Saturday, February 28, 2015

Dumb and Dumber strike again? It's hard to escape technology.
GPS led to arrests in Denver jewelry heist
… Authorities say quick actions from Denver investigators and OnStar led to the arrest
… The robbers fled in a red SUV that was recovered in an alley nearby. A records checked determined that the owner of the Blazer was an Aurora resident, who told police he sold the car the following day to the suspects after he placed an ad on Craigslist.
The suspects came to the purchase in a newer Cadillac SUV with California plates. Law enforcement was able to determine the California license plate number and traced it back to a car rented Enterprise-Rent-A-Car in San Francisco.
Investigators then quickly contacted OnStar and determined that the SUV was driving in a southbound direction on Interstate 80 near Roseville, CA. The California Highway Patrol attempted to make contact with the Cadillac SUV, but the suspects fled, leading authorities on a high-speed chase which ended in a crash in the San Francisco area. The five were taken into custody after a short foot pursuit.


A small breach that raises a question...
Uber security breach may have affected up to 50,000 drivers
… In a statement, Uber’s managing counsel of data privacy, Katherine Tassi, said the company discovered on Sept. 17, 2014, that one of its many databases could have potentially been accessed because one of the encryption keys required to unlock it had been compromised. Upon further investigation, it found the database had been accessed once by an unauthorized third party on May 13, 2014.
The company said it could not say how the security vulnerability was first discovered because the matter was under investigation. [Suggests it was not Uber that discovered the breach Bob]

(Related) ...how aggressive should a breached organization be and will the courts support their quest for breach evidence?
FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers
… The ride-booking app maker is trying to force GitHub [PDF] to hand over the IP addresses of anyone who visited a particular gist post between March and September last year.


If companies don't adopt Best Practices, governments will force them to.
Scott Weinstein of McDermott Will & Emery writes:
In the wake of recent breaches of personally identifiable information (PII) suffered by health insurance companies located in their states, the New Jersey Legislature passed, and the Connecticut General Assembly will consider legislation that requires health insurance companies offering health benefits within these states to encrypt certain types of PII, including social security numbers, addresses and health information. New Jersey joins a growing number of states (including California (e.g., 1798.81.5), Massachusetts (e.g., 17.03) and Nevada (e.g., 603A.215)) that require organizations that store and transmit PII to implement data security safeguards. Massachusetts’ data security law, for example, requires any person or entity that owns or licenses certain PII about a resident of the Commonwealth to, if “technically feasible” (i.e., a reasonable technological means is available), encrypt information stored on laptops and other portable devices and encrypt transmitted records and files that will travel over public networks. Unlike Massachusetts’ law New Jersey’s new encryption law only applies to health insurance carriers that are authorized to issue health benefits in New Jersey (N.J. Stat. Ann. § 56:8-196) but requires health insurance carriers to encrypt records with the PII protected by the statute when stored on any end-user systems and devices, and when transmitted electronically over public networks (e.g., N.J. Stat. Ann. § 56.8-197).
Read more on National Law Review.


Does this include TSA looking for nervous passengers?
EPIC Files Lawsuit for Details About Government “Pre-crime” Program
“EPIC has filed a Freedom of Information Act lawsuit about “Future Attribute Screening Technology”, a “Minority Report” program that purports to identify individuals who will commit crimes in the future. EPIC filed the complaint after the DHS failed to respond to EPIC’s FOIA request for information. EPIC charged that the agency uses secret algorithms to identify behavioral “abnormalities” that the agency claims indicate “mal intent.” “Minority Report” is a 2002 movie with Tom Cruise about “a special police unit is able to arrest murderers before they commit their crime.”


If this happened in a third world country, would the US be “suggesting” regime change?
Putin critic, Russian opposition leader Boris Nemtsov killed in Moscow


Cheap labor ain't so cheap any more? Competing for workers by offering minimum wage isn't working.
TJX to raise base pay to $9 an hour
… The announcement comes a week after Walmart announced pay increase.


Fun Facts? Not exactly Big Data, but could serve for a PDF scraping exercise.
Colorado releases trove of marijuana data
… Colorado's Marijuana Enforcement Division unveiled an official report documenting a trove of information about marijuana and edible pot sales, the size of the industry, and testing results.
… The state of Colorado was cranking out almost 17,000 new plants each day at the end of 2014.


Tools for my programming students?
8 of the Best Free Collaborative Tools For Programmers
… you’ll soon reap the benefits of the web apps I’m about to show you. If they seem weird or useless at first, just give them a few days to prove how useful they can be.


