Thursday, April 11, 2013

What would be the minimum level of Cyber Attack that warranted a Cyber Reply? Would any level (e.g. shutting down the New York Stock Exchange) merit a conventional military reply?
"An official investigation into a major cyber attack on South Korean banks and broadcasters last month has determined that North Korea's military intelligence agency was responsible. An investigation into access records and the malware used in the attack pointed to the North's military Reconnaissance General Bureau as the source, the Korea Internet and Security Agency (KISA) said on Wednesday. To spread the malware, the attackers went through 49 different places in 10 countries including South Korea, the investigation found. The attacks used malware that can wipe the contents of a computer's hard disk (including Linux machines) and damaged 48,700 machines including PCs, ATMs, and servers."


An Ethical Hacker tool. Or as North Korea might see it, a Target Aquisition tool...
"This is an article about a search engine that is designed to look for devices on the net that are not really intended to be viewed and used by the general public. Devices include pool filters, skating rink cooling system, and other goodies. 'Shodan runs 24/7 and collects information on about 500 million connected devices and services each month. It's stunning what can be found with a simple search on Shodan. Countless traffic lights, security cameras, home automation devices and heating systems are connected to the Internet and easy to spot. Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan. ... A quick search for "default password" reveals countless printers, servers and system control devices that use "admin" as their user name and "1234" as their password. Many more connected systems require no credentials at all — all you need is a Web browser to connect to them.'"


Will we see more reports or will this actually help to stop identity theft?
Joe Mont reports:
The Securities and Exchange Commission on Wednesday adopted rules requiring broker-dealers, mutual funds, investment advisers and other “financial institutions” and “creditors” to adopt programs for detecting and responding to cases of identity theft.
The rules, adopted jointly with the Commodity Futures Trading Commission also apply to the futures commission merchants, retail foreign exchange dealers, commodity trading advisors, commodity pool operators, swap dealers, and major swap participants that agency oversees.
Read more on Compliance Week.
[From the article:
Required programs must have policies and procedures designed to: identify relevant types of identity theft red flags; detect the occurrence of those red flags; respond appropriately; and periodically update the identity theft program.


Why didn't they listen to their auditors or lawyers?
Marino Eccher and Mary Divine report:
Brooke Bass spent her legal career looking out for the best interests of police officers.
They were looking out for her, too, her lawyer says — but in a different way.
In the past eight years, more than 100 entities across Minnesota — nearly all of them law enforcement — accessed Bass’s private driver’s license information more than 700 times, her attorney said.
That would make her the subject of the biggest privacy breach to date in the state’s increasingly broad and increasingly expensive license-data debacle.
Read more on Pioneer Press.
Given how rampant the breaches have been with this database, it will be interesting to see what happens with statutory awards. This could be very costly for the state, but I think it needs to be because they knew they had problems and never really dealt with the access problems effectively or seriously. Maybe if this really costs them, other state agencies and other states will take this issue more seriously.


Questions for e-lawyers?
"As the age of autonomous cars and drone surveillance draws nearer, it's reasonable to expect government to increasingly automate enforcement of traffic laws. We already deal with red light cameras, speed limit cameras, and special lane cameras. But they aren't widespread, and there are a host of problems with them. Now, Ars reports on a group of academics who are attempting to solve the problem of converting simple laws to machine-readable code. They found that when the human filter was removed from the system, results became unreasonable very quickly. For example, if you aren't shy about going 5 mph over the limit, you'll likely break the law dozens of times during an hour of city driving. On the freeway, you might break it continuously for an hour. But it's highly unlikely you'd get more than one ticket for either transgression. Not so with computers (PDF): 'An automated system, however, could maintain a continuous flow of samples based on driving behavior and thus issue tickets accordingly. This level of resolution is not possible in manual law enforcement. In our experiment, the programmers were faced with the choice of how to treat many continuous samples all showing speeding behavior. Should each instance of speeding (e.g. a single sample) be treated as a separate offense, or should all consecutive speeding samples be treated as a single offense? Should the duration of time exceeding the speed limit be considered in the severity of the offense?' One of the academics said, 'When you're talking about automated enforcement, all of the enforcement has to be put in before implementation of the law—you have to be able to predict different circumstances.'"


Anti-social media? They clearly have the “influence people” part down pat, it's the “win friends” bit that needs more work...
Prosecutors in Gothenburg have decided to file criminal charges against two teen girls believed to be behind a “slut-shaming” account on Instagram that caused local teenagers to riot last year.
Speaking with the Svenska Dagbladet (SvD) newspaper, prosecutor Annika Boman said she had decided to charge two girls, aged 15 and 18, with aggravated defamation.
“Charges will likely be formally filed at the end of April, but it may also take longer. New information may emerge in the investigation,” she told the newspaper.
Around 85 people have been interviewed in the investigation, which was launched after a mystery Instagram user took to the popular photo-sharing site to “shame” male and female “teen sluts” in Gothenburg by publishing pictures of them together with information about their sex lives.
A riot ensued in December 2012, as hundreds of high school students assembled outside the Plusgynmasiet high school in an attempt to find the owner of the anonymous Instagram account.
Read more on The Local (Sweden).
[From the article:
Boman explained she must determine how many of those who reported possible defamation crimes will end up being included in the indictment, speculating that "not even half" will make the cut.

(Related)


Toward the perfect e-Dossier?
Facebook Will Peer Into Your Grocery Bag to Sell an Ad
Facebook has announced a new system that lets advertisers target you based on what groceries you buy, what car you drive, and what kind of phone you use. It’s just the latest example of an emerging pattern at the social network – follow the user all over the place to close more ad sales.
The bland name of Facebook’s new “partner categories” belies a bold mission: tying disparate real-world data to Facebook’s online social graph. The system allows Facebook advertisers to target groups of users based on loyalty card usage at grocery stores and elsewhere, based on public records like auto registration, and based on email addresses consumers give out at retail checkout registers. Facebook can access such information because it has partnered with companies that have spent years compiling the databases, including Acxiom, Datalogix, and Epsilon.
There’s no question advertisers like to have “total informational awareness,” as this sort of data hoarding is called in defense circles.


Does every government agency get to write their own rules?
Nathan Freed Wessler of the ACLU writes:
Everyone knows the IRS is our nation’s tax collector, but it is also a law enforcement organization tasked with investigating criminal violations of the tax laws. New documents released to the ACLU under the Freedom of Information Act reveal that the IRS Criminal Tax Division has long taken the position that the IRS can read your emails without a warrant—a practice that one appeals court has said violates the Fourth Amendment (and we think most Americans would agree).
Last year, the ACLU sent a FOIA request to the IRS seeking records regarding whether it gets a warrant before reading people’s email, text messages and other private electronic communications. The IRS has now responded by sending us 247 pages of records describing the policies and practices of its criminal investigative arm when seeking the contents of emails and other electronic communications.
Read more on ACLU.

(Related) “We can, therefore we must”
While the IRS claims it can read your emails without a warrant, Washington police argue that law enforcement can read your text messages without a warrant. From EFF:
The Electronic Frontier Foundation (EFF) urged the Washington State Supreme Court Monday to recognize that text messages are “the 21st Century phone call” and require that law enforcement officers obtain a warrant before reading texts on someone’s phone.
“Text messages are a ubiquitous form of communication, and their context can be as private as any telephone conversation,” said EFF Staff Attorney Hanni Fakhoury. “We use texts to talk to our wives and husbands, our kids, our co-workers, and more. Police should not be able to sift through these personal exchanges on a whim – they must show probable cause and get a warrant before accessing this information.”
In this case, police seized a cell phone during a drug investigation and monitored incoming messages. Officers responded to several texts, setting up meetings that resulted in two arrests, without first getting a warrant. Prosecutors have argued that no warrant was required because there should be no expectation of privacy in text messages, as anyone can pick up someone else’s phone and read what’s stored there. But in two related amicus briefs filed Monday, EFF argues that searching the phone for the texts without a warrant clearly violates the Constitution.
The state argues that just because someone can intercept a communication, you should reasonably expect that communication to be intercepted. That’s a dangerous way to interpret the Fourth Amendment,” said Fakhoury. “The prosecutors’ theory would eviscerate any privacy protections in the digital age. We’re asking the Washington State Supreme Court here to recognize what’s at stake and to require a warrant before allowing officers to read text messages on a cell phone.”
Venkat Balasubramani of FOCAL PLLC in Seattle, Washington, served as EFF’s local counsel in the cases.


There ought to be a law... and here is where you can find it?
April 10, 2013
New Website for State Online Legal Information
Via Emily Feltren, AALL: "The Digital Access to Legal Information Committee (DALIC) has created a new website to host information about the status of online legal materials in every state with respect to authentication, official status, preservation, permanent public access, copyright, and universal citation. The new website brings together information from AALL’s National Inventory of Legal Materials and updates AALL’s Preliminary Analysis of AALL’s State Legal Inventories, 2007 State-by-State Report on Authentication of Online Legal Resources, and 2009-2010 State Summary Updates. State pages will be updated as information changes. DALIC members will monitor the site and periodically check in with AALL’s state working groups to ensure the accuracy of the information."


Now that the court has held it is legal to send broadcast TV over the Internet (at least the way they do it) the networks seem to be going crazy. What revenue are they actually losing?
"In response to Aereo's recent win allowing per-user over-the-air antenna feeds to remote devices, Fox COO Chase Carey said, 'We need to be able to be fairly compensated for our content. This is not an ideal path we look to pursue [...],' that path being a switch to a subscription model. Spanish-language stalwart Univison may join Fox, per CEO Haim Saban. Aereo replied, in part, 'When broadcasters asked Congress for a free license to digitally broadcast on the public's airwaves, they did so with the promise that they would broadcast in the public interest and convenience, and that they would remain free-to-air. Having a television antenna is every American's right.' A switch to a pay-TV subscription model would stymie Aereo but could hurt affiliate stations."

(Related)
CBS joins Fox in considering subscription-only model


Perspective. It used to be that each new Operating System was an improvement over the old.
"IDC says Windows 8 is partly to blame for PC sales suffering the largest percentage drop ever. 'As if that news wasn't' troubling enough, it appears that a pivotal makeover of Microsoft's ubiquitous Windows operating system seems to have done more harm than good since the software was released last October.' According to a ZDNet article, IDC originally expected a drop, but only half the size."


Worth browsing...
April 10, 2013
OCLC - MOOCs and Libraries Event Videos Now Available
Via OCLC: "The "MOOCs and Libraries: Massive Opportunity or Overwhelming Challenge?" event took place 18-19 March at the University of Pennsylvania and was broadcast live online. Hosted by OCLC Research and University of Pennsylvania Libraries, the event featured thoughtful and provocative presentations about how libraries are already getting involved with MOOCs, and engaged attendees in discussions about strategic opportunities and challenges going forward. More than 500 people participated in this event: 125 attended in person and more than 400 attended remotely online." Links to the 11 individual videos and a MOOCs and Libraries video playlist that comprises all of these videos are available at the links below, on the MOOCs and Libraries event page, and on the OCLC Research YouTube Channel. Look to the OCLC Research blog, HangingTogether, for a short series of postings that recap presentation highlights and summarize outcomes from this event."


Indicates there are lots of programs I'm not aware of...
SCIENCE TECHNOLOGY, ENGINEERING, AND MATHEMATICS EDUCATION
In fiscal year 2010, 13 federal agencies invested over $3 billion in 209 programs designed to increase knowledge of science, technology, engineering, and mathematics (STEM) fields and attainment of STEM degrees.
… Eighty - three percent of the programs GAO identified overlapped to some degree with at least 1 other program in that they offered similar services to similar target groups in similar STEM fields to achieve similar objectives.


Is the world ready for “The Collected Wit and Wisdom of Centennial-man?”
NOOK Media, a subsidiary of Barnes & Noble, Inc., announced yesterday the launch of NOOK Press, a new and free self-publishing platform in which authors can write, edit, collaborate, and publish high-quality e-books and distribute them to millions of readers via NOOK Books and Nook e-readers.
… NOOK Press allows independent publishers and authors to use its online services to write, edit and format new and existing manuscripts, collaborate with colleagues, and monitor the sales of their self-published e-books. E-books published through the platform are sold through NOOK Bookstores, and are made available on BN.com, NOOK.co.uk, NOOK devices, and the free NOOK e-reading software for Android, iPad, iPhone, Windows 8, Mac, and PC.

No comments: