Saturday, June 26, 2010

The Lower Merion “spying on student” case drags on – at least the school district's dispute with the Insurance company.

http://mainlinemedianews.com/articles/2010/06/23/main_line_times/news/doc4c2227a4278d1936110971.txt

Attorney: Defendants failed to respond to summons in webcam-related suit

Published: Wednesday, June 23, 2010

An attorney Friday filed documents against the plaintiffs in the Lower Merion School District webcam case for failing to respond to a summons filed in April.

… Morrison represents Graphic Arts Mutual Insurance Company, one of the Lower Merion School District’s insurance companies. He filed suit in April seeking a declaratory judgment so his client would not to have to pay its part of the legal bills for the school district in the webcam case.



This “All we did was fail to secure the data” attitude bothers me. Are they surprised that there are people who want to steal this data?

http://www.pcmag.com/article2/0,2817,2365004,00.asp

AT&T Blames Hackers for iPad Breach

AT&T on Sunday apologized for a glitch that accidentally exposed the e-mail addresses of 114,000 Apple iPad users, and blamed the incident on hackers who exploited a function intended to let users more quickly log-in to their accounts.

… The breach came to light after Gawker.com received a tip from Goatse Security [“Oh, and we don't bother to monitor system activity either...” Bob]



Gary Alexander sent along this link to a Ponemon study. It's good to have confirmation of my suspicions!

http://www.cio.com/documents/whitepapers/FinancialServices.pdf

Privacy & Data Protection Practices

Benchmark Study of the Financial Services Industry

The findings of this study reveal that despite the numerous privacy regulations ranging from Gramm-Leach-Bliley to the recent Red Flags Rule, the vast majority of participating financial institutions have significant gaps in their privacy and data protection programs. We believe the most significant gaps are in the areas of addressing the insider threat, the outsourcing of sensitive data to third parties and issues related to customer trust.


(Related) Cisco will sell you a “solution” of course, but the findings are probably accurate.

http://www.techeye.net/security/employees-consistently-breach-security-policies-report-finds

Employees consistently breach security policies, report finds

Employees always breach security policies and are less likely to take a job with strict security policies, according to a report by Cisco released today.

The report reveals that more than half of the over 500 IT security professionals polled in the survey were aware of their employees using unsupported applications, primarilly social networking, but collaborative, peer to peer, and cloud services also featured high on the list. Nineteen percent saw social networking as the biggest security risk.

Forty-one percent said that their employees were using unsupported network devices, such as smartphones, while a third of that number said there was a breach or loss of information due to these unsupported devices.

Despite this, 53 percent have planned to allow personal devices to be used within the company network, while seven percent already allow them.



What is the objective here? To allow me to trust you online, or to force me to rely on the government to vouch for you? Why do I need the government's involvement?

http://www.databreaches.net/?p=12264

White House seeks comment on trusted ID plan

June 25, 2010 by admin

Grant Gross reports:

The White House is seeking comment on a draft plan for establishing a trusted identity system online, with the goal of making Internet transactions more secure and convenient.

Howard Schmidt, the White House cybersecurity coordinator and special assistant to President Barack Obama, released a draft version of the National Strategy for Trusted Identities in Cyberspace on Friday.

The plan calls for the federal government to work with private companies to create an Identity Ecosystem, an online environment “where individuals, organizations, services, and devices can trust each other because authoritative sources establish and authenticate their digital identities.”

Read more on Computerworld.

[From the article:

The White House is seeking comments on the draft plan on a Web page at ideascale.com. A handful of people had already commented on the plan by Friday afternoon.


As long as we don't need to wait for everyone to agree, I kind of like this idea. Problem is, Apple thinks Microsoft is an infection and Google thinks Yahoo is and...

http://yro.slashdot.org/story/10/06/26/0253250/US-Shows-Interest-In-Zombie-Quarantine-Code?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

US Shows Interest In Zombie Quarantine Code

Posted by timothy on Saturday June 26, @02:00AM

"Barack Obama's cyber-security coordinator has shown interest in an e-security code of practice developed in Australia that aims to quarantine Internet users infected by malware, also known as zombie computers. He reportedly said it would be a useful role model for the US to adopt. One suggestion within the code is to put infected users into a 'walled garden,' which limits Internet access to prevent further security problems until quarantined. Another is to throttle the speed of an infected users' Internet connection until their computer fixed. The code is also being considered by other Asia-Pacific countries, ZDNet reports."


(Related) Probably less a need for change than a “Us Democrats are in charge now, so we want to change it to conform to our way of doing things”

http://politics.slashdot.org/story/10/06/25/176238/Experts-Say-Wiretap-Law-Needs-Digital-Era-Update?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Experts Say Wiretap Law Needs Digital Era Update

Posted by Soulskill on Friday June 25, @01:50PM

"Experts at a Congressional hearing Thursday said the government needs to update the Electronic Communications Privacy Act to reflect changes in technology, notably location-based services. On one hand, legal experts argue tracking a mobile user's location should require a higher burden of proof than simply intercepting their communications. On the other hand, first responders may need location data in order to save lives and respond to 911 calls. Either way, expect legislation from the committee later this year."


(Related) Is this the future we're shooting for?

http://blogoscoped.com/archive/2010-06-24-n15.html

How to Access the Internet (A Guide from 2025)



E-Discovery and Internet traffic.

http://www.networkworld.com/community/blog/devil-details-dhs-monitoring-web-wrong-words%C2%A0

The Devil Is In The Details: DHS Monitoring Web & "Wrong" Words

Cyber-terrorists and the dreaded cyberwar have escalated to the point of the "feds" pulling the plug on the Internet in case of an emergency. Then DHS Secretary Janet Napolitano said that in the future there will be "increased" Internet monitoring of U.S. citizens due to the dangers of homegrown terrorism. Napolitano remarked on how "wrong" it is to believe that if "security" is embraced, that liberty will be sacrificed.

I'm not saying that we don't need security because we do. To say it will not impact liberty or privacy is naive, a "big mistake," and I "strongly disagree."

