Now
here's an article I think every manager should read.
Trust
but Verify: How Security Loopholes Can Undermine Online Compliance
Training
Compliance
training and supervision
has always been the first line of enterprise- defense against legal,
operational and reputational risk. Now, it is increasingly the final
line of defense that determines how enforcement officials view an
institution and, in turn, exercise their considerable discretion in
assigning liability for regulatory violations.
Corporations
face an evidentiary burden built upon the foundations of the late
Senator Howard Baker’s Watergate inquiries. Institutions must not
only be able to respond to the question, “What did you know, and
when did you know it?”– they also must have a credible answer
for: “What did you do to
prevent this?”
By
the same logic, does this ban the taking of fingerprints? How about
mug shots?
John
Wesley Hall writes:
In a comprehensive opinion, the Vermont Supreme Court held Friday
that pre-conviction DNA testing of arrestees after arraignment
violates the search provision of the Vermont Constitution. It failed
every point of analysis. State
v. Medina, 2014 VT 69, 2014 Vt. LEXIS 71 (July 11, 2014)
Read
more about this case on FourthAmendment.com.
Apparently,
there is no specific penalty for stupidity. (There but for 50 or 60
IQ points, go I?)
Mex
Cooper reports:
A medical centre that kept sensitive health records of nearly 1000
patients in a garden shed on a disused property in Melbourne’s
south-east has been reprimanded
for breaching privacy laws.
Boxes of records containing the personal details of patients were
discovered at the Narre Warren South site when the shed at the
Amberley Park Drive property was broken into in November 2013.
Australian Privacy Commissioner Timothy Pilgrim investigated and
found the medical centre that owned the property had breached the
Privacy Act by failing to properly secure the information.
The neglected files included names, addresses, Medicare numbers,
dates of birth, occupations and results of medical investigations of
about 960 patients who used the Amberley Park Medical Centre that
operated at the address until April 2011. Most of the records
related to patients who visited the centre prior to 2004.
Read
more on The
Age. I’d say the centre got off really easy – too easy –
if all it has to do is do what it should have done in the first
instance. What do you think?
“Look,
you're just an ignorant parent. We're trained educators. You don't
need to see the data we've been gathering for the government. Just
trust that anything we tell you must be true.”
Student
Data Tied To Common Core Off-Limits To Parents
States
that were awarded grants from President Obama’s Race to the Top
(RttT) stimulus bill program agreed to implement the Common Core
standards and to comply with the “Four
Assurances,” one of which was the requirement of “Building
data systems that measure student growth and success.”
The
problem? Private student data is off-limits to parents.
In
July of 2009, U.S. Secretary of Education Arne Duncan said,
”[W]e have more than $300 million available to help states build
data systems that will drive reforms.”
In
Colorado, for example, in
addition to its $73 million RttT award, the state also received
$17.4 million additional dollars to build the State Longitudinal
Data System (SLDS) in 2010. Since all states now have an SLDS
database, regional
data centers have also formed that allow states to share and
compare student data, creating what amounts to a national
database of student information.
As
Watchdog Wire reported
in late June, local Colorado
school districts are collecting detailed educational and
psychological data on their students for use by private companies and
the federal government. Parents, however, are having a
hard time getting their hands on their own children’s information.
I
think this takes us back to a “Black Hole” for data. Load the
data without alteration into a trusted database. Provide only
summarized answers to researchers – no actual data fields. Of
course it's not perfect but is it adequate?
No
silver bullet: De-identification still doesn’t work
by
Sabrina I.
Pacifici on Jul 14, 2014
“Paul
Ohm’s 2009 article Broken
Promises of Privacy spurred a debate in legal and
policy circles on the appropriate response to computer science
research on re-identification techniques. In this debate, the
empirical research has often been misunderstood or misrepresented. A
new
report by Ann Cavoukian and Daniel Castro is full of
such inaccuracies, despite its claims of “setting the record
straight.” In a response
to this piece, Ed Felten and I point out eight of our most serious
points of disagreement with Cavoukian and Castro. The thrust of our
arguments is that (i) there is no evidence that de-identification
works either in theory or in practice and (ii) attempts to quantify
its efficacy are unscientific and promote a false sense of security
by assuming unrealistic, artificially constrained models of what an
adversary might do. Specifically, we argue that:
- There is no known effective method to anonymize location data, and no evidence that it’s meaningfully achievable.
- Computing re-identification probabilities based on proof-of-concept demonstrations is silly.
- Cavoukian and Castro ignore many realistic threats by focusing narrowly on a particular model of re-identification.
- Cavoukian and Castro concede that de-identification is inadequate for high-dimensional data. But nowadays most interesting datasets are high-dimensional.
- Penetrate-and-patch is not an option.
- Computer science knowledge is relevant and highly available.
- Cavoukian and Castro apply different standards to big data and re-identification techniques.
- Quantification of re-identification probabilities, which permeates Cavoukian and Castro’s arguments, is a fundamentally meaningless exercise.
Data
privacy is a hard problem. Data custodians face a choice between
roughly three alternatives: sticking with the old habit of
de-identification and hoping for the best; turning to emerging
technologies like differential privacy that involve some trade-offs
in utility and convenience; and using legal agreements to limit the
flow and use of sensitive data. These solutions aren’t fully
satisfactory, either individually or in combination, nor is any one
approach the best in all circumstances. Change is difficult. When
faced with the challenge of fostering data science while preventing
privacy risks, the urge to preserve the status quo is understandable.
