Friday, October 19, 2012

The correct question is, “Who should NOT use encryption technology?”
New “Surveillance-Proof” App To Secure Communications Has Governments Nervous
October 18, 2012 by Dissent
Ryan Gallagher reports:
Lately, Mike Janke has been getting what he calls the “hairy eyeball” from international government agencies. The 44-year-old former Navy SEAL commando, together with two of the world’s most renowned cryptographers, was always bound to ruffle some high-level feathers with his new project—a surveillance-resistant communications platform that makes complex encryption so simple your grandma can use it.
This week, after more than two years of preparation, the finished product has hit the market. Named Silent Circle, it is in essence a series of applications that can be used on a mobile device to encrypt communications—text messages, plus voice and video calls.
Read more on Slate.

(Related) Here's a small breach to illustrate my point...
By Dissent, October 18, 2012
The Maryville Daily Times reports:
Blount Memorial Hospital has informed patients of the theft of a hospital laptop containing registration records of Blount Heart Consultants.
The laptop was reported stolen from an employee’s home on Aug. 25 and has not yet been recovered.
Read more on The Maryville Daily Times. There does not seem to be any notice on the hospital’s web site at the time of this posting although they apparently sent out a press release. I’ll update this entry if/when I find the full release or notice but The Maryville Daily Times provides details on types of information, etc.


Some conversation may be recorded for quality assurance purposes...” Perhaps they will flash custom ads to their passengers in exchange for free bus service?
MD: MTA recording bus conversations to eavesdrop on trouble
October 18, 2012 by Dissent
Candy Thomson reports:
A Maryland Transit Administration decision to record the conversations of bus drivers and passengers to investigate crimes, accidents and poor customer service has come under attack from privacy advocates and state lawmakers who say it may go too far.
The first 10 buses — marked with signs to alert passengers to the open microphones — began service this week in Baltimore, and officials expect to expand that to 340 buses, about half the fleet, by next summer. Microphones are incorporated in the video surveillance system that has been in place for years. [So it's no big deal... Bob]
Read more on The Baltimore Sun.


Those who do not have security/privacy policies have a policy of failure – they just don't know it yet.
Canadian town employee sends financial info to residents via Facebook account?
October 18, 2012 by Dissent
A town employee in La Scie, Canada, used his personal Facebook email account to send private information to two individuals, who then filed a privacy complaint over, inter alia, the insecure method of sending financial information. The town attempted to justify their action by saying that they had no other way to contact the residents as they had no phone numbers and… wait for it… the account was password protected (insert *facepalm* here).
From the Office of the Information and Privacy Commissioner of Newfoundland and Labrador:
The Information and Privacy Commissioner, Ed Ring, has released his Report P-2012-001 under authority of theAccess to Information and Protection of Privacy Act. A summary of the Report is included below.
To view the Report in its entirety, please go to www.oipc.nl.ca/privacyreports.htm
Report: P-2012-001 Report Date: September 27, 2012 Public Body: Town of La Scie
Summary: On January 19, 2012 the Office of the Information and Privacy Commissioner received a Privacy Complaint under the Access to Information and Protection of Privacy Act (“ATIPPA”) filed collectively by two individuals regarding the Town of La Scie (the “Town”). The Complainants stated that their personal information had been sent to one of the Complainants by a Town employee via a private message on a social media website (“Facebook”). The message was sent using the employee’s personal Facebook account. The Complainants alleged that their personal information was not adequately protected pursuant to section 36; was improperly used pursuant to section 38; and was improperly disclosed pursuant to section 39.
The Commissioner found that the disclosure of the Complainants’ personal information was not contrary to the ATIPPA as the message was sent only to the Complainants. The Commissioner found that the Facebook message was a use of the Complainant’s personal information and that the method by which this use was carried out (i.e. Facebook) did not meet the limitations set out in section 38(2) or standard of necessity required by sections 38(1)(a) and 40(b) of the ATIPPA and, consequently, amounted to an improper use of personal information. Finally, the Commissioner found that the personal information had not been adequately protected. The Commissioner also provided commentary on the use of social media by public bodies and concluded that outside of community matters, announcements and notices, social media websites should not be used by public bodies to collect, use or disclose personal information regardless of the mechanism of delivery. The Commissioner recommended that the Town create and implement polices and practices regarding the use of social media and ensure that privacy training is provided to all Town employees.


