Saturday, May 05, 2018

By now, any of my Computer Security students should know how to avoid this problem. (Hint: Never accept account changes via email alone.)
Amy Clancy reports:
KIRO 7 has uncovered documents detailing the Kirkland Police Department’s ongoing investigation into how a suspect, or ring of suspects, was able to hijack the school email account of Northwest University’s chief financial officer.
The hacking of CFO John Jordan’s email account has the Kirkland college out nearly $60,000.
According to detectives, the thieves secretly monitored Jordan’s emails and, when a legitimate payment was due to a school vendor, the hackers re-routed the money.
Read more on KIRO 7.

Perhaps I’ve mentioned that individuals generate a lot of data...
In the first full year of the Trump administration, the National Security Agency really went all out in efforts to surveil Americans. According to a new report released Friday, the agency sucked up more than 534 million US phone records in 2017, three times the amount it collected in 2016.
The report from the Office of the Director of National Intelligence revealed the agency has been undeterred in his pursuit of metadata from phone calls and text messages, which it gathers from telecommunications providers like Verizon and AT&T, even with the passage of laws in recent years designed to curb the invasive practice.
Metadata from collected from phone records do not reveal the content of a given conversation, but it tells the NSA basically everything else about the interaction. It reveals the phone numbers involved, the time contact is made, and how long a call was or how many characters were exchanged in text messages.

(Related) This one would be much more interesting.
Ben Hancock reports:
Editor’s Note: After deadline, the hearing in this case was moved from Thursday, May 3 to August 16. The story has been updated to reflect the change.
The highly publicized debate over whether a federal court could compel Apple to break the security features of the iPhone at the behest of the FBI was a rare moment in history. Most of the time, the public never has a clue when authorities come knocking to ask a company for help in accessing the digital communications of a criminal suspect.
But in August, we may learn more about whether the curtain of secrecy around past electronic surveillance in criminal investigations will be pulled back.
U.S. Magistrate Judge Kandis Westmore of the Northern District of California will hear from local prosecutors and two legal activists, Jennifer Granick of the American Civil Liberties Union and Riana Pfefferkorn of the Stanford Center for Internet and Society, over whether she should set up a process to determine which cases are still validly sealed and those that can be opened.
Read more on National Law Journal (free sub. Required).

Interesting and confusing. If I witness a hit-and-run, can I record the “personal information” to help identify the car (not the driver)?
Under Virginia law, “[t]he pictures and associated data stored in the Police Department’s A[utomated] L[icense] P[late] R[reader] database meet the statutory definition of ‘personal information.’” The court can’t tell on this record whether it constitutes an “information system.” Neal v. Fairfax County Police Dept., 2018 Va. LEXIS 42 (Apr. 28, 2018)
Read an excerpt from the opinion on

For the continuing discussion.
So you upload some genetic information, hoping to find relatives. Instead, the police use what you’ve uploaded to help find a killer. Do you have any grounds to scream “privacy violation?”
And if you think you do, what about all those thousands of posts you’ve read by now about no expectation of privacy in public, and privacy policies, blahblahblah. And what will GDPR do to all this anyway, right?
It’s a mess, I think. I’d love to go sit and listen to a panel of experts debate some of the issues these cases raise.
In the meantime, you may find this article from the New York Times, The Cold Case That Inspired the ‘Golden State Killer’ Detective to Try Genealogy, very interesting.

A vast problem; a half-vast solution?
Google sets new rules for U.S. election ads
… Under Google’s new rules, people or groups who want to advertise in elections will have to go through a process that includes producing a “government-issued ID” as well as other information, like a Federal Election Commission identification number and an IRS Employer Identification Number. Google says it aims to confirm that buyers are who they say they are and can legally participate in American elections.
Yes, but: The new policy will not cover ads that relate to politically contentious issues rather than a candidate, which was the case for many of the online ads placed by Russian operatives trying to interfere in the 2016 election. The company says it is looking at following Facebook in tightening restrictions on those ads as well.

Perhaps a joint venture where academics and businesses swap people and resources? Of course, if they want to pay me a ridiculous (see below) amount of money, I’d probably jump too.
Facebook Adds A.I. Labs in Seattle and Pittsburgh, Pressuring Local Universities
… Facebook is opening new A.I. labs in Seattle and Pittsburgh, after hiring three A.I. and robotics professors from the University of Washington and Carnegie Mellon University. The company hopes these seasoned researchers will help recruit and train other A.I. experts in the two cities, Mike Schroepfer, Facebook’s chief technology officer, said in an interview.
As it builds these labs, Facebook is adding to pressure on universities and nonprofit A.I. research operations, which are already struggling to retain professors and other employees.
… “It is worrisome that they are eating the seed corn,” said Dan Weld, a computer science professor at the University of Washington. “If we lose all our faculty, it will be hard to keep preparing the next generation of researchers.”
… But the supply of talent is not keeping up with demand, and salaries have skyrocketed. Well-known researchers are receiving compensation in salary, bonuses and stock worth millions of dollars. Many in the field worry that the talent drain from academia could have a lasting impact in the United States and other countries, simply because schools won’t have the teachers they need to educate the next generation of A.I. experts.

I still have a few of those odd round things…

For the next time I teach Math.
GeoGebra for PowerPoint - Access and Insert GeoGebra Within PowerPoint
GeoGebra is a favorite ed tech resource of math teachers all over the globe. PowerPoint is the default presentation tool on millions of computers in schools. You can use the two together through the GeoGebra PowerPoint Add-in.
The GeoGebra PowerPoint Add-in lets you access GeoGebra materials directly from your PowerPoint slides. You can also use the Add-in to create graphs, shapes, and spreadsheets within your slides.
The GeoGebra PowerPoint Add-in works in the desktop and online versions of PowerPoint.

(Related) I’m less likely to do this, but you never know.

Friday, May 04, 2018

Another case of “We never noticed...”
Twitter Warns 336 Million Users to Change Their Passwords After Leaving Them Vulnerable to Hackers
Twitter warned its users on Thursday to change their passwords after it discovered that it had mistakenly stored them internally prior to fortifying them through a security technique, leaving the passwords vulnerable to hackers.
… The company also disclosed the password flaw in a regulatory filing on Thursday, indicating that the bug was serious enough to warrant more formal disclosure than a corporate blog post. Twitter has about 336 million users, according to its latest letter to shareholders.
… Agrawal said that Twitter discovered the error without the help of outside security researchers, removed the passwords from the internal log, and is “implementing plans” to prevent future errors.
It’s unclear when Twitter found out about the problem or how long the passwords were left unsecured.
… Ironically, Twitter’s password mishap was announced on the corporate holiday known as World Password Day, created by Intel security researchers and celebrated on the first Thursday in May as a way to promote good password and cyber security hygiene.

Yet another tool for frightening informing my Computer Security students.

Improving my outline for Computer Security. Includes sample test questions.
Amazon Introduces AWS Security Specialty Certification Exam
Security professionals looking to demonstrate and validate their knowledge of how to secure the Amazon Web Services (AWS) platform can now do so by taking the new AWS Certified Security – Specialty exam.
Intended for individuals who hold either an Associate or Cloud Practitioner certification, the security exam covers a broad range of areas, including incident response, logging and monitoring, infrastructure security, identity and access management, and data protection.
Individuals interested in taking the exam should have at least five years of IT security experience designing and implementing security solutions, Amazon says. At least two years of hands-on experience securing AWS workloads is also recommended.

This is a first for me. Will the FBI now try to ban drones, or perhaps ask for a backdoor so they can override them? (There is a bill in Congress…)
An FBI hostage rescue team ran into some unexpected obstacles while conducting a raid last winter when a criminal gang unleashed a swarm of drones to disrupt the operation and obscure the view of agents conducting the mission from an elevated observation post.
According to Defense One, the incident—which took place outside of an undisclosed major US city—was recounted by Joe Mazel, the head of the FBI’s Operational Technology Law unit, at the AUVSI Xponential conference in Denver, Colorado. It’s just the latest example of criminals leveraging drones and other technology to fluster law enforcement.
Defense One reported the chief of the operational tech unit for the FBI said the suspects carried the drones in backpacks in anticipation of law enforcement’s arrival. Once the FBI showed up, the criminals unleashed the drones and buzzed the agents attempting to conduct the raid.
In addition to obstructing the view of the hostage rescue team members, the criminals also used camera-equipped drones to track the location of agents on the ground. The drones provided a live video feed of the action from overhead, which members of the gang were able to watch in real time on YouTube.
“They had people fly their own drones up and put the footage to YouTube so that the guys who had cellular access could go to the YouTube site and pull down the video,” Mazel told the conference.
Police have warned in recent years that drones have been used to surveil buildings and homes being targeted by robbers. Smugglers have started to utilize the technology to move contraband across borders. Criminals have even found ways to weaponize drones with explosives and other harmful materials.
Of course, law enforcement isn’t exactly innocent on this front either, as they have their own questionable intentions for the technology. Local and federal agencies have been all too happy to try to push for drones that can be used to do everything from intercepting cell phone signals to spying on citizens without a warrant to killing people.
Lawmakers will have an opportunity to help curb some of the criminal activity committed with drones in an upcoming Federal Aviation Administration reauthorization bill. A current version of the legislation would make it illegal to weaponize consumer drones and would require drone pilots operating the devices outside of their line of sight to remotely identify themselves so law enforcement can connect the device to a person. Those rules will only work if the FAA actually enforces them, and the agency has been pretty bad at that so far.

Criminals used a swarm of drones to surveil and disrupt an FBI hostage operation
Defense One notes there is some recourse in battling criminal use of drones. Drone jamming equipment has been deployed by the US military in Syria and Iraq, though those techniques would likely not be appropriate for use in cities given the risk of interference with mobile phone and airplane signals. There are legal options, like requiring drones to broadcast their operator’s identity, or to make “weaponized” consumer drones illegal. There are also anti-drone guns that jam all possible radio frequencies a drone can use to communicate with the operator, forcing it to land or return home. They remain illegal under FCC laws, though.

Not an Amazon killer, but definitely an Amazon worrier.
Now It Looks Like Walmart Has Defeated Amazon in the War to Buy Flipkart
It’s increasingly looking like Walmart and its partners will beat Amazon to take over Flipkart, the Indian e-commerce giant.
Bloomberg reported Friday that Flipkart’s board has approved the sale of a roughly 75% stake to the Walmart group, which also includes Google parent Alphabet. The report states that Japan’s SoftBank will also sell the group its stake, which is in excess of 20%. The deal would value Flipkart at around $20 billion.
… A Flipkart takeover would be a huge coup for Walmart international business chief, Judith McKenna, who took the role a few months ago. While the U.S. giant’s international locations have been relatively underperforming compared to those at home—hence Walmart selling off its Asda chain in the U.K., for example—Flipkart offers the leading online retail experience in a market of 1.3 billion people.
If the Walmart deal goes through, it’s likely to step up price competition in India, where Amazon CEO Jeff Bezos last month claimed his e-commerce platform was the fastest-growing.

Keeping an eye on the big guys. Because they can or because they must?
Is Facebook secretly building an internet satellite? Signs point to yes
Facebook may be secretly working on its own satellite broadband service.
The possible move comes just a few months after SpaceX launched its first two prototype satellites for an internet constellation it hopes may one day be over 11,000 strong.
A partially redacted FCC application obtained by IEEE Spectrum outlines a plan for an experimental satellite from a mysterious company called PointView Tech LLC, which IEEE goes on to connect to Facebook.
The application describes a plan to launch a satellite named Athena that would test the use of high-frequency millimeter wave radio signals, the same technology many in the cellular industry are using to build next-generation 5G networks with more speed and capacity.

How Microsoft learns about you?
Microsoft expands ad business beyond Bing search results with help from LinkedIn data and AI
Microsoft, which has quietly built a $6.9 billion/year advertising business through its Bing search engine, will attempt to expand its reach with a new advertising network that extends the Bing Ads platform beyond search results to other Microsoft properties such as MSN,, and the Microsoft Edge browser.
The new Microsoft Audience Network, announced this morning, will use artificial intelligence and data from Microsoft services including Bing, MSN, Outlook, Skype and LinkedIn to help advertisers target native ads to specific audiences based on what their online activities say about them.
… “The core of how we will understand these audiences will still come from our Bing data and our browse data, but this is our first foray into what can we do with an understanding of where someone works, on top of websites that they visit and the explicit search query that they input through Bing or through any one of our partner sites,” said Rob Wilk, a Microsoft vice president who leads the company’s North American Search ad sales business, in an interview this week.

Thursday, May 03, 2018

By definition, half the world is below average. But not everyone in the top half is above average in all areas.
59% of people use the same password everywhere, poll finds
… 91 percent of people know that password recycling poses huge security risks, yet 59 percent still use the same password everywhere.
… The firm polled 2,000 users across the United States, Australia, France, Germany and the United Kingdom, and found that people are more aware of security best practices, but don’t necessarily apply them.
For example, the number one reason for password reuse is fear of forgetfulness.

Reality: you can’t escape!
You Can’t Opt Out Of Sharing Your Data, Even If You Didn’t Opt In
The Golden State Killer, who terrorized Californians from Sacramento to Orange County over the course of a decade, committed his last known murder in 1986, the same year that DNA profiling was used in a criminal investigation for the first time. In that early case, officers convinced thousands of men to voluntarily turn over blood samples, building a genetic dragnet to search for a killer in their midst. The murderer was eventually identified by his attempts to avoid giving up his DNA. In contrast, suspected Golden State Killer Joseph James DeAngelo, who was apprehended just last week, was found through other people’s DNA — samples taken from the crime scenes were matched to the profiles his distant relatives had uploaded to a publicly accessible genealogy website.
You can see the rise of a modern privacy conundrum in the 32 years between the first DNA case and DeAngelo’s arrest.
… individuals need to worry about another kind of privacy violation. I think of it as a modern tweak on the tragedy of the commons — call it “privacy of the commons.” It’s what happens when one person’s voluntary disclosure of personal information exposes the personal information of others who had no say in the matter. Your choices didn’t cause the breach. Your choices can’t prevent it, either. Welcome to a world where you can’t opt out of sharing, even if you didn’t opt in.

Something to think about?
Text Messages Are Property: Why You Don’t Own Your Text Messages, But It’d Be a Lot Cooler If You Did
Howden, Spence, Text Messages Are Property: Why You Don’t Own Your Text Messages, But It’d Be a Lot Cooler If You Did (March 2, 2018). Washington & Lee Law Review, 2019, Forthcoming. Available at SSRN:
“Courts have yet to consider whether text messages are property, but they will soon. As our lives become more and more centered around our smartphones, text messages will displace e-mails as the primary means of electronic communication (if that hasn’t already happened). We currently don’t have an effective means of recourse available should our cellular providers purposefully block or delete our text messages. The answer lies in property law. This Note argues that text messages are intangible personal property, which leads to two practical outcomes. First, text message “owners” can successfully sue using property-based causes of action (e.g., trespass to chattels and conversion) when their ownership rights over their text messages are disturbed by the service provider or cell phone manufacturer. Although there have been few legal challenges brought by aggrieved text message owners, they have been universally unsuccessful in causing cellular providers to change their ways. Had these aggrieved text message owners sued under a property-based cause of action, they would have successfully enjoined the cellular providers from continuing to mess with their text messages. Second, a judicial determination that text messages constitute intangible personal property will close the third-party loophole. As it stands, the government is free to search the contents of our text messages because we have voluntarily conveyed the information to our cellular service providers. However, if courts find that text messages constitute a form of property, an encrypted text message starts to look more and more like a sealed letter than public information. The framers designed the Fourth Amendment to prevent unwarranted searches and seizures of the dominant form of communication of their day: sealed letters. Consequently, it only makes sense to extend the Fourth Amendment’s protection to the dominant form of communication today: encrypted text messages.

If Amazon isn’t impressed, it’s likely others won’t be either.
'Hi, it's Amazon calling. Here's what we don't like in your city.' has made about 200 phone calls to cities the retail giant rejected for its second headquarters. Some of the cities say they are learning from the disappointing phone conversations and making changes.
Cincinnati and Sacramento, Calif., are restructuring workforce development programs to focus on tech talent. Orlando, Fla., is considering starting a community fund to invest in local tech companies and draw more entrepreneurs. In Detroit, elected officials and business leaders are pushing a ballot initiative for a new regional transportation network that would connect outer counties to the city.

Have an idea. Research. Execute.
This College Professor Makes More Money in One Day From Instagram Than in Two Months Teaching. Here Are Her Secrets to Success

So, are movie theaters doomed?

Wednesday, May 02, 2018

Just in time for Cryptography week. Many IoT devices are too small to run elaborate software.
NIST Issues Call for "Lightweight Cryptography" Algorithms
This is interesting:
Creating these defenses is the goal of NIST's lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device. Many of the sensors, actuators and other micromachines that will function as eyes, ears and hands in IoT networks will work on scant electrical power and use circuitry far more limited than the chips found in even the simplest cell phone. Similar small electronics exist in the keyless entry fobs to newer-model cars and the Radio Frequency Identification (RFID) tags used to locate boxes in vast warehouses.
All of these gadgets are inexpensive to make and will fit nearly anywhere, but common encryption methods may demand more electronic resources than they possess.
The NSA's SIMON and SPECK would certainly qualify.

Not what I expected. Is it all in the questions?
Creepy or Not? Your Privacy Concerns Probably Reflect Your Politics
A new poll on surveillance from the Annenberg School for Communication at the University of Pennsylvania found that Americans are deeply divided over tracking, both online and in real life. And political affiliation is a main predictor of Americans’ emotional reactions to surveillance, the researchers found.
Among people who identified themselves as Democrats, for instance, 62 percent said they felt “creeped out” by the idea of companies checking job applicants’ credit history before hiring them. By contrast, half of independents and just 29 percent of Republicans felt creeped out.
The study, published on Monday, focused specifically on Americans’ emotional responses to snooping techniques that could disproportionately affect low-income populations. Among other things, the survey asked participants about practices like police profiling and landlords subscribing to profiling databases to screen potential tenants. Professor Turow said the report was the first national study of its kind.

The problem with using a technique pioneered by the bad guys.
Telegram has been putting up an impressive fight against the governments of Russia and Iran in high-profile efforts to censor the messaging service over the last few weeks. But we’ve heard little about its fellow encrypted messaging app Signal. Both services have used an anti-censorship technique called “domain fronting” to get around tyrants—and now, Google and Amazon say that’s no longer an option.
Amazon officially announced it’s increased focus on stamping out domain fronting on Friday. The statement followed closely behind a similar move by Google.
… “The idea behind domain fronting was that to block a single site, you’d have to block the rest of the internet as well. In the end, the rest of the internet didn’t like that plan.”
In simple terms, domain fronting allows a service like Signal to hide the endpoint of internet traffic behind a domain that’s permitted by a censor. In this case, Amazon specifically pointed to Signal’s use of, a domain owned by the online retail giant. A country that’s blocking Signal would see traffic going to and allow it. On the other side of Amazon’s clean SSL certificate, the traffic would be routed to Signal. You can read more about how it all works here.
The big thing is, the technique has been effective because governments haven’t been willing to block tons of IP addresses and break crucial parts of the internet just to stamp out a single banned site using domain fronting. But the clash between Telegram and Russia is different. The Russian government has been all too willing to block millions of IPs in its quest to destroy Telegram founder Pavel Durov’s service

Because my students had better be are interested in this topic.
CRS Report – Artificial Intelligence and National Security
CRS report via FAS – Artificial Intelligence and National Security – Daniel S. Hoadley, US Air Force Fellow; Nathan J. Lucas, Section Research Manager, April 26, 2018.
Artificial Intelligence (AI) is a rapidly growing field of technological development with potentially significant implications for national security. As such, the U.S. Department of Defense (DOD) is developing AI applications for a range of military functions. AI research is underway in the fields of intelligence collection and analysis, logistics, cyberspace operations, command and control, and a variety of military autonomous vehicles. AI applications are already playing a role in operations in Iraq and Syria, with algorithms designed to speed up the target identification process. Congressional action has the potential to shape the technology’s trajectory, with fiscal and regulatory decisions potentially influencing growth of national security applications and the standing of military AI development versus international competitors. AI technology presents unique challenges for military acquisitions, especially since the bulk of AI development is happening in the commercial sector. Although AI is not unique in this regard, the Defense Acquisition Process (DAP) may potentially need to be adapted for acquiring systems like AI. In addition, many commercial AI applications must undergo significant modification prior to being functional for the military. A number of cultural issues challenge AI acquisition, leading to discord with AI companies and potential military aversion to adapting weapons systems and processes to this disruptive technology.”

Not sure I believe this. Surely some manager will come up with a more efficient process by the 2020 Presidential election? Or perhaps they could charge more for “first time” ad purchasers?
Facebook will spend so much reviewing political ads this year that it will lose money on them
Facebook is spending so much money hiring moderators to review political ads that it will cancel out the revenue those ads generate in this year’s election cycle, says CEO Mark Zuckerberg.
“We’re essentially going to be losing money on running political ads,” because the company is hiring “thousands” in advance of the 2018 elections, Zuckerberg said in an interview today. “That cost is going to be greater than the money that we make.”

Cute and simple. This could freak someone out if they didn’t know it was coming.

