Saturday, June 22, 2013

Sometimes it's the little things...
Here’s The Security Breach Email Facebook Is Sending To 6M Users
Facebook has started sending out warning emails to users whose personal information has been compromised by the security bug it confirmed yesterday, confirming which pieces of data were exposed. The bug exposed some six million Facebook users’ email addresses and telephone numbers to other site users because Facebook had “inadvertently stored [it] in association with people’s contact information as part of their account on Facebook”. [Oops! Bob]
… The bug had apparently been live since last year, before being brought to Facebook’s attention last week. Its security team then fixed it within 24 hours of it being flagged, according to the social network.


How fragile is a “fully integrated” system.
Southwest cancels 57 flights after computer glitch
A system-wide computer failure forced Southwest Airlines to ground its entire fleet of airplanes preparing for departures late Friday, and at least 57 flights had to be canceled even after service was fully restored hours later, a company spokeswoman said.
The glitch impaired the airline's ability to do such things as conduct check-ins, print boarding passes and monitor the weight of each aircraft.


Well Secretary Stimson, apparently "Gentlemen do read each other's mail." If you recall that these techniques and procedures are designed for the military, they make sense. It's when they bleed over to your own citizens that the government seems Big Brother like...
Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies and James Ball report:
Britain’s spy agency GCHQ has secretly gained access to the network of cables which carry the world’s phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).
The sheer scale of the agency’s ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.
One key innovation has been GCHQ’s ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.
Read more on The Guardian.
[From the article:
This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user's access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.
The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called "the largest programme of suspicionless surveillance in human history".

(Related) What, you thought we only shared with a few English speaking countries?
No PRISM for Dutch security bodies, but yes to information swaps
The Dutch security services AIVD and MIVD do not make direct use of the US internet spy system PRISM or similar programmes, home affairs minister Ronald Plasterk told reporters after Friday’s cabinet meeting.
However, the Netherlands does exchange information with foreign security services and this information may well have been collected by PRISM, Plasterk is quoted as saying by Nos television.
Read more on DutchNews.nl

(Related) Why sealed? Did he commit a “Secret Crime?”
Peter Finn and Sari Horwitz report:
Federal prosecutors have filed a sealed criminal complaint against Edward Snowden, the former National Security Agency contractor who leaked a trove of documents about top-secret surveillance programs, and the United States has asked Hong Kong to detain him on a provisional arrest warrant, according to U.S. officials.
Snowden was charged with espionage, theft and conversion of government property, the officials said.
Read more on Washington Post.
Update: A copy of the sealed complaint, without the supporting affidavit, is here.
[From the article:
The Obama administration has shown a particular propensity to go after leakers and has launched more investigations than any previous administration. This White House is responsible for bringing six of the nine total indictments ever brought under the 1917 Espionage Act. Snowden will be the seventh individual when he is formally indicted.
… Snowden’s defense team in Hong Kong is likely to invoke part of the extradition treaty with the United States, which states that suspects will not be turned over to face criminal trial for offenses of a “political character.”


Another reason why I think that (sooner rather than later) everyone will surveil everyone. Add wings from a 3D printer and encrypted upload and download and you can “spy like Big Brother!”
The democratization of the drone
… Parallax sells six main kits on its Web site, but it's the Elev-8 quadcopter kit that is skyrocketing in popularity. Based on the company's newer chip, the multicore, C-programmable Propeller, the Elev-8 can be expanded to a hexcopter, and can carry payloads, like cameras, of up to 2.5 pounds.


Definately worth a read!
Cyber Security in the Internet of Things
Every enterprise will be affected by the Internet of Things (IoT), the growing phenomenon by which not only people, but also "things" — vehicles, commercial and industrial equipment, medical devices, remote sensors in natural environments — are linked to networks that are connected to the internet. Expect the impact on your business to be profound.
In particular, expect it to challenge your conception of cybersecurity and your ability to deliver it
… Succeeding in the IoT era will depend on defining and deploying not only the right cybersecurity technologies, but also the right policies and operations.


For my Ethical Hackers...
For a long time I've been a fan of N2A Cards, which sells a simple plug-and-play way to turn Barnes & Noble's Nook tablets into full-blown Android tablets. After all, if you've got good hardware, why not unlock its maximum potential?
Now Kindle owners can get in on the action. N2A's new N2Aos service will install Android 4.2 (Jelly Bean) on your first- or second-generation Kindle Fire, replacing Amazon's heavily customized -- and, some would say, limited -- operating system with the real deal.


Expanding research options for my students... Similar to “Similar Sites”
NextStories makes it easy to discover content you’re interested in reading based on any one site of your choice.
To use NextStories you don’t have to sign up for an account. Simply visit the site, drag the bookmarklet to your bookmarks bar and you’re ready to go. Next, go to a site that you like to read. We tested it out with MakeUseOf, of course, and clicked the bookmarklet while on the website’s homepage. We were instantly presented with a grid of articles from sites like Lifehacker, 9to5 Mac, and The Verge, among many others. The topics were on point and looked like they would definitely interest a MakeUseOf reader (or writer for that matter).
… In addition to browsing NextStories on the web, you can also take the browsing feature with you on the go using the free iPad app, which offers a similar experience.

Friday, June 21, 2013

Incredible. Clearly, “We don't need no stinking oversight!”
Obama to meet privacy oversight board to try to reassure public on spying
Obama is scrambling to show he has credibility on the issue after coming under fire for the scope of surveillance conducted by the National Security Agency, which was revealed in a series of disclosures by former government contractor Edward Snowden.
The president will hold talks with members of the Privacy and Civil Liberties Oversight Board, a five-person independent agency that has been largely dormant since 2008 and held its first full-fledged meeting on Wednesday after the Senate confirmed David Medine as its chairman last month.
The board's purpose is to review actions the government takes to protect national security, while balancing those steps with the need to protect privacy and civil liberties.


Just in case you think the NSA missed your call...
These days, almost everyone has a Skype account. It has quickly become the default communication method for long-distance calls and video chats as it is free and easy to use.
… There are so many great reasons you may have to record a call with Skype. You may be taking language lessons via Skype and want to listen to them again later, you might be recording content for a podcast, maybe you have a lot of business calls via Skype and want to keep a record to make sure you get your tasks done, or perhaps you need to keep records to share with other parties or for posterity.
Whatever you need to record; here’s how you do it.


Hey look! They've got rules! (Following them is apparently a political decision)
NIST – Security and Privacy Controls for Federal Information Systems and Organizations
Security and Privacy Controls for Federal Information Systems and Organizations, Joint Task Force Transformation Initiative, Computer Security Division Information Technology Laboratory – National Institute of Standards and Technology. April 2013
This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation from a diverse set of threats including hostile cyber attacks, natural disasters, structural failures, and human errors (both intentional and unintentional). The security and privacy controls are customizable and implemented as part of an organization wide process that manages information security and privacy risk. The controls address a diverse set of security and privacy requirements across the federal government and critical infrastructure, derived from legislation, Executive Orders, policies, directives, regulations, standards, and /or mission/business needs. The publication also describes how to develop specialized sets of controls, or overlays, tailored for specific types of missions/business functions, technologies, or environments of operation. Finally, the catalog of security controls addresses security from both a functionality perspective (the strength of security functions and mechanisms provided) and an assurance perspective (the measures of confiden ce in the implemented security capability). Addressing both security functionality and security assurance ensures that information technology products and the information systems built from those products using sound systems and security engineering principles are sufficiently trustworthy.”


1) It is easier to ask forgiveness than to get permission. 2) Congress was busy and never asked. 3) Everyone else has one. 4) If you ain't FBI, you're a suspect. (Pick 4)
Jennifer Lynch writes:
Today we’re publishingfor the first time—the FBI’s drone licenses and supporting records for the last several years. Unfortunately, to say that the FBI has been less than forthcoming with these records would be a gross understatement.
Just yesterday, Wired broke the story that the FBI has been using drones to surveil Americans. Wired noted that, during an FBI oversight hearing before the Senate Judiciary Committee, FBI Director Robert Mueller let slip that the FBI flies surveillance drones on American soil. Mueller tried to reassure the senators that FBI’s drone program “is very narrowly focused on particularized cases and particularized leads.” However, there’s no way to check the Director on these statements, given the Bureau’s extreme lack of transparency about its program.
Read more on EFF.


Notice: This assume anyone would want to be located in Montana...
Allie Bohm writes:
Montana just made history. It recently enacted the first state law in the nation(sponsored by Rep. Daniel Zolnikov (R-Billings)) requiring law enforcement to obtain a probable-cause warrant before tracking an individual based on his or her cell phone location information, social networking check-ins, or via a GPS tracking device in a criminal investigation. (A few states do have laws pertaining only to GPS tracking.)
Read more on ACLU’s blog.


I want the black box data. In fact, I want to be able to call it up on the dashboard.
Lucas Mearian reports:
Is your car watching your every move? Can the cable company track your DVR habits?
Those two privacy issues are bubbling up in Congress, where lawmakers this week filed bipartisan legislation that would give car owners control over data collected in black box-style recorders that may be required in all cars as soon as next year. The move follows a separate proposal made earlier this month that would block telecommunications companies from tracking viewer activity with new digital video recorder (DVR) technology.
Read more on Computerworld.


Perhaps we should track these people (or at least review their LinkedIn pages). They might be useful resources or even speakers...
Former Twitter laywer officially joins White House staff
The Office of Science and Technology Policy confirmed Wong's new role as a deputy chief technology officer in the Obama administration Thursday to The Washington Post. CNET first reported in May that Wong was tapped to be the White House's first privacy officer.
Wong, who worked as a vice president and deputy general counsel at Google prior to working at Twitter...

(Related)
Facebook promotes Colin Stretch to general counsel
Stretch, who joined Facebook in 2010, is the company's acting deputy general counsel. He will replace current General Counsel Ted Ullyot, who announced in May that he was leaving the social network after five years with the company.


Trying to blog (and teach) in a 'TL;DR' world
When 15 seconds is too long; welcome to the 'TL;DR' world
Instagram has video now, a whole 15 seconds that can be recorded. That's just over twice as long as Vine's 6 seconds. "Too long?" some wonder. Maybe the bigger question is, how have we ended up in a place where there can even be a debate over whether a few seconds is too long?
TL;DR: "Too long; didn't read"
Yes, the TL;DR world continues to grow. "TL;DR"? Too long; didn't read. I didn't even know the acronym until about a year ago, when I began seeing it more and more. The writer part of me, the curmudgeon part of me, wants to say RTDT, "read the damn thing," to anyone who has a TL;DR type of attitude.


Might be interesting to my statistics students...
The Measure of America 2013–2014
“In the era of “big data,” it would seem that policymakers and regular people alike would have the information they need at their fingertips to understand their world and make it better. Unfortunately, that’s far from the case. Though we know the country’s gross domestic product quarterly, its retail sales monthly, and stock market numbers minute-by-minute, we rarely hear statistics on our country’s people.
How long can a baby born today in Missouri, New Mexico, or Minnesota expect to live? What proportion of adults have completed high school in Houston as compared to Dallas? What wages and salaries are typical of Latinos in the United States, and how do they compare to those of whites or African Americans?
Measure of America’s mission is to use data points like these to tell the story of how people—not just the economy—are doing. We do so using the global gold standard for measuring well-being and access to opportunity: the Human Development Index.
This third volume in the Measure of America series measures well-being in three vital areas—health, education, and earnings—that shape the opportunities available to us and enable people to invest in their families and live to their full potential. The Measure of America 2013–2014 contains American Human Development Index ranking for the 50 U.S. states, the 25 largest metropolitan areas, and racial and ethnic groups within those states and metro areas. It also looks at changes in well-being in states since 2000 and in metro areas before and after the Great Recession.”


Another tool for my website students.
Not being a coder, I’m always on the lookout for easy ways to build beautiful websites that require no coding skills, and just over a year ago I discovered Breezi. A new service at the time, Breezi caught my attention for both its ease of use and abundance of features, and proved itself a reliable and stable solution for building websites.


Easier than lugging all my textbooks? I think I might break down and give this one a try. (It's cheap enough even for me!)
Get a Kobo Mini e-reader for $39.99
… here's one of the best deals I've seen yet: For a limited time, you can get the Kobo Mini e-reader for $39.99, plus $8 for shipping. That's $20 less than the last time I wrote about it and $30 less than Amazon's entry-level Kindle. It's available in black or white.
The Kobo Mini has a touch screen, whereas the $69 Kindle does not. It's a slightly smaller screen, too (5 inches), meaning it's a bit easier to pocket. And at 4.7 ounces, it's the lightest e-reader currently available.

Thursday, June 20, 2013

This data would be quite useful after the fact, but absent any clear indication of interest from other sources I don't see how it could be used to identify “persons of interest.”
U. S. Senators Ron Wyden (D-Ore.) and Mark Udall (D-Colo.) issued the following statement responding to comments made by members of the Intelligence Community about the value of certain NSA surveillance programs. Both Senators sit on the Senate Intelligence Committee.
… Based on the evidence that we have seen, it appears that multiple terrorist plots have been disrupted at least in part because of information obtained under section 702 of FISA. However, it appears that the bulk phone records collection program under section 215 of the USA Patriot Act played little or no role in most of these disruptions. Saying that “these programs” have disrupted “dozens of potential terrorist plots” is misleading if the bulk phone records collection program is actually providing little or no unique value.
… The NSA’s five-year retention period for phone records is longer than the retention period used by some phone companies, but the NSA still has not provided us with any examples of instances where it relied on its bulk collection authority to review records that the relevant phone company no longer possessed.
In fact, we have yet to see any evidence that the bulk phone records collection program has provided any otherwise unobtainable intelligence. It may be more convenient for the NSA to collect this data in bulk, rather than directing specific queries to the various phone companies, but in our judgment convenience alone does not justify the collection of the personal information of huge numbers of ordinary Americans if the same or more information can be obtained using less intrusive methods.
If there is additional evidence for the usefulness of the bulk phone records collection program that we have not yet seen, we would welcome the opportunity to review it.”
SOURCE: Senator Ron Wyden


Please tell me that “be available to” does not mean “duplicated by” DHS.
Josh Peterson reports:
Domestic spying capabilities used by the National Security Agency to collect massive amounts of data on American citizens could soon be available to the Department of Homeland Security — a bureaucracy with the power to arrest citizens that is not subject to limitations imposed on the NSA.
Read more on The Daily Caller.
[From the article:
Republican critics of the DHS believed the department was too incompetent and inexperienced to conduct meaningful cybersecurity oversight for the nation’s critical infrastructure.


This looked scary, but what it is is bad security – failure to follow Best Practices or to employ common sense.
BuckleySander LLP writes:
On June 5, the U.S. District Court for the Northern District of Ohio held that emails the intended recipient opened but did not delete were not covered by the Stored Communications Act because they were not being kept for the purposes of backup protection. Lazette v. Kulmatycki, No. 12-02416, 2013 WL 2455937 (N.D. Ohio Jun. 5, 2013). In this case, an individual alleged, among other things, that her former employer and supervisor violated the Stored Communications Act when the supervisor read numerous emails in the employees personal email account, which the supervisor accessed through the employer-issued mobile device the employee surrendered upon leaving the company. [Never let your system enter your userid and password for systems like email. Always change your passwords when returning computers. Bob] Some of these emails previously had been opened by the intended recipient, while others had not.
Read more on JDSupra Law News.
[From the article:
The court declined to dismiss the intended recipient’s claim with respect to the emails which were first opened by the supervisor. The court rejected several other of the employer’s SCA-related arguments, holding that (i) the SCA was not designed only to apply to computer hackers and generally does apply to the supervisor’s actions, (ii) the mobile device was not the “facility” under the SCA, rather the server for the personal email service was the facility, and (iii) the employee did not implicitly consent to having her emails read by not deleting or logging out of the personal account before surrendering the employer-issued mobile device.


Probably not a surprise to anyone with a brain, but is this really the first time legislators have asked?
Michael McAuliff reports:
FBI Director Robert Mueller revealed Wednesday that the bureau uses drones to conduct surveillance on U.S. soil.
Asked by Sen. Chuck Grassley (R-Iowa) if the FBI was following in the footsteps of the Drug Enforcement Agency and the Bureau of Alcohol, Tobacco and Firearms in pursuing the use of unmanned aerial vehicles, Mueller said yes. The vehicles are used in very narrow circumstances for surveillance, he said.
Read more on Huffington Post.


“We don't have regulations, but we demand that you follow them. By the way, we think you are making money – shame on you!”
DW reports:
France’s data protection watchdog on Thursday gave Google three months to bring its practices into line with French privacy law or risk an initial fine of 150,000 euros ($201,100).
CNIL president Isabelle Falque-Pierrotin said by the end of July all of the six countries within the [EU data protection] task force – formed in April – will have begun coercive action against Google.
Read more on Deutsche Welle
[From the article:
Proposed Europe-wide data protection legislation is not expected until 2015.
Regulators accuse Goggle of creating a data goldmine.


I doubt many will bother to learn about this, much less actually use it.
… The Cookie Clearinghouse will develop and maintain an “allow list” and “block list” to help Internet users make privacy choices as they move through the Internet. The Clearinghouse will identify instances where tracking is being conducted without the user’s consent, such as by third parties that the user never visited. To establish the “allow list” and “block list,” the Cookie Clearinghouse is consulting with an advisory board that will include individuals from browser companies including Mozilla and Opera Software, academic privacy researchers, as well as individuals with expertise in small businesses and in European law, and the advisory board will continue to grow over time. The Clearinghouse will also offer the public an opportunity to comment. With this input, the Clearinghouse will develop an objective set of criteria for when to include a website’s cookies on the lists.
For more details, please visit the Cookie Clearinghouse: http://cch.law.stanford.edu


Lawyers have a sense of humor? Brilliant!
Lawyer brilliantly bites township trying to shut his client's site
Sometimes, cease-and-desist letters are mere morsels of intimidation, their legal grounds swamps. One lawyer decided that the accuser, West Orange, N.J., itself needed to shut up and go away. His letter smacks of literary genius.


...but we still can't fix potholes as quickly as they appear.
NPR Series on Big Data
What Big Data Means For Big Cities, by Adam Frank: “Cities are created human environments. They are ecosystems of energy and matter imagined into existence through human effort. Because cities are essentially ideas transformed into action, they are creatures of information and a Big Data problem. By breathing in the torrents of data cities generate every second, Big Data scientists and engineers believe they can make cities efficient, effective and responsive to human needs in ways that will reshape their very nature. In the most ambitious vision, the Big Data of Big Cities will mean these dense hubs of human habitation, where 85 percent of all people will live by 2050, might become adaptive, almost self-aware. Given the need to create a sustainable global human culture on a finite planet with finite resources, some say the Big Data revolution can’t come fast enough for Big Cities.”


Do they have any idea how this will help students learn?
L.A. Unified awards Apple $30-million contract for iPads
Apple Inc. won a $30-million contract Tuesday from the Los Angeles Unified School District, paving the way for the company to provide every student with an iPad in the nation's second-largest school system.
… L.A. Unified will begin rolling out the devices to 47 campuses. However, by choosing Apple as the sole vendor, the district also made a de facto commitment to spend hundreds of millions of dollars with the Cupertino, Calif., digital giant over the next two years.
The push for tablets came from schools Supt. John Deasy, who made it his goal to close the technology gap for the overwhelming majority of low-income district students. He expects to pay for the tablets with school construction bonds, a controversial source because they are repaid over decades.
… New state and national tests will be taken on computers, and district officials don't want students to lack the necessary experience with them.
… The district is paying $678 per device — higher than tablets available in stores — but the computers will be preloaded with educational software. The price does not include a wireless keyboard, which may be necessary for older students.


Something for my students?
It is always handy to have an English dictionary installed on your computer. But a dictionary is not enough – for people who write often, having a thesaurus is equally important.
TheSage’s English Dictionary and Thesaurus is a free to use desktop application for Windows computers.
… Options in the right pane of the application let you enable text to speech which lets you hear the pronunciation of the word and that of the synonyms.
The app also offers browser extensions for Chrome and Firefox for better accessibility.


Given time and something that amuses you, this is an example of what can result.
My Kind of Town, Stink Onions
The literal meanings of places in the U.S., mapped.

Wednesday, June 19, 2013

Far be it for me to ever call an attorney a worm, but when Snowden opened the can, this is one of many things that crawled out.
In the wake of revelations about NSA amassing phone records, a sharp defense lawyer filed a motion to compel the government to turn over his client’s records that might exonerate him.
Julia Filip reports:
Citing the NSA telephone dragnet, a federal judge ordered the United States government to deliver telephone records demanded by a man on trial for an armored car robbery in which a Brink’s employee was killed.
Read more on Courthouse News.
[From the article:
In light of the recently revealed National Security Agency surveillance program, Brown's attorneys challenged the government's claim that it has no access to records of Brown's phone calls.
Prosecutors claimed they were missing records of calls to and from two of Brown's telephones before Sept. 1, 2010. They claimed Brown's service provider, MetroPCS, no longer had the records. Prosecution relied on Moss's and other co-conspirators' cell phone records to try to prove Brown's involvement in the armed robberies.


...but of course, I don't use my browser to read the articles. That's what RSS readers are for.
EFF – How Dozens of Companies Know You’re Reading About Those NSA Leaks
Follow up to previous postings on NSA’s big data domestic surveillance program via Micah Lee: “Each time your browser makes a request it sends the following information with it:
  • Your IP address and the exact time of the request
  • User-Agent string: which normally contains the web browser you’re using, your browser’s version, your operating system, processor information (32-bit, 64-bit), language settings, and other data
  • Referrer: the URL of the website you’re coming from—in the case of the Facebook Like button example, your browser tells Facebook which website you’re viewing
  • Other HTTP headers which contain potentially identifying information
  • Sometimes tracking cookies
Every company has different practices, but they generally log some or all of this information, perhaps indefinitely. It takes very little information about your web browser to build a unique fingerprint of it. See EFF’s Panopticlick website to see how unique and trackable your web browser is even without the use of tracking cookies. You can read more in our Primer on Information Theory and Privacy.”


I always wondered what the DMVs used driver photos for, back before there was facial recognition software and FBI terrorist searches.
EPIC – FBI Performs Massive Virtual Line-up by Searching DMV Photos
“Through a Freedom of Information Act request, EPIC obtained a number of agreements between the FBI and state DMVs. The agreements allow the FBI to use facial recognition to compare subjects of FBI investigations with the millions of license and identification photos retained by participating state DMVs. EPIC also obtained the Standard Operating Procedure for the program and a Privacy Threshold Analysis that indicated that a Privacy Impact Assessment must be performed, but it is not clear whether one has been completed. EPIC is currently suing the FBI to learn more about its development of a vast biometric identification database. For more information, see EPIC: Face Recognition and EPIC: Biometric Identifiers.”


I still don't see the surveillance programs discovering these people. Granted they help a lot after they have been identified, but “Phone X called Phone Y” is just data unless and until one of those phones are connected to a bad guy.
The Four Times NSA Surveillance Programs Stopped An Attack
Since the terrorist attacks of Sept. 11, 2001, the government’s surveillance programs have helped thwart a terrorist attack in more than 50 instances, according to Gen. Keith Alexander, director of the National Security Agency. The intelligence community has decided to disclose four of these cases.


Another rich target area for my Ethical Hackers to protect? If I don't have to be an inventor, just an application filer, accessing your paperwork is more valuable than running a research lab.
Presentation – The Race to the Patent Office – the Impact of the America Invents Act
The Race to the Patent Office – the Impact of the America Invents Act – “The America Invents Act (Patent Reform Act) went into effect on 16 March 2013. It switched the U.S. patent system from “first to invent” to “first to file” and is the most significant change to the system in nearly 60 years. The act has wide ramifications concerning the kinds of innovations that are patentable, who owns inventions, who can use inventions, and how patents are challenged and defended. A panel of speakers discussed how the act has affected the patent process and the dramatic and unforeseen impacts they have seen since the law went into effect.” [via Lorna Newman]


Better late (accompanied by supportive news articles) than years ago when it started?
Craig Timberg reports:
Google asked the secretive Foreign Intelligence Surveillance Court on Tuesday to ease long-standing gag orders over data requests it makes, arguing that the company has a constitutional right to speak about information it’s forced to give the government.
The legal filing, which cites the First Amendment’s guarantee of free speech, is the latest move by the California-based tech giant to protect its reputation in the aftermath of news reports about sweeping National Security Agency surveillance of Internet traffic.
Read more on Washington Post.


My students might find this useful.
… On the web, ... the most popular document file format is PDF. And if you have a bunch PDF files (documents, books etc) on your computer which you would like to port to your Kindle device, check out pdf4kindle. It is a web service that lets you convert PDF files into MOBI format supported by Kindle. To convert a file simply go to their website, click “Upload pdf file” to select and upload PDF file from your computer. Wait while it converts the file and once it is finished download the .mobi file to your Kindle device.
Related tools – Total PDF Converter, Epub2Mobi

Tuesday, June 18, 2013

If President Obama was a Republican, would he say, “I am not a crook?”
Read about Charlie Rose’s interview with President Obama on NSA spying on BuzzFeed or watch it on Huffington Post. Are you reassured?


For those who need to catch up.
NSA Leak Catch-Up: The Latest on the Edward Snowden Fallout
It's been two weeks since the Washington Post and Guardian newspapers began to publish their stories based on leaks and interviews with former NSA contractor, Edward Snowden. The leaks have continued, counterleaks have bubbled up, tech companies have responded, and debate about the man at the center of it all continues to rage.
Three big stories -- one from the AP, one from NPR, and another from the Post -- came out this weekend that mined the details of Snowden's disclosures, refining them with more extensive reporting. The New York Times contributed a deep profile of Snowden himself, who continues to provoke strong reactions, especially after he revealed some details about U.S. spying on China and Russia.
Following, we attempt to bring you up to speed with the most recent disclosures and best reporting on the hurlyburly.


Follow-up on a May 31st story, 'cause it just keeps getting better.
School iris-scanned students without telling parents
… Peculiarly, no one at the schools district seems entirely sure how a security company called Stanley Convergent Security Solutions was allowed to install and operate the scanners without parents being told. Or, indeed, without a contract being signed.
Rob Davis, a Polk County district administrator, admitted to the Ledger that several mistakes were made. He said that he had no idea who (if anyone) had ultimately authorized Stanley Convergent to insert the iris scanners, which the company says have an accuracy rate of 200 times that of fingerprints. [Huh? Bob]
… It seems as if not one school lawyer looked through the proposed contract and approved it.
This has left some parents suspicious. Connie Turlington, parent of an 11-year-old, told The Ledger: "It sounds like a simple case of it's better to ask forgiveness than permission."


Interesting background summary (for us non-lawyers) leading to another “exception”
… The Supreme Court divided 5-4 on the question, with the majority dividing 3-2. The controlling opinion under a Marks analysis is the plurality opinion by Justice Alito joined by Chief Justice Roberts and Justice Kennedy. Justice Alito concluded that it did not violate Salinas’s Fifth Amendment right to comment on his silence because he never formally asserted his Fifth Amendment right.


A resource for Big Data research and an interesting process for quantifying “Open.”
New certificates launched to help everyone discover, understand, and use open data
“The Open Data Institute (ODI) is today launching Open Data Certificates to help everyone find, understand and use open data that is being released. The new certificates are being announced by CEO Gavin Starks at a G8 Summit event: Open for Growth. The certificates have been created in response to business, government, and citizen needs to bring rigour to the publication, dissemination and usage of open data. Over the last six months, ODI has been collaborating with dozens of organisations around the world to define the certificates. Today sees their first Beta release… Certificates are created online, for free, at http://certificates.theodi.org/. The process involves publishers answering a series of questions, each of which affect the certificate generated at the end.”

(Related) The market for Big Data analysts is growing...
Data is Worthless if You Don't Communicate It
There is a pressing need for more businesspeople who can think quantitatively and make decisions based on data and analysis, and businesspeople who can do so will become increasingly valuable. According to a McKinsey Global Institute report on big data, we'll need over 1.5 million more data-savvy managers to take advantage of all the data we generate.
But to borrow a phrase from Professor Xiao-Li Meng — formerly the Chair of the Statistics Department at Harvard and now Dean of the Graduate School of Arts and Sciences — you don't need to become a winemaker to become a wine connoisseur. Managers do not need to become quant jocks. But to fill the alarming need highlighted in the McKinsey report, most do need to become better consumers of data, with a better appreciation of quantitative analysis and — just as important — an ability to communicate what the numbers mean.


Perspective: Another era slides beneath the waves?
India's Last Telegram Will Be Sent in July
In 1850, the British inventor William O'Shaughnessy -- who would later become famous for his early experiments with medical cannabis -- sent a coded message over a telegraph line in India. His telegram would usher in a new age of communication in and for India, connecting the country in a way that had never before been possible.
Now, sometime on July 14, 2013, someone in India will have a dubious honor: he or she will send the country's last telegram. The Bharat Sanchar Nigam Limited, India's state-run telecom company, will shutter its telegram service, bringing the long era of Indian telegraphy from a dash ... to a full stop.
The shuttering comes seven years after Western Union ended its telegram service -- and nearly 170 years after Samuel Morse sent the United States's first telegraphic messages, between Washington and Baltimore, in 1844.


I have nothing (left) to hide.
… If the thought of the occasionally overzealous government official isn’t enough reason to encrypt your smartphone, then all the identity thieves and scammers out there ought to be. Think of how much of your personal information a bad guy could get, if they found your phone. Names, addresses, passwords, account numbers, and goodness knows what else. For a different take on Internet monitoring, check out James Bruce’s article, about how Internet monitoring laws will make criminals harder to catch. It’s very timely, all of a sudden.
Today, I’m going to show you a few things you can do to make that information a bit more secure.


No surprise here...
People joining the US workforce today are less educated than those leaving it

Monday, June 17, 2013

From the New Yorker, a bit of history that it seems we are doomed to repeat?
Read more on Jill Lepore’s article in The New Yorker.


So between 22 and 28 per day.
Apple has joined Google, Microsoft, and Facebook in saying it has obtained permission to disclose a bit more about requests it receives. In a statement issued yesterday, they write:
Two weeks ago, when technology companies were accused of indiscriminately sharing customer data with government agencies, Apple issued a clear response: We first heard of the government’s “Prism” program when news organizations asked us about it on June 6. We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order.
… From December 1, 2012 to May 31, 2013, Apple received between 4,000 and 5,000 requests from U.S. law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters. The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease, or hoping to prevent a suicide.
… There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it.
For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.
But lumping national security requests in with other requests to provide an aggregate number is really not useful to us in understanding how often government is requesting customer information under surveillance programs, as both Google and Twitter pointed out this weekend.
What would the government do if all of the companies got together and informed the government that dammit, they’re all gonna disclose the real numbers and that’s it? Businesses need government, but government also needs businesses. What would they do?


For my Computer Security students A high level overview, but better than nothing.
Army Releases Cybersecurity Handbook to Public
News release: “The Army published a new handbook this month to provide leaders of all levels with the information and tools needed to address today’s cybersecurity challenges, and to ensure organizations adopt the necessary practices to protect their information and the Army network. Currently, all Army commands are developing Information Assurance/Cybersecurity awareness training to address areas of weakness identified by the Army Information Assurance Self-Assessment Tool. During the Army Cybersecurity Awareness Week, Oct. 15-18, 2013commanders will train personnel based on command plans and highlight the importance of individual responsibilities.”
This Handbook is designed to provide leaders the information and tools to address today’s complex security challenges. It is also a quick reference for managing Cybersecurity issues that will help ensure that Soldiers, Civilians and contractors know their responsibilities for daily practices that will protect information and our IT capabilities.


Unfortunately, this will be useful for my Math students.
If you, or someone in your family is working on their multiplication tables, Tables Test is a great website for practicing.
The website turns practicing into a game. It comes with five levels, and it keeps score based on the amount of correct answers you are able to give.


Summer. Time to forget school and learn something.
Most of these courses offer “certificates” or “statements of completion,” though typically not university credit. (See the key below to understand the credentials offered by each course.)
Also don’t miss our separate collection, 700 Free Online Courses from Top Universities.

Sunday, June 16, 2013

If you discuss what you learned in a “secret briefing” are you a traitor? If you don't reveal as much as Snowdon did, are you a mini-traitor or just not very well informed? On the other hand, if you simply repeat what you have been told you may be an ignorant dupe.
Declan McCullagh reports:
The National Security Agency has acknowledged in a new classified briefing that it does not need court authorization to listen to domestic phone calls.
Rep. Jerrold Nadler, a New York Democrat, disclosed this week that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed “simply based on an analyst deciding that.”
If the NSA wants “to listen to the phone,” an analyst’s decision is sufficient, without any other legal authorization required, Nadler said he learned. “I was rather startled,” said Nadler, an attorney and congressman who serves on the House Judiciary committee.
Read more on CNET.
I’m glad Declan is reporting on this as I was surprised when Rep. Nadler brought out an apparent contradiction between what members of Congress heard in classified briefings and what Director Mueller testified to. Here’s a clip of the interaction:
But how much does the government actually get? A document obtained by Reuters suggests that the government does not get details on many numbers in the course of a year:
The U.S. government only searched for detailed information on calls involving fewer than 300 specific phone numbers among the millions of raw phone records collected by the National Security Agency in 2012, according to a government paper obtained by Reuters on Saturday.
The unclassified paper was circulated Saturday within the government by U.S. intelligence agencies and apparently is an attempt by spy agencies and the Obama administration to rebut accusations that it overreached in investigating potential militant plots.
Read more on Reuters.

(Related)
If you read only one article today, read Barton Gellman’s article in the Washington Post, “U.S. surveillance architecture includes collection of revealing Internet, phone metadata.
As I read it, I found myself wondering, “How many members of Congress really knew/know about these programs – and of them, how many understood the programs?”
Did Congress totally abrogate its responsibility to us or did the Executive branch subvert our systems of checks and balances by misleading or flat-out lying to Congress?
In recent weeks, there have been calls for a Church-style commission. Sooner would be better than later.


Interesting. I wonder if anyone in Congress has read it recently?
NSA surveillance puts George Orwell's '1984' on bestseller lists
[If not, I can recommend this site:
1984 by George Orwell: Free eBook - Free Audio BookFree Movie
Animal Farm by George Orwell: Free eBookFree Audio BookFree Animated Movie


Does anyone still print? I guess some teachers still want things on paper...
… Now, Google has released a free Android app for Cloud Print that enables you to print from any Android device with a Cloud Print connected printer.
… For the best expereince, Google recommends you have a Cloud Print ready printer. If not, Google Chrome has a setting that enables you to activate the Google Cloud Print connector. It’s a simple matter of signing in with your preferred Google account. Google’s support page shows you how to connect your classic printer with Google Cloud Print.