Saturday, May 12, 2018

An interesting question!
Zack Whittaker reports:
A senator is demanding that the FCC investigate why a company, contracted to monitor calls of prison inmates, also allows police to track phones of anyone in the US without a warrant.
The bombshell story in The New York Times revealed Securus, a Texas-based prison technology company, could track any phone “within seconds” by obtaining data from cellular giants — including AT&T, Sprint, T-Mobile, and Verizon — typically reserved for marketers.
Sen. Ron Wyden, a Democratic senator from Oregon whose work often focuses on tech and privacy, sent a letter to the FCC this week demanding an investigation.
Read more on ZDNet.
[From the article:
Wyden also sent letters to the cell carriers demand answers. In the letters, the senator said the carriers "not sufficiently control access" to their customers' private information.

Should we require this for all AI? “Greetings. I am a Technodyne Model T-1000 and I’m here to kill you.”
Duplex is Google’s new AI, and a massive step-up from the likes of Siri and Alexa. Duplex is capable of making calls for you, meaning you’ll never have to book a hair appointment or table at a restaurant again. The problem is Duplex is a little too human for its own good.
Google CEO Sundar Pichai demoed Duplex on stage at I/O 2018, showing the next-level AI fooling two people into thinking it was a real-life human. And many people found that aspect troubling, especially as at no point did Duplex announce it wasn’t human.
It seems that Google was unaware what reaction Duplex was going to cause. And the company certainly didn’t foresee morality questions being asked. Google has now issued a statement regarding Duplex, telling The Verge:
“We understand and value the discussion around Google Duplex — as we’ve said from the beginning, transparency in the technology is important. We are designing this feature with disclosure built-in, and we’ll make sure the system is appropriately identified. What we showed at I/O was an early technology demo, and we look forward to incorporating feedback as we develop this into a product.”
Google has listened to the feedback and reacted accordingly. The problem is, if Duplex is going to announce itself as not being human, why does it need to sound so human? This is just the first of many moral dilemmas humanity is going to face when dealing with AI.

For my Software Architecture students. Start with the high-time, high-cost processes.
… the reality is that any major leap forward on cost and efficiency will no longer be possible through automation alone, since most of the tasks that can be automated in an automotive factory have already been tackled.
When a real Factory of the Future arrives, it will not look different because we have automated the processes we use today. It will look different because we will have invented entirely new processes and designs for building cars requiring entirely new manufacturing techniques.
Take the paint shop. Today, in most mature markets, it’s more than 90 percent automated, yet it is still one of the most expensive and space-intensive sections of the factory. Robots, instead of humans, perform most tasks—applying protective corrosion coats, sealant, primer, basecoat, and clear coat to achieve the highly polished finishes we like on our cars—but the process itself is not that different than what it was 30 years ago. For instance, in the BMW plant in Spartanburg, South Carolina, processing a car through the paint shop is a 12-hour task, involving more than 100 robots, and requiring a vehicle in the paint assembly line to travel four miles within the factory before the process is complete.
Clearly, there has to be a better way to paint a car, but to make that operation more efficient and take cost out will require the development of a new process. Perhaps it will be the experimental approach of applying a single film over the car and then baking it on, like in a pottery kiln—currently being tested in automotive research labs. Or 3-D printing of the entire car body in the color a customer orders, completely eliminating the need for a traditional paint shop and body shop. Whatever it is, it will have to be more than adding a few more robots into the mix to make a significant difference in the cost of producing an auto.

An “explainer’ for my students.
So there’s a lot of great stuff out there on why Net Neutrality is important and we should fight/advocate for it, but the ACLU has outdone itself with this segment explaining why net neutrality is important. Have a laugh on them while you learn something.

Apple made more profit in three months than Amazon has generated during its lifetime
… The smartphone maker generated a $48.35 billion in profit during its fiscal 2017 and made $13.8 billion in net income during the March 2018 quarter.
In comparison, Amazon's total net income since inception is about $9.6 billion. The number was calculated by adding up all of Amazon's annual net income figures since its inception to the company's $1.6 billion profit in the March 2018 quarter.

A student introduced me to this “game.” Could be worth the $20 for any budding geek. Very impressive graphics and every indication that it will continue to get better.
PC Building Simulator
Build and grow your very own computer repair enterprise as you learn to diagnose, fix and build PCs. With real-world licensed components, realistic pricing plus comprehensive hardware and software simulation you can plan and bring your ultimate PC to life.

Friday, May 11, 2018

“Siri, initiate the Big brother eves-dropping program.” I bet my students can come up with even more evil ideas.
Alexa and Siri Can Hear This Hidden Command. You Can’t.
… Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant. Inside university labs, the researchers have been able to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites. In the wrong hands, the technology could be used to unlock doors, wire money or buy stuff online — simply with music playing over the radio.

We’ve got to get a lot better!
Graham Cluley explains:
The accepted wisdom in the field of cybersecurity is that things are getting worse, and that more businesses are losing control of more data than ever before.
What a bunch of pessimists we are… The truth, however, might be rather different.
A new study published by Risk Based Security has examined the number of data breach incidents in the first quarter of 2018, and compared it to the same time period in previous years. And guess what? It doesn’t look like we’re doing *that* badly.
Read more about what RBS found on Security Boulevard.
[From the article:
According to the research it typically takes a business 37.9 days between identifying a security breach and disclosure. That’s down from 42.7 days in the first quarter of 2017, and 68.9 days in Q1 2016.
GDPR legislation, however, expects companies to inform supervisory authorities of a data breach involving the personal information of European users within just 72 hours.

(Related) Google gets ready for the GDPR…
Our preparations for Europe’s new data protection law

“Hey, this looks suspicious – let’s try it!”
Cathy Jett reports:
Hackers phishing for sensitive information faked an email from a regional organization to break into the Fredericksburg school system’s electronic mail and file system last month.
The April 24 intrusion was caught the following day, but not before hackers accessed 14 school employees’ emails and one school employee’s files, according to a letter Superintendent David Melton sent to parents and guardians May 2.
The letter stated that the intruders may have used this to access students’ Individualized Education Programs, 504 Plans, Gifted and Talented profiles or portions of their academic records that had been sent by email.
If so many employees fell for the phishing email, you might think that maybe the phishing email was very professionally done. But it appears it wasn’t a great phishing email and yet the employee clicked on the link anyway:
The initial email appeared to come from a group that regularly emails information to the city’s schools, said Mike George, the school system’s director of technology. The employee who received it thought it looked suspicious, but wasn’t sure and opened it about 3 p.m. George said it “was basically a phishing scheme” that collected the employee’s username and password.

I certainly hope so!
The smarter the student, the stronger the password – study
A consulting director at Asia Pacific College (APC) in the Philippines decided to match student GPAs against the strength of their passwords. The findings suggest there is some degree of correlation between smarts and good password hygiene.
JV Roig, who is also a software developer in addition to dispensing his consulting expertise, compared the password hashes from APC’s 1,252 students to the database of leaked passwords maintained by the handy Have I Been Pwned? site created by security researcher Troy Hunt. The database holds a whopping 320 million exposed password hashes resulting from various data breaches over the years. The weakest passwords, and implicitly the most common ones, are found there.
Of the 1,252 students, 215 had a match in the database. Roig then looked at the students’ grade point average (GPA) and found that the lower the student’s GPA, the weaker the password and the greater the chance of it being fount in Hunt’s database.

I would have bet money this was impossible. Hard to believe it went on for three months!
Chicago man charged in scam that routed United Parcel Service mail to his apartment
A Rogers Park man has been charged in an astonishing scheme that temporarily changed the address for the global headquarters of shipping giant United Parcel Service to his tiny garden apartment, resulting in thousands of pieces of mail meant for UPS executives and other employees being delivered to his doorstep.
A criminal complaint charging Dushaun Henderson-Spruce, 24, with theft of mail and fraud was unsealed Tuesday, records show. He is in custody pending a detention hearing before U.S. Magistrate Judge Jeffrey Gilbert next week, when prosecutors have said they will argue he should be held as a risk to flee.
… It wasn’t until Jan. 16 — nearly three months after the address change — that a UPS security coordinator caught on to the setup and notified postal inspectors, court records show.
… The day after the alleged fraud was detected, postal inspectors interviewed the carrier who delivers the mail to Henderson-Spruce’s timeworn, seven-story building. The carrier said “voluminous” amounts of UPS mail had been coming to the apartment for months, far more than would fit in the small boxes assigned to tenants, the affidavit said.
To accommodate the deluge, the carrier “had to place the mail in a USPS tub and leave it at (Henderson-Spruce’s) door,” the affidavit said.
… In a brief interview last month with a Tribune reporter, Henderson-Spruce hinted that he’d received the UPS mail as a result of a mix-up that was not his fault and that his identity may have been stolen. But he declined to elaborate.

“Dr. Terminator will see you now.”
… The field of health AI is seemingly wide—covering wellness to diagnostics to operational technologies—but it is also narrow in that health AI applications typically perform just a single task. We investigated the value of 10 promising AI applications and found that they could create up to $150 billion in annual savings for U.S. health care by 2026.
We identified these specific AI applications based on how likely adoption was and what potential exists for annual savings. We found AI currently creates the most value in helping frontline clinicians be more productive and in making back-end processes more efficient—but not yet in making clinical decisions or improving clinical outcomes. Clinical applications are still rare.

Amazon is building a 'health & wellness’ team within Alexa as it aims to upend health care
The nucleus of Amazon's effort to upend the health-care market may very well be the Echo device in your living room.
According to an internal document obtained by CNBC, Amazon has built a team within its Alexa voice-assistant division called "health & wellness," which includes over a dozen people and is being led by Rachel Jiang, who has spent the last 5 years at Amazon in various roles including advertising and video.
The team's main job is to make Amazon's Alexa voice assistant more useful in the health-care field, an effort that requires working through regulations and data privacy requirements laid out by HIPAA (the Health Insurance Portability and Accountability Act), according to people familiar with the matter. The group is targeting areas like diabetes management, care for mothers and infants and aging, said the people, who asked not to be named because the work is confidential.

(Related) If you are going to do it, do it right!
What’s Your Cognitive Strategy?
In the eyes of many leaders, artificial intelligence and cognitive technologies are the most disruptive forces on the horizon. But most organizations don’t have a strategy to address them.

If I think it’s interesting, my students might want to listen too. (It may show up on the Final!)
Separating Better Data from Big Data: Where Analytics Is Headed
Ten years ago, the most forward-thinking companies were just starting to dive into the potential of data and analytics. Since then, brands have moved from using analytics to answer what customers are doing to exploring the how and why, and also to figure out what they will do in the future.

A tool I may need someday.
10 tips for verifying viral social media videos
Poynter – Danile Funke: “Of all types of misinformation, video is among the hardest to fact-check. First, it isn’t easily searchable like text and photos are. You can’t paste or upload a video on Facebook or Google to see if it’s true or even trending. Second, there’s currently no way to see which videos are going viral on Facebook, Twitter or Instagram. They’re essentially block boxes, and fact-checkers regularly gripe about how it makes their jobs harder. (Although there has been progress with fact-checking images on Facebook.) Then there’s the fact that fake videos are getting easier to create and harder to detect. So-called “deepfake” technology draws upon artificial intelligence to alter images and even superimpose celebrities’ heads on other people’s bodies. With those challenges in mind, here is a list of tips and tricks for debunking viral fake videos on social media. Unfortunately, fact-checkers still don’t have good ways to verify deepfake videos — but several agreed it’s too early to tell how big the problem will become…”

I hope it won’t be long before I get to teach some of this!
Carnegie Mellon Launches Undergraduate Degree in Artificial Intelligence
Carnegie Mellon University's School of Computer Science will offer a new undergraduate degree in artificial intelligence beginning this fall, providing students with in-depth knowledge of how to transform large amounts of data into actionable decisions.

Thursday, May 10, 2018

Will any regulatory body take action, or even notice?
Remember all that advice that I and Brian Krebs tend to give consumers about putting “freezes” on your credit reports instead of “alerts?” The freezes are supposed to prevent entities from opening up any new lines of credit or accounts in your name. They are supposed to prevent problems instead of just detecting problems after they’ve already occurred.
Well, so much for the peace of mind that approach might have given you. Cory Doctorow reports:
If you’ve had your identity stolen or if you’re worried about having been doxxed by Equifax, you can freeze your credit record, and then Equifax, Experian, Trans Union and Innovis will block any requests to access your credit report.
But that doesn’t really matter. Equifax operates a secondary, noncompliant credit bureau called National Consumer Telecommunications and Utilities Exchange (NCTUE), on behalf of a secretive cartel of owners led by AT&T, but also including mysterious organizations like “Centralized Credit Check Systems.”
Freezing your credit report has no effect on NCTUE; what’s more, NCTUE operates in a careless and incompetent fashion, with invalid SSL certificates and other glaring errors. NCTUE has a separate system for freezing your credit report there, but it doesn’t work — filling in the form and submitting it just returns obscure errors. You may be able to freeze your report by calling NCTUE, but they might charge you a separate fee, and there’s no guarantee you’ll get through.
Read more on BoingBoing.
I tried to connect to the registration site, but couldn’t connect on the first try (possibly everyone trying after reading Cory’s article), but when I tried in Chrome, I got a warning that the site was insecure:
I would have emailed NCTUE for a press statement in response to Cory’s article and the SSL problem, but there’s no press contact on their site, it seems. Oh well…
h/t, Joe Cadillic
Update: Apologies to Brian Kreb. When I posted the above, I did not realize that he had posted an article on this earlier this morning. You can read it here. As always, he does a great job on these stories.

...and one example.
… The World Health Organization (WHO) defines a medical device as “any instrument, apparatus, implement, machine, appliance, implant, reagent for in vitro use, software, material […] intended by the manufacturer to be used […] for human beings, for one or more […] specific medical purpose”.
Although that sounds quite complicated, it just means any device or software that may be used for medical purposes.
… The interface between software and hardware often exposes exploitable vulnerabilities, as Saurabh Harit showed at Black Hat Europe 2017. He obtained an IV infusion pump, which injects medications into a patient’s blood, which could be programmed and operated remotely.
After accessing the pump’s admin mode with a default password found online, he was able to use the unit’s infrared and an old PDA purchased from eBay to import their Wi-Fi credentials to the pump’s network settings.
After accessing the pump’s admin mode with a default password found online, he was able to use the unit’s infrared and an old PDA purchased from eBay to import their Wi-Fi credentials to the pump’s network settings.

Something my students who work for defense contractors are long familiar with.
IBM bans all staff from using USB drives out of security concern
IBM is banning all removable storage, company-wide, in a new policy that seeks to avoid financial and reputational damage stemming from a misplaced or misused USB drive.
IBM global chief Information security officer Shamla Naidoo told staff in an internal e-mail that the company “is expanding the practise of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).”
Although some departments already had this policy in place for a while, “over the next few weeks we are implementing this policy worldwide,” Naidoo said, according to The Register.

Consider this in the hands of evil doers…
… Google Duplex is, in a nutshell, a scary glimpse of the future. It’s a next-level artificial intelligence. One that’s able to have natural-sounding conversations with real-life human beings. And that enables Duplex to make phone calls on your behalf.
As demonstrated by Google CEO Sundar Pichai, Duplex can make appointments for you over the phone. And all without the person on the other end of the call being aware they’re talking to an AI.
… Google has programmed Duplex to sound human. Instead of monotonal responses there’s human language patterns. And Google has even programmed in the pauses and random words such as “Um” and “Ah” humans use in conversations.