I haven’t noticed this, yet.
In abid to gain market share publishers have slashed the cost of digital textbooks
Inside Higher Ed: “New print textbooks can still cost students hundreds of dollars, but the cost of etextbooks is falling fast, according to data from etextbook distribution platforms VitalSource and RedShelf — both of which work with all major publishers. Since 2016, the average price of etextbooks on VitalSource has fallen by 31 percent, from $56.36 in 2016 to $38.65 in 2018. Some areas, such as mathematics, have seen more drastic change, said VitalSource. In 2016, the average math etextbook cost $79. Now it’s $39 — a decrease of almost 50 percent. RedShelf confirmed a similar price drop. In 2015, the average etextbook cost $53.11, the company said. Now it’s $39.24. Mike Hale, VitalSource vice president of education for North America, described the price change as “dramatic.” Since January 2016, prices have fallen every month, he said. “Prices on textbooks were, everybody agrees, way too high,” said Hale. “Publishers have finally responded with pricing that is rational.” Tom Scotty, chief operating officer at RedShelf, said the reason the publishers were dropping prices was to capture market share…”

Dilbert explains bad Software Architecture.

Tuesday, May 01, 2018

If they released this as an App, it would become a mandatory tool for Computer Security. (Hint, Hint. Wink, Wink.)
IoT Inspector Tool from Princeton
Researchers at Princeton University have released IoT Inspector, a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices. From their blog post:
Their first two findings are that "Many IoT devices lack basic encryption and authentication" and that "User behavior can be inferred from encrypted IoT device traffic." No surprises there.
Finding #3: Many IoT Devices Contact a Large and Diverse Set of Third Parties
In many cases, consumers expect that their devices contact manufacturers' servers, but communication with other third-party destinations may not be a behavior that consumers expect.
Samsung Smart TV. During the first minute after power-on, the TV talks to Google Play, Double Click, Netflix, FandangoNOW, Spotify, CBS, MSNBC, NFL, Deezer, and Facebook – even though we did not sign in or create accounts with any of them.

Dilbert continues to demonstrate the value of surveillance.

Another peak behind the curtain.
Jonny Evans reports:
Apple has at last introduced a new tool that lets you request and download everything the company knows about you, including all the data it gathers and retains when using the company’s retail outlets, iCloud, apps, products, and services.
Why is this tool available?
In part, Apple has made this information available to bring it into line with Europe’s GDPR (General Data Protection Regulation) legislation, laws designed to better protect individual privacy in an online age.
Google, Facebook, Twitter, and almost every other company has also had to introduce these tools, making it far easier for users to compare the quantity and depth of information these unconstrained corporations hold about them.
Read more on Computerworld.

Fuel for our debates on what data collection is appropriate.
Fitbit Strikes Deal With Google That Could Lead to Wearables Collaboration
Fitbit has teamed up with Google in an effort to get more deeply involved in the healthcare sector.
The fitness tracker maker announced on Monday that it would use Google’s recently announced health data standards for apps, known as the Google Healthcare API, to connect its wearable devices to the electronic medical records systems used by doctors and hospitals. The aim eventually is to allow doctors to get health data straight from Fitbits on their patients’ wrists.

Are they saying we are already doomed or that it is possible to grant governments and law enforcement access when appropriate? Judge for yourself.
Stewart Baker writes:
This episode features a new technology-and-privacy flap: The police finally catch a sadistic serial killer, and the press can’t stop whining about DNA privacy. I argue that DNA privacy is in the running for Dumbest Privacy Issue of the Decade, in which it turns out that privacy is all about making sure the police can’t use your data to catch killers. Paul Rosenzweig refuses to take the other side of that debate.
Ray Ozzie has released a technical riposte to the condescending Silicon Valley claim that math proves the impossibility of securely accommodating law enforcement access. Paul and I muse on the aftermath, in which Silicon Valley may actually have to try winning the debate rather than claiming that there is none.
Read more on The Volokh Conspiracy.

Perhaps we don’t really care about elections?
A dubious anniversary for the Federal Election Commission
As of April 30, the FEC's current four commissioners have been on the commission for a total of 32 years longer than they should have been.
Vice Chairwoman Ellen Weintraub’s six-year term expired 11 years ago, when George W. Bush occupied the White House
Commissioner Steve Walther (nine years), Commissioner Matthew Petersen (seven years) and Chairwoman Caroline Hunter (five years) have also stayed aboard long after they should have been out of a job. Beyond the holdovers, there are two vacant spots on the commission.
If one commissioner retires, resigns or otherwise isn’t present, the agency that regulates and enforces campaign money laws loses its four-commissioner quorum and can’t conduct high-level business. No passing rules. No penalizing scofflaws. No providing official advice to political committees seeking it.

Science Fiction or serious scientific futurism?
The Future of Warfighting? Pulse Mortars, Exploding ‘Roaches’ And Open-Market Air Support
Editor’s note: Not long ago, the British Army approached August Cole, author of the 2015 E-ring cult thriller Ghost Fleet and former director of the Atlantic Council’s Art of the Future project, with a question: What will the operating environment look like in the 2030s?
The result is “Automated Valor,” a short story running in Proceedings, the monthly magazine published by the US Naval Institute.
read the whole story at Proceedings.

Not that I have too many books. Can you have too many books? My wife seems to think so.
declutter – Sell CDs, DVDs, Games and Books
Decluttr is the easy way to sell CDs, DVDs, Games, Blu-Rays and Books. Just enter the barcodes on your items (or scan them using our FREE app) for an instant value, pack them into a box, and ship them for FREE. Millions of CDs, DVDs, Games, Blu-Rays and Books are sold in America each year. Even though digital options are popular, we still can’t get enough of physical media. This can lead to a lot of clutter, which takes up space you may need for other stuff!… We’ll take your unwanted stuff and give you a check in return, making you money and more room. Just get an instant value for your stuff by entering their barcodes (or scan them using our app) and send them using one of our FREE shipping options. We’ll pay you by check, PayPal or direct deposit into your account and that’s it…”

Monday, April 30, 2018

Good leak, bad leak. I guess it depends on who you are.
Who leaked the idea of ASD spying on Australians, and why?
"Secret plan to spy on Aussies," The Sunday Telegraph headlined the story. "Two powerful government agencies are discussing radical new espionage powers that would see Australia's cyber spy agency monitor Australian citizens for the first time."
It was a "power grab" detailed in "top secret letters" proposing that the Australian Signals Directorate (ASD) be able to use its cyber offensive capabilities domestically.
"The Secretary of the Department of Home Affairs Mike Pezzullo first wrote to the Defence Secretary Greg Moriarty in February outlining the plan to potentially allow government hackers to 'proactively disrupt and covertly remove' onshore cyber threats by 'hacking into critical infrastructure'," the newspaper wrote.
"Under the proposal, seen by The Sunday Telegraph, Home Affairs Minister Peter Dutton and Defence Minister Marise Payne would tick off on orders allowing cyber spooks to target onshore threats without the country's top law officer [the attorney-general] knowing."
… The Australian Security and Intelligence Organisation (ASIO) and the Australian Federal Police (AFP) are the agencies charged with tackling domestic threats. They already have their own cyber capabilities, which can be deployed once a warrant has been issued. They can also call upon the ASD for technical assistance if they need it.
The reported proposal in Pezzullo's letter is clearly intended to bypass the need for a warrant, and the need for the attorney-general to even be informed. It reportedly also includes coercive powers to force government agencies and private businesses to "comply with security measures", and for the ASD to have a "stronger role in support of the Home Affairs portfolio".
The Sunday Telegraph quoted an anonymous government source as saying: "I am horrified. The only reason it's not going ahead with ease is because there are good people who didn't sign up to do this against Australian citizens."
On Monday, former secretary of the Department of Defence Paul Barratt was somewhat more blunt.
"The leak of highly classified material on the matter suggests to me that someone, somewhere in the system is deeply concerned by the prospect of Dutton placing us all in the Panopticon," Barratt tweeted.

(Related) Dilbert summarizes what today’s world knows about you.

Would there be value here if the data was 100% accurate? How about 90% accurate? How inaccurate is acceptable?
Annie Sweeney reports:
It has grown steadily over many decades with little public attention. Through countless arrests and street stops, Chicago police officers have compiled a database of street gang members that now totals a staggering 128,000 names — and that doesn’t even include juveniles.
But now critics in Chicago are joining a nationwide chorus questioning the value and fairness of these massive lists of gang members, saying they are often inaccurate, outdated and racially skewed.
Advocates complain there’s no way to know if you are in the database or how to get off the list, yet your alleged gang membership is shared with other law enforcement agencies and can hurt you if you pick up a charge — with potentially heftier bail amounts or sentences.
Read more on Chicago Tribune.

Some not-so-light summer reading?
Army Of None’: A Clear-Eyed Look At The Rise Of Autonomous Weapons
Part historical survey, part ethics discussion, part science fiction, Paul Scharre’s Army of None delivers a comprehensive look at autonomous weapons. Paul brings his years of experience as a policy expert on military technology ethics and practical experience from serving in the United States Army to deliver an easy-to-read book on autonomous weapon systems without heavy jargon.

Legal stuff.
Library of Congress Posts U.S. Supreme Court Cases collection
LC Collection – more than 225 years of decisions –
United States Reports is a series of bound case reporters that are the official reports of decisions for the United States Supreme Court. A citation to a United States Supreme Court decisions includes three elements that are needed to retrieve a case. For example, Chevron U.S.A., Inc. v. Natural Resources Defense Council, Inc., 467 U.S. 837 (1984). 467 indicates the volume in which the case is reported, U.S. indicates the abbreviation for U.S. Reports, 837 indicates the initial page number of the case, and 1984 indicates the year the case was decided. Early reports of U.S. Supreme Court decisions were named for the clerk who compiled them. U.S. Reports includes the content from these nominative reporters. You can translate a citation from a nominative reporter to a volume of the U.S. Reports by using this chart:

Even more significant, is the change in their international strategy.
Walmart Just Took a Big Step Away from the Grocery Business
Walmart has agreed to sell its U.K. grocery chain, Asda, to local competitor Sainsbury’s, signaling a shift in the company’s international strategy.
… The shift comes three months after Walmart appointed Judith McKenna as the new head of its international business and seems to be an attempt to revamp the under-performing unit. Although more than half of the company’s stores are outside the U.S., the international business brings in only about a third of revenue. In the U.K. and Brazil, where it is downsizing to the tune of hundreds of locations, the company has struggled for years. Meanwhile, the potential deal with Flipkart would give Walmart the foothold in India it has been seeking.

Just an interesting resource.
Currency and cryptocurrencies converter
CurrencyConvertOnline: “Welcome to easy accurate and powerful online currency converter. You can convert 2636 currencies and cryptocurrencies with 60 languages support. Among other things, we recommend you to visit the useful sections of the site for analytics: exchange rates table and currency converter with support cryptocurrencies. No less important are two sections: list of all currencies in the world, list of all the cryptocurrencies. All of these tools work with support for 170 currencies and 2466 cryptocurrencies. Please enjoy!

Sunday, April 29, 2018

For my Computer Security students. Does anyone operate in only one state if they use the Internet?
MintzLevin has updated its state data breach law matrix, as I noted previously on the page where I link to such resources.
Most expedient time and without unreasonable delay

There’s some truth to this and it’s worth discussing with my students. Think FBI and encryption backdoors.
From the #MustLoveFOIA dept.:
Mike Maharrey writes:
Sometimes I think there is some central office somewhere writing scripts for police departments to read when they need to oppose (support) something. No matter what city or state, or what issue we’re talking about, police arguments are almost exactly the same.
If this happens (or doesn’t happen) criminals will have free rein and officers will die in the streets.”
Seriously, that’s barely even hyperbole.
I heard a variation on this theme at my court hearing last week.
Yes. I went to court.
If you haven’t heard, the City of Lexington, Kentucky, sued me. Why? Because I asked the wrong questions.
Read more on Tenth Amendment Center.

For my students, since we talk about Amazon a lot.
Jeff Bezos reveals what it’s like to build an empire and become the richest man in the world — and why he's willing to spend $1 billion a year to fund the most important mission of his life
I picked books because there were more items in the book category than in any other category. And so you could build universal selection. There were three million in 1994 when I was pulling this idea together, three million different books active in print at any given time. The largest physical bookstores only had about 150 000 different titles. And so I could see how you could make a bookstore online with universal selection. Every book ever printed, even the out-of-print ones was the original vision for the company. So that's why books.

Netflix Could Soon Pass Disney in Market Value
Any week now, a company that has been streaming movies and shows for barely a decade will surpass in market value the storied owner of Hollywood’s most profitable film studio, the world’s most lucrative theme parks, prosperous television and cable networks, and thriving story franchises like Star Wars and Marvel.

So is it worth $119?
Amazon Prime prices are going up — here's what you get for $119 a year
  • Benefits of the program, which started in 2005 and now has 100 million members, fall into 5 basic categories: shipping, shopping, streaming, reading, and various extras.
  • The price goes up from $99 to $119 on May 11.

“Some are born great, some achieve greatness, and some have greatness thrust upon them.” And then there’s Wally.