However, this is incompatible with the reality of re-identification
science. If a “best of both worlds” solution exists,
de-identification is certainly not that solution. Instead of looking
for a silver bullet, policy makers must confront hard choices.”
From
a collection of articles...
[For
my Ethical Hackers:
British
Spies Manipulate The Internet
Another
day, another revelation into how the security services are affecting
our everyday lives. This one concerns British spies working at GCHQ
(Government Communications Headquarters) who, according to documents
obtained by NSA whistleblower Edward Snowden, regularly manipulate
the Internet.
As
detailed by The
Intercept, the Joint Threat Research Intelligence Group (JTRIG)
allegedly has the capability to
“change [the] outcome of online polls,” [and
online elections? Bob]
enact the “disruption of video-based websites hosting extremist
content,”
“artificially increase traffic to a website,” and
launch a “distributed denial of service using P2P,”
amongst other things.
This
document has been revealed at a time when the British Government is
rushing through legislation giving them greater
surveillance powers over ordinary citizens.
Oh,
the horror, the horror... Wait a minute. Maybe they just like my
blog?
Your
Interest in Privacy Will Ensure You’re Targeted By The NSA
Have
you ever wondered if you’re on an NSA observation list? Turns out
that if you’ve even thought about it (or online privacy in
general), you’re probably more likely to be on one. A few
concerning news updates regarding mass surveillance by the NSA within
the past week, including revelations from an analysis of the
XKeyscore
data collection system, have given us an idea of who might be
among the NSA’s “targeted” individuals.
Dilbert
illustrates the slippery slope of Privacy.
If I
know all your friends, can't I easily deduce your identity by seeing
who is NOT listed?
Secret
App Raises $25 Million, Shifts Focus
The
fast-growing anonymous mobile app Secret
said Monday it had raised $25 million in venture capital and would
expand as a social network connecting Facebook friends.
A
new feature announced by Secret -- which up to now was an anonymous
messaging board -- allows users to log in with Facebook and share
with friends without revealing their identities.
"Facebook
Login has been our top requested feature, for good reason," the
Secret team said in a blog
post. "Our community members want more friend content in
their stream, beyond simply the contacts from their phone.
Facebook
Login gives any user the option to (completely anonymously) connect
Secret to Facebook and populate your stream with Facebook friends."
Next,
Congress will want the FDA to approve all hand-held technology.
Got
a rash? iPad, other devices might be the cause
Recent
reports in medical journals detail nickel allergies from a variety of
personal electronic devices, including laptops and cellphones.
…
Jacob said evidence suggests nickel allergies are become more
common, or increasingly recognized. She cited national data showing
that about 25 percent of children who get skin tests for allergies
have nickel allergies, versus about 17 percent a decade ago.
For
my students and a few friends I've been trying to talk into writing a
blog. (You know who you are!)
Turn
Your Blog Into a Book
BlogBooker
is a free service that allows you to turn your the contents of your
Blogger blog into a PDF. Using BlogBooker
is a fairly straight-forward process. BlogBooker
walks you through each step of the process except for the very first
step which might sound a little too "techy" for some
Blogger users, but it's actually quite easy. The first step in using
BlogBooker is to export the contents of your blog as an XML file.
This is actually easy to do in Blogger. Step one is to open the
"settings" menu of your Blogger blog. Step two is to
select "export blog" under "basic" menu. Step
three is to click "download." Don't worry, exporting the
contents of your blog will not remove any content from your blog.
After you've completed the export process, jump over to BlogBooker
and follow their directions for completing the transition from XML
file to PDF.
Applications
for Education
Turning
a classroom blog into a book is a great way to show students and
their parents how much they have written in a semester.
Perhaps
someone who actually teaches this stuff can set me straight. Is this
useful?
Storyboard
That Releases New Teacher Guides
Storyboard
That provides templates in which you can create your stories in a
comic strip style. To help you create your story Storyboard That
provides dozens of scenes, characters, and text bubbles to fill your
storyboard's frames. Each element that you drag into your
storyboard's frames can be re-sized, rotated, and re-positioned to
your heart's content. Your completed storyboard can be saved as a
comic strip, saved as a set of images (one image for each frame), or
saved as a set of PPTX slides.
This
week Storyboard That added three
new guides for teaching classic literature with
storyboards. The new guides provide great ideas for teaching
Macbeth,
Romeo
& Juliet, and The
Great Gatsby with storyboards. Each of the guides include a
set of essential questions, alignment to Common Core standards, and
templates for character analysis. The templates also include ideas
for using comics in which students analyze the elements of plot in
each story.
A
heads-up for my students.
Scams
target people struggling with student loan debt, Illinois says
…
Broadsword Student Advantage LLC, requested money upfront, Brown
said. It wanted $299 the first month, $199 the second month, then
$99 — then the student-loan reduction would kick in, she said.
"If
it sounds too good to be true, it probably is," she said.
When
she called the U.S. Department of Education, a representative warned
her against giving money to debt-settlement firms. The federal
program that the company said she could use — the Public Service
Loan Forgiveness Program — wouldn't take effect until 2017, he
said, according to Brown.
For
my students, who never heard of note taking Apps...
5
Ways To Get Productive With Microsoft OneNote
…
It was about two years ago that Saikat described just how
awesome OneNote can be. In that article, he explained that you
could sync your offline OneNote to itsAndroid or iPhone apps –
transforming this desktop organizational tool into a mobile
productivity toolkit.
No comments:
Post a Comment