More for the student toolkit.
How to Search the Content of Your Files on Windows
… By default, Windows won’t look at the internals of every single file when performing your search. However, there is a way to enable this.
Not only can the Windows search be improved, but there are third-party programs that might offer you better search experiences.


Humor weekly.
Hack Education Weekly News
… The US Department of Education released model Terms of Service guidance “aimed at helping schools and districts protect student privacy while using online educational services and applications.” (It’s, um, interesting that the “best practice” guidelines suggest that TOS should say schools – not students – own the data, including all IP.)
… Much like its neighbor state Wyoming, Colorado is now looking at allowing concealed weapons at K–12 schools, repealing a law that makes schools “gun-free zones”. [Why should kids be the only ones with guns? Bob]
… Well here’s another business opportunity for MOOC providers: the Corrective Education Company offers online courses for those busted for shoplifting. Via Slate: [Is this extortion? Bob]
Imagine you're browsing at Bloomingdale's when a security guard taps you on the shoulder and accuses you of shoplifting. He takes you to a private room, sits you down, and runs your name through a database to see if you have any outstanding warrants. Then he tells you that you have two options. The first involves him calling the police, who might arrest you and take you to jail. The second allows you to walk out of the store immediately, no questions asked - right after you sign an admission of guilt and agree to pay $320 to take an online course designed to make you never want to steal again.
IBM is working with Elemental Path to build toys that use its Watson AI technology. The toys “will be capable of engaging in age-appropriate conversations with children.” What could possibly go wrong.
… A study by Jonathan Supovitz, Alan Daly and Miguel del Fresno looks at how Twitter has shaped debates about the Common Core. #thankstwitter

Friday, February 27, 2015

Big or merely annoying? A little detail would be helpful.
Customer data stolen in TalkTalk hack attack
In an email sent to every customer, TalkTalk said scammers were using stolen information to trick people into handing over banking details.
TalkTalk said it had sent the email to every customer although only a few thousand account numbers went astray.
… The theft of data was unearthed when TalkTalk investigated a sudden rise in complaints from customers about scam calls between October and December 2014, said a spokeswoman.
… The attackers got at some of TalkTalk's internal systems via a third-party that also had access to its network. Legal action is now being taken against this unnamed third party.
… Although TalkTalk said it became aware of the data loss late last year, the BBC has been contacted by one customer who said the scammers working to a similar pattern called in August. His wife's familiarity with computers helped her quickly spot that the call was fake.


Strange, the FBI is involved but has not (yet) blamed North Korea, which is “near Russia.”
Jeff Mays and Murray Weiss report:
The hacking attack that left city agencies unable to receive some emails last week may have originated from somewhere near Russia and was an attempt to scam city employees and others out of money, according to law enforcement sources.
And it may be more widespread than previously believed, with workers at the state-overseen Long Island Rail Road receiving infected emails as well.
Read more on DNAinfo


Interesting. Does this signal a change in our strategic direction? Surely we won't shift resources to risks we already have solutions for, at the cost of abandoning work on more sophisticated threats? Perhaps we just need a much larger budget?
US Spymaster Warns Over Low-level Cyber Attacks
A steady stream of low-level cyber attacks poses the most likely danger to the United States rather than a potential digital "armageddon," US intelligence director James Clapper said on Thursday.
US officials for years have warned of a possible "cyber Pearl Harbor" that could shut down financial networks, poison water supplies or switch off power grids.
But Clapper told lawmakers that American spy agencies were more focused on lower-profile but persistent assaults that could have a damaging effect over time.
"We foresee an ongoing series of low-to-moderate level cyber attacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security," he said.
… He cited North Korea's alleged hacking of Sony Pictures in November and an Iranian attack a year ago against the Las Vegas Sands Casino Corporation. [These are “low-level attacks?” Bob]


If law enforcement forbids notification, do they assume the liability?
On June 4, 2014, the U.S. Dept. of Veterans Affairs, Office of Inspector General, Criminal Investigative Division notified Kaplan University (KU) that a former KU employee had stolen some students’ information, but placed a stay on notifying the affected students because of the criminal investigation. That stay was lifted this month, and KU began notifying affected students by letter on February 15, offering them a one-year complimentary membership in Experian ProtectMyID (the 3-bureau program that includes identity theft resolution and identity theft insurance). KU notes that it took considerable time and effort to work through the hard copy documents provided to them by VA OIG/CID to determine whom to notify and what information had been involved for each affected student.
It is not clear from their attorney’s letter to the New Hampshire Attorney General’s Office why or how the Dept. of Veterans Affairs became involved. Nor is there a lot of detail, period. We do not know how many students were affected, when the data theft occurred, how it occurred, how the information was misused, or how the breach was discovered. Nor do we know if the former employee has now been criminally charged.
DataBreaches.net e-mailed Kaplan University to ask a number of questions. They did not reply to yesterday’s inquiry, and re-sending the inquiry today resulted in an auto-responder that their media relations person was traveling on business and would reply to emails between flights. So far, there’s still no response, so we’re somewhat up in the air while he’s up in the air.
This post will be updated as more details become available.


If it ain't a Best Practice it's Unfair?
Katherine Gasztonyi writes:
On February 20, the Third Circuit sent a letter to counsel in FTC v. Wyndham Worldwide Corp., identifying at least one topic that will be addressed in the upcoming oral argument regarding the parties’ dispute over whether the FTC has the authority to regulate companies’ data security practices: whether unreasonable cybersecurity practices are “unfair.” The letter requested that counsel be prepared to address the issue by answering three questions. First, whether the FTC has declared that unreasonably security practices are “unfair” through procedures provided in the FTA (sic) Act. Second, if not, whether the FTC is requesting that the federal courts determine that unreasonable cybersecurity practices are “unfair” in the first instance. And finally, whether federal courts have the authority to determine that unreasonable cybersecurity practices are “unfair” in the first instance under a case brought under 15 U.S.C. § 53(b) (providing authority for the Commission to bring suit to enjoin a person or entity that the Commission has reason to believe is violating or is about to violate a provision of the FTC Act). The letter further indicated that the Third Circuit may also request additional briefing on these topics.
Read more on Covington & Burling Inside Privacy.


Hypothesis: If this is “non-standard” it will be invisible to current “bad guy” search tools and therefore more secure.
Are Mesh Nets The Future of The Internet?
In Havana, people are using a self-contained network to communicate with each other, play games, and share files despite pervasive Internet censorship in Cuba. This ad-hoc network—called a mesh network—has impressed a lot of people, and has many wondering if it represents the future of the Internet. Let’s take a look.
A mesh network is a network in which each node (a computer, phone, or tablet) serves as a relay, routing data between its peers. Snet, Havana’s mesh network, serves as a great example. Its 9,000 users use a combination of broadband cables and high-power wi-fi antennas to connect to send e-mail, share files, and play games with each other, without connecting to the outside Internet.


If it's a “Thing” and it's connected to the Internet of Things, it's going to collect and share information.
Why EBooks Are Recording Information About Your Reading Habits
… What you probably don’t know is that your reading activity can be monitored, recorded and even shared with government security agencies.
… It has been established that Amazon collects certain information about its readers. This goes beyond the basic analytics that you would expect to be collected by a progressive, digital company like Amazon (Apple, Barnes & Noble and Google Play Books – which you can now add your own books to – use similar techniques). The use of big data such as how long you spend reading, how far you make it through a book, search terms used to find the books and genres that you find appealing is a major part of these companies’ strategy, and also helps publishers to develop more readable books. [Not sure how that happens... Bob]


I wasn't sure why they did it yesterday, and apparently they were not too sure either.
Google backtracks on 'explicit' Blogger content ban
Google has reversed the decision to ban explicit sexual content on Blogger.
On Friday, in an update by Social Product Support Manager Jessica Pelegio on Google's Product Forums, the tech giant said in light of feedback and concern relating to the "retroactive enforcement of the new policy," which would impact on bloggers who have held accounts for over 10 years, Google has reversed its decision to ban explicit content entirely from the network.
In addition, Pelegio said the reversal was due in part to the potential "negative impact on individuals who post sexually explicit content to express their identities."


Interesting. I find a wide variation in student understanding of social media privacy.
When Using Social Media, Beware the Invisible Audience
Just one post to a social media site has the power to reach millions. But when we post, most of us are just thinking of, and writing for, a few people — a small audience of family, friends or the people we regularly interact with on each platform.
Unfortunately, the “invisible audience” — the people you didn’t know were looking, or who you didn’t know could look — often only reveals itself after an ill-timed, careless or incendiary post blows up in your face. On the small scale, you may have to apologize to a contact or co-worker, or deal with some other type of negative feedback. But a growing number of cases are showing how one careless tweet or Facebook post of questionable taste can lead to far grimmer consequences, including losing your job or becoming the focus of public shaming by a “digital mob” of strangers.
… Today’s students are more sophisticated in their understanding of privacy than some older people are, said Gailey, drawing insights from her class. “They have come of age after lot of cautionary tales,” she said. “They have learned not to post every photo from the party they went to. Students didn’t know all this five years ago.”


Apparently, there is a market beyond terrorists. Won't the FBI be surprised...
Silent Circle targets enterprise users with 'world first' privacy ecosystem
Announced on Thursday, Silent Circle said "strong demand" from enterprise customers seeking to keep communication private through the Blackphone product range led the firm to launch a private, common equity round in order to grow and cater for new clients.
… On Thursday, Silent Circle reached an agreement with Geeksphone -- co-founder of the Blackphone project -- to buy out the companies' joint venture, SGP Technologies, granting Silent Circle 100 percent ownership of the JV and Blackphone product line.
SGP Technologies was founded in order to develop the Blackphone, a privacy-centric mobile device. The gadget features a custom Android operating system dubbed PrivatOS and is equipped with Silent Circle encrypted communications apps including Silent Phone and Silent Text.


So, what business opportunities open up?
FCC Adopts Tough Net Neutrality Rule in Historic Regulatory Shift
… The action places ISPs under Title II of the Telecommunications Act, reversing a 2002 FCC decision that classified ISPs under a different section of the law. The FCC's 2010 net neutrality regulation was struck down in January 2014 by a federal court that generally upheld the intent of the rule to prevent ISPs from creating "fast lanes'' for those who can pay more or restricting bandwidth for some companies. The court ruled the FCC was imposing regulations it didn't have the authority to enforce because it had not classified ISPs as utilities.

(Related) How long will this last?

(Related) Everything you ever wanted to know?
The Ultimate Net-Neutrality Reading List


Perspective. As IBM goes, so goes the industry?
IBM Outlines Profit Plan Focusing on Cloud, Analytics, Security
IBM's CEO says the company's plan to revamp its business Relevant Products/Services to shift away from hardware and focus on business analytics, cloud Relevant Products/Services computing, mobile Relevant Products/Services services and security Relevant Products/Services is on track.


I'm so old, I can remember a time when there were only two genders! Not sure if sophisticated analytics or mere marketing is pushing the change.
Facebook adds new gender option for users: Fill in the blank
Facebook users who don't fit any of the 58 gender-identity options offered by the social-media giant are now being given a rather big 59th option: fill in the blank.


For the toolkit. (There may be a few bugs to overcome)
Microsoft Finally Allows Customers To Legally Download Windows 7 ISOs
… Sometimes, people simply lose the disc or ISO they had, and so it shouldn't be such a challenge to get a replacement.
Well, with a new feature on its website, you are now able to get that replacement ISO. However, it's behind a bit of protection: you'll need to provide your legal product code, and then the language, in order to go through to the download page. If you've somehow lost your key but are still using the OS that it's tied to, you can retrieve it through a tool like the Magical Jelly Bean (an application I've used for many years and has saved me a time or two).
[Magical Jelly Bean: https://www.magicaljellybean.com/


Tools for my students.
8 Diagramming Apps for Better Brainstorming on the Go


For my Data Analytics students.
Ben Wellington: How we found the worst place to park in New York City -- using big data
City agencies have access to a wealth of data and statistics reflecting every part of urban life. But as data analyst Ben Wellington suggests in this entertaining talk, sometimes they just don't know what to do with it. He shows how a combination of unexpected questions and smart data crunching can produce strangely useful insights, and shares tips on how to release large sets of data so that anyone can use them.


Global warming! Global warming! It's all Al Gore's fault!
IT'S OFFICIAL - This is our snowiest February in Denver
Just 10 days ago, we were on track for one of the driest Februarys in Denver history, but after several snowstorms, Denver has set a new record for February snowfall -- 22.2 inches.

Thursday, February 26, 2015

Perspective. How much do you suppose goes to new security tools or processes that would have prevented the breach?
Ingrid Lunden reports:
When it comes to data breaches, retailers are one of the biggest targets these days, and today we have some detail on the costs around one of the more high-profile attacks. Target today said that it has booked $162 million in expenses across 2013 and 2014 related to its data breach, in which hackers broke into the company’s network to access credit card information and other customer data, affecting some 70 million customers.
The figure, revealed in the company’s Q4 earnings published today, includes $4 million in Q4, and $191 million in gross expenses for 2014, as well as $61 million gross for 2013. Target says that the gross number was offset in part by insurance receivables of $46 million for 2014 and $44 million for 2013.
Read more on TechCrunch.


Are you paranoid enough? Think “a Sony-like attack on banks.”
New York's top financial watchdog mulled new regulations to stave off an "Armageddon"-scale online attack that could bring U.S. financial markets to their knees.
In a speech before a Columbia Law School audience, Lawsky said that within the next ten years or sooner, a "cyber 9/11" event could cause dramatic chaos to the financial system for a time.
The regulator said he is eyeing new measures to force insurance firms and banks under DFS regulations to be prepared against such hacks.

