Wednesday, March 27, 2013

Perhaps they don't take time for a “Lessons Learned” analysis. Perhaps they don't know how to learn.
By Dissent, March 26, 2013 7:45 pm
As I read coverage around the internet, I saw a few reports on the recent OSHU breach that mentioned it was OHSU’s third reported HIPAA breach since 2009. Actually, it’s only the second breach that will appear on HHS’s breach tool, but it’s important to note that this was OHSU’s fourth HIPAA breach that we know about since 2008. And disturbingly, all four of them involved stolen devices with unencrypted patient information:
  • In December 2008, OHSU notified 890 patients that a laptop stolen from a hotel where an employee was staying on business might contain patient records.
  • In June 2009 – also before HITECH went into effect – OHSU notified 1000 patients that their names, treatment information and medical record numbers were on a laptop stolen from a physician’s car outside the doctor’s home.
  • In July 2012, OHSU disclosed that 14,495 names and addresses with 14,300 dates of birth, phone numbers, medical numbers, 195 Social Security numbers and vaccination information were on a USB drive stolen from an employee’s home. OHSU only notified 702 of those affected, primarily those whose records “referenced health conditions that are a bit more personal or might be an embarrassment for a patient if disclosed.”
  • And now, OHSU is notifying 4,022 patients whose information was on a researcher’s laptop stolen from a vacation rental home.
The question seems obvious: what the hell will it take before OHSU encrypts all devices? At what point do we – and HHS – say “enough is enough” and this is just downright negligent or failure to learn from experience? Maybe the doctor who left the laptop in the car violated protocols, but if the data had been encrypted, there wouldn’t have been a reportable breach. Maybe the employee who accidentally took the USB drive home made a mistake, but if the data had been encrypted, there wouldn’t have been a reportable breach. And maybe if OHSU had a policy of encrypting devices used for research purposes, the most recent laptop theft wouldn’t have been a reportable incident.
Approximately 20,000 people had their protected health information needlessly exposed and stolen because OHSU didn’t – and doesn’t – encrypt all devices containing PHI.
HHS has seemingly not closed its investigation of the July 2012 reported incident. The newest incident hasn’t even been added to their breach tool yet. But because HHS does not have records on the 2008 and 2009 incidents, they are likely to miss the big picture – that OHSU has had repeated and easily avoidable breaches.
And that’s a shame.


...because someone, somewhere might be a terrorist!
…. Because Gmail is sent between a user’s computer and Google’s servers using SSL encryption, for instance, the FBI can’t intercept it as it is flowing across networks and relies on the company to provide it with access. Google spokesman Chris Gaither hinted that it is already possible for the company to set up live surveillance under some circumstances. “CALEA doesn’t apply to Gmail but an order under the Wiretap Act may,” Gaither told me in an email. “At some point we may expand our transparency report to cover this topic in more depth, but until then I’m not able to provide additional information.”
Either way, the FBI is not happy with the current arrangement and is on a crusade for more surveillance authority.
Read more on Slate.
[From the article:
According to Weissmann, the bureau is working with “members of intelligence community” to craft a proposal for new Internet spy powers as “a top priority this year.” Citing security concerns, he declined to reveal any specifics. “It's a very hard thing to talk about publicly,” he said, though acknowledged that “it's something that there should be a public debate about.”


Beware of flowery phrases meaning nothing...
"Want to be invisible to Google? Apparently you can't, at least according to the European Commission and Information Commissioner's Office. '"The right to be forgotten worries us as it makes people expect too much," said [deputy commissioner David Smith]. Instead, Smith said the focus should be on the "right to object" to how personal data is used, as this places the onus on businesses to justify the collection and processing of citizens' data. "It is a reversal of the burden of proof system used in the existing process. It will strengthen the person's position but it won't stop people processing their data." EC data protection supervisor Peter Hustinx added the right to be forgotten is currently unworkable as most countries are divided on what qualifies as sensitive personal data. "I believe the right to be forgotten is an overstatement," said Hustinx."


Perhaps not the best use of social media...
App tracks the wise who hate their bosses on Twitter
FireMe! takes note of all those who tweet about how much they loathe their hardworking bosses. It even has a leaderboard.
… Now, some kindly Germans have come along to fully expose those who are temporarily taken by a need to express job-loathing. They have created an app called FireMe!, which lovingly collates tweets that could most politely be described as injudicious.
… The tweets that FireMe! collects are separated into four categories: "Sexual Intercourses," "Haters," "Horrible Bosses" and the quite riveting "Potential Killers."


Location, location, location. Perhaps I'll write a paper on “Camouflague in the Digital Age.” (Start by using the name, address and phone number of your lawyer or congressman whenever you register on a website...)
March 26, 2013
Nature.com - Unique in the Crowd: The privacy bounds of human mobility
Unique in the Crowd: The privacy bounds of human mobility, Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen & Vincent D. Blondel. Scientific Reports 3; Article number:1376; doi:10.1038/srep01376; Published 25 March 2013
  • "We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals. We coarsen the data spatially and temporally to find a formula for the uniqueness of human mobility traces given their resolution and the available outside information. This formula shows that the uniqueness of mobility traces decays approximately as the 1/10 power of their resolution. Hence, even coarse datasets provide little anonymity. These findings represent fundamental constraints to an individual's privacy and have important implications for the design of frameworks and institutions dedicated to protect the privacy of individuals."


Since the government knows everything about you anyway...
How the Maker of TurboTax Fought Free, Simple Tax Filing
Imagine filing your income taxes in five minutes — and for free. You'd open up a pre-filled return, see what the government thinks you owe, make any needed changes and be done. The miserable annual IRS shuffle, gone.
It's already a reality in Denmark, Sweden and Spain. The government-prepared return would estimate your taxes using information your employer and bank already send it. Advocates say tens of millions of taxpayers could use such a system each year, saving them a collective $2 billion and 225 million hours in prep costs and time, according to one estimate.
The idea, known as "return-free filing," would be a voluntary alternative to hiring a tax preparer or using commercial tax software. The concept has been around for decades and has been endorsed by both President Ronald Reagan and a campaigning President Obama.
Intuit argues that allowing the IRS to act as a tax preparer could result in taxpayers paying more money. It is also a member of the Computer & Communications Industry Association (CCIA), which sponsors a "STOP IRS TAKEOVER" campaign and a website calling return-free filing a "massive expansion of the U.S. government through a big government program."


Might be a preview of debates here...
March 26, 2013
Proposed new EU General Data Protection Regulation
Proposed new EU General Data Protection Regulation: Article-by-article analysis paper, V1.0
12 February 2013. UK Information Commission Office (ICO).
  • "We originally produced this document for two main audiences – the ICO’s own staff and the Ministry of Justice, to help to inform the UK’s negotiations in Europe. However, it has become clear that the information contained in this paper could be of use more widely, as a resource for all those with an interest in the data protection reform process and the ICO’s views. Therefore we have decided to publish it."


If I understand this, now my wife has to train her dogs to “casually trot around a neighborhood and act as a 'confidential canine informant' when they get a whiff of some illegal substances...” Should be a piece of cake.
Prior to hearing oral argument in the Proposition 8 case this morning, the Supreme Court handed down its decision in Florida v. Jardines, the other dog sniff case (Florida v. Harris was decided last month). In an opinion written by Justice Scalia, the Court affirmed the Florida Supreme Court. The Court held a dog sniff at the front door of a house where the police suspected drugs were being grown constitutes a search for purposes of the Fourth Amendment. Justice Kagan filed a concurrence joined by Justices Ginsburg and Sotomayor. Justice Alito filed a dissent joined by the Chief Justice, and Justices Kennedy and Breyer.
Read more on SCOTUSblog.
Orin Kerr commented on the decision:
This morning the Supreme Court handed down Florida v. Jardines, the case on use of a drug-sniffing dog at a suspect’s front porch to sniff around for narcotics inside. Held, in a 5-4 decision by Justice Scalia: Entry onto the porch was an unconstitutional search because it was a physical intrusion into the curtilage around the home under Jones that was beyond the scope of any implied consent. In light of my Supreme Court Review article on how there was no “trespass test” before Katz, I was particularly interested to see that the majority’s application of Jones does not use the word “trespass.” Instead, the Court refers to the Jones test as a test of “physical intrusion.”
Ryan Calo, however, had a somewhat different perspective, writing on Concurring Opinions that the decision leaves him somewhat puzzled/worried. He raises three thought-provoking questions.


“Future Crime” If this test predicts reoffenders 51% of the time (no numbers in the article) in a environment where 67.5% reoffend, is it truly ready for prome time?
Brain Scans Predict Which Criminals Are Most Likely to Reoffend
Brain scans of convicted felons can predict which ones are most likely to get arrested after they get out of prison, scientists have found in a study of 96 male offenders.
“It’s the first time brain scans have been used to predict recidivism,” said neuroscientist Kent Kiehl of the Mind Research Network in Albuquerque, New Mexico, who led the new study. Even so, Kiehl and others caution that the method is nowhere near ready to be used in real-life decisions about sentencing or parole.


This could become interesting. There are lasers that do not use visible light (e.g. X-ray) and those that are guaranteed to be safe for eyes at the classtroom range, let alone a few thousand feet. If Google uses one of those to hunt for potential sinkholes in Florida or to create accurate topographical maps, are the people on the ground victims?
Aiming Laser Pointer at Airplane Gets Man 2.5 Years in Prison
A 19-year-old North Hollywood man has been sentenced to 2.5 years in prison for aiming a laser pointer at a commercial aircraft — a steep punishment going well beyond the year federal prosecutors were seeking.
“In this case the judge really felt it was serious behavior and he wanted to make sure that people understood it was not a joke,” Los Angeles federal prosecutor Melissa Mills said in a telephone interview Tuesday.
… Defense attorneys, who did not respond for comment, were seeking two years of probation and community service.


Perspective I make that 40,000 man years. Thank goodness “Computer” no longer means “some guy with a green eyeshade”
"It may be a movie about a stone age family, but DreamWorks said its latest 3D animated movie The Croods took more compute cycles to create than any other movie they've made. The movie required a whopping 80 million compute hours to render, 15 million more hours than DreamWorks' last record holder, The Rise of the Guardians. The production studio said between 300 and 400 animators worked on The Croods over the past three years. The images they created, from raw sketches to stereoscopic high-definition shots, required about 250TB of data storage capacity. When the movie industry moved from producing 2D to 3D high-definition movies over the past decade, the data required to produce the films increased tremendously. For DreamWorks, the amount of data needed to create a stereoscopic film leaped by 30%."


Simple? Yes Useful? …
Wednesday, March 27, 2013
Quizdini - Create Online Quizzes That Give Students Instant Feedback
Quizdini is a free tool for creating online quizzes. The best feature of Quizdini is that you can create explanations of the correct answer for your students to view immediately after trying each question in your quiz. Your explanation can include text and or links to online resources like videos and images. Quizdini quizzes can be created in a traditional linear format or in a matching format that asks students to pair answers to terms.
Learn how to create a Quizdini quiz by watching the video below.

No comments: