A bright future for
government auditors!
Will
a Government Settlement Improve Snapchat’s Privacy? Don’t Count
on It
Snapchat just joined
the F.T.C. club.
The company that makes
the popular messaging app agreed on Thursday to a
settlement with the Federal Trade Commission of charges that it
deceived users when it said photos on the service would “disappear
forever” after recipients viewed them.
In fact, the agency
determined, access could be obtained to Snapchat’s photos through a
set of relatively simple workarounds. Under the
terms of the deal, Snapchat
agreed to be monitored by an independent privacy auditor for the next
20 years.
Oh, of course!
Marco Tabini reports:
A
newly-released
document on Apple’s website outlines the company’s policies
when it comes to sharing the personal information of iOS users with
U.S. law enforcement.
According
to the whitepaper, the company can help lawmen get their hands on a
significant amount of information you share through iCloud, including
your e-mail, iWork documents, calendars, and so on—provided,
of course, that they come looking for it with a valid warrant.
Read more on Macworld.
Develop “Best
Practices” Could be a great project for my Computer Security
students teamed with some law school students. Anyone want to buy
the pizza? (Students run on pizza.)
Anne L. Kim writes:
The
rise of health apps has expanded the opportunities for individuals’
data to be used for research purposes, policy analysis, and so on.
But what are the complexities involved with making sure people are
“de-identified” from their own data, so their privacy can be
protected? At an FTC
workshop today on consumer-generated health data, panelists spent
some time talking about whether there should be a uniform standard.
There
isn’t a single definition of de-identification or one “rule that
governs everybody,” according to Joy Pitts, chief privacy officer
at HHS’ Office of the National Coordinator for Health Information
Technology. (There is a Department of Health and Human Services
document
that offers guidance on where de-identification fits into the Health
Insurance Portability and Accountability Act, or HIPPA, but there’s
no set of industry best practices.)
Read more on Roll
Call.
(Related)
INFORMATION
TECHNOLOGY
Implementing Best
Practices and Reform Initiatives Can Help Improve the Management of
Investments
(Related)
If
there is a silver lining to the series of high-profile targeted
attacks that have made headlines over the past several months, it is
that more enterprises are losing faith in the “magic
bullet” invulnerability of their prevention-based network
security defense systems.
That
is, they are recognizing that an exclusively prevention-focused
architecture is dangerously obsolete for a threat landscape where
Advanced Persistent Threats (APTs) using polymorphic
malware can circumvent anti-virus software, firewalls (even “Next
Generation”), IPS, IDS, and Secure Web Gateways -- and sometimes
with jarring ease. After all, threat actors are not out to win any
creativity awards. Most often, they take the path of least
resistance; just
ask Target.
As
a result of this growing awareness, more enterprises are wisely
adopting a security architecture that lets them analyze traffic logs
and detect threats that have made it past their perimeter defenses –
months or possibly even years ago. It is not unlike having extra
medical tests spot an illness that was not captured by routine
check-ups. Even if the news is bad (and frankly, it usually is),
knowing is always better than not knowing for obvious reasons.
“If
we don't like it, it's not a law.”
China
and International Law in Cyberspace
by Sabrina
I. Pacifici on May 8, 2014
U.S.-China Economic and
Security Review Commission Staff Report. May 6, 2014. China
and International Law in Cyberspace by Kimberly Hsu, Policy
Analyst, Security and Foreign Affairs with Craig Murray, Senior
Policy Analyst, Security and Foreign Affairs
“The Chinese
government states it intends to work with the “international
community to promote the building of a peaceful, secure, open, and
cooperative cyberspace.” Similarly, U.S. government policy is to
“work internationally to promote an open, interoperable, secure,
and reliable” cyberspace.1 While this semantic overlap in
officially stated goals suggests strong similarities between China
and the United States in their viewpoints on international law and
norms in cyberspace, they are more different than similar. China’s
participation in a 2013 UN report affirming the applicability of
international law to cyberspace is a promising development. The same
UN group will gather in 2014 to address some of the more challenging
and divisive concepts regarding state responsibility and use of force
in cyberspace. Any fractures in the debate at this meeting will
likely reflect some of the major differences between the United
States and China on cyberspace policy. These differences will likely
endure as Beijing is
presently unwilling to compromise on issues such as Internet
sovereignty and information control, which it judges as
critical to the maintenance in power of the Chinese Communist Party
(CCP) regime.”
A most interesting
tactic.
Math
Shall Set You Free—From Envy
… Perhaps the
oldest fair division method on the books—one which has been used by
children from time immemorial—is the “I cut, you choose” method
for dividing up, say, a cake between two people. One person cuts the
cake into two pieces, and the other person gets to choose which piece
to take.
… Fair
Buy-Sell was devised in 2007 by Ring and Steven Brams, a
professor of politics at New York University, and requires each
partner to simultaneously propose a buyout price. If John proposes
$110,000 and Jane proposes $100,000 then John, the higher bidder,
will buy out Jane for $105,000. Unlike the shotgun clause, this
method is equitable: Each participant ends up with something—either
money or the business—at a price that is better than his or her
offer. “Both participants always get a solution that’s better
than what they proposed,” Ring says. And the business always goes
to the partner who values it more.
Also, not for sale?
The
Navy's New Super Secure E-Readers Are Called NeRDs. Is Reading Nerdy?
… Kindles, iPads,
and other tablets/e-readers are currently forbidden on Navy vessels.
They take up space, and, more importantly, can be a security threat
because of connectivity points like wi-fi, expandable storage, and
USB ports. So the Navy's General Library Program partnered with the
digital content service Findaway World to create NeRD. The devices
don't have Internet access, and their content is fixed.
The idea is that the
Navy can expand the reading material it offers on ships and
submarines for recreation, while also throwing
in some texts for professional development that would be
too big to fit in the small locker that’s usually allotted for
books on Navy vessels.
Something to revisit.
Students too.
Opera
21 Launches For Windows and Mac With Huge Speed Improvements
That's exactly how I
remember Shakespeare! (Infographic)
Shakespeare's
Tragedies
A “How To” that my
students should avoid.
How
Inkjet Printers Are Changing the Art of Counterfeit Money
The U.S. government
recouped more than $88 million in counterfeit currency last year, and
more than half of it was made on regular old inkjet or laser
printers.
That's according to
Bloomberg, which
tells the story of a woman who pleaded guilty to counterfeiting
up to $20,000 in fake bills over a two-year period. She
took $5 bills, soaked them in degreaser, scrubbed off the ink with a
toothbrush, dried them with a hairdryer, then reprinted them as $50
and $100 on a Hewlett-Packard printer, the news service said.
While the
counterfeiting business used to be specialized, these days it's easy
for anyone with a printer to give it a try.
Dilbert illustrates the
logic (illogic?) of the reciprocal statement!
Greetings from your
government
No comments:
Post a Comment