Saturday, June 15, 2013

Is this a case of needing to “appear” concerned, or were they actually surprised by this?
EPIC – European Commissioner Asks Attorney General to Explain US Spying
“European Justice Commissioner Viviane Reding has demanded that U.S. Attorney General Eric Holder explain the scope of US data collection about EU citizens. “Direct access of US law enforcement to the data of EU citizens on servers of US companies should be excluded unless in clearly defined, exceptional and judicially reviewable situations,” the Commissioner wrote. The Commissioner’s request is similar to that made by other European officials, such as German Justice Minister Sabine Leutheusser-Schnarrenberger, who also stated that “all facts must be put on the table.” Recent reports indicate that United States lobbied the European Commission to weaken a comprehensive data protection law now pending in the European Parliament. Earlier this year, EPIC joined a coalition of leading US consumer and civil liberties organizations that expressed concern about the role of US officials in the development of European privacy law. The letter stated that “without exception,” members of the European Parliament reported that the US government was “mounting an unprecedented lobbying campaign to limit the protections that European law would provide.” For more information, see EPIC: EU Data Protection Regulation.”


Looks like the DNI got some good scheduling advice... (Picture the senators yelling, “We don't need no stinking facts!”)
Alexander Bolton reports:
A recent briefing by senior intelligence officials on surveillance programs failed to attract even half of the Senate, showing the lack of enthusiasm in Congress for learning about classified security programs. [WATCH VIDEO]
Many senators elected to leave Washington early Thursday afternoon instead of attending a briefing with James Clapper, the Director of National Intelligence, Keith Alexander, the head of the National Security Agency (NSA), and other officials.
Read more on The Hill.
I don’t know about you, but I’d call that dereliction of duty.


This seems remarkably quick to me.
Ted Ullyot, Facebook General Counsel, writes:
… Since this story [The PRISM alligations Bob] was first reported, we’ve been in discussions with U.S. national security authorities urging them to allow more transparency and flexibility around national security-related orders we are required to comply with. We’re pleased that as a result of our discussions, we can now include in a transparency report all U.S. national security-related requests (including FISA as well as National Security Letters) – which until now no company has been permitted to do. As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range. This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked [Infrequent? 9000 requests in 180 days = 50 requests per day. Bob] to provide user data on national security grounds.
For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.
[...]
It’s nice to see Facebook being more transparent, although it would be great to have more of a breakdown as to how many were national security requests.


Stick a copy of this Infographic on your office wall, but first age it a bit and stamp it TOP SECRET NOFORN. When someone asks you can say “That's how we used to do it years ago.”
With the assistance of semipr0 for the graphics, Ashkan Soltani has come up with a description of how PRISM might work. It’s well worth reading.
[From the article:
Specifically, how would this system look if we took all the statements made at face value?


I've been asking that for years!
NSA-proof encryption exists. Why doesn’t anyone use it?


Does this establish a precident that would allow me to lie to the courts without penalty?
The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary.
From United States Foreign Intelligence Surveillance Court of Review No. 08-01 IN RE: DIRECTIVES [redacted text]* August 22, 2008
So what’s the government’s explanation now? That they didn’t lie to the court because the database was intentionally compiled?
Why are there no meaningful consequences for misleading the public, Congress, and apparently, the courts?


Interesting and useful.
Without making a big deal about it, Twitter has silently opened its analytics services to the general public, letting any Twitter user view detailed account statistics for free.
… Using the tool, any user can get a daily graph of follows, unfollows, and mentions, as well as a detailed per-tweet count of favorites, retweets and replies. The service also offers a click count for every link which appears in each tweet. As mentioned above, many of the features don’t work at this time, probably due to higher than expected user volume.


Amusing...
Maine picked HP as its vendor of choice for the state’s 1:1 computer program. But it doesn’t appear as though the schools agree, as the vast majority are going with Apple instead. According to figures released by the state’s DOE, “39,457 students and teachers will get Apple’s iPad tablet with an annual cost of $266 per unit, including networking, and 24,128 will get Apple’s MacBook Air with a cost of $319. Only 5,474 will use the HP ProBook 4440 laptop, equipped with Windows 7
… One of my favorite startups, Desmos, keeps getting better as its free online graphing calculator has added polar axes to its graphing “paper.” All the better for drawing… and, um, other mathematical applications, I’m sure.
Anya Kamenetz’s Edupunks’ Guide has been “mapped” to an Edupunks’ Atlas. (I think it looks more like a Periodic Table of Lifelong Learning resources than an atlas, but maybe that’s just me.)
… One of the projects that came out of the recent National Day of Civic Hacking and thanks to the work of Justin Grimes, who works with the Institute of Museum and Library Services: a map of every library and museum in the US.


It's not “Falsifying,” it's “Enhancing”
… The way the site works is extremely simple: you need not even sign up for the new accounts. The first step involves you selecting the right industry that your resume is going to be targeting. In the second step, you paste the copied text of your resume in a provided text field. The site analyzes the pasted text and shows which keywords are already present in your resume. You are shown all keywords for that particular industry as checkboxes. Keywords with the marked checkboxes are already present in your resume; you can see which keywords are absent from your CV and try incorporating them in it when you draft it another time.

Friday, June 14, 2013

Looking at all the NSA “capabilities” I still find little I need to change in the Ethical Hacker class. Perhaps they keep the really good stuff Secret?
Ryan Gallagher reports:
…the NSA “PRISM Skype Collection” guide casts doubt on whether any Skype communications are beyond the NSA’s reach. That the NSA claims to be able to grab all Skype users’ communications also calls into question the credibility of Microsoft’s transparency report—particularly the claim that in 2012 it did not once hand over the content of any user communications. Moreover, according to a leaked NSA slide published by the Post, Skype first became part of the NSA’s PRISM program in February 2011—three months before Microsoft purchased the service from U.S. private equity firms Silver Lake and Andreessen Horowitz.
Read more on Slate.

(Related) You don't have to be an Ethical Hacker to do that...


“The rest of the world clicked “Accept,” how come you actually looked at the contract?”
Dark clouds loom over Google in the EU as Swedish data regulator kills a Google Apps deal
In what seems to have garnered precious little attention, Sweden’s data protection agency earlier this week ruled to (again) disallow an agreement between a tiny municipality and Google for the use of cloud services, such as Google Apps, within the public body.
… This resulted in a ban (PDF), although it may still be lifted in the future.
The ruling – which bans Google cloud products such as calendar services, email and data processing functions – is based on inadequacies in the Google contract.
A risk assessment by the Board determined that the contract gives Google too much covert discretion over how data can be used, and that public sector customers are unable to ensure that data protection rights are protected.
… The move itself isn’t unprecedented in Northern Europe: Norway’s data protection authorities outlawed the use of Google Apps by municipalities for nine months straight before lifting the ban in September 2012 (following a ton of deliberations and some changes from Google’s side).
Spain has also bumped heads with Google over data protection and privacy concerns earlier this year.
The bigger picture is Google’s increasing number of run-ins with local government bodies across Europe – and the European Commission. Last year, the latter proposed comprehensive reforms to strengthen online privacy rights across the board — changes that could have significant repercussions for US tech companies with operations in Europe.

(Related) Claudius: “When sorrows come, they come not single spies but in battalions.” Hamlet Act 4 Scene 5, by William Shakespeare (I Googled it)
Google's Android faces EU probe over licensing practices


This is an excellent example of Congress passing a law in a fit of “We gotta do something!” and the regulatory agencies finding little reason to actually implement it.
Perhaps this should be one of those White House petitions? https://petitions.whitehouse.gov/
Raj J. Patel reports:
Despite the increase in cyberattacks, the Securities and Exchange Commission (SEC) has yet to publish guidelines as to when a corporation should publicly disclose the data loss, system disruption, or other damages caused by a cyber incident — even where the incident caused financial losses. Some companies have included standard warnings in financial filings that they’re subject to computer viruses, electronic break-ins, and denial-of-service attacks, just as they’re exposed to risks of hurricanes and tornadoes. Other companies don’t explicitly report financial losses from data security breaches in their quarterly and annual reporting and may be at risk from expensive shareholder lawsuits alleging the failure to take reasonable steps to protect their cyber infrastructure.
Many financial institutions are taking note of this, and at least 19 financial institutions have disclosed to investors in recent weeks that their computers were targets of cyberattacks last year. In their annual financial reports to the SEC, major banks such as Bank of America, Citi, Wells Fargo and JPMorgan Chase, along with smaller institutions, have reported that their systems were hit with computer disruptions or intrusions. SEC officials said it was crucial for investors to know not just what a company’s risk is but when that risk has become reality.
Read more on Crain’s Business Detroit. What I particularly appreciate about this article is that Patel makes the same suggestion I’ve often made about having a number people can call to report a breach:
Cyberattacks are inevitable, but not implementing an effective incident response process and team is negligent. And so I ask, do you have a 1-800 hotline to report data breaches?


This should give someone a leg up on “Principles of Privacy” don't you think?
The Global Principles on National Security and Freedom of Information
“The Global Principles on National Security and the Right to Information were developed in order to provide guidance to those engaged in drafting, revising, or implementing laws or provisions relating to the state’s authority to withhold information on national security grounds or to punish the disclosure of such information. They are based on international (including regional) and national law, standards, good practices, and the writings of experts. They address national security—rather than all grounds for withholding information. All other public grounds for restricting access should at least meet these standards. These Principles were drafted by 22 organizations and academic centres (listed in the Annex) in consultation with more than 500 experts from more than 70 countries at 14 meetings held around the world, facilitated by the Open Society Justice Initiative. This process culminated in a meeting in Tshwane, South Africa, which gives them their name.”


An unlocked door is the same as an unencrypted email. An open invitation for anyone who want's to snoop/gather evidence/create citizen dossiers. Governments do that if left unchecked.
Joe Rubino reports:
Boulder residents who intentionally leave their doors open, may unintentionally be inviting a Boulder police officer in for a visit.
Chrissy Smiley learned this fact in surprising fashion on Thursday afternoon when she returned to her south Boulder condo after a 40-minute walk with her dogs to find a card from a Boulder police officer sitting on her dining room table.
Disturbed by the discovery, Smiley said she quickly called the officer back to ask why he had entered her home without her permission.
“He was very nice. He said he had come back to follow up on another officer who had been there for something and he felt he had probable cause to make sure that I was safe,” Smiley said, adding the she found the officer’s explanation unsettling.
[...]
Smiley took up the issue Boulder police Sgt. Michael Everett, who in an email response to her inquiry, explained that entering unsecured residences is standard operating procedure for most law enforcement agencies, including, Boulder police, and one that is not likely to stop.
“There are many reasons for checking residences that are left open,” Everett wrote in his response. “They include in-progress crimes and injured parties inside. There are situations which create a duty for officers to enter and check residences. Failure to do so creates liability for that officer and agency.”
He added that the practice is backed by sound legal reasoning and is consistent with best practices for law enforcement agencies.
Read more on Daily Camera.
This seems like a sound policy – if you want your police officers getting shot by surprised homeowners.


“Hey! Welcome to the 20th Century! Now, look at the calendar.”
FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks
News release: “Many medical devices contain configurable embedded computer systems that can be vulnerable to cybersecurity breaches. In addition, as medical devices are increasingly interconnected, via the Internet, hospital networks, other medical device, and smartphones, there is an increased risk of cybersecurity breaches, which could affect how a medical device operates. [No wonder my students can't write, if the “professionals” keep getting it wrong. http://grammar.quickanddirtytips.com/affect-versus-effect.aspx Bob] Recently, the FDA has become aware of cybersecurity vulnerabilities and incidents that could directly impact medical devices or hospital network operations, including:
  • Network-connected/configured medical devices infected or disabled by malware;
  • The presence of malware on hospital computers, smartphones and tablets, targeting mobile devices using wireless technology to access patient data, monitoring systems, and implanted patient devices;
  • Uncontrolled distribution of passwords, disabled passwords, hard-coded passwords for software intended for privileged device access (e.g., to administrative, technical, and maintenance personnel);
  • Failure to provide timely security software updates and patches to medical devices and networks and to address related vulnerabilities in older medical device models (legacy devices);
  • Security vulnerabilities in off-the-shelf software designed to prevent unauthorized device or network access, such as plain-text or no authentication, hard-coded passwords, documented service accounts in service manuals, and poor coding/SQL injection.”


