This
seems to be another “look how I'm protecting you” campaign when
in reality it's Congress chasing their tails. Would they make it
illegal for anyone to automatically encrypt communications? Then
Apple (et al.) would make the software open source while building in
a simple “encrypt your own messages” option. If encryption is
banned, try working with “code” instead. Could you force me do
decrypt, “This message is not encrypted!” (Which would
actually mean, “Congress is a bunch of idiots!”)
FBI
Director James Comey has launched a new “crypto war” by asking
Congress to update a two-decade-old law to make sure officials can
access information from people’s cellphones and other communication
devices.
The
call is expected to trigger a major Capitol Hill fight about whether
or not tech companies need to give the government access to their
users' data.
…
Comey claimed the FBI was not looking for a “backdoor” into
people’s devices.
“We
want to use the front door with clarity and transparency,” he said.
But
for critics, that’s a distinction without a difference.
“The
notion that it’s not a backdoor; it’s a front door — that’s
just wordplay,” said Bruce Schneier, a computer security expert and
fellow at the Berkman Center for Internet & Society at Harvard
University. “It just makes no sense.”
(Related)
Statements like this make me wonder if the FBI would rather hold a
press conference than solve a crime.
FBI:
‘No indication’ JPMorgan was hacked because of sanctions against
Russia
FBI
officials on Monday said there was no evidence that the hack
of JPMorgan Chase and other U.S. banks’ networks was payback
for western sanctions against Russia. [Aside
from a letter from Putin, what would be evidence of motive? Bob]
…
Officials also said that they
still have not determined whether it was a foreign government
— such as Russia — or criminals who were behind the network
intrusions at JPMorgan and other banks. [Typical
ass-covering Bob]
(Related)
“We need a bigger budget!” (Does the FBI know of any time when
someone has “robbed” multiple banks from their basement?)
Erin
Kelly reports:
Federal officials warned companies Monday that hackers have stolen
more than 500 million financial records over the past 12 months,
essentially breaking into banks without ever entering a building.
“We’re in a day when a
person can commit about 15,000 bank robberies sitting in their
basement,” said Robert Anderson, Jr., executive
assistant director of the FBI’s Criminal Cyber Response and
Services Branch.
[...]
Nearly 439 million records were stolen in the last six months, said
Supervisory Special Agent Jason Truppi of the FBI. Nearly 519 million
records were stolen in the last 12 months, he said.
About 35 percent of the thefts were from website breaches, 22 percent
were from cyber espionage, 14 percent occurred at the point of sale
when someone bought something at a retail store, and 9 percent came
when someone swiped a credit or debit card, the FBI said.
Read
more on USA
Today.
[From
the article:
"You're
going to be hacked," Joseph Demarest, assistant director of the
FBI's cyberdivision, told the business leaders. "Have a plan."
[Good message, no hype.
Bob]
…
Congress could help by passing cybersecurity legislation to update
surveillance laws and give federal agents greater authority to go
after cybercriminals, Pawlenty said. [The
party line? Bob]
I
wonder how common this has been. Do judges shop at TJMaxx or Target?
Apparently not.
David
Allison reports:
Some of the lawsuits hitting The Home Depot Inc. over its recent data
breach are apparently hitting too close to home for some federal
judges in Atlanta.
Home Depot (NYSE: HD) is facing
at least 21 lawsuits stemming from the data breach, which
reportedly
may affect 60 million customers.
More than a dozen of the lawsuits have been filed in U.S. District
Court for the Northern District of Georgia, located in Atlanta.
Others have been filed in federal courts across the country.
Three judges serving in the Atlanta court have recused themselves or
otherwise declined hearing lawsuits related to the data breach.
Read
more on Atlanta
Business Chronicle.
Dimly
lit restaurant, my old eyes, small print menu: “This looks like a
job for Flashlight App!”
Robert
McMillan reports:
When I downloaded the Flashlight app to my iPhone, I was in a jam. I
was camping, I think. Or maybe a pen had rolled under my couch. I
remember that smug sense of self-congratulation after I downloaded
the software, which converted the iPhone’s LED flash into a steady
and bright beam of light.
But I shouldn’t have been so pleased with myself. Though I didn’t
realize it at the time, I was potentially handing over a boatload of
data to advertisers as well. Even a flashlight app, it turns out,
can ask for a shocking amount of user data when you download it,
tapping everything from my calendar to my phone’s location engine
to my camera. Yes, my camera. This is something you can keep in
check, thanks to the privacy controls on today’s iPhone, but the
truth is that most people don’t.
Read
more on Wired.
Let
me state this another way. If my neighbor's house is suddenly
surrounded by vehicles with flashing red lights and 'crime scene'
tape and everyone inside the perimeter is wearing biohazard suits,
it's not going to be difficult to determine who was in contact with
an Ebola patient.
Via
HIPAA Blog, here are two resources related to the issue of how much
PHI covered entities can disclose without patient consent in
situations like ebola concerns.
The
first is from HHS:
Does
the HIPAA Privacy Rule permit covered entities to disclose protected
health information, without individuals’ authorization, to public
officials responding to a bioterrorism threat or other public health
emergency?
Answer:
Yes. The Rule recognizes that various agencies and public officials
will need protected health information to deal effectively with a
bioterrorism threat or emergency. To facilitate the communications
that are essential to a quick and effective response to such events,
the Privacy Rule permits covered
entities to disclose needed information to public officials in a
variety of ways.
Covered entities may disclose protected health information, without
the individual’s authorization, to a public health authority acting
as authorized by law in response to a bioterrorism threat or public
health emergency.
[Many more examples Bob]
Note
that the above does not necessarily mean that the covered entity can
disclose the patient’s name to the media or public without the
patient’s consent. But my understanding is that public officials
can release such information as part of responding to a public health
emergency, e.g., if they need to contact and isolate people who may
have been in contact with infected patients. If I’m wrong on that,
hopefully some lawyer will let me know.
The
second resource, also from HHS, is a decision
tool to help covered entities with emergency preparedness
disclosures.
Update:
Later in the day, I was asked who actually disclosed the first Texas
patient’s name. Digging into it, I found that the patient was
first identified/named by the Liberian government, and it was
reported in the New York Times. In terms of the two Texas nurses
later affected, their identities were revealed by their families.
The hospital was not the source of their names.
This
focuses on employees. I checked to be certain. Why wouldn't
policies that protect customers also protect employees? Yes the data
may be different, but the ethics should be the same.
William
Hamilton reports:
Jason
R. Baron used his keynote address at the LawTech
Euro Conference 2014 in Prague today to call for greater data use
transparency from U.S. businesses. Addressing 500+ attendees, Baron
asserted that the compelling business need to deploy powerful
predictive analytics to effectively accomplish information governance
requires a corresponding informed consent from employees.
Baron, of counsel to Drinker
Biddle and co-chair of the Information
Governance Initiative, argued that European countries are ahead
of the U.S. in protecting personally identifying information, but now
the inflection point reached with Big Data requires U.S.-based
companies to address ethical issues associated with their increasing
use of data about employees.
Read
more on Law
Technology News.
I
may not know how to explain copyright, but I know when an article
becomes “a teaching moment.” Would that I could have explained
that to these “victims.”
…
Even though the pics were stolen from her, she might not be able to
get
the pics removed because she might not actually
have ownership of them!
When her attorney sent off a letter demanding a porn site take down
the pics because she owns the copyright, the site fired back that
since some of the pics are not selfies, the person who actually took
them would most likely own the copyright.
So
now, the site has demanded that they're provided with proof
that J.Law owns the copyright or be given the name of the person who
took the pics.
In
case this legal loophole sounds familiar, you might remember that the
famous Oscars
selfie was put together by Ellen
DeGeneres and posted on her Twitter,
but it ended up being Bradley
Cooper who owned
the pic as he snapped it.
Interesting.
Reads like they want the government to take on most of the work and
give them maximum flexibility. I'll probably have my Computer
Security students build a wiki with links to guidelines like this.
(as well as laws, regulations, “Best Practices,” etc.)
Financial
Industry Group Publishes Recommendations to Guide Development of
Cybersecurity Regulations
The
Securities Industry and Financial Markets Association [SIFMA] is
proposing the formation of a working group of government agenies to
review cybersecurity guidance and regulations related to the
financial industry.
The
proposal was mentioned in a new document entitled 'Principles for
Effective Cybersecurity Regulatory Guidance' published today by
SIFMA. In the paper, SIFMA lays out ten foundational principles to
serve as a framework for regulators to develop plans to review,
update and "harmonize" cybersecurity policies, regulations
and guidance.
The
paper can
be read here.
(Related)
EFF
Launches Updated Know Your Rights Guide
“If
the police come knocking at your door, the constitution offers you
some protection. But the constitution is just a piece of paper—if
you don’t know how to assert your rights. And even if you do
assert your rights…what happens next? That answer may seem
complicated, but protecting yourself is simple if you know your
rights. That’s why EFF has launched an updated Know
Your Rights Guide that explains
your legal rights when law enforcement try to search the data stored
on your computer, cell phone or other electronic device.
The guide clarifies when the police can search devices, describes
what to do if police do (or don’t) have a warrant, and explains
what happens if the police can’t get into a device because of
encryption or other security measures.”
(Related)
Cybercrime:
An Overview of the Federal Computer Fraud and Abuse Statute and
Related Federal Criminal Laws
CRS
– Cybercrime:
An Overview of the Federal Computer Fraud and Abuse Statute and
Related Federal Criminal Laws. Charles Doyle, Senior
Specialist in American Public Law. October 15, 2014.
“The
Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030, outlaws conduct
that victimizes computer systems. It is a cyber security law. It
protects federal computers, bank computers, and computers connected
to the Internet. It shields them from trespassing, threats, damage,
espionage, and from being corruptly used as instruments of fraud. It
is not a comprehensive provision, but instead it fills cracks and
gaps in the protection afforded by other federal criminal laws. This
is a brief sketch of CFAA and some of its federal statutory
companions, including the amendments found in the Identity
Theft Enforcement and Restitution Act, P.L. 110-326, 122
Stat. 3560 (2008).”
Some
data for my Statistics students to play with.
Explore
UNDP Development Data With This Interactive Map
The
UN Stat
Planet Map allows you to create useful mapped displays of UN
development indicators data. There are ten data categories from
which you can choose. Within each category there are further
refinements possible. You can customize the map to present sharper
contrasts between the data indicators, change the indicator symbols,
and alter the map legend. To visual the change in data over time,
use the time slider at the bottom of the map. Your maps and the data
that they represent can be downloaded as PNG and JPEG files for
printing.
Simply
looking at data spreadsheets or graphs reveal some good development
data to students. But for better visual comparisons tied to
locations, the UN
Stat Planet Map is useful.
For
my niece, the guitar plucker.
Free
Ebook - Music Theory for Musicians and Normal People
Music
Theory for Musicians and Normal People is a free ebook created by
Toby Rush at the University of Dayton. The ebook covers everything
from the basics of reading key signatures to advanced topics in
composition.
Music
Theory for Musicians and Normal People can be downloaded in parts
or in whole. It is released under a Creative Commons license that
allows you to use it for instruction.
No comments:
Post a Comment