Previous month:
May 2016
Next month:
July 2016

15 posts from June 2016

Data Breach Of Online Database Affects 154 Million U.S. Voters

An online database of voter profiles about 154 million Americans suffered a data breach. A security researcher discovered the unprotected online database. HelpNetSecurity reported:

"It was a CouchDB database that required no authentication to be accessed, hosted on Google’s Cloud services. Luckily, an ID associated with each record pointed [the security researcher] in the right direction regarding the owner of the data... the data was originally collected by a data brokerage company named L2... The client told us that they were hacked, the firewall was taken down and then the probing began..."

The voter profiles include full names, addresses, phone numbers, age, gender, marital status, estimated income, political party, congressional district affiliation, state senate district affiliation, and more:

"Some of the records also contained information about the voters’ marital status, whether they had children or owned a gun, their stance on gay marriage, the language(s) they speak, and their email address."

This is the type of information a political party would collect. The report did not state which political organization. The security researcher also discovered that the unprotected online database was accessed by others, including a user in Europe. The database is no longer online.

The report did not state who would notify affected persons, or when this might happen.


Data Breaches At Maryland Parking Garages Affect Thousands

Data breaches at three parking garages in downtown Annapolis, Maryland habe put the sensitive personal and payment data of thousands of consumers at risk. WJZ, the CBS affiliate in Annapolis, reported a:

"... preliminary investigation shows that the breach took place from December 23, 2015 to June 11, 2016 — nearly six months — at the Noah Hill, Gott’s Court and Knighton garages... The breach affects drivers who used the daily parking option, not those who have monthly plans or residents."

After learning about the breach, the city switched to cash-only payments. While the city responded quickly, questions remain. The news report did not mention when and how affected persons would be notified of the breach. A brief scan on Monday of the Annapolis Parking website didn't not find any breach notices. Consumers need to be notified promptly.

Also, the nature of the breach suggests that the payment terminals were compromised. Many consumers are probably thinking: I don't live in nor visit Annapolis, so no problem.

Well, big problem. We all visit and park our vehicles at downtown city locations. Some people visit more often than others. You don't have to look far to find breaches at parking garages in Chicago, Cleveland, and at this parking vendor which serves several cities.

This Annapolis parking-garage breach is a reminder of the vulnerability of payment terminals at all parking garages. Like the pumps at gas stations, parking garages have free-standing payment terminals that are unattended for long periods of time. This creates an opportunity for criminals to tamper with the terminals, and install skimming devices either inside or on the exterior of terminals. It is a popular tactic by criminals on both ATM machines and gas stations.

So, when you pay using a debit- or credit card at a parking garage, you are betting that the garage operator regularly inspects their payment terminals for skimming devices, and adequately protects their computer systems from hacks and malware.


Senate Narrowly Rejected Bill To Expand Government Surveillance

While consumers may have been distracted with votes in the U.S. Senate about gun reform or the sit-in within the U.S. House, a key vote also happened last week regarding government surveillance. The U.S. Senate narrowly voted down a bill to grant expanded surveillance powers to the Federal Bureau of Investigation.

According to Reuters, the legislation sought to:

"... broaden the type of telephone and internet records the FBI could request from companies such as the Google unit of Alphabet Inc and Verizon Communications Inc without a warrant... filed as an amendment to a criminal justice funding bill, would widen the FBI’s authority to use so-called National Security Letters, which do not require a warrant and whose very existence is usually a secret. Such letters can compel a company to hand over a user's phone billing records. Under the Senate's change, the FBI would be able to demand electronic communications transaction records such as time stamps of emails and the emails' senders and recipients, in addition to some information about websites a person visits and social media log-in data. It would not enable the FBI to use national security letters to obtain the actual content of electronic communications."

Perhaps, more importantly the bill would have made:

"... permanent a provision of the USA Patriot Act that lets the intelligence community conduct surveillance on “lone wolf” suspects who do not have confirmed ties to a foreign terrorist group. That provision, which the Justice Department said last year had never been used, expires in December 2019."

Senate Amendment 4787 was introduced by Senators John McCain and Richard Burr. It failed by two votes: 58-38. Before the vote on Wednesday, Senator Ron Wyden (Dem.-Oregon) had warned:

"If this proposal passes, FBI agents will be able to demand the records of what websites you look at online, who you email and chat with, and your text message logs, with no judicial oversight whatsoever. The reality is the FBI already has the power to demand these electronic records with a court order under the Patriot Act. In emergencies the FBI can even obtain the records right away and go to a judge after the fact. This isn’t about giving law-enforcement new tools, it’s about the FBI not wanting to do paperwork.”

Yep. That rejected bill sounds like an erosion of privacy rights. Senate Majority Leader Mitch McConnell (Rep.-Kentucky) has already filed a motion to reconsider the amendment.


2 Key Features Highlight Privacy By Design In Apple iOS 10. Will Other Companies Follow?

Apple Inc. logo Last week, Apple Computer announced both separately and at the Worldwide Developers Conference (WWDC) many new features in iOS 10. You can read about the new features in several computing and technology publications. Today's blog post focuses upon two features with far-reaching implications: On-device Intelligence and Differential Privacy (DP). Apple said in its announcement:

"Privacy in iOS 10
Security and privacy are fundamental to the design of Apple hardware, software and services. iMessage, FaceTime and HomeKit use end-to-end encryption to protect your data by making it unreadable by Apple and others. iOS 10 uses on-device intelligence to identify the people, objects and scenes in Photos, and power QuickType suggestions. Services like Siri, Maps and News send data to Apple’s servers, but this data is not used to build user profiles.

Starting with iOS 10, Apple is using technology called Differential Privacy to help discover the usage patterns of a large number of users without compromising individual privacy. In iOS 10, this technology will help improve QuickType and emoji suggestions, Spotlight deep link suggestions and Lookup Hints in Notes."

This is great news. The Cryptography Engineering blog briefly discussed Differential Privacy and what's known from the iOS 10 Preview Guide:

"Starting with iOS 10, Apple is using Differential Privacy technology to help discover the usage patterns of a large number of users without compromising individual privacy. To obscure an individual’s identity, Differential Privacy adds mathematical noise to a small sample of the individual’s usage pattern. As more people share the same pattern, general patterns begin to emerge, which can inform and enhance the user experience. In iOS 10, this technology will help improve QuickType and emoji suggestions, Spotlight deep link suggestions and Lookup Hints in Notes"

The Naked Security blog by Sophos reported:

"At WWDC, Apple’s Craig Federighi said Apple can offer “great features and great privacy” through differential privacy. Differential privacy is actually statistical analysis that protects individual privacy, rather than a single technology. In its implementation, Apple will protect obscure data with multiple techniques, including hashing (turning data into unreadable characters), subsampling (using data from only a portion of users) and noise injection (adding random data to obscure real data). Apple gave one of the most influential researchers in the field of differential privacy, Aaron Roth, a chance to review some of the math involved in its implementation, quoting Roth at WWDC as saying Apple is a “clear privacy leader among technology companies today.” But not everyone is fully convinced that Apple can pull off the promise of differential privacy, at least not right away..."

The Naked Security blog also discussed On-Device Intelligence:

"Instead of sending your data to Apple to create a personal profile of you with your information, Apple says the new versions of its operating systems – iOS 10 and the replacement for OS X, called macOS – will use on-device intelligence and “crowdsourced learning.” This means iPhones running iOS 10 can personalize your apps – like identify the people and objects in Photos, or serve you more relevant information in Maps and News – without sucking your data up to Apple’s servers."

Good! There are better, more privacy-friendly ways of delivering features. After reading this, I thought of Apple's privacy fight against the FBI'. The FBI had sued Apple to force it to build a back door to unlock a user's iPhone; and bypass security features the company spent years building. On-Device Intelligence means less information transmitted to and stored in the cloud and at remote corporate servers -- a good thing for users' privacy. That suggests a right way -- more privacy friendly way -- to build and deliver the features consumers want and expect. Plus, iOS 10's end-to-end encryption in iMessage, FaceTime and HomeKit all complement this security and privacy focus.

The marketplace is full of home automation, toys, smart products, appliances, thermostats, cable services, and music subscription offerings; many of which include voice interfaces and other features that happily send lots of consumers' information to the cloud. Most companies seem to chase and collect consumers' personal data. Kudos to Apple for placing its customers' privacy first.

You may remember this Reuters news item from March:

"Unlike Google, Amazon, and Facebook, Apple is loathe to use customer data to deliver targeted advertising or personalized recommendations. Indeed, any collection of Apple customer data requires sign-off from a committee of three "privacy czars" and a top executive, according to four former employees who worked on a variety of products that went through privacy vetting.

Approval is anything but automatic: products including the Siri voice-command feature and the recently scaled-back iAd advertising network were restricted over privacy concerns, these people said."

So, Apple isn't just talking security. The executives at Apple have aligned internal management processes, products, and service features all with security and privacy by design. Impressive. Apple is leaving money on the table by keeping consumers' privacy foremost. Will other tech companies follow? Will pay-TV, wireless, telecommunications, and mobile app companies focus upon privacy-by-design? Will toy companies follow and do voice interfaces the right way?

Thoughts? Comments?


Benefits of Municipal Broadband Service

Andy Berke, the Mayor of Chattanooga (Tennessee) recently shared the benefits his city enjoys from municipal broadband services. The Tennessean reported:

"A pioneer in municipal broadband, Chattanooga developed its fiber network in 2010 with $330 million, paid for with $105 million in federal funds and the rest from bonds. The high-speed access led to direct and indirect economic gains and has been profitable."

Municipal broadband, a/k/a community broadband, is an affordable high-speed Internet Service Provider (ISP) built by the city, town, or municipality. It paid the cost to install fiber-optic cables to every home, not only to luxury buildings or select high-rise offices. A public-private partnership or third party may operate the network. Every resident and business that wants municipal broadband can sign up and easily get it; just like water, electricity, and gas services. Residents use municipal broadband for entertainment, education and online classes, remote work and tele-commuting, video conferencing, home-based businesses, new business startups, and more.

Mayor Berke listed the benefits Chattanooga enjoys:

"In the past three years, the city’s unemployment rate has dropped to 4.1 percent from 7.8 percent and the wage rate has also been climbing. Volkswagen’s presence has boosted the manufacturing sector and 10-gigabit speed internet has fueled wage growth, Berke said, speaking at Fiber to the Home Council Americas conference at Gaylord Opryland Resort & Convention Center... “It changed our conceptions of who we are and what is possible,” Berke said... Downtown has doubled its residents and landlords often advertise gigabit speeds that are included in monthly rents... "

Other towns in Tennessee have installed municipal broadband services, including Tullahoma and Clarksville. How fast is 10 gigabits? It is the fastest service available. Some math:

1.0 gigabit = 1.0 Gb = 1,024 X 1,024 X 1,024 bits = 1,073,741,824 bits
10 Gb = 10 X 1,073,741,824 bits = 10,737,418,240 bits
And 1 byte = 8 bits. So:
10 Gb / 8 = 1,342,177,280 bytes
And 1.0 megabyte = 1.0 MB = 1,000 kilobytes
And 1.0 kilobyte - 1.0 kb = 1,000 bytes. So:
1,342,177,280 bytes / 1,000,000 = 1,342 MB

The bottom line: 10-gigabits is a far, far faster than the 25-, 50-, or 100 MB broadband speed you're probably getting from your current Internet Service provider (ISP). Electric Power Board (EPB) provides the municipal broadband service in Chattanooga. Besides the blazing 10 gigabit speed, it also offers slower speeds:

EPB brodabnad prices. Chattanooga, Tennessee. Click to view larger version

Comcast Xfinity monthly prices for Internet. Click to view larger version I compared prices. Comcast Xfinity in Boston costs $79.95 per month for 75 megabytes speed. That's both slower and more expensive. Plus, it's the old coaxial cables and not the new fiber optic technology. Old things usually cost less. Read and learn more about community broadband networks.

Compare the prices for where you live. You're probably getting poor value. You're probably paying a lot more. If you are paying less, then you're still paying more because you're probably getting a far slower speed. Now you know a better deal exists, and how sweet that deal is -- both faster and cheaper service.

This worldwide study found that municipal or community broadband networks provide consumers with the best value (e.g., highest speeds at the lowest prices via wired lines). Regular readers of this blog are aware that there are 19 states with laws that prevent local towns and cities from forming their own municipal broadband networks. These laws contribute to the lack of competition, and keep your monthly Internet prices higher than otherwise. Some States Attorneys General are complicit with limiting competition.

Several politicians and Presidential candidates support these states' laws that limit competition, under the guise of "states rights" freedoms. This subterfuge helps their corporate donors, and limits (and ignores) both the freedoms and rights of people in local cities and towns to get and develop their own faster, more affordable high-speed Internet services.

Some politicians tried to correct this in 2015 with the Community Broadband Act. Sadly, that legislation has gone nowhere in Congress. Contact your elected officials today and tell them you want municipal broadband now.

Now you know why I discuss municipal broadband in this blog. Consumers are missing out on a sweet deal.


Pay-TV Industry Makes A Counter Proposal To FCC Set-Top Cable Box Rules

In response to the new set-top box rules proposed by the U.S. Federal Communications Commission (FCC) in February to encourage innovation, choices, and lower prices for consumers, the pay-TV industry has made a counter proposal. During meetings last week with the FCC:

"... the pay-TV industry would commit to creating apps to allow consumers to watch programs without needing to lease a box and the FCC could implement regulations enforcing the commitment"

Consumers spend an average of $231 annually in set-top box rental fees, generating $20 billion for the industry. The proposed FCC rules would encourage competition, innovation, more consumer choices, and lower prices. The FCC has said that it needs to see more details about the industry's counter offer:

"... to determine whether their industry proposal fully meets all of the goals of our proceeding..."

Not long ago, the pay-TV industry threatened lawsuits if the FCC proceeded with its proposed set-top box rules. Now, the industry has proposed a half-baked counter offer. Committing to create apps is like giving the sleeves off your vest. Apps are something the industry should be doing anyway.

Plus, the faux commitment avoids competition which was a key goal of the FCC's original proposed rules. One goal was innovation, which means let the innovators innovate -- tech companies like Apple, Alphabet, and others. Clearly, the industry is afraid of competition and doing whatever it can to keep competitors out, regardless of the negative consequences for consumers.

Also, the pay-TV industry's objections to the proposed FCC set-top box rules are unsupportable. Nothing in the FCC's proposed set-top box rules restricts the industry. They can still negotiate content agreements, develop apps (by themselves or license others to do it), and maintain their copyrights or property ownership. The Electronic Frontier Foundation (EFF) explained the the pay-TV industry's sordid history, the industry's faux copyright objections, and its likely goals today:

"... they are hoping that the FCC will repeat the same mistake it has made in the past when attempting to break up the TV set-top box monopoly, which is to leave them with enough control over the design and features of personal TV hardware and software so that choice becomes an illusion... Consumers know they are being ripped off by the current marketplace ($230 per consumer totaling $20 billion in rental fees each year) because they don't have an easy way to just own their box like they do with computers, cable modems, smart phones, tablets, and other electronic devices. And consumers know the personal empowerment that comes with being able to choose the best entertainment devices and software for themselves, separate from the entertainment content itself. Congress recognized this problem twenty years ago and passed a law that empowered the FCC to fix the problem... So what happened? The FCC issued regulations but allowed the cable industry to keep some control. Cable companies today have to give customers a descrambling device called a CableCARD that can go into devices like a TiVO, a PC, or (in theory) a TV itself. But the CableCARD era has been riddled with endless examples of how cable companies frustrate consumer switching away from rented set-top boxes because they controlled the means to switch... "

The pay-TV industry also includes many of the same wireless and broadband providers that object to proposed broadband privacy rules, object to net neutrality rules, and hired lobbyists for local laws in 19 states that prevent citizens from forming municipal broadband networks. All of this keeps prices high, and restricts competition and innovation. What's with the executive myopia?

The TV and cable-TV industries are changing quickly. Pay-TV executives seem addicted to $20 billion annual revenue flows regardless of the consequences to consumers. Address consumers' changing needs or go the way of buggy-whip makers who failed to adapt.

What are your opinions? Comments?


In The Modern Era, More Young Adults Live With Their Parents

As a parent of three children who are now adults, this news item caught my attention. The Pew Research Center reported:

"Broad demographic shifts in marital status, educational attainment and employment have transformed the way young adults in the U.S. are living, and an analysis of census data highlights the implications of these changes for the most basic element of their lives – where they call home. In 2014, for the first time in more than 130 years, adults ages 18 to 34 were slightly more likely to be living in their parents’ home than they were to be living with a spouse or partner in their own household."

The data:

  Percent of Adults
Ages 18 to 34
Living Arrangement 1880 1940 1960 2014
Living at home with parents 30 35 20 32.1
Married or co-habitation in own household 45 46 62 31.6
Living alone, single parents, and other head of household 3 3 5 14
Other living arrangement 22 16 13 22

Several factors contributed to this shift:

"The first is the postponement of, if not retreat from, marriage. The median age of first marriage has risen steadily for decades. In addition, a growing share of young adults may be eschewing marriage altogether. A previous Pew Research Center analysis projected that as many as one-in-four of today’s young adults may never marry. While cohabitation has been on the rise, the overall share of young adults either married or living with an unmarried partner has substantially fallen since 1990.

In addition... employed young men are much less likely to live at home than young men without a job, and employment among young men has fallen significantly in recent decades. The share of young men with jobs peaked around 1960 at 84%. In 2014, only 71% of 18- to 34-year-old men were employed. Similarly with earnings, young men’s wages (after adjusting for inflation) have been on a downward trajectory since 1970 and fell significantly from 2000 to 2010. As wages have fallen, the share of young men living in the home of their parent(s) has risen."

And there are differences by gender:

"For men ages 18 to 34, living at home with mom and/or dad has been the dominant living arrangement since 2009. 'In 2014, 28 percent of young men were living with a spouse or partner in their own home, while 35 percent were living in the home of their parent(s). For their part, young women are on the cusp of crossing over this threshold: They are still more likely to be living with a spouse or romantic partner (35%) than they are to be living with their parent(s) (29%). In 2014, more young women (16%) than young men (13%) were heading up a household without a spouse or partner. This is mainly because women are more likely than men to be single parents living with their children..."

Additional findings:

"In 2014, 40 percent of 18- to 34-year-olds who had not completed high school lived with parent(s), the highest rate observed since the 1940 Census when information on educational attainment was first collected.

Young adults in states in the South Atlantic, West South Central and Pacific United States have recently experienced the highest rates on record of living with parent(s).

With few exceptions, since 1880 young men across all races and ethnicities have been more likely than young women to live in the home of their parent(s)."

The methodology included decennial census data and large samples, typically 1 percent of young adults nationwide.


Appeals Court Backs FCC Net Neutrality Rules: Internet Access is a Utility

Federal communications Commission logo Yesterday, the D.C. Court of Appeals issued its decision, which supported the new Open Internet Rules by the Federal Communication Commission (FCC) to ensure open access to the Internet by all Americans. The new rules, commonly referred to as Net Neutrality and developed in 2015, apply to both wireless and wired connects; and are based upon no blocking, no throttling, no paid prioritization, and greater transparency. Cable, telecommunications, and wireless companies have fought the new rules.

The New York Times reported:

"The court’s decision upheld the F.C.C. on the historic declaration of broadband as a utility, the most significant aspect of the rules. That has broad-reaching implications for web and telecommunications companies and signals a shift in the government’s view of broadband as a service that should be equally accessible to all Americans, rather than a luxury that does not need close government supervision... The 184-page ruling opens a path for new limits on broadband providers."

Some of the companies support the FCC's new rules:

"Google and Netflix support net neutrality rules and have warned government officials that without regulatory limits, broadband providers would have an incentive to create business models that could harm consumers. They argue that broadband providers could degrade the quality of downloads and streams of online services to extract tolls from web companies or to promote unfairly their own competing services or the content of partners."

Some of the companies against the FCC's new rules:

"The legal battle from the broadband industry is far from over. The cable and telecom industries have signaled their intent to challenge any unfavorable decision, possibly taking the case to the Supreme Court. AT&T immediately said it would continue to fight."

A spokesperson for AT&T said that it hopes the U.S. Supreme Court will ultimately decide the matter. Corporate ISPs don't want Internet access reclassified as a utility. The Republican party promoted Senator Thune's proposed legislation in Congress to undo all of the good in the latest FCC rules. I called the proposed legislation a bait and switch. Read it and you'll probably agree.

U.S. Senator Edward J. Markey (D-Mass.) said in a statement:

"... net neutrality is here to stay... The court decision affirms what we already know to be true: that the FCC has the power to classify broadband Internet access service according to its best and current understanding of the technology, and how consumers harness that technology. The battle for net neutrality is the battle for our online future, and today’s ruling is a victory for consumers, innovators, entrepreneurs, and anyone who counts on the Internet to connect to the world. This decision celebrates the free and democratic expression of ideas that is the hallmark of our online ecosystem. Protecting net neutrality ensures that the best ideas, and not merely the best-funded ideas, will rule the day.”

The D.C. Appeals Court decision is indeed good news for consumers. Both consumers and businesses use the Internet daily... need the Internet... for a variety of applications. It has become essential to everyday life. Internet access is like water o electricity. We all need it to live, to work, to attend school.

Open Internet rules makes sense. When a consumer pays for Internet access, he or she should decide what they use that access for... not the Internet Service Provider (ISP). Large, corporate ISPs have amassed a variety of programming content in divisions and subsidiaries. The rule reflects this reality, and helps ensure that when YOU, the consumer, access the Internet you choose where to go -- and not your ISP, which has their own internal, financial bias toward content at owned affiliates, divisions, or business units.

The FCC has already proposed new privacy rules for high-speed ISPs, and unlocking cable set-top boxes to encourage innovation, competition, more choice, and lower prices for consumers. All of these rules make sense, complement each other, and help consumers.

The 184-page decision by the D.C. Appellate Court is available here and here (Adobe PDF; 1,001K bytes).


Microsoft To Buy Social Networking Site LinkedIn For $26.2 Billion

Microsoft logo Microsoft Corporation announced yesterday its plan to purchase the LinkedIn.com social networking site for $26.2 billion, or $196 per share. The Boards of Directors at both companies have approved the transaction. Microsoft will fund the acquisition with additional debt. The high-tech giant explained the acquisition in a blog post:

"LinkedIn is the world’s largest and most valuable professional network and continues to build a strong and growing business. Over the past year, the company has launched a new version of its mobile app that has led to increased member engagement; enhanced the LinkedIn newsfeed to deliver better business insights; acquired a leading online learning platform called Lynda.com to enter a new market; and rolled out a new version of its Recruiter product to its enterprise customers. These innovations have resulted in increased membership, engagement and financial results, specifically:

- 19 percent growth year over year (YOY) to more than 433 million members worldwide,
- 9 percent growth YOY to more than 105 million unique visiting members per month,
- 49 percent growth YOY to 60 percent mobile usage,
- 34 percent growth YOY to more than 45 billion quarterly member page views, and
- 101 percent growth YOY to more than 7 million active job listings."

LinkedIn.com logo 128 million (of the 433 million total) users are in the United States. For 2015, LinkedIn's GAAP (Generally Accepted Accounting Principles) net loss was $166 million. In 2014, the social site lost $15.7 million. The company's Talent Solutions business generates the most revenues, followed by advertising on the site and in the mobile app, and then the site's premium subscription service for memebers.

Microsoft CEO Satya Nadella said In an e-mail to staff:

"This deal brings together the world’s leading professional cloud with the world’s leading professional network... I wanted to share with you how I think about acquisitions overall. To start, I consider if an asset will expand our opportunity — specifically, does it expand our total addressable market? Is this asset riding secular usage and technology trends? And does this asset align with our core business and overall sense of purpose?

The answer to all of those questions with LinkedIn is squarely yes. We are in pursuit of a common mission centered on empowering people and organizations. Along with the new growth in our Office 365 commercial and Dynamics businesses this deal is key to our bold ambition to reinvent productivity and business processes. Think about it: How people find jobs, build skills, sell, market and get work done and ultimately find success requires a connected professional world. It requires a vibrant network that brings together a professional’s information in LinkedIn’s public network with the information in Office 365 and Dynamics. This combination will make it possible for new experiences such as a LinkedIn newsfeed that serves up articles based on the project you are working on and Office suggesting an expert to connect with via LinkedIn to help with a task you’re trying to complete. As these experiences get more intelligent and delightful, the LinkedIn and Office 365 engagement will grow. And in turn, new opportunities will be created for monetization through individual and organization subscriptions and targeted advertising."

LinkedIn went public in 2011. Mashable reported about a possible consolidation in the social networking industry. More sites may be acquired:

"Many of the flashy social networks that Wall Street once fawned over — even if it didn't understand what exactly they do — are now looking for the exit door as the mood sours. LinkedIn, like Twitter and Yelp, has seen its stock obliterated throughout much of the year as social media firms (other than Facebook) are experiencing slower growth, and investors are experiencing less patience... In February, LinkedIn stock was nearly halved overnight after a single disappointing earnings report. The plunge was so severe that the company's CEO had to give a pep talk to his team and later gave away his bonus to employees suffering from financial whiplash... Twitter, arguably the second most anticipated social media IPO after Facebook, has seen its market cap fall to less than $10 billion in recent weeks..."

And, there are three related privacy issues. First, LinkedIn had a massive data breach in 2012, affecting 117 million persons. Hopefully, the acquisition will also help the social networking site improve its data security. If not, the profitability slide will likely continue.

Second, it is important to remember that during any corporate acquisition, the acquiring company gets the assets of the acquired company. Assets usually include databases of information about customers, current employees, former employees, and contractors. If you use LinkedIn or did business with the social site and never did business with Microsoft, then Microsoft will soon have your sensitive personal and payment information.

Third, the acquisition reinforces the impression that Microsoft bought in entirely to big data. Like Google, it wishes to collect as much information as possible about as many people as possible. Big data matters, especially to cloud services vendors.

Agree? Comments?


Shooting In Orlando: Hate Crime, Terrorism, Or Both?

Was the mass murder this past weekend in Orlando (Florida) a hate crime or terrorism? As a society, we've been here before, too many times. We've asked ourselves this question recently after a church shooting, and after a clinic shooting.

So, it seems appropriate to revisit the definitions. From the U.S. Federal Bureau of Investigation (FBI) website:

Hate Crime: "A hate crime is a traditional offense like murder, arson, or vandalism with an added element of bias. For the purposes of collecting statistics, the FBI has defined a hate crime as a “criminal offense against a person or property motivated in whole or in part by an offender’s bias against a race, religion, disability, sexual orientation, ethnicity, gender, or gender identity.” Hate itself is not a crime—and the FBI is mindful of protecting freedom of speech and other civil liberties."

International Terrorism: "... means activities with the following three characteristics: 1) Involve violent acts or acts dangerous to human life that violate federal or state law; 2) Appear to be intended (i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; and 3) Occur primarily outside the territorial jurisdiction of the U.S., or transcend national boundaries in terms of the means by which they are accomplished, the persons they appear intended to intimidate or coerce, or the locale in which their perpetrators operate or seek asylum.*

Domestic Terrorism: "... means activities with the following three characteristics: 1) Involve acts dangerous to human life that violate federal or state law; 2) Appear intended (i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination. or kidnapping; and 3) Occur primarily within the territorial jurisdiction of the U.S."

Some politicians want to classify the event as one type (e.g., terrorism) and not another (e.g., hate crime), while ignoring the related issues: the gun violence continues without effective background checks and the assault-style weapon used in Orlando is fast becoming mass shooters' weapon of choice. There's also the long history of anti-LGBT violence in LGBT clubs.

When you consider the above definitions, the following variations seem possible:

Venn diagram of hate crime, terrorism possibilities

Thoughts? Comments? Fed up? Find your senator, and find your representative.


Social Networking Sites With The Largest Number of News Users

Recently, some friends and I were discussing the wisdom of getting your news from social networking websites (e.g., Facebook, Twitter, Snapchat, Youtube, LinkedIn, etc.) instead of directly from news media sites. Apparently, many consumers get their news from such sites.

The Pew Research Center reported that most adults in the United States, 62 percent, get their news from social networking sites. The corresponding statistic in 2012 was 49 percent. Fewer social media site users get their news from other platforms: local television (46 percent), cable TV (31 percent), nightly network TV (30 percent), news websites/apps (28 percent), radio (25 percent), and print newspapers (20 percent). 

Pew analyzed which social networking sites were used the most for news, and whether consumers used multiple sites to obtain news. The Pew Research Center found:

"Two-thirds of Facebook users (66 percent) get news on the site, nearly six-in-ten Twitter users (59 percent) get news on Twitter, and seven-in-ten Reddit users get news on that platform. On Tumblr, the figure sits at 31 percent..."

The corresponding statistics are 23 percent for Instagram, 21 percent for Youtube, 19 percent for LinkedIn, and 17 percent at Snapchat. The implications:

"Facebook is by far the largest social networking site, reaching 67% of U.S. adults. The two-thirds of Facebook users who get news there, then, amount to 44% of the general population. YouTube has the next greatest reach in terms of general usage, at 48% of U.S. adults. But only about a fifth of its users get news there, which amounts to 10% of the adult population. That puts it on par with Twitter, which has a smaller user base (16% of U.S. adults) but a larger portion getting news there."

About audience overlap, Pew found that most people (64 percent) get their news from one social media site. 26 percent get their news from two social media sites, and 10 percent get their news from three social media sites. Pew also found that more users at Reddit, Twitter, and LinkedIn seek out news versus stumbling across it by accident:

  Percent of news users of each
site who mostly get news online
Social Networking Site While doing
other things
Because they're
looking for it
Instagram 63 37
Facebook 62 38
Youtube 58 41
LinkedIn 46 51
Twitter 45 54
Reddit 42 55

Who are the news users at the five largest social sites with news users? The users vary by site:

"... while there is some crossover, each site appeals to a somewhat different group. Instagram news consumers stand out from other groups as more likely to be non-white, young and, for all but Facebook, female. LinkedIn news consumers are more likely to have a college degree than news users of the other four platforms; Twitter news users are the second most likely."

The demographic data:

Pew-social-news-users

Some of you are probably wondering about Google+ and Pinterest. Pew removed three social media sites because:

"... Pinterest, which has been shown to have a small portion of users who use it for news; Myspace, which has largely transitioned to a music site; and Google+, which through its recent transformations is being phased out as a social networking site."

The survey was conducted from January 12 to February 8, 2016 and included 4,654 respondents (4,339 by web and 315 by mail). The methodology included a randomly-selected subset of U.S. adults (6,301 total web-based persons and 474 total mail persons.


U.S. Chamber of Commerce Opposes Proposed FCC Broadband Privacy Rules

U.S. Chamber of Commerce logo Some companies don't want consumers to have privacy when using high-speed Internet services. Just before the long Memorial Day holiday weekend, the U.S. Chamber of Commerce (USCOC) submitted comments about the broadband privacy rules proposed by the U.S. Federal Communications Commission (FCC) in April. Portions of the USCOC's comments to the FCC:

"... the Chamber opposes the proposed broadband privacy rule because it is unnecessary, exceeds statutory authority, furthers a regulatory digital divide between edge and telecommunications providers, and threatens innovation by stifling the already thriving Internet ecosystem... I. Current broadband provider privacy practices and the market do not justify the proposed rule... II. The Commission is engaging in a regulatory overreach with its proposed rule... III. The NPRM furthers a regulatory digital divide The proposed rule creates regulatory imbalance in which broadband service providers will be subject to highly restrictive and prescriptive “opt-in” privacy regulations while other content and edge providers — like Netflix — remain under the light-touch regulatory framework of the FTC... The Chamber strongly supports voluntary self-regulation as the appropriate mechanism for online data protection... IV. The proposed FCC privacy rule threatens innovation and the current digital ecosystem..."

What is the USCOC? It is a political lobbying organization representing businesses. According to the organization's website:

"The U.S. Chamber of Commerce is the world’s largest business organization representing the interests of more than 3 million businesses of all sizes, sectors, and regions. Our members range from mom-and-pop shops and local chambers to leading industry associations and large corporations. They all share one thing—they count on the Chamber to be their voice in Washington, D.C."

Let's unpack this a bit. In its comments to the FCC, the USCOC is arguing for the interests of Internet Service Providers (ISPs), and not small mom-and-pop shops, and definitely not the interests of consumers. The USCOC's view is that opt-in privacy approaches is "highly restrictive" and a burden. Instead, they want to collect whatever consumer information ISPs desire and place the entire burden on consumers to opt-out of programs. Think about that for a moment. They believe it is burdensome to explain a program's privacy policy and display an "opt-in" (or "register" or "I accept these terms") button so that consumers stay in control of their personal information.

The USCOC's submission claims that the FCC's proposed rules unfairly places restrictions on ISPs compared to "edge providers' or companies that produce content and advertising networks:

"The proposed rule creates regulatory imbalance in which broadband service providers will be subject to highly-restrictive and prescriptive “opt-in” privacy regulations while other content and edge providers — like Netflix — remain under the light-touch regulatory framework of the FTC. The same customer data about Internet usage will be regulated by two very different agencies. Content and edge providers will continue to operate under FTC’s jurisdiction to regulate “unfair and deceptive” trade practices under Section 5 of the Federal Trade Commission Act. 21 Under Section 5, in the case of unfair and deceptive trade practice violations, the FTC generally issues a cease and desist order that does not immediately impose penalties on alleged violators. This practice gives companies notice and a chance to clean up their act. Conversely, broadband providers under section 222 would not be entitled to a notice to correct mistakes and would be subject to the highly-prescriptive regulations imposed by the NPRM. The decision to regulate broadband providers under two different regulatory regimes is entirely arbitrary..."

Huh? Really? Internet access is not content. Content is content. Of course, the two should be treated differently. Internet access includes the connections for devices a consumer uses online: phones, tablets, laptops, desktops, smart televisions, smart thermometers, smart home-security systems, fitness bands, smart watches, connected refrigerators, and more. Consuming content from Netflix, or another provider, may involve a few, one, or none of these devices -- the choice of the consumer.

In its comments to the FCC, the USCOC also said:

The Commission has also failed to offer any evidence that edge and content providers are respecting consumers’ privacy more than broadband providers or that Internet service providers have any meaningful advantage over content and edge providers with respect to personal data."

MediaPost reported:

"Consumer advocacy groups disagree, pointing out that ISPs have access to all unencrypted traffic in their networks. While more sites now encrypt data than in the past, much remains unencrypted. Consider, a recent study by Upturn found that more than 85% of the top 50 sites in health, news and shopping don't fully support encryption. Upturn also noted in its report that ISPs can glean information about consumers even when they visit encrypted sites... Consumer advocacy groups also argue that broadband providers should be subject to tougher privacy rules because consumers have only limited options about which ISP to use, but many choices about which Web sites to visit."

Well said. I would add to this that the industry historically has repeatedly abused consumers' privacy. This blog has covered many of those abuses:

Historically, ISPs have sought increased revenues and viewed targeted (behavioral) advertising as the means. To do this, they partnered with several technology companies (some went out of business after class-action lawsuits) to spy on consumers without notice, without consent, and without providing opt-out  mechanisms. Consumers should control their privacy, not ISPs.

Now you know who if fighting for consumers' interests, and who is not.


The Third Anniversary of Leaks About NSA Surveillance Programs

Three years ago today, the public learned about extensive surveillance by the U.S. National Security Agency (NSA). Back then, the Guardian UK newspaper reported about a court order allowing the NSA to spy on U.S. citizens. The Electronic Frontier Foundation (EFF) summarized events from 2013:

"It started with a secret order written by the FISA court authorizing the mass surveillance of Verizon Business telephone records—an order that members of Congress quickly confirmed was similar to orders that had been issued every 3 months for years. Over the next year, we saw a steady drumbeat of damning evidence, creating a detailed, horrifying picture of an intelligence agency unrestrained by Congress and shielded from public oversight by a broken classification system. The leaks were thanks in large part to whistleblower Edward Snowden, who has been living in Russia for the last three years, unable to return to the United States for fear of spending his life behind bars..."

Since then, we've learned plenty about how extensive the government surveillance apparatus is and the lack of oversight. We've also learned about NSA code inserted in Android operating system software, the FISA Court and how it undermines the public's trust, the importance of metadata and how much it reveals about you (despite some politicians' claims otherwise), the unintended consequences from broad NSA surveillance, U.S. government spy agencies' goal to break all encryption methods, warrantless searches of U.S. citizens' phone calls and e-mail messages, the NSA's facial image data collection program, the data collection programs included ordinary (e.g., innocent) citizens besides legal targets, and while most hi-tech and telecommunications companies assisted the government with its spy programs, AT&T was probably the best collaborator. A scary, extensive list, eh?

Would the public have learned about all of this without the Snowden leaks? I doubt it. So, thanks to Edward Snowden.

And, this list doesn't include the attempt by the Justice Department to force a hi-tech company to build a "back door" into its products to break encryption. It's been a busy three years. The EFF concluded:

"The Snowden leaks caused a sea change in the policy landscape related to surveillance. EFF worked with dozens of coalition partners across the political spectrum to pass the USA Freedom Act, the first piece of legislation to rein in NSA spying in over thirty years—a bill that would have been unthinkable without the Snowden leaks. They also set the stage for a major showdown in Congress over Section 702 of the FISA Amendments Act, the controversial section of law set to expire in 2017 that the government claims authorizes much of the NSA’s Internet surveillance... Perhaps most importantly, the Snowden leaks published over the last three years have helped to realign a broken relationship between the intelligence community and the public. Whistleblowers often serve as a last-resort failsafe when there are no other methods of bringing accountability to secretive processes. The Snowden leaks have helped illuminate how the NSA was operating outside the law with near impunity, and this in turn drove an international conversation about the dangers of near-omniscient surveillance of our digital communications."

It's not over. The EFF compiled a list of 65 things we know thanks to the Snowden leaks, and a timeline of NSA domestic surveillance. And, Vice News has uncovered some of the documents that highlight the discussions among NSA and government officials about the privacy and Constitutional issues Mr. Snowden raised at the agency before the leaks:

"What's remarkable about this FOIA release, however, is that the NSA has admitted that it altered emails related to its discussions about Snowden. In a letter disclosed to VICE News Friday morning, Justice Department attorney Brigham Bowen said, "Due to a technical flaw in an operating system, some timestamps in email headers were unavoidably altered. Another artifact from this technical flaw is that the organizational designators for records from that system have been unavoidably altered to show the current organizations for the individuals in the To/From/CC lines of the header for the overall email, instead of the organizational designators correct at the time the email was sent."

Because none of the people interviewed by the NSA in the wake of the leaks said that "Snowden mentioned a specific NSA program," and "many" of the people interviewed "affirmed that he never complained about any NSA program," the NSA's counterintelligence chief concluded that these conversations about the Constitution and privacy did not amount to raising concerns about the NSA's spying activities. That was the basis for the agency's public assertions... In April 2014, the month after he testified before the European Parliament, Snowden again challenged the NSA's public narrative about his failure to raise concerns at the agency. In advance of the publication of the Vanity Fair story, the magazine posted a preview online on April 8. "The NSA... not only knows I raised complaints, but that there is evidence that I made my concerns known to the NSA's lawyers, because I did some of it through e-mail," he said."

The Vice News article also discussed the lack of whistle-blower protections for contractors like Mr. Snowden.

Citizens give their government certain powers to act on their behalf. Implicit in that decision is trust. Entrusted with those powers, a government (in a democracy) has an obligation to be transparent with its citizens.


User Reports Facebook Changed Members' Ad Settings Without Notice Nor Consent

If you use Facebook.com, this is for you.

David Carroll, an associate professor of media design at Parsons School of Design, posted the warning below on Twitter. I checked my Facebook settings and this specific advertisement setting had indeed been changed. So, check yours today. It's fast and easy. It will take at most half a minute to check and change it.

What's driving this activity by the social network? The Washington Post summarized the situation well when it discussed new ad features the site introduced in 2014:

"Things are about to get better for Facebook customers! Not you. You are not a Facebook customer. Advertisers are Facebook customers. You are part of the Facebook product... Facebook, at its moneymaking core, is a system for showing ads to people... why we’re seeing this is because Facebook is not a social network. It is an advertising network... And it seems to be banking on what is always banks on: our unwillingness to change any default settings or think about the flip side of data sharing."

Now, go check and restore your ad settings to maintain privacy.

Tweet by David Carroll. Click to view larger version


Congressional Sources Say The Burr-Feinstein Anti-Encryption Bill is Dead

The Burr-Feinstein anti-encryption bill is apparently dead.

You may remember, a few months ago Senators Richard Burr (R-NC) and Dianne Feinstein (D-Calif.), leaders of the Senate Intelligence Committee, drafter the Compliance with Court Orders Act of 2016 (CCOA) to force a variety of tech companies to build back doors into their products and services. The draft legislation required software developers, device manufacturers, communications providers (wired and wireless), and "remote computing services (RCS)" to provide the government, upon request, with data in an unencrypted format.

A prior blog post listed the multitude of problems with the bill. The tech industry called the legislation "unworkable."

It seems that the bill has died. Reuters explained why (links added):

"Now, only months later, much of the support is gone, and the push for legislation dead, according to sources in congressional offices, the administration and the tech sector. Draft legislation... will not be introduced this year and, even if it were, would stand no chance of advancing, the sources said. Key among the problems was the lack of White House support for legislation in spite of a high-profile court showdown between the Justice Department and Apple Inc over the suspect iPhone... Tech companies, backed by civil liberties groups, insist that building law enforcement access into phones and other devices would undermine security for everyone-including the U.S. government itself... The CIA and NSA were ambivalent... in part because officials in the agencies feared any new law would interfere with their own encryption efforts... In the meantime, tech companies have accelerated encryption efforts in the wake of the Apple case..."

Good.