I pose a Constitutional Question: Can a government grant itself rights that citizens never had? “We can look for evidence of your guilt, but you can not look for evidence of your innocence.”
Dan Sachs writes:
In a pair of rulings, the Minnesota Court of Appeals avoided review of a trial court’s decision on the important but rarely-litigated issue of when “publicly” posted social media content is subject to the protections of the Stored Communications Act. Facebook, Inc. v. Aguayo-Gomez, Case No. A13-0177 (Minn. Ct. App. Feb. 12, 2013) & Facebook, Inc. v. Aguayo-Gomez, Case No. A13-0579 (Minn. Ct. App. May 1, 2013). While it did not address that issue directly, the Court of Appeals did provide some answers for criminal defendants seeking data held by electronic communications services. Under the SCA, only the government can obtain the contents of communications directly from an ECS—criminal defendants may not. 18 U.S.C. § 2703(a).


Change without loss of customers. Who did they think they were? Facebook?
Adobe competitors pounce after subscription backlash
Companies like Corel, Xara, Nitro, Nuance, and Pixelmator are taking advantage of customers' displeasure with Adobe's shift from selling Creative Suite perpetual licenses to Creative Cloud subscriptions.


Perspective: Big Data = Big Numbers. Is this a height from which we can see farther or a trench from which we can not escape?
FCW – NSA shows how big ‘big data’ can be
FCW.com – Frank Konkel -”As reported by Information Week, the NSA relies heavily on Accumulo, “a highly distributed, massively parallel processing key/value store capable of analyzing structured and unstructured data” to process much of its data. NSA’s modified version of Accumulo, based on Google’s BigTable data model, reportedly makes it possible for the agency to analyze data for patterns while protecting personally identifiable information – names, Social Security numbers and the like. Before news of Prism broke, NSA officials revealed a graph search it operates on top of Accumulo at a Carnegie Melon tech conference. The graph is based on 4.4 trillion data points, which could represent phone numbers, IP addresses, locations, or calls made and to whom; connecting those points creates a graph with more than 70 trillion edges. [Imaging a BIG arrow that says, “You are here!” Bob] For a human being, that kind of visualization is impossible, but for a vast, high-end computer system with the right big data tools and mathematical algorithms, some signals can be pulled out.”

(Related) NSA could point to this article to show how SMALL their collection is, relatively...


Always treat “Everything” with a grain of salt.
A Visual Guide To Every Single Learning Theory
Click the image to enlarge and view the hi-res version. Want a printable PDF? Click here.


Global Warming! Global Warming! Are you listening, Al Gore?
Why flying first class increases your carbon footprint by six times
The World Bank has published a new working paper (PDF) that shows how passengers in premium airline classes create more of the C02 that leads to global warming. [Because this impacts World Banking how, exactly? Bob]
Essentially, all the extra space for high-paying customers means airlines expend more fuel to move them, especially if some of the more expensive seats are left empty. [Because the passenger in the empty seat weighs more than the economy class guy? Bob]

Thursday, June 13, 2013

So, does they does or does they doesn't? That is the qustion. (Why take only SOME of the useful stuff?)
NSA chief drops hint about ISP Web, e-mail surveillance
The head of the National Security Agency hinted Wednesday that logs of Americans' e-mails and Web-site visits may be secretly vacuumed up by the world's most powerful intelligence group.
… "It would be odd [for the NSA] to focus entirely on telephony logs and exclude Internet traffic," said Julian Sanchez, a research fellow at the Cato Institute in Washington, D.C., who focuses on electronic surveillance topics. "I would assume they're vacuuming up IP logs and perhaps e-mail headers as well."


Amusing.
Spies Like Us: How We All Helped Build Prism
It used to be that the National Security Agency and its ilk had to pay through the nose for the latest in spying technology. The supercomputer specialist Cray (CRAY), for example, would receive government funds and come out with a new multimillion-dollar machine specially tuned for “pattern matching” and then sell the system to three-letter agencies. The machines were anything but general purpose and came with a premium price tag. Beyond that, the NSA has been known to run its own chip manufacturing plant and to pay for custom software.
While that type of thing still goes on, the NSA has another, much cheaper avenue for great spy technology at its disposal: open-source software.

(Related) What metadata is available from various sources and what it reveals.
A Guardian guide to your metadata


Not the most flattering picture, but it is worth reading.
The Secret War
Inside Fort Meade, Maryland, a top-secret city bustles. Tens of thousands of people move through more than 50 buildings—the city has its own post office, fire department, and police force. But as if designed by Kafka, it sits among a forest of trees, surrounded by electrified fences and heavily armed guards, protected by antitank barriers, monitored by sensitive motion detectors, and watched by rotating cameras. To block any telltale electromagnetic signals from escaping, the inner walls of the buildings are wrapped in protective copper shielding and the one-way windows are embedded with a fine copper mesh.
This is the undisputed domain of General Keith Alexander, a man few even in Washington would likely recognize. Never before has anyone in America’s intelligence sphere come close to his degree of power, the number of people under his command, the expanse of his rule, the length of his reign, or the depth of his secrecy. A four-star Army general, his authority extends across three domains: He is director of the world’s largest intelligence service, the National Security Agency; chief of the Central Security Service; and commander of the US Cyber Command. As such, he has his own secret military, presiding over the Navy’s 10th Fleet, the 24th Air Force, and the Second Army.


This is why I follow Pogo Was Right!
When Glenn Greenwald of The Guardian published a FISC order requiring Verizon to turn over to the NSA its call records for calls made both within the US and between the US and other countries, I don’t think anyone at the Privacy Law Scholar’s Conference was particularly shocked that this was going on. If anything, we were somewhat pleasantly surprised that we now had some proof that the government couldn’t deny.
The Verizon order was just the first of a number of leaks last week, though, with leaks about PRISM, the President’s cyberwar directive, and Boundless Informant each grabbing the headlines until the next disclosure.
By the end of last week, it was clear that for at least some members of Congress, this was a “We authorized WHAT?” moment. It was also clear that the usual members of Congress would start screaming that Eric Snowden and journalists and publications involved in the leaks should be prosecuted for treason, even though their actions really do not fall under “treason.”
I did not expect to see vast swaths of the public suddenly understand that this has nothing to do with “having nothing to hide,” and was not disappointed to see the usual “the government can surveill me to keep me safe” rhetoric.
And although at least one media source claimed the real story was about the failure of journalism (after the Washington Post did significant silent edits of its original story), I think the real story is the massive failure of Congressional oversight and how the Executive branch has shrouded so much in secrecy and subverted Congress’s oversight obligations. And I think the real story is the government going after leakers and journalists instead of adhering to its promised policy of more transparency.
If the government were more transparent, there would be no issue of charging journalists or leakers with espionage. Yes, I realize that some things may need to be classified but the Bush and Obama administrations have run amok with secrecy and surveillance. It’s time to rein in it. Congress either needs to repeal Section 215 or amend it to make clear that dragnet collection of domestic call records is not permitted and existing databases must be destroyed. They also need to enact legislation that undoes “third party doctrine” and establishes that as citizens, we do have a reasonable expectation of privacy in information held by service providers and telecoms. And they need to protect journalists who, in the best traditions of journalism, inform the public on issues of national significance.
“We have met the enemy and he is us.”
Pogo was right. Our checks and balances failed, subverted by the Executive branch. It’s time to restore the balance and to stop blaming those who tell us what our government should have told us so that we can have had a meaningful national debate. President Barack “I Was Against It Before I Was For It” Obama has said he welcomes a debate. Just tell us when and where, Mr. President, because massive domestic surveillance cannot stand.


One of these days, someone at this hospital will notice that unencrypted files is probably not the smart way to go.
Lucile Packard Children’s Hospital is no stranger to stolen equipment containing PHI. In January, 2010, they self-reported a breach involving a stolen desktop computer with PHI on 532 patients, and as recently as January, they notified 57,000 patients after a laptop was stolen from a physician’s car. Now the hospital is notifying patients about another breach involving the theft of hardware with unencrypted PHI. From a statement on their web site:
Lucile Packard Children’s Hospital at Stanford is notifying patients by mail that a password-protected, non-functional [...but the hard drive still worked? Bob] laptop computer that could potentially contain [We don't know. Bob] limited medical information on pediatric patients was stolen from a secured, badge-access controlled area of the hospital sometime between May 2 and May 8, 2013. This incident was reported to Packard Children’s on May 8. Immediately following discovery of the theft, Packard Children’s launched an aggressive and ongoing investigation with security and law enforcement.
To date, there is no evidence that any pediatric patient data has been accessed by an unauthorized person or otherwise compromised. [Nor do we have any evidence that Aliens have landed in Grover's Mill, New Jersey. Bob]


“We're the government. We don't follow no stinking laws!”
And speaking of outrageous breaches, Elise Viebeck reports:
A top House committee launched another probe of the Internal Revenue Service (IRS) Tuesday after a lawsuit alleged that the agency improperly seized millions of personal medical records in California.
In a letter, Republican leaders on the Energy and Commerce panel asked the IRS to explain how it handles confidential medical information.
“While [federal] privacy rules restrict the ability of a covered entity to release protected health information, those rules appear to impose no restrictions on the IRS’s ability to use such information after it is obtained,” the lawmakers wrote.
Read more on The Hill.
The letter requests a response from the IRS by June 21.


If this is true, shouldn't the judge be a bit angry with the DoJ?
Apple fires back at DOJ with actual e-mail from Jobs
After the Justice Department presented an e-mail Wednesday that appeared to undermine Apple's e-book antitrust defense, the company submitted the actual e-mail as sent by then-CEO Steve Jobs to Eddy Cue, showing content and tone that differed from the draft version.


Get a sample at birth, own the 'citizen' for life.
Joseph Goldstein reports:
Slowly, and largely under the radar, a growing number of local law enforcement agencies across the country have moved into what had previously been the domain of the F.B.I. and state crime labs — amassing their own DNA databases of potential suspects, some collected with the donors’ knowledge, and some without it.
Read more on NYTimes. Note that it is not just suspects whose DNA is being amassed, but crime victims, too. And SCOTUS’s decision in King will only encourage more of this.


Why I'm FROM New Jersey... “He hit me right after he glanced up from his phone, officer. Then he swallowed it. Can I watch while you conduct your cavity search?”
Bill would force you to give police phone after accident
… State legislators in New Jersey would very much like to make it easier for the police to go through your cell phone, should you be in any way involved in an accident.
The wording of their proposal -- Bill S 2783 (PDF) -- is quite precise in its breadth:
Whenever an operator of a motor vehicle has been involved in an accident resulting in death, bodily injury or property damage, a police officer may confiscate the operator's hand-held wireless telephone if the officer has reasonable grounds to believe that the operator was operating a hand-held wireless telephone while driving.


So, does this signal an opportunity to give ASCAP some competition?
Pandora to buy radio station to piggyback onto cheaper costs
… Pandora ... agreed to purchase KXMZ-FM, a Rapid City, S.D., terrestrial radio station. Its first foray into traditional radio broadcasting, the move has little to do with strategic shift and everything to do with royalty costs.
Pandora pays two royalty streams, one for actual sound recordings and another to composers for publishing rights. The sound recording fees make up the lion's share of its content costs. But by buying a terrestrial station, Pandora piggybacks onto a settlement that gives better rates on that smaller fee stream.
… The preferential royalty rates are expected to snag savings worth less than 1 percent of its revenue versus the rates it is currently paying. Based on last year's top line, that equates to less than $5 million.


Perspective: Facts and factoids from PEW
Pew – Understanding the Social Media and Technology Landscape
Data to Live By: Understanding the Social Media and Technology Landscape – “New technologies and social media have had a major impact on the way we communicate and live life. Senior Researcher Mary Madden delivered the keynote address for the Lawlor Symposium’s summer seminar, sharing “data to live by” to aid in understanding this new social media and technology landscape.”


Perspective: Big data is BIG!
WhatsApp sets new record with 27 billion messages in a day
WhatsApp, the mobile service that has established itself as a free alternative to texting, has reached new heights.
The company announced on its Twitter page on Wednesday that in the previous 24-hour period, it had set a new one-day record of handling 27 billion messages. According to the company, its users sent over 10 billion messages during the period, and received 17 billion messages.


For those, “I want to read this, but not now” moments.
If you use Evernote on your iPad or iPhone, you may have found it difficult to get copies of articles, snippets of text, or photos from you device into your Evernote account without having to copy content from one application and paste it into another.
… Thanks to a handful of third-party developers, there are several apps which enable you to export content directly to your Evernote account without having to open the app. If you use Evernote with your iOS device then the apps I am about to recommend could replace your news and RSS feed reader, text editor or notes app and even plain old mobile Safari.
Danny has also shared other useful tools that integrate with Evernote.


Perspective: and a bit depressing. Infographic
A Snapshot Of How Technology Is Used In Education


For my graduating students (and the rest of them too)
That little sheet of paper that you send off to potential employers? Yeah, it isn’t your resume. Nowadays, your resume is the entirety of your web presence.
… However, with websites like LinkedIn, Facebook, Twitter, Google, WordPress, and more, all an employer really has to do is type in your name. Honest. With LinkedIn, you have endorsements – something that was typically always achieved with references. As for Facebook, employers can get a snapshot of your personality through text updates and photos. With Twitter, they can see what parts of the industry that you are interested in. Meanwhile, Google gives a general history of your work-life, and WordPress serves as a decent portfolio.


For my fellow teachers...
Problem-Attic is a useful resource mainly aimed at teachers and educators to help them in preparing teaching materials such as tests, worksheets and flashcards. Currently it lists over 80,000 questions from different sources, all available for free. Questions are sorted by topic (i.e., Math, Social studies, Science ) and by released exams, meaning that you can look up a past Math exam from the year 2009 etc. To use the service you have to sign up on their website and follow a 4-step process (Select, Arrange, Format, Print) to create your teaching materials.
Related tools – EQuizShow, Gnowledge


For my fellow website teachers...
… Running in the browser as a web app, DivShot lets you drag and drop elements, text, boxes and more onto your page as you build your site. Everything you see on the page is HTML and CSS, with the correct markup added as you go. The best thing about DivShot from a coding point of view is the fact that the code comes out looking like it was written by hand, complete with tidy indentations to keep your inner coder happy.
With a responsive and straightforward UI, DivShot immerses you in the process of creating beautiful websites from within your browser. All the tools, element controls and preferences you need are found around the edge of your screen, just as if you were using a desktop editor. DivShot is currently in beta, and free to sign up and use (though the usual “beta beware” advice applies).

Wednesday, June 12, 2013

For your amusement...
EFF has produced a great timeline of NSA’s domestic spying, here.


“They made me do it!”
Google sent a letter to the Attorney General and FBI this morning:
Dear Attorney General Holder and Director Mueller
Google has worked tremendously hard over the past fifteen years to earn our users’ trust. For example, we offer encryption across our services; we have hired some of the best security engineers in the world; and we have consistently pushed back on overly broad government requests for our users’ data.
We have always made clear that we comply with valid legal requests. And last week, the Director of National Intelligence acknowledged that service providers have received Foreign Intelligence Surveillance Act (FISA) requests.
Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.
We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope. Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide.
Google appreciates that you authorized the recent disclosure of general numbers for national security letters. There have been no adverse consequences arising from their publication, and in fact more companies are receiving your approval to do so as a result of Google’s initiative. Transparency here will likewise serve the public interest without harming national security.
We will be making this letter public and await your response.
David Drummond
Chief Legal Officer
Of course, Google has nothing to lose by this publicly disclosed request. They get brownie points for trying, even if the government says no.
Will the government agree? If the President is serious about having a debate and more transparency, they should agree to the request. Somehow, though, I’m not holding my breath.

(Related) “We use the old, obsolete and uncool technologies because the government can't keep up with us.”
Kim Zetter got a great scoop today:
Google does not participate in any government program involving a lockbox or other equipment installed at its facilities to transfer court-ordered data to the government, a company spokesman says, refuting with some finality one of the lingering theories about the NSA’s PRISM program.
Instead the company transmits FISA information the old fashioned way: by hand, or over secure FTP.
“When required to comply with these requests, we deliver that information to the US government — generally through secure FTP transfers and in person,” Google spokesman Chris Gaither told Wired. “The US government does not have the ability to pull that data directly from our servers or network.”
Read more on Wired.

(Related)
As Mark said last week, we strongly encourage all governments to be much more transparent about all programs aimed at keeping the public safe. In the past, we have questioned the value of releasing a transparency report that, because of exactly these types of government restrictions on disclosure, is necessarily incomplete and therefore potentially misleading to users. We would welcome the opportunity to provide a transparency report that allows us to share with those who use Facebook around the world a complete picture of the government requests we receive, and how we respond. We urge the United States government to help make that possible by allowing companies to include information about the size and scope of national security requests we receive, and look forward to publishing a report that includes that information.


I'm not going to post any more of these, but iuf anyone knows where I can find a quick count from time to time, I'll post as the numbers grow...
… An interactive graphic examining the secret FISA Court order revealed last week is available here.


Worth a read.
Phil Ciciora writes:
When Web surfers sign up for a new online service or download a Web application for their smartphone or tablet, the service typically requires them to click a seemingly innocuous box and accept the company’s terms of service and privacy policy. But agreeing to terms without reading them beforehand can adversely affect a user’s legal rights, says a new paper by a University of Illinois expert in technology and legal issues.
Law professor Jay P. Kesan says the current “non-negotiable approach” to user privacy is in need of serious revision, especially with the increased popularity of Web-based software that shares information through cloud computing.


Only in Massachusetts? (and Califirnia?)
Amy Crafts writes:
In January 2011, David Cheng (Plaintiff) filed a lawsuit against his former co-worker and fellow radiologist, Laura Romo (Defendant), alleging a violation of the Stored Communications Act (SCA) and Massachusetts privacy law. After the U.S District Court of Massachusetts denied Defendant’s motion for summary judgment on both counts, the case went to trial and the verdict came down at the end of April. The jury found that Defendant violated both the SCA and Massachusetts privacy law, and awarded Plaintiff damages totaling $325,000. This case is significant in that courts have struggled to interpret the language of the SCA yet the jury very clearly decided in favor of Plaintiff.
Read more about this case and ruling on Proskauer. As Crafts explains, the case isn’t quite over yet.


De-clutter the sky?
Queenie Wong reports:
The Senate approved a bill Monday that would limit the use of unmanned aircraft called “drones” by law enforcement and government bodies amid growing privacy concerns.
House Bill 2710, which passed on a 23-5 vote, was sent back to the House for concurrence on changes made to the bill.
Read more on Statesman Journal.


Somehow, I think NOT...
… This bill would require the Attorney General to declassify significant Foreign Intelligence Surveillance Court (FISC) opinions, allowing Americans to know how broad of a legal authority the government is claiming to spy on Americans under the PATRIOT Act and Foreign Intelligence Surveillance Act.


Sure we “can” the question is “may” we?
Orin Kerr writes:
Google argues that the answer is “yes,” in this oral argument today in the Ninth Circuit in Joffe v. Google. It’s an interesting question as a matter of statutory interpretation, largely because Congress wasn’t thinking about wireless Internet networks when it was writing about “radio communications.” The statute reflects different carve-outs from different eras that each reflected technologies of its era, all of which now are now barnacles on the hull of the statute that exist decades later when the technologies are very different. As a common sense matter, it would be surprising if the courts hold that anyone can intercept unencrypted wireless communications. It would be the kind of surprising interpretation that I suspect Congress might revisit if the courts reach it. But purely as a matter of statutory interpretation, it’s an interesting and difficult question.
Read more on The Volokh Conspiracy.


Perspective: I predicted this some time ago. (But of course, no one ever listens...)
Cisco Report – The Financial Impact of BYOD
“To help companies determine the current and potential value of BYOD, Cisco IBSG conducted a detailed financial analysis of BYOD in six countries. Our findings show that, on average, BYOD is saving companies money and helping their employees become more productive. But the value companies currently derive from BYOD is dwarfed by the gains that would be possible if they were to implement BYOD more strategically.”


Perhaps a first step on the road to students creating their own textbooks...
Collaboratively Create an iPad or Android Magazine
Last month Flipboard made it possible for anyone to create digital magazines about their favorite topics. You can do this with the Flipboard iPad app, the Android app, or in your web browser. Yesterday, Flipboard made this service even better by allowing you to invite other Flipboard users to collaborate on magazine creation with you. Learn how to co-create Flipboard magazines in the video below.
Applications for Education
Co-creating Flipboard magazines could be a great activity for students studying current events. Your students could share the articles that they're reading and put them into one magazine for the whole class to read.
As a professional development activity co-creating Flipboard magazines could be a great way for teachers to share articles with each other.

Tuesday, June 11, 2013

Inevitable
First Lawsuit Over NSA Phone Scandal Targets Obama, Verizon
The first of what likely will be many lawsuits challenging the constitutionality of the NSA’s dragnet phone surveillance program was lodged Sunday, declaring the newly disclosed spy operation an “outrageous breach of privacy.”
The suit names Larry Klayman, the former chairman of Judicial Watch, and two others who say the government has illegally spied on their Verizon accounts. The spy program, Klayman’s suit in the U.S. District Court for the District of Columbia claims, “violates the U.S. Constitution and also federal laws, including, but not limited to, the outrageous breach of privacy, freedom of speech, freedom of association, and the due process rights of American citizens.”

(Related)
The Majority of Americans Still Don't Care About the NSA Spying on Them
A bit of good news for the 265 sitting members of Congress who voted to extend the legislation that the NSA claims as its mandate to collect phone data: the majority of Americans don't care. Pew Research today released a poll suggesting that 56 percent of the country thinks doing just that is just fine.


Because some days that aluminium foil hat just isn't enough.
I’m already seeing a bunch of ”how you can protect yourself” posts and articles in the wake of the NSA disclosures last week. Here’s one by Ryan Gallagher:
First, instead of browsing the internet in a way that reveals your IP address, you can mask your identity by using an anonymising tool such as Tor or by connecting to the web using a Virtual Private Network, or VPN.
Additionally, you can avoid Google search by using an alternative such as Ixquick, which has solid privacy credentials and says it does not log any IP addresses or search terms or share information with third parties.
Read more on The Age.


Completely unrelated...


Ye Olde Data Analysis...
Using Metadata to Find Paul Revere


Well considered economic theory or “We're the government and we'll do whatever we want.” (They did ask the banks to write down the value of these homes, but that would reduce bonuses. This way, the banks won't have the loans on their balance sheets.)
Using Eminent Domain to Address Underwater Mortgage Debt
“With more than 11 million homes still “underwater,” the mortgage debt overhang caused by the housing bubble remains an impediment to economic growth and a burden on communities across the country. One possible solution to this problem is for state and municipal governments to use their eminent domain authority to purchase and restructure underwater mortgages. This novel solution is proposed in a new report from the Federal Reserve Bank of New York. Many analysts agree that principal reductions are the best way to assist underwater homeowners—those who owe more on their mortgages than their houses are worth. Such write-downs can be difficult to achieve, however, when the underlying mortgages are securitized and held by private-label securitization trusts. Specifically, such loans are subject to pooling and servicing agreements that require collective action by a large majority of security holders before a loan can be modified. As a result, carrying out write-downs is challenging and sometimes impossible. In Paying Paul and Robbing No One: An Eminent Domain Solution for Underwater Mortgage Debt, author Robert Hockett argues that one possible way to sidestep this problem is by having governments buy and restructure underwater mortgages. By utilizing their eminent domain authority, state and municipal governments could bypass the coordination problems posed by the pooling and servicing agreements. They could then reduce the principal on underwater loans, lowering the amount owed by borrowers and thereby reducing the risk of default. The report includes details about the mechanics of such a program, including suggestions on how to finance the purchases and a discussion of the legal basis for invoking the eminent domain power. The author also addresses how to handle potential challenges, such as the existence of a second lien. “


Perspective:
Pew – Tablet Ownership
“For the first time, a third (34%) of American adults ages 18 and older own a tablet computer like an iPad, Samsung Galaxy Tab, Google Nexus, or Kindle Fire—almost twice as many as the 18% who owned a tablet a year ago.
Demographic groups most likely to own tablets include:
  • Those living in households earning at least $75,000 per year (56%), compared with lower income brackets
  • Adults ages 35-44 (49%), compared with younger and older adults
  • College graduates (49%), compared with adults with lower levels of education
“One of the things that is especially interesting about tablet adoption compared to some of the patterns of other devices we’ve studied is how these technologies’ growth has played out between different age groups,” Research Analyst Kathryn Zickuhr said. “With smartphones, for instance, we’ve seen a very strong correlation with age where most younger adults own smartphones, regardless of income level. But when it comes to tablets, adults in their thirties and forties are now significantly more likely than any other age group to own this device.”


Perspective: Is this what the Census Bureau does on off years?
Census Bureau Report Details Rising Internet Use and Shows Impact of Smartphones on Digital Divide
“While disparities in Internet use persist among racial and ethnic groups, smartphones appear to be helping to bridge the digital divide, according to a report issued today by the U.S. Census Bureau. The findings are part of the latest Census Bureau report, Computer and Internet Use in the United States: 2011, which provides analysis of computer and Internet use for households and individuals. The information comes from data collected as part of the Current Population Survey’s 2011 Computer and Internet Use Supplement, which was sponsored and funded by the National Telecommunications and Information Administration (NTIA). The report also features a table that places users along a “connectivity continuum” and shows that a sizeable percentage of Internet users now make their online connections both inside and outside the home and from multiple devices.”


For my tech students...
… Sometimes when I don’t feel like reading, I switch on the browser and catch the best of technology in videos. There are some pretty good YouTube channels on technology there in that last link. But that’s not the complete barrel. Here are ten [I count 8 Bob] more technology video websites if you like to catch the latest that’s happening in the world of bits and bytes.

Monday, June 10, 2013

You get a terrorist alert from a trusted friend but you ignore it because... Wait. Why do you ignore it?
Sarah Young reports:
Britain must say if its spies acted illegally after revelations that they received data collected secretly by the United States from the the world’s biggest Internet companies, members of parliament said on Monday.
The Guardian newspaper has suggested that the United States may have handed over information on Britons gathered under a top secret programme codenamed PRISM which collated emails, Internet chat and files directly from the servers of companies such as Google, Facebook, Twitter and Skype.
Foreign Secretary William Hague, who is due to address parliament on Monday about the reports, has said Britain’s GCHQ eavesdropping agency broke no laws, though he refused to confirm or deny that Britain had received the secretly collected data.
Read more of this Reuters report on Trust.org.

(Related) I never understood this logic.
Kristina Wong reports:
News and social media websites have been blocked on some Pentagon workstations Friday to prevent employees and contractors from accessing classified information that was leaked Thursday about a federal program that gathers Internet users’ personal data from the computer servers of Web service providers.
U.S. Cyber Command recommended the blocking, which began about 11:30 a.m. Friday, a Defense Department source said.
Read more on Washington Times.
So once again, everyone else can read what our own government leaked, but government employees can’t. This is not the first time we’ve seen this approach to containing a leak of classified information – we saw this after WikiLeaks started publishing State Department cables leaked by Bradley Manning – but it still seems like futility personified.

(Related) I hadn't thought about these. Makes it hard to keep saying “it never happened” doesn't it?
Cindy Cohn and Mark Rumold of EFF write:
In light of the confirmation of NSA surveillance of millions of Americans’ communications records, and especially the decision by the government to declassify and publicly release descriptions of the program, the government today asked the courts handling two EFF surveillance cases for some additional time to consider their options.
The first notice comes in EFF’s Jewel v. NSA case (along with a companion case called Shubert v. Obama), which seeks to stop the spying and obtain an injunction prohibiting the mass collection of communications records by the government. While the Guardian importantly confirmed this with government documents on Wednesday and Thursday, we’ve been arguing for seven years in court that the NSA has been conducting the same type of dragnet surveillance. In the government’s motion, they ask the court to hold the case in abeyance and that the parties file a status report by July 12, 2013.
The second notice comes in EFF’s Freedom of Information Act (FOIA) case seeking the DOJ’s secret legal interpretations of Section 215 of the Patriot Act (50 U.S.C. section 1861), which was the statute cited in the leaked secret court order aimed at Verizon. Sen. Wyden and Sen. Udall have long said publicly that the American public would be “shocked” to know how the government is interpreting this statute. The leaked court order gives us an idea of what they were talking about. The government seeks a status report within 30 days of today, June 7, 2013.
In both of these cases, the government has long claimed broad secrecy. Obviously, now that the DNI and many members of Congress have confirmed those portions of the surveillance program, any claim of state secrets protection or the classified information privilege under FOIA would fail in the courts.
We look forward to discussing next steps in these cases with the government. As always, our goal is to have an adversarial proceeding in open court to evaluate the government’s actions in light of the longstanding protections in the Constitution—protections which prevent general warrants that scoop up our “papers” first and sort out whether there’s any basis for doing so after the fact.

(Related) It could have been worse. Apparently it isn't too difficult to record the entier conversation in addition to all that metadata.
Ben Grubb reports:
“This call may be recorded for training and quality purposes.”
And perhaps inadvertently uploaded to the internet if you’re a customer of a certain Australian telco.
Recorded voice contracts containing personally identifiable information between telco IF Telecom and its customers have been found online by an Australian security expert while performing a simple Google search.
The audio files found on the internet contain business managers confirming telephone contract agreements to an IF Telecom operator. Information read aloud during the calls by business customers includes their name and position, business name, date of birth, drivers’ licence number and expiry date, business street address and business telephone number.
Read more on The Age.


Interesting. If you believe that everything should be done by the government (because citizens are incompetent) this makes sense.
Will laws soon stop you from filming your neighbors?
I hate to bring up the subject of people spying on people, but it seems to be entering the realms of an epidemic.
Many no doubt nice human beings are installing closed circuit TV systems in order to protect their properties from marauding anarchists or burglars who want to enter their houses to browse Facebook.
Once they have these systems, they begin to realize that they can use them to snoop on their neighbors -- especially the ones where the husband wears a skirt to greet the mailman.
Now the place that has more cameras than steak and kidney pies, the United Kingdom, is considering the idea that CCTV systems might have to be regulated by law.


Think it will get better when the Feds take over?
There was some great reporting by Jordan Robertson of Bloomberg while I was away:
Hospitals in the U.S. pledge to keep a patient’s health background confidential. Yet states from Washington to New York are putting privacy at risk by selling records that can be used to link a person’s identity to medical conditions using public information.
Consider Ray Boylston, who went into diabetic shock while riding his motorcycle in rural Washington in 2011. He careened off the road and was thrown into the woods, an accident that was covered only briefly, in the local newspaper. Boylston disclosed his medical condition and history to a handful of loved ones and the hospital that treated him.
After Boylston’s discharge, Washington collected the paperwork of his week-long stay from Providence Sacred Heart Medical Center in Spokane and added it to a database of 650,000 hospitalizations for 2011 available for sale to researchers, companies and other members of the public. The data was supposed to remain anonymous. Yet because of state exemption from federal regulations governing discharge information, Boylston could be identified and his medical background exposed using only publicly available information.
Read more on Bloomberg News. As part of his investigative reporting, Jordan worked with Latanya Sweeney, who’s well-known for her research on re-identifying supposedly de-identified information. Hopefully his reporting will start some serious discussions in states that do sell data to researchers and others.


We gots rights?
Hanni Fakhoury writes:
In a landmark decision in Commonwealth v. Rousseau, the Massachusetts Supreme Judicial Court ruled this week that people “may reasonably expect not to be subjected to extended GPS electronic surveillance by the government” without a search warrant — whether they are driving the vehicle in question or not.
Read more about the case and the significance of the ruling on EFF.


Big Data at the market?
How supermarkets get your data – and what they do with it
… Sainsbury's discovered that a cereal brand called Grape-Nuts was worth stocking – despite weak sales – because the shoppers who bought it were extremely loyal to Sainsbury's and often big spenders.


A plea for Big Data?
Brief of Digital Humanities and Law Scholars as Amici Curiae in Authors Guild v. Hathitrust
Jockers, Matthew L., Sag, Matthew and Schultz, Jason, Brief of Digital Humanities and Law Scholars as Amici Curiae in Authors Guild v. Hathitrust (June 4, 2013). Available at SSRNThis Amicus Brief was filed in the United States Court of Appeal for the Second Circuit in the case of Authors Guild v. Hathitrust on June 4, 2013. The case is on Appeal from the United States District Court for the Southern District of New York, No. 11 CV 6351 (Baer, J.) Amici are over 100 professors and scholars who teach, write, and research in computer science, the digital humanities, linguistics or law, and two associations that represent Digital Humanities scholars generally. Mass digitization, especially by libraries, is a key enabler of socially valuable computational and statistical research (often called “data mining” or “text mining”). While the practice of data mining has been used for several decades in traditional scientific disciplines such as astrophysics and in social sciences like economics, it has only recently become technologically and economically feasible within the humanities. This has led to a revolution, dubbed “Digital Humanities,” ranging across subjects like literature and linguistics to history and philosophy. New scholarly endeavors enabled by Digital Humanities advancements are still in their infancy but have enormous potential to contribute to our collective understanding of the cultural, political, and economic relationships among various collections (or corpora) of works – including copyrighted works – and with society. The Court’s ruling in this case on the legality of mass digitization could dramatically affect the future of work in the Digital Humanities. The Amici argue that the Court should affirm the decision of the district court below that library digitization for the purpose of text mining and similar non-expressive uses present no legally cognizable conflict with the statutory rights or interests of the copyright holders. Where, as here, the output of a database – i.e., the data it produces and displays – is noninfringing, this Court should find that the creation and operation of the database itself is likewise noninfringing. The copying required to convert paper library books into a searchable digital database is properly considered a “non-expressive use” because the works are copied for reasons unrelated to their protectable expressive qualities – the copies are intermediate and, as far as is relevant here, unread. The mass digitization of books for text-mining purposes is a form of incidental or “intermediate” copying that enables ultimately non-expressive, non-infringing, and socially beneficial uses without unduly treading on any expressive – i.e., legally cognizable – uses of the works. The Court should find such copying to be fair use.”