I think I understand! Scary.
Privacy by Design: Building a Privacy Policy People Actually Want to Read
Privacy by Design: Building a Privacy Policy People Actually Want to Read By Richard Mabey, CEO of Juro, the end-to-end contract management platform.
“We’ve been banging on about legal design at Juro for some time now. So, when it came to updating our privacy policy ahead of GDPR it was important to us from the get-go that our privacy policy was not simply a compliance exercise. Legal documents should not be written by lawyers for lawyers; they should be useful, engaging and designed for the end user. But it seemed that we weren’t the only ones to think this. When we read the regulations, it turned out the EU agreed. Article 12 mandates that privacy notices be “concise, transparent, intelligible and easily accessible”. Legal design is not just a nice to have in the context of privacy; it’s actually a regulatory imperative. With this mandate, the team at Juro set out with a simple aim: design a privacy policy that people would actually want to read. Here’s how we did it…”

A marketing guide?
Russia's 2016 Facebook Strategy Exposed in Trove of 3,500 Ads
A trove of thousands of Russian-backed Facebook ads, being made public for the first time, shows that Russia’s main goal was provoking discontent in the U.S., leading to and continuing beyond Donald Trump’s election in 2016.
The ads, which are one of the clearest demonstrations of Russia’s financial investment in disrupting American politics, have been much discussed by Congress, Facebook and Special Counsel Robert Mueller behind closed doors.
… The 3,519 ads, released Thursday by Democrats on the House Intelligence Committee, were posted between 2015 and 2017. They were designed to draw clicks from people who had liked Facebook groups on both sides of emotional issues involving gun regulations, Muslims, gay rights, immigration, African-Americans – and various candidates.

Making it hard to trust government?
DHS: Not Entitled to Its Own Facts
The Department of Homeland Security (DHS) came out with a press release late last week, proclaiming that the “number of illegal border crossers” at the southwest border had more than tripled in April 2018 in comparison to April 2017. For the second month in a row, according to DHS, “we have seen more than 50,000 individuals try to illegally enter the United States.” Despite DHS’s breathless claims to the contrary, the numbers don’t demonstrate a “continuing security crisis along our southwest border.” Rather, DHS’s blatant misrepresentation of newly released Customs and Border Protection (CBP) data is typical of the agency’s efforts to re-make data in support of the Trump administration’s anti-immigrant agenda. It follows the bad example set by the misleading and inaccurate January 2018 report issued by DHS and the Department of Justice (DOJ), which cherry-picked information to find ways to blame foreign nationals and foreign-born Americans (especially Muslims) for all terrorism in the U.S., and which has prompted the Brennan Center and others to file a lawsuit under the Data Quality Act.
… The press release also attempts to pull a sly bait-and-switch: immediately after telling us that illegal border crossings are up, it tells us that “more than 50,000 individuals tr[ied] to illegally enter the United States.” But all 50,000 did not actually enter the U.S. illegally, because the total number includes 12,690 people who were deemed inadmissible when they asked to be admitted through ports of entry at the border. Folks lining up to have their passports checked at the border is hardly the stuff of a “security crisis.”
Finally, the context regarding the tripling of numbers between April 2017 and April 2018 that DHS fails to mention is critical here. The April 2017 numbers were not only the lowest for any month of 2017, and not only the lowest of any April in at least the last six years, but the lowest number of any month for at least the last six years, making the comparison an outlier at best. Nor is the April 2018 number a particularly alarming spike in the broader view. April numbers for both 2013 and 2014 were higher than April 2018 by thousands.

Self driving vehicles are annoying?
Tech founders take their self-driving food-delivery robots out of San Francisco to focus on cities where they feel more welcome
… Beginning in 2016, companies like Marble and Starship Technologies started road testing self-driving delivery robots that ferry food and groceries to a customer's door. These bots promised to bring convenience for city dwellers and reduce the number of delivery vehicles on the road.
But San Francisco threw the brakes on delivery robots. In December, city officials passed some of the US's most restrictive regulations on delivery robots.
Starship's founders, Ahti Heinla and Janus Friis, both of whom previously helped launch Skype, say their robots have left San Francisco to focus on cities where they're welcome.

Interesting. After all, 5 billion flies can’t be wrong, eat garbage!
Crowdsourcing & Data Analytics: The New Settlement Tools
Chao, Bernard and Robertson, Christopher T. and Yokum, David V., Crowdsourcing & Data Analytics: The New Settlement Tools (April 30, 2018). U Denver Legal Studies Research Paper No. 18-13. Available at SSRN:
“In the jury trial rights, the State and Federal Constitutions recognize the fundamental value of having laypersons resolve civil and criminal disputes. Nonetheless, settlement allows parties to avoid the risks and cost of trials, and settlements help clear court dockets efficiently. But achieving settlement can be a challenge. Parties naturally view their cases from different perspectives, and these perspectives often cause both sides to be overly optimistic. This article describes a novel method of providing parties more accurate information about the value of their case by incorporating layperson perspectives. Specifically, we suggest that working with mediators or settlement judges, the parties should create mini-trials and then recruit hundreds of online mock jurors to render decisions. By applying modern statistical techniques to these results, the mediators can show the parties the likelihood of possible outcomes and also collect qualitative information about strengths and weaknesses for each side. These data will counter the parties’ unrealistic views and thereby facilitate settlement.”

It’s not the fine, it’s the future.
RBS is swallowing a 'milestone' $4.9 billion fine for its role in the financial crisis — and shares are going up
RBS announced on Thursday it has reached a deal with the US Department of Justice to pay a civil penalty of $4.9 billion to settle allegations of misselling mortgage-backed securities in the US between 2005 and 2007. These complex debt products, which were underpinned by bundled of mortgages, were one of the key triggers of the crisis.
… RBS shares jumped as much as 6% at the open in London.
While the share jump may seem counterintuitive, the fine brings resolution to an issue that has long hung over RBS and is also not as bad as some feared. Last year investors worried that the bank could be hit with a fine as big as $10 billion for its actions in the run-up to the crisis.

Wednesday, May 09, 2018

If you don’t log/measure/manage/understand what is happening on your computers, don’t suggest that you do.
The Register – Equifax reveals full horror of that monstrous cyber-heist of its servers
Equifax reveals full horror of that monstrous cyber-heist of its servers – 146 million people, 99 million addresses, 209,000 payment cards, 38,000 drivers’ licenses and 3,200 passports – “Equifax has published yet more details on the personal records and sensitive information stolen by miscreants after they hacked its databases in 2017. The good news: the number of individuals affected by the network intrusion hasn’t increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant’s ongoing audit of the security breach. In February, in response to questions from US Senator Elizabeth Warren (D-MA), Equifax agreed that card expiry dates and tax IDs could have been among the siphoned data, but it hadn’t yet worked out how many people were affected. Late last week, the company gave the numbers in letters to the various US congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America’s financial watchdog. As well as the – take a breath – 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers’ licenses and 3,200 passport details lifted, too…”
[From the article:
The cyber-break-in occurred because Equifax ran an unpatched and therefore insecure version of Apache Struts, something it blamed on a single employee.
At February's RSA conference in San Francisco, Derek Weeks of Sonatype claimed “thousands” of companies continued to download vulnerable versions of Struts

(Related) As it often does, the Dilbert strip sums up my opinion of Equifax’s management.

Remember, lots of paper ballots are still being used, so this is no big surprise. On the other hand, would there be evidence if electronic votes were changed? (See my Equifax comments, above.)
No Evidence Russian Hackers Changed Votes in 2016 Election: Senators
Hackers backed by the Russian government attempted to undermine confidence in the voting process in the period leading up to the 2016 presidential election, but there is no evidence that they manipulated votes or modified voter registration data, according to a brief report published on Tuesday by the Senate Intelligence Committee.
Nearly all the targeted states observed attempts to find vulnerabilities in their systems. These scans were often aimed at the website of the Secretary of State and voter registration infrastructure, the Senate panel said in its report.
In at least six states, Russian hackers attempted to breach voting-related websites, and in a small number of cases they were able to gain unauthorized access to election infrastructure components, and even obtained the access necessary for altering or deleting voter registration data. However, it does not appear that they could have manipulated individual votes or aggregate vote totals.

Somehow, I kind of expected this. Will companies fail in the same ratio?
European regulators: We're not ready for new privacy law
Europe’s General Data Protection Regulation (GDPR) has been billed as the biggest shake-up of data privacy laws since the birth of the web.
There’s one problem: many of the regulators who will police it say they aren’t ready yet.
The pan-EU law comes into effect this month and will cover companies that collect large amounts of customer data including Facebook and Google. It won’t be overseen by a single authority but instead by a patchwork of national and regional watchdogs across the 28-nation bloc.
Seventeen of 24 authorities who responded to a Reuters survey said they did not yet have the necessary funding, or would initially lack the powers, to fulfill their GDPR duties.

May be time to brush up on an old skill.
Google adds Morse code input to Gboard
Google is adding morse code input to its mobile keyboard. It’ll be available as a beta on Android later today.
… Google’s implementation will replace the keyboard with two areas for short and long signals. There are multiple word suggestions above the keyboard just like on the normal keyboard. The company has also created a Morse poster so that you can learn Morse code more easily.

Another option for those quick “explainers.”
Lensoo Create – Create Whiteboard Videos on Your Phone or Tablet
Lensoo Create is an app for creating whiteboard videos on your phone or tablet. The app is available in an Android version and in an iOS version.
To create a video on Lensoo Create just open the app and tap the record button in the top of the screen. You can then start drawing on the white canvas in the app. Everything that you draw and type is captured in the video as is anything that you say while drawing. You can pause the recording then add a new page on which you draw while talking. When you're finished just tap the "done" button to save your work.
One of the shortcomings of Lensoo Create is that you cannot save your videos to your phone or tablet's camera roll. Instead you have to create a free Lensoo Create account to save your videos on their cloud service. Once saved you can share links to your video. Lensoo says that you can download your videos from your online account, but I haven't been able to make that function work update: I tried it again the next morning and I was able to download the video.
Lensoo Create could be a good choice for teachers who want to make whiteboard videos to explain how to solve math problems or anything else that is best illustrated with handwriting. As a free app, it's not a bad option. That said, it's not quite as good as the paid ShowMe or Explain Everything apps.

Tuesday, May 08, 2018

Getting closer to a definition of an “act of cyberwar?”
In Defense of Sovereignty in Cyberspace
… Two Tallinn Manual groups of experts explored applicability of the principle to cyber operations between 2009 and 2017. The first concluded in Rule 1 of the 2013 Tallinn Manual that “A State may exercise control over cyber infrastructure and activities within its sovereign territory.”
… In other words, a cyber operation causing physical damage to either governmental or private cyber infrastructure violates the sovereignty of the state into which it is conducted and accordingly amounts to a breach of international law. As such, it opens the door to the taking of countermeasures in response. Countermeasures are proportionate actions by the “injured” state that would be unlawful but for the fact that they are designed to put an end to the “responsible” state’s unlawful conduct, in this case a sovereignty violation. The experts agreed that only cyber operations conducted by, or attributable to, states violate the prohibition, although they acknowledged that there is an “embryonic view” that non-state actors may do so as well.

