Saturday, January 05, 2013

A con is a con is a con. Did their deletion (refusal to keep) records make it impossible to detect this?
So you’re concerned about your online privacy and are willing to pay for a service that purports to offer privacy and anonymity. Maybe you’re feeling pretty smart because you found a service that says it maintains no logs and no subscriber list. And even better, you think, it offers a lifetime offer.
Sounds good? Well, wait…
As a long-time Cotse.net subscriber and fan, I was surprised to see the following recent notice on their login page:
We’d like to call Ultimate-Anonymity.com/Ultimate-Privacy.net on the carpet for paying us for one single user account then selling all of their own users subscriptions as well as lifetime access to that account under the guise of it being their service. Not only is that a violation of our policies, but we think that behavior is quite unethical.


For my Ethical Hackers... I think we need someone to do some legal research along these lines, here in the US... (Interesting coments)
"The Dutch government's cyber security center has published guidelines (in Dutch) that it hopes will encourage ethical hackers to disclose security vulnerabilities in a responsible way. The person who discovers the vulnerability should report it directly and as soon as possible to the owner of the system in a confidential manner, so the leak cannot be abused by others. Furthermore, the ethical hacker will not use social engineering techniques, nor install a backdoor or copy, modify or delete data from the system, the NCSC specified. Alternatively a hacker could make a directory listing in the system, the guidelines said. Hackers should also refrain from altering the system and not repeatedly access the system. Using brute-force techniques to access a system is also discouraged, the NCSC said. The ethical hacker further has to agree that vulnerabilities will only be disclosed after they are fixed and only with consent of the involved organization. The parties can also decide to inform the broader IT community if the vulnerability is new or it is suspected that more systems have the same vulnerability, the NCSC said."

(Related) A different take on disclosure.
"Whether you agree with his rationale for doing so or not, Adrian Lamo has come forward to discuss his reasoning for exposing Bradley Manning. Manning, now in federal custody, leaked thousands of U.S. intelligence files and documents. Lamo's side of the story shows that he was concerned for Manning's mental health and stability, and for the lives Manning was risking by releasing classified material — Afghan informants, for instance. Either way, this goes to show that if you're going to release stolen/hacked documents, it's best you do it anonymously and don't brag about it."


Dress them in Santa costumes and they deliver through your chimney...
Enter The Dronenet
Here’s my favorite Big Idea of the year so far, via John Robb, who’s always worth your attention: The Dronenet, a “short distance drone delivery service built on an open protocol.”
He fleshes it out in a series of posts, but basically, it would be a network of drones that would carry things the same way the Internet carries data: in packets, over a series of multiple hops, routing on the fly.
… What’s more, it would dovetail awfully nicely with the 3D-printing revolution: I’ve argued before that almost nobody needs their own 3D printer, but the Dronenet could ultimately provide not just same-day but often same-hour delivery of newly printed items.


Facebook clearly can't please all of the people all of the time. Can they please all of the people some of the time?
Louise Osborne reports:
A German state data protection agency has threatened Facebook’s billionaire founder and chief executive Mark Zuckerberg with a €20,000 (£16,000) fine if Facebook does not allow Germans to have anonymous accounts on the social network.
In letters to Zuckerberg in California, and also to Dublin-based Facebook Ireland Ltd, the data protection commissioner for the northern German state of Schleswig-Holstein, Thilo Weichert, said the current rules violated German law by requiring users to provide their identities. “It is unacceptable that a US portal like Facebook violates German data protection law, unopposed and with no prospect of an end,” said Weichert.
Read more on The Guardian.
Okay, so what happens if, say, Zuck says, “No problem. I’ll pay the fine.” Then what could the data protection commissioner do? Even if Facebook was fined on a daily basis, if they said, “No problem, we’ll pay the fine.” Then what? [Then we have invented Internet Taxation Bob]


Ah ha!
FTC and Google: No Market, No Foul
… I was surprised to see how few commentators have raised the point that there can’t be a search “market” when no one pays for that service. And that the users of web search are, in fact, the product that Google sells to the consumers of the market it does monopolize — online advertising. Or the fact that by using its advertising revenues to provide services to users for free or greatly discounted it can collapse those markets and own them as well.
For over a year and a half, many experts who follow the internet economy have wisely pointed out that the real consumers in the online search business are advertisers, not the users who interact with the search engine. One of the most profound “aha” moments for me came when I read Nathan Newman’s article “You’re Not Google’s Customer — You’re the Product: Antitrust in a Web 2.0 World” back in March 2011. He correctly argued that web browser users who interact with Google search are in fact the product that gets sold to the real customer — the online advertiser.


“We don't need no stinking cellphone!” What we do need is a device that connects us to the Internet.
"Facebook has chosen Canadian users to be guinea pigs for a new mobile feature to make free phone calls. Facebook's new Messenger app for Apple mobile devices enables voice-over-Internet protocol phone calls, which use data instead of eating into the minutes in a mobile plan."


Perspective A “Big Data” research target?
Library of Congress digs in to full archive of 170 billion tweets
It took four years to hit 21 billion tweets. Now Twitter users generate nearly half a billion a day, and the Library of Congress will be archiving and indexing all of them.


