If
you haven't been hacked, China doesn't think you're important. (This
Blog is safe.) On the other hand, Who has been hacked but has not
(yet?) detected it?
Following on the heels of the New York
Times, Bloomberg News, and the Wall Street Journal, sources have come
forward to state that The Washington Post has also been hit by
cyberattacks originating in China. The information was provided by
individuals said to be familiar with the situation, including a
former Post employee. The attacks were said to have occurred over
the course of at least four years.
...and
just for fun, we did it with 140 character programs!
"Earlier this week, hackers
gained access to Twitter's internal systems and stole
information, compromising
250,000 Twitter accounts
before the breach was stopped. Reporting the incident on
the company's official blog, Twitter's manager of network security
did not specify the method by which hackers penetrated its system,
but mentioned vulnerabilities related to Java in Safari and Firefox,
and echoed Homeland Security's advisory that
users disable Java in their browsers. Sure, blame
everything on Larry Ellison. Looks like bad things do happen in
threes — Twitter's report comes on the heels of disclosures of
hacking attacks on the WSJ
and NY
Times."
What's
the French word for “extortion?” Oh yeah, it's “extorsion.”
Vive le France!
New submitter Flozzin writes with news
of some resolution to the long-standing dispute that some French
publishers have had with Google for republishing snippets of news
reports without sharing revenue earned from the ads run alongside.
Now, reports the BBC, "Google has agreed to create a 60m
euro ($82m; £52m) fund to help French media organisations
improve their internet operations. [Let's
hope this does not mean “find more victims” Bob]
It follows two months of negotiations after local news sites had
demanded payment for the privilege of letting the search giant
display their links. The French government had threatened to tax the
revenue Google made from posting ads alongside the results."
A potential guide for government Health
Care systems?
Jack Doyle reports:
GPs are to be
forced to hand over confidential records on all their patients’
drinking habits, waist sizes and illnesses.
The files will be
stored in a giant information bank that privacy campaigners say
represents the ‘biggest data grab in NHS history’.
They warned the
move would end patient confidentiality and hand personal information
to third parties.
The data includes
weight, cholesterol levels, body mass index, pulse rate, family
health history, alcohol consumption and smoking status.
Diagnosis of
everything from cancer to heart disease to mental illness would be
covered. Family doctors will have to pass on dates of birth,
postcodes and NHS numbers.
Read more on Daily
Mail.
And if you’re looking for additional
information on the Everyone Counts initiative, you might want to
check out this NHS
Commissioning Board web site. One of the documents on that site
provides more details on the clinical
data sets and the types of information GPs are required to
submit.
It is understandable, and even
commendable, that public health authorities want to get a handle on
the state of the public’s health and available services to
improve them. Our own CDC also compiles data that points to
underserved groups of patients, etc. But requiring physicians to
provide such extensive information on every patient in conjunction
with the patient’s national NHS identifier when we know that the
NHS has had numerous data security and privacy breaches is a breach
waiting to happen. Under the scheme, GPs would be providing:
- NHSNumber
- Date of Birth
- Gender
- PostCode
- EthnicityCode
- Registration Status
- RegistrationDate
- DeRegistrationDate
- Date of Death
And then there is all the
medical/mental health information.
I think the NHS is
overly and unduly confident of its ability to secure data.
How many thousands of people will have access to the data that has
been electronically inputted by physicians? And for how long will
they store the data before it is analyzed and then deleted?
Overall, it appears that the NHS has
taken the notion of public health to an extreme at the expense of
patient confidence in the confidentiality of their visits to their
doctors. How many patients will not seek care for fear of mental
health or other problems being reported to a central authority?
Just as health care professionals in
the U.S. need to resist some government plans to require us to
provide data on our patients, so, too, do British health care
organizations need to take a long hard look at confidentiality
issues. The BMA has
expressed some concerns, but confidentiality doesn’t appear to
be among them. Hopefully they will address confidentiality and
security issues in a further post.
On
Marh 15th, The Privacy
Foundation (http://privacyfoundation.org/
) will host a seminar to correct all of the FTC's errors. Mark your
calendar!
The FTC has released a new report:
Mobile
Privacy Disclosures: Building Trust Through Transparency. From
the Executive Summary:
Based on the
Commission’s prior work in this area, the panel discussions, and
the written submissions, this report offers several suggestions for
the major participants in the mobile ecosystem as they work to
improve mobile privacy disclosures.
Platforms,
or operating system providers offer app developers and
others access to substantial amounts of user data from mobile devices
(e.g., geolocation information, contact lists, calendar information,
photos, etc.) through their application programming interfaces
(APIs). In addition, the app stores they offer are the interface
between users and hundreds of thousands of apps. As a result,
platforms have an important role to play in conveying privacy
information to consumers. While some platforms have already
implemented some of the recommendations below, those that have not
should:
- Provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation;
- Consider providing just-in-time disclosures and obtaining affirmative express consent for other content that consumers would find sensitive in many contexts, such as contacts, photos, calendar entries, or the recording of audio or video content;
- Consider developing a one-stop “dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded;
- Consider developing icons to depict the transmission of user data;
- Promote app developer best practices. For example, platforms can require developers to make privacy disclosures, reasonably enforce these requirements, and educate app developers;
- Consider providing consumers with clear disclosures about the extent to which platforms review apps prior to making them available for download in the app stores and conduct compliance checks after the apps have been placed in the app stores;
- Consider offering a Do Not Track (DNT) mechanism for smartphone users. A mobile DNT mechanism, which a majority of the Commission has endorsed, would allow consumers to choose to prevent tracking by ad networks or other third parties as they navigate among apps on their phones.
App
developers should:
- Have a privacy policy and make sure it is easily accessible through the app stores;
- Provide just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information (to the extent the platforms have not already provided such disclosures and obtained such consent);
- Improve coordination and communication with ad networks and other third parties, such as analytics companies, that provide services for apps so the app developers can provide accurate disclosures to consumers. For example, app developers often integrate third-party code to facilitate advertising or analytics within an app with little understanding of what information the third party is collecting and how it is being used. App developers need to better understand the software they are using through improved coordination and communication with ad networks and other third parties.
- Consider participating in self-regulatory programs, trade associations, and industry organizations, which can provide guidance on how to make uniform, short-form privacy disclosures.
Advertising
networks and other third parties should:
- Communicate with app developers so that the developers can provide truthful disclosures to consumers;
- Work with platforms to ensure effective implementation of DNT for mobile.
App
developer trade associations, along with academics, usability experts
and privacy researchers can:
- Develop short form disclosures for app developers;
- Promote standardized app developer privacy policies that will enable consumers to compare data practices across apps;
- Educate app developers on privacy issues.
Download the full report here.
“We
heard your protests and after review have decided to ignore them.”
"Facebook has brought
back its photo Tag Suggestions feature to the U.S. after
temporarily suspending
it last year to make some technical improvements. Facebook
says it has re-enabled it so that its users can use facial
recognition 'to help them easily identify a friend in a photo and
share that content with them.' Facebook first rolled out the face
recognition feature across the U.S. in late 2010. The company
eventually pushed photo Tag Suggestions to other countries in June
2011, but in the US there was quite a
backlash. Yet Facebook doesn't appear to have made any privacy
changes to the feature: it's still on by default."
Not
exactly an App, but an interesting “big data” tool...
IBM
Security Tool Can Flag ‘Disgruntled Employees’
… The new tool, called IBM
Security Intelligence with Big Data, is designed to crunch
decades worth of emails, financial transactions and website traffic,
to detect patterns of security threats and fraud. Beyond its more
conventional threat prevention applications, the new platform, based
on Hadoop, a framework that processes data-intensive queries across
clusters of computers, will allow CIOs to conduct sentiment analysis
on employee emails to determine which employees are likely to leak
company data, Mr. Bird said. That capability will look at the
difference between how an employee talks about work with a colleague
and how that employee discusses work on public social media
platforms, flagging workers who may be nursing grudges and are
more likely to divulge company information. “By analyzing email
you can say this guy is a disgruntled employee and the chance that he
would be leaking data would be greater,” Mr. Bird said of IBM’s
new tool.
For
my Geeks...
For anyone who has to be out and about
during “Commercial Fest” (More sources in the article)
… If you
head over to the CBS Sports home page and click on over to their
/SuperBowl/
portal, you’ll be able to see the whole game live.
… If
you’re a Verizon user and you’ve subscribed to NFL
Mobile, you’re in luck – the whole game will be streamed
through your smartphone.
The future of education?
Friday, February 1, 2013
… To help you find a MOOC that
interests you and or your students Open Culture has created a
list of more than 200 MOOCs and free certificate programs.
Stephen Downes also has a nice MOOC
listing going on his MOOC.ca page.
My weekly amusement...
… TorrentFreak
reports that the University of Illinois is
disconnecting the Internet of students who are accused of piracy
after their first warning. “When copyright holders send a DMCA
notice informing the university about unauthorized BitTorrent
downloads, the student’s dorm room is immediately cut off from
the Internet.”
… The
patent system in the U.S. is broken. Case in point, the awarding
this week of a patent to the University of Phoenix
for its Academic Activity Stream, an educational news feed. There’s
lots of prior art here, including Facebook’s
patent on the news feed itself. Phil Hill offers more thoughts on
e-Literate.
Will ed-tech soon see round 2 of the great LMS patent wars
(Blackboard v
Desire2Learn) with the University of Phoenix going after those
who use news feeds in their software (namely Instructure, Edmodo,
Schoology, Pearson’s OpenClass…)?
Dilbert
shows one downside (upside?) of Behavioral Advertising...