Saturday, August 29, 2015

It's an interesting but not impossible problem. Access to records you did not create should require some authorization, such as a simple referral (top down) or a request and approval (bottom up). Authorized access to a patient database should not grant automatic access to every patient.
In November 2013, I blogged about the case of a privacy breach at Northern Inyo Hospital that was so devastating to the patient that she was going to move away. The breach was a willful insider breach that impacted a custody dispute.
That same year, and unbeknownst to most people, there was a lawsuit filed over another insider breach that similarly devastated the patient involved. This one involved the Ronald Reagan UCLA Medical Center and an employee of OB/GYN Dr. John Edwards accessing the system’s database and then disseminating sensitive information about an employee-patient, Norma Lozano. Dr. Edwards is affiliated with UCLA, but Ms Lozano was not his patient and there was no reason for anyone in his office to access her records. According to media reports, an unnamed temporary employee of Dr. Edwards, allegedly accessed Lozano’s medical records in September 2012, made copies with her cell phone and sent them to Lozano’s former boyfriend — the father of Lozano’s then unborn child — and another person.
Lozano sued UCLA, and her case made it to court this past week. You can read a recap of the case on Patch, MyNewsLA.
It is not clear to me whether this incident was ever reported to the California Department of Public Health and of so, what action the CDPH took in response. What is disturbing is that in its defense, UCLA claims the responsibility lies with Dr. Edwards for providing his password to his temporary employee.
But does it? While I agree that Dr. Edwards had an obligation to train his employees and establish access controls and monitor his employees’ conduct, shouldn’t the hospital, recognizing the risk of snooping and inappropriate access, have done more to prevent such situations? Should only celebrities have higher levels of data protection? I don’t think so.
It is not clear to me why Dr. Edwards was dropped from the case as a defendant, and why the unnamed employee was not also sued, but I hope everyone takes note that a major hospital system seems to be saying that it’s not their responsibility to protect you from improper access to your records from employees of its affiliated doctors.
Think about whether that is a satisfactory situation.




Drones for everyone but us second class citizens?
Weaponized Drones May Fly the Friendly Skies of North Dakota
"It's a terrible idea to arm drones, even with so-called nonlethal weapons, which really should be called 'less lethal' weapons," said Jay Stanley, a senior policy analyst at ACLU, who noted that Taser shocks "kill roughly one person a week." Arming drones "would make it too easy to use force -- and when things get too easy, they tend to get overused."
… The new law gives police the authority in a roundabout way: Section 5 states a law enforcement agency may not authorize the use of an unmanned aerial vehicle armed with lethal weapons.


(Related) Stop worrying about drones, there's an App for that! (And everyone always follows the rules)
FAA Starts Beta Testing App That Tells Drone Pilots Where They Are Allowed To Fly
Earlier this year, the Federal Aviation Administration (FAA) announced that it would soon start beta testing an app that would help drone flyers understand where they can and — more importantly — can’t fly. Today, the FAA announced a few more details about the app and launched the first beta version of the aptly named B4UFLY app for iOS.
Sadly, though, this is still a private beta test that will likely run for two months. For now, the app will be iOS-only, with an Android version to follow at an unspecified date.
It looks like the private beta is currently oversubscribed, but you can still get on the waiting list by emailing b4ufly@faa.gov to request an invite.


(Related) But in case that doesn't work... I don't suppose I can buy one of these? Will we see them at every airport, forest fire, prison and nudist colony in America?
Boeing’s Portable, Tripod-Mounted Compact Laser Weapons System Can Roast Drones In Mere Seconds
… Over the past few years, it's become clear that many people don't understand proper etiquette when it comes to flying their drones.
But, with Boeing's laser system on-hand, any threat will be dramatically reduced. While max range isn't given, Boeing says that if you can spot a drone with a pair of binoculars, its system will have no problem striking the target – with a deviation of up to 2 inches depending on the movement speed of the drone.
Boeing touts this system as being very low cost, especially with regards to maintenance. The main moving part is what rotates the unit before it fires; there's no traditional ammunition used here, so there's only electricity to worry about. If the fact of what this is capable of isn't cool enough, note the fact that a human operator first lines up the the target with an Xbox 360 controller. Afterwards, the laser system takes over and fires the fatal shot.




A backgrounder for my IT Governance students.
4 Tips for Successful BYOA Governance
The "app culture" era is upon us, transforming the way we work, play, learn and live. At work, employees increasingly use their own third-party productivity applications to improve productivity and access cloud-stored data in a trend called bring-your-own-app (BYOA). A boon for worker productivity, the trend is a governance nightmare for IT leaders.
Fortunately, there are concrete ways that organizations can work better with employees to provide them with the flexibility to use their own applications while protecting the firm against security risks.




Who'd a thunk it?
Generation LOL Irked By Grammar Slip-Ups
New York — It’s the LOL generation that appears most annoyed by bad grammar and spelling slips, according to a survey by Dictionary.com.
The site found in an online Harris Poll done July 31 to Aug. 4 that 80 percent of American adults 18 and older consider themselves good spellers, but they may be overestimating their abilities.
The survey of 2,052 people showed 71 percent responded that they often find spelling mistakes in correspondence from others.
Among respondents 18 to 34, 74 percent said they were irked by such slips on social media — more than any other age group.
… Across all age groups, 59 percent said improper grammar is their biggest beef when it comes to the English language.
Women notice grammar and spelling mistakes more than men, with 75 percent saying they often find errors in the writing of others. That’s compared to 66 percent of men who spot errors, according to the survey.




Just in case this is correct, my niece and nephew are getting calligraphy sets for Christmas.
How The Ballpoint Pen Killed Cursive
… Given the amount of time I spend on computers, it would be easy for an opinionated observer to count my handwriting as another victim of computer technology. But I knew script, I used it throughout high school, and I shifted away from it during the time when I was writing most.
My experience with fountain pens suggests a new answer. Perhaps it’s not digital technology that hindered my handwriting, but the technology that I was holding as I put pen to paper. Fountain pens want to connect letters. Ballpoint pens need to be convinced to write, need to be pushed into the paper rather than merely touch it.




What other industry provides this much humor each week?
Hack Education Weekly News
Via the LA School Report: “LA Unified said today its inspector general is ‘looking into’ the possibility that nearly 100 district employees used district email addresses to contact ashleymadison.com, a website that promotes extra-marital affairs, calling itself ‘the most famous name in infidelity and married dating.’”
… “The New York City charter school that made the largest gains on state English tests also made an unprecedented decision to grade its own students’ exams,” Chalkbeat reports.
… The University of Maryland University College says it will be textbook-free by the fall of 2016.
Via Boing Boing: “Cute Wonder Woman lunchbox banned from school for being too violent.” [Clearly we have become a nation of sheep, more concerned with political correctness that reality. Bob]
… “Buzzwords May Be Stifling Teaching Innovation at Colleges,” says The Chronicle of Higher Education’s Jeffrey Young.


Friday, August 28, 2015

Another industry that won't give us that warm fuzzy feeling we crave.
Health Care and Cyber Security: Increasing Threats Require Increased Capabilities
by Sabrina I. Pacifici on Aug 27, 2015
At the core of the increased risk to healthcare organizations is the richness and uniqueness of the information that the health plans, doctors, hospitals and other providers handle. Apart from typical financial fraud, there is also the possibility of medical insurance fraud, or, in the case of providers, attacks on computer-controlled medical devices. As this is the largest part of the U.S. economy and a safeguard of peoples’ well-being, healthcare is a matter of national security. Despite such significant repercussions of a cyber-attack, the healthcare sector lags in terms of its preparedness for cyber threats. As recent events have made clear, protecting information is not easy. Hackers will find opportunities to exploit flaws in the way healthcare organizations currently fund, manage, enable, organize and implement their information protection capabilities. In terms of technical capabilities, the healthcare industry is behind other industries in protecting its infrastructure and electronic protected health information (ePHI) – as commonly seen in the use of outdated clinical technology, insecure network-enabled medical devices, and an overall lack of information security management processes…”




How about, “Show us that Best Practices were in place and functioning and we'll wave all fines.” It should also help your defense in all those pesky Class Action lawsuits.
Oh, this is an intriguing approach. Alice Marini reports:
The Korean Communications Commission (KCC) announced, on 21 August 2015, the implementation of a new penalty scheme, which allows companies, that have voluntarily reported a data breach to the KCC, to receive a reduction on the total administrative fine prescribed of up to the 30% (‘the New Reduction Scheme’). The New Reduction Scheme operates in addition to the KCC’s penalty regime, by helping companies to mitigate a fine for a data breach, when they proactively cooperate with the KCC during the investigations.
Read more on DataGuidance.




Update your target list...
US Energy Secretary: We Should Worry About Hacked Cars
… At the National Clean Energy Summit, former Clinton Chief of Staff John Podesta—now Hillary Clinton’s campaign chairman—asked Moniz if the prospect of cyber attacks on the electric grid keeps him awake at night.
“Yes,” Moniz replied, but he suggested the electric grid was not the most vulnerable system.
… More attention should be paid to other vulnerabilities, Moniz continued, such as major natural-gas compressor stations and private vehicles.
“We have to worry about the increasing intelligence in things like vehicle and traffic management.
… Earlier this year Sen. Ed Markey’s office released a report on the vulnerability of private vehicles to cyber attacks, which found that nearly all new vehicles “include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.”
… Moniz called for increased training of cyber security professionals, an initiative partially undertaken by the National Nuclear Security Administation.




Another encounter Google never anticipated. Sounds like the guy on the bicycle was playing with the Google car. Probably have the same problem with unicycles and Segways.
How fixed-gear bikes can confuse Google’s self-driving cars




A win is a loss and a loss is a win? I'm so glad I'm not a lawyer.
Gus Hurwitz has a slightly different take on the Third Circuit’s opinion in FTC v. Wyndham. On the issue of notice, he writes, in part:
The court goes on to find that Wyndham had sufficient notice of the requirements of Section 5 under the standard that applies to judicial interpretations of statutes. And it expressly notes that, should the district court decide that the higher standard applies – that is, if the court agrees to apply the general law of data security that the FTC has tried to develop in recent years – the court will need to reevaluate whether the FTC’s rules meet Constitutional muster. That review would be subject to the tougher standard applied to agency interpretations of statutes.
Should this happen – should the FTC convince the district court that its prior cases are relevant – the Third Circuit’s opinion bears ill portents for the Commission.
Read more on TechPolicyDaily.com.




An encounter Google has had before and will continue to have.
European Publishers Play Lobbying Role Against Google
BERLIN — In private sessions this summer, giant publishers and media companies from Germany, France and elsewhere have met with European officials about proposals to regulate Europe’s digital economy. The discussions have covered a broad range of contentious issues, according to public disclosures and several people who attended or were briefed on the meetings. Central to almost all of them has been limiting the reach of a single American company: Google.
… “The argument is simple enough: Publishers want money from Google,” said Till Kreutzer, a German lawyer who has campaigned against these new copyright proposals. “Many European politicians are open to listening to that type of proposal.”




Perspective.
Facebook has a billion users in a single day, says Mark Zuckerberg
For the first time over a billion people used Facebook on a single day, according to company founder Mark Zuckerberg.
The "milestone" was reached on Monday, when "1 in 7 people on Earth used Facebook to connect with their friends and family", he said in a post.
Facebook has nearly 1.5 billion users who log in at least once a month, but this was the most in a single day.




Useful when teaching software like Excel.
Microsoft Snip brings Windows screenshots to life with voice and ink
Microsoft has a new Office tool that's really useful if you regularly take screenshots. Microsoft Snip, available in beta now, allows Windows users to capture screenshots and then annotate on them and record audio over the top. It can turn an ordinary screenshot into a screen tutorial, or just a neat way to share your thoughts about a document or image over the web. While Windows has long included its own Snipping Tool, Microsoft Snip is a lot more powerful.
… Basic captures are automatically copied to the clipboard, but if you add audio then it's automatically transformed into an MP4 file that can be embedded on websites or viewed from a URL hosted on Microsoft's servers (providing you opt to upload it). Otherwise, all screenshots are stored locally by default.
… Microsoft Snip is being offered as a free beta for now, and there's an option within the app to send feedback straight to Microsoft about its features.




We don't teach cursive writing, perhaps students no longer need to read either. (Thinking was apparently tossed out years ago.)
More People Have a Summer 'Streaming' List Than a Summer Reading List (Infographic)
Summer used to be synonymous with poring over a juicy read at the beach, or curling up next to a good book outside on the porch.
But not anymore. A new survey conducted by New York-based research firm Miner & Co. Studio reveals that, while 76 percent of Americans say they have a summer reading list, 85 percent report to having a summer “streaming” list -- a catalog of content that they intend to binge before summer ends.
And the great outdoors has slowly become the venue of choice for streaming. Sixty-four percent of participants said that they are consuming video in places where they used to spend time reading outside, including on porches, decks, backyards, beaches and lakes.




This could be useful on occasion.
How To Transcribe A YouTube Video
… We’ve looked at how to download videos from YouTube before. We’ve dissected all the ways you can convert a video file to an MP3. But we’ve never looked at how to convert a YouTube video to text.
It turns out, it’s surprisingly easy, with a couple of caveats. Here’s how to do it in the browser, on your computer, and with the help of someone else.


Thursday, August 27, 2015

Disclosure, what a concept! Does this suggest that failure to disclose breaches was common?
Aliya Sternstein reports:
New sweeping defense contractor rules on hack notifications take effect today, adding to a flurry of Pentagon IT security policies issued in recent years.
Just this month, the Office of Management and Budget proposed guidelines to homogenize the way vendors secure data governmentwide. The Defense Department had already released three other policies that dictate how military vendors are supposed to handle sensitive IT.
Now, industry, which is already concerned about overlapping and burdensome cyber rules, worries the Pentagon will go back and retroactively change contracts, after the White House draft is finalized.
Read more on NextGov.




The joy of a large data breach.
Kevin M. McGinty of Mintz Levin writes:
Card-issuing banks are forging ahead with their lawsuit against Target arising from the 2013 holiday shopping season data breach. Their July 1 motion for class certification has just been unsealed, allowing a glimpse at plaintiffs’ version of the events during November and December 2013 that resulted in theft of payment card data for 40 million Target customers.
Read more on National Law Review.




“Authorized” vs “Unauthorized” access. If you are authorized to access the data, you are not in violation of the Computer Fraud and Abuse Act, no matter what you do with the data you obtain?
Orin Kerr writes:
The Ninth Circuit has handed down United States v. Christensen, a case that touches on a bunch of computer crime issues that include the scope of the Computer Fraud and Abuse Act (CFAA). The court overturned CFAA convictions for employee misuse of a sensitive database. I think that result is correct, although I’m a bit puzzled by the way the court reached it.
The new case involves several defendants that were involved in the Pellicano Investigative Agency.
Read more on The Volokh Conspiracy.




For my Computer Security students.
EY, LANL make new cybersecurity tools available to private sector
by Sabrina I. Pacifici on Aug 26, 2015
News release: “Ernst & Young LLP and Los Alamos National Laboratory have formed a strategic alliance to deliver some of the most advanced behavioral cybersecurity tools available to the commercial market.
[From the release:
The first product to be introduced through the alliance will be PathScan®, a network anomaly-detection tool that searches for deviations from normal patterns of communication that might be indicative of an intrusion.
… According to the most recent EY Global Information Security Survey, more than half (56%) of executives said their company would be unlikely to detect a sophisticated cyberattack.
… For more information about EY’s strategic alliance with Los Alamos, visit www.ey.com/losalamos




Is this because the Paparazzi are out of control?
Drones would be prohibited over private property in California
… The drone bill, by Sen. Hannah-Beth Jackson (D-Santa Barbara), would make flying a drone less-than 350 feet above private property without consent a trespass violation.
"If you drive on someone's property with a car, you're trespassing. If you're looking on someone's property to break in, you're trespassing," [Is that correct? Bob] said Assemblyman Mike Gatto (D-Los Angeles), who presented the bill on the floor. "It makes no sense that a drone should be able to look in your window and the operator should not be guilty of the same trespass."




Would my students pay attention if my teaching assistant was the Terminator?
Forrester Report – Humans and Robots working side by side
by Sabrina I. Pacifici on Aug 26, 2015
InformationWeek, Thomas Claburn: “Robots will not take all our jobs, but that doesn’t mean their arrival will be without consequence. Automated systems — ranging from free-roaming bots to computerized kiosks, to pure software — will replace human labor, and it will demand more of it. Unfortunately for humans, research firm Forrester anticipates more jobs being lost than being created in the next decade. In a Forrester report published on Monday, “The Future of Jobs, 2025: Working Side By Side With Robots,” lead author J.P. Gownder argues that fears of robots supplanting humans in the labor force exaggerate the impact of automation. The more salient issue, he says, is that people will find themselves working with automated systems more frequently. Gownder contends that nightmare scenarios rest on flawed logic. Dystopian entertainment about malevolent robots stokes cultural and psychological fears that distort data with emotion, he says. The most alarming research, like the 2013 paper from Oxford professors Carl Frey and Michael Osborne that foresees as many as 47% of jobs being automated away, offers the fuzziest predictions…”


(Related) Dilbert interprets this report...




Another tool users can totally rely on. Every answer their smartphones return will be correct! Well, almost everything...
Smartphone, smartphone in my hand
Who's the fairest in the land?
(Huh, that might make an amusing App)
Behind The Siri Killer Facebook M, A Battle Over AI's Future
Facebook’s test release today of a digital assistant inside its Messenger app is a shot across the bow of the Internet’s biggest companies: Apple, Google, Microsoft, and Amazon.com. It’s also the latest salvo in a high-stakes battle over the ways artificial intelligence should transform the way we live and work.
Facebook M is intended to allow users of Facebook Messenger to pose any query or service request in natural language and get a personalized answer immediately. The key wrinkle that sets it apart from Apple’s Siri, Google Now, and Microsoft Cortana is that there’s a team of human “trainers” who will step in when the machines aren’t quite up to the challenge.




“Ease of use” has a downside.
When a Snuff Film Becomes Unavoidable
… Two videos of the murders exist. The first was broadcast live, on TV, at the time of the killing. The second was taken by the gunman himself. He posted it to Twitter and to Facebook after the murder.
Both social media companies quickly suspended his accounts and removed the videos. For the 10 or 15 minutes before that, though, the videos circulated widely on both services as users shared them out of horror, confusion, or some other emotion.
In the past 12 months, both Twitter and Facebook have begun auto-playing videos when they appeared in a user’s feed. If a video comes across your feed, or you accidentally open it in a tab or tap a link on your phone, the video pops up and just starts playing. You do not have the option to figure out the video’s context, and choose whether to press play: On both Twitter and Facebook, the footage just starts rolling.




Some people have no privacy, even off screen?
Kristin Magaldi reports:
In a recent mandate made by the AIDS Healthcare Foundation (AHF) that spurned panic in the adult film industry, performer health records dating back to 2007 are to be reviewed to help diminish the spread of STDs. The subpoenas detailed that test results and information from health care facilities like Cutting Edge Testing, Talent Testing Service along with another clinic that specifically caters to adult film stars will be reviewed to ascertain past infections.
Read more on Medical Daily.
For more background and applicability of HIPAA, search PHIprivacy.net for “AHF.”




Will some small country adopt strict privacy laws hoping all the money in Swiss banks will transfer to them? It's also possible one or more Swiss banks will buy a small country...
Press Trust of India reports:
At a time when it is under global pressure, including from India, on black money menace, the Swiss government has rejected the popular initiative to allow strict privacy in financial matters.
The decision also comes at a time when Switzerland is slowly shedding the veil of its famed banking secrecy practices amid global efforts being stepped to curb flow of illicit funds in the financial system.
Read more on Business Standard.




Perspective. Written for libraries, but others can learn a bit too. (Lots of interesting numbers to quote)
The Internet of Things – 50 Billions Connected Devices and Objects by the Year 2020
by Sabrina I. Pacifici on Aug 26, 2015
OCLC – NextSpace 24 – Libraries and the Internet of Things: “A world divided by the prospect of a world connected. The simplest definition of the Internet of Things (IoT) might be: real-world objects connected to the Internet, sending and receiving data. But beyond that, there is little consensus on what the specific technical infrastructures of IoT might look like; what kind of standards would be required; who should set those standards; what the specific business cases for various industries should be; and the relationships between personal, private data about individuals vs. information about their connected things. Likewise, in an informal poll of more than 100 librarians, we found that the term “Internet of Things” itself was less familiar than some specific examples of the “smart” or “networked” objects that are beginning to comprise IoT, such as smart watches, medical monitors, smart appliances and self-driving cars…”




No one notices the running car in their garage? Is this a lawsuit based on what some car owners think their cars will do rather than what they actually do? Do we have a duty to protect people who live in a world they create in their mind? (If so, can I sell them Dragon Insurance?)
Ten automakers are sued over keyless ignitions
Ten of the world's biggest automakers were sued on Wednesday by consumers who claim they concealed the risks of carbon monoxide poisoning from millions of vehicles equipped with keyless ignitions.
The lawsuit attributed at least 13 deaths to the problem, which it said arises when people mistakenly leave their vehicles running after removing their key fobs, sometimes in garages, believing that doing so turns off the engines. [But never checking? Bob]
… It seeks an injunction to require the automakers to install a feature that would automatically turn off unattended engines after a period of time. It also seeks compensatory and punitive damages, among other remedies.
The case is Draeger et al v. Toyota Motor Sales USA Inc et al, U.S. District Court, Central District of California, No. 15-06491.


(Related) Not clear if different demographics use a different combination of features. In any case, I have no doubt manufacturers will drop anything that does not help sell cars.
Connection Lost: Many Drivers Ignoring Technology Advancements In Today’s ‘Connected Cars’
If you've recently purchased a new vehicle, have you've actually taken advantage of all of its provided technology features? According to a survey conducted by J.D. Power, most don't. Most don't even take advantage of half of them.
It's estimated that because of these untouched features, consumers are wasting billions of dollars, and likewise, car vendors are wasting billions installing them in the first place.




Automating psychoanalysis? What if it's the computer driving you crazy?
Computers Can Predict Schizophrenia Based on How a Person Talks
… Most of the time, people don’t actively track the way one thought flows into the next. But in psychiatry, much attention is paid to such intricacies of thinking. For instance, disorganized thought, evidenced by disjointed patterns in speech, is considered a hallmark characteristic of schizophrenia. Several studies of at-risk youths have found that doctors are able to guess with impressive accuracy—the best predictive models hover around 79 percent—whether a person will develop psychosis based on tracking that person’s speech patterns in interviews.
A computer, it seems, can do better.
That’s according to a study published Wednesday by researchers at Columbia University, the New York State Psychiatric Institute, and the IBM T. J. Watson Research Center in the Nature Publishing Group journal Schizophrenia. They used an automated speech-analysis program to correctly differentiate—with 100-percent accuracy—between at-risk young people who developed psychosis over a two-and-a-half year period and those who did not.




Perhaps we could add something like this to the University Portal to keep our students sharp?
Man Discovers Google’s Secret Hiring Process, Lands Himself A Job
According to a post by Max Rosett, he was Googling for programming terms one day when he was suddenly greeted by the screen you see above. While Rosett was initially skeptical at first, it was later revealed that this was apparently a secret hiring process employed by Google that was designed to test applicants.
Rosett managed to pass a variety of tests which safe to say he did not share the information publicly, but according to him was pretty tricky.
When it was all said and done, a Google recruiter got in touch with him, after which he managed to secure a more regular interview, and at the end of the day he managed to nab himself a job at Google!




It's that time of year again.
NFL without cable: A cord cutter’s guide for the 2015/2016 season
Among all the major U.S. sports, NFL football is arguably the easiest to watch without a pay-TV subscription.
… With the NFL season just a couple weeks away, now’s a good time to run through all the ways that cord cutters can watch or stream NFL games so you’ll be ready for kickoff:




For my students who read. (a list of sources)
Read the World’s Best Books for Free With The Harvard Classics




I push WolframAlpha to my Math students. Imagine my surprise to find there are other uses!
20 Ways Everyday Life is Easier with Wolfram Alpha




An infographic for Marketing students?
Connected Consumers: A Day in the Life (Infographic)
… This infographic from SAP showcases data from its Customer Insights and Analytics in Telcoms Market Survey. Take a look for one portrayal of how today's connected consumers interact with brands, showing the range of experiences possible for your brand.




An infographic of each minute on the Internet. (Makes a nice poster)
Data Never Sleeps 3.0




My students have etiquette?
Americans’ Views on Mobile Etiquette
by Sabrina I. Pacifici on Aug 26, 2015
“Cellphones and smartphones have become a mainstay in the lives of many Americans, and this has introduced new challenges into how users and non-users alike approach basic social norms and etiquette. People are sorting through new rules of civility in an environment where once-private conversations can easily be overheard in public places and where social gatherings can be disrupted by participants focusing on digital screens instead of their in-person companions. This Pew Research Center report explores newly released survey findings about Americans’ views about the appropriateness of cellphone use in public places and in social gatherings and the way those views sometimes conflict with their own behaviors…”


(Related) Harvard says it's important.
Research: Technology Is Only Making Social Skills More Important
… “The Growing Importance of Social Skills in the Labor Market,” shows that nearly all job growth since 1980 has been in occupations that are relatively social skill-intensive — and it argues that high-skilled, hard-to-automate jobs will increasingly demand social adeptness.


Wednesday, August 26, 2015

Will the FTC go after Target for inadequate security?
Evan Ramstad reports:
The Securities and Exchange Commission decided not to penalize Target Corp. for the 2013 cyberattack that led to the exposure of data for millions of the retailer’s customers, the company said Tuesday.
The agency was one of several governmental entities to investigate the company in the wake of the attack, one of the largest against a U.S. company.
In its quarterly results document, filed with the SEC and published by the agency on the Internet for investors to see, Target said the investigation ended during the May-to-July period. It said the SEC “does not intend to recommend an enforcement action against us.”
Read more on Star Tribune.




As a Security Manager, you could panic or drop out and become a hacker.
Juliet Williams of AP reports:
Many California state agencies are not complying with the state’s information technology standards, leaving them vulnerable to a major security breach of sensitive data such as Social Security numbers, health information or tax returns, the state auditor reported Tuesday.
“Our review found that many state entities have weaknesses in their controls over information security. These weaknesses leave some of the state’s sensitive data vulnerable to unauthorized use, disclosure, or disruption,” Auditor Elaine Howle wrote in the report.
Read more on LompocRecord.com
Related files for “High Risk Update— Information Security” audit:




Just keeping investors informed requires some serious analytics.
Twitter questioned by SEC on user stats
The Securities and Exchange Commission earlier this year asked Twitter about its decision to stop reporting "timeline views", a longtime metric to measure user engagement, according to documents released on Monday.
Twitter decided in April to stop reporting timeline views — the number of visits, timeline refreshes and searches on the site — because it says that changes in its offerings rendered the metric unnecessary.
The SEC asked then-CEO Dick Costolo whether the company would publicly release new ways to measure engagement with the service in an April letter released Monday and reported by The Wall Street Journal.
“Please describe the alternative metric(s) you anticipate presenting in future filings to explain trends in user engagement and advertising services revenue,” the agency asked. “Also, please describe your reasons for choosing such metric(s).”
It also asked the company to provide data for how the number of advertisers on the platform and average revenue per advertiser broke down by “channel and geography.” The agency said that providing that information to the public could “prove informative to investors if you consider them to be material to investors’ understanding of those key factors impacting current and prospective levels of advertising services revenue."
Twitter responded in May by noting that a new filing included numbers related to how users responded to ad products and the price that ad buyers paid for those actions. The Journal reported that the SEC stopped pursuing the issue after the company’s response.




Is the Chinese government looking for people to blame?
As Markets Flail, China Investigates Large Brokerage Firms
The authorities in China have opened two investigations into the country’s biggest brokerage firms amid market turmoil.
The police are investigating eight executives from Citic Securities, China’s biggest brokerage firm, on suspicion of illegal securities trading, Xinhua, the official news agency, reported late Tuesday.
In addition, staff members from the main stock market regulator, China Securities Regulatory Commission, and a reporter were been taken into custody, Xinhua said.
The reporter, from the respected news outlet Caijing, was identified by Caijing as Wang Xiaolu and wrote an article last month that said the government was considering withdrawing its support for the stock market. [That's exactly what it looked like. Bob] The report prompted a denial from the securities regulator, but was later seen as contributing to a huge plunge in Chinese stocks in late July.




I thought you were supposed to find people in the “other party” who made the same mistakes? This makes it look like a “Democrat thing.”
Is Amb. Caroline Kennedy using private email for government business?
Senior staff at the U.S. Embassy to Japan, including Ambassador Caroline Kennedy, have used personal email accounts for official business, an internal watchdog said in a report Tuesday. Some emails contained sensitive information.
The State Department's Office of Inspector General said that it identified instances where emails labeled "sensitive but unclassified" [Better than “Top Secret” Bob] were sent from or received by personal email accounts. Department policy is that employees generally should not use such accounts for official business, the watchdog's office said.




How appropriate. Some people think they will cause crashes, Florida want's them to catch crashes.
Self-driving ‘crash’ trucks to hit Florida highways this year
The first autonomous vehicles to hit US highways will not be Google or Apple cars, but self-driving trucks – and they will be riding roads in Florida by the end of the year.
The self-driving construction vehicles, fitted with special rear-end crash barriers and lights, have been successfully demonstrated, driving using GPS waypoints and following a lead car, mimicking its path, braking and speed.
The specialised crash trucks are fitted with large signs to warn road users of the presence of workers and are used to protect construction crews resurfacing roads, painting lines, inspecting bridges or installing traffic signals.




For my IT Governance students.
FDIC Publication Focuses on the Critical Role of Corporate Governance
by Sabrina I. Pacifici on Aug 25, 2015
News release: “The Federal Deposit Insurance Corporation (FDIC) today released the summer 2015 issue of Supervisory Insights. The lead article, “Strategic Planning in an Evolving Earnings Environment,” highlights the critical role of corporate governance and strategic planning in navigating a challenging operating environment. “Although the financial performance of banks is steadily improving, the operating environment remains challenging,” said Doreen R. Eberley, Director, Division of Risk Management Supervision. “Strategic planning can be a tool for an engaged bank management team to deal with tradeoffs between risk and return and promote sustainable earnings.” Another article, “Bank Investment in Securitizations: The New Regulatory Landscape in Brief,” summarizes important new requirements related to investment in securitizations as a result of the enactment of the Dodd-Frank Act, including potential effects on bank capital. The article also explains how an investment decision process can be structured to help a bank remain compliant with these new requirements. The “Regulatory and Supervisory Roundup” provides an overview of recently released regulations and supervisory guidance. Supervisory Insights provides a forum for discussing how bank regulation and policy are put into practice in the field, promoting sound principles and practices for bank supervision, and communicating about the emerging issues that bank supervisors face.”




Is a street eligible to be on the Internet of Things? (Is a hole a thing or a non-thing?)
Google Patents Pothole Detection System
… As first spotted by AutoBlog, Google was recently granted a patent covering a system capable of detecting road quality conditions, which in theory could allow it to deliver warnings of potholes and other road quality issues to its users.
A pothole mapping database would further enhance the already widely used Google Maps, and could also be plugged into an autonomous driving system, which Google has been extensively testing. [Imagine a self-driver swerving to avoid potholes and cops trying to pull the car over to administer a sobriety test... Bob]




If I'm thinking of buying a cheap phone, am I an “emerging market?”
Nokia 222 Is Microsoft’s $37 Phone With Month-Long Battery Life
Many have been waiting for Microsoft to launch the two high-end Lumia handsets that we keep hearing about every now and then, Microsoft has launched two new phones today but they’re far from those Lumias. The company has launched the Nokia 222 and Nokia 22 Dual SIM today, it can still use the Nokia brand so don’t get confused and start thinking that the Finland-based company is back in the game, these are cheap smartphones aimed squarely at emerging markets.




One of my students showed me this Python package.
Anaconda
Anaconda is a completely free Python distribution (including for commercial use and redistribution). It includes over 195 of the most popular Python packages for science, math, engineering, data analysis.




Geeky, but probably useful.
MIT Researchers Create Resilient File System That Is Impossible To Crash
You might imagine that in 2015, we'd have a plethora of file systems that could guarantee the integrity of our data in the event of a crash - but that isn't exactly the case. While there are a handful of quality file systems that are much better than others from a data integrity standpoint (ZFS being a good example), none of them can guarantee without a benefit of a doubt that when a system crashes, absolutely no data is going to be lost.
Well, except for the file system that MIT researchers have just revealed, which is set to be presented at the ACM Symposium on Operating Systems Principles in October. The file system's researchers claim that their new file system is mathematically proven to not lose track of data in the event of a crash. While the methods will result in a performance penalty, that could be a small cost for guaranteed data integrity.
To achieve the file system's goal, its developers rely on a technique called formal verification, which can prove or disprove the intended effect of the algorithms used. Again, this is going to impact performance, as it would on any file system that has added data integrity checks.




Enquiring minds want to know...
Why People Are Drawn to Narcissists Like Donald Trump




My beer is quite near.
Too near I fear.
I'll abstain, I swear...
(At least until noon)
Booze at our door in 34 minutes: Testing Amazon’s new Prime Now alcohol delivery service
Amazon debuted one- and two-hour delivery of beer, wine and liquor in the U.S. this morning along with the launch of the Amazon Prime Now service in its hometown of Seattle. We’ve tested just about every type of delivery service at the GeekWire offices, so we thought to ourselves, why should this be an exception?
Thirty-four minutes later, we were pouring screwdrivers in the break room.




For my researching students.
Good Online Bookmarking Tools for Students




If we could do this for textbooks, I'd push it to my students who won't/can't read them. (Business opportunity?)
TuneIn takes the ads out of your on-the-go real radio
TuneIn, the site best known for streaming thousands of radio stations online, is angling to become the one-stop shop for everything you feed into your ears.
The company on Tuesday added an $8-a-month subscription that unlocks a variety of new perks: It removes the audio ads from 600 radio stations, streams audio play-by-plays from Major League Baseball and from Premier League soccer, and opens up aisles of audiobooks.
… Radio stations that stream with TuneIn already have devices in place to swap their ads on the regular broadcast with digital ads for the online one. TuneIn's commercial-free feature simply helps the programmer play a song the same length as the ad break instead.
… In audiobooks, subscribers have unlimited access to a library from publishers like Penguin Random House, HarperCollins and Scholastic, including the "Hunger Games" and "Harry Potter" series. Subscribers will also have access to 16 different language-learning programs.


Tuesday, August 25, 2015

This is such a great “example of bad.” It will be interesting to see if they structured their corporation(s) to 'break away” (into bankruptcy) as they get swamped with lawsuits.
Ashley Madison hauled to court in class action suits over data breach
… Suits filed in federal courts in California and Texas by people using John Doe as a pseudonym, claim for damages, alleging that Avid Life Media, the parent company based in Toronto, did not have adequate and reasonable measures to secure the data of users from being compromised, and failed to notify users in time of the breach.
… At least five suits seeking class-action status have been filed in Canada and in U.S. courts in California, Texas and Missouri, according to NBC.
… The Rosen Law Firm, for example, last week announced it had initiated a class action lawsuit investigation regarding a potential debit and credit card breach at Ashley Madison, and was also looking at consumer fraud claims in connection with the website's “Full Delete” service, which purported to eliminate user profiles and traces on its website and database in exchange for a fee.


(Related) You see why I want to collect all this stuff?
Can feds be fired for adultery? The government is combing through thousands of e-mail addresses that turned up in the Ashley Madison leak
Now that the Ashley Madison hack has outed as many as 15,000 federal employees and active duty military, government agencies say they’re combing through the e-mail addresses of possible adulterers to see if their extramarital activity on work time amounts to anything punishable.
The rules of the game for morality in federal offices may be straightforward for pornography (watching it can definitely get you fired) — but the kind of skeleton in the closet that showed up in the trove of 36 million users exposed on the cheating Web site presents officials with a murkier problem, experts say.


(Related) Probably best to do your hacking away from the office systems. (Could AM's hackers have used the same security hole?)
Leaked AshleyMadison Emails Suggest Execs Hacked Competitors
Hacked online cheating service AshleyMadison.com is portraying itself as a victim of malicious cybercriminals, but leaked emails from the company’s CEO suggests that AshleyMadison’s top leadership hacked into a competing dating service in 2012.
… On Nov. 30, 2012, Raja Bhatia, the founding chief technology officer of AshleyMadison.com, sent a message to Biderman notifying his boss of a security hole discovered in nerve.com, an American online magazine dedicated to sexual topics, relationships and culture.
At the time, nerve.com was experimenting with its own adult dating section, and Bhatia said he’d uncovered a way to download and manipulate the nerve.com user database.
“They did a very lousy job building their platform. I got their entire user base,” Bhatia told Biderman via email, including in the message a link to a Github archive with a sample of the database. “Also, I can turn any non paying user into a paying user, vice versa, compose messages between users, check unread stats, etc.”




For my IT Governance students. Makes what you are learning even more valuable! (You're welcome)
Appeals Court Upholds FTC’s Data Security Authority
by Sabrina I. Pacifici on Aug 24, 2015
EPIC – “A federal appeals court ruled that the Federal Trade Commission can enforce data security standards. In FTC v. Wyndham, the agency sued Wyndham hotels after the company exposed financial data of hundreds of thousands of customers. The company argued that the FTC lacked authority to enforce security standards, but the court disagreed. EPIC filed an amicus brief, joined by leading technical experts and legal scholars, defending the FTC’s “critical role in safeguarding consumer privacy and promoting stronger security standards.”




This is not for “every day” backups. This is for that first transfer of data or for a huge bump in your data flow. Think of a small law firm that suddenly has to handle a few petabytes of digital evidence. Then think who you would trust to handle that data.
Google Expands Cloud Storage with Offline Import/Export Service
Backing up data is one of the most important parts of running a company. The problem arises when a business has too much data and too little time to get it all into the cloud.
To help businesses get their data under control, Google is expanding its Cloud Storage service by allowing third party-providers to upload data to the platform on a business's behalf.
First launched in 2013, businesses were previously only allowed to use the feature to back up their hard drives into Google Cloud Storage. Now expanded into a major feature called Offline Media Import/Export, this update now lets businesses physically mail all types of storage devices — such as hard drives, tapes and USB flash drives — to companies that will back up their data for them.




Not everyone can block a specific page on a website. (Their tools lack granularity.)
Moscow lifts ban on Russian Wikipedia
Moscow on Tuesday lifted a ban on the Russian-language version of Wikipedia less than a day after imposing it.
Internet regulator Roskomnadzor said an article about Charas, a form of hashish, ruled illegal by a local court in June, had now been sufficiently edited on Russian Wikipedia to put the online encyclopedia in compliance with the ruling.
The webpage has therefore been excluded from its internet blacklist, it added.
Several Russian internet service providers started blocking access to the Russian-language Wikipedia site after the regulator added it to its registry of forbidden information on Monday.
Internet users in some Russian regions saw a notice from the registry instead of the Wikipedia page when trying to access it.
Wikipedia said the outlawing of some information triggered a blacklisting of the entire service because the website uses the secure protocol HTTPS which prevents the filtering and censoring of its content from the outside. [Some ISPs had no problem blocking only the target page... Bob]




Are we becoming a nation afraid of our own shadows or is this another case of “we gotta do something!”? What is the probability that any of these locations will experience a terrorist-like attack? Are Movie theaters more dangerous than driving to work?
Another reason NOT to go to the movies.
Joe Cadillic writes:
The Regal Entertainment Group – the nation’s largest movie theater chain just added a bag and purse check policy as a so-called security measure in some of its theaters, which undoubtedly will include every theater soon!
Regal Entertainment’s website uses public safety as a reason to ILLEGALLY search everyone’s handbag, backpacks etc.
“Security issues have become a daily part of our lives in America. Regal Entertainment Group wants our customers and staff to feel comfortable and safe when visiting or working in our theatres. To ensure the safety of our guests and employees, backpacks and bags of any kind are subject to inspection prior to admission. We acknowledge that this procedure can cause some inconvenience and that it is not without flaws, but hope these are minor in comparison to increased safety.”
Jim Davis, a public safety expert who served as Homeland Security advisor to Governor John Hickenlooper promises soon EVERYONE will be TSA searched at movie theaters:.
“There is no question in my mind that there are meetings going on as we speak, talking about improving security and associated liability. I think it will take time to happen… By necessity now – from a liability standpoint, movie theaters are going to have to step up.” [Really? Bob]
On July 29th., I reported how AMC and SMG movie theaters are working with DHS to establish TSA checkpoint searches at movie theaters across the country!
Don’t think TSA security searches are coming to a theater near you? Senator Tony Avella is working on legislation to introduce metal detectors at theaters, malls and sports stadiums.
Read more on MassPrivateI




This drives up the “Big Brother Index” (Yeah, I made that up)
Mike Masnick writes:
Over the last few years, we’ve published a ton of stories about the growing police reliance on Stingray cell site simulator devices (also known as IMSI catchers), that mimic a real cell phone tower and help provide the location of a certain mobile phone. As we’ve written, these devices have been super popular with police departments, who often receive them from the federal government with strict non-disclosure agreements, which means law enforcement has been known to lie to courts or simply drop cases where the usage is at risk of coming out in court.
It seems that this story is getting more and more national attention.




For my Computer Security and Ethical Hacking students.
Mandatory Minimum Sentencing: Federal Aggravated Identity Theft
by Sabrina I. Pacifici on Aug 24, 2015
CRS report vai FAS – Mandatory Minimum Sentencing: Federal Aggravated Identity Theft – Charles Doyle, Senior Specialist in American Public Law. August 20, 2015.
“Aggravated identity theft is punishable by a mandatory minimum sentence of imprisonment for two years or by imprisonment for five years if it relates to a terrorism offense. At least thus far, the government has rarely prosecuted the five-year terrorism form of the offense. The two-year offense occurs when an individual knowingly possesses, uses, or transfers the means of identification of another person, without lawful authority to do so, during and in relation to one of more than 60 predicate federal felony offenses (18 U.S.C. 1028A). Section 1028A has the effect of establishing a mandatory minimum sentence for those predicate felony offenses, when they involve identity theft. A sentencing court has the discretion not to “stack” or pancake multiple aggravated identity theft counts and, as with other mandatory minimums, may impose a sentence of less than the mandatory minimum at the request of the prosecution based on the defendant’s substantial assistance. More than half of the judges responding to a United States Sentence Commission survey felt the two-year mandatory minimum penalty was generally appropriate. The Commission’s report on mandatory minimum sentencing statutes is mildly complimentary of the provision.”




Some low hanging fruit for recruiters?
Law Firms’ Grueling Hours Are Turning Defectors into Competitors
In this latest flurry of debate about working long hours, some have intimated that overwork is inevitable in highly competitive industries such as law, finance, and high tech.
But that’s just not true.
We’ve all heard by now that productivity decreases with overwork, while attrition and health care costs increase. What you may not have heard is that businesses who drive people relentlessly create competitors who poach top talent by offering a more humane way to work.
A new study from the Center for WorkLife Law reports on this phenomenon in the legal profession. The report identifies over 50 entrepreneurial businesses that offer lawyers jobs with better work-life balance than large law firms offer. Big Law, meet New Law.


(Related) Making life easier for those poor suffering lawyers.
App adds features to Westlaw and Lexis – makes legal research faster and easier
by Sabrina I. Pacifici on Aug 24, 2015
Bestlaw, a robot for legal research [via Bob Ambrogi]
“Features – When you read a document—like a case, statute, or law review article—Bestlaw adds a toolbar with these features:
  • Copy a perfect Bluebook citation with one click
  • Read documents in a clean, readable view with beautiful typography
  • Prevent getting automatically signed off
  • Collapse and expand statutory sections
  • Automatically generate a clickable table of contents for any document
  • One-click copying for citations, titles, docket numbers, and full text
  • Highlight hard-to-see page numbers
  • Jump between footnotes and the main text without losing your place
  • Instantly look up information about a case on Wikipedia and other sources
  • Share the document by email or on Facebook, Twitter, and Google+…”




Always sad to see less humor in the world. But, you gotta keep your politicians happy.
Twitter kills project that saved politicians' deleted tweets
Twitter is effectively killing off a project in 30 countries that archives the deleted tweets of politicians and diplomats — months after doing the same thing in the United States.
The Open State Foundation, which runs the projects, said Twitter informed it over the weekend that it was revoking access to its Application Programming Interface (API), which allowed programmers to use the tool that automatically archives the deleted tweets of politicians.
… The social media company did the same thing to the U.S.-based Politwoops project run by the Sunlight Foundation back in May. At the time, Twitter said the project violated the company’s developer agreement related to privacy.




Perspective.
Mobile Messaging and Social Media 2015
by Sabrina I. Pacifici on Aug 24, 2015
Pew Report – Mobile Messaging and Social Media 2015 – August 19, 2015: “In today’s world, people — particularly young people — are continually finding and adapting new ways of communicating electronically to fit their needs. Case in point: 2015 marks the first time Pew Research Center has asked specifically about mobile messaging apps as a separate kind of mobile activity apart from cell phone texting. And already, according to a new survey, 36% of smartphone owners report using messaging apps such as WhatsApp, Kik or iMessage, and 17% use apps that automatically delete sent messages such as Snapchat or Wickr. Both of these kinds of apps are particularly popular among young adults. Half (49%) of smartphone owners ages 18 to 29 use messaging apps, while 41% use apps that automatically delete sent messages. These apps are free, and when connected to Wi-Fi, they do not use up SMS (Short Messaging Service) or other data. Furthermore, they offer a more private kind of social interaction than traditional social media platforms such as Facebook or Twitter.”


(Related)
Tor Increasingly Used by Malicious Actors: IBM
IBM Security’s X-Force Threat Intelligence report for the third quarter of 2015 reveals that the Tor (The Onion Router) anonymity network is increasingly leveraged for malicious purposes.
The Tor network, created with support from the U.S. government, is often used by journalists, activists, and whistleblowers to protect their identities and their communications. However, the anonymity network is also utilized by intelligence operatives, cybercriminals and other malicious actors.
The use of Tor for malicious purposes has increased over the past period with millions of malicious events originating from Tor exit nodes every year. According to IBM, roughly 180,000 malicious events originated from United States exit nodes between January 1 and May 10, 2015. A large number of malicious events were also traced in this period to exit nodes in the Netherlands (150,000), Romania (80,000), France (60,000), Luxembourg (55,000), and Uruguay (53,000). It’s worth noting that the Netherlands and the United States account for the largest number of exit notes.
The complete IBM X-Force Threat Intelligence report for Q3 2015, which also details ransomware-as-a-service and vulnerability disclosures, is available for download in PDF format.




For all my students.
Participant Questions From the Recent “Internet of Things” Webinar
On July 30th, 2015, we held a free, live webinar on “Managing Data in the Age of the Internet of Things.” If you missed the webinar live, the recorded version is available for online viewing or download the presentation (PDF).




For my 3D printing students. Coming soon to a smartphone near you!
MobileFusion: Research project turns regular mobile phone into 3D scanner
A new Microsoft Research project lets people to create high-quality 3D images in real time, using a regular mobile phone, with about the same effort it takes to snap a picture or capture a video.
"What this system effectively allows us to do is to take something similar to a picture, but it's a full 3D object," said Peter Ondruska, a Ph.D. candidate at Oxford University who worked on the project while he was an intern at Microsoft Research.
The researchers say the system, called MobileFusion, is better than other methods for 3D scanning with a mobile device because it doesn't need any extra hardware, or even an Internet connection, to work. That means scientists in remote locations or hikers deep in the woods can capture their surroundings using a regular cell phone without a Wi-Fi connection.
… The scans are high-quality enough to be used for things like 3D printing and augmented reality video games.
… The researchers will present MobileFusion in early October at the International Symposium on Mixed and Augmented Reality.
… Currently, the researchers are working on making sure the system works with all types of mobile devices, including Windows Phone, Android and iPhone devices. Izadi said they hope to eventually make it available to the general public in some form, but there are no firm plans right now.