For my “Presentation” class. Great summary!
… Public speaking and presentations is an art though – have you ever sat through a horrendous talk? I know I have and I slightly “ranted” about them in another MakeUseOf article (which I will be referring to occasionally throughout this piece), Avoid Murder By PowerPoint: How To Make Your Presentations Compelling And Memorable. So what makes the perfect presentation? Well, there isn’t just one thing that you must do, but a collaboration of things.
Research & Content Organization
Create An Outline
Know Your Audience
Don’t Clutter The Most Important Points
Create Your Own Personal Handout
Preparation & Assembly
Back Up Your Data and Have a Backup Plan
“Talk First, Write Second”
Practice, Practice, Practice
Be Aware Of Distractions: Both Personal & Grammatical
Get Feedback From Others
Don’t Change Anything Right Before The Presentation
Make Sure Everything Works Before The Talk Starts
Speaking & Delivery
Be Real & Show Your Gratitude
Don’t Talk AT Your Audience
Don’t Forget About Your Mobile Phone
If Possible, Use a Remote To Change Slides
Pointers Are Great, But Also Distracting If Not Used Correctly
Don’t Read The Slides Word For Word – Make Eye Contact
Don’t Worry About What You Look/Sound Like
Visual Display & Projection


Sharing stuff for the new Quarter...
There’s a whole host of educational videos out there. From Sal Khan’s famous set of instructional video lessons to the one-off videos by individuals … there’s a lot to sort through. So where do you start? If you’re like me, you go straight over to the king of all video sites, YouTube. They have a dedicated education section (YouTube EDU) where they have a curated list of resources.
University & College
NPTEL10,843 videos
UC Berkeley5,082 videos
MIT2,470 videos
Stanford University1,747 videos
K-12
Hoopla Kidz- 122 videos
Space Lab – 235 videos
Sesame Street – 1,329 videos
Khan Academy – 3,308 videos
Lifelong Learning
Animal Planet TV – 2,636 videos
Google Developers - 1,589 videos
Justin Sandercoe – 370 videos
Big Think – 9,207 videos

(Related)
Explania describes itself as a place to watch “hundreds of animated explanations, interactive tutorials and instructional videos, and feel free to embed them on your own web pages.” It is free to watch and embed the videos, so if you find one useful, you can easily share it with your classes or even on a class website. Many of the videos are technology how-tos, which may not be useful for your class, but can help you teach your mom to use Twitter, for example.


For my amusement.
California Assemblyman Dan Logue has proposed legislation to create a pilot program that would investigate ways for the state to offer a college degree that costs no more than $10,000. (There are similar efforts in Florida and Texas.) It’s not clear if Logue’s bill will move forward.
… According to research from the University of Michigan’s Marc Perry, the price of college textbooks has increased 812% since 1978 — something that makes the housing bubble “seem rather inconsequential.”
… A preview of the 2013 Horizon Report for Higher Education is now available online. On the near horizon of ed-tech adoption: the flipped classroom, MOOCs, mobile apps, and tablet computing. The report’s official release will come in February.


Two examples, but this works on any topis you can imagine...
Do you want to save money or find a job? Yahoo Pipes helps with both by grabbing the data you want, like job openings, and feeding it to you immediately. On top of that, it’s remarkably easy to set up and use.
The Pipes technology represents the web’s greatest secret – a ridiculously powerful information-gathering system that, shockingly, very few users have heard about. Its obscurity partly relates to the complexity in building a Pipe. Fortunately, using this software only requires that you access a database of community-created Pipes. Thousands of these creations exist within Yahoo’s servers, allowing users to access subjects as enlightening as science journals or as mundane as Flickr photos.
… To get started immediately, take three simple steps – first, open the pre-built Pipe. Second, input whatever it is you’re looking for, such as the job title or a particular product. Third, and optionally, output the stream as an RSS feed to your favorite feed reader. The first two parts of this article will walk readers through two potential uses for Pipes – getting jobs and finding sales. The third part explains how to integrate a Pipe’s output into an RSS reader.

Friday, January 04, 2013

Evidence (like we needed it) that the state didn't have a clue...
Jeffrey Collins of Associated Press reports:
The Department of Revenue was more concerned with keeping employees from accessing news, sports and social media websites on their work computers than protecting taxpayer data like Social Security numbers, a former computer security chief at the agency said Thursday.
Read more on Aiken Standard.
Tim Smith of Greenville Online and LaDonna Beeker of WISTV also cover Scott Shealy’s testimony at a state House of Representatives hearing on the breach that affected 3.8 million individuals almost 700,000 businesses.
Shealy testified that the state did not even look for a replacement for him for months after he resigned in September 2011, and while he was there, he claims he was unable to convince his bosses that they needed to pay more attention to security:
Until the breach, the agency declined free network monitoring of its servers, did not encrypt all its sensitive data and did not use multi-password systems to access the data, all defenses experts have said could have thrwarted the hacker.


...but the government wants to share everyone's records with every Doc, right?
By Dissent, January 3, 2013 2:08 pm
Bernie Monegain reports:
Medical centers that elect to keep psychiatric files private and separate from the rest of a person’s medical record may be doing their patients a disservice, a Johns Hopkins study concludes.
In a survey of psychiatry departments at 18 of the top American hospitals as ranked by U.S. News & World Report’s Best Hospitals in 2007, a Johns Hopkins team learned that fewer than half of the hospitals had all inpatient psychiatric records in their electronic medical record (EMR) systems and that fewer than 25 percent gave non-psychiatrists full access to those records.
Researchers say, psychiatric patients were 40 percent less likely to be readmitted to the hospital within the first month after discharge in institutions that provided full access to those medical records.
Read more on Healthcare IT News.


A hot new industry....
The Booming Business of Drones
Drones are everywhere.
Less than a decade ago, the Pentagon had about fifty unmanned combat air vehicles (known as drones or UAV — unmanned aerial vehicles). It is estimated that they currently have about seven thousand of them (and Congress asked for about $5 billion worth of more drones in 2012).
… The International Institute for Strategic Studies has identified fifty six different types of drones being used in over ten countries (and this data does not include places like China, Turkey and Russia).
Now, drones are moving from the battlefield to your neighborhood, and it's about to create a brand new industry right along with it.


“We're not guilty of doing that and we promise not to do it any more.”
January 03, 2013
Google Agrees to Change Its Business Practices to Resolve FTC Competition Concerns
News release: "Google Inc. has agreed to change some of its business practices to resolve Federal Trade Commission concerns that those practices could stifle competition in the markets for popular devices such as smart phones, tablets and gaming consoles, as well as the market for online search advertising. Under a settlement reached with the FTC, Google will meet its prior commitments to allow competitors access – on fair, reasonable, and non-discriminatory terms – to patents on critical standardized technologies needed to make popular devices such as smart phones, laptop and tablet computers, and gaming consoles. In a separate letter of commitment to the Commission, Google has agreed to give online advertisers more flexibility to simultaneously manage ad campaigns on Google’s AdWords platform and on rival ad platforms; and to refrain from misappropriating online content from so-called “vertical” websites that focus on specific categories such as shopping or travel for use in its own vertical offerings."

(Related) Apparently, they settled something with China too. I wonder what they got in return?
Google Quietly Removes Censorship Warning Feature For Search Users In China
Google has quietly disabled a feature that notified users of its search service in China when a keyword had been censored by the Chinese government’s internet controls, according to censorship monitoring blog GreatFire.org. The blog reports that the change was made sometime between December 5 and December 8, 2012, with no official statement from Google to announce or explain its removal.


As I understand it, this wouldn't rise to the level of “probable cause” but a tip is a tip – it did merit a look at the car (not in the garage?) and proceeded from there?
Teen Brags On Facebook About Drunk Driving, Gets Arrested
Police made an example out of a teenager from Oregon who boasted about driving drunk on Facebook. “Drivin drunk… classic but whoever’s vehicle i hit i am sorry. ,” wrote the clueless 18-year-old. According to local news channel KGW, two people tipped the officers via Facebook about the post. After inspecting the most-likely-profusely-sweating/hungover teen’s car, the damage on his vehicle matched that of two other vehicles hit earlier that New Year’s morning.
And, with their powers of deduction…bam! Handcuffs. The suspect was charged with two counts of “failing to perform the duties of a driver,” but not drunk driving, because a Facebook post is apparently not sufficient evidence of intoxication, according to KGW’s report from Deputy Chief Brad Johnston.


They really don't want to sell you the game, but they don't want to call it “leasing” or “renting” either.
silentbrad writes in with a story about a Sony patent that would block the playing of second-hand games.
"... the patent application was filed on 9 December 2012 by Sony Computer Entertainment Japan, and will work by linking individual game discs to a user's account without requiring a network connection meaning any future attempt to use this disc on another user's console won't work. The patent explains that games will come with contactless tags [RFID or NFC? Bob] that will be read by your console in much the same way as modern bank cards. When a disc is first used, the disc ID and player ID will be stored on the tag. Every time the disc is used in future, the tag will check if the two ID's match up and, if not, then the disc won't work. The document goes on to explain that such a device is part of Sony's ongoing efforts to deter second-hand games sales, and is a far simpler solution than always-on DRM or passwords. It's worth noting that Sony has not confirmed the existence of the device, and the patent doesn't state what machine it will be used in, with later paragraphs also mentioning accessories and peripherals. ... There's also the issue of what happens should your console break and need replacing, or if you have more than one console. Will the games be linked to your PSN account, meaning they can still be used, or the console, meaning an entire new library of titles would need to be purchased?"


Arthur C. Clarke was right:
  1. When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.
  2. The only way of discovering the limits of the possible is to venture a little way past them into the impossible.
  3. Any sufficiently advanced technology is indistinguishable from magic.
First time accepted submitter mromanuk writes in with a story about scientists at Ludwig Maximilian University of Munich who have created an atomic gas that goes below absolute zero.
"It may sound less likely than hell freezing over, but physicists have created an atomic gas with a sub-absolute-zero temperature for the first time. Their technique opens the door to generating negative-Kelvin materials and new quantum devices, and it could even help to solve a cosmological mystery."


For the toolkit
Thursday, January 3, 2013
Clean Print Helps You Save Ink and Paper
Clean Print is a free browser add-on for Firefox, Chrome, Internet Explorer, and Safari (including Safari on the iPad). The purpose of Clean Print is to help you save ink and paper when printing articles from the Internet. Clean Print allows you to remove images and advertisements from pages before printing an article. Clean Print also gives you the option to increase or decrease font size before printing an article. Learn more about Clean Print in the video below.
… If Clean Print isn't for you, give one of these other ink saving tools a try.


