisions in US prisons are not adequate to satisfy us that Lauri would not have come to serious harm if he were extradited," the firm said in a statement.

Never stop campaigning, even if you die.
Zombie Campaigns
It’s been more than a decade since South Florida Rep. Mark Foley was forced out of Congress for sending sexual text messages to teenage boys.
But Foley tapped his congressional campaign fund to dine on the Palm Beach social circuit four times in early 2017, ending with a $450 luncheon at the Forum Club of the Palm Beaches.
Then there’s baseball-star-turned-senator Jim Bunning of Kentucky. He paid his daughter $94,800 from campaign money in the four years after he left office, only stopping when he’d bled his fund dry.
And over the past 17 months, political advisor Dylan Beesley paid his firm more than $100,000 from the campaign account of Hawaii Congressman Mark Takai for “consulting services.”
It’s hard to imagine what Beesley advised. Takai was dead that whole time.

Does this exist anywhere else? Maybe I could learn to teach gooder?
Searchable Directory of Online, Open & Distance Learning Associations and Consortia Throughout the World
“ was launched in 2010 as a resource for post-secondary educators in Ontario to find the latest information on new technology and new developments in online learning, as well as practical tools and resources to help them integrate technology in their teaching in a way that improves the learning experience for their students. offers faculty and instructors access to:
  • Profiles of 130 pockets of innovation that explore how faculty and staff at Ontario’s public colleges and universities are expanding and improving learning opportunities for students through online and blended learning opportunities;
  • A growing collection of analyses, commentaries, resources, and practical advice that tracks the latest tools and trends in online learning in Ontario, Canada, and around the world;
  • An expanding series of webinars in which expert practitioners address the issues of most concern to faculty and instructors, offering expertise, concrete guidelines and cautions on pedagogy, technology, and online learning.
  • Links to extensive resources for training and development made available by Contact north | Contact Nord and on the websites of colleges and universities throughout Ontario.
  • A regularly updated list of conferences around the world that focus on educational technology and teaching and learning.”

Sunday, February 04, 2018

Should any Class Action settlement allow the basis of the Class Action to continue?
From EPIC:
EPIC has filed an amicus brief with a federal appeals court urging the court to reject a proposed class action settlement over Facebook’s practice of scanning private messages. EPIC challenged the settlement because it did not require Facebook to stop scanning private messages. In fact, the company can continue scanning messages by simply burying a notice on its website. Also, there was no compensation to Internet users for the prior violation of federal and state laws. EPIC is dedicated to class action fairness in privacy cases and has objected to many similar settlements that failed to provide actual benefits to Internet users. EPIC recently opposed a settlement with Google that allows the company to continue tracking web users. EPIC also opposed a settlement with Facebook in 2014 that allowed the company to continue an unlawful practice.

How to beat Netflix? No special deals here, Netflix was concentrating on other things.
Netflix is getting crushed in India, and it's all because of Amazon and Hotstar
… Hotstar, for instance, has the digital rights to HBO shows in the country, and streams Game of Thrones episodes the same day they air in the U.S. That's obviously a huge pull, as is the fact that Hotstar has exclusive rights to stream cricket and football games in the country.
Then there's the issue of pricing: the base tier of Hotstar is free (albeit with ads), and there's a single premium tier that costs ₹199 a month ($3). For that price, you get access to over 40 HBO shows, which in itself is a pretty great deal. The service serves over 200 U.S.-based shows in total, not to mention a dizzying array of regional programming.

Will this drive small businesses off the Office suite? (There are viable free alternatives that are entirely compatible.)
Microsoft Office 2019 will force IT to migrate to Windows 10
… When Office 2019 comes out later this year, Microsoft will support it only on Windows 10, the company said this week. Organizations that want support for the new version of Office on Windows 7 or 8.1 must buy a subscription to Office 365. These moves will push IT to migrate to Windows 10 and ensure that any holdouts pay up for Office 365.