When should we start getting concerned?
The US Is Unprepared for Election-Related Hacking in 2018
This survey and report is not surprising:
The survey of nearly forty Republican and Democratic campaign operatives, administered through November and December 2017, revealed that American political campaign staff – primarily working at the state and congressional levels – are not only unprepared for possible cyber attacks, but remain generally unconcerned about the threat. The survey sample was relatively small, but nevertheless the survey provides a first look at how campaign managers and staff are responding to the threat.

How victims view companies that breach their data?

"It is better 92 innocent persons should be arrested that one guilty person should escape."
Welsh police wrongly identify thousands as potential criminals
… As 170,000 people arrived in the Welsh capital for the football match between Real Madrid and Juventus, 2,470 potential matches were identified.
However, according to data on the force’s website, 92% (2,297) of those were found to be “false positives”.

This should get my students talking!
Uber reportedly thinks its self-driving car killed someone because it ‘decided’ not to swerve
Uber has discovered the reason why one of the test cars in its fledgling self-driving car fleet struck and killed a pedestrian earlier this year, according to The Information. While the company believes the car’s suite of sensors spotted 49-year-old Elaine Herzberg as she crossed the road in front of the modified Volvo XC90 on March 18th, two sources tell the publication that the software was tuned in such a way that it “decided” it didn’t need to take evasive action, and possibly flagged the detection as a “false positive.”

(Related)'s Self-Driving Car Service Will Soon Shuttle Texans to Shops, Restaurants, and the Office, an autonomous vehicle startup, is launching a pilot program in a busy commercial sector of Frisco, Texas that will let people hail self-driving vehicles for free using a smartphone app.
The pilot program, which will kick off in July 2018, will run for six months and be limited to a specific geographic zone in Frisco that has a concentration of retail, entertainment venues, and office space.
… To avoid confusion, has outfitted these self-driving vans with a bright orange paint job and four external screens that communicate the vehicles’ intended actions to pedestrians and other drivers on the roads. There will also be signs posted along the planned route, which is posted below.

Who’s Winning the Self-Driving Car Race?
In the race to start the world’s first driving business without human drivers, everyone is chasing Alphabet Inc.’s Waymo.
The Google sibling has cleared the way to beat its nearest rivals, General Motors Co. and a couple of other players, by at least a year to introduce driverless cars to the public.
… Goldman Sachs Group Inc. predicts that robo-taxis will help the ride-hailing and -sharing business grow from $5 billion in revenue today to $285 billion by 2030. There are grand hopes for this business. Without drivers, operating margins could be in the 20 percent range, more than twice what carmakers generate right now. If that kind of growth and profit come to pass—very big ifs—it would be almost three times what GM makes in a year. And that doesn’t begin to count the money to be made in delivery.
The Clear Leaders

“Because we don’t want to hear about anyone’s success or failure, or any facts for that matter!”
Facebook to block all foreign ads about Eighth Amendment referendum
Facebook is to block all ads related to the Eighth Amendment referendum that come from advertisers outside of Ireland.
The social media giant is responding to criticism that unaccountable foreign advertising is gaining traction in the referendum campaign.
… Facebook has also indicated that it will implement the same rule for future elections in Ireland, disallowing any ads that do not come from registered entities in Ireland.
However, the move will not prevent ads that are funded from abroad if they are placed through organisations located in Ireland.

EFF and Coalition Partners Push Tech Companies To Be More Transparent and Accountable About Censoring User Content
… EFF, ACLU of Northern California, Center for Democracy & Technology, New America’s Open Technology Institute, and a group of academic experts and free expression advocates today released the Santa Clara Principles, a set of minimum standards for tech companies to augment and strengthen their content moderation policies. The plain language, detailed guidelines call for disclosing not just how and why platforms are removing content, but how much speech is being censored.

Because the founding fathers got it all wrong? Because small populations don’t count? Because Democrats can’t count? (Last time Hillary Clinton got 52.1% of the vote in Connecticut and won the popular vote.)
Connecticut OKs Bill Pledging Electoral Votes To National Popular-Vote Winner
Connecticut is poised to commit its electoral votes to whichever U.S. presidential candidate wins the nation's popular vote — regardless of who wins the state.
By embracing the plan, Connecticut's General Assembly gave new momentum to a push to change the way Americans elect their president.
Ten states and the District of Columbia are already in a compact to pool their electoral votes and pledge them to the popular-vote winner. With Connecticut added, the compact's voting power would rise to 172 — fewer than 100 electoral votes away from the 270-vote majority that decides the presidential contest.
Connecticut's Senate gave final approval to the bill over the weekend, using a 21-14 vote to send the legislation to Gov. Dannel Malloy — who responded by saying, "I applaud the General Assembly for passing this commonsense legislation."
… As NPR noted in 2016, it's mathematically possible for a candidate to win the U.S. presidency with less than 25 percent of the national popular vote.
All of the states that have so far committed to the pact are also states whose electoral votes went to Clinton in 2016.

Monday, May 07, 2018

China is a bigger player than we thought?
Report: Chinese government is behind a decade of hacks on software companies
… Researchers from various security organizations have used a variety of names to assign responsibility for the hacks, including LEAD, BARIUM, Wicked Panda, GREF, PassCV, Axiom, and Winnti. In many cases, the researchers assumed the groups were distinct and unaffiliated. According to a 49-page report published Thursday, all of the attacks are the work of Chinese government's intelligence apparatus, which the report's authors dub the Winnti Umbrella. Researchers from 401TRG, the threat research and analysis team at security company ProtectWise, based the attribution on common network infrastructure, tactics, techniques, and procedures used in the attacks as well as operational security mistakes that revealed the possible location of individual members.

Pentagon's Cyber Command gets upgraded status, new leader
… Cyber Command was elevated on Friday to an independent “unified command,” a bureaucratic change that for the first time puts it on a par with nine other U.S. warfighting commands.
The change is “an acknowledgement that this new warfighting domain has come of age,” Deputy Defense Secretary Patrick Shanahan said.

Unfortunately, some of my Computer Security students think this is how the world operates.

Suspicions confirmed?
You Can’t Opt Out Of Sharing Your Data, Even If You Didn’t Opt In
FiveThirtyEight: “…Yonatan Zunger, a former Google privacy engineer, noted we’ve known for a long time that one person’s personal information is never just their own to share. It’s the idea behind the old proverb, “Three may keep a secret if two of them are dead.” And as far back as the 1960s, said Jennifer Lynch, senior staff attorney for the Electronic Frontier Foundation, phone companies could help law enforcement collect a list of all the numbers one phone line called and how long the calls lasted. The phone records may help convict a guilty party, but they also likely call police attention to the phone numbers, identities and habits of people who may not have anything to do with the crime being investigated. But the digital economy has changed things, making the privacy of the commons easier to exploit and creating stronger incentives to do so… Even if you do your searches from a specialized browser, tape over all your webcams and monitor your privacy settings without fail, your personal data has probably still been collected, stored and used in ways you didn’t intend — and don’t even know about. Companies can even build a profile of a person from birth based entirely on data-sharing choices made by others, said Salome Viljoen, a lawyer and fellow with the Berkman Klein Center for Internet and Society at Harvard. Imagine new parents signing up for a loyalty card at their local pharmacy and then filling all of their child’s prescriptions there. The information collected every time they scan that loyalty card adds up to something like a medical history, which could later be sold to data brokers or combined with data bought from brokers to paint a fuller picture of a person who never consented to any of this… In fact, the privacy of the commons means that, in some cases, your data is collected in ways you cannot reasonably prevent, no matter how carefully you or anyone you know behaves.
Julie Cohen, a technology and law professor at Georgetown University. “There’s a lot of burden being put on individuals to have an understanding and mastery of something that’s so complex that it would be impossible for them to do what they need to do,” she said.

How to influence voters. Is this enough to “steal” an election?
Cambridge Analytica: how did it turn clicks into votes?
Whistleblower Christopher Wylie explains the science behind Cambridge Analytica’s mission to transform surveys and Facebook data into a political messaging weapon

Oh joy. More government mandates.
California to become first U.S. state mandating solar on new homes
… The California Energy Commission is scheduled to vote Wednesday, May 9, on new energy standards mandating most new homes have solar panels starting in 2020.
… The new energy standards add about $25,000 to $30,000 to the construction costs compared with homes built to the 2006 code, said C.R. Herro, Meritage’s vice president of environmental affairs. Solar accounts for about $14,000 to $16,000 of that cost, with increased insulation and more efficient windows, appliances, lighting and heating accounting for another $10,000 to $15,000.
But that $25,000 to $30,000 will result in $50,000 to $60,000 in the owner’s reduced operating costs over the 25-year life of the home’s solar system, Herro said.

Another very strange state…
New Jersey Governor Vows to Restore Garden State’s Production Tax Credit
… In 2005 a New Jersey production incentive was created to boost film and TV production throughout the state. The program gave a 20% tax credit, but in 2010 Christie suspended the incentive due to his dislike of the MTV reality show “Jersey Shore.”
While the New Jersey Economic Development Authority approved a $420,000 tax break for filming “Jersey Shore” in the state in 2009 — the series’ inaugural season — Christie reneged on the credit in 2011, arguing that the show about Snooki and the gang tarnished the state’s reputation.
While “Jersey Shore” didn’t necessarily place the state in the best light, Tax Credits Intl.’s Christine Peluso said in 2014 that the series provided an undeniable economic boost: Parking meter fee collection in the show’s Seaside Heights setting jumped from $807,000 in 2007 to $1.3 million in 2010. In addition, Peluso noted the reality show’s crew and fans helped the local economy with the purchase of hotel rooms, car rentals, catering, hardware, dry cleaning, rental fees and permit fees, among other expenses.

Believe it or not, I’m a two spacer.
Remember when we always put two spaces between sentences – there was a good reason
Washington Post: One space between each sentence, they said. Science just proved them wrong.: “A paper published in the journal Attention, Perception, & Psychophysics aims to settle the hotly debated typographical question citing new research that made use of eye-tracking equipment.” Please read this article directly as it is written using fonts and spaces than span typewriters to early computers up to the present use of fonts, and spaces. If nothing else, it will take make you concentrate on an interesting matter that has nothing whatsoever to do with current events – this alone is worth the time. And, then you may decide whether you will continue to use one or two spaces at the end of each sentence, but be sure to read through to the end of the article, for the surprise!

Sunday, May 06, 2018

Data integrity. How do you know your records haven’t been modified.
State investigates grade changes at local high school
The Alabama Board of Education and Escambia County Board of Education are investigating after school administrators found discrepancies in students' grade reports in East Brewton.
Escambia County Superintendent John Knott confirms there were changes to students' grades at W.S. Neal High School. The discrepancies were discovered when the school was finalizing the Top 10 students.
… "Who did it?" she asked. "How did they have access to do it? What is the school doing to prevent this from happening again?"
The school district isn't releasing any details until the investigation is complete.

So if your clients disclose breached records, you don’t have to?
Ugh. The FastHealth breach is still dripping out with yet more people first being notified. This time, it’s Cullman Regional.
There’s no provision in HITECH (at least as far as I know) that would require a business associate to make one public disclosure of how many patients, total, have to be notified about an incident. So some clients may choose to do their own notifications, while FastHealth may send notification letters to others’ patients.
How bad/extensive was the FastHealth incident? It would be nice to get a fuller picture/number.
Related Posts:

Why would a government entity be using gmail (rather than government hosted email) in the first place? Would any non-official (personal) email system be subject to a FOIA request just because the owner worked for the government and might have sent work related emails?
Gmail's 'Self Destruct' Feature Will Probably Be Used to Illegally Destroy Government Records
A new update rolling out for Gmail offers a “self destruct” feature that allows users to send messages that expire after a set amount of time.
While this may sound great for personal use, activists fear that government organizations will use the feature to delete public records to hide them from reporters and others interested in government transparency. Normally, government emails are available to journalists, researchers, and citizens using Freedom of Information Act requests (and its state-level analogues.)
“As more local and state governments and their various agencies seek to use Gmail, there is the potential that state public records laws will be circumvented by emails that 'disappear' after a period of time,” the National Freedom of Information Coalition wrote in a letter to Google CEO Sundar Pichai. “The public’s fundamental right to transparency and openness by their governments will be compromised.”
“We urge you take steps to assure the “self-destruct” feature be disabled on government Gmail accounts and on emails directed to a government entity,” the organization added.

Will we see more like this? to close to EU users saying it can’t comply with GDPR
Put on your best unsurprised face:, a company that has, for years, used the premise of ‘free’ but not very useful ’email management’ services to gain access to people’s email inboxes in order to data-mine the contents for competitive intelligence — and controversially flog the gleaned commercial insights to the likes of Uber — is to stop serving users in Europe ahead of a new data protection enforcement regime incoming under GDPR, which applies from May 25.
In a section on its website about the regional service shutdown, the company writes that “unfortunately we can no longer support users from the EU as of the 23rd of May”, before asking whether a visitor lives in the EU or not.
Clicking ‘no’ doesn’t seem to do anything but clicking ‘yes’ brings up another info screen where writes that this is its “last month in the EU” — because it says it will be unable to comply with “all GDPR requirements” (although it does not specify which portions of the regulation it cannot comply with).
… in fact if you go to the trouble of reading the small print of’s privacy policy it says it can share users’ personal information how it pleases — not just with its parent entity (and direct affiliates) but with any other ‘partners’ it chooses…
… So it’s not hard to see why has decided it must shut up shop in the EU, given this ‘hand-in-the-cookie-jar’ approach to private data.

This will be fun to watch.
UK regulator orders Cambridge Analytica to release data on US voter
… The test case was taken to the ICO by David Carroll, an associate professor at Parsons School of Design in New York. As a US citizen, he had no means of obtaining this information under US law, but in January 2016 he discovered Cambridge Analytica had processed US voter data in the UK and that this gave him rights under British laws. Cambridge Analytica had refused to accept this and told the ICO that Carroll was no more entitled to make a so-called “subject access request” under the UK Data Protection Act “than a member of the Taliban sitting in a cave in the remotest corner of Afghanistan”.
The ICO did not accept this as a valid legal argument and has now told SCL Elections, which acted as the data controller for Cambridge Analytica, that it has 30 days to comply or appeal. Cambridge Analytica and its affiliates announced this week that they had gone into liquidation, but the ICO has made it clear that it cannot avoid its responsibilities under UK law and states that “failure to comply with this enforcement notice is a criminal offence”.
… The covering letter from the ICO says that if Cambridge Analytica has difficulties complying, it should hand over passwords for the servers seized during its raid on the company’s office – something that raises questions also about what it has managed to retrieve from the servers so far.
… The company has claimed to have up to 7,000 data points on 240 million Americans, and if it refuses to comply with Carroll’s request or can be shown to have misused data, it could open itself up to class action from the entire US electorate – a fact that Dehaye suggests may have contributed to its decision this week to fold.

Cheap and easy. Maybe I’ll have my students try this to explain their research…
Create a Video Lesson Completely In PowerPoint
One of the easier ways to get started making your own video lessons is found within a tool that some of us have been using for decades. That tool is PowerPoint.
There is a screen recorder built into the current version of PowerPoint. The screen recorder will capture anything that you display on your screen and will record you talking about what is displayed on your screen. You can specify how much of your screen you want to have recorded. This means that you could use the screen recorder to record yourself talking over the slides that you have in a PowerPoint presentation.
Follow these steps to create a simple video lesson in PowerPoint:
  1. Create your slides in PowerPoint or open an existing PowerPoint presentation.
  2. Create a blank slide then select "screen recording" from within the "insert" menu.
  3. Drag and drop the "select area" tool to select the amount of screen space you want to have recorded. If you want to record your full screen, just drag the "select area" to the edge of your screen. (The select area tool launches automatically when you select "screen recording" as directed in step 2).
  4. Make sure that you have turned on the audio recording option and that your computer's audio input is working.
  5. Click the record button. All actions on your screen will be recorded including transitions between slides.
  6. When you stop recording, the video will be saved in your PowerPoint presentation. When you share your PowerPoint presentation anyone who has the current version of PowerPoint will be able to view the video.

It’s confusing to be followed by both Vladimir Putin AND the Pope.