Monthly Archives: January 2009

Unintended Consequences of COPPA

Parry Aftab notes that when COPPA first became effective, a lot of children’s websites simply went away — assumingly because the owners could not manage or understand the COPPA requirements. And, for those that remain:

While the sites want to do the right thing, they are often adopting “do it yourself” methods that violate the law or put kids at risk unintentionally. Best practice standards for the kids Internet industry are new and require professional guidance.

How do you measure the cost of compliance?  Should those costs be transparent when policies are created?

Leave a comment

Filed under cybersecurity

Intelligence ln Sentiment

How much easier would it be to manage risk in an organization if you were able to divine the mood of the staff?  Robert Scoble has this interesting comment from his talk with

**Facebook is, he told me, studying “sentiment” behavior. It hasn’t yet used that research in its public service yet, but is looking to figure out if people are having a good day or bad day. He said that already his teams are able to sense when nasty news, like stock prices are headed down, is underway. He also told me that the sentiment engine notices a lot of “going out” kinds of messages on Friday afternoon and then notices a lot of “hungover” messages on Saturday morning. He’s not sure where that research will lead. We talked about how sentiment analysis might lead to a new kind of news display in Facebook. Knowing whether a story is positive or negative would let Facebook pick a good selection of both kinds of news, or maybe even let you choose whether you want to see only “happy” news

Leave a comment

Filed under cybersecurity

Science and democracy have always been twins.

A simple statement with a magnitude of implications.  From an essay in today’s NYT by Dennis Overby:

It is no coincidence that these are the same qualities that make for democracy and that they arose as a collective behavior about the same time that parliamentary democracies were appearing. If there is anything democracy requires and thrives on, it is the willingness to embrace debate and respect one another and the freedom to shun received wisdom. Science and democracy have always been twins.

Then, in the Post, an article concerning Wayne Clough’s vision to make the holdings of the Smithsonian available to all using the internet.  The curators of the Smithsonian are having some difficulty understanding what their role will be if everything is available for anyone to see.  The gatekeepers ask, “Who will guarantee the quality of knowledge?”  To which, Chris Anderson, editor in chief of Wired, replies:

“Is it our job to be smart and be the best? Or is it our job to share knowledge?” Anderson asked.

Sharing knowledge, sharing information — that’s what makes democracy work.  And, sharing information makes markets more efficient.  I think the philosophers and economists can agree on that point.

1 Comment

Filed under Government, Information, Market Failure, public values

Cyber Policy – Safety and the Internet – An update

Parry Aftab, blogging on the McAfee Security Insights Blog, gives a quick history on the Internet Safety Task Force that was, well, taken to task because of its corporate funding partners (See Jan 25 post).  She says further research is in the future:

The ISTTF is the first task force of its kind in the United States. And, although it may not have provided major new findings, it did get things jump-started. The National Telecommunications and Information Administration’s (NTIA) working group will be announced very shortly and hopefully one under the guidance of the Federal Trade Commission (FTC) will be compiled. The Attorneys General are seeking more concrete recommendations and an action plan. And the members of the ISTTF are looking for the opportunity to provide those concrete recommendations.

A journey, not a destination…we need to remember that.

Leave a comment

Filed under cybersecurity, public values

Cybersecurity – Patriotism doesn’t always defend

Securityfix presents interesting analysis concerning conficker — seems the creators don’t mind soiling their native lands.

According to an analysis by Microsoft engineers, the original version of the Downadup (a.k.a. “Conficker”) worm will quit the installation process if the malware detects the host system is configured with a Ukrainian keyboard layout. However, the latest variant has no such restriction. Stats collected by Finnish computer security firm F-Secure show that Russia and Ukraine had the second and fifth-largest number of victims from the worm, 139,934 and 63,939, respectively, as of Tuesday, Jan. 20.

Leave a comment

Filed under cybersecurity

Stem Cell’s – Business Proposition to be proven

California’s $3 billion effort has just begun (2007) — and this article from the San Jose Mercury News points out that profits are long term, not short term, because:

  1. Ethical/moral arguments surrounding stem cell research
  2. So little is known, basic research is the first recipient of funds
  3. Risky process of developing product keeps investors at bay
  4. Two companies, Geron and Advanced Cell, hold many of the patents for human embryonic stem cell research and associated technologies.

However, there are eternal optimists:

“You’ll see more companies forming around embryonic work,” said Gregory Bonfiglio, managing partner of Palo Alto-based Proteus Venture Partners, which plans to invest in such firms. “This technology will fundamentally change health care.”

Leave a comment

Filed under stem cell

The word is “Data”

Stephen Baker of Newsweek, starts this week’s essay with the following line:

About three minutes into his speech on Jan. 20, President Barack Obama spoke a word never before uttered in a Presidential inauguration speech: “data.”.

The Obama campaign managed data like no other campaign before.  One would expect, and hope, that data, and the interpretation thereof, will have a prominent place in policy debates.

Which brings me to my point –  data is essential to building an information stream.  Without data, you have no information from which to make valid choices.  No data – no information — and you have either market failure, public failure or both.

How many bills do you think become law – federal, state and local, without data.  How many bills become law without sufficient data?  And how many bills become law without necessary data?

—-

Chasing the link to The Numerati (Baker’s book), led me to ThinkingAnalytically – where I found a mindmap of the book.  Remember to check out mindmeister for more info.

Leave a comment

Filed under Policy, public failure

New NIST Standards to protect PII

As you read the Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) (Draft, it looks more like the same ole’ policy : categorize, classify, protect the most important and pray for the rest!

PII should be graded by “PII confidentiality impact level,” the degree of potential harm that could result from the PII if it is inappropriately revealed. For example, an organization might require appropriate training for all individuals who are granted access to PII, with special emphasis on moderate- and high-impact PII, and might restrict access to high-impact PII from mobile devices, such as laptops and cellphones, which are generally at greater risk of compromise than non-portable devices, such as desktop computers at the organization’s headquarters.

Would be interesting to know how much these standards will cost to implement.

From NIST announcement

1 Comment

Filed under cybersecurity

Cyber Policy – Safety and the Internet

Post reports Berkman study challenging assertions that the internet makes children more likely to be abused than real life circumstances:

“The risks minors face online are complex and multifaceted and are in most cases not significantly different than those they face offline.”

There are opposing views from law enforcement and other advocacy groups:

Jeffrey Chester, executive director of the Center for Digital Democracy, a District-based consumer advocacy group, has been critical of the report because its expenses were underwritten by interested parties such as MySpace, Google and Microsoft. “Surprise, surprise,” he said. “They pay for a study, and it says there’s no problem. It was kind of a brilliant PR move.”

However, note that Chester doesn’t provide data to oppose the report, he attackes the source of funding for the report.  The lack of data is actually a concern, for both sides of the argument do not have enough data from which legislators and policy makers can make competent choices:

One online safety advocate, named as a member of the report’s task force, said she is embarrassed by the report because it highlights the fact that there isn’t enough good data on the subject and it doesn’t give lawmakers a clear to-do list. Parents’ concerns about Internet predators are sometimes overblown, said Parry Aftab of WiredSafety.org, but it’s nearly impossible to tell how overblown they are; when quizzed about online activity, kids don’t usually tell the truth if their parents are around, she said.

Market failure occurs, among other reasons, for lack of sufficent information for the market to behave efficient and effectively.  Public failure occurs for the same reason.

2 Comments

Filed under Market Failure, Policy, public failure

A digital Pearl Harbor?

Conficker — the most recent pandemic in cyber space — is said to be connecting machines, at home, office and campuse, into botnets controlled by masters spread throught cyber space.  One consultant describes the potential of conficker as:

“If you’re looking for a digital Pearl Harbor, we now have the Japanese ships steaming toward us on the horizon,” said Rick Wesson, chief executive of Support Intelligence, a computer security consulting firm based in San Francisco.

More later…

Leave a comment

Filed under cybersecurity