Sunday, December 09, 2012

Microsoft HelpBridge for Android

Good folks at Microsoft have released a new Android app that lets you broadcast your condition in case of a disaster or an emergency. It will send SMS, and post to your Social Media contacts. You can define which one of your contacts will be notified.



A good addition to your disaster preparedness kit:
Microsoft HelpBridge

Saturday, January 23, 2010

mind earns by disputing, heart by agreeing

Saturday, November 07, 2009

Liar’s Paradox

 

The following is NOT a Liar’s Paradox

stmt1: Following statement is false;
stmt2: Preceding statement is false;

Explanation:

It has the following possible solutions:

stmt1 stmt2
T F
F T

Take row 1: Stmt 2 is true, Stmt 1 is false. What Paradox?
Take row 2: Stmt 2 is false, Stmt 1 is true. What Paradox?

The following IS a Liar’s Paradox

stmt3: Following statement is true;
stmt4: Preceding statement is false;

Explanation:

Take row 1: stmt3 is true, therefore stmt4 is true, therefore stmt3 is false.
Now row 2: stmt3 is false, therefore stmt4 is false, therefore stmt3 is true.

Completely un-decidable.

Law like Love

Like love we don't know where or why
Like love we can't compel or fly
Like love we often weep
Like love we seldom keep.

- W. H. Auden

Don’t forget to delete your adobe flashplayer cache/cookies

Recently I used a friend’s computer to login into kuler.adobe.com. I was hoping that clearing firefox cache/cookies would log me out and clear my credentials for the site. But that was not the case. This is because the the kuler flash object stores the user’s credentials as a flashplayer cookie. You have to explicitly log out of the site OR delete the flashplayer cookies.

The moral of the story is to always delete the flashplayer cache/cookies after accessing a flash enabled site on a public computer. 

To get rid flashplayer cache/cookies, you need to delete the contents of the following folders:

C:\Documents and Settings\{username}\Application Data\Macromedia\Flash Player\#SharedObjects
C:\Documents and Settings\{username}\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys

Alternatively, you can visit Adobe Flash Player Settings Manager to delete the cookies.

i.e., to wit, e.g., in lieu

A letter to a lawyer as dictated by Groucho Marx:
Now then. In re yours of the 5th inst., yours to hand and in reply, brackets, that we have gone over the ground carefully and we seem to believe, i.e., to wit, e.g., in lieu, that, despite all our precautionary measures which have been involved, we seem to believe that it is hardly necessary for us to proceed unless we receive an ipso facto that is not negligible at this moment, quotes, unquotes and quotes. Hoping this finds you, I beg to remain...as of June 9, cordially yours. Regards.
Note: This is the first known use of quotes, unquotes.......
Another letter to a lawyer as dictated by Groucho Marx:
In re yours of the 5th inst, yours to hand and in reply, I wish to state that the judiciary expenditures of this year, i.e., has not exceeded the fiscal year—brackets—this procedure is problematic and with nullifcation will give us a subsidiary indictment and priority. Quotes unquotes and quotes. Hoping this finds you, I beg to remain as of June 9th, Cordially, Respectfully, Regards.1
Source(s):
  1. Armstrong, S. V., & Terrell, T. P. (2003). Thinking Like a Writer: A Lawyer's Guide to Writing and Editing (2nd edition.). Practising Law Institute.

Friday, November 06, 2009

Origins of the phrase "Gentlemen: Yours to hand, and, In reply......."

In this context Yours means your letter, i.e., the letter you sent.

to hand means: within reach, accessible, at hand.
at hand means: within easy reach; near; close by

So the meaning would be:

  • "I have received your letter and in reply to it..." ; or
  • "I have your letter right here beside me (to hand, at hand), and in reply. . ."; or
  • "I have your letter in hand, and I'm replying."

Credits:
Thanks to Peter Duncanson, Pat Durkin, and Wayne Schiess for providing the explanation of this formal phrase.

Note:
If you have information about the origins of the phrase, please share them as comments. Thanks.

Privacy as Contextual Integrity

Couple of days ago Dr. Helen Nissenbaum of NYU gave an extremely interesting, engaging and stimulating lecture entitled "Privacy in Context" at UC Berkeley.

The audio recording of the lecture is available @
http://groups.sims.berkeley.edu/podcast/audio/Helen_Nissenbaum_UCiSchool_02Apr2008.mp3

Following are some of the notes I took from the lecture. Please feel free to add to these if I missed something.

Socio-technical systems: It is not just the technology that causes privacy issues. It is the technology embedded in the social system. e.g. RFID implanted into humans or RFID enabled passports.

Three classifications of socio-technical system:

  1. Tracking and monitoring systems e.g. Web browser cookies.
  2. Systems that aggregate and analyze - Choicepoint, Amazon's personalized recommendation system.
  3. Systems that broadcast, disperse, distribute, propagate, publicize and disseminate information. - e.g. making court records, which are public, available online. In this case the web is technical system that disseminate the court records.

Controversial vs non-controversial socio-technical systems. Medical devices in use at hospitals are non-controversial and maybe beneficial. However, using information electronic toll collection on freeways to track someone's movement is controversial.

Traditional approaches to privacy:

  1. Private / Public duality (dichotomy). This is an oversimplified approach. It may be argued that what is public maybe disseminated by any medium. e.g. Google's street view, license plate recognition is not a privacy breach as both streets and license plates are public in nature. Private / Public dichotomy maybe good in political philosophy, but it is problematic in privacy realm.
  2. The measure of respect for privacy is the control of information by the subject. i.e. the subject has control over what gets revealed and what does not.
  3. Lobbying for what is constitutes as a privacy breach and what doesn't. Especially problematic if the privacy is considered a preference rather then a moral right.
  4. Privacy vs. other values (e.g. security).

These approaches are limited and do not work.

Dr. Nissenbaum's proposed approach: Contextual Integrity. Based on privacy as a human/moral right.

Contextual Integrity is a measure of how closely the flow of personal information conforms to context relative information norms. Contextual integrity is breached when these norms are violated and is respected when these norms are enforced.

Context relative information flow norms: In a context the flow of information (particular attribute) about a subject from a sender to a recipient is governed by a particular transmission principle. Context (circumstance), attributes (information about the subject), actors (subject (information owner), sender and receiver) and transmission principles are the key parameters. All these parameters must be taken into account when performing a analysis of the information flow. Google street map argument fails because it only takes one principle i.e. attributes (streets are public) into account and ignores the other key principle i.e. the context (distributing it over the web and making it widely available).

Fiduciary transmission principle: You trust someone with private information about yourself under the assumption that your private information will be used to benefit you and not harm you.

Privacy is not secrecy but rather appropriate flow of information.

 

Appendix

What is privacy?

  • "Privacy is the right to control information about and access to oneself." Regan, P. M. (1995). Legislating Privacy: Technology, Social Values, and Public Policy. University of North Carolina Press.
  • "Privacy is not simply an absence of information about us in the minds of others; rather it is the control we have over information about ourselves." Fried, C. (1984). Privacy (a moral analysis). In F. D. Schoeman, Philosophical Dimensions of Privacy (pp. 203-222). Cambridge University Press
  • "Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. .....privacy is the voluntary and temporary withdrawal of a person from the general society through physical or psychological means, either in a state of solitude or small-group intimacy or, when among larger groups, in a condition of anonymity or reserve." Alan F. Westin, Privacy and Freedom (New York, NY: Atheneum, 1967).
  • “A loss of privacy occurs as others obtain information about an individual, pay attention to him, or gain access to him. These three elements of secrecy, anonymity, and solitude are distinct and independent, but interrelated, and the complex concept of privacy is richer than any definition centered around only one of them.” – Gavison, R. (1984). Privacy and the Limits of Law. In F. D. Schoeman, Philosophical Dimensions of Privacy (pp. 346-404). Cambridge University Press.
  • "Privacy is a limitation of others’ access to an individual through information, attention, or physical proximity." Ruth Gavison
  • Common Law Right to Privacy (as defined by Samuel Warren and Louis Brandeis, 1890): An individual’s right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others. 

Saturday, April 26, 2008

Notes from RSA 2008 San Francisco

This year I attended the Law and Liability sessions at RSA. Sessions with U.S. Magistrate Judge John Facciola, Howard W. Cox (Assistant Deputy Chief, US Dept. of Justice), Steven Teppler (Attorney, Florida), and Randy V. Sabett (Attorney, Washington, D.C) were extremely interesting.

Here are some of my notes from various session. (Note: Special thanks to Steven Teppler for reviewing the accuracy of my notes, and making necessary updates).

e-discovery: discovery in civil litigation which deals with information in electronic form
  1. An unprepared organization can be crippled with an e-discovery request. Advance planning early in the ILM can reduce or minimize e-Discovery pain.
  2. Preserve all data (email, databases etc) that may be relevant, or which may lead to relevant evidence once you get a notice of e-discovery OR legal hold OR are aware of a pending litigation. Asking your lawyer for advice before taking any action is a good idea.
  3. Don't wait to stop all automated relevant document deletion after an e-discovery notice has been received. Your duty to stop routine and systematic document destruction is triggered by the filing of a lawsuit (way in advance of discovery) and might under certain circumstances be triggered even in advance of a lawsuit.
  4. Destroying evidence by mistake is like "killing your parents and then throwing yourself on the mercy of the court because you're an orphan" (Magistrate Facciola)
  5. A digital record is no longer just a digital record, it is a potential evidence in a lawsuit.
  6. Many companies tend to settle out of the court in fear of burdensome costs of litigation, now including e-discovery. However, Settlement is NOT Justice (Magistrate Facciola).

Knowing Disregard (i.e. purposely not learning (ignoring) about an unlawful activity) => is same as knowing and not disclosing.

Overloading your organization with regulations and policies (PCI, SOX etc) results in loss of intelligence and creativity. Complying to the policies like PCI is important but do not make them the linchpin of the security of your organization. Be creative in securing your infrastructure. Complying to PCI, for example, may avert a lawsuit against you but it will not protect your reputation is case of a security breach. Sometimes these enforcement of these regulations create a false sense of security. False Confidence = Complacency.

beyond reasonable doubt ≠ mathematical certainty

Fact is a psychological construct

Habeas Data: right to own data. You own the information about yourself (Personally Identifiable Information (PII))

Safe Harbor Act also known as the European Union Data Protection Directive
  1. The act prohibits the transfer of personal data to non-European Union nations that do not meet the European "adequacy" standard for privacy protection.
  2. US based companies should try to obtain Safe Harbor Certifications
  3. Slightly higher standard than California Privacy Laws. Somewhere between EU and US
  4. Requires you to do the work up-front. 6 months - 1 year of work required. Annual re-certification required
  5. Attaining Safe Harbor certification elevates reputation of the company

Other topics discussed:
PCI DSS
e-gold
18 USC Section 1960
Software Independent Voting systems. i.e. machine that implement measures that are independent of the software e.g. paper-trail.