Blaming the Internet for terrorism is like blaming money for corruption or blaming guns for murders; it's "dumb." Not all people who have money are corrupt and not all who have guns are murderers. Not all of us on the Internet are terrorists. No amount of monitoring, regulating, or censoring will change the behavior of people who wield those things for evil.

You may be wondering why some italicized words are in quotation marks. They are search terms that attorneys investigating Lehman Brothers had used to dig through 34 million pages of documents. Use those words paired with others listed in the examiner's report from pages 158 - 284 and you could be busted for incriminating correspondence. It's a "significantly" long list.



I'm not sure how they do this (and avoid lawsuits) but they seem to have a good selection of classics and contemporary novels.

http://www.killerstartups.com/Web20/readanybook-com-read-all-the-books-you-want

ReadAnyBook.com - Read All The Books You Want

http://www.readanybook.com/

Read Any Book is an online repository of books ranging far and wide. Titles that go from classics literary works to the newest pieces of fiction are included. You can find titles such as Grabriel García Márquez’s “One Hundred Years Of Solitude” and Louisa May Alcott’s “Little Women” as easily and naturally as you can find books like the ones making the “Twilight” saga and the latest titles by Dan Brown. And once you have found something that you like, you can proceed to read the book right on your browser - there is no need to download anything. You don’t have to download the book, and you don’t have to download a tool for reading it either. It is all supplied on the site.



For my Statistics class

http://www.bls.gov/news.release/atus.nr0.htm

American Time Use Survey Summary

[Fun statistics, like this:

On the days that they worked, 24 percent of employed persons did some or all of their work at home, and 84 percent did some or all of their work at their workplace. Men and women were about equally likely to do some or all of their work at home.



May be useful for students too

http://www.freetech4teachers.com/2010/06/bounce-share-and-collaborate-on-screen.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+freetech4teachers%2FcGEY+%28Free+Technology+for+Teachers%29

Bounce - Share and Collaborate on Screen Captures

Bounce is a neat application that not only allows you to make annotated screen captures of websites but also allows you to instantly share those screen captures with others. To use Bounce, type in the url of any website then click "Bounce." Bounce will then create an image of that website on which you can draw boxes and annotate those boxes. You can create as many boxes and notes as you like. When you're done creating notes, Bounce will provide you with a unique url for your screen captures that you can share with others. If you create a Bounce account (optional) you and other Bounce users can annotate the same screen capture.



For my Website students and those who rely on cartoons for all their knowledge of the world...

http://www.freetech4teachers.com/2010/06/animated-explanations.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+freetech4teachers%2FcGEY+%28Free+Technology+for+Teachers%29

Animated Explanations

Animated Explanations is a website for finding animated explanations of topics and concepts in the fields of health, technology, and work. The animations can be embedded in your blog or website.



In my case, this would be almost as good as encryption.

http://www.makeuseof.com/tag/create-a-font-from-your-own-handwriting-and-use-it-to-send-emails/

Create A Font From Your Own Handwriting and Use It To Send Emails

There is a new website called PilotHandwriting that allows you to create a font out of your own handwriting and send emails (or letters as they call them) with it.

I will show you how it works and how to capture the text for use in your own images using a little bit of a workaround. We have to use that workaround because as of now, PilotHandwriting does not allow you to download your font. If you are looking to be able to download the font for use in your word processing application then check out 2 Free Tools To Make Your Own Text Font.



MakeUseOf does good guides!

http://www.makeuseof.com/tag/ultimate-guide-gmail-pdf/

The Ultimate Guide To Gmail [PDF]

So get your Gmail game on and download MakeUseOf’s Ultimate Guide To Gmail now or read it online at Scribd.

Friday, June 25, 2010

"Gummints makes they own rules.” I wonder if they'll bother checking to see if the data is real?

http://www.databreaches.net/?p=12260

Spain uses stolen HSBC data for tax probe

June 25, 2010 by admin

Spain has become the latest country to tap data stolen from HSBC’s Swiss private banking arm by an IT employee to hunt down tax evaders…. according to local media reports, details on around 3000 accounts, which could hold around EUR6 billion, have been given to Spanish authorities.

More on Finextra.



This would change quickly if more than a very small percentage of customers refused the pizza on those terms. Unfortunately this suggests that they don't. Looks like a great tool for identity theft!

http://www.pogowasright.org/?p=11854

Domino’s Delivery Guy Demanded My Social Security Number

June 25, 2010 by Dissent

Is Domino’s trying to cut down on credit card fraud by demanding customers provide some ID? Phil Villarreal writes on the Consumerist:

Brent says the Domino’s dude wouldn’t let him pay with a credit card unless he offered up his Social Security Number or driver’s license number. Since Brent was smart enough to know you only give such information to Girl Scouts and those guys who go to door-to-door selling magazine subscriptions, he checked it out with his local Domino’s, which told him the nosyness is store policy.

Read more on The Consumerist.

Domino’s is not the only one to do this, of course. A few months ago, The Consumerist posted a similar complaint about Pizza Hut.

My understanding is that merchants can request cardholder ID but cannot decline a card-present transaction if the customer doesn’t produce ID. Is that your understanding, too?



I'm shocked! Are they actually insisting that you deliver what you promise? What a concept!

http://www.pogowasright.org/?p=11834

Twitter Settles Charges that it Failed to Protect Consumers’ Personal Information

June 24, 2010 by Dissent

Social networking service Twitter has agreed to settle Federal Trade Commission charges that it deceived consumers and put their privacy at risk by failing to safeguard their personal information, marking the 30th case the FTC has brought targeting faulty data security, and the agency’s first such case against a social networking service.

The FTC’s complaint against Twitter charges that serious lapses in the company’s data security allowed hackers to obtain administrative control of Twitter, including access to tweets that consumers had designated private, and the ability to send out phony tweets pretending to be from then-President-elect Barack Obama and Fox News, among others.

