Governments can make glaciers look speedy.
Rep. Will Hurd writes that Congress and officials
still don’t have answers about the discovery in December by
software developer Juniper Networks of a backdoor in its ScreenOS
software that could have allowed foreign entities to decrypt and read
government communications. The backdoor is thought to have been
inserted in 2013. And while the OPM breach garnered massive public
and media attention, less attention has been paid to this breach.
The federal government has yet to determine which agencies are using the affected software or if any agencies have used the patch to close the backdoor. Without a complete inventory of compromised systems, lawmakers are unable to determine what adversaries stole or could have stolen.
If government systems have yet to be fixed then adversaries could still be stealing sensitive information crucial to national security. The Department of Homeland Security is furiously working to determine the extent to which the federal government used ScreenOS. But Congress still doesn’t know the basic details of the breach.
Read more on WSJ.
Hurd, who is one of Congress’s few members who
“gets” the nerdy stuff, points out that this
situation is a good example of why any backdoor that puts a hole in
encryption is a bad idea.
Might make an interesting case study.
Adrianne M. Haney reports:
The now-former state employee who was fired after a data breach exposed Georgia voter’s personal information is disputing, in detail, the Secretary of State’s internal investigation report that pinned blame on him.
Read more on 11Alive.
For my Computer Security students.
The 3
People Most Likely to Hack Your Data & Privacy
… Mikko Hypponen is a well-known security
expert who has been giving security-related talks and advice for
several years now, and in this relatively short TED Talk, he explores
the most common types of online attacks:
For my Ethical Hacking students.
Free eBook:
Kali Linux Cookbook ($24 Value)
… Well, are you familiar with Kali Linux?
It’s all about penetration testing and ethical hacking. It can do
some pretty amazing things, but you need to learn how to use it.
… you can get it for free until February 3rd!
Drugs (and devices like pacemakers) become
“Things” on the Internet of Things.
John Miller reports:
Novartis wants every puff of its emphysema drug Onbrez to go into the cloud.
The Swiss drugmaker has teamed up with U.S. technology firm Qualcomm to develop an internet-connected inhaler that can send information about how often it is used to remote computer servers known as the cloud.
This kind of new medical technology is designed to allow patients to keep track of their drug usage on their smartphones or tablets and for their doctors to instantly access the data over the web to monitor their condition.
Read more on Reuters.
Go Canada?
Davis Fraser writes on Canadian
Privacy Law Blog:
For anyone who was wondering: the
arc of the common law is long and it bends towards privacy. [???
Bob] The Ontario Superior Court of Justice has this past
week expressly recognized the tort of “public disclosure of private
facts”.
This is a huge deal, as it explicitly expands the
scope of privacy protection under the common law and stands as an
example of how the traditional courts (and perhaps new-ish torts) can
be called upon to help victims of cyberbullying.
Arising from a horrific case of revenge porn where
the defendant had uploaded to the internet an explicit sexual video
of the plaintiff, the Court in Doe
v D., 2016 ONSC 541 (CanLII) [Edit: this link should work soon
…], said this about the ability to sue for invasion of privacy:
C. Invasion of Privacy[34] In Jones v. Tsige, 2012 ONCA 32 (CanLII), the Court of Appeal for Ontario recognized the existence of the tort of invasion of privacy in the context of intrusion upon seclusion. In that case, the Court found that the defendant had committed the tort of intrusion upon seclusion when she used her position as bank employee to repeatedly examine private banking records of her spouse’s ex-wife. While that case dealt with a significantly different fact situation, many of the Court’s comments are germane to this case, and I will therefore refer extensively to that decision.
[Skipping a lot here… Bob]
The Court commented that if the plaintiff in Jones had a right of action, it fell into the first category of intrusion upon seclusion, described by Prosser as comprised of the following elements:
• there must be something in the nature of prying or intrusion;
• the intrusion must be something which would be offensive or objectionable to a reasonable person;
• the thing into which there is prying or intrusion must be, and be entitled to be, private; and
• the interest protected by this branch of the tort is primarily a mental one. It has been useful chiefly to fill in the gaps left by trespass, nuisance, the intentional infliction of mental distress, and whatever remedies there may be for the invasion of constitutional rights.
[Skipping a lot here too… Bob]
[41] While the facts of this case bear some of the hallmarks of the tort of “intrusion upon seclusion”, they more closely fall within Prosser’s second category: “Public disclosure of embarrassing private facts about the plaintiff.” That category is described by the [Restatement (Second) of Torts (2010) at 652D as follows: “One who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that (a) would be highly offensive to a reasonable person, and (b) is not of legitimate concern to the public.”
[And here… Bob]
[47] In the present case the defendant posted on the Internet a privately-shared and highly personal intimate video recording of the plaintiff . I find that in doing so he made public an aspect of the plaintiff’s private life. I further find that a reasonable person would find such activity, involving unauthorized public disclosure of such a video, to be highly offensive. It is readily apparent that there was no legitimate public concern in him doing so.
[48] I therefore conclude that this cause of action is made out.
The Canadian Privacy Law Blog is licensed under
a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.
...and there is nothing you can do about it!
An
Unprecedented Threat to Privacy
Throughout the United States—outside private
houses, apartment complexes, shopping centers, and businesses with
large employee parking lots—a private corporation, Vigilant
Solutions, is taking photos of cars and trucks with its vast network
of unobtrusive cameras. It retains location data on each of those
pictures, and sells it.
It’s happening right now in nearly every major
American city.
The company has taken roughly 2.2 billion
license-plate photos to date. Each month, it captures and
permanently stores about 80 million additional geotagged images.
… The company counts 3,000 law-enforcement
agencies among its clients. Thirty thousand police officers have
access to its database.
… Supreme Court jurisprudence on GPS tracking
suggests that repeatedly collecting data “at a moment in time”
until you’ve built a police database of 2.2 billion such moments is
akin to building a mosaic of information so complete and intrusive
that it may violate the Constitutional rights of those subject to it.
The company dismisses the notion that advancing
technology changes the privacy calculus in kind, not just degree. An
executive told
the Washington Post that its approach “basically replaces
an old analog function—your eyeballs,” adding, “It’s the same
thing as a guy holding his head out the window, looking down the
block, and writing license-plate numbers down and comparing them
against a list.
Monitoring employees, or contractors, or whatever
they are…
… The company’s chief security officer, Joe
Sullivan, wrote
in a blog post that the Uber can use the sensors in smartphones
used by its drivers to verify customer feedback.
“If
a rider complains that a driver accelerated too fast and broke too
hard, we can review that trip using data,” Sullivan wrote. “If
the feedback is accurate, then we can get in touch with the driver.
And if it’s not, we could use the information to make sure a
driver’s rating isn’t affected.”
According to the Guardian, which was the
first to report on the existence of the pilot program, the test
started late last year in Houston. The newspaper reported that
drivers are not explicitly told that the data is being recorded.
Does every new technology require us to start from
scratch? If we use it to communicate, then it is communications
technology, be it email, Twitter, YikYak or Slack.
Are Slack
Messages Subject to FOIA Requests?
… According
to Slack CEO Stewart Butterfield, the General Services
Administration, NASA, and the State Department are all experimenting
with using Slack for internal communication.
The move is a potential boon to government
productivity (notwithstanding the tide of emoji it will likely bring
into the work lives of our nation’s public servants). But it could
also be a threat to a vital tool for government accountability.
… Slack, for its part, is trying to make it
easier for organizations to comply with strict document-retention
requirements. Usually, the lead user of a group that uses Slack is
allowed to export a transcript of all messages sent and received in
public channels and groups. But a change the company made in 2014
allows organizations to apply for a special exemption that allows
them to export every message sent and received by team
members—including one-on-one messages and those sent in private
groups.
What did they buy? Is this a permanent win or
only until the next lawsuit. (What happens if Uber loses their
case?)
Lyft
settles worker misclassification lawsuit for $12.25 million
… As part of the settlement, the San Francisco
company will change its terms of service so that its treatment of
drivers clearly complies with California law governing independent
contractors.
… The news of the settlement comes as rival
Uber continues its fight against a similar lawsuit in federal court
in San Francisco, also filed by Liss-Riordan. Unlike the Lyft case,
Uber
is fighting a class action lawsuit that is expected to go to
trial before a jury on June 20.
The lawsuit against Lyft, which was filed in 2013,
was not a class action because of an arbitration clause in the
company’s driver agreements that prevented Lyft drivers from
participating in a class action.
… Although it was a California lawsuit, the
new terms of service will apply to drivers nationwide. As of the end
of last year, Lyft had more than 300,000 drivers actively using its
platform.
In settling, Lyft may have avoided a more costly
lawsuit.
If the company had lost in court, it would have
had to recognize its drivers as employees, potentially putting it on
the hook for back wages and expense reimbursements. According to
labor experts, recognizing workers as employees can increase the cost
of doing business by about 30%.
Perspective. Do more teens have smartphones than
credit cards?
New Chase
eATMs Will Use Smartphone App Instead Of Debit Or Credit Card
… JPMorgan Chase is ready to roll out the next
generation of ATMs across the country, where customers can access
their money directly using their smartphones as opposed to plastic
debit or credit cards.
Perspective. (Just one company)
The world's
biggest advertising company spent a whopping $4 billion with Google
last year — and $1 billion with Facebook
Here are the figures, for 2015:
Google: $4 billion (up
38%, from $2.9 billion in 2014)
Facebook: $1 billion (up 56%, from $640 million in
2014)
Yahoo: $400 million to $430 million (flat or
slightly up on $400 million in 2014)
AOL: $100 million to $125 million (flat or slightly
up on $100 million in 2014)
Twitter: $150 million to $225 million (flat or
slightly up on $150 million in 2014)
Because if you're going to records it, you might
as well broadcast it at the same time?
GoPro Inc
(GPRO) Integrating With Periscope to Livestream User Video
… Live video feeds will be broadcast to the
video app, and only video coming from the Hero4 Black and Hero4
Silver will be livestreamed. Older GoPro devices and the Hero4
Session won’t be able to broadcast live. Any livestreaming on
GoPro will continue recording in full-quality mode and saved to the
local SD card during the broadcast.
The update to Periscope’s iOS app is available
now. The app will also allow you to switch between your iPhone
camera and the GoPro throughout the stream.
For my student entrepreneurs.
How to
Choose the Right Crowdfunding Model for Your Business
What kind of crowdfunding model is right for you?
It depends on the life cycle of your business, according to Sally
Outlaw, founder of crowdfunding consulting company Peerbackers.com.
“If your idea is on a napkin, you’re probably
not going to do equity-based crowdfunding -- because you’re going
to be giving up shares of a company that you don’t even have or
know how to value,” said Outlaw at Entrepreneur’s
inaugural Entrepreneur
360 conference last fall in New York City.
While most businesses should look to rewards-based
crowdfunding in order to first launch, Outlaw believes that it’s
possible to raise money throughout your company’s entire life cycle
while remaining within the crowdfunding ecosystem. “You can go
from $0 to $50 million right now in a raise,” she says.
Check out more in the video above.
For my SfiFi reading students.
10 of the
Best Science Fiction Books All Geeks Should Read
Just for fun, I'm asking my students what other
flavors could be created.
Ben &
Jerry's Cofounder Unveils Bernie Sanders Ice Cream
Ben Cohen, the cofounder of the Vermont-based ice
cream brand Ben & Jerry's, is showing his personal support for
Democratic presidential candidate Bernie Sanders with an extremely
limited-edition ice cream flavor he named "Bernie's Yearning."
No comments:
Post a Comment