Friday, April 05, 2013

The problem with commanding millions of fanatically loyal followers is not the high ranking ones who know you are bluffing and posturing, it's the low-level ones who don't.
Ex-CIA Analyst Expects North Korea to Attack South Korea Before Tensions End


Yet another case of bad reporting and no editing? ...and really dumb wording of the Press Release?
I’m having one of those “WTH???” moments.
Read this report from Associated Press:
Some state employees and vendors who do business with Alabama are being notified that their personal information was accessed when hackers infiltrated a state computer system.
The state Department of Homeland Security [It never occurred t me that states would create their own, but that is one way to spend Federal grants Bob] announced today that it was making the notifications, but wouldn’t say how many employees or vendors were affected. The department said the hackers accessed personal information such as names, Social Security numbers and taxpayer identification numbers. They didn’t access taxpayer records or tax returns. In mid-September, hackers gained accessed to tax records at South Carolina’s Department of Revenue.
Does the mid-September hack of SCDOR have anything to do with this? If not, why include that there, AP?
Alabama Homeland Security Director Spencer Collier said those affected will be connected with credit monitoring services, and the state will provide a one-year service with an identity theft service company to help detect misuse of personal information.
Department spokeswoman Leah Garner said the department could not release more information because of an ongoing criminal investigation. But she said the department believes the people behind the hacking Jan. 16 do not have a history of maliciously using personal information.
So they know who the hackers are? Were they employees or did they have an employee’s assistance? Have they been arrested? Why would people hack to obtain these data if not to use them maliciously? What does the state believe their motivation was, then?
And is this story related to any other hacking of Alabama state computers previously reported by the media?
The computer system that got hacked is operated by the state Information Services Division.
OK. So now we know there was a hack on January 16 involving the Information Services Division system. And we know what types of data were accessed. But the state’s statement re: the hackers not having a history of using data maliciously in somewhat stunning, and I wish they’d disclosed more about this.
Update: WSFA also covers this case, without the distraction of references to the SCDOR breach.


A HIPPA failure, or much a broader failure that that? Perhaps this guy was having plastic surgery to make himself look like the drivers license photo?
A man is being accused of racking up hundreds of thousands of dollars in medical services while using another person’s identification.
Kenneth A. Marshall, 41, is charged with identity theft, receiving stolen property and obstructing official business.
Marshall allegedly gained possession of a stolen license six years ago in Terre Haute, Ind.
Officials at the Ohio State University Wexner Medical Center discovered that Marshall used the victim’s ID multiple times, according to court documents.
Read more on 10TV.
The Columbus Dispatch reports that the fraudulent use of a South Carolina man’s ID went on for 5 years, and was only detected because the South Carolina man, Michael Weatherford, questioned why he continued to get bills from OSU for services he never received. The report doesn’t indicate when the real Michael Weatherford first contacted OSU about the erroneous bills, and why OSU didn’t catch this problem sooner.


Coming soon to a neighborhood near you...
Presto Vivace writes with this snippet from the New York Times:
"'In the six months since the Domain Awareness System was unveiled, officials of Microsoft, which designed the system with the New York Police Department, said they have been surprised by the response and are actively negotiating with a number of prospective buyers, whom Microsoft declined to identify.' Don't want this in your city? You might want to let your local leadership know how you feel."


...on the other hand.
Karen Gullo reports:
Google Inc (GOOG)., operator of the world’s largest search engine, is challenging a demand by the U.S. government for private user information in a national security probe, according to a court filing.
It “appears” to be the first time a major communications company is pushing back after getting a so-called National Security Letter, said the Electronic Frontier Foundation, an Internet privacy group. The challenge comes three weeks after a federal judge in San Francisco ruled that NSLs, which are issued without a warrant, are unconstitutional.
Read more on Bloomberg. Kim Zetter of Threat Level provides some context and background here.


That's not Niagra Falls, that's thousands of Class Action lawyers salivating...
Jaikumar Vijayan reports:
A federal court in Chicago this week granted class action status to a lawsuit accusing comScore, one of the Internet’s largest user tracking firms, of secretly collecting and selling Social Security numbers, credit card numbers, passwords and other personal data collected from consumer systems.
The court’s decision paves the way for what a lawyer for the two named plaintiffs in the case claimed could be the largest privacy case to ever go to trial in terms of class size and potential damages.
Read more on Computerworld.
[From the article:
ComScore claims that it captures more than 1.5 trillion user-interactions monthly, or roughly 40% of the monthly page views of the Internet.
… ComScore maintains that all of the data it collects is purged of identifying information and personal data before it's sold.
… The court granted class certification with regard to all of the primary claims pertaining to violations of the SCA, ECPA and CFAA he said. Under the SCA and ECPA each class member would be entitled to a maximum of $1,000 in statutory damages, he said.
The judge, however, denied class action status for a third claim relating to unjust enrichment against comScore.

(Related) Even if this fails, expect “copy cat” legislation to break out everwhere.
Antone Gonsalves reports that the California Chamber of Commerce and TechAmerica have squared off against the ACLU of Northern California and EFF over AB 1291, a bill that would give consumers the right to see all the information a company holds about them and to find out what other companies – specifically – the data are shared with.
On Monday, lawmakers amended the bill, introduced in February by Democratic Assemblywoman Bonnie Lowenthal, to increase its chances of getting through the Legislature. To opponents, the changes were not enough.
“TechAmerica has some obvious high-level concerns with the bill,” said Robert Callahan, director of state government affairs for the industry trade group. “In addition to several of its provisions being unworkable from a compliance standpoint for tech companies, the new language specifically states that any violation of the law will constitute injury to consumer, opening the door wide open for abusive lawsuits.
Read more on CSO.
Callahan’s argument could apply to any law that incorporates statutory awards. Of course businesses hate the thought, but it would go far towards addressing the issue that consumers have typically not been able to collect anything despite being harmed by breaches or nonconsensual data-sharing. At least now, they’d get something if a company did not respond in a timely fashion with disclosure of what information the company holds about them and whom they share it with.


We can, therefore we must!
There has been an incredible amount of hype and fear and confusion and excitement surrounding inBloom, a Gates Foundation-funded initiative to build a new data infrastructure for public schools.
… One major fear: more thorough data capture and data processing will result in an unprecedented invasion of student privacy.
InBloom, which had its formal launch at SXSWedu, boasts 9 states (Delaware, Massachusetts, Colorado, Louisiana, New York, Illinois, North Carolina, Georgia, and Kentucky) that will pilot the program. Many companies are on board too, with plans to use and integrate inBloom data. These include Amazon, Clever, Compass Learning, Dell, eScholar, Goalbook, Kickboard, LearnSprout, Promethean, Scholastic, and Schoology (for the complete list of inBloom partners, see here).


Technology that “solves” thousands of crimes but no arrests? Were these crimes matched to the tooth fairy or what?
WFTV reports:
More local police officers are getting a new crime fighting tool. Oviedo just agreed to allow police to tap into facial recognition software developed by the Pinellas County Sheriff’s Office.
The technology allows law enforcement to run photos through a database to help identify crime suspects.
What Oviedo just approved has been put to use in Winter Springs for almost a year.
Read more on WFTV.
[From the article:
The system is somewhat controversial because it allows law enforcement to search through driver's license photos, even if you've never been accused of a crime.
… In all, there are 150 agencies in Florida using the database. It is free for law enforcement agencies. They are just required to go through training.
Channel 9 was told the system has helped solve thousands of crimes, though Winter Springs Police said it hasn't helped them arrest anyone.


Should we label these “Meta-Takedowns” or have studios just learned of the Streisand Effect?”
"Two film studios have asked Google to take down links to messages sent by them requesting the removal of links connected to film piracy. Google receives 20 million 'takedown' requests, officially known as DMCA (Digital Millennium Copyright Act) notices, every month. They are all published online. Recent submissions by Fox and Universal Studios include requests for the removal of previous takedown notices. ... By making the notices available, Google is unintentionally highlighting the location of allegedly pirated material, say some experts. 'It would only take one skilled coder to index the URLs from the DMCA notices in order to create one of the largest pirate search engines available,' [Thanks for the suggestion Bob] wrote Torrent Freak editor Ernesto Van Der Sar on the site."


You rarely see an audit report that says (in essence) “We have no idea what's going on here”
Political Intelligence - Financial Market Value of Government Information Hinges on Materiality and Timing
Companies and individuals use political intelligence to understand the potential effects of legislative and executive branch actions on business, finance, and other decisions. The STOCK Act of 2012 directed GAO to report to Congress on the role of political intelligence in the financial markets.


Could be fun, if they allow it.
BitTorrent Site IsoHunt Demands Jury Trial
… A three-judge panel of the 9th U.S. Circuit Court of Appeals ruled against Gary Fung and said the Motion Picture Association of America automatically won on the merits of the case, without a trial. The decision marked the first time a federal appeals court had ruled against a BitTorrent search engine.
“Fung submits that, in a serious miscarriage of justice in a landmark case, he has been wrongfully denied trial by jury and found liable by judges on disputed facts through application of erroneous legal standards,” Fung’s attorney, Ira Rothken, wrote the 9th U.S. Circuit Court of Appeals late Wednesday. In a bid to acquire a jury trial, Rothken asked the appeals court to rehear the case with a larger panel of judges, in what is known as an en banc panel.
… Rothken demanded a trial, saying Fung’s activities are no different than Google, for example, which also hosts links to infringing material.
“No infringing materials touch Fung’s websites; he has no capacity to investigate or to police the internet,” Rothken wrote.


For my Statistics students...
"R, a popular software environment for statistical computing and graphics, version 3.0.0 codename "Masked Marvel" was released. From the announcement: 'Major R releases have not previously marked great landslides in terms of new features. Rather, they represent that the codebase has developed to a new level of maturity. This is not going to be an exception to the rule. Version 3.0.0, as of this writing, contains only [one] really major new feature: The inclusion of long vectors (containing more than 2^31-1 elements!). More changes are likely to make it into the final release, but the main reason for having it as a new major release is that R over the last 8.5 years has reached a new level: we now have 64 bit support on all platforms, support for parallel processing, the Matrix package, and much more.'"


For all my students?
Essay-Grading Software Offers Professors a Break
EdX, the nonprofit enterprise founded by Harvard and the Massachusetts Institute of Technology to offer courses on the Internet, has just introduced such a system and will make its automated software available free on the Web to any institution that wants to use it. The software uses artificial intelligence to grade student essays and short written answers, freeing professors for other tasks.
… Anant Agarwal, an electrical engineer who is president of EdX, predicted that the instant-grading software would be a useful pedagogical tool, enabling students to take tests and write essays over and over and improve the quality of their answers. He said the technology would offer distinct advantages over the traditional classroom system, where students often wait days or weeks for grades.

No comments: