Saturday, March 16, 2013

For those of you who missed the Privacy Foundation seminar just because we here in Colorado were enjoying 75 degree weather, shame one you. When we bring really interesting people from a variety of backgrounds together and drop them in a room with 60 or 70 curious lawyers, it makes for some memorable (and not always heated) discussions.

Just a taste of the topics we discussed... (The author of this article could have been at the seminar)
Everyone with an Android device should know that your private information isn’t treated as private. For example, making an app purchase may expose personal contact information, including one’s name, physical address and email address, to developers. Another major debacle occurred when Path Inc. began lifting contact information from its users’ phones. In response to these privacy breaches, some legislators announced plans for legal action: California’s Attorney General, Kamala Harris, recently announced an agreement with major technology firms to improve user privacy standards, particularly on handsets.
However, at present, few users know of the potential security and privacy concerns. Few even know the difference between Android and iOS’s security measures. For example, the Android operating system’s security differs from the iPhone OS in one major regard: Apple exercises very strict quality control guidelines for apps, whereas Android permits a broader range of software. Android apps request “permission” from users to access your sensitive data. Unfortunately, Google doesn’t fully explain the potential security risks that that some permissions present users. What we don’t know can hurt us, particularly when we install apps from the dark nether-regions of the internet.
This article explains how seven potentially deadly app permissions might hurt you and how best to avoid such calamitous installations.


An article for my Ethical Hackers and my Statistics students. Road trip, anyone?
Crooks Spy on Casino Card Games With Hacked Security Cameras, Win $33M
A high-roller and hacker accomplices made off with about $33 million after they gamed a casino in Australia by hacking its surveillance cameras and gaining an advantage in several rounds of high-stakes card games.
The Ocean’s Eleven-style heist played out over eight hands of cards before the gambler was caught, though not before the money was gone, according to the Herald Sun.
… According to authorities, accomplices gained remote access to the casino’s state-of-the-art, high-resolution cameras to spy on card hands being played by the house and other guests in the casino’s VIP high-roller’s room, and fed the gambler signals based on the cards his opponents held.
The gambler was still staying in the villa when the casino discovered the fraud and sent security to his abode to boot him from the premises during the night. He’s banned from ever returning. [But not arrested? Lack of evidence? Bob]
U.S. gambling expert Barron Stringfellow told ABC Melbourne that accessing a casino’s internal video monitoring system is “not as hard as you would think.”
“It’s very easy to intercept a signal from many casinos that don’t take precautions,” he said.


Maybe you can't trust Doctors...
"At a Brazilian hospital, doctors were required to check in with a fingerprint scanner to show that they've showed up for work. Naturally, they developed a system to bypass this requirement, creating fake fingers so that they could cover for one another when they took unauthorized time off. Another good example of how supposedly foolproof security tech can in fact be fooled pretty easily."


A wise law professor once said that Californua law leads the way, even if we didn't know we were moving in that direction...
This almost calls for animated graphics with fireworks. All right, nothing really calls for animated graphics, but this is HUGE. Kim Zetter reports:
Ultra-secret national security letters that come with a gag order on the recipient are an unconstitutional impingement on free speech, a federal judge in California ruled Friday.
U.S. District Judge Susan Illston ordered the government to stop issuing so-called NSLs across the board, in a stunning defeat for the Obama administration’s surveillance practice. However, she also stayed her order for 90 days to give the government a chance to appeal to the Ninth Circuit Court of Appeals.
Read her excellent reporting on Threat Level.

(Related) Another judge finds government arguments absurd. (I picked the article with the best “quotes”)
Federal court rejects CIA's denial of drone strikes as 'fiction'
WASHINGTON—A federal appeals court said Friday that it will no longer accept the “fiction” from the Obama administration’s lawyers that the CIA has no interest or documents that describe drone strikes.
“It is neither logical nor plausible for the CIA to maintain that it would reveal anything not already in the public domain to say the Agency at least has an intelligence interest in such strikes,” said Chief Judge Merrick Garland. “The defendant is, after all, the Central Intelligence Agency.”
The decision gave a partial victory to the American Civil Liberties Union in a Freedom of Information Act lawsuit that seeks documents on the government’s still-secret policy on drone strikes. The three judges did not say any particular documents must be released, but they rejected the administration’s position that it could simply refuse to “confirm or deny” that it had any such documents.
A federal judge had rejected the ACLU’s suit entirely, but the three-judge appeals court revived the suit. The agency’s non-response does not pass the “straight face” test, Garland concluded.
He cited public statements from President Obama, new CIA Director John Brennan and former Defense Secretary Leon Panetta that discussed the use of drone strikes abroad. In the past, the courts have sometimes allowed government agencies in sensitive cases to refuse to say whether they have certain documents in their files.
In this case, the CIA has asked the courts to stretch that doctrine too far — to give their imprimatur to a fiction of deniability that no reasonable person would regard as plausible,” Garland wrote in ACLU vs. CIA.
ACLU attorney Jameel Jaffer called the decision a victory. “It requires the government to retire the absurd claim that the CIA’s interest in targeted killing is a secret,” he said. “It also means that the CIA will have to explain what records it is withholding and on what grounds it is withholding them.
“We hope that this ruling will encourage the Obama administration to fundamentally reconsider the secrecy surrounding the drones program,” said Jaffer, a deputy legal director for the ACLU.

(Related)
U.N. Drone Inquisitor Says It’s Time to End Robot War in Pakistan
After days of meeting with Pakistani officials, the United Nations official investigating Washington’s global campaign of drone strikes attacked the legal and strategic basis for the robotic war in its biggest battlefield. And he raised doubts over whether Americans operating the drones can actually distinguish terrorists from average Pakistanis.


I can see that I have some reading to do. Fortunately, it's finals week and I get a couple of weeks off after that.
We should call it “Collected Speech”
Is Data Speech?
Jane Bambauer University of Arizona – James E. Rogers College of Law March 11, 2013
Stanford Law Review, Forthcoming Arizona Legal Studies Discussion Paper No. 13-19
Abstract:
Privacy laws rely on the unexamined assumption that the collection of data is not speech. That assumption is incorrect. Privacy scholars, recognizing an imminent clash between this long-held assumption and First Amendment protections of information, argue that data is different from the sort of speech the Constitution intended to protect. But they fail to articulate a meaningful distinction between data and other, more traditional forms of expression. Meanwhile, First Amendment scholars have not paid sufficient attention to new technologies that automatically capture data. These technologies reopen challenging questions about what “speech” is.
This Article makes two bold and overdue contributions to the First Amendment literature. First, it argues that when the scope of First Amendment coverage is ambiguous, courts should analyze the government’s motive for regulating. Second, it highlights and strengthens the strands of First Amendment theory that protect the right to create knowledge. Whenever the state regulates in order to interfere with knowledge, that regulation should draw First Amendment scrutiny.
In combination, these theories show clearly why data must receive First Amendment protection. When the collection or distribution of data troubles lawmakers, it does so because data has the potential to inform, and to inspire new opinions. Data privacy laws regulate minds, not technology. Thus, for all practical purposes, and in every context relevant to the privacy debates, data is speech.
You can download the full article from SSRN.


Do we have anything similar in the US? Perhaps someone could translate it?
Christopher Parsons writes:
Last year I was invited to submit a brief to the Canadian Parliament’s Access to Information, Privacy and Ethics Committee. For my submission (.pdf), I tried to capture some of of the preliminary research findings that have been derived from social media and surveillance project I’m co-investigating with Colin Bennett. Specifically, the brief focuses on questions of jurisdiction, data retention, and data disclosure in the context of social media use in Canada. The ultimate aim of the submission was to give the committee members insight into the problems that Canadians experience when accessing the records held by social networking companies.

(Related) Apparently the Brief (above) grew a bit...
Real and Substantial Connections: Enforcing Canadian Privacy Laws Against American Social Networking Companies
Colin Bennett University of Victoria Christopher A. Parsons University of Victoria – Political Science Adam Molnar University of Victoria, Department of Political Science February 28, 2013
Abstract:
Any organization that captures personal data in Canada for processing is deemed to have a “real and substantial connection” to Canada and fall within the jurisdiction of the Personal Information Protection and Electronic Documents Act (PIPEDA) and of the Office of the Privacy Commissioner of Canada. What has been the experience of enforcing Canadian privacy protection law on US-based social networking services? We analyze some of the high-profile enforcement actions by the Privacy Commissioner. We also test compliance through an analysis of the privacy policies of the top 23 SNSs operating in Canada with the use of access to personal information requests. Most of these companies have failed to implement some of the most elementary requirements of data protection law. We conclude that an institutionalization of non-compliance is widespread, explained by the countervailing conceptions of jurisdiction inherent in corporate policy and technical system design.
You can download the full article from SSRN.

(Related) even more thinking!
Forgetting, Non-Forgetting and Quasi-Forgetting in Social Networking: Canadian Policy and Corporate Practice
Colin Bennett University of Victoria Adam Molnar University of Victoria, Department of Political Science Christopher A. Parsons University of Victoria – Political Science January 28, 2013
Abstract:
In this paper we analyze some of the practical realities around deleting personal data on social networks with respect to the Canadian regime of privacy protection. We first discuss the extent to which Canadian privacy law imposes access, deletion, and retention requirements on data brokers. After this discussion we turn to corporate organizational practices. Our analyses of social networking sites’ privacy policies reveal how poorly companies recognize the right to have one’s personal information deleted in their existing privacy commitments and practices. Next, we turn to Law Enforcement Authorities (LEAs) and how their practices challenge the deletion requirements because of LEAs’ own capture, processing, and retention of social networking information. We conclude by identifying lessons from the Canadian experience and raising them against the intense transatlantic struggle over the scope of the deletion of data stored in cloud-based computing infrastructures.
You can download the full article from SSRN.


And one from south of the (Canadian) border...
March 15, 2013
Much Ado about Mosaics: How Original Principles Apply to Evolving Technology in United States v. Jones
Much Ado about Mosaics: How Original Principles Apply to Evolving Technology in United States v. Jones, by Priscilla J. Smith. Yale University - Information Society Project. March 14, 2013. North Carolina Journal of Law and Technology, Vol. 14, 2013 Yale Law School, Public Law Working Paper
  • "This paper argues that supporters and detractors of the concurring opinions in United States v. Jones have overemphasized the role of the “mosaic” or “aggregation” theory in the concurrences. This has led to a misreading of those opinions, an overly narrow view of the Justices’ privacy concerns, and has obscured two limiting principles that are vital to their analysis. This paper provides a path forward by revealing the analysis of reasonable expectation of privacy concerns that is common to both concurrences. The endpoint is a rule both more limited and broader than a simple application of a “mosaic theory.” It is more limited in the sense that the rule applies only to surveillance using technology that operates outside of individual human control and is thus susceptible to overuse and abuse. It is broader in the sense that it finds surveillance intrusive not just where the technology will collect a mosaic of information that reveals more than each one tile of information itself, but where the technology will chill expression of constitutionally protected behavior, behavior that can take place “in public,” with other people, but is shared with a limited group."


Just because I don't think doing away with telecommuters will always solve your problems.
How WordPress Thrives with a 100% Remote Workforce


Always amusing...
… Legislation was introduced in the California Senate this week that, if passed, could drastically reshape public higher education as we know it. SB520, authored by President Pro Tem Darrell Steinberg, will require the state’s public colleges and universities to accept credit for certain online classes if a student is unable to get into the class on-campus. The state will identify some 50 introductory classes, available from any online provider, including unaccredited ones. While the proposal is being hailed in some quarters as making higher education more accessible, it’s hard not to see this being a dangerous spiral, where for-profit providers (Straighterline, Coursera, Udacity, etc etc etc etc) lobby the state legislature to limit higher education funding. See e-Literate for the most complete coverage on the bill.

Friday, March 15, 2013

Hack 'em all, blame it on Anonymous!
"Earlier this week, the newly minted head of the United States' Cyber Command team and NSA head General Keith Alexander told assembled lawmakers that the U.S. has created an offensive cyberwarfare division designed to do far more than protect U.S. assets from foreign attacks. This is a major change in policy from previous public statements — in the past, the U.S. has publicly focused on defensive actions and homegrown security improvements. General Alexander told the House Armed Services Committee, 'This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we're creating are for that mission alone.' This is an interesting shift in U.S. doctrine and raises questions like: What's proportional response to China probing at utility companies? Who ought to be blamed for Red October? What's the equivalent of a warning shot in cyberspace? When we detect foreign governments probing at virtual borders, who handles the diplomatic fallout as opposed to the silent retribution?"

(Related) How do you know when the cry “Wolf!” is true? ...and they might be fun to practice on, with or without cause.
North Korea Accuses Enemies Of 'Persistent and Intensive' Cyber Attack
North Korea on Friday accused the United States and South Korea of carrying out a "persistent and intensive" cyber attack against its official websites in recent days.
A number of official North Korean websites, including those of the Korean Central News Agency (KCNA), the daily Rodong Sinmun newspaper, and Air Koryo airline became inaccessible early Wednesday.
Charges of state-sanctioned hacking have usually flowed in the opposite direction.
South Korea accused the North of being behind large-scale cyber attacks on the websites of its government agencies and financial institutions in July 2009 and March 2011.
Seoul also denounced North Korea for jamming the GPS systems of hundreds of civilian aircraft and ships in South Korea in April and May last year.


“We're the government. We don't follow no stinking rules!” (My tax dollars at work!)
Rebekah Kearn of Courthouse News reports:
John Doe Company sued 15 John Doe IRS agents in Superior Court.
“This is an action involving the corruption and abuse of power by several Internal Revenue Service (‘IRS’) agents (collectively referred to as ‘defendants’ herein) during a raid of John Doe Company, in the Southern District of California, on March 11, 2011,” the complaint states. “In a case involving solely a tax matter involving a former employee of the company, these agents stole more than 60,000,000 medical records of more than 10,000,000 Americans, including at least 1,000,000 Californians.
“No search warrant authorized the seizure of these records; no subpoena authorized the seizure of these records; none of the 10,000,000 Americans were under any kind of known criminal or civil investigation and their medical records had no relevance whatsoever to the IRS search. IT personnel at the scene, a HIPPA [sic: recte HIPAA] facility warning on the building and the IT portion of the searched premises, and the company executives each warned the IRS agents of these privileged records. The IRS agents ignored and discarded each of these warnings, ignored their own published and public-reliant rules and governing ethical requirements, and ignored the limitations of the court’s search warrant authorization, seizing the records under threat of destroying company property.”
So what company is John Doe Company? The complaint gives us little clues as to their identity except that it’s a HIPAA-covered entity in the Southern District of California. From the description in the complaint, I think it’s likely to be either a large insurance company or a data center for same, as only 1 million of the 10 million individuals allegedly affected are in California.
According to the complaint, the March 11, 2011 raid was related to an IRS investigation into the financial records of a former employee and agents were not authorized to seize any health records of anyone:
The search warrant authorized the seizure of financial records related principally to a former employee of the company; it did not authorize any seizure of any health care or medical record of any persons, least of all third parties completely unrelated to the matter.
The complaint alleges that a lot of sensitive information was removed improperly by IRS agents:
In spite of Defendants’ knowledge that John Doe Company was a HIPAA secure facility, in spite of Defendants’ knowledge that the records they demanded to be searched and seized were medical records of other Americans, Defendants told the company’s IT personnel to transfer several servers of the medical records and patient records to the IRS for search and seizure, otherwise they would “rip” the servers out of the building entirely.
The records contained a lot of sensitive information:
These medical records contained intimate and private information of more than 10,000,000 Americans, information that by its nature includes information about treatment for any kind of medical concern, including psychological counseling, gynecological counseling, sexual or drug treatment, and a wide range of medical matters covering the most intimate and private of concerns.
The complaint was filed in San Diego Superior Court on March 11. I’ve uploaded a copy of it here (pdf).
So… did the John Doe Company notify all 10 million people that their records had been acquired by the IRS? Was HHS notified? Under the prior HITECH regulations, if the John Doe Company believed that there was a substantial risk of harm from these records being in the hands of IRS agents in a less secured environment, did they have an obligation to report and notify?
I emailed the attorney for the John Doe Company to put a few questions to him but did not get a reply by publication time. I will update this entry if I get a reply.


I guess you can try anything at a try-al (Not being a lawyer, I can say things like that) In essence, if there were no government standards, they didn't need to make an effort to create their own?
I occasionally check the docket for FTC’s lawsuit against Wyndham over the multiple breaches they experienced. A story in my news reader today about how Ben Rothke of Wyndham Worldwide gave a talk on “The five habits of highly secure organizations” struck me as somewhat ironic, and I decided to see where the lawsuit stood. Of note, Wyndham recently argued that the President’s Executive Order on Improving Cybersecurity for Critical Infrastructure and accompanying Presidential Policy Directive support their motion to dismiss the FTC’s complaint that they failed to live up to their privacy policy and that their inadequate data security resulted in harm to many consumers.
In their Notice, Wyndham Worldwide Corporation states, in large part:
As relevant here, the Executive Order requires the National Institute of Standards and Technology (“NIST”) to lead the creation of a baseline set of standards for reducing cyber risks to critical infrastructure — what the Executive Order calls the “Cybersecurity Framework.” Cybersecurity EO § 7(a). The Cybersecurity Framework will establish a “set of standards, methodologies, procedures, and processes” for addressing cybersecurity threats, id., and will include “guidance for measuring the performance of an entity in implementing” those standards, id. § 7(b).
… The method of regulation laid out in the Cybersecurity Executive Order starkly contrasts with the approach the Federal Trade Commission has taken to regulating cybersecurity under Section 5 of the FTC Act. The FTC has not issued any “standards, methodologies, procedures, [or] processes” for complying with Section 5, id. § 7(a); it has not established “guidance for measuring the performance of an entity in implementing” data-security protections that might comply with the statute, id. § 7(b); it has not identified specific “information security measures and controls” that a business might adopt, id. § 7(b); and it has not “engage[d] in an open public review and comment process,” id. § 7(d).
… So will a presidential order on cybersecurity make a damned bit of difference in a lawsuit involving Section 5 of the FTC Act? I don’t think it should, but I guess we’ll have to wait and see.


London already has a system like this, but they use it to tax cars entering the city. Could this be next for visitor to New York?
The ring of steel is expanding. New York City Police Department Commissioner Raymond W. Kelly announced a “major project” at a budget hearing on Tuesday to install license plate reader cameras “in every lane of traffic on all of the bridges and tunnels that serve as entrances and exits to Manhattan.”
Soon, no one will be able to drive onto or off of the island without potentially being recorded.
Read more on Huffington Post.
I’m a tad surprised to learn that this wasn’t already in place. After 9/11, so much surveillance was added that I’ve pretty much assumed that all bridge and tunnel crossings were already monitored and recorded. [I'll bet the terrorists assume the same. Bob]


“We disagree, therefore he must be a terrorist!”
An 88-year-old campaigner has won a landmark lawsuit against police chiefs who labelled him a “domestic extremist” and logged his political activities on a secret database.
The ruling by three senior judges puts pressure on the police, already heavily criticised for running undercover operatives in political groups, to curtail their surveillance of law-abiding protesters.
The judges decided police chiefs acted unlawfully by secretly keeping a detailed record of John Catt’s presence at more than 55 protests over a four-year period.
Read more on The Guardian.


Doesn't everyone already do this?
It’s 2013 – stop paying for a land line. If you’ve got broadband Internet you can set up Skype, pay for a subscription and and keep your total home phone bill under $5 a month – long distance to phones throughout North America included (rates vary for other countries).
… Of course, if even Skype’s low rates are too steep for you, you can make free calls from Gmail – Google expanded free calls through 2013, in North America only.


Free is good.
Thursday, March 14, 2013
Six Free Alternatives to PowerPoint and Keynote
Twice in the last week I've been asked for a list of free alternatives to either PowerPoint or Keynote. I've written a couple of these lists over the last five years, but some of the alternatives I've shared in the past have either gone out of business or started charging a fee. Here's my updated list of free alternatives to PowerPoint and Keynote.
Empressr is a fully functional, high quality, online slide show presentation creation and sharing service. Empressr has a couple of features differentiating it from its competitors. The first feature of note is the option of embedding video from multiple sources into your slide show. The second feature of note is Empressr's editor which allows users to draw, create, or edit images inside their slides. Empressr slideshows can be embedded anywhere.
Slide Rocket is a web based presentation creator similar to Empressr. Slide Rocket has some very nice features like 3D transitions and a collaboration feature for sharing the creation process with other users. Slide Rocket's interface is user friendly making it easy to include videos, pictures, or third party plug-ins. Slide Rocket also has a Google Drive app.
Prezi is a popular online tool for creating slideshows that don't have to appear in the linear format typically used in slideshows. This week Prezi introduced the option to include sound in your presentations. Check out the Prezi embedded below to learn about the new audio option.
Until Google Slides came along the slideshow tool in Open Office was the slideshow creation tool that I used instead of PowerPoint. Open Office's Impress's development is still supported and available to download for free.
Google Slides is the slideshow creation tool that I use to create roughly half of all of my slideshows (the other half I make in Keynote). I like using Google Slides for collaborating with colleagues and for commenting on students' slideshows. The publishing tool in Google Slides makes it very easy to embed your slideshows into your blog or website.
If your students have iPads, you have to try Haiku Deck. Haiku Deck is a fantastic free alternative to Keynote. The key feature of Haiku Deck that stands out is the integrated image search tool. When students type a word into Haiku Deck a set of Creative Commons licensed images will be shown to the students to use in their presentations.

(Related) ...and one more.
Thursday, March 14, 2013
Narrable Adds an iPhone App for Creating Audio Slideshows
Last month I shared a new service called Narrable that lets you create short, narrated slideshows in your web browser. One of the key features of Narrable is that you can add narration through your computer's microphone, through a phone call, or by uploading a separate audio file.
A few days ago Narrable launched a free iPhone app that you can use create audio slideshows. The free app allows you to record up to five minutes of narration for each of your projects.
Applications for Education
I initially learned about Narrable through Wes Fryer. Wes recently recorded a podcast with the one of the founders of Narrable to talk about how the service might be used for digital storytelling. The first part of the podcast is about the founding of Narrable after that it gets into a discussion of education. I recommend listening to the podcast here.
Narrable projects can be shared via email, Facebook, or by embedding them into a blog. Narrable could be a good way to get students to tell a short story by adding narration to pictures that they have taken or found online. Have students search for some Creative Commons licensed images arranged around topics that they're studying then record a short slideshow about them.


For all my students (Remember your poor old professor)
How To Make $10 Million On YouTube
In January, the same month that Ian Hecox and Anthony Padilla's YouTube channel Smosh passed Ray William Johnson's to become the most popular channel on YouTube, Forbes estimated the brand brought in $10 million in revenue the previous year.
They did it by thinking of YouTube itself as channel, carrying fans to their website, Smosh.com, where the real money comes in through display ads and merchandise sales.
"YouTube is the second largest search engine in the world by itself, and that is the way that we look at it," said Barry Blumberg, president of Smosh (and EVP of Smosh's parent company, Alloy Digital). "It does generate significant revenues for our business, but it is one aspect of our business, and we use it to drive to other aspects of our business and to expose our content to the largest possible audience."

Thursday, March 14, 2013

An interesting perspective. When Bruce speaks, people should listen. I wonder what the definition of an Internet Superpower might include? North Korea? The Russian Mafia? My Ethical Hackers?
"In an op-ed piece over at Technology Review, Bruce Schneier says that the cyber espionage between the U.S., China, and other nations, has been rampant for the past decade. But he also worries that the media frenzy over recent attacks is fostering a new kind of Internet-nationalism and spurring a cyber arms race that has plenty of negative side-effects for the Internet and its users. From the piece:
'We don't know the capabilities of the other side, and we fear that they are more capable than we are. So we spend more, just in case. The other side, of course, does the same. That spending will result in more cyber weapons for attack and more cyber-surveillance for defense. It will result in move government control over the protocols of the Internet, and less free-market innovation over the same. At its worst, we might be about to enter an information-age Cold War: one with more than two "superpowers." Aside from this being a bad future for the Internet, this is inherently destabilizing.'"


Perhaps my Ethical Hackers will merge this into their Toolkit...
… Why would anyone want to hack my Skype account? Why should anyone hack yours?
Basically to make calls without any expense to themselves, I guess. Certainly the details that Skype provided indicated purchases made from Pakistan and while it is easy to throw in the “terrorism” word, these hackers could just as easily be affiliated with the opium trade or human trafficking as any other criminal activity. [Or, they could have been just cheap hackers. Bob]


Perspective
March 13, 2013
Pew - Teens and Technology 2013
Teens and Technology 2013 - by Mary Madden, Amanda Lenhart, Maeve Duggan, Sandra Cortesi, Urs Gasser. March 13, 2013
  • "Smartphone adoption among American teens has increased substantially and mobile access to the internet is pervasive. One in four teens are “cell-mostly” internet users, who say they mostly go online using their phone and not using some other device such as a desktop or laptop computer. These are among the new findings from a nationally representative Pew Research Center survey that explored technology use among 802 youth ages 12-17 and their parents. Key findings include:
  • 78% of teens now have a cell phone, and almost half (47%) of them own smartphones. That translates into 37% of all teens who have smartphones, up from just 23% in 2011.
  • 23% of teens have a tablet computer, a level comparable to the general adult population.
  • 95% of teens use the internet.
  • 93% of teens have a computer or have access to one at home. Seven in ten (71%) teens with home computer access say the laptop or desktop they use most often is one they share with other family members."


Something for my Intro to IT students...
Widbook Makes It Easier to Collaboratively Create Multimedia Books
Widbook is a platform designed to help people collaboratively create multimedia books. I reviewed the service last summer and since then it has received a couple updates of note. Widbook's editing platform now allows you to upload DOCX and TXT files. This means that you don't have to do all of your writing online. You could start your project offline and bring it into Widbook later. The second update to note is that Widbook now has a chat feature that you can use with your collaborators to discuss edits to your work while you're in a project. Of course, all Widbooks can still include pictures, text, and videos.


For my Website class...
… While HTML5 is far from ubiquitous at this point, an increasing number of websites are using it, and in increasingly inventive and impressive ways. What follows are five fun things to do with HTML5, and all you need is a compatible browser; the latest versions of Chrome, Firefox, Safari, Opera, and Internet Explorer, for example.
The Rational Keyboard is an HTML5 Web app from Fritz Obermeyer. It comprises a melody maker that constantly plays a harmony, with the user able to change the note the harmony is based on.
The Two Minute Test.does exactly what you’d expect it to: ask you several questions in order to test your general knowledge and intelligence level. The ultimate aim is to see whether you have the basic skills required to become a teacher.
Catifier has a very simple premise at its core, and in an age when cats appear to be some kind of tradable commodity on the InterWebs, it’s a fun tool to try out. At least for five minutes.
Brandon Generator or The Random Adventures Of Brandon Generator to give it its full title, is an intriguing concept that’s part Web comic, part animated short, and part HTML5 experiment.
Shiny Demos may be just one site, but it offers a veritable smorgasbord of HTML5 goodness. There are dozens of demonstrations of the power of HTML5 on offer, none of which will take more than a few minutes to try out.


A tool for all my students...
Google Announces the Closure of Google Reader - Don't Panic, Use Feedly
… this evening when I learned that Google Reader is going to be shut down on July 1, 2013 I freaked for a minute. Then I realized that I'm not using Google Reader as much as I used to because for the last year I've been using Feedly to read most of my RSS feeds.
Feedly is a service that allows me to subscribe to all of my favorite sites and blogs. In my case, I've just synced it with my Google Reader account. Feedly has just announced that they have developed a service that will make it easy to transition from Google Reader to Feedly. I like Feedly because I can use it on my Android tablet, on my iPad, my Android phone, on my desktop, and in my Chrome and Firefox browsers. Feedly displays all of my subscriptions in a magazine-like format that makes it easy for me to quickly view 6-8 headlines and images on a page before deciding if I want to click through to the full article. From Feedly I can share articles to Evernote, Twitter, Diigo Powernote (Android), Facebook, and many other services. I can also simply save articles to read later in my Feedly account.
Feedly is not the only alternative to using Google Reader. I have tried Zite, Netvibes, Flipboard, and Pulse in the past. You might also want to take a look at MyLinkCloud's new support for RSS feeds.

Wednesday, March 13, 2013

Personally, I have no reason to list Canadians, eh?
By now, everyone’s probably heard that a lot of famous people had their details exposed on the Exposed.su web site. By the time the site was taken offline, over 234,000 visitors had viewed personal information on Michelle Obama, Kim Kardashian, Vice-President Joe Biden, FBI Director Robert Mueller, Former First Lady and Secretary of State Hillary Clinton, Attorney General Eric Holder, Chief of Los Angeles Police Department Charlie Beck, Mel Gibson, Ashton Kutcher, Jay Z, Beyonce, Paris Hilton, Britney Spears, former Governor and Vice-Presidential candidate Sarah Palin, Hulk Hogan, Donald Trump, Arnold Schwarzenegger, and former Vice-President Al Gore. TMZ broke the story Monday. Since then, the media has been having a field day.
Names, addresses, Social Security numbers, dates of birth, current and former addresses, and credit reports – it was all there, although credit reports were not included for everyone. At least some of the data appears to be accurate, according to the Associated Press.
But who did it and how? No one knows as yet, but everyone’s running around investigating, but it appears that the credit reports were obtained by individual(s) who had sufficient information to be able to impersonate the famous people and access their credit reports by authenticating as them. Jordan Robertson of Bloomberg News obtained statements from the major credit report brokers – Equifax, TransUnion, and Experian – about how credit reports from their databases wound up compromised.

(Related) Is this how they did it?
The Shockingly Easy Process Behind The Celebrity Credit Report "Hacks"


Cyber crime is growing in Europe?
European governments and businesses should investigate alternative communication channels to e-mail in the longer term after a string of alarming attacks, the EU’s cyber security agency warned today (13 March) in a special alert.
The European Network and Information Security Agency (ENISA) issued the so-called Flash Note in the wake of “recent major cyber-attacks”, calling for Europe’s businesses and governments to take urgent action to combat emerging cyber-attack trends.
Read more on EurActiv

… and shrinking at home? Did the government realize it was over-hyping their message (making themselves appear incompetent) or have they got the budget they wanted? Perhaps there is a different message for Congress and us second-class citizens.
Spy Chief Says Little Danger of Cyber ‘Pearl Harbor’ in Next Two Years
Contrary to much of the fear-mongering that has been spreading through the nation’s capital on cybersecurity matters lately, the director of national intelligence bucked that trend on Tuesday when he told a senate committee that there was little chance of a major cyberattack against critical infrastructure in the next two years.

(Related) Yep. A message for Congress... Apparently someone muttered, “What did we give you all that money for?” So now they have to seem successful...
Spy Chiefs Point to a Much, Much Weaker Al-Qaida
Don’t ever expect the heads of the U.S.’ 16-agency spy apparatus to say it outright. But the testimony they provided Tuesday morning to a Senate panel described al-Qaida, the scourge of the U.S. for 12 years, as a threat that’s on the verge of becoming a spent force, if they’re not already.

(Related) On the other hand...
"For the first time, the United States has mentioned the People's Republic of China in relation to cyber crime, officially acknowledging what has been long suspected by private security experts and the U.S. business community. The Obama Administration seeks to get the Chinese government to acknowledge the problem, to cease any state-sponsored hacker activity, and to start a dialogue on normative behavior on the internet. This announcement follows the recent 60-page report from the American cybersecurity firm Mandiant, who spent two years compiling evidence against the so-called 'Comment Crew.' They traced IP addresses, common behavior, and tools to track the group's activity, which led to a Shanghai neighborhood home to the People's Liberation Army (PLA's) Unit 61398. This tracking came at the behest of the Times, who has experienced some trouble with hacking in the past. The Chinese government rejected the report as 'unprofessional' and 'lacking technical evidence.' This announcement also comes amid a delicate leadership transition in China and numerous new reports on the vulnerability of U.S. business and government networks to attack."


If I look in Janes' “All the World's Drones” I can probably find enough information to create my own using a 3D printer...
Tiny, Suicidal Drone/Missile Mashup Is Part of U.S.’ Afghanistan Arsenal
… Unlike every other drone in military use, the Switchblade only looks like an aircraft once its wings unfold, following a launch from a tube. Once in the air, the Switchblade’s size limits its flight time, but its cameras send a video feed back to a remote operator who could be a dismounted soldier. AeroVironment bills it as a tool for pursuit of an adversary on the move or for close air support-in-a can for troops pinned down by enemy fire. That’s because once a target comes into view, the operator can send the Switchblade on a one-way mission, careening it into an enemy position to detonate. It can also be pre-programmed to hit a set target.


plus ça change, plus c'est la même chose.” France was once great and by keeping everything unchanged they can believe it still is... (Never consider forcing telecoms to move into the digital age...)
"Skype made a name for itself by largely bypassing the infrastucture — and the costs, and the regulations — of the legacy telecommunications industry. But now the French telecom regulator wants to change that, at least in France. At issue is not the service's VoIP offering, but rather the Skype Out service that allows users to dial phones on traditional networks. Regulators say that this service necessitates that Skype face the same regulations as other telecoms."


Yesterday, I had my students de-anonymize some data. Tomorrow we may build a Facebook profile for the perfect job candidate or serial killer, whichever is more amusing.
Study: Facebook Likes Can Be Used to Determine Intelligence, Sexuality
If you like thunderstorms, The Colbert Report or curly fries on Facebook, you’re a genius. If you like Sephora, Harley-Davidson or the country-western band Lady Antebellum, you’re not.
That might go without saying, but the brainiacs at the University of Cambridge Psychometrics Center and Microsoft Research Cambridge have the data to prove it – and a lot of other things about you, too. They analyzed the Likes of 58,466 volunteers and were able to determine with surprisingly high accuracy a range of personal information that some Facebook users may not have made public, including their sexuality, where they worship, how they’ll vote in the next election and what their IQ is.
Simply by delving into volunteers’ Likes, the researchers could determine in 95 percent of cases whether a person was Caucasian or African American and in 88 percent of cases whether the person was heterosexual or homosexual. They could determine whether the person is Christian or Islamic 82 percent of the time.


Do we have good law and a bad narrative or the opposite?
Ask yourself why a European privacy regulator can propagate the preposterous view publicly that the US has “no effective privacy laws.” And lots of people seem to believe that. And why does it matter?
On the global stage, Europe is convincing many countries around the world to implement privacy laws that follow the European model. The facts speak for themselves: in the last year alone, a dozen countries in Latin America and Asia have adopted euro-style privacy laws. Not a single country, anywhere, has followed the US-model.

(Related) ...but let's be careful what we brag about... They can't mean you must mail the customer a bill without the zip-code on the envelope, can they?
Massachusetts’ top court has ruled that consumers whose ZIP codes are retained by retailers in the state can sue for a violation of state privacy law.
The decision issued Monday by the Massachusetts Supreme Judicial Court paves the way for a would-be class action against Michaels Stores, the Patriot Ledger and the National Law Journal report. The court ruled in response to certified questions by a federal judge considering the consumer lawsuit.
Read more on ABA Journal.
[From the ABA article:
The suit claims Michaels used ZIP code information to look up customers' phone numbers and addresses so the retailer could send them marketing materials. [So it can't be zip-code alone Bob] State law bars companies from requesting personal information unless it is needed for shipping or it is required under the credit card agreement, the Patriot Ledger says.


Was there a similar debate over fingerprints or 'mug shots?”
David H. Kaye has an article in the 60 UCLA L. Rev. Disc. 104. Here’s the Abstract:
For nearly a decade, DNA-on-arrest laws eluded scrutiny in the courts. For another five years, they withstood a gathering storm of constitutional challenges. In Maryland v. King , however, Maryland’s highest court reasoned that usually fingerprints provide everything police need to establish the true identity of an individual before trial and that the state’s interest in finding the perpetrators of crimes by trawling databases of DNA profiles is too “generalized” to support “a warrantless, suspicionless search.” The U.S. Supreme Court reacted forcefully. Chief Justice Roberts stayed the Maryland judgment, writing that “given the considered analysis of courts on the other side of the split, there is a fair prospect that this Court will reverse the decision below.” The full Court then granted a writ of certiorari. This essay examines the opinions listed by the Chief Justice and finds their analysis incomplete. I outline the Fourth Amendment questions that a fully considered analysis must answer, identify questionable dicta on the definition of “searches” and “seizures” in the opinions, describe a fundamental disagreement over the analytical framework for evaluating the reasonable warrantless searches or seizures, and criticize a creative compromise in one of the opinions that would allow sample collection without DNA testing before conviction. I conclude that in King , the Supreme Court not only must assess the actual interests implicated by pre-conviction collection and profiling of DNA, but it also should articulate the appropriate framework for evaluating the reasonableness of warrantless searches in general.
Via Concurring Opinions
You can download the full article here (pdf).


Amazon's business model (and a look at e-conomics)
Why Amazon Prime Could Soon Cost You Next to Nothing
Over the past few years, the arithmetic behind Amazon Prime has become one of online shopping’s most familiar math problems: Do I buy enough from Amazon to justify paying $79 per year for unlimited two-day shipping?
But this calculus could soon change. Amazon makes so much money off Prime customers, according to a new report, that the company could drop the fee by dozens of dollars and still come out ahead.
As heavily as it promotes Prime, which also comes with free Netflix-style streaming video and access to the Kindle lending library, Amazon is equally circumspect about how well the program performs. In the heated debate over whether a company with profits as meager as Amazon’s deserves such a high-flying stock, that information gap leads partisans both pro and con to play Prime as a wildcard in support of their claims.
Bullish analysts at Morningstar teamed with Consumer Intelligence Research Partners (CIRP) to dig into what is known about Amazon to come up with some reasonable estimates of the numbers behind Prime. The results are startling.
Amazon started its fiscal 2012 with a little fewer than 7 million Prime members and ended with nearly 10 million, largely thanks to the free Prime promotion that comes with the purchase of the company’s bestselling Kindle Fire. That increase alone represents a huge coup for Amazon, an awesome display of locking in customer loyalty. As the report points out, those millions of people spending $79 each are all incurring a major “switching cost” — in other words, since they’ve shelled out so much to enjoy special privileges for shopping at Amazon, they’re less likely to shop elsewhere.


Do Billionaires use the library? Do they even read?
March 12, 2013
New on LLRX - A national digital library endowment
Via LLRX.com - A national digital library endowment: How America’s billionaires could be modern Carnegies for real - David H. Rothman discusses how e-books, collections of electrons, not atoms, come with special advantages. They eliminate physical-shelving costs and are especially useful for blind people and others with special needs. Digital technology can also help multiply the selection of books for residents of small towns as well as large cities with underfunded neighborhood library branches. This technology can likewise drive down the costs of providing best-sellers and help with popularizing authoritative information on key issues such as health and finance.

Any book published anywhere, anytime...
March 12, 2013
Commentary - Why We Miss the First Sale Doctrine in Digital Libraries
John Palfrey: "Publishers, ebook vendors, and libraries are engaged in a “tug of war” over the lending of electronic books, according to Library Journal’s recent ebook survey. This clash inhibits most libraries from fulfilling their important institutional missions to provide access to knowledge and preserve our cultural heritage. In the best case, this tug of war will be a temporary struggle. The best outcome is not a winner who holds all the rope and another lying on the ground with rope-burned hands. If there must be a winner of any kind, it ought to be the reading public."
[From the article:
In this article, the fourth installment in a series on the initiative to build a Digital Public Library of America, I examine the underlying role of law in the ebook lending debate, explore potential solutions to the problems, and consider how the DPLA can contribute to solutions for those we serve. At the core of this issue is the way the copyright law works–or doesn’t–when it comes to books, libraries, and readers in the United States today and into the future.


Is this just to tweek the DoJ or does he gain some support this way?
Kim Dotcom’s Floating Head Speaks to SXSW via Skype
In one of the more surreal discussions at SXSW, Kim Dotcom, the notorious founder of Megaupload, spoke to an audience via Skype on Monday afternoon, appearing in front of an all-black background and in all-black clothes that gave him the floating-head quality of a Great and Powerful Oz.
… Currently banned from leaving New Zealand and awaiting extradition to the United States over criminal copyright infringement related to Megaupload, the German national sees himself as a target of U.S. political repression rather than an online racketeer, and vowed that regardless of what happens next, “I will never be in a prison in the U.S. I can guarantee you that.”
While it’s impossible to claim Megaupload wasn’t used to transfer copyrighted material from one user to the next, Dotcom said his popular service was much more than an online storage locker for pirates. He noted the company had 220 employees, a potential IPO valuation of over $2 billion, and users in nearly every facet of society from the thousands of accounts registered by the Brazilian government for sending attachments to the 15,000 soldiers he says used Megaupload to send photos and videos to loved ones.
Dotcom added that only 10 percent of Megaupload users were registered in the U.S. and that ”of all the files uploaded to Megaupload, half had never been downloaded, not once. That shows people were using it for storage more than anything else.”


Researching current events in real time?
Twitter search has its limits. For one, you can only search back so far, with Twitter making public search results available only for a limited period of time. That said, there are a few tips and tricks you can use to make sure that you find the most important search results, and you can even bend the Twitter rules, searching a little further back than the social network’s own search engine allows.
… Did you know that you can use Google-like search operators on Twitter to narrow down your searches? There are quite a few advanced search features that you can take advantage of, simply by including certain parameters alongside your keywords.
… See more ways you can take advantage of Twitter search operators here.
Topsy
If you’re using Twitter for social media marketing, using a site like Topsy can provide invaluable information. Topsy allows you to filter your search results based on certain categories. Narrow down the results to display tweets only with photos, with links or with videos. Topsy also makes it easy to narrow down your results by time, showing only those from the past hour, past four hours, past day, past seven days, past 30 days, and all time.
TwitLamp
TwitLamp is a great Twitter search service if you’re interested in narrowing down your search results by a certain type. When you first authorize TwitLamp to access your Twitter account, it will filter your timeline for you based on the following categories – photos, videos, audio, links, text and hashtags. It will tell you how many tweets are included in each category, and will notify you when there are new updates that fit each category.
SnapBird
If you want to bend the Twitter rules a bit, SnapBird lets you search beyond the time limit imposed by Twitter. The bad news is that it won’t allow you to search the pubic timeline. The only way you can use Snapbird is to search your own timeline, or that of another user. That said, it’s still pretty handy, especially if there’s a tweet by someone you spotted and don’t want to scroll through their timeline to find it again.


Another research tool?
The quote in the title is from www.muckrock.com/about/. And that is exactly what MuckRock is all about: Making FOIA (Freedom of Information Act) requests for you (and investigative reporters) so you don't have to deal with the often-daunting paperwork and runarounds you may run into when you try to pry information out of a recalcitrant government agency. In theory, most government information is public. In practice, many local, state and federal government bodies would just as soon never tell you anything. This is why Tim Lord talked with MuckRock co-founder Michael Morisy, and why we're running this interview in the middle of Sunshine Week, which exists "...to educate the public about the importance of open government and the dangers of excessive and unnecessary secrecy."


I'll mention this to my students, but I doubt they will find it attractive given the alternatives.
Microsoft announced this week that it’s expanding its Office 365 University free trial to 3 free months, with 3 further months offered to students who share the offer on Facebook. In addition, students can get 20GB of additional SkyDrive storage. The free trial is available to enrolled full- and part-time university and college students, and faculty and staff in accredited institutions.
… Office 365 University includes access to the latest versions of Microsoft’s cross-platform desktop applications, including Word, Excel, PowerPoint, OneNote, its Web mail and calendar program, Outlook, and its pictures application, Publisher. After the free trial, the suite is available at a discounted student price of $80 for 4 years.
… To qualify for the 3 months of services, students will need to provide their .edu email address on the OfficeForStudents.com site, where they must also register and sign into a Microsoft account. The account will be used to manage your Office installs and benefits available as part of the subscription. With a registered Microsoft account, you can also get the additional 3 months of access by sharing the trial offer on Facebook. In turn, you will get a link to an extra 3 free months of trial access.