“When a company promises consumers that their personal information is secure, it must live up to that promise,” said David Vladeck, Director of the FTC’s Bureau of Consumer Protection. “Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations. Consumers who use social networking sites may choose to share some information with others, but they still have a right to expect that their personal information will be kept private and secure.”



...so, is being a bigot sufficient? What criteria would qualify for anonymity?

http://www.pogowasright.org/?p=11841

U.S. Supreme Court: No right to privacy for signing petitions

June 24, 2010 by Dissent

Tom Goldstein of SCOTUSblog reports on the Supreme Court’s decision in the case of those who wanted to keep their signatures on a petition shielded from public scrutiny:

By a broad eight-to-one majority in an opinion by the Chief Justice, the Supreme Court today held in Doe v. Reed that signatories of referendum petitions generally do not have a constitutional right i.e., a right that would trump state open government laws – to keep their identities private. But the Court held – again, by the same broad majority – that courts should consider in any given case whether a particular referendum presents sufficiently unique circumstances that anonymity is required. It therefore permitted the claim to anonymity in this case, which involves a referendum on gay rights, to proceed in the lower courts. But their chances of prevailing appear very slim, as five members of the Court either expressed significant doubts about their claim or expressly rejected it.

Read more on SCOTUSblog. The opinion is online on the Supreme Court’s web site, here (pdf).

[From the SCOTUS Blog:

Signing a petition, the Court reasoned, is an expressive act – expression of a political view – that implicates the First Amendment. That said, the level of scrutiny must account for states’ wide latitude in implementing their voting systems, as well as the fact that disclosure does not itself prevent speech.



In some ways this is 1984-like In some ways this is Google-like Could it be a case of the Emperor preempting comments on his wardrobe?

http://yro.slashdot.org/story/10/06/24/1837202/Canadian-Arrested-Over-Plans-to-Test-G20-Security?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Canadian Arrested Over Plans to Test G20 Security

Posted by timothy on Thursday June 24, @03:25PM

"Byron Sonne, of Toronto, was arrested today by a task force of around 50 police officers associated with the G20 summit taking place this week. An independent contractor, IT security specialist and private investigator, he had notable ties to the Toronto technology and security communities. According to friends and associates, he had been purchasing goods online and speaking with security groups about building devices to collect unencrypted police broadcasts and relay them through Twitter, as well as other activities designed to test the security of the G20 summit. By all accounts, it would appear that Mr. Sonne had no actual malicious intent. In Canada, the summit has been garnering significant press for the cost and invasive nature of the security measures taken." "

By all accounts" may not be quite right; the charges against Sonne, exaggerated or not, involve weapons, explosives, and intimidation.

[From the article:

Sonne appeared in court Wednesday afternoon, but the details are subject to a publication ban.

[Interesting too, is this:

This story is closed to commenting.



Speaking of Google-like, is this the act of a friend? “We don't think that app is very cool, so we deleted it for you.” on the other hand, this would be a fun application to hack!

http://mobile.slashdot.org/story/10/06/25/0142231/Google-Remotely-Nukes-Apps-From-Android-Phones?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Google Remotely Nukes Apps From Android Phones

Posted by timothy on Friday June 25, @08:05AM

"Google disclosed in a blog post on Thursday that it remotely removed two applications from Android phones that ran contrary to the terms of the Android Market. From the post: 'Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them. After the researcher voluntarily removed these applications from Android Market, we decided, per the Android Market Terms of Service, to exercise our remote application removal feature on the remaining installed copies to complete the cleanup.' The blog post comes a day after security vendor SMobile Systems published a report saying that 20% of Android apps are malicious."



Worth more review that I've given it so far.

http://www.bespacific.com/mt/archives/024564.html

June 24, 2010

The Protecting Cyberspace as a National Asset Act of 2010

The Protecting Cyberspace as a National Asset Act of 2010 - This webpage links to facts sheets, summaries, comparisons and other relevant documents on this controversial legislation.

  • United States Senate Committee on Homeland Security and Governmental Affairs, Senator Joseph I. Lieberman, Chairman, Senator Susan M. Collins, Ranking Member: "Our proposed legislation would modernize efforts to safeguard the nation’s cyberspace networks by creating a more robust organizational structure. This framework would enhance public-private partnerships to build preparedness and resiliency, strengthen the security of federal systems and improve awareness of cyberthreats across the country."



Headlines like this catch my attention and generally disappoint, but in this case it may point to a tool for data analysis (and not just for Big Brother) Wouldn't e-Discovery benefit from a tool like this?

http://techcrunch.com/2010/06/25/palantir-the-next-billion-dollar-company-raises-90-million/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Palantir did not disclose whether it’s profitable, the company says revenues have at least doubled every year for the last three years. And yet this nearly billion dollar company— yes, that’s billion with a big fat “B”— remains a wallflower in Silicon Valley.

… It is an obtuse, difficult-to-explain product that is mainly used in Washington— the government makes up 70% of its business and the rest is dominated by private financial institutions. That may sound painfully boring but Palantir’s user-friendly analysis program is becoming a major player in the war against terrorism and cyber espionage, stimulus spending accountability (Palantir is literally powering the administration’s efforts to identify fraud in stimulus projects), health care, and even natural disasters like the recent earthquake in Haiti.

,,, The fundamental point of Palantir is to take reams of data and help non-technical users see critical connections and ultimately, the answers to complex problems. The product is a child of PayPal, born from the start up’s methodology for combating fraud:

If everyone’s an engineer, who sells the product?

The answer is no one.

There is no publicist, no sales or marketing team and Karp adamantly believes that there will never be one. He says he is perfectly content to let word of mouth drive his business, in press and in sales.



Dilbert illustrates one of the small joys of a long PowerPoint presentation...

http://dilbert.com/strips/comic/2010-06-25/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+DilbertDailyStrip+%28Dilbert+Daily+Strip%29

Thursday, June 24, 2010

Can't wait for mandatory Health Care databases? Still trust them thar lawyer types?

http://www.databreaches.net/?p=12238

Personal data accessed on Blue Cross website

June 23, 2010 by admin

Courtney Perkes reports:

More than 200,000 Anthem Blue Cross customers this week received letters informing them that their personal information might have been accessed during a security breach of the company’s Web site.