Inevitable, but there should be some competition, even in “Free” resources. Anyone want to be a Math star?
"Education officials with Northwest Nazarene University and the J.A. and Kathryn Albertson Foundation say they are arranging to have Khan Academy classes tested in about two dozen public schools next fall in Idaho, where state law now requires high school students to take online courses for two of their 47 graduation credits. 'This is the first time Khan Academy is partnering to tackle the math education of an entire state,' said Khan Academy's Maureen Suhendra. Alas, the Idaho Press-Tribune reports (alas, behind a paywall) that next fall would be too late for film director and producer Davis Guggenheim (Waiting for Superman, An Inconvenient Truth), who will be in Idaho in January filming The Great Teacher Project, a documentary which will highlight positives of education, like the Khan Academy pilot in Idaho. Not to worry. For the film, a few teachers will implement Khan Academy in day-to-day teaching starting in January, before the entire pilot program launches in fall 2013."

(Related) Online classes (MOOCs) mean you can take classes from the best teachers in the world for FREE. What is missing is that piece of paper that says you learned something...
"Results from the early application rounds at the nation's best technical colleges indicate that it will be another excruciatingly difficult year for high school seniors to get accepted into top-notch undergraduate computer science and engineering programs. Leading tech colleges reported a sharp rise in early applications, prompting them to be more selective in choosing prospective freshmen for the Class of 2017. Many colleges are reporting lower acceptance rates for their binding early decision and non-binding early action admissions programs than in previous years. Here's a roundup of stats from MIT, Stanford and others."

Thursday, January 03, 2013

“It's not like it's a Presidential election, this is important!” But the problems are very similar...
E-Voting Snafu Pushes Back Oscar Nomination Deadline
This year, Oscar voters are getting a deadline extension, giving members an extra day to vote on the nominees for this year’s Academy Awards after technical issues plagued the first attempt by The Academy of Motion Picture Arts and Sciences to allow online voting.
… In a recent Hollywood Reporter analysis, many Academy voters complained of issues with logging in to the voting site — something an Academy representative attributed to voters “forgetting or misusing passwords” – difficulty navigating the site once they were logged in, and even the potential for hackers to infiltrate the website and influence the vote.
“They should have had more lead time than, ‘Here you go; this is what we are expecting now,’” one Academy voter told THR. “We’re talking about many elderly people who are not that computer literate. They might think that it’s simple, but the simplest thing isn’t simple to many people... There will probably be a large percentage of people who will just say, ‘Screw it’ and not even vote this year.”


Is it better to come right out and admit, “We have no clue what was on that laptop” or is it better to say, “The breach was limited to only 200 patients...” “Oh yeah, these 300 were impacted too...” “And we have discovered a few hundred more...”
By Dissent, January 2, 2013 5:29 pm
When an electronic device with unencrypted patient information was stolen from the unattended vehicle of an Omnicell employee, the University of Michigan Health System notified 3,997 of their patients, but there were other hospitals that were not named at the time.
Thanks to WVEC, we now know 56,000 Sentara Healthcare patients treated between Oct. 18 and Nov. 9 at seven Sentara hospitals and three outpatient care centers in Hampton Roads, Virginia were also impacted by the theft. Sentara posted a notice on their web site that says, in part:
Omnicell’s investigation concluded that the device may have contained clinical and demographic information about Sentara patients, including patient name, birth date, patient number and medical record number. Additionally, one or more of the following clinical information may have been involved:
Gender; allergies; admission date and/or discharge date; physician name; patient type (i.e., inpatient, emergency department or outpatient); site and area of the hospital (e.g., specific inpatient or outpatient unit/area); room number; medication name; and medication dose amount and rate, route (e.g., oral, infusion, etc.), frequency, administration instructions, and start time and/or stop time.
Patient medical records were not on the device, [See previous paragraph Bob] and patient medical information has not been lost. Also, no financial, bank account information, Social Security number, or insurance information pertaining to any Sentara patient was on the device.
The incident affected only certain patients treated between October 18, 2012 and November 9, 2012 at Sentara CarePlex, Sentara Leigh Hospital, Sentara Norfolk General Hospital, Sentara Obici Hospital, Sentara Princess Anne Hospital, Sentara Virginia Beach General Hospital, Sentara Williamsburg Regional Medical Center, Sentara BelleHarbour, Sentara Independence, and Sentara Port Warwick.

(Related) “And we forgot a few other states...”
By Dissent, January 2, 2013 8:09 pm
And yet another organization — South Jersey Healthcare — has come forward to say that their patients were affected by the Omnicell breach discussed previously on this blog. According to The Daily Journal, 8,555 of their patients were affected.
Interestingly, The Daily Journal describes the device as a laptop. All other coverage has been silent as to the type of electronic device. I wonder if that’s an assumption on their part or they got a statement from someone identifying the device as a laptop. I’ve emailed the reporter to ask.


Now if someone will actuall read them...
By Dissent, January 2, 2013 3:01 pm
The current issue of the Journal of the American Medical Informatics Association is devoted to patient privacy and data sharing. Some of the articles are freely available in full text.
You can find the table of contents here.


Some details...
By Dissent, January 2, 2013 2:45 pm
I was hoping we’d get more information about this settlement and now HHS has provided it. As I had suspected, the Hospice of North Idaho breach affected fewer than 500 patients. And as a commenter suggested, the fine was because they had no risk analysis nor policies for mobile device security. From HHS’s press release:
The Hospice of North Idaho (HONI) has agreed to pay the U.S. Department of Health and Human Services’ (HHS) $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. This is the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500 individuals.
The HHS Office for Civil Rights (OCR) began its investigation after HONI reported to HHS that an unencrypted laptop computer containing the electronic protected health information (ePHI) of 441 patients had been stolen in June 2010. Laptops containing ePHI are regularly used by the organization as part of their field work. Over the course of the investigation, OCR discovered that HONI had not conducted a risk analysis to safeguard ePHI. Further, HONI did not have in place policies or procedures to address mobile device security as required by the HIPAA Security Rule. Since the June 2010 theft, HONI has taken extensive additional steps to improve their HIPAA Privacy and Security compliance program.
“This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients’ health information.” said OCR Director Leon Rodriguez. “Encryption is an easy method for making lost information unusable, unreadable and undecipherable.”
The Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification Rule requires covered entities to report an impermissible use or disclosure of protected health information, or a “breach,” of 500 individuals or more to the Secretary of HHS and the media within 60 days after the discovery of the breach. Smaller breaches affecting less than 500 individuals must be reported to the Secretary on an annual basis.
A new educational initiative, Mobile Devices: Know the RISKS. Take the STEPS. PROTECT and SECURE Health Information, has been launched by OCR and the HHS Office of the National Coordinator for Health Information Technology (ONC) that offers health care providers and organizations practical tips on ways to protect their patients’ health information when using mobile devices such as laptops, tablets, and smartphones. For more information, visit www.HealthIT.gov/mobiledevices.
The Resolution Agreement can be found on the OCR website at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/honi-agreement.pdf
The settlement puts HONI under monitoring for two years and requires a prompt notification (within 30 days) to OCR in the event of any reportable incidents.


A sad commentary... Perhaps they could publish the names and addresses of the “mentally challenged” people who made the threats?
"Not long ago we ran a story about how a NY newspaper published lists of gun owners. Now, it seems the same newspaper has hired armed guards in response to unspecified threats to the editor, amid 'large volumes of negative response.' From the article: 'The editor, Caryn McBride, told police the newspaper hired a private security company whose "employees are armed and will be on site during business hours," [At home, after working hours, you might feel safer is you have a gun... Bob] the report said. The guards are protecting the newspaper's staff and Rockland County offices in West Nyack, New York.'"


Which came first, the legal strategy or the military (political?) strategy?
Alice in Wonderland’ Ruling Lets Feds Keep Mum on Targeted-Killing Legal Rationale
The President Barack Obama administration does not have to disclose the legal basis for its drone targeted killing program of Americans, according to a Wednesday decision a judge likened to “Alice in Wonderland”.
U.S. District Court Judge Colleen McMahon of New York, ruling in lawsuits brought by the American Civil Liberties Union and The New York Times, said she was caught in a “paradoxical situation” (.pdf) of allowing the administration to claim it was legal to kill enemies outside traditional combat zones while keeping the legal rational secret.
… The authorities have conceded, however, that a Justice Department Office of Legal Counsel opinion addresses the issue, but maintain that it does not have to be made public. “It is beyond the power of this court to conclude that a document has been improperly classified,” the judge wrote.
Politico’s Josh Gerstein, who first reported the opinion, notes that such a statement by the judge is false, and that in “very rare cases” judges “have done so.”


Interesting... Similar to charging a gun manufacturer with murder?
Write Gambling Software, Go to Prison
In a criminal case sure to make programmers nervous, a software maker who licenses a program used by online casinos and bookmakers overseas is being charged with promoting gambling in New York because authorities say his software was used by others for illegal betting in that state.
… But Stuart, who has been charged along with his wife and brother-in-law with one felony count for promoting gambling in New York through their software firm, says that his company sells the software only to entities outside the U.S. and that he’s not aware of anyone using it in the U.S. or using it to take illegal bets in the U.S. He also says the software doesn’t place bets, it simply provides online gambling sites with the infrastructure to select and display which sporting events they want to offer for betting and also stores the bets.


Stupid Copyright tricks?
"Eriq Gardner writes that Warner Brothers is suing California resident Mark Towle, a specialist in customizing replicas of automobiles featured in films and TV shows, for selling replicas of automobiles from the 1960s ABC series Batman by arguing that copyright protection extends to the overall look and feel of the Batmobile. The case hinges on what exactly is a Batmobile — an automobile or a piece of intellectual property? Warner attorney J. Andrew Coombs argues in legal papers that the Batmobile incorporates trademarks with distinctive secondary meaning and that by selling an unauthorized replica, Towle is likely to confuse consumers about whether the cars are DC products are not. Towle's attorney Larry Zerner, argues that automobiles aren't copyrightable. 'It is black letter law that useful articles, such as automobiles, do not qualify as "sculptural works" and are thus not eligible for copyright protection,' writes Zerner adding that a decision to affirm copyright elements of automotive design features could be exploited by automobile manufacturers. 'The implications of a ruling upholding this standard are easy to imagine. Ford, Toyota, Ferrari and Honda would start publishing comic books, so that they could protect what, up until now, was unprotectable.'"

(Related)
"Do you like to tweet or share links to interesting news articles? According to a coalition of Irish newspapers, that makes you a pirate. The National Newspapers of Ireland has adopted a new policy. Any website which links to one of the 15 NNI member newspapers will have to pay a minimum of 300 Euros, with the license fee going up if you post more links. Note that this is not a fee to post an excerpt or some punitive measure for the copying of an entire article. No, the NNI wants to charge for links alone. It's almost as if this organization has no idea how the web works. Or maybe they have found an elaborate way to commit suicide."

(Related)
"A new patent troll is in town, this time targeting the users of technology, rather than the creators. They appear to hold a process patent for 'scanning a document and then emailing it.' They are targeting small businesses in a variety of locations and usually want somewhere between $900 to $1200 per employee for 'infringement' of their patent. As with most patent trolls, they go by a number of shell companies, but the original company name appears to be Project Paperless LLC. Joel Spolsky said in a tweet that 'This is organized crime, plain and simple...' I tend to agree with him. When will something be done about this legal mafia?"


Interesting hack!
Apple most likely sighed a huge sigh of relief when they found out that Installous, the popular jailbroken pirating app for iOS, shut down a couple days ago. However, it looks like there’s another threat to replace Installous. A new hack allows users to bypass Apple DRM and install pirated apps without the need to jailbreak.
Zeusmos and Kuaiyong are two alternatives to Installous, and both have been gaining significance since the exit of Installous. The former has been around for a few months now, while the latter has appeared almost from nowhere over the past couple of weeks. Both of these services offer simple, one-tap installs of pirated apps and don’t require that devices be jailbroken.


For my Statistics class. Remember, the Colts released Payton Manning because (statistically) he was over the hill. New Statistical Axiom: Never bet against Peyton Manning.
"Can data-analytics software win a Super Bowl? That's what the Buffalo Bills are betting on: the NFL team will create an analytics department to crunch player data, building on a model already well established in professional baseball and basketball. 'We are going to create and establish a very robust football analytics operation that we layer into our entire operation moving forward,' Buffalo Bills president Russ Brandon recently told The Buffalo News. 'That's something that's very important to me and the future of the franchise.' The increased use of analytics in other sports, he added, led him to make the decision: 'We've seen it in the NBA. We've seen it more in baseball. It's starting to spruce its head a little bit in football, and I feel we're missing the target if we don't invest in that area of our operation, and we will.'"


An introduction to Arbitrage (and the stupidity of the “We gotta do something!” crowd) Go to your favorite online site, download some free games, burn a few thousand CDs and buy the dang waterpark!
It would appear that the folks in Southington, Connecticut are looking to terminate the enemy with extreme prejudice – the enemy being violent media of all shapes and sizes. The group hosting the event by the name of “Violent Video Games Return Program” will be allowing in all manner of violent media with a promise that they’ll get a $25 “certificate” for every unit they turn in from the local Chamber of Commerce. One thing they’ll be sure to have victory on is a massive pile of old games and movies, that’s for sure – how empty their pocketbooks will be at the end of this may be a different story.
… The event will be held at the local drive-in movie theater on the 12th of January and will include “a $25 gift voucher intended to be used for other forms of entertainment, like perhaps, a local water park.”


Might be amusing (in a geeky way)
Last year a group of UK teachers started working on a Creative Commons licensed teaching manual for the Raspberry Pi. That work has produced the Raspberry Pi Education Manual which is available at the Pi Store or here as a PDF. From Raspberry Pi: "The manual is released under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 unported licence, which is a complicated way of saying that it’s free for you to download, copy, adapt and use – you just can’t sell it. You’ll find chapters here on Scratch, Python, interfacing, and the command line. There’s a group at Oracle which is currently working with us on a faster Java virtual machine (JVM) for the Pi, and once that work’s done, chapters on Greenfoot and Geogebra will also be made available – we hope that’ll be very soon."


Who uses this?
Whether you’re a free Flickr user or a pro account holder, you are entitled to receive a gift from Flickr – the gift of a pro account for three months! But, hurry as the promotion ends on January 4th.
All you need to do to activate your free gift from Flickr is to log in to your Flickr account via a mobile application or the desktop. Mobile users will automatically receive the gift with no action required. If you use the desktop, a banner will show you the offer of three months for free and all you need to do is accept the deal. It really couldn’t be easier!


For all my students...
A growing number of colleges are providing graduating students tools to improve their online image. The services arrange for positive results on search engine inquiries by pushing your party pictures, and other snapshots of your lapsed judgement off the first page. Syracuse, Rochester and Johns Hopkins are among the schools that are offering such services free of charge. From the article: "Samantha Grossman wasn't always thrilled with the impression that emerged when people Googled her name. 'It wasn't anything too horrible,' she said. 'I just have a common name. There would be pictures, college partying pictures, that weren't of me, things I wouldn't want associated with me.' So before she graduated from Syracuse University last spring, the school provided her with a tool that allowed her to put her best Web foot forward. Now when people Google her, they go straight to a positive image — professional photo, cum laude degree and credentials — that she credits with helping her land a digital advertising job in New York."

(Related)
… Many people often think that the “Internet stuff” is just for technology careers and young people, but it’s not. There are many cases where having a solid online presence has proven beneficial to people of all ages and industries.
Don’t Share Anything You Don’t Want EVERYONE To See
Be Open & Share Your Interests, Skills & Passions
Create a Personal Website &/Or Blog
Find Your Niche In The Social Media Community
Blogging & Guest Blogging
Communicate With Your Followers & Those You Follow

Wednesday, January 02, 2013

Remember, it's “Best Practices” not “Absolutely Foolproof Practices”
By Dissent, January 2, 2013 8:26 am
Over the past year, I’ve had the opportunity to talk to a number of people in different organizations who are concerned with insider breaches in the health care sector. One of those people is Kurt Long, CEO and Founder of FairWarning, a firm that provides patient privacy monitoring (privacy breach detection) systems.
So, here’s a little pop quiz to start this post:
  1. What percent of insider breaches are reduced by employee training on HIPAA and review of access policies?
  2. What percent of insider breaches can be reduced by installing monitoring software?
  3. What percent of insider breaches can be reduced if you actually enforce policies and discipline employees?
Ready for his answers?
According to data compiled by FairWarning using before-and-after data on their clients:
  • Employee training can reduce insider breaches by 58%
  • Monitoring the network for improper access is crucial, but may not significantly change the culture until combined with
  • Disciplining or sanctioning employees, which effectively communicates that employee access is being monitored and inappropriate access will have serious consequences.
Monitoring and enforcement can reduce insider breaches by another 40%.
Overall, within a 6-month period, FairWarning’s clients experience an 85- 98% reduction in insider breaches, Long says.
That’s good advertising for them, and I’m sure readers will point out that their statistics, based on a non-random sample, may be somewhat self-serving. But their findings should also be food for thought for your practice or organization.
This past year, I blogged a lot about insider breaches in the healthcare sector. While strengthening firewalls against external threats is critical, as is training employees not to fall for phishing schemes and not to leave PII on unencrypted devices in unattended vehicles, some of the standard security precautions – like encrypting PHI – really do nothing to reduce breaches by those who are authorized to access patient data. FairWarning’s data suggest that a strong employee training program combined with monitoring access and making a point of enforcing discipline so that everyone gets the message might reduce the vast majority of insider privacy breaches.
But while creating a culture in which employees understand that they might or will lose their jobs for inappropriate access is important, I think it’s also crucial that those in the health care sector see more examples of employees being criminally prosecuted for snooping or other inappropriate access. California has been in the forefront of pursuing cases of snooping, while the federal government has been in the forefront of prosecuting cases involving patient data used for Medicare fraud and tax refund fraud. Unfortunately, many prosecutions for fraud do not name the hospital or health care provider whose employee(s) engaged in illegal conduct. Perhaps if they did, organizations of all sizes would be more concerned about potential reputation harm and would take more aggressive steps to prevent insider breaches. Even if an entity is not named, however, such breaches can incur significant breach costs and affect patients’ confidence or trust in the entity to protect their sensitive information.
So what will your organization be doing in 2013 to reduce insider breaches? And if your organization has implemented some effective strategies to reduce insider breaches, what are those strategies?


The crime occurred in the computer, therefore those laws apply.
Evan Brown provides a recap of the ruling in in MacDermid, Inc. v. Deiter. The relevant background of the case is that an employee of a U.S. firm who lived and worked in Canada allegedly accessed her firm’s server in Connecticut from her Canadian location and forwarded confidential corporate information from her work e-mail account to her personal account. The transfer allgedly occurred after she learned she was to be terminated from her position.
MacDermid sued the employee in federal court in Connecticut, alleging unauthorized access and misuse of a computer system and misappropriation of trade secrets in violation of Conn. Gen. Stat. §§ 53a-251 and 35-51 et seq. The employee moved to dismiss based on lack of personal jurisdiction as she resided and worked in Canada. The District Court agreed with the defendant. McDermid then appealed the dismissal.
On appeal, the Second Circuit reversed and remanded. The court held that Connecticut’s long-arm statute did apply because the the server was located in Connecticut. And although there would be some burden for the defendant to travel to Connecticut to defend the suit, that factor did not make jurisdiction in Connecticut unreasonable:
Further, efficiency and social policies against computer-based theft are generally best served by adjudication in the state from which computer files have been misappropriated. Accordingly, we conclude that jurisdiction is reasonable in this case.
Read more on Internet Cases.


In some “government knows best” future, would children be taken from Mommy bloggers?
Sarah Kendzior has a thoughtful piece on a topic I’ve mentioned before: does a mother’s right to tell her story or blog about her life trump the privacy rights of her child? The issue recently came to the forefront again after Sarah responded critically to a blog post called “I Am Adam Lanza’s Mother” that had gone viral. I had winced as I had read Liza Long’s post and wondered how her son might feel years from now if he sees what she wrote about him, but I had understood what she was trying to do. I had also winced at Sarah’s response, because I had the feeling that she had never walked a mile in the shoes of a mother of a child with special needs.
Sarah writes:
On December 19, the Federal Trade Commission passed a law increasing privacy safeguards on children’s mobile apps and websites. Under the new law, websites and apps will have to get parental permission to collect photos, videos and other information that children post online.
“Parents, not social networks or marketers, will remain the gatekeepers when it comes to their children’s privacy,” explained Jim Steyer, head of the child media advocacy group Common Sense Media.
This is all well and good, but a question remains: Who will protect children from their parents?
It’s an important question in a world where the Internet never forgets. And the risks for children who have mental health challenges may be even greater. Sarah writes:
To reveal the personal struggles of a mentally ill minor online – in particular, to paint him as unstable and violent – is a form of child abuse. Not only does it violate the bond between a child and the person who is supposed to protect him, it can lead to the child being mocked, attacked and shunned by his own community when he is already vulnerable.
Moreover, the damage is permanent. Even if a mentally ill child gets the help he needs, even if he changes his behaviour, the words of his mother will follow him. When he applies to college, when he looks for a job, he will not be able to escape the nightmarish portrayal painted by his mother, the person who knew him best, the person who sold him out.
Her statement is somewhat harsh, but it is worth considering. Parents of special needs children often lack adequate supports offline. Writing about their day or the challenges they and their children face is an outlet that can bring them emotional support – and helpful treatment ideas – that they may not have available otherwise. Even a “vent” blog serves a function if it helps the mother express frustration that might otherwise be expressed by physically punishing her child. And many parents of special needs children write with the fervent hope that somehow – if they can just write well enough – others will understand their child and perhaps be more accepting of children who are not like their peers. And maybe, just maybe, other mothers will not look at them with disdain or as failures because their child does not behave like other children.
As a mental health professional and author, and as a mother who raised two special needs children, I understand both sides of the arguments about non-commercial mommy bloggers. Sharing real stories can increase public awareness and empathy and provide a forum for support. But my children are now old enough to think and give consent or deny consent if I wanted to share their stories online. For most mommy bloggers, the children are too young to grasp or have input into what their mothers decide to share about them and how it might harm them in the future.
So where is the balance? Ideally, I’d say blog anonymously and don’t use real names or location information. Realistically, though, I know that even with pseudonyms, some children’s stories are so unique that they could still be identified and named, leaving a digital trail that might harm their chances in the future.
Maybe part of the solution is for mommy bloggers to ask themselves a few simple questions before they write anything about their children:
1. What am I trying to accomplish here?
2. Is there any future risk to my child by sharing this information about him or her?
3. Is there any other way to accomplish my goal without disclosing private information about my child?
Of course, the above doesn’t really apply to mommy bloggers who are blogging for commercial gain. To those bloggers, I’d just ask, “What price do you put on your child’s privacy and future or on your future relationship with them? If someone comes along and archives everything you write about your child and you cannot not get it removed from the Internet, would it still be worth it?”


It can't hurt...


It may be easier to find “Bob” in Centennial, Colorado than “Subject 427J” but if that is the only thing that changes in my medical dossier, I suspect anyone could find me. I'm betting we need a neutral third party to do the analysis and pass only summary data to the researchers.
The story of how Massachusett Governor William Weld’s de-identified medical records were quickly re-identified in 1997 by then-graduate student Latanya Sweeney is now legendary in discussions of the risks of sharing “anonymized” or “de-identified” health records that might foster research. In an article on Scientific American, Erica Klarreich describes a mathematical technique called “differential privacy” that could give researchers access to vast repositories of personal data while meeting a high standard for privacy protection:
A differentially private data release algorithm allows researchers to ask practically any question about a database of sensitive information and provides answers that have been “blurred” so that they reveal virtually nothing about any individual’s data — not even whether the individual was in the database in the first place.
“The idea is that if you allow your data to be used, you incur no additional risk,” said Cynthia Dwork of Microsoft Research Silicon Valley. Dwork introduced the concept of differential privacy in 2005, along with McSherry, Kobbi Nissim of Israel’s Ben-Gurion University and Adam Smith of Pennsylvania State University.
Differential privacy preserves “plausible deniability,” as Avrim Blum of Carnegie Mellon University likes to put it. “If I want to pretend that my private information is different from what it really is, I can,” he said. “The output of a differentially private mechanism is going to be almost exactly the same whether it includes the real me or the pretend me, so I can plausibly deny anything I want.”
Read more on Scientific American for a description of how this works and programs that are being developed to help researchers implement this approach.


I haven't run across too many...
I’ve posted a few look-backs at privacy in 2012, including my own review of the year in U.S. privacy. From across the pond, James Baker, Lib Dem Councillor for Warley ward in Calderdale and No2ID campaigner, provides his own look back at privacy issues in the U.K. in 2012. It’s somewhat comforting to know that our advocacy counterparts overseas are struggling with some of the same privacy issues we are.
You can read his recap on his web site.


Too dystopian?
I don’t subscribe to Showtime, so I missed the first episodes of director Oliver Stone and historian Peter Kuznick’s series, “The Untold History of the United States,” but it looks like you can view some of the full episodes online, free.
Reader and link contributor extraordinaire Joe Cadillic sends in this link to an interview of Stone and Kuznick about the series and how President Obama has been a sheep in wolf’s clothing when it comes to entrenching us more deeply in a surveillance state.


Perspective
Study: 75 Percent Of The World’s Heads Of State Are Now On Twitter
… The DPC’s annual study evaluates a total of 164 countries, and found this year that 123 of them have a head of state that is on Twitter, either with a personal handle or an official government one. That’s up significantly from 2011, when 69 out of the 164 countries had a Twitter presence.
… In terms of followers, the study found that US President Barack Obama is by far the most watched world leader on Twitter, with 25 million followers. Coming in at number two? Hugo Chavez of Venezuela, with 3.5 million followers.


Something for the Ethical Hacker toolkit? (Because you don't have to be in Pakistan to use it...)


Cute and even includes some Math stuff...
January 01, 2013
A Timeline of Information History
"This timeline presents significant events and developments in the innovation and management of information and documents from cave paintings (ca 30,000 BC) to the present. To keep recent electronic developments from dominating the listing, only the most significant digital innovations are included."


Can we please get him to suck in that annoying gecko? (Quick: Name an American physicist who would be immediately recognized in a similar role?)
Stephen Hawking sucks opera singer into black hole (in an ad)
… Stephen Hawking made an interesting choice to advertise auto insurance -- Go Compare's online auto-insurance comparison service, to be precise.
This U.K. brand's ad campaign has long featured Gio Compario, a portly opera singer urging people to, well go compare auto insurance rates.
… For myself, the highlight of this quite joyous piece is the laugh that Hawking offers at the end.
There is something quite shivering about the coolly hawkish way Hawking offers: "Ha. Ha. Ha."