On Q Professional Investigations

More Facebook/Instagram follies raise uneasy questions why a policy change morphed into such a mess

Maybe Mark Zuckerberg is busy out hunting for his own food. The company’s No. 2, Sheryl Sandberg, might be tied up putting the finishing touches on her soon-to-be-published memoir. And so we’re left with poor — not financially poor, obviously — Kevin Systrom to explain one of the most bizarre weeks in Facebook’s young history.

On Monday, Instagram, which is owned by Facebook, announced changes to its terms of service that opened the way for the company to use people’s photos in advertisements without needing permission. That triggered the predictable storm of controversy, with privacy advocates screaming bloody murder and outraged users bolting the service entirely.

By Wednesday, Facebook-Instagram apologized for the confusing language, essentially blaming the mess on inexact grammar and sought to qualm fears that filthy lucre would trump the concerns of users. But in blog post, Instagram head Kevin Systrom promised “updated language” but still hinted that something was in the offing that would result in “meaningful ways to help you discover new and interesting accounts and content while building a self-sustaining business at the same time.” Whatever that meant.

So it was that late Thursday, Systrom, who must have whiplash by now, put out yet another missive announcing that Instagram was returning to the original terms of service which accompanied the launch of the service in October 2010. Why? Here’s Systrom:

Earlier this week, we introduced a set of updates to our privacy policy and terms of service to help our users better understand our service. In the days since, it became clear that we failed to fulfill what I consider one of our most important responsibilities – to communicate our intentions clearly. I am sorry for that, and I am focused on making it right.

The concerns we heard about from you the most focused on advertising, and what our changes might mean for you and your photos. There was confusion and real concern about what our possible advertising products could look like and how they would work.

Because of the feedback we have heard from you, we are reverting this advertising section to the original version that has been in effect since we launched the service in October 2010.

Paging General Custer: Debacles anyone? Even if Zuckerberg and Sandberg weren’t involved in what should have been a routine policy decision that normally winds up routed to a company’s middle managers, they are now. The Mickey Mouse way this issue has been handled raises new questions about managerial judgment. It’s reached the point where the embarrassment requires a full rethink and so it’s back to the future with the original TOS until they can figure out how to do this in a way that doesn’t trigger a thermonuclear reaction among users.

Going forward, rather than obtain permission from you to introduce possible advertising products we have not yet developed, we are going to take the time to complete our plans, and then come back to our users and explain how we would like for our advertising business to work.

That’s touching but somebody’s head is on the block — or it ought to be. This is basic blocking and tackling. The privacy crowd can look back upon the events of the last week and say they struck a blow for user rights and the effectiveness of mobilizing user outrage but Facebook/Instagram can’t allow a repeat performance. Especially not as a publicly-traded corporation.

You also had deep concerns about whether under our new terms, Instagram had any plans to sell your content. I want to be really clear: Instagram has no intention of selling your photos, and we never did. We don’t own your photos – you do.

Finally, there was also confusion about how widely shared and distributed your photos are through our service. The distribution of your content and photos is governed by our privacy policy, and always has been. We have made a small change to our terms to make that as clear as possible.

Next time some minor Einstein decides to muck around with terms of service, this decision needs to get fully vetted and checked better for the possible implications. This is user data — photos, in this case — that we’re talking about and big companies like Facebook have no interest in inflaming the passions of the folks who made them successful. If the wording is not crystal clear, then don’t hit the “publish” button before the terms are understandable to a 10-year-old.

This isn’t rocket science and so it’s amazing that the supposedly smart set running Facebook/Instagram are finding it so hard to get this right.

View Source

Some major websites will go dark for one minute Friday at 9:30 a.m. ET as part of a national moment of silence for the victims of last week’s shooting at Sandy Hook Elementary School in Newtown, Connecticut.

It’s unclear how widespread participation will be online, but more than 100,000 people and sites have pledged to participate on the Causes.com page for the Web Goes Silent campaign. People and companies are also spreading the word by tweeting their intention to go quiet with the hashtag #momentforSandyHook.

High-profile Silicon Valley venture capitalist Ron Conway is working hard to promote the online moment of silence, which is part of a larger campaign for federal gun control legislation. Conway is leading the Causes.com campaign along with other big names including Ryan Seacrest, Jack Dorsey, Britney Spears, MC Hammer, Suze Orman and Tyler Florence.

Causes.com is a startup that uses social media to raise awareness and funds for charities and causes. Conway is also an investor in the for-profit company.

Any site that wants to participate in Friday’s moment of silence can do so on its own, or it can embed an official badge with a green ribbon on its site. At webmomentofsilence.org, companies can sign up to receive a bit of JavaScript that will make the process easier. Sites using the code will appear grayed out in the background with a white box in the foreground that reads “We are observing a National Moment of Silence for the victims of the Sandy Hook tragedy.”

Conway joined other tech notables and some celebrities to demand action for stronger gun control in a full-page ad in the Wednesday print edition of the New York Times. The ad was run by Mayors Against Illegal Guns, a lobbying group of more than 700 U.S. mayors. It started the Demand A Plan campaign to reform gun laws after the Aurora, Colorado, shootings in July, and it has seen a surge in new support after the Sandy Hook shootings.