Only customers who had pending insurance applications in the system are being contacted because information was viewed through an on-line tool that allows users to track the status of their application.

Cathy Luckett of San Juan Capistrano was dismayed to learn that Social Security and credit card numbers were potentially viewed.

[...]

Anthem spokeswoman Cynthia Sanders said the confidential information was briefly accessed, [Just long enough to copy it? Bob] primarily by attorneys [Lawyers got hacking skills? Go figure! Bob] seeking information for a class action lawsuit against the insurer. She said it’s unclear how many customers’ information was viewed, but that letters were sent to 230,000 Californians out of an “abundance of caution.

Read more in the Orange County Register. The company reports that an upgrade was not really secure, despite them having been assured it was. [They taught me that I had to test security rather than rely on the word of a salesman... Bob]

I could not find any notice on Anthem’s web site at the time of this posting. Nor is the incident reported on HHS/OCR’s web site yet.



Old breaches never die...

http://www.databreaches.net/?p=12242

TX: Cases of identity theft reported

June 24, 2010 by admin

Thayer Evans has a report on fraud reports out of Texas that reminds us that sometimes fraud may not occur until years after a compromise or breach:

League City police have received 15 to 20 reports of identity theft in the last two to three weeks, League City Police Lt. Bruce Whitten said.

[...]

The thieves used the victims’ personal information obtained through a subsidiary of a local bank and obtained the credit or debit cards in their names without their knowledge, Whitten said.

[...]

Whitten declined to provide the name of the area bank, citing an ongoing investigation, but said the personal information was compromised by the subsidiary years ago. The bank is aware of the breach and is working to address it, he said.

Several months ago, the bank had a rash of League City victims in the same type of identity theft, but the unauthorized charges were then made in Illinois, Whitten said.

Read more on Ultimate Clear Lake.

So…. if the breach occurred years ago, was the subsidiary aware of it at that time? If so, what did they do? And if they first became aware of it several months ago after the fraud reports from Illinois, what did they do then? Was the compromise a matter of insider theft of personal info that is first being used now, or was the compromise a key logger that has sat on their system undetected for years, or….? We need more information on this one.



What would Plato do?

http://www.pogowasright.org/?p=11818

Does Surveillance Make Us Morally Better?

June 24, 2010 by Dissent

Philosophy professor Emrys Westacott has an essay on surveillance on Philosophy Now. One snippet:

But there is another perspective – the one informed by Kantian ethics. On this view, increased surveillance may carry certain utilitarian benefits, but the price we pay is a diminution of our moral character. Yes, we do the wrong thing less often; in that sense, surveillance might seem to make us better. But it also stunts our growth as moral individuals.

[From the essay:

These musings are intended to frame a set of questions: What is the likely impact of ubiquitous surveillance on our moral personalities? How might the advent of the surveillance society affect a person’s moral education and development? How does it alter the opportunities for moral growth? Does it render obsolete the Kantian emphasis on acting from a sense of duty as opposed to acting out of self-interest? Such questions fall under the rubric of a new field of research called Surveillance Impact Assessment.


(Related) I don't see how it improves the quality of care, but it certainly documents a variety of failures including under-staffing and failure to respond in a timely manner.

http://www.pogowasright.org/?p=11822

RFID Tags for Nurses, then Everybody?

June 24, 2010 by Dissent

Frank Pasquale writes:

As an opinion piece by Theresa Brown explains, maintaining proper staffing levels in hospitals is becoming increasingly difficult. Surveillance systems are offering one way to address the problem; work can be performed more intensively and efficiently as it is recorded and studied. But such monitoring has many troubling implications, according to Torin Monahan (in his excellent book, Surveillance in a Time of Insecurity):

The tracking of people [via Radio Frequency Identification Tags] represents a . . . mechanism of surveillance and social control in hospital settings. This includes the tagging of patients and hospital staff. . . . When administrators demand the tagging of nurses themselves, the level of surveillance can become oppressive. . . . [because nurses face] labor intensification, job insecurity, undesired scrutiny, and privacy loss. . . . To date, such efforts at top-down micromanagement of staff by means of RFID have met with resistance. . . . One desired feature for nurses and others is an ‘off’ switch on each RFID badge so that they can take breaks without subjecting themselves to remote tracking. (122)

Read more on Concurring Opinions.


(Related)

http://www.docuticker.com/?p=36048

Improving the Quality and Cost of Healthcare Delivery: The Potential of Radio Frequency Identification (RFID) Technology



General background on political thinking?

http://www.pogowasright.org/?p=11807

Live from the House: Conversation with Reps. Boucher and Stearns about the Boucher Bill

June 23, 2010 by Dissent

Danielle Citron writes:

On the Hill today, Chris Wolf and Jules Polonetsky, co-chairs of the think tank The Future of Privacy, moderated a discussion about the notice-and-choice Boucher bill (see my post here) with its co-sponsors Representatives Rick Boucher and Cliff Stearns. Of note, the Representatives shared what motivated them to write the bill. Both seemingly saw the bill as honoring the American ethos of the “lone-rights bearer” (in the words of Mary Ann Glendon’s brilliant Rights Talk: The Impoverishment of Political Discourse). Boucher underscored that Americans are “exceptional” in their interest in individual rights, that we differ from other countries’ more “community-centered” ethos. As Boucher explained, the notice-and-choice privacy bill would empower individuals to make meaningful choices about their privacy tastes. [Privacy is a matter of “taste?” Bob] This, in turn, would inspire greater trust in e-commerce providers and encourage business. Stearns warned of the “disturbing” profiling that online (and presumably offline) companies do. He noted that with such profiles, online providers and advertisers could manipulate our behavior. [Horrible! They could convince you to vote for a Democrat? Bob] For Stearns, these practices risked the “mathematical modeling of humanity.” As Stearns explained, the bill would empower Americans to learn about these practices and make educated choices about the collection, use, and disclosure of their personal information.

Read more on Concurring Opinions.


(Related) Is this an opposite opinion?

http://www.pogowasright.org/?p=11820

Article: Fulfilling Government 2.0’s Promise with Robust Privacy Protections

June 24, 2010 by Dissent

Danielle Citron has an article in the George Washington Law Review that is available online: Fulfilling Government 2.0’s Promise with Robust Privacy Protections, 78 Geo. Wash. L. Rev. 822 (2010). Here’s the abstract:

The public can now friend the White House and scores of agencies on social networks, virtual worlds, and video-sharing sites. The Obama Administration sees this trend as crucial to enhancing governmental transparency, public participation, and collaboration. As the President has underscored, government needs to tap into the public’s expertise because it does not have all of the answers.

To be sure, Government 2.0 might improve civic engagement. But it also might produce privacy vulnerabilities because agencies often gain access to individuals’ social-network profiles, photographs, videos, and contact lists when interacting with them online. Little would prevent agencies from using and sharing individuals’ social-media data for more than policymaking, including law-enforcement, immigration, tax, and benefits matters. Although people may be prepared to share their views on health care and the environment with agencies and executive departments, they may be dismayed to learn that such policy collaborations carry a risk of government surveillance.

This Essay argues that government should refrain from accessing individuals’ social-media data on Government 2.0 sites. Agencies should treat these sites as one-way mirrors, where individuals can see government’s activities and engage in policy discussions but where government cannot use, collect, or distribute individuals’ social-media information. A one-way mirror policy would facilitate democratic discourse, enhance government accountability, and protect privacy.



...no doubt because of the “Do no evil” motto. Beats Rupert Murdock's “give me your money” motto.

http://news.slashdot.org/story/10/06/24/0116240/Study-Finds-Google-Is-More-Trusted-Than-Traditional-Media?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Study Finds Google Is More Trusted Than Traditional Media

Posted by samzenpus on Thursday June 24, @05:06AM

According to a study by market research company Zogby International, people trust Google, Apple, and Microsoft more than the traditional media. Social networking sites such as Facebook and Twitter scored lowest on the trust scale, but still soundly beat the media. From the article: "The traditional media received little sympathy from the public, with only eight percent of all adults and six percent of young adults saying they trusted them."



Imagine what they could do if all the work was outsourced to India...

http://www.bespacific.com/mt/archives/024552.html

June 23, 2010

Law Firms in Transition 2010 - An Altman Weil Flash Survey

"The newly released Altman Weil Flash Survey, Law Firms in Transition 2010 found a clear consensus emerging among US law firms on changes in the profession. Over 75% of firms surveyed indicate that they believe that more price competition, more non-hourly billing and the use of project management to improve efficiency of service delivery will be permanent changes in the legal landscape."

[From the survey:

The majority of law firms do not expect the changes to negatively affect their bottom line. In fact, only 27% of those surveyed believe that lower profits per partner will result.

[How could this be, you ask? Bob]

Partnership in US law firms is now harder to attain and will remain so according to the survey.



This is interesting. I'll probably integrate it into several of my classes.

http://egotvonline.com/2010/06/22/9-types-of-websites-that-encapsulate-the-internet/

9 Types of Websites That Encapsulate the Internet

[Also has a couple of pithy quotes:

  • A decade of internet phenomenon has demonstrated to us that the dumber and less important the thing being shared is, the faster it will spread. Isn’t that right, keyboard cat?

  • In 2006 (dated, I know) online porn took in $97 billion. That was more than Google, Yahoo, Microsoft, Amazon, Apple, and Netflix raked in combined.



Geeky stuff for non-geeks

http://www.killerstartups.com/Web20/knowledgewebb-net-getting-acquainted-with-technology

Knowledgewebb.net - Getting Acquainted With Technology

http://www.knowledgewebb.net/

It is unfortunate, but getting acquainted with technology does not lie within everybody’s grasp. There are people who can’t understand social media tools no matter how hard they try. Rather, they do get the concepts but they fail to see how tools of such nature could have a positive impact in their lives. And the same goes for most applications that you could think of. Grasping what they do is one thing. Putting that knowledge into practice is another.

And showing people how to put that knowledge into practice is the objective of Knowledgewebb. We could define it as a training site that explains in layman’s terms how to best use different digital media tools. At the same time, it comes complete with an ever-updated section that is dedicated to tech news and trends.

The site is wrapped up by a section that lets you chat live with an expert, and another in which community discussions take place. And you would be glad to know that live chats can be replayed as many times as you want.

Wednesday, June 23, 2010

So, this is like screaming “Fire” in a crowded theater? If there is a fire, you're a hero. If you do it for amusement, you can amuse yourself for a few months in a cell with Billy-Bubba.

http://www.pogowasright.org/?p=11784

Illinois court rejects Dendrite standard

June 22, 2010 by Dissent

It seems like just yesterday I was noting some progress in the courts in protecting online anonymous speech. Then today I came across this article by Douglas Lee about how the Illinois Court of Appeals rejected the Dendrite and Cahill standards in a case where anonymous online posters accused individuals of bribing public officials:

It’s cases like Maxon v. Ottawa Publishing Company that test what we’re willing to accept in the name of free speech.

[...]

In Maxon, Donald and Janet Maxon asked Ottawa, Ill., to change its ordinances so as to allow bed-and-breakfast establishments in residential areas. The local newspaper covered the city’s consideration of the request, and several readers posted comments on the issue on the newspaper’s Web site. To post a comment, a person had to register only with an e-mail address. Registrants did not have to give the newspaper their real names and could post comments under pseudonyms or screen names that did not reveal their identities.

Mary1955, FabFive from Ottawa, and birdie1 commented on the bed-and-breakfast issue frequently, expressing their opposition to the Maxons’ request and their displeasure with the city officials considering it. At one time or another, all three suggested the Maxons had bribed some of the officials.

[...]

The Maxons responded by filing a petition for discovery, a procedure under Illinois Supreme Court Rule 224 that allows parties to learn the identity of potential defendants before filing suit. In this case, the Maxons sought from the newspaper all information that would allow them to identify the three posters.

The trial court, relying on decisions from courts in New Jersey and Delaware, denied the petition, ruling that courts must take special precautions to protect the anonymity of Internet posters.

[...]

The Maxons appealed the trial court’s ruling to the Illinois Appellate Court, and on June 1 that court reversed. In a 2-1 decision, the court refused to follow Dendrite and Cahill, holding that the test applied in those cases misguidedly offered anonymous Internet speakers more protection from defamation claims than the law provided speakers who identified themselves.

[...]

Moreover, the court said, no reason exists to balance “the rights of the speaker to anonymity against the rights of a would-be plaintiff.” While acknowledging that “certain types of anonymous speech are constitutionally protected,” the court said “it is overly broad to assert that anonymous speech, in and of itself, warrants constitutional protection.”

Rather, the court held, anonymous Internet speakers enjoy the same protections from defamation claims as identified speakers — but not more. “[O]nce the petitioner has made out a prima facie case for defamation, the potential defendant has no first-amendment right to balance against the petitioner’s right to seek redress for damage to his reputation, as it is well settled that there is no first-amendment right to defame.” Therefore, “given that there is no constitutional right to defame, we find no need for the additional procedural requirements articulated in the Dendrite-Cahill test.”

[...]

Read more on the First Amendment Center.



Isn't this the equivalent of wearing a Raiders jersey to a Broncos game and “trusting” everyone to ignore it? If ignorance of the law is no excuse, isn't ignorance of technology (any tool you use) also inexcusable?

http://www.wired.com/threatlevel/2010/06/packet-sniffing-laws-murky/

Packet-Sniffing Laws Murky as Open Wi-Fi Proliferates

Starbucks is rolling out free, unsecured Wi-Fi access at about 7,000 coffee shops across the United States beginning July 1. But will there be packet-sniffing with your latte?

… Google, in response to government inquiries and lawsuits, claims it is lawful to use packet-sniffing tools readily available on the internet to spy on and download payload data from others using the same open Wi-Fi access point.

“We believe it does not violate U.S. law to collect payload data from networks that are configured to be openly accessible (.pdf) (i.e., not secured by encryption and thus accessible by any user’s device). We emphasize that being lawful and being the right thing to do are two different things, and that collecting payload data was a mistake for which we are profoundly sorry,” Google wrote Congress.

… There’s no way to say how many unsecured hot spots dot the United States. McDonald’s announced in January that it would provide unsecured Wi-Fi access in 11,000 restaurants, and more businesses are expected to follow.

So far, government regulators aren’t sure whether Google committed any legal wrongdoing. Connecticut Attorney General Richard Blumenthal announced Monday that as many as 30 attorneys general were examining the lawfulness of Google’s actions. But Blumenthal never said the Mountain View, California, internet giant’s activities were unlawful, going so far as to say they were “potentially impermissible.”

… Joel Gurin, the Federal Communications Commission’s government affairs chief, said “Google’s behavior also raises important concerns. Whether intentional or not, collecting information sent over Wi-Fi networks clearly infringes on consumer privacy.”

Like Blumenthal, Gurin stopped short of declaring such snooping unlawful and instead reminded consumers to be wary of open Wi-Fi networks.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, believes Google’s actions amount to wiretapping, and he asked the FCC to investigate.

What’s more, Rotenberg said U.S. policy should clearly spell out that such activity is illegal [even if that conflicts with the law? Bob] — all in a bid to encourage free Wi-Fi access and protect privacy.

“Telling everybody to race around and lock up their hot spots misses the point,” he said.

… The closest court ruling was in January, when an Oregon federal judge ruled evidence of child pornography found on a local man’s computer through his open Wi-Fi network could be used against him in court, absent a warrant. In arguing to uphold the warrantless computer search, the government said privacy interests were nullified with unsecured Wi-Fi networks.


(Related) This is the opposite of a “Please don't take advantage of the poor dumb schmucks” law.

http://news.cnet.com/8301-1009_3-20008539-83.html?part=rss&subj=news&tag=2547-1_3-0-20

Aussie ISPs to cut off unsafe Web users?

An Australian government report into cybercrime has recommended that Internet service providers force customers to use antivirus and firewall software or risk being disconnected.

Belinda Neal, committee chair, said in her introduction to the 262-page report, titled "Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime," that due to the exponential growth of malware and other forms of cybercrime in recent years, "the expectation that end users should or can bear the sole responsibility for their own personal online security is no longer a tenable proposition."

[The report is available here:



It's all about trust – trust me.

http://techcrunch.com/2010/06/23/facebook-twitter-app-users/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Facebook Has Been Massively Underreporting Twitter App Users — By Over 6 Million

… As Inside Facebook (another site under InsideNetwork) noted yesterday, some change Facebook recently made appears to have corrected the stats for a number of apps. The aforementioned Facebook for Android shot up to 4.7 million MAU from its 67 — a 7 percent increase. The other big increase in the top 10 gainers? Twitter, which went from it’s previously reported number of just over 400,000 users, to nearly 7 million — a change of over 1,300 percent. And the app still appears to be growing pretty fast. The Twitter app’s own page on Facebook now confirms this new number.



This is not behavioral advertising, it's the Internet equivalent of flyers stuck on your door. (Now we need a mobile app to stick them under your windshield wherever you roam...)

http://yro.slashdot.org/story/10/06/23/0250219/Coming-Soon-Web-Ads-Tailored-To-Your-Zip4?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Coming Soon, Web Ads Tailored To Your Zip+4

Posted by kdawson on Wednesday June 23, @08:17AM

On the heels of Apple's intention to collect and sell detailed location data comes word that Juniper is putting together technology that will allow any ISP to present you to advertisers by your Zip+4. An anonymous reader sends this snip from Wired:

"Your Internet service provider knows where you live, and soon, it will have a way to sell your zip code to advertisers so they can target ads by neighborhood. If your local pizza joint wants to find you, they will have a new way to do that. National advertisers will be able to market directly to neighborhoods with like characteristics across the whole country using demographic data they've been gathering for decades. ... Juniper Networks, which sells routers to ISPs, plans to start selling them add-on technology from digital marketer Feeva that affixes a tag inside the HTTP header, consisting of each user's 'zip+4' — a nine-digit zipcode that offers more accuracy than five-digit codes. Juniper hopes to sell the software to ISPs starting this summer, having announced a partnership with Feeva earlier this year."



