Saturday, May 19, 2012


The decline of a nation? Have they started down that slippery slope that results in a country with laws written by the entertainment industry? (Like the US...)
"India is at a crucial crossroad at the moment. Internet censorship laws are getting stricter as it begins to ban file-sharing and video-sharing websites. It started with Indian courts allowing censorship of Google, Facebook, etc. It has now gone one step ahead and decided to ask ISPs to block file-sharing sites. It is the movie industry which is again at the forefront of this. Anonymous retaliated, and targeted the websites of various Indian government websites in protest. What India lacks at this crucial juncture are debates in the public domain about this and citizens actually organizing protests as seen in the West."


Is this a true 'thumbs up' or do we have 1350 apathetic parents who simply don't care (and how can you tell the difference?)
AU: Parents give schools’ hi-tech rollcall the thumbs up
May 19, 2012 by Dissent
Evonne Barry, Stephanie Wilson report:
Victoria’s privacy chief has questioned the use of finger scanners to track students in schools.
At least two government schools have replaced traditional rollcalls with the biometric technology, which identifies students by their fingertips as they enter and exit school grounds.
Ringwood Secondary College is the latest school to adopt the hi-tech attendance tracker, after Nossal High School in Berwick.
Although both schools call the system a success, Acting Privacy Commissioner Dr Anthony Bendall questioned whether they were justified.
Read more in The Herald Sun.
Interesting statistic that (only) 50 out of 1400 parents opted out of this.


I feel safer already, don't you?
May 17, 2012
EPIC: Privacy Board Approved by Judiciary Committee, Vote Moves to Senate
"The Senate Committee on the Judiciary has approved President Obama's five nominees for the Privacy and Civil Liberties Oversight Board. The Board is an independent entity charged with ensuring that fundamental rights are protected in the implementation of government programs, including cybersecurity. Originally convened in 2004, the five seats on the Board have remained vacant for the past five years. Senator Leahy, the Chairman of the Judiciary Committee, said, "When we worked to create this board, we did so to ensure that our fundamental rights and liberties would be preserved… The Senate should move quickly to confirm the nominees to the board so that they can get to their important work." For more information, see EPIC: 9/11 Commission Report and "The Sui Generis Privacy Agency: How the United States Institutionalized Privacy Oversight After 9-11."


Facebook's IPO generated $15 Billion? We'll take that....
"The folks at Facebook may be focusing on their IPO today, but a complaint filed in federal court has given them something else to think about. The filing consolidates 21 separate but similar cases and alleges Facebook invaded users privacy by tracking their browsing behavior even after they had logged out of the site. The claim seeks $15 billion in damages. 'If the claimants are successful in their case against Facebook, they could prevent Menlo Park from collecting the huge amount of data it collects about its users to serve ads back to them. Like the previous lawsuits, Facebook is once again being accused of violating the Federal Wiretap Act, which provides statutory damages per user of $100 per day per violation, up to a maximum per user of $10,000. The complaint also asserts claims under the Computer Fraud and Abuse Act, the Stored Communications Act, various California Statutes and California common law.'"


When everyone is in charge, no one is in charge.
Facebook rules: Everyone can vote on new privacy policy
Facebook is going to have to put its new privacy policy (or rather Data Use Policy) up for a vote, according to its own rules. The company has yet to announce such a plan, but now that the commenting period has closed, it’s only a matter of time.
Last Friday, Facebook proposed improvements to its Data Use Policy. You can view the tracked changes at the bottom of this article and go through an explanation of them over on the Facebook Site Governance webpage.
Facebook also held a live video Q&A on Monday and launched a Facebook Terms and Policies Hub at facebook.com/policies. Most importantly, the company asked its users to comment on the changes. It’s now closed:
The comment period for our proposed new Data Use Policy is now complete. Thank you for your participation. We plan to review and analyze your comments over the coming days and will keep you posted on next steps.
Here’s where it gets interesting. There’s a clause in Facebook’s own terms of service (Statement of Rights and Responsibilities) under the Amendments section that states the following:
If more than 7,000 users comment on the proposed change, we will also give you the opportunity to participate in a vote in which you will be provided alternatives. The vote shall be binding on us if more than 30% of all active registered users as of the date of the notice vote.


Well, that feeling of safety didn't last very long. On the other hand, eavesdropping on the Chinese military just got a lot easier...
Top Handset Maker Confirms Backdoor in One of Its Models
ZTE, which is based in China and produces the ScoreM, which sells as a Google Android phone, admitted that it had placed a backdoor account with a hardcoded password, which is easily found online. The backdoor was used by the company to remotely update its firmware, according to Reuters. But its existence would also allow anyone else with knowledge of the password to access a Score phone and gain root access.
“It could very well be that they’re not very good developers or they could be doing this for nefarious purposes,” Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, told the news service.


As a “space geek” I think this could be the dawn of true space exploration. Something like the transition from exploration of the Americas funded by the European monarchs to the start of the Hudson's Bay Company. No doubt critics will declaim the “evil profits” these companies make while claiming with equal fervor that government should cut NASA's budget entirely. (Unlike North Korea, these guys want it to work...)
SpaceX launch scrapped in last-second drama
With its nine first-stage engines throttling up in a rush of fiery exhaust, the intended launch of a commercial cargo ship bound for the International Space Station was aborted at the last second early Saturday because of higher-than-expected pressure in one of the compact power plants.


Perhaps I should start a site where my students can tell their stories...
It seems like watching lectures from inspirational people is becoming much more popular. TED was one of the originators, and recently, Google has jumped into the fray, bringing their own special brand of thought-provoking videos and lectures. The Do Lectures follows a similar format. They focus on showcasing people who do amazing things, in the hopes of inspiring others to get out there and do something themselves.
Similar sites: Fear.less, MagMe, and BetterMe.

(Related) Another place I can find alternatives to a lecture...
Watching documentaries is always a fun and educational way of passing your time. But for a documentary film to be interesting, it must be relevant to your topic of interest. Thanks to a website called Watch Documentary, you can now browse countless documentaries online according to their topic.

Friday, May 18, 2012


We don't need no stinking constitution!” At least, that's their “interpretation”
Secret” interpretation of PATRIOT Act will remain secret – court
May 17, 2012 by Dissent
Damn and blast. The ACLU and New York Times have lost their lawsuit against the government that sought disclosure of the “secret interpretation” of the PATRIOT Act. District Judge William H. Pauley III of the Southern District of NY ruled that the government met its burden in claiming the requested memo was exempt from disclosure under the Freedom of Information Act.
So we, the people, remain in the dark about how the DOJ is interpreting Section 215 of the PATRIOT Act – a law passed by our representatives.
In light of this, maybe it’s time for Congress to amend Section 215 to rewrite it in such a way that it permits no other interpretation other than what they intend.


Was this also a poor “interpretation” or simply destruction of evidence?
"In recent times, it seems many Police Departments believe that recording them doing their work is an act of war with police officers, destroying the tapes, phones or cameras while arresting the folks doing it. But in a surprising twist, the U.S. Justice Department has sent letter (PDF) to attorneys for the Baltimore Police Department — who have been quite heavy handed in enforcing their 'Don't record me bro!' mantra. The letter contains an awful lot of lawyer babble and lists many court cases and the like, although some sections are surprisingly clear: 'Policies should prohibit officers from destroying recording devices or cameras and deleting recordings or photographs under any circumstances. In addition to violating the First Amendment, police officers violate the core requirements of the Fourteenth Amendment procedural due process clause when they irrevocably deprived individuals of their recordings without first providing notice and an opportunity to object.' There is a lot more and it certainly seems like a firm foothold in the right direction."


Talk about backward logic. “We had no reason to suspect this guy until we looked at everyone whose location data indicated they were nearby and selected him as 'suspect-du-jour'.”
To Warrant or Not to Warrant? ACLU, Police Clash Over Cellphone Location Data
A bill requiring law enforcement agents to obtain a warrant to collect an individual’s geolocation data from cellphone carriers would be burdensome to criminal investigators and prevent them from gathering the evidence they need to make a case, according to law enforcement witnesses at a hearing on Thursday.
Requiring agents to obtain such warrants is backward logic, since they often use geolocation data they’ve collected on an individual in order to then obtain a probable cause warrant for further collection of evidence, according to John Ramsey, national vice president of the Federal Law Enforcement Officers Association, who spoke to the House Judiciary’s Subcommittee on Crime, Terrorism and Homeland Security.


No other outcome was possible, given: “Your parents were wrong to allow you on to Facebook in the first place and they are not doing a proper job of monitoring your activity.”
School officials’ Facebook rummaging prompts mom’s privacy crusade
May 18, 2012 by Dissent
Bob Sullivan reports:
A mother who says her middle-school daughter was forced to let school officials browse the 13-year-old girl’s private Facebook page is speaking out against the practice because, she says, “other parents are scared to talk about it.”
Pam Broviak, who lives in the Chicago suburb of Geneva, Ill., says her daughter was traumatized when the principal of Geneva Middle School South forced the child to log in to her Facebook account, then rummaged through the girl’s private information.
Read more on Red Tape.


A consequence of the BYOD trend?
"J. Peter Bruzzese sees a solution for organizations seeking to cut down employee time spent on social networks at work: treat social networking like a smoke break. 'Try as you might to keep social networks at bay, mobile devices let people be in constant connection to their social networking vices over the cellular networks, which you can't block. Still, it's not completely impossible to stop social time-wasting over mobile: You can establish policies that, if enforced strongly enough, eliminate social networks from being accessed on company time. Treat it like smoking: Let employees take a 15-minute coffee/smoking/Facebook break and make them go to a designated area to do it.'"


A potential solution to the “jurisdiction” problem? Select blacklist or whitelist countries and define a network that excludes/includes them.
SDN Makes Cloud Offshoring More Attractive
Calligo may not be the first to take its cloud operations offshore, but in the age of software-defined networking (SDN), it could be the start of something bigger.
“It’s unclear if a small, niche player that offers the benefits having actual servers located on the Channel Islands can create a business that can compete with Amazon’s infrastructure as a service or the myriad private clouds people want to build, but the experiment is worth watching,” writes GigaOm’s Stacey Higginbotham.
… What’s so interesting is that the decision to go offshore is made easier in the age of SDN.
So by using whitebox networking gear, Calligo saves a bunch, the story goes. But here’s what stands out most, cloud watchers: “In many ways Calligo has built a software-defined data center….” Higginbotham writes.
Calligo says the Cayman Islands may be next, but the further offshore and with greater distances between centers comes latency, which wreaks havoc on cloud services.
What’s the big deal here? If it’s a demo of a abstracting from physical hardware and showcases software-defined data center, that’s great but why does it have to be on an island?
Eventually Box says Calligo plans to offer an offshore Dropbox-style personal storage account since many of the employees at its proposed customer base are leery of their employees using services like Dropbox given the sensitivity of having corporate data land on servers that could be located in the U.S.


Free Webinar
Enforcing Laptop Security
The increasing mobile workforce places a high demand on protecting laptop data.
Learn how to enforce strict laptop security, without effecting laptop productivity on 24 May 2012 in ISACA's live webinar, Striking the Right Balance for Laptop Data Protection.

Thursday, May 17, 2012


Local. Hey, I'll get better with practice.
Mystery object nearly causes mid-air collision
The Federal Aviation Administration is investigating a mystery in the sky. A mysterious object flying over Denver nearly caused a mid-air collision Monday evening, 9Wants to Know has learned.
As far as investigators know, the mystery object did not show up on radar Monday. [It's called “Stealth” We don't want terrorists (or you second class citizens) shooting down the drone. Bob]
Investigators believe this object, whatever it is, could pose a serious safety hazard to planes.
Radio transmissions from LiveATC.net confirm a nervous-sounding pilot reported a strange object at 5:17 p.m. Monday.
The pilot is heard telling air traffic control: "A remote controlled aircraft, or what? Something just went by the other way ... About 20 to 30 seconds ago. It was like a large remote-controlled aircraft.
The corporate jet, a Cessna Citation 525 CJ1, was flying at 8,000 feet above sea level [minus 5280 = 2720 feet above ground level Bob] over Cherry Creek when the mystery object came close enough to make any pilot nervous.
"That's an issue because now we have something in controlled airspace that poses a danger," Former NTSB Investigator and 9NEWS Aviation Analyst Greg Feith said.
Feith listened to the air traffic recordings and believes the object could be one of three things:
- A military or law enforcement drone. [No missiles Bob]
- A remote controlled aircraft.
- A large bird.
"Was this an unmanned vehicle that was part of some sort of law enforcement operation? Was this somebody that had flown a large model aircraft inadvertently into the airspace? Or was it just [a bird that] caught the pilot's eye so he believed it was an aircraft but could have been a very large wing span bird," Feith said.


“Don't worry, it's just Kool-aid.” Jim Jones
Euclid downplays privacy concerns about Wi-Fi tracking
A new company that plans to track millions of retail shoppers through a unique ID emitted by their smartphones says it wants to be privacy-friendly.
Will Smith, co-founder and chief executive of Euclid Elements, showed up at the PII privacy conference here today to say that identifying repeat visitors by these unique IDs -- the so-called MAC addresses broadcast when Wi-Fi is turned on -- shouldn't be an issue.
"We put a sensor in the store," Smith said. "It passively detects smartphones that come near the store."
… Instead of asking shoppers to choose to opt-in, the company adopted an opt-out model, which means visiting a page on Euclid's Web site. MAC addresses are stored for 18 months and only aggregate data is made available to the retailer, which is required to post a notice telling shoppers what's happening.
But that still means a company, however well-intentioned, will keep detailed logs about the movements of millions of Americans (or at least their mobile phones and perhaps laptops and other gadgets) around cities and shopping malls.
… "If it really creates value for the shopper, it should be something they opt into. But in practice, it's going to be happening without their knowledge most of the time."
Euclid's database would also allow police armed with a court order to learn about someone's whereabouts as long as they know or can find a suspect's MAC address. (You can typically find your MAC address through your laptop or smartphone's About screens. Wireless access points may also record them.)


One of several suggested topics at the last Privacy Foundation seminar... Also has implications for Universities...
The "Bring Your Own Device" to Work Movement
The Report analyzes the challenges employers will face over the next 1 to 3 years as more and more employees use personal devices to perform work. For some companies, a BYOD or "Bring Your Own Device" policy may be the right response. But the adoption of BYOD policies will increase certain employment and labor law risks ... The BYOD Movement requires a truly interdisciplinary response. Thirteen of Littler’s Practice Groups contributed to the insights and recommendations in the Report.
+ Link to full report (PDF; 779 KB)


Monetizing details of my existence...
Rethinking Personal Data: Strengthening Trust
[This] report suggests that personal data are a tradable asset, like water, gold, or oil. And like these assets, they need a set of trading rules to allow for mining, sharing, and utilization. Unlike tangible assets, however, personal data are not consumed when used. Instead, use increases value because new data elements are accumulated, providing greater insights into individuals. This increased insight, coupled with new data mining and "big data" technologies, often leads to new ways to use and create value. ...
Link to full report (PDF; 7.38 MB)


It's cheaper than sending people to Guantanamo...
"The Metropolitan Police has rolled out a mobile device data extraction system to allow officers to extract data 'within minutes' from suspects' phones while they are in custody. 'Ostensibly, the system has been deployed to target phones that are suspected of having actually been used in criminal activity, although data privacy campaigners may focus on potentially wider use.'"


It's for the children (no matter what the parents want)
Quit Facebook or be expelled, school says
A Queensland primary school principal is threatening to expel students aged under 13 who refuse to delete their Facebook accounts, in a bold bid to stamp out cyber bullying at her school.
The policy has been applauded by cyber safety experts who say schools are grappling to deal with a surge in problems caused when children use social media sites designed for adults.
Leonie Hultgren, the principal of Harlaxton State School in Toowoomba, Queensland, has explained the school's new policy in its latest newsletter.
… The Queensland Education Department’s director for the Toowoomba region, Greg Dickman, said the department, "fully supports the principal in managing these issues at a school level".
He said Queensland state school principals had the power to discipline students if they were found to be using technology inappropriately "both at school and outside of school hours".
A Victorian Education Department spokeswoman said that while principals could seek meetings with parents if students aged under 13 had Facebook accounts, they did not have the same disciplinary powers as their Queensland counterparts.
"The principal can only request the family to remove their child's Facebook profile," the spokeswoman said.
Ms Hultgren declined to be interviewed, but in an open letter to parents, she detailed the thinking behind the new policy. She acknowledged some families may ask: Why is Facebook a school issue?
"As many of the parents in the (senior) class would testify, there has been some considerable Facebook traffic that either bullies a child of this school or in some cases denigrates some staff and the school. Either of these circumstances warrant the school becoming involved," she wrote.
But Steven Troeth, a partner at Gadens Lawyers, which provides legal advice to leading Melbourne schools, said that while schools had the right to take disciplinary action when Facebook was used to bully students or staff, even if the bullying occurred outside school hours, he doubted principals had the authority to issue a blanket ban on social media.
He said the Facebook guideline that stipulated users must be aged 13 and older was not enforced by any law.


With the IPO pending, everyone is writing Facebook article... For my Intro to Computer Security studnets.
Nine Major Ways Criminals Use Facebook


Wow, neato! Now we can have video of future presidential bullies. Think any rules are necessary?
Fort Worth teachers encouraged to use cameras in the classroom
May 17, 2012 by Dissent
Craig Civale reports:
The United Educators Association in Fort Worth is encouraging its 20,000 members to use camera phones to deal with unruly students inside the classroom. [Perhaps hitting them with the phone would work... Bob]
It’s a controversial subject that most North Texas school districts say they haven’t had to deal with, but with technology creeping into the classrooms, some say it’s only a matter of time.
“A classroom is not an expectation of privacy… that’s a public forum anybody can walk in, walk out… not an expectation of privacy,” said UEA executive director Larry Shaw.
Read more on WFAA.
So… fast forward, so to speak… the district starts recording what goes on in classrooms. For how long are the tapes retained before they are rolled over? Will students who claim they are being harassed by peers or staff be able to use the recordings to prove their claims? Will the recordings be used to discipline staff who don’t do their jobs well?
And more importantly, what happens to the notion of intellectual freedom and curiosity? Will students feel comfortable raising unpopular thoughts or questions if they know they are being recorded?
If Texas is having such significant problems with unruly students, investing in recording equipment doesn’t sound like a prudent investment of resources. I will bet you that most classrooms do not have token economies or behavior plans in place and that most teachers have not been adequately trained or supported in how to manage behavior – or how to recognize the signs and symptoms of disorders that need treatment or accommodation. Are research-validated building-wide interventions and programs to promote appropriate behavior even in place? And have they asked the teachers whose students are not unruly to serve as master teachers to help train their colleagues in successful techniques and strategies?
Cameras in the classroom will not reduce unruly behavior. They will only record it. I would hope Texas educators can be more creative in proactively preventing problem behavior.


I doubt a UN Big Brother would be any more acceptable than a local Big Brother. Imagine trying to work out a single (lowest common denominator?) set of policies...
"The Indian Government is proposing to create an intergovernmental body 'to develop internet policies, oversee all internet standards bodies and policy organizations, negotiate internet-related treaties and sit in judgment when internet-related disputes come up.' This committee will be funded and staffed by the UN and will report to the UN General Assembly which effectively means the control of the internet passes on to World Governments directly."


Food for thought for the Class Action guys? Evidence gathering should be a snap. Record the ads, measure the connection speeds, sue.
"I'm not getting the bandwidth I paid for from my DSL connection. My '3mbps' fluctuates between about 2.7 during the day down to 0.1 or 0.2 in the evening according to speedtest.net. Let's assume DSL is the only viable option for broadband at my house and I can't really move right now (rural area, on north face of the mountain, no cable service, very poor cell coverage). This was discussed 6 years ago, but I'd like to see if there are any current thoughts on whether I'm just stuck or if there is some way to make the ISP hold up its end."


Bad lawyers... Can they regain the court's trust?
Oops! Yahoo blunders in Facebook patent squabble
Yahoo's lawyers are eating humble pie after the company made accusations that Facebook filed patents fraudulently.
Facebook's lawyers not only managed to prove that the patents in question are legitimate, but that Yahoo's lawyers failed to check the records in the first place.


The Apps are out there – that's all I'm saying.
5 Powerful Music Apps That Should Make Middlemen Nervous


Does this suggest that Wikipedia is becoming more reliable?
"Yoni Appelbaum reports in the Atlantic that as part of their coursework in a class that studies historical hoaxes, undergraduates at George Mason University successfully fooled Wikipedia's community of editors, launching a Wikipedia page detailing the exploits of a fictitious 19th-century serial killer named Joe Scafe. The students, enrolled in T. Mills Kelly's course, Lying About the Past, used newspaper databases to identify four actual women murdered in New York City from 1895 to 1897, along with victims of broadly similar crimes, and created Wikipedia articles for the victims, carefully following the rules of the site. But while a similar page created previously by Kelly's students went undetected for years, when students posted the story to Reddit, it took just twenty-six minutes for a redditor to call foul, noting the Wikipedia entries' recent vintage and others were quick to pile on, deconstructing the entire tale. Why did the hoaxes succeed in 2008 on Wikipedia and not in 2012 on Reddit? According to Appelbaum, the answer lies in the structure of the Internet's various communities. 'Wikipedia has a weak community, but centralizes the exchange of information. It has a small number of extremely active editors, but participation is declining, and most users feel little ownership of the content. And although everyone views the same information, edits take place on a separate page, and discussions of reliability on another, insulating ordinary users from any doubts that might be expressed,' writes Appelbaum. 'Reddit, by contrast, builds its strong community around the centralized exchange of information. Discussion isn't a separate activity but the sine qua non of the site. If there's a simple lesson in all of this, it's that hoaxes tend to thrive in communities which exhibit high levels of trust. But on the Internet, where identities are malleable and uncertain, we all might be well advised to err on the side of skepticism (PDF).""


Cutesie picture of a start-up...
Facebook “Likes” Money: IPO By The Numbers [Infographic]


How huge is Facebook's impact?
Facebook.com received 9% of all U.S. Internet visits in April
  • Facebook.com received more than 1.6 billion visits a week and averaged more than 229 million U.S. visits a day for the year-to-date.
  • The average visit time on Facebook.com is 20 minutes.
  • Facebook.com became the No. 1 ranked website in the U.S. on March 9, 2010.
  • The term 'Facebook' is the most searched term in the U.S. and has been for the past three years, starting the week ending July 18, 2009.
  • 10 states account for 52 percent of visits to Facebook.com -- California, Texas, New York, Florida, Illinois, Pennsylvania, Ohio, Michigan, Georgia, North Carolina based on year-to-date average.


I was talking with some lawyers recently about how they use technology. What you don't know can hurt you (or your client) When you delete a file, what actually happens is the Index pointer is deleted and the file remains untouched... This is a version you can load on your thumb drive and carry with you!
Drag and drop files to erase them permanently with EraserDrop
Every now and then, we need to make sure that the files we delete are really gone forever. Financial info, old work data, or poems we wrote in college all need to go down the memory hole with no chance of retrieval, and there are quite a few tools out there that get the job done.


For my researching students...
… it is now rolling out a brand new way to perform Google searches – the Knowledge Graph.
First and foremost, the Knowledge Graph is about things, not strings. What does that mean? When you search for things Google knows about, such as places, people, etc., Google will now gather its knowledge about these things and include that in the search results. So when you search for a name, you will also get a summary of information about that name. Also included will be names other people have searched for along with this one.
… According to Google, the database currently contains more than 500 million objects, with more than 3.5 million facts about these objects and their relationships with other objects. [Something funny with those numbers Bob] Google have obviously made good use of search information indicating what people are looking for in order to create this search experience.
The Knowledge Graph is currently only available to U.S. English users, but will roll out slowly to other countries and languages as well. In the meantime, you can watch this video to learn more about the new features of Google Knowledge Graphs.
[See also:


The complete(?) guide, for my students with ideas.
Fund Your Dream With the Perfect Kickstarter Pitch

Wednesday, May 16, 2012


It's not that they don't know how to protect data (Best Practices, etc.) it's just that it actually takes effort...
Zero tolerance for human error? Utah governor fires tech director
May 15, 2012 by admin
Heather May reports that at least one head has rolled in the wake of the Utah Department of Health breach in March:
Gov. Gary Herbert apologized to the 780,000 victims of the health data security breach on Tuesday.
To restore the public’s trust, he announced Tuesday that he fired Department of Technology Services director Stephen Fletcher and hired an ombudsman to shepherd victims through the process of protecting their identities and credit.
He said Fletcher was asked to resign, saying the director lacked “oversight and leadership.”
The governor said the status of two other technology employees is also being reviewed. They could be reprimanded or fired.
Herbert declined to give details of what protocols the employees failed to follow that allowed hackers, likely from Romania, to swipe the Social Security numbers and other data from health department servers on March 30. He said they are being investigated, but added that the breach was related to the failure to change a default password.
Read more on Salt Lake Tribune.
[From the article:
Data will now be encrypted while it is on state servers and not just when it is in transit, he said.
… Herbert also terminated a contractor who provided software without encryption safeguards, he said.

(Related) This applies to IP lawyers too.
Dear Executives, Technological Ignorance Is No Longer Acceptable
An article appeared in the New York Times technology section recently about Glenn Britt, the CEO of Time Warner Cable. The story? He doesn’t know what AirPlay is. Of course, many people don’t know what AirPlay is. For those of you who don’t know, AirPlay is a software service from Apple that allows users to play content from one device onto another.
… This is a twofold problem (at least.) If the content holders have no idea what technology consumers are using and what they want in a viewing experience, how can they make good decisions about how to provide and license their content and how can they do anything but respond to new and disruptive technology with lawsuits and awkward diatribes against piracy? I think we are past the point in our culture when we give people a pass for not understanding how technology works – not people who make a living from it and make legislative decisions about it. Part of the reason technology workers and enthusiasts are so put off by attempts to regulate (or not) technology is because these laws and restrictions are so obviously being created by people who don’t know the first thing about the technology they’re dealing with.


Tools for stalkers? Perhaps Rupert Murdock would like a copy too?
If you follow a lot of people on Twitter, you will find tweets in your stream where people mention others and talk to them. Reading only one side of the conversation does not help at all. To help you read both sides is a helpful tool called TweetsBetween.
TweetsBetween is an online tool that helps you read the most recent tweets between two Twitter users. All you have to do is type in the handles of each user into the specified fields and then click on the “Go” button.
… Although Twitter only lets the app search back for conversations up to a week ago, the app also provides you with the option to view specific conversations beyond that period after linking them to a URL.


Think this will go anywhere? Me neither...
Jack Straw: ‘Breach of privacy’ should be in Human Rights Act
May 16, 2012 by Dissent
Paul McNally reports:
The former justice secretary, Jack Straw, has called for the Human Rights Act to be amended to include a new clause on breach of privacy.
Giving evidence at the Leveson inquiry today, Straw said that when the Human Rights Act was passed in 2008 parliament felt the privacy element was best left to the senior judiciary to interpret and apply, but that had now changed.
He told the inquiry: “There is a need now for parliament to amend the law so there is a tort of breach of privacy that applies to everybody.
“I think it is time for parliament to accept the job we passed to the judiciary.”
Read more on Journalism.co.uk


My car, Big Brother's data?
As Congress Mulls Mandate on Car Black Boxes, Data Ownership Remains Unclear
The term “black boxes” conjures up images of plane crashes for some and inspires conspiracy theories for others. For the National Highway Transportation Safety Administration (NHTSA), the automotive black box became a key source of impartial information in the unintended acceleration controversy focused on Toyota vehicles.
That’s partly why Congress now seems set on passing legislation that would make an Electronic Data Recorder (EDR) – the technical name for an automotive black box – required equipment on all new cars. And lawmakers also want to settle who owns the data on the devices, although that issue won’t be nearly as cut-and-dried.
Bill 1813 that mandates EDRs for every car sold in the U.S. starting with the model year 2015 has already passed the Senate. The U.S. House of Representatives is expected to pass a version of the bill with slightly different language. Car and Driver calls the wording of the bills “pretty vague” and notes that the Senate version stipulates that EDRs only “capture and store data related to motor vehicle safety,” and that access to the EDR’s information is only through an “interoperable data access port.”


“Because we can't teach them not to bully, we'll teach them to submit to privacy violations.”
NZ: Principals call to search students’ cellphones, laptops
Principals want the power to search students’ cellphones and laptops to combat cyber-bullying.
The call comes as part of a change in the way schools deal with the problem, with principals shifting away from restorative justice to suspending bullies.
Secondary Principals’ Association president Patrick Walsh said principals were being forced to take a heavier hand to ensure student safety, on the back of a backlash from parents, who say soft approaches don’t work.
The association is working with the Ministry of Education to give principals the power to confiscate phones, laptops and digital devices.
Read more on TVNZ.
Wait until they find communications between a teacher and a student. Then the fun should start as teachers jump into the fray….

(Related) What might teachers find on student devices?
Ca: Top court to decide if data on work computer is private
May 15, 2012 by Dissent
Angela Mulholland reports:
How much privacy Canadians can expect when they use work computers for personal use will be under a microscope when the Supreme Court begins hearing arguments this week in a case that could have wide implications for many employees.
The case before the Supreme Court of Canada involves a high school teacher in Sudbury, Ont. who was charged with possession of child pornography, after nude pictures of a student were found on his work-issued laptop.
Read more on CTV.ca


I read this as a firm, “We can't tell...”
May 15, 2012
Outsourcing and Insourcing Jobs in the U.S. Economy: Evidence Based on Foreign Investment Data
Outsourcing and Insourcing Jobs in the U.S. Economy: Evidence Based on Foreign Investment Data, James K. Jackson - Specialist in International Trade and Finance, May 10, 2012
  • "Broad, comprehensive data on U.S. multinational companies generally lag behind current events by two years and were not developed to address the issue of jobs outsourcing. Many economists argue, however, that there is little evidence to date to support the notion that the overseas investment activities of U.S. multinational companies play a significant role in the rate at which jobs are created in the U.S. economy. Instead, they argue that the source of job creation in the economy is rooted in the combination of macroeconomic policies the nation has chosen, the rate of productivity growth, and the availability of resources. This report addresses these issues by analyzing the extent of direct investment into and out of the economy, the role such investment plays in U.S. trade, jobs, and production, and the relationship between direct investment and the broader economic changes that are occurring in the U.S. economy."


Slick. Add our service and we give you a second line, free!
Comcast’s Non-Denial Denial On Traffic Prioritization And Net Neutrality


Perspective
People Click on About One of Every 2,000 Facebook Ads They See
… One indication comes courtesy of this infographic that these marketers created showing the differences between Facebook and Google's ad networks. It contains three remarkable stats about clickthrough rate (CTR), which is the percentage of the time a user clicks on an online advertisement. The average, these marketers say, is about 0.1 percent. Facebook's CTR is below average at 0.051 percent and Google's is above average 0.4 percent.
While these differences are meaningful and say something powerful about Google and Facebook, let's do the math on those percentages to see how relevant the ads you're seeing really are. For Google, people are clicking on about 1 of every 250 ads they see while searching. For the average, it's 1 out of every 1,000 ads. And for Facebook, people are only clicking once every 1,961 ads they see.


For my researching students
Tuesday, May 15, 2012
This afternoon I discovered a new feature in Google Documents (now a part of Google Drive) that could prove to be handy for students to use while writing research papers. Google Docs now has a search function built-in. This feature allows users to search the web without having to leave the document they're viewing. To access the new feature open the "tools" menu then select "research" while you have a document open. The search box will appear on the righthand side of your screen.
Once you have opened the search sidebar there are some great features to take advantage of. If you find a web result that you want to use in your writing, click on the "insert link" and "cite" buttons to have that link included in your document. Google Docs will automatically insert a footnote citation for that link. The same concept is applied to image searches. When you find an image that you want to use in your document, drag it into place and Google Docs will automatically include a citation for you. The only problem with the image search is that I couldn't tell if the images were Creative Commons licensed or not without going to the actual source in a new tab. Finally, there is a quotation search function that allows you search for famous quotes to include in your writing. Again the automatic citation function kicks-in if you find a quote that you want to you use.
… To learn more about Google Documents and Google Drive, download my free 57 page guide to Google Drive and Docs for Teachers.


For my Statistics students: It's so unfair that people would actually have to get out of bed to vote. Perhaps we could base everything on the newspaper and TV polls. (Or, Twitter, just to be a bit more up-to-date)
Why Fewer Voters Can Mean Better Elections
… Two separate research initiatives—one from a pioneering cryptographer and a second from a team based at Stanford University—have proposed a return to this purer, Athenian-style democracy. Rather than expect everyone to vote, both proposals argue, we should randomly select an anonymous subset of electors from among registered voters. Their votes would then be extrapolated to the wider population. Think of it as voting via statistically valid sample. With a population of 313 million, the US would need about 100,000 voters to deliver a reliable margin of error.

(Related) On the other hand...
Sorry, Mr. Obama: You Can't Use Twitter to Predict Election Results
… Election forecasting with twitter is a particularly trenchant example of the cocktail of hubris and naïveté that is widespread in social-media prediction work. For instance in a particularly well-cited 2010 paper titled "Predicting Elections with Twitter: What 140 Characters Reveal about Political Sentiment," researchers in Germany argued that Twitter is a "valid real-time indicator of political sentiment'' in which "the mere number of tweets mentioning a political party" has predictive power that rivals traditional polling. However, this paper, which claimed to have matched traditional polling's error rates for the 2009 German Parliamentary Elections, is indicative of many of the problems with such predictive studies.
Strong early detection work is seriously grounded in the offline social dynamics and phenomena that would lead someone to express a related sentiment online. Work on "predicting" election outcomes is not. Public-opinion polling -- the contemporary gold standard of election forecasting -- involves incredibly sophisticated sampling procedures to identify "likely voters" as opposed to "registered voters," often stratifying by various populations of interest that might otherwise be under-represented. This is a means of grounding the work in the real social dynamics of voting. Only by building into the predictive model a view of what will actually get which people to the polls, is it possible to translate the loosely held public political sentiment of the moment into something that relates to actual outcomes on election day. In Twitter prediction to date there has been no such subtle inclusion of the dynamics of participation and how these map to real world action.

Tuesday, May 15, 2012


It's not always people who don't know any better...
California DOJ notifies those affected by a hack of a retired agent’s email accounts
May 15, 2012 by admin
Have I mentioned how valuable it is when states post breach notices online? A reader points me to a new addition to California’s security notices page from the DOJ’s Computer and Technology Crime High-Tech Response Team (C.A.T.C.H.). The incident they are reporting was a hack by those affiliated with Anonymous in 2011:
In November 2011, hackers affiliated with the group Anonymous accessed and released private email accounts belonging to a retired agent for the Department of Justice who was a member of the Computer and Technology Crime High-Tech Response Team (CATCH). CATCH is a multi-agency task force that was formed to apprehend and prosecute criminals who use technology to prey on the citizens of San Diego, Imperial Valley, and Riverside Counties. Some of emails that the hackers released included data that contained your personal information including, but not limited to, your name, address, date of birth, and Social Security number (SSN).
Others received a letter that began:
In November 2011, hackers affiliated with the group Anonymous accessed and released private email accounts belonging to a retired agent from the Department of Justice who was a member of the Computer and Technology Crime High-Tech Response Team (CATCH). CATCH is a multi-agency task force that was formed to apprehend and prosecute all criminals who use technology to prey on the citizens of San Diego, Imperial Valley, and Riverside Counties. Some of the emails the hackers released included closed identity theft case files that contained some of your personal information including, but not limited to, your name, financial account information or credit card number, and possibly your Social Security number.
The letter to those in the second group also contained the following statement:
In addition, although it appears that the identity theft case file in which your information was contained has been closed, you may want to confirm that your financial account has been closed. If it has not, we suggest that you immediately contact the financial institution and close your account. Tell them that your account may have been compromised, and ask that they report it as “closed at customer request.” If you want to open a new account, ask them to give you a PIN or password. This will help control access to the account.
No explanation was provided as to why there was such a delay between the incident and the notification letters to individuals. Did they delay because it took them time to figure out who had data exposed? Did they delay so that the disclosure would not interfere with any criminal investigation? If people’s accounts were exposed, I hope they contacted them all promptly by phone if not by letter.
Keep in mind that entities only have to file these breach reports with California if the breach affected more than 500 individuals.


The 'gift card' that keeps on giving. Another case of “further investigation” significantly increasing the scope of the breach.
Global Payments Breach Fueled Prepaid Card Fraud
… According to Fuller, Higgins said the fraudsters were coming to the stores to buy low-denomination Safeway branded prepaid cards, and then encoding debit card accounts issued by USB onto the magnetic stripe on the backs of the prepaid cards. The thieves then used those cards to purchase additional prepaid cards with much higher values, which were then used to buy electronics and other high-priced goods from other retailers.
Initial alerts about the breach from Visa and MasterCard stated that the breach at Global Payments compromised both Track 1 and Track 2 data from affected card accounts, meaning thieves could produce counterfeit versions of the cards and possibly commit other acts of identity theft against cardholders. Global Payments claims that only Track 2 data was taken, and that cardholder names, addresses and other data were not obtained by the criminals.
Yet, as USB’s story shows, the data on Track 2 alone was enough for the crooks to encode the card number and expiration date onto any cards equipped with a magnetic stripe. The cards could then be used at any merchant that accepts signature debit — transactions that do not require the cardholder to enter his or her PIN.
Visa and MasterCard each have revoked their certification of Global Payments as a compliant card processor. Global Payments said it is still investigating the cause and extent of the incident. The company maintains that fewer than 1.5 million card accounts were stolen, but some in the industry now believe more than 7 million card accounts may have been compromised. Meanwhile, the card associations keep broadening the window of time in which hackers likely had access to the processor’s network. Initially, Visa and MasterCard said the breach window at Global Payments was between January and February 2012, but in the latest round of alerts sent to banks affected by the breach, the card brands warned that the breach dates back to at least early June 2011.


Any techie-stalker knows this. You can use the cameras to find and follow anyone. Or, to remove your self from the picture – how do you think I appear to move like the wind?
Popular Surveillance Cameras Open to Hackers, Researcher Says
In a world where security cameras are nearly as ubiquitous as light fixtures, someone is always watching you.
But the watcher might not always be who you think it is.
Three of the most popular brands of closed-circuit surveillance cameras are sold with remote internet access enabled by default, and with weak password security — a classic recipe for security failure that could allow hackers to remotely tap into the video feeds, according to new research.
The cameras, used by banks, retailers, hotels, hospitals and corporations, are often configured insecurely — thanks to these manufacturer default settings, according to researcher Justin Cacak, senior security engineer at Gotham Digital Science. As a result, he says, attackers can seize control of the systems to view live footage, archived footage or control the direction and zoom of cameras that are adjustable.


We should have seen this one coming... Now my car can rat me out to billboards pointing to every donut shop in Denver.
OnStar Files Patents for Minority Report-Style Billboards
Two weeks ago, a patent filing by General Motors was uncovered that proposed using data collected from its OnStar service to tailor public advertisements to individual drivers.
Like the billboards Tom Cruise encountered in Minority Report, the OnStar-linked ads would be tailored to passing motorists based on personal information they’d shared with their telematics service. Perusing the patent’s text, nightmare scenarios flooded our thoughts. Kids in the backseat? Be prepared to see ads for Happy Meals and nearby amusement parks. Headed to the doctor’s office? A friendly reminder to schedule a colonoscopy, in flashing 40-foot letters.


Makes you think about sharing information at sea.
Pentagon Wants Web Apps to Stop Piracy, for Some Reason
The Navy’s far-out research wing thinks it’s found a way to cut down on the scourge of maritime piracy: apps. Commence the face-palming.
The Office of Naval Research announced on Monday that it’s awarding $1 million in grants to develop a suite of web applications to “analyze data and other information to combat pirates, drug smugglers, arms traffickers, illegal fishermen and other nefarious groups.”


Apparently there are a lot more “security events” than TSA reports.
May 14, 2012
TSA's Efforts To Identify and Track Security Breaches at Our Nation’s Airports
  • "Senator Frank Lautenberg requested an investigation into media reports focused on security breaches at Newark Liberty International Airport, including the contributing factors that led to the security breaches. He requested that we compare the incident rate of breaches at Newark to other airports in the region and comparable airports. He asked us to determine whether corrective action had been taken on the specific security incidents. We determined whether the Transportation Security Administration (TSA) at Newark had more security breaches than at other airports. We also determined whether TSA has an effective mechanism to use the information gathered from individual airports to identify measures that could be used to improve security nationwide."


Interesting concept. If you have a simple way to excerpt the text, infringement is easier to prove...
McGruber writes with news of a ruling in a copyright case brought against Georgia State by several publishers over the university's electronic reserve system:
"The Atlanta Journal Constitution is reporting that a federal judge has ruled in favor of Georgia State University on 69 of 74 copyright claims filed by Cambridge University Press, Oxford University Press, and SAGE Publications. In a 350-page ruling, Senior U.S. District Judge Orinda Evans found that 'fair use protected a Georgia State University professor's decision to allow students to access an excerpt online through the university's Electronic Reserves System.' While the 69 of the 74 claims were rejected, the judge also found that five violations did occur 'when the publisher lost money because a professor had provided free electronic access to selected chapters in textbooks.' SAGE Publications prevailed on four of these five claims, while Oxford University Press won the fifth claim. Cambridge University Press lost all its claims."
From Inside Higher Ed: "And the judge also rejected the publishers' ideas about how to regulate e-reserves — ideas that many academic librarians said would be unworkable. At the same time, however, the judge imposed a strict limit of 10 percent on the volume of a book that may be covered by fair use (a proportion that would cover much, but by no means all, of what was in e-reserves at Georgia State, and probably at many other colleges). And the judge ruled that publishers may have more claims against college and university e-reserves if the publishers offer convenient, reasonably priced systems for getting permission (at a price) to use book excerpts online. The lack of such systems today favored Georgia State, but librarians who were anxiously going through the decision were speculating that some publishers might be prompted now to create such systems, and to charge as much as the courts would permit."

(Related) If they can immunize ISPs, why not me?
"In Finland, the operator of an open WiFi access point was found not guilty for copyright infringement allegedly committed over said access point. The operation of such access points would have become legally risky were this decided otherwise. Appeal by the Finnish Anti-Piracy Center is still possible for this district court ruling."


How to be a Government Twit?
May 14, 2012
Working the Network: A Manager’s Guide for Using Twitter in Government
Working the Network: A Manager’s Guide for Using Twitter in Government, Ines Mergel - Maxwell School of Citizenship and Public Affairs, Syracuse University. May 14, 2012.
  • "As of this writing, the federal government operates over 1,000 Twitter feeds. Federal civilian agencies maintain over 360 Twitter feeds, while the Department of Defense hosts more than 650. In addition to its official English feed, the State Department produces Twitter feeds in Turkish, Farsi, Arabic, Spanish, and French. It is fair to say that the federal government is embracing Twitter as a tool for citizen engagement. But is government realizing the panoply of benefits that a comprehensive understanding of this tool promises? Beyond acting as a broadcasting channel—supplementing the website by promoting press releases or announcing new initiatives—Twitter can help agencies follow public conversations on issues relevant to their organizations."


The new legal specialty: e-State Planning?
The Social Media Will: An Expert Guide to Your Digital Afterlife


English teachers rejoice? Probably best to search several ways to get elusive results.
May 14, 2012
Google expands punctuation and symbols in search
Google Inside Search - "Punctuation and symbols in search - Generally, most punctuation and special characters are ignored in Google Search. However, we’re expanding our search capabilities to support some characters that modify search terms and help Google find exactly what you’re looking for. Here are some examples from the growing list of popular symbols that are supported.." [Search Engine Showdown]


This could be extremely handy!
Monday, May 14, 2012
The web is full of webinars, webcasts, and video lessons of all types. Searching the content of those videos can be difficult and time-consuming if you can't find the transcripts of those videos. That's a problem that can be addressed by using a tool that Stephen Ransom shared on Twitter this morning.
Talk Miner is a tool for searching the contents of webinars, webcasts, and video lectures. Talk Miner searches the slides, images, and text within videos to take you to the scenes that match your search query. Watch the video below to learn more about Talk Miner.


For my Intro students...
Hitch a ride through Google's cloud
Your Gmail box lives somewhere in the jumble of servers, cables, and hard drives known as the "cloud" but it often migrates in search of the ideal location.
Google today released an animation that answers the question: what happens when I press send on Gmail? The company created the interactive feature called The Story of Send to highlight the security and relatively low energy footprint of its data centers. The graphics repeat Google's estimate that its data centers use 50 percent less energy than a typical data center and 30 percent of their data center energy is supplied from renewable sources, including wind and solar.


Free is good, and eventually I'll move to Windows 7
Get Laplink PCmover Windows 7 Upgrade Assistant for free
Today only, in honor of its 29th birthday, Laplink is offering PCmover Windows 7 Upgrade Assistant absolutely free. It regularly sells for $29.95.
To get the software, click here, then click the little "Add to cart" box in the upper-right corner of the free-PCmover banner. Scroll down and click "Proceed to Cart." Follow the instructions on the following page.
… If you're an XP user, you can't do an in-place upgrade -- meaning Windows 7 effectively wipes your programs and data as part of the installation process. The same is true if you're moving from a 32-bit version of Vista to 64-bit Windows 7.
PCmover overcomes that limitation, packaging up all your programs and data and then restoring them after Windows 7 finishes installing.