Saturday, March 31, 2018

Interesting hack.
https://www.theguardian.com/world/2018/mar/29/millions-of-indian-students-face-resits-after-exams-leak-whatsapp
Millions of Indian students face resits after exams leak
India has vowed to strengthen online security measures after high school exam papers were leaked in advance, forcing millions of students to resit their finals.
The education minister, Prakash Javadekar, said an investigation was under way into how the mathematics and economics papers were accessed and spread via WhatsApp before the exam.
… “For now, we are trying to establish the trail of this leak. Most people we have spoken with only received it on WhatsApp,” said the special commissioner of police, RP Upadhyay.
Cheating in exams is common in India, including paying large bribes to buy test papers, as well as more elaborate ruses. In 2015, hundreds of people were arrested in eastern Bihar state for scaling the walls of schools and providing crib sheets and study materials to their relatives during exams.






Here are the “fixes” Russia must counter. Of course, these fixes haven’t actually been fixed yet.
https://www.securityweek.com/facebook-details-election-security-improvements
Facebook Details Election Security Improvements
While under heavy fire for the user privacy blunder involving U.K. firm Cambridge Analytica, Facebook took its time this week to present some of the steps it is taking to protect elections from abuse and exploitation on its platform.
There are four main election security areas Facebook plans to improve: combating foreign interference, removing fake accounts, increasing ads transparency, and reducing the spread of false news.
According to Alex Stamos, Facebook’s Chief Security Officer, the social platform will focus on tackling four major issues related to fake news, namely the use of false identities, fake audiences, false facts, and false narratives.
[More Detail: https://newsroom.fb.com/news/2018/03/hard-questions-election-security/



(Related) Perhaps this is what frightened Russia?
https://www.theatlantic.com/technology/archive/2018/03/boz-memo/556961/?utm_source=feed
Facebook's Ideological Imperialism
It’s mostly forgotten now, but for a time, expanding the reach of social networks—making Facebook, Twitter, and others like it as large as possible—was an avowed foreign-policy goal of the United States. That is, at least, what the secretary of state said in the early days of this decade, in a speech at the Newseum in Washington, D.C.
“New technologies do not take sides in the struggle for freedom and progress, but the United States does,” Hillary Clinton said. “We stand for a single internet where all of humanity has equal access to knowledge and ideas. And we recognize that the world’s information infrastructure will become what we and others make of it.”
It was a declaration of purpose for the young Obama administration, and Clinton backed it up with money. The State Department would fund social networks around the world, she said, and it would help develop software that dissidents could use to get around online censorship.






Government at work? “Hey! Look! We’re doing something!” Why not just point them to available Apps (some FREE) rather than buy Apps they may not use?
https://www.reuters.com/article/us-usa-cyber-new-york/new-york-offers-free-cyber-security-tools-to-public-to-deter-hackers-idUSKBN1H52XC
New York offers free cyber security tools to public to deter hackers
… The program, dubbed NYC Secure, will launch a free smartphone protection app to warn users when suspicious activity is detected [Then what should they do? Bob] on their devices, New York Mayor Bill de Blasio announced at a news conference.
“New Yorkers aren’t safe online. We can’t wait around for other levels of government to do something about it or the private sector,” New York Mayor Bill de Blasio said.
The program will cost the city about $5 million per year, he said.
… City agencies will also beef up security protection on public Wi-Fi networks by the end of the year to protect residents, workers and visitors.
Those networks will be secured with a tool, dubbed Quad9, that is available to anybody in New York City and beyond at quad9.net Quad9 routes a user's web traffic through servers that identify and block malicious sites and email.






A picture is worth a thousand words.
https://www.entrepreneur.com/article/311308?utm_source=google-news&utm_medium=syndication&utm_campaign=google-editors-pick&google_editors_picks=true
No One Is Safe From the Data Breach Epidemic (Infographic)






Everyone should be interested in this.
https://www.cnbc.com/2018/03/29/how-to-download-a-copy-of-everything-google-knows-about-you.html?__source=google%7Ceditorspicks%7C&par=google&google_editors_picks=true
How to download a copy of everything Google knows about you






Perspective. Not (yet) large enough to carry illegal aliens over President Trump’s wall, but easily able to carry drugs.
Chinese authorities catch suspects who used drones to smuggle $80M worth of iPhones from Hong Kong
iPhones are significantly cheaper in Hong Kong than mainland China, and it’s not unusual to find people smuggling them across the border. But while the record for smuggling them under clothing is around $150k, that’s nothing compared to the $79.8M worth transported with the help of drones …
Reuters reports the find. Rather than fly the actual iPhones by drone, the smugglers used them to carry cables which were then used to pull the iPhones across in bags.
… The gang reportedly operated after midnight, and were able to smuggle as many as 15,000 iPhones in a single night.






Amusing.
https://taskandpurpose.com/star-trek-military-marine-commandant/
Forget ‘The Art of War’: Everything You Need To Know About Military Leadership Is In ‘Star Trek’






A hobby for my students?
How to Build a Cheap Android PC With Inexpensive Parts



Friday, March 30, 2018

That Thing (on the Internet of Things) you are wearing is connected to another thing that just got hacked. (Pretty quick announcement.)
Chloe Aiello reports:
Shares of Under Armour dropped 3.8 percent, before paring losses, after the active-wear company informed users of its online fitness and nutrition website their data had been compromised.
Under Armour announced on Thursday that the breach affected an estimated 150 million users of its food and nutrition application, MyFitnessPal.
The investigation indicates that affected information may include usernames, email addresses, and hashed passwords.
Read more on CNBC.
[From the article:
Under Armour first became aware of a potential breach on March 25, when company discovered an unauthorized party had accessed MyFitnessPal user data in February.




What are they looking for? Could the searches be automated? How will they search 14 million applications otherwise? How do you detect bogus accounts?
U.S. to seek social media usernames and details from all visa applicants
The State Department wants to require all U.S. visa applicants to submit their social media usernames, previous email addresses and phone numbers, vastly expanding the Trump administration's enhanced vetting of potential immigrants and visitors. In documents to be published in Friday's Federal Register, the department said it wants the public to comment on the proposed new requirements, which will affect nearly 15 million foreigners who apply for visas to enter the U.S. each year.
… The new rules would apply to virtually all applicants for immigrant and non-immigrant visas. The department estimates it would affect 710,000 immigrant visa applicants and 14 million non-immigrant visa applicants, including those who want to come to the U.S. for business or education, according to the documents.
The documents were posted on the Federal Register's website on Thursday but the 60-day public comment period won't begin until Friday's edition is published.




Perspective. Will the world change when everyone has access to broadband?
FCC approves SpaceX plan for 4,425-satellite broadband network
SpaceX has a green light from the FCC to launch a network of thousands of satellites blanketing the globe with broadband. And you won’t have too long to wait — on a cosmic scale, anyway. Part of the agreement is that SpaceX launch half of its proposed satellites within six years.
… The proposed service, which will be called Starlink, was opposed by several existing satellite operators like OneWeb and Spire. They’re rightly concerned that another operator in space — especially one that wants to launch thousands of satellites — will crowd both spectrum and orbit.
… SpaceX eventually plans to launch 12,000 of the things, but this authorization is for the high-altitude group of 4,425; a separate authorization is necessary for the remaining number, since they’ll be operating at a different altitude and radio frequency.




For those not lucky enough to be my students…
JSTOR’s free read-only access gets simpler
“JSTOR has made its free read-only access more flexible. Now, anyone with a MyJSTOR account can read up to six journal articles online every 30 days. Designed primarily for people who are not affiliated with an institution, JSTOR’s read-only service offers a way for independent researchers to explore more than 2,000 scholarly journals. Need access? Sign up for a free account.”




For my next spreadsheet class.
Excel is getting smarter
… the Excel team has spent the last few months adding new machine learning-powered features to the application and starting today, Office 365 users who opt in to the Office Insiders program will get to experience the first crop of these new features.
The general idea here is to make Excel smart enough to understand some of your entries and offer you additional information. For now, this applies to geographical data like the names of cities, states and countries (but also Zip codes), as well as stocks.


Thursday, March 29, 2018

I strongly recommend log reviews to my Computer Security students. Why don’t more organizations do regular reviews? As you see here, it works!
March 23, 2018. Salem, OR—The Oregon Department of Revenue has detected a security incident that involved approximately 36,000 individuals with records at the department.
The facts of the incident are summarized below, along with protective measures the department has taken since discovering the incident. The potentially impacted information from the files included data such as names, addresses, and Social Security numbers.
Because the Department of Revenue takes privacy and the confidentiality of taxpayer information seriously, it has strong information technology security processes in place, which enabled the department to quickly detect and contain the incident. The department has no indication that any personal information has been accessed or viewed by an unauthorized person, or used inappropriately. However, it is notifying the public as a precautionary measure.
What happened?
On February 21, 2018, a Department of Revenue employee uploaded work files to a personal cloud storage account. Department of Revenue’s information security staff identified the upload through routine log reviews. When the incident was detected, the employee’s computer was seized and all network accesses and credentials were immediately disabled. The employee was duty stationed at home and placed on paid administrative leave pending conclusion of a conduct investigation.
Department staff immediately launched a security investigation to determine the scope of the incident and the specifics of the information involved. Over the next several days, all files were deleted from the personal account. No evidence exists indicating the information was viewed or accessed by anyone other than department staff.
While all data was successfully retrieved, it took time to thoroughly review the information involved and determine the number of potentially impacted individuals, as there were many duplicate records.
The department is also adding the potentially impacted information into their identity theft risk file. Once added to this file, additional identity validation may be required when filing an Oregon personal income tax return. The department shares this file securely with numerous states’ tax departments to help prevent the information from being used to fraudulently file returns in other states.
So what was the employee doing uploading the data to a personal account? Was this intended wrongdoing or was the employee planning to work on things at home or…? And what did they do with respect to the employee when their investigation was concluded?




The challenges to Computer Security.

The CNN Factor Adds More Complexity to Security Operations

We all know that security teams are drowning in a sea of alerts, largely driven by a defense-in-depth strategy with layers of protection that aren’t integrated and create a massive amount of logs and events. If you need further evidence, Cisco's 2018 Annual Cybersecurity Report (PDF) found that among organizations using 50+ vendors, 55 percent say orchestrating security alerts is very challenging and for those with 21-50 vendors, 43 percent are struggling. The result? On average, 44 percent of alerts are not investigated and of those investigated and deemed legitimate, nearly half (49 percent) go un-remediated!




Coming soon to a city near me? (Why I’m teaching a Software Architecture class.)
One of the Biggest and Most Boring Cyberattacks Against an American City Yet
… In a statement, Atlanta’s mayor, Keisha Lance Bottoms, assured citizens that utility and safety systems, like police and water, are unaffected. She also noted, “This is a massive inconvenience to the city.”
Tell me about it. This is the new, humdrum reality of information-security breaches. When they don’t leak reams of personal information for theft and resale on the black market, they make ordinary life annoying in small but important ways.
Here’s more boring corporate bureaucracy for you: My university uses software made by Oracle and PeopleSoft for accounting and expense management. The system assumes one expense report per trip, which means that now I have to wait until the parking-system website comes back online so I can extract a receipt (for $100 or less) and submit it. Until then, I can’t get reimbursed for the rest of my trip, which totals far more than $100, unless I want to absorb the parking expense in the interest of expediency.
… The City of Atlanta assures its residents that anyone who can’t pay a utility bill won’t be penalized if they cannot access an online system to do so. But those exceptions would also have to be entered into a computer. Someone’s account could be incorrectly marked in arrears, and their water service shut down.
… All of these incidents arise from a slow, steady drip of small changes to the way people store, access, and manage information and services. Contemporary civilization has rebuilt itself atop a lattice of fragile computer systems, all interconnected. The chaos that ensues when these systems fail or get breached is so constant, it feels expected. Almost natural.




Perspective.
Passenger electric cars get all the press, especially when someone launches one into space. But something important is going on in the world of commercial vehicles as well. Last year Tesla announced it would produce an electric long-haul big rig. PepsiCo, Walmart, and UPS promptly committed to buying a few hundred. More recently, UPS made an important announcement about its plans to roll out 50 new midsize electric delivery trucks in Atlanta, Dallas, and Los Angeles.
The headline is that, for the first time, the electric trucks are expected to cost the company no more than regular diesel vehicles. Up-front price is no longer a barrier.
But there’s a second part of the story that’s not being touted enough. These new trucks will create significant additional value for the business in ongoing operational savings, improved routing efficiency, and brand building. In short, the electric vehicles (EVs) are much better than just a break-even proposition. Before explaining how this will play out, some context.




Profound. Even Napoleonic!


Wednesday, March 28, 2018

A relatively small breach, but another “data held ransom” incident.
For those like me who don’t automatically remember different systems: 26 lakh = 2.6 million, and 1 crore = USD $10 million.
Statesman News Service reports:
The billing data of over 26-lakh consumers with the Uttar Haryana Bijli Vitran Nigam (UHBVN), one of the two power discoms in the state, has been stolen and the hackers are demanding Rs. 1 crore in cryptocurrency, Bitcoins.
[…]
Sources said the cyber attack took place after midnight on March 21 with the hackers targeting the billing data of UHBVN consumers. With all billing information hacked, hackers used the UHBVN computer screens to flash the message demanding Rs 1 crore in Bitcoins from the Haryana government to retrieve the data.
Read more on The Statesman.


(Related)
Statistics Say Don't Pay the Ransom; but Cleanup and Recovery Remains Costly
SentinelOne's Global Ransomware Report 2018 (PDF) questioned 500 security and risk professionals (200 in the U.S., and 100 in each of France, Germany and the UK) employed in a range of verticals and different company sizes.
The result provides evidence that paying a ransom is not necessarily a solution to ransomware. Forty-five percent of U.S. companies infected with ransomware paid at least one ransom, but only 26% had their files unlocked. Furthermore, 73% of those firms that paid the ransom were targeted at least once again. Noticeably, while defending against ransomware is a security function, responding to it is a business function: 44% of companies that paid up did so without the involvement or sanction of the IT/security teams.




Something to stir up debate in my Computer Security class.
Tyler Durden writes:
The Cambridge Analytica scandal was never really about Cambridge Analytica.
As we’ve pointed out, neither Facebook nor Cambridge Analytica have been accused of doing anything explicitly illegal (though one could be forgiven for believing they had, based on the number of lawsuits and official investigations that have been announced).
Instead, the backlash to these revelations – which has been justifiably focused on Facebook – is so severe because the public has been forced to confront for the first time something that many had previously written off as an immutable certainty: That Facebook, Google and the rest of the tech behemoths store reams of personal data, essentially logging everything we do.
Read more on ZeroHedge.




Another “thing” on the “Internet of Things” that wants to spy on you.
Joe Cadillic writes:
Cities across America are installing FREE smart parking meters equipped with license plate license plate readers (LPR).
A company called Municipal Parking Service (MPS) has been installing free camera equipped parking meters in Massachusetts, Connecticut, New Jersey, Florida and Canada.
Are MPS’s parking meters really free?
The answer is yes, sort of.
Read more on MassPrivateI.




Suspicions confirmed!
FBI sought iPhone order before exhausting options: U.S. inspector general
The Federal Bureau of Investigation did not exhaust possible solutions to unlock an iPhone connected to a gunman involved in a late-2015 shooting spree before seeking a court order to compel Apple Inc to help access the device, a U.S. Justice Department internal watchdog said on Tuesday.
The conclusion may pose challenges for the Trump administration in possible future litigation to force companies to help crack into encrypted devices.
… The FBI unit chief knew that one of the vendors contacted had almost 90 percent completed a technical solution that would unlock the iPhone, the report said. The Justice Department said at the time it required Apple’s assistance because it lacked other means to access the device.
… Communication failures at the FBI caused some officials to misunderstand the status of its own efforts to open the device, and contributed to delays in seeking help from the FBI unit and the vendor that was ultimately successful, the report said.
“The lack of coordination resulted in a “belatedly-obtained technical solution” that forced the government to withdraw its court filing stating it could not access the iPhone, it added.
The FBI told the inspector general there was no delay in developing the technique that opened the iPhone and that the vendor had proactively notified officials of the cracking method.




Some pros and cons.




Social Media strikes again? I take it ROTC is out of the question. You can’t take a gun safety course or go hunting? Seems really excessive to me.
Two NJ high school students suspended for going to gun range after school
Lacey Township School District in central New Jersey suspended two high school students after Snapchat pictures showed them at a gun range outside of school hours.
Attorney Daniel Schmutter with the Association of New Jersey Rifle and Pistol Clubs said a lawsuit might be pending since the pictures were non-threatening and not alarming in any way. The two students were simply at a gun range after school hours.
Schmutter indicated in a letter to Lacey Township School District that suspending the two students for posting photos off school grounds and unrelated to school activities was a “very serious violation” of the their rights, according to Patch.com.
… Lacey Township School District follows the Safe Schools Initiative and the Zero Tolerance for Guns Act. Their own policy enforces zero-tolerance policy for any students who have weapons in their possession, on or off school grounds, according to Patch.com.
… The students could face a possible one-year suspension, according to Schmutter.




Perspective. It’s clear which side he’s on! (But some ‘worth reading’ analysis.)
Insanity Wins As Appeals Court Overturns Google's Fair Use Victory For Java APIs
Oh, CAFC. The Court of Appeals for the Federal Circuit has spent decades fucking up patent law, and now they're doing their damndest to fuck up copyright law as well. In case you'd forgotten, the big case between Oracle and Google over whether or not Google infringed on Oracle's copyrights is still going on – and it appears it will still be going on for quite a while longer, as CAFC this morning came down with a laughably stupid opinion, overturning the district court's jury verdict, which had said that Google's use of a few parts of Java's API was protected by fair use. That jury verdict was kind of silly in the first place, because the whole trial (the second one in the case) made little sense, as basically everyone outside of Oracle and the CAFC had previously understood (correctly) that APIs are simply not covered by copyright.




Perspective. “Damn the facts, full speed ahead?”
Trump hates Amazon, not Facebook
  • Trump tells people Amazon has gotten a free ride from taxpayers and cushy treatment from the U.S. Postal Service.
  • “The whole post office thing, that's very much a perception he has,” another source said. “It's been explained to him in multiple meetings that his perception is inaccurate and that the post office actually makes a ton of money from Amazon."




Not sure if we have an Apple ID. Should we get one?
Apple has shared during its education event in Chicago today that student accounts through schools will now get 200GB of iCloud storage for free.
A considerable bump from the current 5GB of free iCloud storage, Apple will be giving the 200GB allotment to every student with a managed Apple ID.
Keep in mind this won’t work like the Apple Music student discount, where any student with a .edu is eligible. The updated 200GB plans are only for students with school provided Apple IDs.




Now that’s big!
This Giant Infographic Has 140+ Facts On The Scale Of Amazon


Tuesday, March 27, 2018

Everyone wants to pile on poor Mark Zuckerberg. Anyone have a practical solution in mind?
FTC to Probe Facebook Over Privacy Practices
The Federal Trade Commission (FTC) confirmed news reports from last week that it had opened an inquiry over the harvesting of data on tens of millions of Facebook users by the British consulting group Cambridge Analytica.
… Acting FTC consumer protection chief Tom Pahl said the agency will look into whether Facebook violated its privacy promises or failed to comply with the US-EU agreement on data protection known as the Privacy Shield.
The agency also will also determine if Facebook engaged "in unfair acts that cause substantial injury to consumers in violation of the FTC Act."
Separately, Senate Judiciary Committee chairman Charles Grassley said he had asked Facebook CEO Mark Zuckerberg to appear at a hearing on April 10 "to discuss Facebook's past and future policies regarding the protection and monitoring of consumer data."
Grassley said he also invited Google CEO Sundar Pichai and Twitter CEO Jack Dorsey "to discuss the future of data privacy in the social media industry."


(Related)
Mark Zuckerberg refused to explain Facebook's data scandal to British politicians — and wants to put senior execs in the firing line instead




For my Software Architecture students. Design a better digital instrument panel.
In Car Makers’ Digital Dash, Little Room for Error
Luxury cars are shedding the knobs, needles and dials once needed to control the cabin, opting instead for digital dashboards. But the software that now runs everything from speedometers to climate controls can prove buggy, causing car buyers to rethink just how modern they want their cars to be.
Car companies that typically charge a hefty premium have issued recalls to fix various glitches, and regulators now pinpoint software problems as being responsible for an increasing number of malfunctions.




Now this is an interesting article that I completely disagree with. Kind of like saying Drug Dealers are a utility? I can see the failure of Water, Gas, Electricity or Banking causing massive disruption, but Social Media? I might even agree that the Internet is rather important. Sometimes Social media acts like they believe this.
The Social Utility | Social Media
If you study economic cycles, you can watch the evolution of a disruptive technology throughout its lifecycle, from a specific product to a competitive industry. The last phase in the evolutionary chain is the formation of a utility.
For example, over a couple of centuries we've seen the evolution of electricity from a curiosity, to a business, to a group of public companies. Along the way there were the inevitable mergers and acquisitions to enable a winnowing field of competitors to achieve the scale needed to compete in very large markets.
It wasn't just the electric industry that went through an evolution. The oil, gas and coal industries did the same. Banking is in a similar position. In fact, any industry that attracts the term "too big to fail" is showing signs of utility status.
When your business becomes so big that it affects large segments of society, it can't be allowed to fail lest it crater the economy or cause massive disruption that would injure many people. At that point, government has a compelling interest in preventing failure -- and along with that, an interest in regulating the riskiest corporate behaviors.
The latest example to hit the radar might be social media, which has completed many steps of the lifecycle with blistering speed in just over a decade. This speed notwithstanding, we are now at a point where what happens in social media affects all of us.




For the next time I teach Statistics.
New on LLRX – Statistics Resources and Big Data 2018
Via LLRXStatistics Resources and Big Data 2018Marcus Zillman’s new guide is a comprehensive resource for all researchers who require access to reliable and accurate publicly available statistics and big data sets that address diverse and timely subject matter. The resources included in this guide are developed and maintained by a range of organizations, including: academic and scholarly sources, the federal government, the corporate and business sectors, open source contributions, advocacy groups, NGOs and IGOs.




Is this why my students are surfing the Internet as I lecture?


Monday, March 26, 2018

What? You expect government to do its job? How silly of you! On the other hand, I’m not sure this would have changed anything.
Commentary – How the FTC Could Have Prevented the Facebook Mess
Techonomy Exclusive – Marc Rotenberg: “Here comes an understatement: Facebook’s failure to protect user data was well known before the company suspended dealings with Cambridge Analytica last week. What is not well known is that the transfer of 50 million user records to the controversial data mining and political consulting firm could have been avoided if the Federal Trade Commission had done its job. The FTC issued a 2011 consent order against Facebook to protect the privacy of user data. If it had been enforced, there would be no story. Facebook bears responsibility too, because it actively worked to avoid compliance. Perhaps if the government and company had done their jobs, we would have seen a different outcome in the 2016 election. [Wow! That’s a reach. Bob] Back in 2009, the Electronic Privacy Information Center (EPIC), which I head, and a coalition of consumer organizations filed a complaint with the Federal Trade Commission. It alleged that Facebook was overriding user settings and allowing third parties to obtain users’ private information without their consent. We had conducted extensive research, documented the problem of Facebook’s changing privacy settings, and turned to the FTC to seek a legal order. The Federal Trade Commission launched an investigation, and in a comprehensive settlement with the company in 2011, made clear that it agreed with us. As the FTC said at the time, “Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming or get their approval in advance.” Also, from the 2011 settlement: “Facebook represented that third-party apps that users installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.” Much of this was in our original complaint…”


(Related) Was Facebook ignorant or did they think no one would notice?
South Korea fines Facebook $369K for slowing user internet connections
… The Korea Communications Commission (KCC) began investigating Facebook last May and found that the company had illegally limited user access, as reported by ABC News. Local South Korean laws prohibit internet services from rerouting users’ connections to networks in Hong Kong and US instead of local ISPs without notifying those users. In a few cases, such rerouting slowed down users’ connections by as much as 4.5 times.
… “Facebook did not actively look into the complaints from local telecoms service providers that users are complaining about slower connections and, as a result, its service quality was not maintained at an appropriate level,” KCC said in a statement, adding that Facebook restored connections last autumn after its rerouting methods became public knowledge in South Korea.




Toward a complete “citizen dossier?”
Shoshanna Solomon reports:
The Israeli government on Sunday approved a National Digital Health plan, which, despite mounting privacy concerns, plans to create a digital database of the medical files of some 9 million residents and make them available to researchers and enterprises.
The government has vowed to protect the privacy of individuals and is touting the NIS 1 billion ($287 million) program as a huge boon to the medical research industry. But critics pointed to risks of a massive breach in patient confidentiality and urged the government to slow down.
Read more on Times of Israel. This is intended to be a major boost to the Israel economy.
Given that a database with almost the entire population’s details (the Agron Program) had been compromised years ago and was shared, is it only a matter of time until this database can be linked to the other one? Even if this new one requires consent, I can see why people have concerns about privacy issues.




We haven’t heard from Kim in a while. I think he may be a bit optimistic thinking his extradition worries are over, but clearly he was right about the violation of his rights. I doubt they’ll give back everything they took from him. (The Crown was ordered to pay him only $90,000 in damages.)
Newshub reports:
The Human Rights Tribunal has ruled that the Attorney-General broke the law by withholding information from Kim Dotcom, which he says means his extradition case is “over”.
In July 2015, Mr Dotcom sent an urgent information privacy request to all 28 Ministers of the Crown as well as almost all Government departments, asking for personal information they had on him, including under his previous names.
Read more on Newshub. Dotcom then called for the resignation of the Privacy Commissioner of New Zealand:
I call for the immediate resignation of the Privacy Commissioner of New Zealand for his complicity with the former Attorney General and Crown Law in unlawfully withholding information that New Zealanders were legally entitled to.




You never know when you might want to quote one of these.
Historical Supreme Court Cases Now Online on loc.gov
Historical Supreme Court Cases Now Online – More Than 35,000 Decisions Now Available, Searchable on loc.gov: “More than 225 years of Supreme Court decisions acquired by the Library of Congress are now publicly available online – free to access in a page image format for the first time. The Library has made available more than 35,000 cases that were published in the printed bound editions of United States Reports (U.S. Reports). United States Reports is a series of bound case reporters that are the official reports of decisions for the United States Supreme Court dating to the court’s first decision in 1791 and to earlier courts that preceded the Supreme Court in the colonial era. The Library’s new online collection offers access to individual cases published in volumes 1-542 of the bound edition. This collection of Supreme Court cases is fully searchable. Filters allow users to narrow their searches by date, name of the justice authoring the opinion, subject and by the main legal concepts at issue in each case. PDF versions of individual cases can be viewed and downloaded. The collection is online at loc.gov/collections/united-states-reports/.
The acquisition is part of the Law Library’s transition to a digital future and in support of its efforts to make historical U.S. public domain legal materials freely and easily available to Congress and the world. Users can access this collection from a link on loc.gov and law.gov. More recent editions of the U.S. Reports from 1987 to the present are available online from the U.S. Supreme Court.”




For the correlation lecture in my next Statistic class.
Research – The surprising link between your birthday and place of birth in one heat map
Data Driven Journalism: “…Take a look at [the heat map in this article], created by the team at Visme. Based on the most recent UN data on live births, it clearly shows that there is a rather surprising and unexpected correlation between three different variables: the top birth months, seasons of the year and the latitude of the country (distance from the equator)… After looking at this data visualization carefully, did you notice that the top birth months for most northern hemisphere countries are July, August and September? And did you notice that the lower you go down the list, the farther right the top birth months appear, eventually spilling over into the first months of the year? While the majority of the middle-latitude (or tropical) countries register September and October as their top birth months, Southern hemisphere countries such as Uruguay register their top birth months at the start of the year…” [Facebook may already know all this, but….]


Sunday, March 25, 2018

Another breach of a national ID system and another case of “shoot the messenger?”
A new data leak hits Aadhaar, India's national ID database
… A data leak on a system run by a state-owned utility company Indane allowed anyone to download private information on all Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and information about services they are connected to, such as their bank details and other private information.
… Yet the Indian authorities did nothing for weeks to fix the flaw. ZDNet spent more than a month trying to contact the Indian authorities, but nobody responded to our repeated emails.
We later contacted the Indian Consulate in New York and alerted Devi Prasad Misra, consul for trade and customs. Over two weeks, this issue was explained in detail, and we responded to many follow-up questions. A week passed, and the vulnerability was still not fixed. At the start of this week, we told the consul that we would publish our story on Friday and requested comment from the Indian government.
The consul did not respond to that last email. At the time of publishing, the affected system was still online and vulnerable – but, within hours after our story posted, the affected endpoint was pulled offline.


(Related)
Aadhaar biometric information not breached: UIDAI
A report in American tech website ZDNet has claimed a breach in the firewall of an unnamed state-owned utility that uses Aadhaar for authenticating users of its services. The Unique Identification Authority of India (UIDAI) dismissed the ZDNet claims as “baseless and irresponsible”, asserting that Aadhaar details “remain safe and secure”. “There is no truth in the story as there has been absolutely no breach of UIDAI’s Aadhar database,” it said.
… It said it is contemplating legal action.




Designed to fail?
Max Dible reports:
Marquis ID Systems, which issues state driver’s licenses and ID cards, reported Thursday that a system crash in September resulted in the loss of scans of sensitive personal documents that might prove irretrievable.
The “multiple hard disk crash,” as Marquis described it, coincided with a failure of the company’s backup system and affects roughly 66,500 Hawaii residents.
Read more on Hawaii Tribune-Herald.




Interesting recommendation, only use part of Zanifesto.
Zanifesto - Nice Infographic Design Templates
A couple of weeks ago I shared the Cool Infographics list of tools for making infographics. In that list of tools I found a new-to-me tool called Zanifesto.
Zanifesto is a free infographic creation tool. I tried it out this week to see if I could make a good looking infographic. I almost successful in that endeavor. Zanifesto has excellent templates for making infographics. The shortcoming of the service is that it wasn't all that easy to edit the templates. For example, in the template that I selected there was one element that I wanted to resize and slightly shift its position. That seems like it should be easy, but after many tries I got frustrated and just deleted it altogether. Changing fonts was almost as frustrating.
If you're looking for inspiration for an infographic, Zanifesto is useful for that purpose. I would look at the templates for inspiration and then use something else like Canva or even Google Drawings to make my infographic.