Who'd a thunk it?
Article: Fear and Loathing at the U.S. Border
October 19, 2012 by Dissent
Janet C. Hoeffel and Stephen Singer have an article in Mississippi Law Journal, Vol. 82, No. 4, 2013. Here’s the abstract:
In this paper, we argue that when technology crosses the border in the form of personal electronic devices (PEDs), there is a unique confluence of factors that requires a fresh look at the border search exception. International travel is now commonplace, or at least relatively routine, and personal electronic devices are ubiquitous and often necessary during travel. In this context, combining the Supreme Court’s refusal to question individual officers’ motives for a search with current border search law results in government searches which, we submit, are “unreasonable” under the Fourth Amendment. We demonstrate how the border search exception to the Fourth Amendment has never actually gone through a doctrinal development, and, as such, it is rather thoughtless. We show how the doctrine should appear if developed as an administrative search rather than a sui generis historical exception, and we demonstrate why the doctrine dictates that motive matters, at least when it comes to PEDs. Finally, we suggest that a correct Fourth Amendment analysis would allow a continuance of the suspicionless border searches that everyone undergoes, but that before a person can be targeted for a more intrusive, discretionary secondary search or seizure, agents must have at least reasonable suspicion of criminal activity.
You can download the full article from SSRN.


So what else is new?
Article: Why the Right to Data Portability Likely Reduces Consumer Welfare: Antitrust and Privacy Critique
October 19, 2012 by Dissent
Peter Swire and Yianni Lagos have an article in a forthcoming issue of Maryland Law Review that challenges the EU’s draft Data Protection Regulation on the issue of a right to data portability. Here’s the abstract:
In its draft Data Protection Regulation, the European Union has announced a major new economic and human right – the right to data portability (‘RDP’). The basic idea of the RDP is that an individual would be able to transfer his or her material from one information service to another, without hindrance. For instance, consumers would have a legal right to get an immediate and full download of their data held by a social network such as Facebook, a cloud provider, or a smartphone app.
Although the idea of data portability is appealing, the RDP as defined in Article 18 of the draft Regulation is unprecedented and problematic. Part I explains Article 18, whose text appears to require software and online service providers to create what we call an ‘Export-Import Module,’ or software code that exports data seamlessly from the first service to the second service. The requirements would apply globally, for any entity that sells to an E.U. resident.
Part II critiques the RDP in light of the teachings of E.U. competition and U.S. antitrust law. Competition law has long addressed the problems of lock-in and high switching costs that form a chief justification for the RDP. The RDP, however, applies to small enterprises, where there is essentially no risk of lock-in. In contrast to competition law, the RDP applies to all online services even where there is no market power and no barrier to entry. Article 18 more generally is in conflict with the rules in competition law about exclusionary conduct – it creates a per se prohibition where competition law would apply a rule of reason approach. Competition law would consider the many efficiencies that result from a service provider deciding which functions and formats to include in its products, which undergo rapid innovation.
Part III shows that Article 18 also suffers serious difficulties as a matter of privacy or data protection law. Proponents have claimed the RDP is a new fundamental human right, aiding the individual’s autonomy for online activities. No jurisdiction has experimented with anything resembling the proposed Article 18, however, casting serious doubt on its status as a new human right. Among other difficulties, Article 18 poses serious risks to a long-established E.U. fundamental right of data protection, the right to security of a person’s data. Previous access requests by individuals were limited in scope and format. By contrast, when an individual’s lifetime of data must be exported ‘without hindrance,’ then one moment of identity fraud can turn into a lifetime breach of personal data. Part IV shows that Article 18 goes far beyond previous legal rules that specifically address interoperability.
In conclusion, the novel RDP is justified by the supposed benefits to consumers. As drafted, however, the RDP likely reduces consumer welfare, as articulated after long experience in competition law. It also creates risks to privacy that are not addressed in the current text. The RDP deserves far more scrutiny before becoming a mandate that applies globally to software and online services.
You can download the full paper on SSRN.


For my Computer geeks... (I'm having touble with the video, but there is a transcript)
Eben Moglen, says Wikipedia, "is a professor of law and legal history at Columbia University, and is the founder, Director-Counsel and Chairman of [the] Software Freedom Law Center, whose client list includes numerous pro bono clients, such as the Free Software Foundation." And if that wasn't enough, since 2011 he's been working with FreedomBox, a project working toward "a personal server running a free software operating system, with free applications designed to create and preserve personal privacy." Prof. Moglen is also one of the most polished speakers anywhere, on any topic, ever. That's why, instead of editing this interview Timothy Lord did with him, we simply cut it in half, removed a little introductory and end conversation, and let the Professor roll on. The second half of this interview will run tomorrow. It's at least as worthwhile as the first half, especially if you are interested in Free Software.


Once again, the French may find there are some things they can't control. Once again, that won't stop them from trying.
"Google has threatened to exclude French media sites from search results if France goes ahead with plans to make search engines pay for content. In a letter sent to several ministerial offices, Google said such a law 'would threaten its very existence.' French newspaper publishers have been pushing for the law, saying it is unfair that Google receives advertising revenue from searches for news. French Culture Minister Aurelie Filippetti also favors the idea. She told a parliamentary commission it was 'a tool that it seems important to me to develop.'"


Perspective And here I thought we were talking a lot of money...
October 18, 2012
IAB internet advertising revenue report 2012
IAB internet advertising revenue report 2012 first six months' results, October 2012. An industry survey conducted by PwC and sponsored by the Interactive Advertising Bureau (IAB)
  • "Internet advertising revenues (“revenues”) in the United States totaled $17.0 billion for the first six months of 2012, with Q1 2012 accounting for approximately $8.3 billion and Q2 2012 totaling approximately $8.7 billion. Revenues for the first six months of 2012 increased 14% over the first six months of 2011... “This report establishes that marketers increasingly embrace mobile and digital video, as well as the entire panoply of interactive platforms to reach consumers in innovative and creative ways," said Randall Rothenberg, President and CEO, IAB. “These half-year figures come on the heels of a study from Harvard Business School researchers that points to the ad-supported internet ecosystem as a critical driver of the U.S. economy. Clearly, the digital marketing industry is on a positive trajectory that will propel the entire American business landscape forward.” — Randall Rothenberg, President and CEO, IAB


Fight technology with technology? “Assist law enforcement! Illuminate your plate!” It enahances the lights that come with the car...
License Plate Frame Foils Irksome Traffic-Light Cameras
Traffic-light tickets have ticked off a gazillion drivers, some of whom have had to fork over $500 for running a light. Now there’s a way for you to throw a monkey wrench into that money-making machine.
Jonathan Dandrow has developed noPhoto, which renders the pix snapped by those revenue-generating robo-cams useless. The technology behind noPhoto is fairly simple. At the top of the gadget, which doubles as a license plate frame, there’s an optical flash trigger that detects the flash of the traffic-light camera. That trigger sets off one or both xenon flashes in the sides of the noPhoto, so when the traffic-light camera opens its shutter, there’s too much light and the picture of your license plate is overexposed. Big Brother can’t read your plate.


Send Guido! Done deal. Gimme the $50,000.” Tony Soprano
"It's not clear if the Federal Trade Commission is throwing up its hands at the problem or just wants some new ideas about how to combat it, but the agency is now offering $50,000 to anyone who can create what it calls an innovative way to block illegal commercial robocalls on landlines and mobile phones."

(Related) In New Jersey it's: “Siri, start dis car and dem two ova dare..”
Siri, Start My Car
The latest version of Viper’s SmartStart app also lets you lock and unlock your vehicle directly from your iPhone 4S or 5 running iOS 6.
The promise of Siri’s app integration hasn’t been fully realized since Apple updated iOS last month, but Viper is the first automotive accessory company to tap Siri’s voice controls on its line of SmartStart products.


For my Ethical Hackers.. When numbers identifying people (like SSAN's) or things have “meaning” they are much less random and therefore much less difficult to “hack.”


For my Intro to Computer Security students (Actually, for scaring the bejesus out of them)
… PrivacyFix is an extension for Firefox and Chrome that points out settings you’ll want to change and also helps you stop ad networks from tracking you.
Managing your privacy online can be a hassle. PrivacyFix won’t completely solve the problem, but it makes finding key privacy settings for Facebook and Google trivial. Even more important: it’s incredibly simple to use. Just follow the step-by-step directions, deciding which privacy settings do and do not matter to you.
Head to PrivacyFix to get started. You’ll need to install an extension for Chrome or Firefox, depending on your browser of choice. Sorry, users of other browsers: you’re out of luck for now.


Another in a long line of “there has to be something better than PowerPoint!” software.
… Presentista is a new way to create presentations, and it works right from your web browser.
… When you are creating in Presentista, everything is on one screen. You add your stuff and create a flow, which are akin to slides. The link in the flow is how it determines which section to jump to next. It is a really clean, fluid way to make a presentation.
… Like any presentation, you can include text and graphics. With Presentista, you can also add YouTube videos, Google Images and photos from Flickr.
Similar tools: SlideShark, Appafolio and Present.me.


Wisdom from the mouths of cartoon characters. The Perfect CEO response to eDiscovery!

No comments: