Saturday, August 03, 2013

Is this how all future Privacy lawsuits will be resolved?
MainJustice has an update to the LinkedIn lawsuit concerning their massive hack last year. As expected, LinkedIn moved to dismiss on the grounds that the plaintiff hasn’t suffered any harm and hasn’t proved they used outdated security, but the plaintiff responds that harm is irrelevant – she wouldn’t have purchased a premium account if it hadn’t been for their representations of “industry standard” security. MainJustice has also uploaded a copy of the court filing.


We should think before each transaction...
Jasmine McNealy writes:
Most Americans now have extensive digital footprints comprised of the Tweets, Facebook posts, LinkedIn profiles, Instagram photos, and other material they share online.(a) And this easily accessible public persona is just the tip of the iceberg. We may think our web searches, shopping habits, browsing history, and email archives are private, but this data is often one of the most valuable assets for companies like Google and Amazon.
The law, however, has yet to catch up. We still do not have clear answers to basic questions such as: Do people own personal information about themselves? How can they control or limit how companies (and governments) use it? To start, there are complexities around the fundamental issue of information “ownership,” particularly ownership of personally identifiable information (PII). One cannot be said to actually own information about one’s self. Information relates to you, is connected to you, or is of you.
Read more on Footnote1


I suppose everyone with an opinion could make the headlines while this is still an issue. I just wish they had an understanding of intelligence collection as well as the pros and cons.
Timothy Edgar is a civil liberties lawyer who has worked both for Mr. Clapper of the DNI and for the American Civil Liberties Union. He offers his thoughts on increasing transparency in an OpEd in the WSJ. Here’s an excerpt
President Obama should go further, wresting control from the leakers and restoring trust with the public. He should ask Mr. Clapper to look across the intelligence community and disclose to the public the types of large databases it collects in bulk, under what legal powers or interpretations, and pursuant to what safeguards to protect Americans’ privacy—while keeping necessary details secret.
Many aspects of surveillance must remain secret. For example, the government should never provide a list of companies from which it acquires big data sets. [Just assume it's all of them? Bob] Despite what Americans see in the movies, the NSA doesn’t actually collect everything. Knowing which companies are included and which are not would tip off terrorists about how to avoid detection—telling them which providers to use and which to avoid. Likewise, the government will never be able to confirm or deny whether particular people are under surveillance, but it should avoid the temptation to use this necessary secrecy to avoid meeting legal challenges to its activities. The government has good arguments for why its programs are both vital for national security and perfectly constitutional. It should make them.
Read more of his OpEd on the Wall Street Journal.


In “ye olde days” you were either a recognized member of the tribe or you were a stranger/outsider/enemy. Today recognition does not make you a member of the tribe.
Danielle Citron writes:
Professor Margaret Hu’s important new article, “Biometric ID Cybersurveillance” (Indiana Law Journal), carefully and chillingly lays out federal and state government’s increasing use of biometrics for identification and other purposes. These efforts are poised to lead to a national biometric ID with centralized databases of our iris, face, and fingerprints. Such multimodal biometric IDs ostensibly provide greater security from fraud than our current de facto identifier, the social security number. As Professor Hu lays out, biometrics are, and soon will be, gatekeepers to the right to vote, work, fly, drive, and cross into our borders.
Read more on Concurring Opinions.

(Related)
Let’s just call this the privacy outrage of the week:
If a girl younger than 16 gives birth and won’t name the father, a new Mississippi law – likely the first of its kind in the country – says authorities must collect umbilical cord blood and run DNA tests to prove paternity as a step toward prosecuting statutory rape cases.
Read more of this Associated Press story on The Item.
[From the article:
Supporters say the law is intended to chip away at Mississippi's teen pregnancy rate, which has long been one of the highest in the nation. But critics say that though the procedure is painless, it invades the medical privacy of the mother, father and baby. And questions abound: At roughly $1,000 a pop, who will pay for the DNA tests in the country's poorest state? Even after test results arrive, can prosecutors compel a potential father to submit his own DNA and possibly implicate himself in a crime? How long will the state keep the DNA on file?


For my amusement...
California SB 520 is dead… for now. The bill “would have required the state’s 145 public colleges and universities to grant credit for low-cost online courses offered by outside groups, including for-profits companies,” writes Ry Rivard, but it faced overwhelming opposition from faculty who argued that the state was planning to “outsource student learning to for-profit companies that have not proven their courses can pass muster.”
According to Politico’s new Morning Education, North Carolina has pulled out of inBloom. This just leaves New York, two districts in Illinois, and one in Colorado that are working with the $100 million Gates Foundation-funded data project.
… The Arkansas Attorney General issued a legal opinion this week, barring the state’s school districts from employing teachers and staff as armed voluntary security guards.
… Do students have to be Mirandized before they’re questioned? Kentucky's Attorney General is asking the US Supreme Court to weigh in. [I'm assuming that a “school resource officer” is some kind of cop. Bob]


For my students who think my tests are too hard...


For all my students. Verrry interesting.
No Excuse List, an exhaustive page of links to skills you can learn, including art, computer programming, cooking, DIY, and much more.
The best place on the web to learn anything, free.

Friday, August 02, 2013

We can, therefore we must!
FBI said to be taking a hacker approach to spying
… According to a report by the Wall Street Journal, the FBI has been allegedly developing surveillance tools that work much like what hackers use to collect information on suspects -- including Trojans, spyware, and malware. Supposedly, the FBI created some of these tools internally, while others were purchased.
… The most alarming technology mentioned by the Wall Street Journal is a tool that allegedly lets the FBI remotely activate the microphones in Android devices. Once activated, the bureau can record conversations without the device's owner knowing. Apparently this tool can do the same thing with laptop microphones. [Similar to the “harmonica bug” used on landlines Bob]
[From the WSJ article:
Earlier this year, a federal warrant application in a Texas identity-theft case sought to use software to extract files and covertly take photos using a computer's camera, according to court documents. The judge denied the application, saying, among other things, that he wanted more information on how data collected from the computer would be minimized to remove information on innocent people.


At least it's something...
FTC Advises Consumers on Preventing, Identifying, and Dealing With Hacked Email or Social Networking Accounts
“The Federal Trade Commission has new tips to help people deal with email and social networking hacks, whether it’s lessening the chances of a hack in the first place, or recovering from a hack once it happens. Hacked Email, new guidance from the FTC, identifies signs an account may have been hacked such as friends and family members receiving messages the user didn’t send, a sent folder emptied, social media posts the user didn’t create, or email or other accounts the user can’t open.”


My Math students will be thrilled! (Insert sarcastic emoticon here.)
50,000 new words added to Wolfram|Alpha’s dictionary
“We just added over 50,000 new words to Wolfram|Alpha’s dictionary, including archaic words such as pythonist (a conjurer or diviner) and technical terms like cosmochronometer, which refers to processes that are used to determine the age of stars (like radioactive decay). Wolfram|Alpha provides word definitions and, when available, other features such as etymologies and anagrams—pythonist, appropriately enough, is an anagram of hypnotist.


For my website students...
… allows you to create beautiful HTML5 graphs & charts for your website for free. With the unique charts creator wizard you’ll be able to create charts on-the-fly without any prior knowledge. Compatible with all major browsers, you can publish to your website using just a few lines of code.


I used a crossword puzzle as a quiz in one of my “Intro to” classes. Results were mixed.
Read Write Think Makes It Easy to Create Crossword Puzzles
… If you would like to create your own crossword puzzles for your students or you want them to create crossword puzzles, take a look at Read Write Think's Crossword Puzzle Tool.
Read Write Think's Crossword Puzzle Generator makes it easy to create your own crossword puzzles. To create your puzzle simply enter a list of words, a set of clues for your words, and then let the generator make a puzzle for you. You can test the puzzle before printing it. You can print blank puzzles and answer sheets from the puzzle generator.

Thursday, August 01, 2013

Even twits should be paranoid.
During the second half of 2012, Twitter received 1,009 requests for user information on 1,433 accounts. 815 of those requests (81%) were from the U.S. and related to information on 1,145 user accounts. Sixty percent of the U.S. requests were by subpoena, 11% involved a court order, 19% involved a search warrant, and 10% were reported as “other.”
You can read more of their report here. Do follow the link to additional info on the U.S. requests, where Twitter also provides stats on the breakdown of cases where users were notified or not notified.


Not sure there is much new here.
From the Office of the Director of National Intelligence:
In the interest of increased transparency, the Director of National Intelligence has authorized the declassification and public release of the attached documents pertaining to the collection of telephone metadata pursuant to Section 215 of the PATRIOT Act. DNI Clapper has determined that the release of these documents is in the public interest.
For questions related to information contained in these documents, please contact the Public Affairs office at the Office of the Director of National Intelligence at (703) 275-3700.


For my CJ students.
CREW – U.S. Code now available for bulk download
News release: “Earlier today, House Speaker John Boehner (R-OH) and Majority Leader Eric Cantor (R-VA) announced that the US Code is now available for bulk download in XML. This seemingly technical announcement must be understood as a bigger win for transparency than it would initially appear. What the House leadership is doing (in a bipartisan fashion, no less) is empowering the American people to better understand the law. Congress is publishing the law online, in real time, and in formats that web developers can refashion into tools that empower everyone to understand the rules that govern our country. This is a milestone in a multi-year effort signaled by a 2011 policy shift announced by the Speaker and Majority Leader that called for “all House stakeholders to work together on publicly releasing the House’s legislative data in machine-readable formats.” Reps. Steny Hoyer (D-MD) and Mike Honda (D-CA) led earlier efforts (and lent their support to these efforts) to release legislative data online, and Rep. Darrell Issa (R-CA) has been a consistent advocate as well. (Also see this statement on today’s release by Committee on House Administration Chair Candice Miller (R-MI), whose committee has been an ally in these transparency efforts.)”


Perspective: Has AT&T just become irrelevant? Google takes ove all 10 billion Starbucks!
At Starbucks, AT&T is out and Google is in for Wi-Fi
… Starbucks said that Google, in conjunction with Level 3 Communications, will now be providing Wi-Fi service in Starbucks' U.S. locations that's up to 10 times faster than the current service powered by AT&T.


Delicious! (Perhaps you could run a Denver page?)
New Zagat website is free
Google Official Blog: “[July 29, 2013 we launched] a new Zagat website and mobile app for Android and iPhone that puts the very best restaurants and nightspots right at your fingertips. And for the first time, our trusted Zagat ratings and reviews are available for free with no registration required. The new Zagat features the latest news and video content from our expert local editors, curated lists (think “10 Hidden Restaurant Gardens Around DC”), powerful search and map-based browsing to help you find the local gems.”


For my programming students.
  • Just follow the simple steps to compile and execute any of your favorites programming languages online using your favorite browser and without having any setup on your local machine. Select the programming language you want to write, write it in the text editor provided, then click the button to see your output. It’s neat, tidy and free.

(Related) This might be useful in some of my math classes.
Lessons in Computational Thinking
Google offers dozens of lessons for exploring computational thinking through the use of Python programming. Now if you're wondering, "what the heck is Python programming?" don't worry, I wondered the same thing. Part of the Computational Thinking resources provided by Google are lessons for teachers who don't have any programming experience and or don't teach in a 1:1 setting.
Google's Computational Thinking Lessons place a heavy emphasis on math and science, but there lessons appropriate for use in the humanities too.
Applications for Education
As Google states in their Teacher's Guide Introduction to Python, the reason for using Python programming in these lessons is, "A computer program gives students the opportunity to directly apply the algorithms they learn in class and provides them with a tangible reason for using variables rather than specific numbers in math."


Better late than never..
The USA Today reports that members of the House Education Committee are on the receiving end of a upswing in campaign donations from for-profit universities. (And in related news, committee members have put forward the “Supporting Academic Freedom through Regulatory Relief Act,” which will stop the Obama Administration from cutting off federal aid to schools with high graduate debt and low repayment ratios.) [So that's what the fuss was about? Campaign contributions? Bob]
Google announced it has partnered with Pearson, Wiley, Macmillian Higher Education, McGraw-Hill and Cengage Learning and will be bringing textbooks to its Google Play store next month. Wheeee. [The announcement says, “...so students will be able to purchase and rent their textbooks for their Android devices and for reading on the web.” Bob]
7 Indian Institutes of Technology and a number of IT firms, including Infosys and Cognizant, are teaming up to offer MOOCs.
… Digital textbook provider Coursesmart has released its annual survey on digital textbooks and devices is out. Among the findings: 99% of students surveyed own at least one digital device, with 68% saying they use 3 or more devices every day. 79% of those surveyed say they’re using a digital textbook, up from 63% in 2011. More thoughts on the survey via The Digital Reader’s Nate Hoffelder.


Dilbert explains how to deal with a poor satisfaction survey.

Wednesday, July 31, 2013

Just curious, but does the FBI have jurisdiction here? It used to be the Secret Service (theft of an access device), were they overwhelmed?
6ABC News reports:
The University of Delaware says the employee records of 72,000 people, which includes social security numbers, were breached by criminal hacking.
In a letter dated Monday, the university officials said it experienced a cyber attack which targeted the personal records of both current and former employees, including student workers.
The hack exploited a vulnerability in software acquired by a vendor, university officials said.
Read more on 6ABC News.
[From the article:
"The University took immediate corrective actions and is working closely with Federal Bureau of Investigation officials and Mandiant, a leading private computer security firm, on the issue," the letter reads.


Do self-driving cars use GPS? Imagine taking (remote) control of a super tanker or a 747.
Researchers' $2,000 project tricks $80 million superyacht's GPS
A small team of researchers from the University of Texas at Austin recently tricked a 213-foot superyacht off its course using a custom-made GPS device, rendering the $80 million vessel's electronic maps and charts useless.


“Allow me to point to our Privacy Law, which proves we are at least as considerate of human rights as you are. And our's is done while you are just holding hearings.”
Peter Fleischer writes:
Modern privacy law was invented over a century ago in the United States, was re-discovered in post-war-Europe, and is now spreading around the world. Privacy laws have historically been built on three foundations: 1) democracy, 2) rule of law, and 3) respect for fundamental human rights.
So, what should we make of the fact that a rogue’s gallery of autocratic countries, with neither rule of law, nor respect for fundamental human rights, are starting to pass privacy laws?
Take the example of Russia. Last month, at the same time that Putin’s regime ratified an international framework of privacy law, known as Convention of Europe 108, it also launched its war on gays.

(Related)
You will be able to watch this online via the “webcast link” at http://www.judiciary.senate.gov/hearings/hearing.cfm?id=0d93f03188977d0d41065d3fa041decd
Strengthening Privacy Rights and National Security: Oversight of FISA Surveillance Programs”
Wednesday, July 31, 2013 Dirksen Senate Office Building, Room 226 9:00 a.m.
Panel I
The Honorable James Cole Deputy Attorney General Department of Justice Washington, DC
John C. Inglis Deputy Director National Security Agency Washington, DC
Robert S. Litt General Counsel Office of the Director of National Intelligence Washington, DC
Sean M. Joyce Deputy Director Federal Bureau of Investigation Washington, DC
Panel II
The Honorable James G. Carr Senior Judge U.S. District Court for the Northern District of Ohio Toledo, OH
Jameel Jaffer Deputy Legal Director American Civil Liberties Union New York, NY
Stewart Baker Partner Steptoe & Johnson LLP Washington, DC


Is this surprising? Would it be different than getting the video for investigation of the Boston bombing?
The Fifth Circuit Court of Appeals has issued its opinion in IN RE: APPLICATION OF THE UNITED STATES OF AMERICA FOR HISTORICAL CELL SITE DATA. The court split 2-1 on the issue of whether court orders issued under the Stored Communications Act compelling providers to produce customers’ historical cell site information are unconstitutional. The court held that such orders were not unconstitutional per se.
I’ll update this entry to add links to discussion of the ruling later today and tomorrow. For now, here’s the opinion.


My initial reaction was that if the books weren't very popular, perhaps they should quietly fade away. But then I thought again. Was this what the Authors had hoped for? Was this the most profitable model for the publishers? Who wins here?
The Hole in Our Collective Memory: How Copyright Made Mid-Century Books Vanish
A book published during the presidency of Chester A. Arthur has a greater chance of being in print today than one published during the time of Reagan.
Last year I wrote about some very interesting research being done by Paul J. Heald at the University of Illinois, based on software that crawled Amazon for a random selection of books. At the time, his results were only preliminary, but they were nevertheless startling: There were as many books available from the 1910s as there were from the 2000s. The number of books from the 1850s was double the number available from the 1950s. Why? Copyright protections (which cover titles published in 1923 and after) had squashed the market for books from the middle of the 20th century, keeping those titles off shelves and out of the hands of the reading public.


Given detailed plans, anything is possible.
Man building 3D-printed Aston Martin


It is likely that someone has already done what you are trying to do.
The Open source movement is playing a remarkable role in pushing technology and making it available to all. The success of Linux is also an example how open source can translate into a successful business model. Open source is pretty much mainstream now and in the coming years, it could have a major footprint across cutting edge educational technology and aerospace (think DIY drones).
… While reusing code is a much debated topic in higher circles, they could be of help to beginner programmers and those trying to work their way through a coding logjam by cross-referencing their code. Here are six:


For the people I'm trying to talk into Blogging...
While WordPress, Blogger and Tumblr dominate the blogging scene, there are a few minimalist platforms that strip down the blogging experience to focus entirely on simply sharing your writing. Medium, launched by Twitter’s founders, is a slick, minimalist blogging platform that is doing a slow and gradual roll out for its users, so you’ll have to wait before you get the chance to try it hands on. Ghost is another platform that looks promising, but has yet to launch, while we also recently introduced you to the Evernote-powered blogging solution – Postach.io.
Another great and easy-to-use blogging platform is Roon.
Get started by signing up for a free account. All you have to do is choose your username and password:
To see Roon in action, be sure to check out their own blog.


You never know when you might need to map things out...
Lucid Chart Now Works Offline - Create Mind Maps Offline
Lucidchart is a nice tool for creating flowcharts, mindmaps, and graphic organizers. Lucidchart offers a simple drag and drop interface for creating flow charts, organizational charts, mind maps, and other types of diagrams. Google Chrome users can now use Lucidchart offline through the Lucidchart Chrome app.
Applications for Education
Lucidchart charges business customers, but makes all of their tools free for teachers and students. Watch the video below for an example of Lucidchart educational templates.


For those, “If I've told you once, I've told you 50 times!” moments.
Narrable Launches New Education Plans - Create Unlimited Audio Slideshows
I have just received an exciting email from the folks at Narrable. They have launched a new plan for educators. The new plan includes free unlimited Narrables. Now to be clear, I'm not sure if this has been rolled-out to everyone yet, their email message didn't specify.
Narrable is a neat service for creating short narrated slideshows. Narrable is kind of like VoiceThread mashed with Animoto. To create an audio slideshow on Narrable start by uploading some pictures that you either want to talk about or have music played behind. After the pictures are uploaded you can record a narration for each picture through your computer's microphone or by calling into your Narrable's access phone number. You can also upload an audio recording that is stored on your computer.
How To Upgrade your account for FREE:
  1. Since you're logged in, click on your name in the upper right-hand corner to reveal an account overview window.
  2. Click on the blue "Upgrade" button to see the Plans and Pricing page.
  3. Find the "Teacher" account and click on the associated blue "Select Plan" button.
  4. Please enter the name of your school, the subject(s) you teach, and the grade(s) that you teach and click on the blue "Submit" button.
  5. Congratulations! Your plan is successfully changed. Click on the "Okay" button and know how grateful we are to have you as a part of the Narrable EDU Community.
You now have FREE UNLIMITED narrables!


For my students who claim they can't type...
DictaNote - Speak to Create Documents
A couple of years ago I tried out a Chrome extension called Speech Recognizer. Speech Recognizer allowed users to speak to create text. Speech Recognizer has been updated and is now called DictaNote. Along with the new name came a some new features of note.
DictaNote can be used as a Chrome extension or as a stand-alone tool in your Chrome browser. As a stand-alone service DictaNote allows you to create new documents by speaking into your computer's microphone. You can edit your DictaNote documents much like you would edit them in any other word processing program. DictaNote allows you to insert images and hyperlinks too.

Tuesday, July 30, 2013

What part of their security strategy covers contacting customers? I find it hard to understand why anyone would want to keep what is at least in part “customer service” a secret. (And today you should assume everyone you contact is a blogger.)
Yesterday morning, I received a call from an 800-number that was only identified on my Caller ID as “Toll-Free.” I didn’t pick up, but Googled the number and found pages of reports, many of which suggested that the number, presumably for Chase Fraud Detection, was a scam. Others claimed it was for real. Not very reassuring.
An hour later, I received another call from the same number. Knowing my husband had made two atypical ATM withdrawals in the past 24 hours, this time I picked up. It was an automated system that knew my husband’s name. It asked me to verify my identity by entering my zip code. I hung up and called the number on the back of my Chase debit card and asked for security and fraud department.
It turns out that the call was for real and they were attempting to verify the charges. The person I spoke with assured me that the (800) 355-5265 number was their authorized number for such calls.
Given how many phishing scams there are and the possibility of spoofing numbers, the way Chase handles this is not particularly wise, in my opinion. At the very least, the caller ID should show Chase as the caller and not “Toll-Free.” Even better, they should have an identified number that calls the customer and says, “We are trying to reach you to verify certain unusual charges on your card. Please call the number on the back of your ATM card and ask for the fraud and security department. If you can’t locate your card, call Chase’s main number, which you can verify online, and ask for the fraud and security department.” Of course, it would help if they actually put a dedicated phone number on the back of the ATM card, too.
I related all of the above to the Chase representative. I somehow doubt it will do any good, but really, their system is not a good one in this day and age.
Update: This seems to be a long-standing problem with Chase: https://www.cs.columbia.edu/~smb/blog/2007-11/2007-11-16.html. So why haven’t they addressed these security concerns? [Corporate inertia Bob]


For my Security Manager (and my Comuter Security students) who must notify students if there is a “problem” on campus...
People set their phones to silent or vibrate mode when in meetings, lectures, theaters, or anywhere else where it would be rude if the phone made noise. But what if there’s an emergency and someone needs to quickly get in touch with you? We’ll show you how to have your Android phone override silent mode and play an alert when a text message containing something like “Emergency” or “SOS” comes through.


Think this might happen?
Orin Kerr has more on the call for the Supreme Court to tackle the issue of cell phone searches:
Two weeks ago, when DOJ petitioned for rehearing en banc in United States v. Wurie, the Fourth Amendment case on searching cell phones incident to arrest, I wrote that the petition for rehearing was a possible preview of a future DOJ cert petition:
I wouldn’t be surprised if this filing offers us a preview of a future cert petition. The arguments in the petition resemble the kinds of arguments that would be made in a cert petition to the Supreme Court, and en banc review is relatively rare in the 1st Circuit. Plus, Deputy SG Michael Dreeben argued Wurie before the original panel. Filing a petition for rehearing may also be a way of keeping other cases out of the Supreme Court in the short term; the possibility of en banc review arguably keeps Wurie out of the split count. Either way, stay tuned.
Well, the denial of rehearing didn’t take long: Today the First Circuit denied rehearing en banc. Notably, both Chief Judge Lynch and Judge Howard authored separate statements asking the Supreme Court to step in and review the issue.
Read more on The Volokh Conspiracy


What would have prevented or mitigated this? How would a manger know that this was anything other than a normal review?
Tim Evans reports:
A Marion County jury Friday awarded a woman $1.44 million after finding Walgreens and a pharmacist violated her privacy when the pharmacist looked up and shared the woman’s prescription history.
The lawsuit filed in Marion Superior Court spun out of a tangled relationship between the pharmacist, her husband and the man’s ex-girlfriend.
The verdict and seven-figure award came at the conclusion of a four-day jury trial.
Read more on IndyStar. Note that in this case, Walgreens was held liable for the conduct of its employee. Walgreens has stated its intent to appeal.


Novel idea. No problem with the search, but pay us for our time.
Apple slapped with lawsuit over mandatory employee bag checks
Apple's policy of requiring its retail store employees to undergo two mandatory bag searches per day has now become grounds for a class action lawsuit.
Two former workers from Apple stores in New York and Los Angeles filed a complaint in San Francisco federal court on Thursday regarding this policy. These employees claim that they had to stand in lines up to 30 minutes long every day for store managers to check their bags and ensure they weren't smuggling home stolen goods.
Adding up these daily waits, the employees say they were deprived of dozens of hours of unpaid wages, which totaled about $1,500 per year.

(Related) Another novel idea. I like this one.
In a recent decision, the Higher Regional Court of Hamburg (Oberlandesgericht Hamburg) held that a privacy policy on a website which is not compliant with the legal requirements under data privacy law constitutes a breach of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb – “UWG”) (decision dated 27 June 2013, case number 3 U 26/12). This decision may not only have consequences for German businesses but also for non-EU companies with German customers or subsidiaries in Germany.
Read more on Hogan Lovells Chronicle of Data Protection.


The economy is changing being redefined. Does this have implications for future tax policy? I have no idea.
McKinsey – Measuring the full impact of digital capital
Measuring the full impact of digital capital July 2013 | byJacques Bughin and James Manyika
“On July 31, 2013, the US Bureau of Economic Analysis will release, for the first time, GDP figures categorizing research and development as fixed investment. It will join software in a new category called intellectual-property products. In our knowledge-based economy, this is a sensible move that brings GDP accounting closer to economic reality. And while that may seem like an arcane shift relevant only to a small number of economists, the need for the change reflects a broader mismatch between our digital economy and the way we account for it. This problem has serious top-management implications. To understand the mismatch, you need to understand what we call digital capital—the resources behind the processes key to developing new products and services for the digital economy. Digital capital takes two forms. The first is traditionally counted tangible assets, such as servers, routers, online-purchasing platforms, and basic Internet software. They appear as capital investment on company books. Yet a large and growing portion of what’s powering today’s digital economy consists of a second type of digital capital—intangible assets. They are manifold: the unique designs that engage large numbers of users and improve their digital experiences; the digital capture of user behavior, contributions, and social profiles; the environments that encourage consumers to access products and services; and the intense big-data and analytics capabilities that can guide operations and business growth. They also include a growing range of new business models for monetizing digital activity, such as patents and processes that can be licensed for royalty income, and the brand equity that companies like Google or Amazon.com create through digital engagement.”


Who says there's nothing new under the sun?
How Category Creation Is Reinvigorating Classical Music
… the demand for classical music was dying, at least in the traditional way. Symphonies were bleeding money and becoming even more dependent on donations. Younger music fans seemed less interested in paying for expensive tickets, wearing fancy clothes, and committing two to three hours listening intently without coughing or falling asleep. For a generation that's come of age in the YouTube world, symphonies feel like an inefficient form of entertainment.
This is where folks like the Piano Guys may be saving classical music. They have created a new category for classical music: Fun, breakthrough innovation in the form of five minute videos that showcase their classical music skills, but also their CGI skills in creating fun, funny and funky parodies. Instead of selling tickets, they post their videos and sell advertising. (They also use the traditional model of selling CDs — they were just signed by Sony last year.) If you haven't seen the Piano Guys, watch a few of their videos and you may be hooked. You'll laugh at their Star Wars parody, be amazed at their rendition of Pachelbel's Canon, or cry at their Les Miserable tribute to our men and women in uniform...but I guarantee you won't fall asleep.


Perspective. For my “Intro to” students (Probably hundreds of Infographics each second too)
Infographic: The Amount Of Online Activity That Goes On Every 60 Seconds
To give us an idea on how fast and big the internet truly is, Qmee has created an infographic that shows us the amount of online activity that goes on every 60 seconds.
According to infographic ‘Online in 60 Seconds’, there are 2 million searches on Google, 72 hours of videos uploaded onto YouTube, 42 thousands post every second and 1.8 million likes on Facebook, and 204 million emails sent every minute.


For my programming students...
… JavaScript has a wealth of amazing tools and libraries, and if you use CoffeeScript, you can make brilliant websites and tools without dealing with syntax which makes your corneas bleed. It’s also CoffeeScript’s time to shine, as more and more beginners look to JavaScript for their first language due to its usage in client and back end web development, as well as much of HTML5.
Aesthetically, CoffeeScript looks and feels like Python or Ruby. It’s genuinely, astonishingly beautiful, and adopts certain language conventions that make it easy to learn.
… And yet, it compiles down to JavaScript, allowing you to use it everywhere you use it, including front end development and node.js. You can even use it with jQuery.
… it’s probably a good idea to grab it using the Node Package Manager. The Node Package Manager (npm) is a little bit like apt-get or Brew, but is only really used for getting Javascript packages and libraries. Handily, NPM comes with node.js and is available for OS X, Windows and all flavors of Linux.


For all my students... Please!
… Etiquette is an important social construct that we tend to forget or ignore, but I would argue that etiquette has never been more important than now.
… Technology etiquette could easily fall under the topic of “common sense” yet there are many who remain ignorant
… There are entire articles dedicated to etiquette tips for email.


For the Swiss Army Software folder.
Lucid Chart Now Works Offline - Create Mind Maps Offline
Lucidchart is a nice tool for creating flowcharts, mindmaps, and graphic organizers. Lucidchart offers a simple drag and drop interface for creating flow charts, organizational charts, mind maps, and other types of diagrams. Google Chrome users can now use Lucidchart offline through the Lucidchart Chrome app.
Lucidchart charges business customers, but makes all of their tools free for teachers and students.


...'cause you can never have enough content.
… More Sites Like … allows you to find all kinds of sites based on any other website.
To use the site, you simply type in a search term or the URL of a website you want compared. It will show you a list of websites based on the search term or URL, ranked by popularity and similarity,

Monday, July 29, 2013

“We didn’t bother with a contract because we’re med students, not security guys.”


Oregon Health & Science University is notifying 3,044 patients that their OHSU health information was stored on an Internet-based email and/or document storage service, also known as a “cloud” computing system.
Although the Internet-based service provider (Google Drive, Google Mail) is password-protected [practically worthless  Bob] and has security measures and policies in place to protect information, it is not an OHSU business associate with a contractual agreement to use or store OHSU patient health information.
There is no evidence that the data was accessed or used by anyone who did not have a legitimate patient care need to view the information. [and with no logs, we can’t prove they didn’t  Bob]  However, the terms of service indicate the data stored with the Internet-based provider can be used for the “purpose of operating, promoting, and improving [its] Services, and to develop new ones.”  OHSU has been unable to confirm with the Internet service provider that OHSU health information has not been, and will not be, used for these purposes.  Consequently, OHSU is notifying all affected patients.
In May 2013, an OHSU School of Medicine faculty member discovered residents, or physicians-in-training, in the Division of Plastic and Reconstructive Surgery were using Internet-based services to maintain a spreadsheet of patients.  Their intent was to provide each other up-to-date information about who was admitted to the hospital under the care of their division.
….   “We do not believe this incident will result in identity theft or financial harm; however, in the interest of patient security and transparency and our obligation to report unauthorized access to personal health information to federal agencies, we are contacting all affected patients.  We sincerely apologize for any inconvenience or worry this may cause our patients or their families,” said John Rasmussen, OHSU’s Chief Information Security Officer.
SOURCE: Oregon Health & Science University
Note that this is OHSU’s fifth breach that I’ve reported on this blog since 2008:
  • In December 2008, they notified 890 patients whose PHI was on a laptop stolen from an employee attending a conference in Chicago;
  • In June 2009 – also before HITECH went into effect – OHSU notified 1000 patients that their names, treatment information and medical record numbers were on a laptop stolen from a physician’s car outside the doctor’s home (subscription and login required)
  • In July 2012, more than 14,000 pediatric patients and 200 employees had data on a USB drive stolen in a home burglary; and
  • In March 2013, they reported that more than 4,000 patients had PHI on a laptop stolen from a researcher’s rental home.


What is an “adequate limit?”
Few See Adequate Limits on NSA Surveillance Program
Pew Survey -”A majority of Americans – 56% – say that federal courts fail to provide adequate limits on the telephone and internet data the government is collecting as part of its anti-terrorism efforts.  An even larger percentage (70%) believes that the government uses this data for purposes other than investigating terrorism.  And despite the insistence by the president and other senior officials that only “metadata,” such as phone numbers and email addresses, is being collected, 63% think the government is also gathering information about the content of communications – with 27% believing the government has listened to or read their phone calls and emails.”


So I can’t fly my drone until the feds give me a budget?  I don’t think so… 
Ben Wolfgang reports:
The lagging federal effort to fully integrate drones into U.S. airspace is in danger of falling even further behind schedule.
A funding bill now before the Senate essentially would stop the process in its tracks by prohibiting the Federal Aviation Administration from moving forward until it completes a detailed report on drones’ potential privacy impact.
The report, called for in the Senate’s fiscal 2014 transportation appropriations measure, would be yet another hurdle in the FAA’s already complex, time-consuming drone integration initiative.
Read more in the Washington Times.


My phone book does not record the number I called or the times of each call or the location I called from…
Rep. Mike Rogers has jumped on Michele Bachmann’s comparison of NSA bulk collection of call records to phone books:
There are “zero privacy violations” in the National Security Agency’s collection of phone records, House Intelligence Committee Chairman Mike Rogers, R-Mich., said Sunday on “Face the Nation,” just days after the chamber narrowly rejected a measure that would have stripped the agency of its assumed authority under the Patriot Act to collect records in bulk.
There’s more information in a phone book than there is in this particular big pile of phone numbers that we used to close the gap – we, the intelligence services – close the gap that we saw didn’t allow us to catch someone from 9/11,” Rogers said.
“Remember, this came about after 9/11 when we found out afterward that terrorists that we knew about overseas had called somebody who was a terrorist but living in the United States or staying in the United States,” he continued. [and we did that without the metadata database.  Bob]  “He ended up being the person that got on an airplane and flew into the side of the Pentagon.”
Read more on CBS Face the Nation.
So Rogers ignores the significance of metadata and refuses to see that the very collection of bulk call records without reasonable suspicion that the targeted individuals have done something terrorism-related is in itself a privacy violation. 


Interesting product. 
Tile
Just attach, stick or drop your Tile into any item you might lose: laptops, wallets, keys, guitars, bikes—you name it.   
The Tile App on your phone makes it easy to find your Tile(s) anywhere, anytime.

Sunday, July 28, 2013

“Well, we can't divide markets by talking directly with our competitors...”
How America’s Top Tech Companies Created the Surveillance State
“The saga of the private sector’s involvement in the NSA’s scheme for permanent mass surveillance is long, complex, and sometimes contentious. Often, in ways that appeared to apply indirect pressure on industry, the NSA has demanded, and received, approval authority—veto power, basically—over telecom mergers and the lifting of export controls on software. The tech industry, in more than a decade of working-group meetings, has hashed out an understanding with the intelligence community over greater NSA access to their systems, including the nation’s major servers (although it is not yet clear to what degree the agency had direct access). “I never saw [the NSA] come and say, ‘We’ll do this if you do that,’ ” says Rebecca Gould, the former vice president for public policy at Dell. “But the National Security Agency always reached out to companies, bringing them in. There are working groups going on as we speak… Most of this co-opting of the private sector has happened with the full-throated support of both Republicans and Democrats in Congress, again behind closed doors. Today, Hayden says, the agency itself is all but indistinguishable from the private sector it has exploited. Its best technology is designed by the private sector—“There isn’t a phone or computer at Fort Meade that the government owns,” he says—and its surveillance systems are virtually interwoven with their products. The huge controversy over Snowden’s employment by one of these private contractors, Booz Allen Hamilton, was just the barest tip of the iceberg, according to intelligence and industry officials. One by one, [former NSA Director Michael] Hayden says, the NSA contracted with companies to “make them part of our team,” as he puts it.”


This got me thinking, perhaps what this country needs is a Chief Surveillance Ombudsman.
Annual Report of the Chief Surveillance Commissioner to Prime Minister and to Scottish Ministers
“The powersand duties of the Surveillance Commissioners in scrutinising and deciding whether to approve authorisations under PA97 (property interference) and under RIPA and RIP(S)A (intrusive surveillance) have been explained in earlier reports and are publicly available on our website. For reasons explained later in this report, necessary legislation is not yet implemented to enable the Commissioners to give prior approval to some authorisations relating to a law enforcement Covert Human Intelligence Source (CHIS–commonly termed an undercover officer). My Inspectors continue to scrutinise the authorisation of any such undercover officer who has been authorised for an uninterrupted period exceeding 12 months.”


How should I classify this? Unintended good from an evil malware scheme? Just another dumb criminal?
Man gets fake FBI child porn alert, arrested for child porn
As far as I am aware, the FBI doesn't usually send you a pop-up online notice, asking if you could kindly pay a fine for child pornography.
Perhaps I should check with Edward Snowden to be sure.
Still, 21-year-old Virginian Jay Riley was sufficiently stunned to receive a pop-up "FBI Warning" telling him to pay a fine for child pornography that he went to his local police station in Prince William County.
As WJLA-TV reports it, Riley asked if he was, indeed, wanted on child pornography charges.
In what seems like a helpful and open frame of mind, he allegedly offered the police his computer for examination.
There, the police allegedly found child pornography.
… The pop-up was an example of Reveton ransomware, which monitors those who might log on to a questionable Web site and then tries to extort money from them.
It claims to lock the user's computer unless a fine is paid.


For my Website Development students. Sometimes you want to reverse engineer a site.
… Cyotek WebCopy is a free to use desktop application for Windows computers. The app is sized at nearly 4 MB and is compatible with Windows XP, Vista, and 7. The function of the application is to let you download entire websites onto your local storage device.
… In addition to these features, the app lets you analyze websites and also specify passwords for any secure site areas.


Always looking for storys about applications for Math. (Esp. from respectable sources)
The Science of Winning Poker
… The U.S. government's ban on the major online poker sites in 2011 reined in enthusiasm, but the game has continued to grow in Europe, Asia and Latin America.
This growth over the past decade has been accompanied by a profound change in how the game is played. Concepts from the branch of mathematics known as game theory have inspired new ideas in poker strategy and new advice for ordinary players. Poker is still a game of reading people, but grasping the significance of their tics and twitches isn't nearly as important as being able to profile their playing styles and understand what their bets mean.