In the past week I completed the work for the first MOOC (Massive Open online Course) that I’ve ever taken. The course was Surveillance Law which I completed via Coursera. Let me start by saying that this course was fantastic. The presenter, Jonathan Mayer from Stanford did a great job delivering a series of short lectures that introduced and discussed US surveillance laws from technical and legal perspectives. The readings were great on that Mayer and the course team choose great materials but also advised participants when to read and when to skim. The lectures and materials covered topics and news that happened just weeks and months ago; so the overall course was tremendously relevant and informative.
The discussion forums in a MOOC can be pretty daunting. There were many, many people participating. I read a number of messages and threads that I felt were off topic and became less interested in participating there. I regret that now as I later learned that a number of regional, online (Google hangouts?), and over the phone study groups formed. I would have liked to participate in one of those. The constant “we’re screwed’, ‘the government is watching us’ attitudes expressed and off topic back and forth in some (many) of the discussions had turned me off. I realize now they turned me off too soon.
Among what I thought were the highlights of the course:
– How to Read a Legal Opinion, A Guide for New Law Students by Orin Kerr was a fantastic read. Thank you.
– Liberty and Security in a Changing World, Report and Recommendations of The President’s Review group on Intelligence and Communications Technologies. I had seen and read this document before but i reading it again in contect with the lectures i got so much more out of it.
– Jonathan’s great red t-shirt
– An archive of all of the course lectures appears on Youtube!
I would highly recommend this course to anyone interested in criminal justice or surveillance law. I’d also highly recommend Jonathan Mayer as a course instructor.
BBC News is reporting today that Google has updated their search engine algorithm to provide a higher rank to websites that use HTTPS. The web news site Gigaom explains further that the algorithm identifies web sites that use HTTPS / TLS and uses it as a ‘light factor’ that impacts less than 1% of global queries.
ars technica has a great article that explains recently published Apple guidelines regarding what customer data the company will provide to law enforcement. Reviewing and understanding Apple’s position is important as the companies consumer devices such as the iPhone, the iPad, and Mac computers running OS/X readily provide users the capability to use both local and cloud storage for data.
The guidelines that are referenced in the ars article were posted by Apple under the heading “Legal Process Guidelines for U.S. Law Enforcement” and were released on May 7th, 2014.
The NY Times reported this afternoon that David Pogue, longtime (13 years) tech columnist for the New York Times is leaving to start a new consumer-oriented tech site for Yahoo!. I’m a fan or all three: the NY Times (great paper and good business oriented tech coverage) , Yahoo! (been a subscriber there since the week they started offering subscriptions), and Pogue as a talented tech writer. I’ll continue to read the Times daily (yeah Bits Blog!) and use Yahoo! both as an info and services source. I think the biggest challenge will fall to Pogue. He’s usually a great writer and if you have seen his videos you know that he can stand in front of a camera and report on a story. Can he carry an entire site? I guess we will all see?
I don’t know how many people read the IEEE Security and Privacy magazine but this past issue closed with a interesting ‘Last Word’ essay by BT CSO Bruce Schneier titled “IT for Oppression”. It’s avery good read that discusses both the positive and negative use of the technology that many here have used and contributed to in the name of improving security. Schneier makes a great case for his call for more research into how to circumvent these technologies.
While Schneier points out that cyberspace is still waiting the arrival of it’s hero (Gandhi or MLK) he ignores the fact that our system of laws is regularly used to prosecute those who challenge seemingly ‘correct’ uses of security such as the recent Swartz and weev cases .
NYT: Should Companies Tell Us When They Get Hacked?
The New York Times Opinion Pages takes on the question: “Should Companies Tell Us When They Get Hacked?”.
I learned the other day that Posterous is shutting down down. They were acquired by the Twitter folks a while back and the company needs to focus on it’s core products. Too bad. Posterous is a great blog service. I migrated my blog to WordPress. It was completely painless and took just a few minutes. WordPress is a great service and product that I have used before. I look forward to many moons (and posts) as a happy WordPress blogger.
“NSA and the Department of Homeland Security (DHS) jointly sponsor the
National Centers of Academic Excellence in IA Education (CAE/IAE) and
CAE-Research (CAE-R) programs. The goal of these programs is to reduce
vulnerability in our national information infrastructure by promoting
higher education and research in IA and producing a growing number of
professionals with IA expertise in various disciplines. Designation as
a CAE/IAE or CAE-R is valid for five academic years, after which the
school must successfully reapply in order to retain its CAE
Students attending these designated schools are eligible to apply for
scholarships and grants through the Department of Defense Information
Assurance Scholarship Program and the Federal Cyber Service
Scholarship for Service Program. Designation as a Center does not
carry a commitment for funding from NSA or DHS.
CAE/IAEs and CAE-Rs receive formal recognition from the U.S.
Government as well as opportunities for prestige and publicity for
their role in securing our Nation’s information systems.”
What if everyone let his (or her) CISSP lapse?
Dave Piscitello is a 37 year networking and Internet veteran who now
focuses on Internet Security who wrote an interesting essay about his
views of the CISSP certification. Good read. Not a rant. He makes
fine points but he really doesn’t completely describe how he would
address these issues.