Since nobody reads them, my Terms of Service require you to include me in you Will

http://www.eff.org/deeplinks/2010/06/its-your-data-its-your-bot-its-not-crime

It's Your Data, It's Your Bot: It's Not A Crime

Can public websites decide who is and is not a criminal through their terms of service? A brief EFF filed yesterday argues no.

The amicus brief is a follow-up to one we filed last month in Facebook v. Power Ventures. Facebook claims that Power breaks California criminal law by offering users a tool that aggregates their own information across several social networking sites.

… This is not an esoteric business issue, because the legal theories Facebook is pushing forward would make it a crime not to comply with terms of service.



This is a big issue in Cloud Computing generally, not just social networks...

http://techcrunch.com/2010/06/23/data-portability-policy/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Why Every Site Should Have A Data Portability Policy

Editor’s note: Today the DataPortability Project announces PortabilityPolicy.org – the result of a 16 month effort that it hopes the industry will embrace. This guest post explains what a Portability Policy is, why your site should have a one, and why you should be looking for them. The author, Elias Bizannes, is the chairperson and executive director of the DataPortability Project.



This is an old scam, but it was harder to detect when computers and applications crashed frequently. Contracts used to have 'up-time' requirements...

http://yro.slashdot.org/story/10/06/23/0052259/Arrests-For-Selling-Poison-Ware-In-Spain?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Arrests For Selling Poison-Ware In Spain

Posted by kdawson on Tuesday June 22, @09:06PM

"Spain's FBI equivalent has arrested the management of a software company (Google translation; Spanish original) for selling custom software to small and medium-sized businesses with 'controlled errors' that resulted in the software bombing on a predetermined date. They would then charge for fixing the problem and press the client into buying a maintenance contract. More than 1,000 clients were affected."



“Oh, wait! Our biggest contributors don't like 'works' they can't charge for.”

http://yro.slashdot.org/story/10/06/22/1724254/Court-Takes-Away-Some-of-the-Public-Domain?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Court Takes Away Some of the Public Domain

Posted by kdawson on Tuesday June 22, @01:28PM

"In yet another bad ruling concerning copyright, a federal appeals court has overturned a lower court ruling, and said that it's okay for Congress retroactively to remove works from the public domain, even if publishers are already making use of those public-domain works. The lower court had said this was a First Amendment violation, but the appeals court said that if Congress felt taking away from the public domain was in its best interests, then there was no First Amendment violation at all. The ruling effectively says that Congress can violate the First Amendment, so long as it feels it has heard from enough people (in this case, RIAA and MPAA execs) to convince it that it needs to do what it has done."

TechDirt notes that the case will almost certainly be appealed.



Geeky stuff Including some potential security benefits.

http://developers.slashdot.org/story/10/06/23/1320221/How-HTML5-Will-Change-the-Web?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

How HTML5 Will Change the Web

Posted by CmdrTaco on Wednesday June 23, @09:40AM

"InfoWorld's Peter Wayner looks beyond the codec and plug-in wars to examine nine areas where HTML5 will have a significant impact on Web development. From enabling more interactive graphics, to tapping local file storage, to geolocation, HTML5 is rife with rich capabilities — and may even improve our ability to secure applications delivered via the Web, Wayner writes. But the most important impact of HTML5 will be its ability to simplify Web development itself: 'HTML5 offers one language (JavaScript), one data model (XML and DOM), and one set of layout rules (CSS) to bind text, audio, video, and graphics. The challenge of making something beautiful is still immense, but it's simpler to work with a unified standard.'"



An extremely interesting “Infographic” Seems I'll need a bigger thumbdrive...

http://gigaom.com/2010/06/22/cloud-computing/

The Big Shift: The Rise of Cloud Computing

For more cloud computing research, see GigaOM Pro (sub req’d). Or join the GigaOM Network at its annual cloud-focused conference, Structure, this Wednesday and Thursday in San Francisco.



These are for educational purposes only! (and I bought Playboy for the articles.)

http://www.makeuseof.com/tag/7-quick-casual-google-search-games/

7 Quick & Casual Games You Can Play On Google Search

Tuesday, June 22, 2010

The wave of the future? In the US, we have seen crooks add a card reader on top of a Point of Sale terminal and in some cases they have even replaced entire machines – but they had to return to collect the data. This method is far less likely to be detected and there is no risk when collecting the data.

http://www.databreaches.net/?p=12214

UK: Credit card fraudster hits 35,000 motorists in petrol station scam

June 21, 2010 by admin

Colin Fernandez reports:

A computer wizard branded ‘the most prolific chip and pin fraudster in the UK’ was jailed yesterday for four years.

Theogones De Montford, 29, stole the details of at least 35,000 motorists during a £725,000 scam targeting petrol stations.

He designed tiny circuit boards which he fitted inside chip and pin machines at checkouts at Shell and Texaco garages.

The bugs broadcast the PIN code and credit card details up to 20 miles away via bluetooth for De Montford to pick up using a laptop computer.

The software engineering student then sold them to credit card fraudsters in Britain and across the globe.

Read more in the Daily Mail.



As hard as it might be to believe, I learned something here.

http://www.concurringopinions.com/archives/2010/06/contracts-and-privacy.html

Contracts and Privacy

posted by Dave Hoffman

What is the relationship between public policy and contract damages? A few days back, I blogged about the curious case of Canadian Gabriella Nagy. Nagy, as you may recall, has sued her cellphone company Rogers Communications for $600,000 (Canadian), alleging “invasion of privacy and breach of contract.” According to Nagy, Rogers consolidated her cellphone bill into a global family statement without notifying her. This consolidation led her spouse to see she was calling another man with inordinate frequency, and she was forced to confess an affair. The marriage dissolved, and Nagy blamed the cellphone company.

I think the breach of contract lawsuit, if filed in an American court applying fairly ordinary domestic contract principles, would be a loser. Here are some reasons why.



This is the evil variation of “Opt In” called “Opt In or Else!”

http://apple.slashdot.org/story/10/06/22/0318202/Apple-Wants-To-Share-Your-Location-With-Others?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Apple Wants To Share Your Location With Others

Posted by kdawson on Tuesday June 22, @05:17AM

"In an updated version of its privacy policy, the company added a paragraph noting that once users agree, Apple and unspecified 'partners and licensees' may collect and store user location data. When users attempt to download apps or media from the iTunes store, they are prompted to agree to the new terms and conditions. Until they agree, they cannot download anything through the store. The company says the data is anonymous and does not personally identify users. Analysts have shown, however, that large, specific data sets can be used to identify people based on behavior patterns."

Mashable and The Consumerist have picked up on this collection and sharing of "precise location data, including the real-time geographic location of your Apple computer or device."



A peek at Behavioral Advertising and a potential “Do Not Entice Me” option?

http://www.wired.com/epicenter/2010/06/targeted-ads-will-let-you-spy-on-them-for-a-change/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Targeted Ads Will Let You Spy on Them for a Change

Advertisers have grown much more sophisticated since the early days of the web and can now target us with increasing precision using a wider range of behavioral data than ever before. In spite of that – or perhaps because of it – the advertising industry plans to start including a transparent mechanism this summer that can give you a hint as to why particular advertisements found you and provide unprecedented controls to control or even stop them.

The solution dictates that ad networks include a standard icon within web-based ads that lets users access their behavioral profile on the ad network in question. Users will also be able to opt out from being targeted by ads that rely on their profiles.

… If advertisers fail to do so, they could face harsher rules, such as limitations on what sorts of data they can collect in the first place (including health and financial), regardless of how they use it.

… Was it those airplane tickets to Costa Rica, your twice-daily coffee habit, your hyper-caffeinated web surfing style, or nothing in particular that caused a coffee ad to target you? This initiative won’t tell you — but it will tell you that advertisers know you love coffee, and let you force them to stop using that information to target you with ads, assuming that’s what you want.

Of course, once you’ve also told an ad network that you’re suspicious of targeted advertising, you’ve also identified yourself as the perfect recipient of identity theft prevention advertisements. (They wouldn’t… would they?)



Apparently there will be a limit to the security I can employ. This is a variation of “People are too stupid to know what's good for them,” so we (bureaucracies) must force them to do it our way. If they can not read my search terms, how can they “protect” me from all the evil I might (inadvertently, of course) bring down upon my head? I might even be exposed to (gasp!) Republicans!

http://yro.slashdot.org/story/10/06/22/0032243/Schools-Filtering-Companies-Blocking-Google-SSL?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Schools, Filtering Companies Blocking Google SSL

Posted by kdawson on Monday June 21, @09:49PM

"Over the past several weeks we've discussed the rolling out of Google SSL search. Now an obstacle to the rollout has arisen, much to the frustration of school students and teachers alike. Content filter vendors have decided to block all Google SSL traffic — which also blocks access to Google Apps for Education. Google is working to appease these vendors. The questions at the heart of this situation are: Does a company (school, government) have a right to restrict SSL traffic so it can snoop your data, or does an individual have a right to encrypted Internet facilities? And, is the search data you create your data, or is it your employer's (school's)? IANAL but blocking SSL search seems at odds with the UK Data Protection Act, because some local governments here may be using the very same filtering service for their employees. It would also seem to go against the spirit of FIPS in the US (though I appreciate that federal standards are separate from schools in the States)."



For my geeks...

http://www.thetechherald.com/article.php/201025/5772/Dell-in-talks-with-Google-regarding-Chrome-OS

Dell in talks with Google regarding Chrome OS

by Stevie Smith - Jun 22 2010, 07:12

As tech heavyweight Google prepares to launch its cloud-based Chrome operating system (OS) against the market dominance of Microsoft Windows, it would appear yet more leading hardware vendors are considering the possibility of embracing the upstart platform.



I rarely mention services that aren't free, but this one looks too interesting to ignore.

http://www.killerstartups.com/Video-Music-Photo/criticalpast-com-videos-going-as-far-back-as-1890

CriticalPast.com - Videos Going As Far Back as 1890

http://www.criticalpast.com/

In theory, this is a site that will be appealing to historians most of all, but I frankly see no reason why the average Joe wouldn’t get anything out of it. To put it in very simple words, Critical Past is like YouTube for videos going way back in history up to 1890. Every decade from that until 1990 is touched upon, and the idea is that you can search the site much like you can search YouTube and do research (in case you are a historian) or learn more about the way the world looked way back (if you are an average internaut).

The one and only drawback (and the most ineluctable argument if we were to veto the general appeal that a site like this one could have) is that you necessarily have to pay to use it. There are two different plans that you could go for: “Pro” and “Consumer”, and while the price of the latter is absolutely negligible (less than $ 2) we know how reluctant people are to spend money. But I hope I am wrong, and that people are not deterred by such a fact - the site is really professional and the content is a true source of amazement.



Remember to add a proper citation...

http://www.makeuseof.com/tag/10-downloaded-clipboard-apps-movers-shakers/

10 Most Downloaded Clipboard Apps [Movers & Shakers]

… This week we will be covering clipboard software. These applications help us work with or enhance using the Windows clipboard. This clipboard is normally activated by highlighting something and pressing CTRL + C or choosing copy from the right click context menu. We can then paste what we copied elsewhere.

But we also have applications that allow us to add multiple items to the clipboard or strip the formatting of what you are copying. Check the applications out below and if something that you use is not on the list hit us up in the comments.