Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

NSA Exploited Heartbleed Bug for Years

Posted in Internet Privacy

A report that the NSA regularly used the Heartbleed bug for years “to gather critical intelligence” but kept “the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts” according to Bloomberg News.  Bloomberg went on to report:

The NSA and other elite intelligence agencies devote millions of dollars to hunt for common software flaws that are critical to stealing data from secure computers. Open-source protocols like OpenSSL, where the flaw was found, are primary targets.

The Heartbleed flaw, introduced in early 2012 in a minor adjustment to the OpenSSL protocol, highlights one of the failings of open source software development.

Computerworld reported how ironic it was about the Bloomberg report came the same day as the US Department of Homeland Security issued a warning about the Heartbleed bug:

While there have not been any reported attacks or malicious incidents involving this particular vulnerability confirmed at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems.

Only time will tell about how devastating the Heartbleed bug will be to Internet users, but the impact on national security will be interesting to analyze.

9 Problems with Big Data

Posted in eCommerce, Social Media

There may be too many headlines about “combining the power of modern computing with the plentiful data of the digital era, it promises to solve virtually any problem — crime, public health, the evolution of grammar, the perils of dating — just by crunching the numbers” as opined in the New York Times.  This opinion was written by New York University professor of psychology Gary Marcus who is an editor of the forthcoming book “The Future of the Brain” and professor of computer science Ernest Davis, and they offer this advice:

Big data is here to stay, as it should be. But let’s be realistic: It’s an important resource for anyone analyzing data, not a silver bullet.

Professors Marcus and Davis suggest the following problems with Big Data:

The first thing to note is that although big data is very good at detecting correlations, especially subtle correlations that an analysis of smaller data sets might miss, it never tells us which correlations are meaningful. A big data analysis might reveal, for instance, that from 2006 to 2011 the United States murder rate was well correlated with the market share of Internet Explorer: Both went down sharply. But it’s hard to imagine there is any causal relationship between the two. Likewise, from 1998 to 2007 the number of new cases of autism diagnosed was extremely well correlated with sales of organic food (both went up sharply), but identifying the correlation won’t by itself tell us whether diet has anything to do with autism.

Second, big data can work well as an adjunct to scientific inquiry but rarely succeeds as a wholesale replacement. Molecular biologists, for example, would very much like to be able to infer the three-dimensional structure of proteins from their underlying DNA sequence, and scientists working on the problem use big data as one tool among many. But no scientist thinks you can solve this problem by crunching data alone, no matter how powerful the statistical analysis; you will always need to start with an analysis that relies on an understanding of physics and biochemistry.

Third, many tools that are based on big data can be easily gamed. For example, big data programs for grading student essays often rely on measures like sentence length and word sophistication, which are found to correlate well with the scores given by human graders. But once students figure out how such a program works, they start writing long sentences and using obscure words, rather than learning how to actually formulate and write clear, coherent text. Even Google’s celebrated search engine, rightly seen as a big data success story, is not immune to “Google bombing” and “spamdexing,” wily techniques for artificially elevating website search placement.

Fourth, even when the results of a big data analysis aren’t intentionally gamed, they often turn out to be less robust than they initially seem. Consider Google Flu Trends, once the poster child for big data. In 2009, Google reported — to considerable fanfare — that by analyzing flu-related search queries, it had been able to detect the spread of the flu as accurately and more quickly than the Centers for Disease Control and Prevention. A few years later, though, Google Flu Trends began to falter; for the last two years it has made more bad predictions than good ones.

A fifth concern might be called the echo-chamber effect, which also stems from the fact that much of big data comes from the web. Whenever the source of information for a big data analysis is itself a product of big data, opportunities for vicious cycles abound. Consider translation programs like Google Translate, which draw on many pairs of parallel texts from different languages — for example, the same Wikipedia entry in two different languages — to discern the patterns of translation between those languages. This is a perfectly reasonable strategy, except for the fact that with some of the less common languages, many of the Wikipedia articles themselves may have been written using Google Translate. In those cases, any initial errors in Google Translate infect Wikipedia, which is fed back into Google Translate, reinforcing the error.

A sixth worry is the risk of too many correlations. If you look 100 times for correlations between two variables, you risk finding, purely by chance, about five bogus correlations that appear statistically significant — even though there is no actual meaningful connection between the variables. Absent careful supervision, the magnitudes of big data can greatly amplify such errors.

Seventh, big data is prone to giving scientific-sounding solutions to hopelessly imprecise questions. In the past few months, for instance, there have been two separate attempts to rank people in terms of their “historical importance” or “cultural contributions,” based on data drawn from Wikipedia. One is the book “Who’s Bigger? Where Historical Figures Really Rank,” by the computer scientist Steven Skiena and the engineer Charles Ward. The other is an M.I.T. Media Lab project called Pantheon.

FINALLY, big data is at its best when analyzing things that are extremely common, but often falls short when analyzing things that are less common. For instance, programs that use big data to deal with text, such as search engines and translation programs, often rely heavily on something called trigrams: sequences of three words in a row (like “in a row”). Reliable statistical information can be compiled about common trigrams, precisely because they appear frequently. But no existing body of data will ever be large enough to include all the trigrams that people might use, because of the continuing inventiveness of language.

Wait, we almost forgot one last problem: the hype. Champions of big data promote it as a revolutionary advance. But even the examples that people give of the successes of big data, like Google Flu Trends, though useful, are small potatoes in the larger scheme of things. They are far less important than the great innovations of the 19th and 20th centuries, like antibiotics, automobiles and the airplane.

The more we know about Big Data the better we are able to value it.

New Federal Rules Require Banks to Fight DDoS

Posted in eCommerce

US Banks and financial institutions “must now monitor for”” DDoS (distributed denial-of-service) “attacks against their networks and have a plan in place to try and mitigate against such attacks” as reported by Infoweek.  The Federal Financial Institutions Examination Council (FFIEC) issued a “Joint Statement – Distributed Denial-of-Service (DDoS) Cyber-Attacks, Risk Mitigation, and Additional Resources” which includes these following 6 steps:

1. Maintain an ongoing program to assess information security risk that identifies, prioritizes, and assesses the risk to critical systems, including threats to external websites and online accounts;

2. Monitor Internet traffic to the institution’s website to detect attacks;

3. Activate incident response plans and notify service providers, including Internet service providers (ISPs), as appropriate, if the institution suspects that a DDoS attack is occurring. Response plans should include appropriate communication strategies with customers concerning the safety of their accounts;

4. Ensure sufficient staffing for the duration of the DDoS attack and consider hiring pre-contracted third-party servicers, as appropriate, that can assist in managing the Internet-based traffic flow. Identify how the institution’s ISP can assist in responding to and mitigating an attack;

5. Consider sharing information with organizations, such as the Financial Services Information Sharing and Analysis Center and law enforcement because attacks can change rapidly and sharing the information can help institutions to identify and mitigate new threats and tactics; and

6. Evaluate any gaps in the institution’s response following attacks and in its ongoing risk assessments, and adjust risk management controls accordingly.

The FFIEC is comprised of the principals of the following: The Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Consumer Financial Protection Bureau, and State Liaison Committee.

Only time will tell if the FFIEC’s rules help avoid banking disasters and related cyber fraud.

Judge Orders Bitcoin Mt. Gox CEO in Japan to Come to Texas

Posted in eCommerce

After filing for US bankruptcy protection in Texas based on a Japanese bankruptcy, the Judge ordered that Mt. Gox CEO Mark Karpeles to come to Dallas because if “he avails himself of this court, my God, he is going to get himself over here” as reported in Reuters. On April 1, 2014 US Bankruptcy Judge Stacey Jernigan (Northern District of Texas) ordered Mr. Karpeles “to answer questions related to its U.S. bankruptcy case, filed after the company lost $400 million of customers’ digital currency.”

Reuters reported that the Mt. Gox customers requested that Mr. Karpeles the “chief executive and majority owner” of Mt. Gox to testify in a 2004 deposition:

…to explain why the exchange shut down in February and what happened to their 750,000 bitcoins, which the company said were stolen in a computer hacking attack.

Given the scope of the failed Bitcoin exchange and the Mt. Gox bankruptcy, this lawsuit will continue to generate a lot of headlines.

“Google Glass” – 10 Myths Debunked

Posted in eCommerce, Internet Privacy

In order to set the record straight Google felt compelled to debunk myths which “can be fun, but they can also be confusing or unsettling” so on March 20, 2014 Google listed “The Top 10 Google Glass Myths.” eWeek reported concerns that have been raised including:

Glass devices have received some serious criticism while being used in public, including outright bans in some bars, restaurants and other businesses, as well as privacy concerns from some people who just don’t like the idea of Glass wearers recording them or viewing them using the devices.

Google’s debunked 10 Myths are as follows:

Myth 1 – Glass is the ultimate distraction from the real world
Instead of looking down at your computer, phone or tablet while life happens around you, Glass allows you to look up and engage with the world. Big moments in life — concerts, your kid’s performances, an amazing view — shouldn’t be experienced through the screen you’re trying to capture them on. That’s why Glass is off by default and only on when you want it to be. It’s designed to get you a bit of what you need just when you need it and then get you back to the people and things in life you care about.

Myth 2:  Glass is always on and recording everything
Just like your cell phone, the Glass screen is off by default. Video recording on Glass is set to last 10 seconds. People can record for longer, but Glass isn’t designed for or even capable of always-on recording (the battery won’t last longer than 45 minutes before it needs to be charged). So next time you’re tempted to ask an Explorer if he’s recording you, ask yourself if you’d be doing the same with your phone. Chances are your answers will be the same.

Myth 3 – Glass Explorers are technology-worshipping geeks
Our Explorers come from all walks of life. They include parents, firefighters, zookeepers, brewmasters, film students, reporters, and doctors. The one thing they have in common is that they see the potential for people to use technology in a way that helps them engage more with the world around them, rather than distract them from it. In fact, many Explorers say because of Glass they use technology less, because they’re using it much more efficiently. We know what you’re thinking: “I’m not distracted by technology”. But the next time you’re on the subway, or, sitting on a bench, or in a coffee shop, just look at the people around you. You might be surprised at what you see.

Myth 4 – Glass is ready for prime time
Glass is a prototype, and our Explorers and the broader public are playing a critical role in how it’s developed. In the last 11 months, we’ve had nine software updates and three hardware updates based, in part, on feedback from people like you. Ultimately, we hope even more feedback gets baked into a polished consumer product ahead of being released. And, in the future, today’s prototype may look as funny to us as that mobile phone from the mid 80s.

Myth 5: Glass does facial recognition (and other dodgy things) Nope. That’s not true. As we’ve said before, regardless of technological feasibility, we made the decision based on feedback not to release or even distribute facial recognition Glassware unless we could properly address the many issues raised by that kind of feature.  And just because a weird application is created, doesn’t mean it’ll get distributed in our MyGlass store. We manually approve all the apps that appear there and have several measures in place (from developer policies and screenlocks to warning interstitials) to help protect people’s security on the device.

Myth 6: Glass covers your eye(s)
“I can’t imagine having a screen over one eye…” one expert said in a recent article. Before jumping to conclusions about Glass, have you actually tried it? The Glass screen is deliberately above the right eye, not in front or over it. It was designed this way because we understand the importance of making eye contact and looking up and engaging with the world, rather than down at your phone.

Myth 7 – Glass is the perfect surveillance device
If a company sought to design a secret spy device, they could do a better job than Glass! Let’s be honest: if someone wants to secretly record you, there are much, much better cameras out there than one you wear conspicuously on your face and that lights up every time you give a voice command, or press a button.

Myth 8 – Glass is only for those privileged enough to afford it
The current prototype costs $1500 and we realize that is out of the range of many people. But that doesn’t mean the people who have it are wealthy and entitled. In some cases, their work has paid for it. Others have raised money on Kickstarter and Indiegogo. And for some, it’s been a gift.

Myth 9 – Glass is banned… EVERYWHERE
Since cell phones came onto the scene, folks have been pretty good at creating etiquette and the requisite (and often necessary) bans around where someone can record (locker rooms, casino floors, etc.). Since Glass functionality mirrors the cell phones (down to the screen being off by default), the same rules apply. Just bear in mind, would-be banners: Glass can be attached to prescription lenses, so requiring Glass to be turned off is probably a lot safer than insisting people stumble about blindly in a locker room.

Myth 10 – Glass marks the end of privacy
When cameras first hit the consumer market in the late 19th century, people declared an end to privacy. Cameras were banned in parks, at national monuments and on beaches.  People feared the same when the first cell phone cameras came out. Today, there are more cameras than ever before. In ten years there will be even more cameras, with or without Glass. 150+ years of cameras and eight years of YouTube are a good indicator of the kinds of photos and videos people capture–from our favorite cat videos to dramatic, perspective-changing looks at environmental destruction, government crackdowns, and everyday human miracles.

Since there is so much hype about Google Glass it will be interesting to look back at the 10 myths in years to come.

Privacy Protection for Cell Phones – No Warrantless Searches

Posted in eCommerce, Internet Privacy

A court ruled that a “person retains a legitimate expectation of privacy in the contents of his cell phone when that phone is being temporarily stored in a jail property room,” and rejected the prosecutor’s claim “that a modern-day cell phone is like a pair of pants or a bag of groceries, for which a person loses all privacy protection once it is checked into a jail property room.” The Texas Court of Criminal Appeals (court of last resort for criminal cases) ruled in Granville v State of Texas on February 26 2014 that “this is a case about rummaging through a citizen’s electronic private effects-a cell phone-without a warrant:”

The Fourth Amendment states that “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures shall not be violated.”  

The term “papers and effects” obviously carried a different connotation in the late eighteenth century than it does today. No longer are they stored only in desks, cabinets, satchels, and folders.

Our most private information is now frequently stored in electronic devices such as computers, laptops, iPads, and cell phones, or in “the cloud” and accessible by those electronic devices.  

But the “central concern underlying the Fourth Amendment” has remained the same throughout the centuries; it is “the concern about giving police officers unbridled discretion to rummage at will among a person’s private effects.”  

Apparently courts continue to require warrants, which if issued will make available the contents of cell phones.  However we continue to see cases like this where warrants are not secured.

Google Wins! No Class Action Suit for Monetizing Gmail Content

Posted in eCommerce

A court ruled that Gmail users consented to Google’s monetization of Gmail content ended the class action lawsuit since “consent must be litigated on an individual, rather than class-wide basis.”  The class action suit filed in 2011 In Re Google Gmail Litigation was dismissed “with prejudice,” which means the plaintiffs cannot revise its complaint with new claims, as ordered on March 18, 2014 by US District Judge Lucy Koh (Northern District of California).

Bloomberg said that “the amount at stake could have reached into the trillions of dollars” for violation of the Federal Wiretap Act and called Google’s win:

…a major victory in its fight against claims it illegally scanned private e-mail messages to and from Gmail accounts, defeating a bid to unify lawsuits in a single group case on behalf of hundreds of millions of Internet users.

Judge Koh’s ruling will likely adversely affect the related Yahoo! class action webmail litigation for Yahoo!’s monetization of webmail content.  Stay tuned for the next battleground on this Gmail case in the appellate courts.

Big Data – Do You Have a Right to Know Your Data?

Posted in Internet Privacy

In 2013 California proposed a new “right to know” data access bill that “that would require companies to reveal to individuals the “personal information” they store—in other words, a digital copy of every location trace and sighting of their IP address” as reported in an article entitled “The Data Made Me Do It” published in the MIT Technology Review.  The MIT article also reported that ‘99.5% of newly created digital data is never analyzed’ but:

  • For the data refineries of Silicon Valley, like Google, Facebook, and LinkedIn, the merger of big data and personal data has been a goal for some time. It creates tools advertisers can use, and it makes products that are particularly “sticky,” too.
  • After all, what’s more interesting than yourself?
  • Facebook suggests who your friends might be.
  • Google Now gets better the more data you give it.

Although California Assembly Bill No. 1291 has stalled and not become law proposed legislation of this sort portends future attempts to create laws to allow our “Right to Know.”

Under the California bill  every website would have to provide the following categories of personal information within 30 days of request:

(A) Identity information including, but not limited to, real name, alias, nickname, and user name.

(B) Address information, including, but not limited to, postal address or e-mail.

(C) Telephone number.

(D) Account name.

(E) Social security number or other government-issued identification number, including, but not limited to, social security number, driver’s license number, identification card number, and passport number.

(F) Birthdate or age.

(G) Physical characteristic information, including, but not limited to, height and weight.

(H) Sexual information, including, but not limited to, sexual orientation, sex, gender status, gender identity, and gender expression.

(I) Race or ethnicity.

(J) Religious affiliation or activity.

(K) Political affiliation or activity.

(L) Professional or employment-related information.

(M) Educational information.

(N) Medical information, including, but not limited to, medical conditions or drugs, therapies, mental health, or medical products or equipment used.

(O) Financial information, including, but not limited to, credit, debit, or account numbers, account balances, payment history, or information related to assets, liabilities, or general creditworthiness.

(P) Commercial information, including, but not limited to, records of property, products or services provided, obtained, or considered, or other purchasing or consuming histories or tendencies.

(Q) Location information.

(R) Internet or mobile activity information, including, but not limited to, Internet Protocol addresses or information concerning the access or use of any Internet or mobile-based site or service.

(S) Content, including text, photographs, audio or video recordings, or other material generated by or provided by the customer.

(T) Any of the above categories of information as they pertain to the children of the customer.

While it is interesting to follow uses of “Big Data” it will also be interesting to follow “right to know” legislation.

Predicting the Future – Digital Life in 2025

Posted in eCommerce, Social Media

Pew reported it canvassed “2,558 experts and technology builders” who “predict the Internet will become ‘like electricity’ — less visible, yet more deeply embedded in people’s lives for good and ill.” Included in the Report were my comments about education by 2025:

The greatest social change between now and 2025 will be to raise the educational standards for people regardless of their locale. The Internet has already proven to be a great educational tool, and such wonderful bodies information such as Wikipedia allows individuals to share their collective wisdom with other people. Also the increased use of Massive Open Online Courses will allow brilliant educators to share their messages to global audiences.

Pew also reported these 15 Theses about the digital future in 2025:

  1. Information sharing over the Internet will be so effortlessly interwoven into daily life that it will become invisible, flowing like electricity, often through machine intermediaries.
  2. The spread of the Internet will enhance global connectivity that fosters more planetary relationships and less ignorance.
  3. The Internet of Things, artificial intelligence, and big data will make people more aware of their world and their own behavior.
  4. Augmented reality and wearable devices will be implemented to monitor and give quick feedback on daily life, especially tied to personal health.
  5. Political awareness and action will be facilitated and more peaceful changeand public uprisings like the Arab Spring will emerge.
  6. The spread of the ‘Ubernet’ will diminish the meaning of borders, and new ‘nations’ of those with shared interests may emerge and exist beyond the capacity of current nation-states to control.
  7. The Internet will become ‘the Internets’ as access, systems, and principles are renegotiated
  8. An Internet-enabled revolution in education will spread more opportunities, with less money spent on real estate and teachers.
  9. Dangerous divides between haves and have-nots may expand, resulting in resentment and possible violence.
  10. Abuses and abusers will ‘evolve and scale.’ Human nature isn’t changing; there’s laziness, bullying, stalking, stupidity, pornography, dirty tricks, crime, and those who practice them have new capacity to make life miserable for others.
  11. Pressured by these changes, governments and corporations will try to assert power — and at times succeed — as they invoke security and cultural norms.
  12. People will continue — sometimes grudgingly — to make tradeoffs favoring convenience and perceived immediate gains over privacy; and privacy will be something only the upscale will enjoy.
  13. Humans and their current organizations may not respond quickly enough to challenges presented by complex networks.
  14. Most people are not yet noticing the profound changes today’s communications networks are already bringing about; these networks will be even more disruptive in the future.
  15. Foresight and accurate predictions can make a difference; ‘The best way to predict the future is to invent it.’

In 2025 it will be interesting to look back to see how accurate the predictions really were.

Google’s View of the Future of Internet Freedom

Posted in eCommerce

Over the next 10 years “approximately five billion people will become connected to the Internet,” however in countries with the most severe censorship including “places where clicking on an objectionable article can get your entire extended family thrown in prison, or worse” according to a NY Times Editorial written by Google.  The Editorial included these issues:

  • Trust is perhaps the most fundamental issue. 
  • Scalability is another problem. 
  • The final challenge is usability.

Other comments about the scope of Internet freedom were:

And while the technologies of repression are a multibillion-dollar industry, the tools to measure and assess digital repression get only a few million dollars in government and private funding. 

Private and academic centers like the Citizen Lab in Toronto are building detection tools, but we are still in the early days of mapping the reach of digital censorship. 

Of course, detection is just the first step in a counterattack against censorship. The next step is providing tools to undermine sensors, filters and throttles.  

The Editorial authors were Eric E. Schmidt (Google executive chairman) and Jared Cohen (director of Google Ideas) who are the authors of “The New Digital Age: Transforming Nations, Businesses and Our Lives.” 

It will be interesting to watch over the next 10 years about how things actually develop.