(Related) So simple. Could repairs keep up with a team of motivated vandals?
Arizona authorities probe vandalism that cut off Internet, phones for hours
Officials say all services have been restored following act of vandalism that left people across northern Arizona without the use of the Internet, cellphones and landlines for several hours.
During Wednesday's outages, businesses couldn't process credit card transactions, ATMs didn't function, law enforcement databases were unavailable, and even weather reports were affected in an area stretching from north of Phoenix to Flagstaff, about 100 miles away.
… Phoenix police said CenturyLink employees found that a fiber-optic cable in far north Phoenix had been completely cut through.


Another reason to be paranoid. The problem is, “staffers” or even people at the same location can put this data online. Quis custodiet ipsos custodes? Or perhaps, Quis custodiet ipsos “Staffers?”
First lady leaking location data through Instagram
First lady Michelle Obama’s Instagram feed is leaking details about her — or her staffers’ — location.
As first noticed by Fusion on Wednesday, whomever is managing the first lady’s account on the picture-sharing service has opted in to also sharing their location. That data, which appears on a map inside the mobile application, can reveal details down to the building of where someone was when they uploaded a picture to the service.


Clearly the Secret Service should be concerned. They've already had a drone crash at the White House and Paris is being “surveiled by terrorists,” maybe. And drones are very difficult to detect with RADAR. So they should test a drone with intercept and shoot down (or capture) capabilities.
Secret Service plans drone exercises in DC
… “Because these exercises will be conducted within the normally flight restricted areas in the Washington D.C. area, they have been carefully planned and will be tightly controlled
… The release was put out to allay any concerns from the general public if someone does notice a flight in generally restricted airspace, the Secret Service spokeswoman said. [But how do we know it's a Secret Service drone? Bob]


Note that there is no “no fly zone” for advertisers.
Barry Levine reports:
It was only a matter of time before drones started monitoring signals from mobile devices.
Since early February, several small drones flying around the San Fernando Valley in Los Angeles have been determining mobile devices’ locations from Wi-Fi and cellular transmission signals.
They are part of an experiment by Singapore-based location marketing firm Adnear, which has offices around the world. The firm told me that, to its knowledge, this is the first time an adtech company has employed drones to collect wireless data.
Read more on VentureBeat.
[From the article:
… A mobile user needs to have an app open that is transmitting via cellular or Wi-Fi for this mapping to occur. The app does not need to be sending location coordinates.
The system identifies a given user through the device ID, and the location info is used to flesh out the user’s physical traffic pattern in his profile. Although anonymous, the user is “identified” as a code.


This is what you get when lobbyists write laws and regulations.
Dems raise alarms on White House privacy plan
House Democrats are voicing concerns that an expected White House plan to protect people’s online privacy could actually undermine it.
As soon as this week, the White House is expected to unveil new legislation aiming to protect people’s privacy, but the plan could cripple the Federal Communications Commission's (FCC) ability to safeguard people’s online history, Democrats feared on Wednesday.
“This proposal by the White House sounds like it would severely undercut the FCC’s authority to prevent [Internet service providers] from using their position in the marketplace to do things like charging subscribers not to have their browsing history data monitored or setting ‘supercookies’ that allow users to be identified and tracked across the Internet,” said Rep. Mike Doyle (D-Pa.).


A Privacy infographic?
Is Your Favorite Website Spying on You?
We all use services like Google, Facebook, and Twitter, but are these websites keeping more information on us than we intended? As it turns out, quite a few websites out there track an incredibly large amount of data from users.
So what can you do to make sure you aren’t being tracked by the sites you visit? Thankfully, you have options. The infographic below will show you which sites are tracking you the most, and even more important, how to make sure you aren’t being tracked, regardless of which web browser you use.
Via Study Web


Would putting my name on a court website somewhere count as “notice?”
Alan Butler writes:
EPIC recently filed comments on proposed amendments to Rule 41 of the Federal Rules of Criminal Procedure, which would authorize judges to issue “remote access” search warrants in certain cases. As EPIC outlined, the surreptitious computer searches conducted under these remote access warrants would run afoul of an important Fourth Amendment protection — the requirement of prior notice. But the issue of delayed or non-existent notice is not only present with remote access searches; it is an issue with all electronic search authorities and especially with searches conducted under the Stored Communications Act, 18 U.S.C. § 2703.
Read more on EPIC.


Apparently, it's not just teachers strip searching students. And technology is making this even easier.
Don’t read this commentary from John W. Whitehead if you don’t want to get depressed.
The Fourth Amendment was designed to stand between us and arbitrary governmental authority. For all practical purposes, that shield has been shattered, leaving our liberty and personal integrity subject to the whim of every cop on the beat, trooper on the highway and jail official. The framers would be appalled.”—Herman Schwartz, The Nation
Our freedoms—especially the Fourth Amendment—are being choked out by a prevailing view among government bureaucrats that they have the right to search, seize, strip, scan, spy on, probe, pat down, taser, and arrest any individual at any time and for the slightest provocation.
Forced cavity searches, forced colonoscopies, forced blood draws, forced breath-alcohol tests, forced DNA extractions, forced eye scans, forced inclusion in biometric databases—these are just a few ways in which Americans are being forced to accept that we have no control over what happens to our bodies during an encounter with government officials.
Read the whole thing on The Rutherford Institute.


Interesting ethical questions.
Facebook updates feature for suicide prevention
Facebook began rolling out a feature update Wednesday that aids suicide prevention.
The updated tool lets users flag content on both the desktop and mobile version of the social network that they find concerning. If a Facebook friend posts something that indicates he might be thinking of harming himself, users can click on an arrow on the post to report it. Facebook will then offer options to contact the friend, contact another friend for support or contact a suicide helpline.
… Boyle and Staubli said if anyone sees a direct threat of suicide on Facebook, they should contact their local emergency services immediately.

(Related) Should potential suicides be reported here? How else will DHS capture potential suicide bombers?
Julia Harumi Mass and Hugh Handeyside write:
The federal government will have to produce information on a vast and secret domestic surveillance program and defend the program’s legality in open court. That’s the result of a decision issued Friday by the federal judge presiding over our lawsuit challenging the Suspicious Activity Reporting program, part of an ever-expanding domestic surveillance network established after 9/11.
The program calls on local police, security guards, and the public — our neighbors — to report activity they deem suspicious or potentially related to terrorism. These suspicious activity reports (“SARs” for short) are funneled to regional fusion centers and on to the FBI, which conducts follow-up investigations and stockpiles the reports in a giant database that it shares with law enforcement agencies across the country.
The decision is significant.
Read more on ACLU.

(Related) On a broader scale...
Will Facebook’s New Flagging Feature Stifle Freedom of Speech?
… Introduced ostensibly to help Facebook remove fake news stories, thereby stopping such a post going viral, it turns out that the feature is open to abuse.
… Stories that might offer an alternative political viewpoint could be subjected to the same sort of reporting as a hoax, or flagged because they’re deemed “offensive”. That calculation is useful here. One or two people objecting will make little difference. Dozens or hundreds, however, will result in an algorithm being executed, and the item being reviewed with a view to removal.
With the one hand, Facebook removes hoax items, thereby helping to protect online security and privacy. This is commendable. But what good does enabling a group of people to highlight a news story for removal because it carries views that they are uncomfortable with?


Eventually we have to address all of these. Are these useful models for legislation? How about a “crowd sourced law” wiki?
Cheryl Miller reports:
A bipartisan pair of state lawmakers on Wednesday unveiled a package of privacy bills that tackle issues ranging from car-data hacking to encryption standards for cloud-stored information.
[…]
Three of the bills mentioned by Gaines and Gatto are already in print. SB 206 would ban state agencies from collecting data from cars’ diagnostic systems beyond what’s necessary for California’s smog check program. SB 271 prohibits drones from flying over schools. And AB 170 would create new rules for the state’s genetic testing program, which takes tiny blood samples from newborns and, after de-identifying the records, makes them available to researchers.
A fourth bill, AB 83, will be shaped by public suggestions submitted to a wiki page created by Gatto.
Read more on The Recorder (sub. Required).


Facebook sees “new users” as the path to growth.
Facebook: Only 40% of the world has ever connected to the Internet
Only 40% of the world has ever connected to the Internet and the unconnected mostly live in developing nations, according to a new study published Monday by Facebook-led Internet.org.
The study, which outlines the state of global Internet connectivity, also found that 37.9% of Earth's population uses the Internet at least once a year, but more than 90% of the world's population, at least, lives within the range of a mobile network.
… You can read the full report here.


A true innovation killer? “We've always done it this way!” (I'd get one of these if my wife let me)
Flow Hive, a Gadget for Beekeepers, Sets New Crowdfunding Record on Indiegogo
Crowdfunding platform Indiegogo has been abuzz about the Flow Hive, an invention that aims to help beekeepers better harvest honey.
Launched on Sunday, the campaign reached its goal of $70,000 within the first eight minutes, and the donations kept pouring in, hitting a record-breaking $2.18 million in the first 24 hours. Now, with 40 days left to go, funders have pledged more than $2.9 million.
The device claims to help beekeepers collect honey with less disturbance to the bees because the hive itself doesn’t need to be opened. The campaign page says that the product is “the most significant innovation in beekeeping since 1852.”


For all my students, please! Great quote from the article: “emails are where keystrokes go to die”
5 Tools That Can Help You Write Better Emails
… we don’t talk too much about the most basic habit of all – the art of writing better emails.
The email hall of infamy is littered with carcasses of careers destroyed and faces reddened because of an email faux passé. But hold on. This little post isn’t about the bad news. It is about the neat little tools that can get you ahead in the email writing department. Here are five cool (and new) email writing tools we picked up from the far corners of the web.


Dilbert explains consulting, I think.

Wednesday, February 25, 2015

Should non-customers (ex-customers, potential customers, etc.) be treated the same as customers? Same database, same security, etc?
Earlier this month, health insurer Anthem was hit by a massive hack. Now, it's admitted that between 8.8 million and 18.8 million people who are not its customers could also be victims in the attack.
… It's the non-Anthem Blue Cross Blue Shield customers that are potentially affected because "their records may be included in the database that was hacked," the company told Reuters. Up to this point, Anthem hadn't admitted that the effects of the recent hack spread any wider than its direct members.
… Anthem has also updated the total of its own customers affected by the hack to 78.8 million customers—down, ever so slightly, from the estimated 80 million. In total, with non-customers included, the tally of those affected could reach as high as 98.6 million. Uncertainty in the total is because 14 million of the records are incomplete, making it difficult for Anthem to link all of its members to the correct plans.

(Related)
Joseph Conn reports:
The potential legal liabilities from the unprecedented breach of some 80 million individuals’ records at Indianapolis-based insurance giant Anthem could entangle nearly 60 health insurance plans from Hawaii to Puerto Rico, legal experts say. More than 50 class-action lawsuits related to the breach already have been filed in less than a month.
The plans could find themselves held legally responsible for the breach under the federal Health Insurance Portability and Accountability Act privacy and security law as well as state laws. They likely also face a rising number of private civil suits, according to legal experts.
Read more on Modern Healthcare.

(Related) Let me guess. North Korea?
Cory Bennett reports:
The FBI is close to naming the cyberattacker behind the Anthem data breach. Whether it tells the public, though, remains to be seen.
“We’re close already,” said Robert Anderson, who leads the FBI’s Criminal, Cyber, Response, and Services Branch, during a Tuesday roundtable with reporters. “But we’re not going to say it until we’re absolutely sure.”
Read more on The Hill.


Does this have implications for Anthem or is LinkedIn not as valuable as your complete medical history? (Article 4)
LinkedIn Pays Out $1 for Leaked Passwords
If you were a premium user of LinkedIn between March 2006 and June 2012 then the company owes you around $1. This is due to the settlement of a class-action lawsuit over the publication of LinkedIn passwords in 2012.
According to Ars Technica, an aggrieved premium user by the name of Katie Szpyrka sued LinkedIn alleging it was negligent over the leak, amongst other things. The court agreed, and LinkedIn has set up a fund worth $1.25 million to pay the costs and compensate the plaintiffs.
Unfortunately, 800,000 premium users qualify for compensation, so after the lawyers take their cut, each one will receive around $1. The company “continues to deny that it committed, or threatened, or attempted to commit any wrongful act or violation of law or duty alleged in the Action.” However, LinkedIn has promised to hash and salt all user passwords from now on.


Why now? Was this never considered when the company was started?
Seth Fiegerman reports:
Better late than never.
Reddit, the popular social news service, issued new digital privacy guidelines on Tuesday firmly prohibiting sexually explicit images posted without the user’s position. [Still Okay for “escort services” to advertise? Bob]
“No matter who you are, if a photograph, video, or digital image of you in a state of nudity, sexual excitement, or engaged in any act of sexual conduct, is posted or linked to on Reddit without your permission, it is prohibited,” the company’s top executives wrote in a post. “We also recognize that violent personalized images are a form of harassment that we do not tolerate and we will remove them when notified.”
Read more on Mashable.

(Related) Again, why now?
Google Announces Steps to Clean Up Blogger


I'm going to go farther and say that paying the ransom suggests that you had lousy security, inadequate backup procedures and really, really bad management.
In response to a recent news story out of Midlothian (noted here), an editorial in The Journal Times reminds law enforcement that they should take their own advice and not pay ransom to hackers who lock up police files.
As the editors note, the Midlothian incident is not the first time law enforcement has paid ransom:
Last November, the Dickson County Sheriff’s Department in Tennessee paid out $572 when the same virus infected its computers. The sheriff there said his first reaction was “we are not going to be held hostage. But, he said, “once it was determined which records were involved and that they were crucial to victims of crimes in this county, and to the operations of the sheriff’s office and the citizens of this county … I had no choice but to authorize to pay this.”
I don’t recall ever seeing that case, but I do recall the one in Detroit earlier last year. In that case, the city didn’t pay the demand for hundreds of thousands of dollars.
As the editors note:
Paying ransom, even cheap ransom, is never a good policy, and it’s particularly unseemly when a police agency is held up.
Read more on The Journal Times.
We’ll probably never know how often entities pay ransom and just quietly go about their business if they’re lucky enough to get the promised decryption key, but the editors have a point: this should not be one of those “Do as we say, not as we do” situations.


...because not all high school students are criminals? What a concept!
I just love to see students stand up for their rights!
Olivia Carville reports:
In a precedent-setting decision, two Toronto high school students took their principal to court and won the battle against mandatory breath testing at prom.
The Northern Secondary School students petitioned the court after their principal, Ron Felsen, demanded compulsory breathalyzer tests at last year’s prom.
The Superior Court ruled in the students’ favour on Monday, stating mandatory breath testing would infringe on their constitutional rights.
Read more on Toronto Star.

(Related) Did they ask lawyers or parents or students? Why pay so much for an easily created App?
Genevieve Bookwalter reports:
Lake Forest teachers soon will have a cell phone app that operates like a panic button, letting them alert police and administrators and track students in case of a school shooting or other emergency.
At a school board meeting Monday night, members of the District 67 board of education, which governs Lake Forest’s elementary schools, unanimously approved buying CrisisGo, based in Marion, Ill., for teachers and administrators to use in crises. Along with notifying authorities, the app also would hold a copy of schools’ emergency response manuals.
“It’s really the next best practice in school safety,” said Lauren Fagel, assistant superintendent of curriculum, instruction, technology and assessment for districts 67 and 115. District 115 governs Lake Forest High School.
[…]
But before approving the purchase, district leaders did voice concerns about students’ privacy. In the end, they felt increased safety was worth the trade-off.
Read more on Chicago Tribune.
[From the article:
… Along with serving as something of a panic button, CrisisGo would tap Lake Forest's attendance software to let administrators know which students are in what classrooms and who stayed home sick, according to company officials. [Could this be used to target specific students or teachers? Bob]
… The app is expected to cost $.90 per student, or about $4,000 per year.


I think it's a bad idea. If they aren't talking in public, how will we be able to mock them in public? (See how easily I can ridicule Rep. Poe?)
GOP lawmaker: ISIS shouldn't have access to Twitter
Rep. Ted Poe (R-Texas) on Tuesday suggested that terrorist groups like the Islamic State should be barred from using social media sites like Twitter to spread their message.
Poe cited recent examples of the Islamic State, also known as ISIS, posting videos of murdered prisoners on Twitter. The Texas Republican argued that the American-owned company is essentially giving terrorist groups a free platform to reach millions of people.


For my Data Management and Business Intelligence students to explore.
25 Social Media Channels You’re Probably Not Using Now
… Check out our list of social media channels you’re probably not using and see if any have potential for your business.

(Related)
Identify Your Target Audience on Instagram with SharkReach

(Related) Also worth a read.
7 Reasons Snapchat is a Teenager’s Favourite Social Network

(Related) How Analytics can be used to benefit (and locate?) customers.
Analytics in E Major

(Ditto)
How to Build Your Own Search Engine
This evening I hosted a webinar for a school district in Florida. One of the many topics that we covered was building a custom search engine for elementary school students to use. If you have ever wanted to build your own search engine, the directions contained in the slides and videos below will get you started on the right path.
If you would like a copy of these slides open the slide editor then select "file, make a copy." You will have to be logged into your Google Account to make the copy.


This might be useful in a few of my classes.
The Handy Guide to Social Media Keyboard Shortcuts
Do you use social media, either for fun or work? Would you like to make your social media experience more enjoyable and efficient? As with anything, mastering keyboard shortcuts can be a great way to achieve that goal. But every social media site has it’s own set of keyboard shortcuts; how are you to remember them all?
The answer is simple: check out the this cheat sheet below, as it breaks down the most useful shortcuts for every big player in social media. Save it, print it, and use it to help turn you into a social media guru.