Saturday, September 29, 2012

How to budget for Security...
The staggering cost of a data breach
September 28, 2012 by admin
Occasionally, I check Global Payments’ site for information on what their breach(es) last year cost them. Here’s what they reported in their SEC 10-K/A filing today:
For the year ended May 31, 2012, we have recorded $84.4 million of expense associated with this incident. Of this amount, $19.0 million represents the costs we have incurred through May 31, 2012 for legal fees, fees of consultants and other professional advisors engaged to conduct the investigation and various other costs associated with the investigation and remediation. An additional $67.4 million represents an accrual of our estimate of fraud losses, fines and other charges that will be imposed upon us by the card networks. We have also recorded $2.0 million of insurance recoveries based on claims submitted to date as discussed below. We based our estimate of fraud losses, fines and other charges on our understanding of the rules and operating regulations published by the networks and preliminary settlement discussions with the networks. As such, the final settlement amounts and our ultimate costs associated with fraud losses, fines and other charges that will be imposed by the networks could differ from the amount we have accrued as of May 31, 2012.
… Currently we do not have sufficient information to estimate the amount or range of additional possible loss.
… We expect to incur additional costs associated with investigation, remediation and demonstrating PCI DSS compliance and for the credit monitoring and identity protection insurance we are providing to potentially-affected individuals. We will expense such costs as they are incurred in accordance with our accounting policies for such costs. We currently anticipate that such additional costs may be $55 to $65 million in fiscal 2013. We anticipate that we may receive additional insurance recoveries of up to $28 million.
Realizing that their estimates may be off if they do not yet know what the fines will actually be, they’re talking about approximately $145 – $150 million for everything, with maybe $28 million reimbursed? That’s a lot of money….


Could a Secure third-party repository keep this data private until there is a eral need? i.e. avoiding concerns about police “browsing” the data without authorization...
Boston Police Store License Plate Data For “Intelligence” Purposes
September 28, 2012 by Dissent
Kade Crockford writes:
This summer ACLU affiliates all around the country filed open-records requests seeking information about how government agencies are using automated license plate readers. One set of records, released this week to the ACLU of Massachusetts by the police department here in Boston, provides a snapshot of the data-collection practices that are taking place around the nation.
The records reveal that the Boston police collect an average of 3,630 license plate reads per day and store the information for 90 days, unless officers decide they want to hold onto it forever, “for investigatory or intelligence purposes and for discovery/exculpatory evidence.”
Read more on the ACLU’s blog.


One of the downsides of automated Copyright checking? Also another example of the failure of “Torrents are for stealing copyrighted works” philosophy.
An anonymous reader points out the recent trouble of author Cody Jackson, who wrote a book called Learning to Program with Python. He offers the book for sale, but also gives it away for free, and he used the CC-BY license. In order to distribute the book, he posted links to his torrent of it. Unfortunately, this cause Google to suspect his AdSense account for his website. Even after removing the links, he was unable to get in contact with Google's AdSense team to get his accounts restored. After his story was picked up yesterday by Techdirt, somebody at Google "re-reviewed" his case and finally reinstated his account. Jackson had this to say: "One good thing about this is that it has helped raise awareness of the problems with corporate copyright policies and copyright regulation as a whole. When a person is unable to post his/her own products on the 'net because someone fears copyright infringement has occurred, there is a definite problem." This follows a few high-profile situations in which copyright enforcement bots have knocked down perfectly legitimate content.


Background. It could happen to you... Price Watterhouse Coopers did the review.
EPIC FOIA Uncovers Google’s Privacy Assessment for Consent Order Compliance
September 28, 2012 by Dissent
From EPIC:
Through a Freedom of Information Act request to the Federal Trade Commission, EPIC has obtained Google’s initial privacy assessment. The assessment was required by a settlement between Google and the FTC that followed from a 2010 complaint filed by EPIC over Google Buzz. The FTC has withheld from public disclosure information about the audit process, procedures to assess privacy controls, techniques to identify privacy risks, and the types of personal data Google collects from users. EPIC intends to challenge the agency withholdings. For more information, see EPIC: Federal Trade Commission, EPIC: Google Buzz, and EPIC: Open Government


The e-Sheriff knows best?
"The Lancaster County Sheriff’s Office has seen an increase in scammers using unsecured Wi-Fi connections to steal identities and mask their crimes during the past six months, Sheriff Terry Wagner said. ... So deputies spent the past few weeks finding unsecure connections and sending 40 to 50 letters to let people know about the potential dangers of strangers accessing their network connections. 'You're just opening yourself up for a series of potential pitfalls,' Chief Deputy Jeff Bliemeister said. ... Bliemeister said only businesses like coffee shops that offer Internet connections to customers need unsecured Internet connections. [And perhaps libraries? Or schools? Or other groups providing free access to the Internet? Bob]


A quick legal summary for Law School students with no time to read?


...and I am close to solving “Life, the Universe and Everything”
"A new paper from Professor Jason Mazzone at the University of Illinois calls for federal laws to regulate what happens to digital accounts after the account holder's death. Mazzone argues that Facebook and other online services have policies for deceased users' accounts that do not adequately protect the individual property and privacy interests at stake. The full text of the paper (called "Facebook's Afterlife") is also available: "


The world, she is a changing...
"California Governor Jerry Brown has signed SB 1052 and 1053, authored by state senator Darrell Steinberg, to create free textbooks for 50 core lower-division college courses. SB 1052 creates a California Open Education Resources Council, made up of faculty from the UC, Cal State, and community college systems. The council is supposed to pick 50 core courses. They are then to establish a 'competitive request-for-proposal process in which faculty members, publishers, and other interested parties would apply for funds to produce, in 2013, 50 high-quality, affordable, digital open source textbooks and related materials, meeting specified requirements.' The bill doesn't become operative unless the legislature funds it — a questionable process in California's current political situation. The books could be either newly produced (which seems unlikely, given the 1-year time frame stated) or existing ones that the state would buy or have free access to. Unlike former Gov. Schwarzenegger's failed K-12 free textbook program, this one specifically defines what it means by 'open source,' rather than using the term as a feel-good phrase; books have to be under a CC-BY (or CC-BY-SA?) license, in XML format. They're supposed to be modularized and conform to state and W3C accessibility guidelines. Faculty would not be required to use the free books."

(Related) Is this the way eBooks (eTextbooks in particular) should work?
Why a 17th-Century Text Is the Perfect Starting Point for Reinventing the Book
Good morning, class. I'd like you all to open your books to Act I, Scene 2, Line 398.
Pages rustle as everyone flips through their books in search of that spot.
"Usually there's a whole lot of shuffling," says Bryn Mawr professor Katharine Rowe. But not if the class is using an app she and Notre Dame professor Elliott Visconsi built. [A bit pricy at $9.99 but less than a textbook Bob] In their app of Shakespeare's Tempest students can just enter "1.2.398" and be transported there immediately. Or, alternatively, search for the words: "Full fathom five thy father lies."
… The features of their Tempest app go far, far beyond search. Readers can listen to actors perform the script (and the text will scroll along as they do). For key passages, they can compare a set of alternative theatrical interpretations. They can see expert commentaries embedded in the text's margins. Teachers can leave their own comments and questions for their students. Students can respond, ask questions, and chat about the text. It is a fully realized digital book, an embodiment of a pedagogy that values interaction between a reader and an author and among readers themselves.


Again, some bits and clips, just for my amusement...
Bret Victor has responded to Khan Academy’s new computer science curriculum with an amazing essay, Learnable Programming. This is a must-read. My favorite quote: “For fuck’s sake, read ‘Mindstorms’.” Indeed. I’m really really really hoping that, having claimed to have been so inspired by Victor’s Inventing on Principle talk, that everyone who’s now building a learn-to-program startup (whether it’s a for-profit like Codecademy or a not-for-profit like Khan Academy) actually reads some goddamn Seymour Papert. Please.
… Math teacher Dan Meyer has released some updates to 101questions, his math site that lets you explore and respond to videos and photos that in turn prompt math-related questions and, in Meyer’s words, “perplexity.” New features to 101questions include file uploading and downloading and better sharing.

No comments: