Saturday, July 17, 2010

Do organizations rely on public apathy? Do they begin with the assumption that no one cares (or perhaps that no one understands?) Is it really better for negative information to dribble out, making headlines each time? Has no one read The Prince?

http://www.databreaches.net/?p=12531

IA: Buena Vista University reveals data breach (update 1)

July 16, 2010 by admin

Buena Vista University has had a data breach on campus. We engaged a nationally-recognized computer forensics team to conduct an investigation and learned someone gained unauthorized access to a BVU database. The information that this person could have accessed includes names, Social Security numbers and some driver’s license numbers of BVU students (applicants, former and current), parents, faculty/staff (current and former), alumni and some donor records. These records date back to 1987.

Although we have no evidence that any personal information has been misused or disclosed to other persons, we have notified via letter all university stakeholders whose personal information may have been accessed.

The letters contain information on how to access a one-year subscription to Experian’s Triple Alert, a credit monitoring service BVU is providing free of charge. The service provides timely alerts of any key changes to credit reports as well as fraud resolution assistance, if needed.

To enroll in the Experian services you will need the individual activation code contained in your letter. You can then enroll on the Experian website: http://partner.consumerinfo.com/buena or by calling an Experian representative toll-free at 866.252.0121. The enrollment deadline is August 20, 2010.

To determine if you will be among those notified, you may call the university at 866.450.4636, 8 a.m. to 5 p.m. CT, Monday-Friday.

We regularly review our security measures and processes and remain committed to maintaining the privacy and security of all confidential data. We are currently working with a nationally-recognized outside expert to mitigate any risk of potential harm and are taking the steps necessary to prevent any future unauthorized access to BVU’s information systems. The incident has now been referred to the U.S. Attorney for the District of Minnesota.

We deeply regret this incident and are committed to protecting the personal information of all our stakeholders.

Source: Buena Vista University. A sample of their notification letter is available here (pdf).

So what’s missing from their notification? Let’s see…

1. It doesn’t tell us when the breach/unauthorized access occurred.
2. It doesn’t tell us for how long the breach occurred.
3. It doesn’t tell us how and when BVU first became aware of the breach.
4. It doesn’t tell us how many individuals had data on the server.
5. It doesn’t tell us why the data on the server were not encrypted and whether they were supposed to have been encrypted.
6. It doesn’t tell us why data from over 20 years ago was still on a server connected to the Internet.

And why was this reported to the U.S. Attorney for the District of Minnesota instead of Iowa?

We’re missing a lot of information on this breach.

Update 1: Another source reports that the breach could affect 93,000.



They probably see this as “ensuring the user an excellent experience.” I look at it as an example of companies that don't want to surrender control of products they sell. If it's not a sale (if I can't do what I want with the phone) what is it?

http://hardware.slashdot.org/story/10/07/17/037259/Motorola-Says-eFuse-Doesnt-Permanently-Brick-Phones?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Motorola Says eFuse Doesn't Permanently Brick Phones

Posted by timothy on Saturday July 17, @01:48AM

"Motorola has responded to claims that eFuse is designed to brick your device if you attempt to mod it or install unauthorized bootloaders. Yes, the device will still not operate with unauthorized software, but it will only go into recovery mode until you reinstall the authorized software. According to Motorola: 'If a device attempts to boot with unapproved software, it will go into recovery mode, and can re-boot once approved software is re-installed.'"



This could be interesting. Try Freebase as a research tool...

http://www.betanews.com/article/Google-buys-Metaweb-to-improve-results-for-complex-search-queries/1279318024

Google buys Metaweb to improve results for complex search queries

Google moved to better its search results by acquiring Metaweb, a San Francisco based company that maintains an open database of "things," and their relationships to one another. Terms of the deal were not disclosed.

… The openness of Metaweb's database, dubbed Freebase, means that for the first time Google would begin to rely on data that wasn't compiled or managed in-house. The search company said the two companies would keep Freebase open. [http://www.freebase.com/]



For my Ethical Hacking mid-term exam.

http://news.cnet.com/8301-1009_3-20010809-83.html?part=rss&subj=news&tag=2547-1_3-0-20

Researcher: Photos from your gadget can leak your location

NEW YORK--Be warned: If you take a snapshot with your iPhone or other camera-enabled gadget, it may divulge more information about you than your photographic abilities.

At the Next HOPE hacker conference here on Friday, a security researcher demonstrated how he scanned over 2.5 million photo links posted to Twitter and extracted exact latitude and longitude coordinates embedded in over 65,000 photos -- typically without the user's knowledge.

"It's a privacy fail," says Ben Jackson of Mayhemic Labs, who plans to release the software and data collection this evening. [For the hacking toolkit. Bob]



A quick way to summarize a company.

http://www.huffingtonpost.com/brian-clark-howard/the-meteoric-rise-of-crai_b_649183.html

The Meteoric Rise of Craigslist (Infographic)

Love it or hate it, Craigslist is a Big Deal on the Internet. It has become the de facto place to look for housing, used goods, jobs and adult services. It has been blamed for taking classified advertising business away from struggling newspapers and facilitating sex trafficking (as well as at least a few murders). The guys from Online MBA have made this cool graphic about the juggernaut site



This may be what I need. Whenever I draw on the whiteboard, I see baffled looks on my student's faces. (even more than usual)

http://www.freetech4teachers.com/2010/07/simple-diagrams-free-diagram-creation.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+freetech4teachers%2FcGEY+%28Free+Technology+for+Teachers%29

Friday, July 16, 2010

Simple Diagrams - Free Diagram Creation Tool

Simple Diagrams offers a free tool that anyone can use to create diagrams using a combination of clip art, text, and free hand drawings. Simple Diagrams provides a large selection of shapes and drawings that you can drag and drop into your diagrams. You can adjust the size of each element you place in your diagram. Any element can also be altered by using the pencil drawing tool. The pencil tool can also be used to create a drawing from scratch

To use Simple Diagrams you do need to install the Simple Diagrams software. Simple Diagrams uses the Adobe Air platform which means you can install Simple Diagrams on both Mac and Windows computers. Simple Diagrams offers a free version and a paid version. The free version appears to offer plenty of tools for classroom use.



This looks handy! I send you a link that connects you to my list. I don't need to keep emailing you as I update that list.

http://www.makeuseof.com/dir/urlist-list-of-links

urlist: Create & Share Your List of Links

urlist is a brilliant website that makes sharing internet links even easier.

You start using urlist’s services by signing in either through your Google or Twitter account.

...URL lists can be extremely helpful whether it comes to research, showing a client some ideas, or sharing information on a particular subject with somebody. The site even has a bookmarklet which you can add to your browser’s bookmarks toolbar in order to easily add websites to your URL lists.

www.urli.st

Similar tools: Krunchd, BagTheWeb, DropVine, Shareaholic and Linkli.st.

Also read related articles: Build an Online Reading List with “Read It Later” and Send A List Of Links As A Single URL With 1Link.In.

Friday, July 16, 2010

Update. Fixing a large “data spill” is expensive and takes years to complete.

http://www.databreaches.net/?p=12507

MasterCard: Most banks agree to breach settlement

July 15, 2010 by admin

The Associated Press reports:

MasterCard Inc. said Thursday nearly all of the banks with claims related to a 2008 data security breach have agreed to accept a settlement.

The settlement, agreed to by MasterCard and credit card payment processor Heartland Payment Systems Inc., required at least 80 percent acceptance by MasterCard issuing banks. MasterCard said more than 99 percent agreed.

[...]

As part of the settlement, Heartland Payment Systems will pay MasterCard issuers $41.4 million to settle claims over the breach.

Read more on Businessweek.


(Related) Even the medium-small ones ain't cheep. (and may cost more on a “per victim” basis)

http://www.databreaches.net/?p=12522

(follow-up) TN: BlueCross completes analysis of data theft

July 16, 2010 by admin

Emily Bregel reports:

BlueCross BlueShield of Tennessee has wrapped up its assessment of customer data that was stolen in an October 2009 robbery of its abandoned Eastgate Town Center office.

The state’s largest health insurer has concluded that nearly 1 million BlueCross members were affected by the theft, the same number stated in an earlier report on the incident.

[...]

BlueCross has spent about $10 million contacting affected enrollees, investigating the theft and arranging for credit restoration services for affected members.

Read more in the Chattanooga Times Free Press.


(Related) If you don't store Primary Account Numbers, they can't be stolen.

http://www.databreaches.net/?p=12499

Visa To Acquirers: Stop Forcing PAN Retention

July 15, 2010 by admin

Evan Schuman writes:

Visa on Wednesday (July 14) sent a direct message to acquiring banks: Stop making retailers retain credit card information unless you want to stop servicing Visa. A key Visa security executive (Eduardo Perez, the head of global payment system security) said the brand is now merely “strongly encouraging [acquirers] to not require” retailers to store PANs but, by September, that might become an official edict.

Read more on StorefrontBacktalk.



“Hey, we can't figure it out – so it must be completely anonymous!”

http://www.pogowasright.org/?p=12155

AOL Responsible for Mass Disclosure of Data

July 16, 2010 by Dissent

More on the recent court opinion involving the lawsuit over AOL’s 1006 release of search query data that wasn’t as anonymous as they thought. Maria Dinzeo reports:

A federal judge found AOL accountable for disclosing personal information of 658,000 of its customers. U.S. District Judge Sandra Armstrong ruled that AOL’s accidental posting of its customers’ Social Security numbers, addresses, phone numbers and credit-card numbers violated its own privacy policy.

“Obviously, a reasonable consumer would have serious reservations about disclosing such sensitive data – or entering certain such queries – if he or she were aware that AOL, contrary to its privacy policy, would make such information readily available to the public, without the members’ knowledge or consent,” Judge Armstrong wrote.

Read more on Courthouse News. A copy of the court opinion can be found here (pdf). Previous coverage from 2006 – 2009 can be found in PogoWasRight.org’s archives.



It took them a while, but I think they are beginning to understand...

http://mainlinemedianews.com/articles/2010/07/14/main_line_times/news/doc4c3dd365ca352515264425.txt

All screenshot images nixed for LMSD

Published: Wednesday, July 14, 2010

In a 180-degree reversal, Lower Merion School District officials say they will now ban staff from taking screenshots to track lost or stolen computers.

Two weeks ago school officials said staff would still be able to take screenshots from stolen computers, under new guidelines being developed.


(Related) Now you too can spy on crooks – just like the Lower Merion School District!

http://www.makeuseof.com/tag/track-down-recover-stolen-laptop-the-thief-with-prey/

Track Down and Recover Your Stolen Laptop with Prey

Open source program Prey can do this for your computer quickly and easily, giving you the location of your computer via your on-board GPS chip or by analyzing nearby WiFi networks. Not only that, it will show you screenshots of what the thief is using your computer for. And if you have a webcam, even take a picture of them before they realize it, before you recover your stolen laptop.

We’ve reviewed similar programs before — Lalarm, Adeona and Firefox plugin Firefound, just to name a few. Prey differs from these in a few ways, but the most important one to keep in mind is that Prey is cross platform — meaning it works on Linux, Mac and Windows.



Beyond “Behavioral Advertising” As we begin to hook “things” into the internet, we have a greater ability to access, measure and record data. If that data is related to a particular individual, we can not only document behaviors (stepping on the gas rather than the brake) but begin to predict behaviors. Would you “opt in” to save 30% on your car insurance?

http://www.pogowasright.org/?p=12127

Pennsylvania balks at car insurer’s habits-based plan

July 16, 2010 by Dissent

Jeff Gelles reports:

If you’ve ever seen “Flo,” the cheerfully offbeat cashier in Progressive Insurance’s ad campaign, you probably know her shtick: that when it comes to auto insurance, Progressive strives to be a little bit different, too.

But Progressive’s latest attempt to distinguish itself in Pennsylvania – a plan to offer rates based on drivers’ habits, determined by connecting wireless monitors to their cars’ computers – has run into a roadblock.

The Ohio company says its usage-based “MyRate” plan offers drivers in other states, including New Jersey, discounts of up to 30 percent if they drive fewer miles, stay off the roads during the accident-prone hours after midnight, and avoid hard braking.

But Pennsylvania officials and Philadelphia’s consumer advocate raised questions about the plan, which Progressive says it has temporarily withdrawn.

Read more on Philly.com



A “special victims” list? Use their Ids in commission of a crime the government (Federal or Arizona) will assume they are guilty and deport them.

http://www.pogowasright.org/?p=12121

Utah database breached for suspected political motives

July 15, 2010 by Dissent

For those readers who do not also read DataBreaches.net, there’s a situation in Utah that is worthy of note here.

Yesterday, a list of 1300 allegedly illegal aliens was leaked to media outlets and others. By tonight, the state had determined that the list came from a database maintained by the state’s Department of Workforce Services. Over 1200 state employees have access to that database on a daily basis.

It is bad enough when state employees snoop in databases out of curiosity about celebrities, politicians, friends, and family. It is quite another thing when people are being named as illegal aliens — and there is already some indication that at least one of those named is a naturalized citizen. Latino groups have referred to this incident as “domestic terrorism.”

I’m not sure what I would call it, but this cannot stand. Those responsible for this breach need to be identified, fired, and prosecuted to the fullest extent of federal and state laws. No excuses. Government databases must be secured so that the public can trust them and this type of breach is particularly egregious in terms of destroying trust in the government’s ability to protect personal information.



Resources we should link to... Once again, I didn't make the cut.

http://mastersinhealthinformatics.com/2010/top-50-sites-to-learn-about-information-privacy/

Top 50 Sites to Learn About Information Privacy



Now define “personal” and “not always”

http://www.chicagotribune.com/news/chi-ap-wi-e-mailrecords,0,7816181.story

Wis. court says teacher e-mails are private

The Wisconsin Supreme Court says not all e-mails sent by public employees on their work computers should be made public.

In a 5-2 ruling on Friday the court says the content of government workers' personal e-mail messages are not part of government business and are therefore not always subject to the state open records law.

[The Opinion in HTML: http://www.wicourts.gov/sc/opinion/DisplayDocument.html?content=html&seqNo=52285

[The Opinion in PDF: http://www.wicourts.gov/sc/opinion/DisplayDocument.pdf?content=pdf&seqNo=52286



Tell us something we don't already know guys. What else does the Times think “isn't fair?”

http://www.businessinsider.com/no-the-government-should-not-regulate-googles-search-algorithm-2010-7

The New York Times Goes Nuts, Says The Government Should Regulate Google's Search Algorithm

The New York Times wants the government to start regulating Google's search business.

To be fair, the Times admits that forcing Google to get approval every time it tweaks its search algorithm -- as it does constantly -- would be impractical and stifling.

But, that aside, the Times thinks "it is worth exploring ways to ensure that the editorial policy guiding Google’s tweaks is solely intended to improve the quality of the results and not to help Google’s other businesses."

No, it really isn't.


(Related) Google had already responded to a similar article in the Financial Times (is the NYT guilty of editorial plagerism?)

http://googlepublicpolicy.blogspot.com/2010/07/our-op-ed-regulating-what-is-best-in.html

Do not neutralise the web’s endless search


(Related) Be careful what you wish for...

http://searchengineland.com/regulating-the-new-york-times-46521

The New York Times Algorithm & Why It Needs Government Regulation



1) This clearly create a business opportunity: A free website that allows anonymous comments. 2) If I pay to have my comments carried by the newspaper, under what circumstances can they refuse? If they don't refuse, do we go to court together to defend against slander charges?

http://tech.slashdot.org/story/10/07/15/1848236/Leaving-a-Comment-Thatll-Be-99-Cents-and-Your-Name?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Leaving a Comment? That'll Be 99 Cents, and Your Name

Posted by timothy on Thursday July 15, @02:54PM

"Anxious to lift a ban on comments brought about by incessant trolling and anonymous slander, a Massachusetts newspaper has begun requiring two things of online readers who want to leave their thoughts on stories: a one-time fee of 99 cents and a willingness to use their real names. Says the publisher: 'This is a necessary step, in my opinion, if The Attleboro (MA) Sun Chronicle is going to continue to provide a forum for comments on our websites.'"



Huge lawsuits cost big bucks! (and the sun rises in the east.)

http://techcrunch.com/2010/07/15/google-viacom-100-million-lawsuit/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Google Spent $100 Million Defending Against Viacom’s $1 Billion Lawsuit

Thursday, July 15, 2010

What do these people smoke? It wasn't the British who invented “taxation without representation” but it did cost them an empire. There are already many business models vying to replace the “music labels,” this nonsense can only speed the day...

http://yro.slashdot.org/story/10/07/15/0130220/UK-Royalty-Group-Wants-ISPs-To-Pay-For-Pirating-Customers?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

UK Royalty Group Wants ISPs To Pay For Pirating Customers

Posted by samzenpus on Thursday July 15, @03:14AM

"A group representing British songwriters and composers will on Wednesday call for the introduction of a levy on broadband providers based on the amount of pirated music they allow to pass through their networks. Will Page, chief economist at PRS for Music, will argue at a Westminster conference that a piracy fee would better align the financial interests of internet service providers (ISPs) with rights holders at a time when the two industries are at odds over who should bear the costs of online song swapping."



Another example of the Balkinization of the Internet?

http://tnerd.com/2010/07/13/2-5-million-muslims-threaten-to-quit-facebook-on-21st-of-july/

2.5 Million Muslims Threaten to Quit Facebook on 21st of July!

Go to Facebook Blog and read the comments on any of the recent blog posts. You can’t help but notice a templated comment left by quite a few people who are threatening to boycott Facebook on 21st of July if their demands are not met.

The group in question belongs to the Muslim community that is angered by Facebook’s decision of removing a few hugely popular Islamic pages from the social networking site.


(Related)

http://news.cnet.com/8301-17852_3-20010627-71.html?part=rss&subj=news&tag=2547-1_3-0-20

Facebook refuses to take down tribute page to killer



A new paradigm for popularity based articles?

http://www.readwriteweb.com/archives/the_new_digg_power_users_and_publishers.php

The New Digg: What It Means For Power Users & Publishers

The latest version of social news site Digg is currently in restricted beta, with an additional 20,000 users added at the beginning of July. The new version adds the ability to "follow" people or publishers via a feature called "My News." This will be the default Digg home page, and it's prompted many to compare the new Digg to Twitter and Facebook. Another big change is that publishers may now automatically submit their content. This changes the game for both power users and publishers, because previously the secret to getting onto the Digg front page was for a power user to submit the story. That's no longer the case.



Bob's blog is the best because: A) I really want to pass this class B) I really want to pass this class C) I really want to pass this class D) I really want to pass this class

http://www.freetech4teachers.com/2010/07/buzz-dash-create-polls-get-instant.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+freetech4teachers%2FcGEY+%28Free+Technology+for+Teachers%29

Wednesday, July 14, 2010

Buzz Dash - Create Polls, Get Instant Feedback

Buzz Dash is a free polling service that allows anyone to create a poll to use on any blog or website. There are a lot of survey and polling widgets that you can use on your blog (in fact, Blogger has one built-in), but what I like about Buzz Dash is that your poll results instantly update whenever someone votes. The update happens without the need to refresh your page in order to see the new poll results.



“This is slide one. This is slide two.”

http://www.freetech4teachers.com/2010/07/slide-six-easily-add-narration-to-slide.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+freetech4teachers%2FcGEY+%28Free+Technology+for+Teachers%29

Wednesday, July 14, 2010

Slide Six - Easily Add Narration to Slide Shows

Slide Six is a slide show hosting service that offers you the ability to add your voice narrations without having to create, upload, and sync a separate audio file. Slide Six does this by allowing you to record your narration directly through the Slide Six site. To use the feature just upload your slide show and then record your voice as you go through your slide deck. Slide Six also allows you to upload attachments to complement your presentations. YouTube and Vimeo videos are supported within Slide Six.

Wednesday, July 14, 2010

Assertions become facts in the Internet Age? Has Toyota been the victim of an Internet-enabled frenzy? How could they have “fought back” in real time? Could any company? The BlackBox they installed in their cars eventually provided proof of their innocence, but they were completely at the mercy of rumor and innuendo until then. Toyota had 3000 reports (out of how many cars sold?) and is there any database or statistic that suggests this rate of “user error” is normal?

http://tech.slashdot.org/story/10/07/14/0115223/Toyota-Sudden-Acceleration-Is-Driver-Error?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Toyota Sudden Acceleration Is Driver Error

Posted by kdawson on Wednesday July 14, @08:12AM

"The NHTSA has investigated data recorders from Toyota cars whose owners claimed to have crashed due to an accelerator error. They found that the throttles were wide open and the brakes weren't being pressed. The investigation looked at a sample of the cars, selected by the NHTSA."

Jamie found this article with a superior headline at Balloon Juice.

[The Headline: Fingered Foreign Fleet Fine, Fed. Findings Fault Fat Feet



My speech will be free-er! Now I won't need to talk about “Those *&&^% idiots in Washington!” I'll be able to call them what they are: “Politicians!” (Although I'll still blush if I say that in mixed company.)

http://yro.slashdot.org/story/10/07/13/1837227/Massachusetts-Bids-To-Restrict-Internet-Indecency?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Massachusetts Bids To Restrict Internet Indecency

Posted by kdawson on Tuesday July 13, @02:42PM

Remember the Communications Decency Act? Enacted 1996, found unconstitutional 1997. Or its successor attempt to reduce discourse on the Internet to what is suitable for 8-year-olds, the Child Online Protection Act? Invalidated 2003. Seven state laws attempting to restrict Internet content on grounds of decency have been struck down. Despite all this, Massachusetts has now added a couple of paragraphs to its (traditionally bricks-and-mortar) indecency law that applies a "harmful to minors" test to Internet content. The ACLU of Massachusetts and others have brought suit to block the law, which went into effect on July 11. Coincidentally, today a US appeals court tossed out the FCC's indecency policy.


(Related)

http://news.cnet.com/8301-13578_3-20010478-38.html?part=rss&subj=news&tag=2547-1_3-0-20

Court: FCC 'indecency' rule doesn't make tech sense


(Related)

http://yro.slashdot.org/story/10/07/13/2056218/Chile-First-To-Approve-Net-Neutrality-Law?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Chile First To Approve Net Neutrality Law

Posted by kdawson on Tuesday July 13, @06:18PM

"Chile has become the first country in the world to approve, by 100 votes in favor and one abstention, a law guaranteeing net neutrality (Google translation; Spanish original). The law states [submitter's translation]: 'No [ISP] can block, interfere with, discriminate, hinder, nor restrict the right of any Internet user of using, send, receive or offer any content, application, or legitimate service through the Internet, as well as any activity or legitimate use conducted through the Internet.' The law also has articles that force ISP to provide parental control tools, clarify contracts, guarantee users' privacy and safety when surfing, and forbids them to restrict any liberty whatsoever. This is a major advance in the legislation of the country regarding the Web, when until last year almost anything that was performed online was considered illegal."



Canada's take on DNA databases...

http://www.pogowasright.org/?p=12079

Ca: Senate Statutory Review of the DNA Identification Act

July 13, 2010 by Dissent

Michel-Adrien Sheppard writes:

The Standing Senate Committee on Legal and Constitutional Affairs recently published its report entitled Public Protection, Privacy and the Search for Balance: A Statutory Review of the DNA Identification Act.

The Act, which came into effect in 2000, created a national DNA databank containing DNA samples from individuals convicted of certain designated offences.

The Committee recommends allowing the automatic taking of DNA samples from adults convicted of an expanded number of designated crimes. But it recommends against amending the Criminal Code to allow the collection of DNA from individuals at the time they are placed into lawful custody and charged with indictable offences.

Read more on Library Boy.



Canada's take on Privacy v. Discovery?

http://www.pogowasright.org/?p=12090

Ca: Defence of Third-Party Injury Claims Are Outside Federal Privacy Law

July 14, 2010 by Dissent

David T. S. Fraser writes:

Since the advent of the Personal Information Protection and Electronic Documents Act, there has been uncertainty among lawyers, private investigators and insurers about what impact this law has on the litigation of private tort claims. There has been some guidance from the Ontario courts in the Ferenczy decision, but the law was still unsettled. The only case to address this, Ferenczy v MCI Medical Clinics, was all about whether information collected (allegedly) in violation of PIPEDA would nevertheless be admissible. The court concluded that PIPEDA does not apply to the collection of surveillance information by a PI to defend a court claim, but arguably that conclusion is obiter.

The Office of the Privacy Commissioner of Canada has taken the position that PIPEDA applies to insurers undertaking the defense of their insureds. This position has led to the conclusion that plaintiffs have a right of access, under PIPEDA, to the insurer’s files and perhaps some of those maintained by defence counsel. While PIPEDA does allow some collection of information, such as surveillance, without the consent of the individual in limited circumstances, the Commissioner has maintained (in a finding and in guidance to the industry) that this is only permissible where all other avenues of investigation have been exhausted.

The rules appear to be settled as a result of a recent decision of the Federal Court in State Farm v Privacy Commissioner of Canada, 2010 FC 736…

Read more on Slaw.



“If a clue falls in the Internet, does it make search?” Is this an “Out” for Google? Yes they captured the data, but they didn't inhale.

http://www.pogowasright.org/?p=12087

Article: The Fourth Amendment Right To Delete

July 14, 2010 by Dissent

Paul Ohm has an article in the current issue of the Harvard Law Review, “The Fourth Amendment Right to Delete,” in which he responds to an earlier article by Orin Kerr (2005). Here’s an excerpt from Paul’s article:

Fourth Amendment cases are surprisingly difficult to apply to tools used in a surveillance two-step: collect the data now, analyze the data later (sometimes, much later). Prior to data analysis, has a search occurred? In Kyllo v. United States,7 the Court held thermal imaging of a home to be a search.8 But what would have been the result if the police had stored the information without looking at it? Similarly, what if the police lawfully seize a suspect’s GPS device and copy the device’s internal memory without viewing the record of past movements? Have searches yet occurred in these situations?

Professor Kerr’s description of the forensic analysis of computers9 provides a straightforward fact pattern with which to examine these questions. The forensic analysis of a computer almost always begins with the creation of a bit-by-bit, exact copy — called a “mirror image” or an “image” — which preserves all of the data found on the computer’s hard drive. In his article, Professor Kerr argues that unless and until data from the image are exposed, no search has occurred.10 He worries that during the time after the image is made and before it is analyzed, the Fourth Amendment may not apply since the owner of the original drive has not been deprived of a possessory interest under his reading of Arizona v. Hicks.11

Although he decries this “creepy,” “Orwellian” result,12 if anything, Professor Kerr underestimates (or undersells) the threat to privacy of constitutionally unregulated imaging. At the same time, his attempt to distinguish Hicks is a bit unconvincing and arguably unnecessary. In Hicks, the Supreme Court held that the police did not seize the serial number inscribed on the bottom of stereo equipment by copying it down, since the act of copying did not interfere with the owner’s possessory interest in the serial number or equipment.13 Hicks relies on the standard definition of seizure — meaningful interference with a possessory interest — a definition rarely satisfied when the police grab digital evidence.

But there is another sense in which courts have construed seizure, embodying a previously unidentified Fourth Amendment interest: the right to delete. This right can be found in the Constitution once one looks beyond physical-property-based notions of seizure, which fit so poorly in the digital world, in favor of an approach that asks: “Can a digital copy cause the same negative effects as physical dispossession?” The answer is yes; when an owner loses control of a copy of her data, she loses the ability to dispose of or alter that data, which I contend causes a form of seizure. This is analogous to the property right to destroy, which is tied to the rights of dominion and control. The Fourth Amendment prohibition on unreasonable seizure should protect these rights and provide a constitutional right to delete.

Read the full article here (pdf).

Via FourthAmendment.com


(Related)

http://www.pogowasright.org/?p=12085

Ninth Circuit orders anonymous internet speakers be identified

July 14, 2010 by Dissent

Evan Brown provides a summary of and commentary on a Ninth Circuit opinion issued yesterday concerning outing online anonymous speakers.

From the court’s opinion (pdf), the background on the case:

The proceeding before us is but a short chapter in an acrimonious and long-running business dispute between Quixtar, Inc. (“Quixtar”), successor to the well-known Amway Corporation, and Signature Management TEAM, LLC (“TEAM”). Quixtar sued TEAM, claiming that TEAM orchestrated an Internet smear campaign via anonymous postings [If they were anonymous, how did they know who (other than John Doe) to sue? Bob] and videos disparaging Quixtar and its business practices. As part of the discovery process, Quixtar sought testimony from Benjamin Dickie, a TEAM employee, regarding the identity of five anonymous online speakers who allegedly made defamatory comments about Quixtar. Dickie refused to identify the anonymous speakers on First Amendment grounds. The district court ordered Dickie to disclose the identity of three of the five speakers.

The Anonymous Online Speakers seek a writ of mandamus directing the district court to vacate its order regarding the identity of the three speakers. Quixtar cross-petitions for a writ of mandamus directing the district court to order Dickie to testify regarding the identity of the anonymous speakers from the remaining two sources. Because neither party has established that it is entitled to the extraordinary remedy of mandamus, we deny both petitions.

As Brown points out:

This is a significant case on the topic of anonymity because it is only the third federal circuit opinion to consider the question as to when unknown online speakers should be identified. The others are NLRB v. Midland Daily News (6th Cir. 1998) and Lefkoe v. Jos. A. Bank Clothiers, (4th Cir. 2009).

Via LawandLit



I admit I haven't spent enough time researching “Twitter, Tweets and the Twits that Text them...” Articles like this, which may as well be written in Sanskrit, make me think I should ask a nine year old to explain it to me.

http://techcrunch.com/2010/07/14/tweetup-partnerships/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

TweetUp Teams Up With Business.com, Netvibes And TheFreeDictionary.com



Sometimes movies can be used in education. (Some of my students don't own TVs, they watch everything over the Internet!)

http://www.makeuseof.com/dir/divxonly-watch-divx-streaming-movies

DivXOnly: Watch DivX Streaming Movies Online For Free



There's an App for that! Even if you still use one of those old-school browsers...

http://www.makeuseof.com/dir/marklets-bookmarklet-search

Marklets: Bookmarklet Search Engine

Marklets is a bookmarklet search engine where you can find different kinds of browser bookmarklets that make your online work easier. On the homepage of the site, you’ll find various bookmarklets categorized under highest rated, newest, featured and top tags. There’s also a search bar where you could type a specific query and see if there’s a corresponding bookmarklet available.

When you click on a bookmarklet name, it directs you to a page which contains its description and a download link at the bottom. You could just drag the bookmarklet tab to the browser’s bookmarks bar in order to get it working. The site doesn’t require registration either.

www.marklets.com



For my website class

http://www.makeuseof.com/dir/fontviewer-pc-font-viewer

FontViewer: PC Font Viewer Online

FontViewer … is an online PC font viewer that takes all the fonts installed on your machine and displays them all on a single webpage.

www.font.colorfull.jp

Similar tools: FlippingTypical, FontPicker and TypeTeste



Another tool I should use.

http://www.makeuseof.com/tag/learn-touch-typing-improve-skills-senselang/

Use Sense-Lang To Learn Touch Typing & Improve Typing Skills

http://www.sense-lang.org/typing/



I've been telling my colleagues that if they teach online or semi-online, they already have most of the data they need to create a full course. Here's a platform for creating free or “for pay” courses!

http://techcrunch.com/2010/07/13/nixty-launch/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Nixty Launches With Ambitions to Build Something Huge in eLearning

It’s called Nixty, and it’s launching today.

Nixty is aiming to be a huge platform for eLearning courses worldwide. Right now, the company has 200 courses from schools like MIT, Harvard, Stanford, Yale, IIT and Berkeley, and offers a variety of teaching tools like automated grade books and easy-to-make-and-print certificates. In addition to aggregating Ivy League courses and putting them in a far easier to navigate, socially-driven user interface, Nixty is hoping teachers and experts will use its easy drag and drop course building software to create new courses, bringing in a wiki angle where people can add certain texts, videos or lectures to a course.

The cost of entry for teachers is low: public courses (open to all) are free to create, and Nixty is planning to roll out payment functionality for private/continuing education courses soon. For paid courses, Nixty will charge teachers $4.99/month for three courses, or $9.99/month for nine courses plus an additional 20% of whatever the teacher decides to charge students for each course.

Tuesday, July 13, 2010

Should an Insurance company understand the risks of transporting personal information? Would they insure a company that had this little control over its data?

http://www.databreaches.net/?p=12407

Marsh and Mercer report lost backup tape

July 12, 2010 by admin

On June 23, insurance broker Marsh and Mercer notified the New Hampshire Attorney General’s Office that in April, a back up tape being transported by a third party courier between Marsh offices was lost. The tape contained employee benefits information such as names, addresses, Social Security Numbers, dates of birth, and drivers’ license numbers, and account information. The data were managed by Marsh’s Association business, which operates through Seabury & Smith.

The company states that because of the “complex nature of the security of an information on the tape, and the technical measures which are necessary to determine and analyze the data elements on the tape,” they were still investigating the matter as of the date of their notification. [Translation: We have no idea what we are doing. Bob]

The total number of individuals with data on the backup tape was not indicated, but they report that 121 New Hampshire residents had data on the tape.


(Related) Is this an attempt to use “less stick and more carrot?” We already have the “encryption is a get out of jail free card” for security breaches, will this add more “checklist security: items?

http://news.slashdot.org/story/10/07/12/1950221/White-House-Tackling-the-Economics-of-Cybersecurity?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

White House Tackling the Economics of Cybersecurity

Posted by Soulskill on Monday July 12, @04:39PM

"White House Cybersecurity czar Howard Schmidt will be hosting a meeting Wednesday with the Secretaries of DHS and Commerce in which he is expected to discuss the administration's new attempt to change the economic incentives surrounding cybersecurity. Right now, launching attacks on private companies is so cheap and relatively risk-free that there's almost no way that industry can win. The White House could be considering things like tax incentives, liability and insurance breaks, and other steps to try and get companies to invest in protecting their networks. It's also likely to dovetail with a step up in enforcement, so hackers be wary."



I wonder how my Computer Security students would go about creating a 'honey pot' on their laptops. Having the built-in video camera snap a picture of the thief has been popular. The other half of the question is, how do you recover the laptop given all the evidence you can gather?

http://ask.slashdot.org/story/10/07/12/2253218/Retrieving-a-Stolen-Laptop-By-IP-Address-Alone?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Retrieving a Stolen Laptop By IP Address Alone?

Posted by kdawson on Monday July 12, @09:37PM

"My vehicle was recently burglarized while parked in a university parking lot in a midwestern state. My new Dell laptop was stolen from the car, along with several other items. I have no idea who might have done this, and the police say that without any idea of a suspect, the best they can do is enter the serial number from my laptop in a national stolen goods database in case it is ever pawned or recovered in another investigation. I had Thunderbird set up on the laptop, configured to check my Gmail through IMAP. Luckily, Gmail logs and displays the last 6 or 7 IP addresses that have logged into your account. I immediately stopped using that email account, cleared it out, and left the password unchanged — creating my own honeypot in case the criminal loaded Thunderbird on my laptop. Sure enough, last week Gmail reported 4 accesses via IMAP from the same IP address in a state just to the east of mine. I know that this must be the criminal who took my property, since I've disabled IMAP access to the account on all of my own computers. The municipal police say they can't intervene in the case since university police have jurisdiction over crimes that take place on their land. The university police department — about 10 officers and 2 detectives — don't even know what an IP address is. I even contacted the local FBI office and they said they're 'not interested' in the case despite it now crossing state lines. Am I chasing my own tail here? How can I get someone to pay attention to the fact that all the police need to do is file some RIAA-style paperwork to find the name associated with this IP address and knock on the right door to nab a criminal and recover my property? How can I get my laptop back — and more importantly — stop this criminal in his tracks?"



Is this a general trend by the FTC to hold companies to their Privacy Policy or is it on their radar only because of the 'special circumstances' of the subscribers?

http://yro.slashdot.org/story/10/07/13/0053250/FTC-Warns-Site-Not-To-Sell-Personal-Data?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

FTC Warns Site Not To Sell Personal Data

Posted by kdawson on Tuesday July 13, @05:14AM

"The US Federal Trade Commission has warned two people associated with a now-defunct magazine and Web site for gay teens and young men that they would violate the privacy promises the publication made to subscribers by selling their personal information during a bankruptcy proceeding. The FTC, in a letter sent earlier this month, also suggested that the owners of XY Magazine and XY.com would be violating the privacy standards the company had in place before shutting down if they used the subscribers' personal information in a relaunch of the magazine or website. The personal information is listed as part of the debtor's estate in a New Jersey bankruptcy proceeding for Peter Ian Cummings, editor and founder of the magazine. Before the magazine's demise, many of the subscribers lived at home with parents."



I'd like to see a simple way to filter the RSS feeds.

http://www.bespacific.com/mt/archives/024700.html

July 12, 2010

National Archives Unveils New Federal Register 2.0 Web Site to Mark 75th Anniversary

News release: "To mark the 75th anniversary of the Federal Register Act on July 26, 2010, the National Archives Office of the Federal Register (OFR) and the Government Printing Office (GPO) will launch FR 2.0 on FederalRegister.gov. The FR 2.0 web site will be similar to a daily web newspaper, with a clear layout and new tools to guide readers to the most popular topics and relevant documents. The site will display individual news sections for Money, Environment, World, Science & Technology, Business & Industry, and Health & Public Welfare. FR 2.0 will have greatly improved navigation and search tools and will highlight each agency’s significant rules. The new web site takes advantage of social media and integrates seamlessly with Regulations.gov and the Unified Agenda to make it easy for users to submit comments directly into the official e-Rulemaking docket, and view the history of rulemaking activity through a regulatory timeline."



There are a few Youtube gems out there...

http://www.makeuseof.com/dir/keeptube-download-hd-videos-from-youtube

KeepTube: Download HD videos from Youtube, Dailymotion, Vimeo…

There are lots of tools out there to let you download videos from sites like YouTube and DailyMotion, but KeepTube is different. KeepTube is focused on letting you download High Definition and High Quality videos from 15 major video sharing sites.

www.keep-tube.com


(Related)

http://www.freetech4teachers.com/2010/07/view-pure-view-youtube-without-clutter.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+freetech4teachers%2FcGEY+%28Free+Technology+for+Teachers%29

View Pure - View YouTube Without the Clutter

View Pure is a simple little tool that strips YouTube viewing of all of the distractions of related videos, comments, and promoted videos. To use View Pure just copy the link of a video into the "purifier," click purify, and your video will be displayed on a blank white background. You can also install the View Pure bookmarklet to accomplish the same goal.



Students read textbooks? If so, this could be useful.

http://www.crunchgear.com/2010/07/12/nookstudy-barnes-nobles-free-digital-foray-into-the-education-market-lets-students-read-e-textbooks-take-fully-searchable-notes-highlights/

NOOKstudy: Barnes & Nobles’ free digital foray into the education market lets students read e-textbooks, take fully searchable notes & highlights

Barnes & Noble has developed NOOKstudy, a free (as in beer) software suite that could make the average college student’s life a little easier. The software, which will be available for the PC and Mac, gives students the ability to download and organize electronic textbooks, as well as keep all of their notes, syllabuses, and so on in one safe place. Handy. And no, you don’t need a nook to use NOOKstudy.

Some of the details seem promising. Students can read multiple textbooks (or other sources) simultaneously, and they’re able to highlight and take notes from right within the software. Even more importantly, any notes or highlights you make are completely searchable. So, if you’ve highlighted an important paragraph on page 12 of chapter 4 in SomeBook, well, you can easily pull it up long after you’ve turned off your computer.

Monday, July 12, 2010

Why stop here? Could we add a breath analyzer so drunks don't drive? Maybe one of those “cell phone blockers” to keep people from talking/texting as they drive. And how about an IQ test to keep those stupid people off the road? Or at least an automated driver training program to address bad driving habits! (When traffic signs start broadcasting their message, we can automate traffic tickets too!)

http://www.pogowasright.org/?p=12066

Report: Intel developing new automotive black box

July 12, 2010 by Dissent

Zach Bowman writes:

Big Brother really wants to get into your future vehicle. Intel is currently hard at work on the next generation of vehicle event data recorders, the infamous black boxes that Congress has clamored for since Toyota’s unintended acceleration problems dominated headlines earlier this year. According to The New York Times, these new black boxes may do a lot more than just record things like vehicle speed and whether you’re wearing your seatbelt. Intel’s prototype will incorporate GPS and all of a vehicle’s onboard cameras for real-time mapping of the road conditions.

As if that’s not intrusive enough, Intel proposes that the EDRs record up to 30 seconds of interior video as well.

Read more on AutoBlog.



Preparing the way for Behavioral Advertising?

http://www.bespacific.com/mt/archives/024687.html

July 11, 2010

Yahoo Research: The Demographics of Web Search

The Demographics of Web Search, Weber, I.; Castillo, C. SIGIR, ACM Press, Geneva, Switzerland (2010)

  • "How does the web search behavior of "rich" and "poor" people differ? Do men and women tend to click on different results for the same query? What are some queries almost exclusively issued by African Americans? These are some of the questions we address in this study. Our research combines three data sources: the query log of a major US-based web search engine, profile information provided by 28 million of its users (birth year, gender and zip code), and US-census information including detailed demographic information aggregated at the level of ZIP code. Through this combination we can annotate each query with, e.g., the average per-capita income in the ZIP code it originated from. Though conceptually simple, this combination immediately creates a powerful demographic profiling tool. The main contributions of this work are the following. First, we provide a demographic description of a large sample of search engine users in the US and show that it agrees well with the distribution of the US population. Second, we describe how different segments of the population differ in their search behavior, e.g. with respect to the diversity of formulated queries or with respect to the clicked URLs. [Consider using this information “backwards” to place an individual user into a “Segment” for behavioral advertising purposes. Bob] Third, we explore applications of our methodology to improve web search and, in particular, to help issuing query reformulations. These results enable the creation of a powerful tool for improved user modeling in practice, with many applications including improving web search and advertising. For instance, advertisements for "family vacations" could be adapted to the (expected) income of the person issuing the query, or search suggestions shown to users could be adapted to items that are more interesting given their particular characteristics."



This is an interesting take on Copyright...

http://yro.slashdot.org/story/10/07/11/2127246/Brazil-Forbids-DRM-On-the-Public-Domain?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Brazil Forbids DRM On the Public Domain

Posted by kdawson on Monday July 12, @12:55AM

"Cory Doctorow reports that the Brazilian equivalent of DMCA explicitly forbids using DRM-like techniques on works in the public domain. 'Brazil has just created the best-ever implementation of WCT [WIPO Copyright Treaty]. In Brazil's version of the law, you can break DRM without breaking the law, provided you're not also committing a copyright violation.' This means that, unlike the US, where it is illegal to break DRM, in Brazil it is illegal to break the public domain."



Could this be the true impact of Google?

http://science.slashdot.org/story/10/07/11/1159241/The-Creativity-Crisis?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

The Creativity Crisis

Posted by Soulskill on Sunday July 11, @09:26AM

"For the first time, research shows that American creativity is declining. ... Like intelligence tests, Torrance's test — a 90-minute series of discrete tasks, administered by a psychologist — has been taken by millions worldwide in 50 languages. Yet there is one crucial difference between IQ and CQ scores. With intelligence, there is a phenomenon called the Flynn effect — each generation, scores go up about 10 points. Enriched environments are making kids smarter. With creativity, a reverse trend has just been identified and is being reported for the first time here: American creativity scores are falling. Kyung Hee Kim at the College of William & Mary discovered this in May, after analyzing almost 300,000 Torrance scores of children and adults. Kim found creativity scores had been steadily rising, just like IQ scores, until 1990. Since then, creativity scores have consistently inched downward. 'It's very clear, and the decrease is very significant,' Kim says. It is the scores of younger children in America — from kindergarten through sixth grade — for whom the decline is 'most serious.'"



This has been tried before and eventually will be accepted. The first true global currency?

http://news.slashdot.org/story/10/07/11/1747245/Bitcoin-Releases-Version-03?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Bitcoin Releases Version 0.3

Posted by kdawson on Sunday July 11, @05:09PM

"How's this for a disruptive technology? Bitcoin is a peer-to-peer, network-based digital currency with no central bank, and no transaction fees. Using a proof-of-work concept, nodes burn CPU cycles searching for bundles of coins, broadcasting their findings to the network. Analysis of energy usage indicates that the market value of Bitcoins is already above the value of the energy needed to generate them, indicating healthy demand. The community is hopeful the currency will remain outside the reach of any government."

Here are the FAQ a paper describing Bitcoin in more technical detail (PDF), and the Wikipedia article. Note: a commercial service called BitCoin Ltd., in pre-alpha at bitcoin.com, bears no relation to the open source digital currency.



Describing our world statistically...

http://www.bespacific.com/mt/archives/024690.html

July 11, 2010

Pew Report - Mobile Access 2010

Mobile Access 2010 - Six in ten Americans go online wirelessly using a laptop or cell phone; African-Americans and 18-29 year olds lead the way in the use of cell phone data applications, but older adults are gaining ground. July 7, 2010. Aaron Smith, Research Specialist

"Cell phone and wireless laptop internet use have each grown more prevalent over the last year. Nearly half of all adults (47%) go online with a laptop using a Wi-Fi connection or mobile broadband card (up from the 39% who did so as of April 2009) while 40% of adults use the internet, email or instant messaging on a mobile phone (up from the 32% of Americans who did this in 2009). This means that 59% of adults now access the internet wirelessly using a laptop or cell phone—that is, they answered “yes” to at least one of these wireless access pathways. That adds up to an increase from the 51% who used a laptop or cell phone wirelessly in April 2009."



Think of this as (one slice of) the government's database of bad ideas! What a fun tool.

http://www.docuticker.com/?p=37114

DoD — Encyclopedia of Ethical Failure Updates

The updated encyclopedia now offers 155 pages of actual violations by Government personnel.


(Related)

http://www.docuticker.com/?p=37111

DoD — 2010 Ethics Counselor’s Deskbook

Each chapter addresses a separate ethics topic and provides an introduction with explanation of the applicable references to rules and regulations and ethical principles in each area.



Customizing the Internet. Perhaps I could get my students to create a start page for each class?

http://www.killerstartups.com/Web-App-Tools/ustart-org-have-a-start-page-of-your-very-own

uStart.org - Have A Start Page Of Your Very Own

http://www.ustart.org/

uStart is a new website that will give you a ready chance to have your own start page - and a start page that is quite dynamic at that. If you decide to create a start page using uStart you will not merely aggregate links to all your most-visited sites together, you will actually have access to what has been updated on these sites right from your start page. This is possible because what you add is not just a tile reading the name of the site but actually a widget that reflects a website’s each and every change.

Creating a uStart page is very easy, as a wizard is provided to guide you all along the way. You can proceed to add the widgets that you want displayed one by one, and all the categories that you could possibly want to have featured on your own page are certain to be featured. Sports, video games, economy, TV series… these are just four that I chose at random, and they are all representative of most people’s interests. And the same goes for another category that haven’t mentioned yet, made up of pages named “Your Gmail”, “Your Facebook” and “Your Twitter”.