Saturday, November 09, 2013

Is this a reasonable extension of the Mark I Eyeball and the Police Officer's memory? It parallels the license plate recognition systems in broad use. Unfortunately, it seems rather clunky if they need to carry a Smartphone (not to mention a Tablet) but I suppose they don't want to integrate it into an “always on” Cop-Cam either...
Jennifer Lynch writes:
The San Diego regional planning agency, SANDAG, has been quietly rolling out a new mobile face recognition system that will sharply change how police conduct simple stops on Americans. The system, which allows officers to use mobile devices to collect face images out in the field, already has a database of 1.4 million images and serves nearly 25 federal, state and local law enforcement agencies in the region.
Over the summer, EFF sent a California Public Records Act request to SANDAG for more information on the program. From the records we received, we’ve learned that the program, called “TACIDS” (Tactical Identification System), serves law enforcement agencies as diverse as the San Diego Sheriff’s Department, the DEA, ICE, the California Highway Patrol and even the San Diego Unified School District.
Read more on EFF.
[From the article:
The officers use a Samsung tablet or Android mobile phone to take a picture of a person “in the field” and run that picture against databases of mugshot photos and DMV images from across several states to learn his or her identity. According to users, the system returns high-accuracy results in about eight seconds.


It is likely too much to ask Congress to remember who NSA's customers are or what the original strategy was.
Walter Pincus writes:
Whatever the National Security Agency was doing with Angela Merkel’s cellphone number for the past 10 years may have been poorly conceived — even reckless — but it didn’t violate U.S. law.
No violation of U.S. law is associated with the collection by the NSA’s Signals Intelligence Directorate (SID) — as disclosed by the Guardian newspaper last month — of phone numbers of foreign government officials and politicians. Nor is it illegal for the NSA to receive from French and Spanish security agencies for storage and possible analysis millions of numbers of their citizens.
[...]
As Congress considers reforms in the NSA’s collection of electronic intelligence, the focus should be on legislation protecting the privacy of U.S. citizens, not foreigners overseas, no matter who the foreigners are or what positions they hold.
Read more on the Washington Post.


I must admit I had to Google 'lenity.' It's probably Okay, as long as it doesn't devolve into “It's not fair!”
Steven Vladeck writes:
I was on the same panel as Orin at Monday’s day-long hearing before the Privacy & Civil Liberties Oversight Board, and think there’s a lot to commend his proposal for a statutory rule of lenity as a tool to regulate national security surveillance–to scale back the government’s ability to push for expansive interpretations of the specific authorities that Congress has provided. Indeed, Orin’s post from Tuesday expounding upon this idea is a must-read, regardless of where one comes down on the current scope of FISA and the need for / merits of reform proposals.
Read more on Lawfare.


I have been saying (and pointing to news articles to illustrate) that teachers think they know more than parents, school boards know more than teachers, and the further up the governmental food chain you go the greater the know-it-alls you find.
Gary Stern reports on the situation in New York
With a rare level of urgency, school officials are scrambling to keep extensive student records out of a privately run database that is a key part of the state’s reform agenda.
Local officials, once again at odds with the state Education Department, have grave concerns about what will happen to more than 400 categories of student data once they are uploaded to a Web cloud run by inBloom, a non-profit group funded by the Gates Foundation and supported by Amazon.
[...]
More than 20 districts in the Lower Hudson Valley have pulled out of New York’s participation in the federal Race to the Top initiative, hoping that doing so will allow them to withhold certain data. Since the state has said that this strategy will not work, districts are now writing to inBloom directly and requesting that their student records be deleted.
Read more on LoHud. The districts’ request will not be honored, though, because inBloom has no direct contract with districts and the state education department has already indicated it will not honor districts’ requests on this.
Any lawyers think there are grounds for a federal lawsuit by districts against the state? [It will likely be defended by anyone who sees the database as a way to shape their advertising... Bob]


Granted this one is a bit extreme. Would this question apply to anyone who happened to have the skills to do what the police thought needed doing? (a clip from a longer article)
… By now, I expect that most people are aware of a disturbing case in New Mexico first reported by KOB. David Eckert is suing the police, a deputy district attorney, a medical center, and two doctors for subjecting him to repeated digital rectal examinations, multiple enemas, stomach and chest x-rays, for making him defecate in front of the police and medical personnel so they could search his stool for drugs, and for then performing a colonoscopy under general anesthesia.
David Eckert did not request those medical procedures. Nor did he consent to them. So how did this happen? Why did he have to go through such degrading and invasive procedures and why did the two doctors cooperate?


Useful as “background”
If you haven’t seen Alessandro Acquisti’s TED talk, “Why Privacy Matters,” wouldn’t this be a good weekend to watch it:


Another alternative to PowerPoint and a tool for my website students.
EWC Presenter - Create Animated Infographics
EWC Presenter is a new tool from Easy Web Content (a website creation and hosting service). EWC Presenter makes it easy to create slideshows, banner graphics, and interactive infographics. The slideshow creator and banner graphic creator don't stand-out from other tools like them. The EWC Presenter's infographic animation option is worth noting.
EWC Presenter's infographic tool allows you to animate elements within your infographic. The video below demonstrates how that is done.


My students are already in Jeopardy
eQuizShow Makes It Easy to Create Jeopardy-style Games
Last winter I reviewed eQuizShow, a service built by a high school student in New York. This week I revisited the site and found that it has been redesigned yet still offers an easy way for teachers to create Jeopardy-style review games. Unlike similar tools you do not have to download or upload any PowerPoint files to use eQuizShow. On eQuizShow you can build and display your quiz completely online. To build your quiz just enter a title, an administrative password, and your question categories. eQuizShow will then generate a grid on which you can enter questions and answers.
If you don't have time to build a quiz or you just need some inspiration, browse the eQuizShow gallery. When you play the games you have the option to assign points to up to six teams playing the game. You can also play without awarding points.
eQuizShow works well on interactive whiteboards. If you have an interactive whiteboard, using eQuizShow could be a good way to display questions and answers to students during a review session.

Friday, November 08, 2013

Confusing, and my Ethical Hackers will need some guidance. It is hypothetically possible that some of my Ethical Hackers could write a program like this – not that they ever would of course. Does this mean that anyone who writes a “key logger” program will make it on the FBI's “Uncle Sam wants YOU in Guantanamo” list? (But not the instructors who taught them how to do it, right?)
AP reports:
It’s not just the US government intercepting your communications. It could be a nosy relative or jealous partner.
Among the five people added this week to the FBI’s list of “most wanted” cybercriminals is a former San Diego college student who developed an $US 89 program called “Loverspy” or “Email PI.” Sold online from his apartment, the program was advertised as a way to “catch a cheating lover” by sending the person an electronic greeting card that, if opened, would install malicious software to capture emails and instant messages, even spy on someone using the victim’s own webcam.
Read more on Perth Now.
An arrest warrant was issued for Perez-Melara in the Southern District of California on July 21, 2005, after he was charged with the following crimes: manufacturing a surreptitious interception device; sending a surreptitious interception device; advertising a surreptitious interception device; unlawfully intercepting electronic communications; disclosing unlawfully intercepted electronic communications; unauthorized access to protected computer for financial gain; and aiding and abetting.
[From the article:
According to his indictment, Perez-Melara sold the software to 1000 customers, who then tried to infect about 2000 computers. Victims took the bait only about half the time, the government said. People who purchased the spyware were charged with illegally intercepting electronic communications. Most of those cases appear to have resulted in probation and fines.


It keeps on growing! Just yesterday DataLossDB.org was reporting 130 million.
Yes, the Adobe breach is back in the news as some have discovered that a data dump posted online contains the email addresses, encrypted passwords and password hints stored in clear text from 152 million Adobe user accounts. Embarrassingly, one report notes that 1.9 million Adobe users used “123456″ as their password.


I don't suppose it was the IRS, anonymously “taxing” anonymous money?
Ben Grubb reports:
A four-month-old Australian Bitcoin bank holding more than $1 million has been hacked, leaving thousands of customers in the lurch including a man who claims he was holding the virtual currency to buy a house with his girlfriend.
The alleged hacking happened on both October 23 and 26, with the service’s operator, known only as “Tradefortress”, saying hackers stole all 4100 Bitcoins held by the wallet service, or $1.3 million at the time of writing. The Bitcoins were stored on servers in the US and it wasn’t until this week that he decided to notify customers.
Read more on The Age.


Attention Congress: Perhaps we could learn from the “more advanced” countries?
On November 26, 2013, Kazakhstan’s new data privacy law, On Personal Data and Their Protection, will come into effect. The law was passed on May 21, 2013. Kazakhstan is the second country in Central Asia to enact a data privacy law, joining the Kyrgyz Republic, which passed the Law on Personal Data in 2008.
Read more on Hunton & Williams Privacy and Information Security Law Blog.


Simple concept. Too simple?
David T.S. Fraser writes:
The Supreme Court of Canada just released its decision in R. v. Vu, 2013 SCC 60. The issue under appeal was whether police could search a computer that was seized pursuant to a warrant that did not specifically authorize the search of the computer.


As I read this, he is saying that if someone claims you drown puppies while smoking crack, that's okay. But it's important to remove all of those “I had lunch at Taco Bell” tweets?
Woodrow Hartzog has an opinion piece in the New Scientist about California’s new “online eraser law,” SB-568. The law gives minors under the age of 18 some limited rights to delete personal information that they had posted online or on a mobile app. The key word here is “limited,” as the right is not absolute.
Woody writes, in part:
Critics claim it is a toothless law because it is full of exceptions and its scope too limited to properly protect teenagers, for example by excluding re-posts. They also fear a disastrous effect on the social web, with broken conversation chains abounding (though many social media users have been able to delete posts for years without significant issues of this sort).
While the critics correctly identify the unclear language in the statute, they miss the point when they say it will be ineffective because it won’t remove the truly harmful “viral” information that gets widely shared on the internet.
What they fail to realise is that the modest protection offered by this eraser law is not a defect, it’s a feature. These limitations represent deference to free speech principles while giving users the option of erasing heaps of disclosures that no one found interesting enough to share.
Read more of his commentary here.


I have a few hours of flight time, maybe I'll switch to drones? I can do that from the same computer I use to blog and the market seem ready to boom. (TV News Drones, Paparazzi support, Traffic Drones, Forest Fire Drones, Pizza Delivery Drones, etc.)
Nidhi Subbaraman reports:
Is this country ready for the drone revolution? Baby steps, says the Federal Aviation Administration, which on Thursday unveiled its new roadmap for releasing drones into the U.S. airspace. Among the recommendations under consideration: Drone pilots will get certification, drone designs must meet minimum standards, and a pilot flying the machine will be responsible for the craft during flight.
The FAA has also specifically and officially acknowledged that it would take on the responsibility of regulating privacy, in addition to safety, a shift in the administration’s stance so far.
Read more on NBC.


Oh good. No doubt this will settle everything.
Senate Intelligence Committee Approves FISA Improvements Act
by Sabrina I. Pacifici on November 7, 2013
Increases privacy protections, oversight, transparency of critical intelligence programs: The Senate Intelligence Committee [October 31, 2013] approved the FISA Improvements Act by a vote of 11-4. The bipartisan legislation increases privacy protections and public transparency of the National Security Agency call-records program in several ways, while preserving the operational effectiveness and flexibility of this vital national security program.


A question for you Constitutional Law professors: Do we have a “Right to keep and bear the designs for guns?”
Don't Freak Out, but the First 3D-Printed Metal Gun Totally Works
… When a design for The Liberator, the open-sourced and 3D-printed gun, was released last year, worriers could take some solace: The gun wasn't entirely composed of 3D-printed materials. The gun's firing pin—the thing, essentially, that put the fire in the firearm—was made of metal. And metal is extremely difficult to use as a material for 3D printing.
Until ... it's not. A company called Solid Concepts, which specializes in direct metal laser sintering, or DMLS, has created a gun, it claims, that is composed entirely of 3D-printed metal. The gun is not only fully metal-made; it is also capable of firing multiple rounds.


Perspective. It's not just developing Big Systems that causes governments problems. Anything new (i.e. roughly anything after the British burned the White House) can do it.
IRS Case Processing Delays and Tax Account Errors Increased Hardship for Victims of ID Theft
by Sabrina I. Pacifici on November 7, 2013
Treasury Inspector General for Tax Administration: Case Processing Delays and Tax Account Errors Increased Hardship for Victims of Identity Theft – September 26, 2013, Reference Number: 2013-40-129.
It took the Internal Revenue Service (IRS) an average of 312 days to resolve tax-related identity theft cases, according to a new report released by the Treasury Inspector General for Tax Administration (TIGTA) that studied a statistical sample of these cases. This audit was a follow-up to a May 2012 identity theft audit report. The IRS reported that identity theft affected 1.2 million taxpayers in Calendar Year 2012, and an additional 1.6 million were affected in Calendar Year 2013, as of June 29, 2013… TIGTA’s review of a statistical sample of 100 identity theft cases closed between August 1, 2011 and July 31, 2012 found that the IRS correctly determined the rightful owner of the Social Security Number in all cases. However, taxpayers faced delays, with some cases having significant inactivity during case processing. Inactivity on the 100 identity theft cases averaged 277 days. This is due, in part, to assistors being required to also answer telephone inquiries during the Filing Season. In addition, tax accounts were not correctly resolved for 25 percent of the cases reviewed by TIGTA, resulting in delayed refunds and/or incorrect refunds to all 25 taxpayers. TIGTA surveyed 183 IRS assistors who work identify theft cases. Seventy-three percent of those surveyed stated that the IRS’s identity theft procedures are confusing. Finally, the IRS needs to improve the accuracy of its Refund Fraud and Identity Theft Global Report. The IRS Accounts Management function’s open case inventory was overstated by 95,429 cases in the Calendar Year 2012 Global Report. TIGTA recommended the IRS: 1) ensure that assistors assigned to identity theft cases work these cases exclusively and are provided with ongoing training and the ability to perform actions to work these cases to conclusion, 2) develop clear and consistent processes and procedures to ensure that taxpayer accounts are correctly updated, and 3) develop validation processes and procedures to ensure the accuracy of information included in the Identity Theft Global Report.”


Amusing. Bob(@Centennial-Man)
Is Economics 'The Biggest Fraud Ever Perpetrated on the World?'
… As he writes in his introduction to the whole imbroglio, “Sometimes a few informal words can lead to a much more thoughtful response.” But Horton’s reply was thoughtful in its way, too—or, at least, interesting. And this kind of dialogue—between fields, between forms, even between types of feeling—seems worthwhile in the academic conversation, a way to possibly expand the means by which these conversations occur. The cycle of academe groans to keep up with the churn of the stream, and upset and frustrated jeremiads may attract more attention as tweets than as papers.
Which is to say: More exchanges like this one, please—or, as Horton himself writes, “I hope this dialogue provokes you to tweet too.”


For my technically innovative students...
Blockbuster Becomes a Casualty of Big Bang Disruption
… Classic disruptive innovation says that a cheaper, but lower-quality, innovator can eventually overtake an incumbent by gradually siphoning off customers the incumbent doesn’t find it profitable to defend. As the disruptor improves its offering, though, the incumbent’s position becomes increasingly fragile. Big bang disruption differs in that the start-up offers an innovation that’s not only cheaper, but better — higher quality, more convenient, or both — almost right off the bat. The Blockbuster-Netflix skirmish is a case in point.


For my students. May you work occasionally.
37signals Launches ‘We Work Remotely’ Job Board
37signals, makers of project management app Basecamp and the Ruby On Rails programming language, has launched a new online job board meant specifically for remote workers. 37signals will be shutting down their existing job board and will migrate all listings to the new site, We Work Remotely.

Thursday, November 07, 2013

I could not believe it! (and I was right)
Healthcare.gov chief resigns amid Web site glitches
… Apparently, Trenkle's resignation isn't directly a result of the bungled Web site, but rather a management restructuring within the department, according to information sent to CNET by CMS.


If the headline involves the NSA tapping thousands of phones, we go nuts. Millions of lost records? No big deal.
This morning, an excited tweeter urged people to nominate Adobe’s breach to the Guiness Book of World Records because it reportedly involved 150 million user names and hashed passwords.
I responded that there was already a breach on the books involving 150 million – the Shanghai Roadway D&B Marketing Services Co. Ltd breach, so at 150M, the Adobe breach wouldn’t be the biggest/first.
Then I noticed that DataLossDB.org currently lists the Adobe breach as 130,000,000 and not 150,000,000.
Twenty million here…. twenty million there. When we get into such staggering numbers, are we losing our sense of the importance of every individual’s data?
In the meantime, I’m trying to determine if anyone’s analyzed the data dump to see how many unique records were actually in there.


Dilbert illustrates one of the reasons employees like BYOD


Privacy tools
FREE EBOOK: DOWNLOAD Really Private Browsing, An Official User’s Guide To Tor
… Tor is designed to be, more or less, impenetrable to any attacker without a completely implausible amount of computing power.
DOWNLOAD Really Private Browsing: An Official User’s Guide To Tor
No password required. Read online now, download PDF, EPUB or Kindle version for later.


“It's not creepy, it's a valuable service.” Caller ID plus MugShots
Google to display Google+ photos of your callers
… Google engineering director Attila Bodis announced in a Google+ post late Tuesday that the photo feature is part of the new Caller ID found in the latest flavor of Android. Once the feature launches in early 2014, Android users will be able to see who's calling them, and vice versa.


Well intentioned, no doubt. Any reason not to mention it?
Philip Janquart reports:
Kaiser intentionally performed HIV tests on thousands of health plan members without their consent, alleges a class action complaint filed in Clark County Superior Court.
Lead plaintiff Mary E. Benton claims Kaiser instituted a new protocol in April 2013 that required members between 50 and 65 to receive Human Immunodeficiency Virus (HIV) screening as part of their routine care.
Read more on Courthouse News.
[From the article:
R. Travis Jameson, attorney for the plaintiff, told Courthouse News that discovery has yet to be conducted and that he could only speculate on why Kaiser implemented its policy, but that letters issued to his clients indicate the policy was introduced in conjunction with the U.S. Preventative Services Task Force (PSTF).
According to its website, the PSTF is an independent panel of non-federal experts in prevention and evidence-based medicine comprised of a collection of physicians, nurses and health behavior specialists. The group, in part, makes "recommendations that are relevant to implementing the Affordable Care Act," or Obamacare.
"The task force's claim is that through the [Centers for Disease Control], they want to identify people who may be HIV positive, but are unaware.


The French Courts don't really care how difficult(impossible) it is to implement their ruling. Google is not French, therefore Google is 'le dog dodo.' Since Google controls their search algorithm, it should be possible to flag most searches for these images and return a “you should read this” article containing the facts and the Court's warning: “Don't mess with us or we'll lock you in the Bastille.
Not surprisingly if you’ve been following Max Mosley’s fight to remove embarrassing photos of a private sex party from Google search results, he has gotten a French court to order Google to filter results so those images don’t show up in its results worldwide. Google says it will appeal the ruling as requiring it to set up a “censorship machine.”
The pictures, taken without Mosley’s knowledge or consent, were published in the now-defunct News of the World in 2008. Mr. Mosley subsequently won a defamation suit against the paper for their story characterizing the party as Nazi-themed.
Read more in the New York Times and on Reuters.
So if on January 1, an army of bots uploads re-named pics to a gadzillion sites that allow Google to index their pages, Google will be responsible for paying 1,000 euros per image found in their results. [Got that Google haters? Bob] That doesn’t strike me as fair, even though Google already has its own image-matching search engine and would presumably be able to run the nine pictures in question against images it might index.
But do we want France’s decisions to be worldwide and to impact what we can see or read here? My first reaction would be “Hell, NO!” but perhaps we should think about about what we might want if we were in Mr. Mosley’s shoes, as I suggested back in 2011.


If our dogs can be this capable, why can Congress (collectively) reach the same level?
Research – canine companion is capable of reaching toddler-level cognition and language acquisition
by Sabrina I. Pacifici on November 6, 2013
TIME – article by John W. Pilley: “When people ask me how smart my dog is, I say that she has about the intelligence of a toddler. Chaser is a 9-year-old border collie who knows 1,000 words, but any dog is potentially capable of reaching toddler-level cognition and development, including learning the basic elements of language. Thanks to her language learning, Chaser has been called “the most scientifically important dog in over a century” by Duke University animal-intelligence researcher Brian Hare. Language learning is an interesting test of animal intelligence because it requires unconsciously grasping a series of concepts in much the same way that children do as they advance from wordless babbling to complete sentences. For me, the most crucial common characteristic of dogs and toddlers is that they both learn best through play. I made games and other playful interactions with Chaser the basis of an ongoing conversation, speaking to her throughout the day in simple words and phrases just as I would to a toddler. Our language games revolved around finding, chasing, fetching and herding her toys — behaviors that released her instinctive drives as a border collie. Instinct-based play gave the toys value in Chaser’s mind, and that in turn gave value to the words — proper nouns and common nouns, verbs and even prepositions, adverbs and adjectives — I spoke to her in connection with the toys.”


Perspective
Blockbuster throws in the towel
Blockbuster has admitted defeat in the DVD-rental business.
Parent company Dish announced Wednesday that it will shut down all remaining company-owned Blockbuster stores in the United States by early January 2014. The closure will affect around 300 remaining retail outlets as well as the company's distribution centers.
The Blockbuster By Mail service will be cut off in mid-December. Only franchised and licensed stores in the US and abroad will keep their doors open.


Perspective (and an interesting chart.)
Android’s adoption rate is unprecedented in tech history
… With 1 billion activations in just five years, Android has been adopted by more people at a faster rate than any other technology in recent history, including iOS, Facebook or Symbian. Technology Review’s chart follows below.


Proof that technology ruins everything... (but it does explain ‘the scream’ by edvard munch)
art x smart adds 21st technology onto famous masterpieces


I know several people who should be cartoons... (Android App)
is the first camera in the world interpreting pictures into cartoons. Download MomentCam and let it surprise you. Every time you try, you meet another self, with humor, charm or just a life in your dream. Come to have fun with MomentCam, it will make your life different.

Wednesday, November 06, 2013

What a concept!
Chandra R Srikanth reports:
Nasdaq-listed outsourcing firm EXL Services has lost a key client due to breach of confidential client data by a few of its employees, a development that will impact its revenues and raise larger questions on data security.
[...]
EXL further said that Travelers was ending the contract because it failed to comply with the provisions of the agreement in handling client information.
“The termination arose from an incident where company employees, who have since been terminated, shared a procedural document externally in violation of the company’s strict client confidentiality policies.
Read more on The Economic Times.


Perhaps we could offer CryptoLoans?
CryptoLocker Crew Ratchets Up the Ransom
… To recap, CryptoLocker is a diabolical new twist on an old scam. The malware encrypts all of the most important files on a victim PC — pictures, movie and music files, documents, etc. — as well as any files on attached or networked storage media. CryptoLocker then demands payment via Bitcoin or MoneyPak and installs a countdown clock on the victim’s desktop that ticks backwards from 72 hours. Victims who pay the ransom receive a key that unlocks their encrypted files; those who let the timer expire before paying risk losing access to their files forever.
Or, at least, that’s how it worked up until a few days ago, when the crooks behind this scam began easing their own rules a bit to accommodate victims who were apparently willing to pay up but simply couldn’t jump through all the hoops necessary in the time allotted.
“They realized they’ve been leaving money on the table,” Abrams said. “They decided there’s little sense in not accepting the ransom money a week later if the victim is still willing to pay to get their files back.”
Part of the problem, according to Abrams, is that few victims even know about Bitcoins or MoneyPak, let alone how to obtain or use these payment mechanisms.

(Related) ...because we already have the backend handled.
How to Launder Billions and Billions of Digital Dollars

(Related)
Google Chrome Introduces Smart Malware Blocking & Factory Reset
… If your computer has already been affected by malware, we have the complete malware removal guide to help you out. But this is one of those “prevention is better than cure” situations, and with that in mind, Chrome has decided to block malware when it’s part of a download.
“In the current Canary build of Chrome, we’ll automatically block downloads of malware that we detect. If you see this message in the download tray at the bottom of your screen, you can click “Dismiss” knowing Chrome is working to keep you safe,” Google said in a blog post.


I have a Masters in Computer Resource and Information Management as well as an MBA, so I can see both sides of this issue. Unfortunately, I saw it years too early for it to impact my career no matter how much I tried to educate senior management.
Report – The evolving value of information management
by Sabrina I. Pacifici on November 5, 2013
“This report is the result of a research study commissioned by both the Financial Times and the Special Libraries Association (SLA), to explore the evolving value of information management in today’s society. Reflecting the opinions of both information professionals (providers) and senior executives (users) worldwide, the aim is to identify the opportunities to enhance the value of information management to business and provide an actionable framework for the continuing success of the information function in any organisation. “Big data” and the proliferation of new technologies are shortening the time to an answer, and yet also causing many new challenges for both users and providers. Although this research shows contrasting perspectives between providers and users, many of the root causes of the issues are the same. Both suffer from information overload and spend too much valuable time filtering for information that is useful (relevant, accurate and timely). To overcome this, both parties must use a deeper understanding of the organisation-wide strategy and business values to frame priorities in how information is used. There are now many alternatives for information professionals and information centres. It is the responsibility of information providers to solidify themselves as the best solution to their organisation’s information needs and reinforce the value they provide.”


For some of my fellow teachers (you know who you are)
3 Career-Changing Reasons To License Your Work With Creative Commons


Interesting tool for you iPhone users.
– is for making dynamic spherical photos called bubbles. Capturing a bubble is easy. You can reproduce the entire scene around you, including sound, by simply painting the space with your iPhone camera. After capturing, its time for our bubble-builder in the cloud to do its magic. State-of-the-art computer vision turns your raw video into a seamless immersive bubble.


Better late than never...
Coursera launches “learning hubs,” physical spaces where people can access the Internet in order to take a MOOC. Partners in the effort include the US State Department, the Bluebells School International and Lady Shri Ram College for Women, Digital October, Overcoming Faith Academy Kenya, Learning Links Foundation, TAPtheTECH, and LEARN. TT and the University of Trinidad and Tobago.
Georgia Tech has closed its applications for its new MOOC CS graduate degree and – wow, really? this was news? – it received more applications for it than for its on-campus program. Shocking.
Mozilla’s Web Literacy Standard v1.0 is now live. “The Web Literacy Standard is part of Mozilla’s ongoing goal to create a generation of webmakers – those who can not only elegantly consume but also write and participate on the web.”
… During its quarterly earnings call this week, Apple CEO Tim Cook boasted the the company had their “best education quarter ever” and now has 94% of the educational tablet market. Anya Kamenetz writes about “why that’s a scary stat.”
Common Sense Media has released a study about the media usage of kids age 0 to 8. (PDF) Among the findings, “Among families with children age 8 and under, there has been a five-fold increase in ownership of tablet devices such as iPads, from 8% of all families in 2011 to 40% in 2013.”
The New York Times runs with the headline “As Interest Fades in the Humanities, Colleges Worry.” Oh noes! History professor Ben Schmidt responds with data (DATA!) – history majors are “up 18% the last 25 years. Math and CS are down 40%.”

Tuesday, November 05, 2013

It's not that they can, it's that they can so cheaply!
Privacy advocates tend to know the following, but I suspect the general public doesn’t and would be a bit shocked. Laura Hutchinson of WWLP in Massachusetts, reported in a piece on medical identity theft:
The 22News I-Team did an experiment and found we didn’t have to pay any money at all to find out names of people in Massachusetts who are diabetics, the number of times a day they need medication, who their doctor is and where they live.
You’d like to think that those closed-door meetings with your doctor stay between you two, but as more hospitals and doctors’ offices put their records online, it’s becoming easier for people to access them.
Springfield consumer advocate Milagros Johnson says medical identity theft is getting worse and a 22News I-Team investigation reveals just how easy it is to get information.
We discovered websites that sell patient information. They appear to target medical supply companies, but there’s nothing stopping the general public from accessing the information as well.
The 22News I-Team e-mailed the company to ask what they could offer and for how much. They gave a list of prices but also supplied us with free samples: samples of names and personal information.
For no money at all, we were able to get the names of hundreds of patients, their home address and number, names of their doctors, how often they take medication, etc. Some of these people are right here in Western Mass.
If you don’t want such information being freely acquired and re-sold, then stop call us some of “privacy wingnuts,” and join us in trying to protect patient privacy.


I would have a few dozen questions too. Starting with the schools procedures for handling “false positives.” Do they tackle the “sex offender?” Are police called? Do they have any liability for the error?
Karen Ann Cullotta report:
When a trio of privacy rights activists dropped by a Wilmette School District 39 board of education meeting, they told officials that installing a security system that requires visitors to swipe their driver’s license before entering school buildings could prove both invasive and unconstitutional.
A school district spokeswoman said officials plan to review the concerns expressed by Wilmette resident Richard Sobel and fellow members of the Cyber Privacy Project.
But District 39 joins school districts across the north suburbs and the country in investing in a driver’s license scanning system aimed at preventing registered sex offenders from stepping inside a school building.
Read more on the Chicago Tribune.
I experienced one such system a few years ago in a school in my area of New York. Not surprisingly, I immediately asked a bunch of questions as to whether and how the information got processed and stored. I’m glad to see others raising questions, too.
It’s one thing to be asked to show your driver’s license or some identification if you’re entering a school, but it’s another thing to have school personnel running checks – even if automated – against databases. In this case, the school district is reportedly concerned about sexual predators. What if a district decided it was also concerned about determining who had a concealed carry permit? Or who might have a record of mental illness? “It’s for the children,” they’d say, right? But public schools are public property. Should a member of the public have to go through such checks just to enter a school? Where will it stop?
[From the article:
The LobbyGuard driver's license scanning system has been screening visitors against a sex offender data base prior to their entering New Trier Township High School District 203 buildings for five years, district spokeswoman Nicole Dizon said.
… Jim Vesterman, CEO of the Houston-based Raptor Technologies said the company's scanning systems are used in 10,000 schools across the U.S. and roughly 600 schools in Illinois.
Vesterman pointed to a September 2010 U.S. Court of Appeals for the Fifth Circuit ruling that upheld a school's right to determine whether a visitor is registered sex offender, and said requiring photo identification did not violate constitutional rights.


Once again I get to say, “I told ya so!” Simple rule: find something everyone hates the government for doing and build your business model around it. Government customers are sure to find you.
Michael B. Farrell reports:
The National Security Agency’s digital snooping may have inflamed a national debate over privacy, but it has been a godsend for a tiny start-up in Cambridge.
The company, Sqrrl Data Inc., was founded by six former employees of the spy agency. They had helped build the massive database the NSA uses to store and analyze the billions of bits of information it gathers on Americans and people around the world. Sqrrl (pronounced “squirrel”) had planned to release a new commercial version of the NSA database, called Accumulo, in mid-June, timed to a prominent technology conference that would be full of potential customers.
Read more on Boston Globe.


“If we started giving money to those who were injured, others would realize they had a case too. Then everyone who messed with your privacy would start suing...”
Greg Stohr reports:
The U.S. Supreme Court left intact Facebook Inc. (FB)’s $9.5 million settlement of privacy claims, declining to hear objections that none of the money was being paid to people whose rights were violated.
The justices today let stand a federal appeals court decision that upheld the accord, which resolved claims over Facebook’s discarded Beacon advertising program.
Read more on Bloomberg News.


This could be interesting to my Math students.
This fall GeoGebra released new apps for Android, iPad, and Windows 8. All three of the apps include the graphing and modeling tools available on your desktop. The apps also include GeoGebraTube in which you can search for the things that other GeoGebra users have created. The video embedded below provides an overview of the Windows 8 GeoGebra app (the video does not have sound).

Monday, November 04, 2013

Privacy failure? What would suggest anything is working.
It seems like healthcare.gov has had a security breach already in which limited personal information from two applicants [33% of applicants? Bob] was disclosed to another applicant. Kelsey Harris and Rob Bluey report:
Justin Hadley logged on to HealthCare.gov to evaluate his insurance options after his health plan was canceled. What he discovered was an apparent security flaw that disclosed eligibility letters addressed to individuals from another state.
… His insurance company, Blue Cross Blue Shield of North Carolina, directed him to HealthCare.gov in a cancellation letter he received in September.
After multiple attempts to access the problem-plagued website, Hadley finally made it past the registration page Thursday. That’s when he was greeted with downloadable letters about eligibility — for two people in South Carolina. (Screenshot below.)
One of the two individuals whose eligibility determination was disclosed to Mr. Hadley tried to contact healthcare.gov about the breach but got nowhere:
After learning of the privacy breach, Dougall spent Friday evening trying to contact representatives from HealthCare.gov to no avail; he spent an hour waiting on the telephone and an online chat session was unhelpful. He also wrote to Senators Lindsey Graham (R-SC) and Tim Scott (R-SC), along with Representative Joe Wilson (R-SC).
I want my personal information off of that website,” Dougall said. [What do you bet there is no way to do that? Bob]
This is not the first report I’ve read about people having difficulty contacting anyone about security flaws or breaches, and the government needs a phone number posted on the home page for people to use to report security or privacy flaws.
Read more about this breach on The Foundry. Note that healthcare.gov’s marketplace application system went offline last night for a 12-hour period for some updating. Hopefully when it comes back online this morning, the problem noted above will have been addressed. If not, then the government isn’t paying enough attention and should be held responsible for not providing people with a way to report security and/or privacy breaches.


Unlikely to attract new riders, but it probably attract a few lawsuits.
Hackers Take Limo Service Firm for a Ride
A hacker break in at a U.S. company that brokers reservations for limousine and Town Car services nationwide has exposed the personal and financial information on more than 850,000 well-heeled customers, including Fortune 500 CEOs, lawmakers, and A-list celebrities.
… This database would be a gold mine of information for would-be corporate spies or for those engaged in other types of espionage. Records in the limo reservation database telegraphed the future dates and locations of travel for many important people. A ridiculously large number of entries provide the tail number of a customer’s plane, indicating they were to be picked up immediately upon disembarking a private jet.
Such information would be extremely useful in the hands of nation-state level attackers. For a very relevant and timely example of this, consider the cyber spying story printed last month by Foreign Policy magazine. That piece featured an interview with Kevin Mandia, the chief executive of Mandiant, an Alexandria, Va. based firm that specializes in helping companies defend against cyber espionage attacks. In the FP story, Mandia said he recently was the target of a targeted cyber attack that tried to foist malicious spyware on him via an email with a booby-trapped PDF copy of a recent limo invoice.


It can't hurt.
NIST Releases Preliminary Cybersecurity Framework
by Sabrina I. Pacifici on November 3, 2013
“The Framework Core is a set of cybersecurity activities and references that are common across critical infrastructure sectors organized around particular outcomes. The Core presents standards and best practices in a manner that allows for communication of cybersecurity risk across the organization from the senior executive level to the implementation/operations level. The Framework Core consists of five Functions—Identify, Protect, Detect, Respond, Recover—which can provide a high-level, strategic view of an organization’s management of cybersecurity risk. The Framework Core then identifies underlying key Categories and Subcategories for each of these Functions, and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory. This structure ties the high level strategic view, outcomes and standards based actions together for a cross-organization view of cybersecurity activities. For instance, for the “Protect” Function, categories include: Data Security; Access Control; Awareness and Training; and Protective Technology. ISO/IEC 27001 Control A.10.8.3 is an informative reference which supports the “Data during transportation/transmission is protected to achieve confidentiality, integrity, and availability goals” Subcategory of the “Data Security” Category in the “Protect” Function.”


Next? Blood tests!
Steve Hawkes reports:
The store giant has signed a ground-breaking deal with Lord Alan Sugar’s Amscreen in a move which tonight sparked fresh concerns from privacy campaigners about the growing use of “invasive” techology in the nation’s shops.
The ‘OptimEyes’ system will be rolled out into 450 Tesco petrol forecourts, which serve millions of customers a week.
Read more on The Telegraph.
In response to Tesco’s new #privacy-intrusive scheme, Paul Bernal tweeted:
OK, so I’m never, ever going to get petrol from @tesco ever again. This is SO wrong!!! via @carkmaxim & @LoisMcEwan http://t.co/S5lSDigcV2 — Paul Bernal (@PaulbernalUK) November 3, 2013
To which I respond, “Amen, bro!” I hope all UK citizens concerned about privacy will boycott Tesco and tell them why you’re boycotting them.
[From the article:
It works by using inbuilt cameras in a TV-style screen above the till that identify whether a customer is male or female, estimate their age and judge how long they look at the ad.
The 'real time' data is fed back to advertisers to give them a better idea of the effectiveness of their campaigns and enable them to tailor ads to certain times of the day.


“Look, we're professional educators. We know more about student privacy than you parents do. Trust us!”
Student privacy advocate and activist Leonie Haimson writes (emphasis added by me):
There’s a good article in today’s Buffalo News, about at least two more NY school districts upstate, Williamsville and West Seneca, that have decided to turn down Race to the Top funds to try to protect their students’ privacy, joining the growing list of suburban districts that have already announced this.
[...]
According to an article in Capital NY, 90% of the state’s 700 districts were originally participating in the RTTT program, and of these, one fourth of them, or about 160, failed to sign up for dashboards by the official deadline of October 30.
This is despite the fact that Ken Wagner of NYSED has made it clear, including again in the Buffalo News, that this does NOT mean the state will spare their personal student data from being shared with inBloom and via inBloom with the dashboard companies.

(Related) “Look, we're professional health care providers. We know more about medical privacy than you do. Trust us!”
Audrey Dutton has an informative and thought-provoking article in the Idaho Statesman on health data exchanges and consent. It begins:
Karen Helms didn’t realize until this year that her medical records were being shared with a statewide network of health care providers. The discovery prompted her to question the state’s health data exchange and to file a complaint with the federal government over privacy concerns.
A spokesman for the Idaho Health Data Exchange — several years old and unrelated to the state’s new health insurance exchange — said the system has no risks or downside. There are almost 1,700 health care providers in Idaho sharing 1.97 million medical records through the electronic system. Those providers accessed patient records on the system 343,369 times in September, according to the exchange.
The exchange office receives calls from concerned patients on a weekly basis, a spokesman said. But exchange officials say privacy concerns are unfounded. They say when Idahoans learn how the exchange can prevent medical errors and other problems as well as expedite the burdensome process of getting medical records from one doctor to another, they usually choose not to opt out of the system.
“Privacy and security is our foundation with what we do and how we do it,” said Scott Carrell, executive director for the data exchange.
But should the health data exchange be premised on opt-out or should it require informed consent/opt-in? According to the article, the federal government left it up to the states as to whether to make health data exchanges opt-out or opt-in. Should they have given states that choice? And when will HHS rule on Karen Helms’ complaint? Read more on the Idaho Statesman.


Can this be true? Someone who actually considered privacy while developing an App?
I’ve occasionally blogged about privacy and security concerns raised by mobile health applications. I’m happy to report that there’s now an app in beta-testing that may be very helpful to consumers without requiring consumers to sacrifice data security or privacy.
The app automatically pulls in your prescription records from your pharmacy to enable you to keep track and manage your renewals. Although it’s still in start-up stage, it already supports most of the national pharmacy chains that provide online medication histories and can also pull in your information from some prescription insurance providers.
Helpfully, the app also enables you to get information on your medications and, importantly, interactions between your prescription medications and over-the-counter (OTC) medications (you can manually add or input OTC if you want to). Ever struggle to remember your doctor’s name or contact information to give to another doctor? The app allows you to keep track of that, too. And it can warn you if a prescribed medication contains something you’re allergic or sensitive too if you input your known allergies and problems.
Sounds like a lot of sensitive information, right? Well wait until you read their security and privacy information. “Your most sensitive information never leaves your phone unencrypted,” they write, and “You, and only you, can access your pharmacy passwords and your profile.” Indeed, I don’t recall ever reading any security section on an app’s site that provides as much detail about encryption and security as this one does, [Could this be the basis for a “Best Practice?” Bob] enabling savvy consumers to reach their own conclusions about whether this app will give them some peace of mind on security and privacy.
The app is called Pill-Fill. You can read more about it here. Although it’s not yet available for public download, it is in beta-testing, and if you are an Android user and would like to be a beta-tester, see the sign-up information here. Eventually the app will also be available for iPhone users.
It should be clear by now that I’m pretty enthusiastic about this app, and I am, having spent about an hour on the phone with its developer and chief architect a few months ago. I look forward to interviewing him for this blog after they get deeper into beta-testing.


Might be an interesting site for my students to explore.
– many computers are used by more than one person. You can log in and out from Windows, but this really takes a lot of time and effort. But you can’t install more than one Google Chrome on your computer and enjoy the speed of the Chromium project. With MakeMyBrowser, you can let other people keep on using Chrome, while you use your own browser. You can actually create as many browsers as you wish.


Automation, what a concept!
– turn your LinkedIn profile into a beautiful resume in seconds. No more messing around with multiple Word and PDF documents scattered all over the computer. Pick a resume template, customize the content, and print and share the result to your heart’s content. Your resume content is automatically fetched from your LinkedIn profile, so you can customize it as much as you want.


Interesting Infographic
Who’s Spying On You? And How To Stop Them?


Interesting idea, we need more.
Stanford Mini Med - An Online Introduction to Med School
MOOCs and other similar online resources have made it possible to learn more than ever without ever leaving your house if you don't want to. A good example of this can be found in the breadth and depth of the free course materials that Stanford has put online over the last few years.
The Stanford School of Medicine has made available three semesters worth of lectures on human biology, health and disease, medical research, and health care. The lectures are available through iTunes, YouTube, and on the Stanford Mini Med School website. Click here for winter term, here for spring term, and here for fall term.