This is not the first time major sites have banded together to go dark for a cause. This year, major tech names staged an immense and successful online protest against the Stop Online Privacy Act.

View Source

Ten people have been arrested as part of an investigation into international cybercrime rings that steal millions of computer users’ credit card, bank account and other personal information, the FBI said.

Individuals from Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, Britain and the U.S. were arrested in an operation carried out with the assistance of the Facebook social network and numerous international law enforcement agencies, the FBI said.

The FBI said the operation identified international cybercrime rings that are linked to multiple variants of the Yahos malware, which is linked to more than 11 million compromised computer systems and over $850 million in losses through the so-called Butterfly botnet.

Botnets, short for robot network, are made up of compromised computer systems and can be used by cybercriminals to execute denial of service attacks, send spam emails and conduct underground organized criminal activity, to include malware distribution, the FBI said.

Facebook’s security team assisted law enforcement by helping to identify the root cause, the perpetrators and those affected by the malware. Yahos targeted Facebook users from 2010 to October 2012, and security systems were able to detect affected accounts and provide tools to remove these threats, the FBI said in a news release Tuesday.

The FBI recommended that computer users update their applications and operating system on a regular basis to reduce the risk of compromise and perform regular anti-virus scanning of their computer system. The agency said it also is helpful to disconnect personal computers from the Internet when the machines are not in use.

Computer users who believe they have been victimized can file a complaint with the FBI’s Internet Crime Complaint Center at www.ic3.gov.

View Source

A cacophony of calls to change gun laws has emerged after last week’s tragedy in Connecticut, and the National Rifle Association has kept quiet.

But no one expects silence from the NRA once President Obama or members of Congress make any move to change the laws.

For years, the well-known gun rights advocate and lobbying group has laid the ground work to ward off any move to change national gun policy, spending millions of dollars to kill laws that would make it tougher to buy or wield guns.

Enlisting celebrities such as Chuck Norris and the late Charlton Heston as spokesmen, the NRA is considered royalty in Washington, and is known to easily mobilize its 4 million members.

“The whole fire arms community is very powerful, because gun owners see their relationship to this democracy through the eyes of the gun issue,” said Richard Feldman, a former NRA lobbyist and president of a gun rights group called the Independent Firearm Owners Association.

The NRA did not respond to requests for comment and hasn’t issued a press statement since the massacre of 20 school children and six adults at an elementary school in Newtown, Connecticut.

This year, the NRA spent $17 million on federal elections. It’s a considerable amount when compared to the size of the industry. Annual gun sales in the U.S. total about $3.5 billion, according to estimates from Wedbush Securities analyst Rommel Dionisio.

Compared to that, Goldman Sachs (GS, Fortune 500)’ corporate political action committee and employees spent a total of $7.5 million on candidates running in the November election. The investment bank raked in $29 billion last year.

“But Goldman Sachs doesn’t have 4 million members who are very passionate, vocal and well-distributed from coast to coast,” said Sheila Krumholz, executive director for the Center for Responsive Politics, a group that tracks political spending. “Certainly money is part of that, but the NRA is one of the most powerful lobbies in Washington, because they can draw on such a huge base.”

The NRA didn’t fare so well in the latest election — only a handful of the candidates it supported won, according to the Center. But experts say the NRA is in strong shape to defend against any move to limit assault rifles like the one used in Friday’s school shooting.

The NRA has flexed its muscles well in the past. It managed to push through new laws relaxing gun bans in national parks and Amtrak trains in 2009, a year when Democrats pledging stronger gun control laws controlled both Congress and the White House.

So far this year, the NRA and other groups that lobby Congress and the White House on gun rights have spent close to $4 million, according to the Center for Responsive Politics.

And while President Obama has renewed his commitment to reinstating a federal ban on assault weapons, he has shied away from taking on the gun lobby.

Read More

There’s more bad news on the Fourth Amendment front as the appeals court reviewing a lawsuit filed against the US government for illegally spying on American citizens has declined to rehear the Al-Haramain case.

A federal appeals court is refusing to reconsider its August ruling in which it said the federal government may spy on Americans’ communications without warrants and without fear of being sued.

The original decision by a three-judge panel of the 9th U.S. Circuit Court of Appeals this summer reversed the first and only case that successfully challenged President George W. Bush’s once-secret Terrorist Surveillance Program.

Without comment, the San Francisco-based appeals court announced Wednesday that it would not rehear (.pdf) the case again with a larger panel of 11 judges, effectively setting the stage for a Supreme Court showdown. The appeals court Wednesday also made some minor amendments (.pdf) to its August ruling, but the thrust of it was the same as before.

Not only does this mean the plaintiffs will have to take the case to the Supreme Court (if it will hear the case), but it also means the damages awarded ($20,000 each for the two plaintiffs and $2.5 million in legal fees) have been reversed.

This also means the Bush’s Terrorist Surveillance Plan will continue unchecked as citizens will be unable to bring suits against the government for warrantless spying. The decision rests on a couple of dubious items: a “missing” sovereign immunity waiver and a document mistakenly sent to the plaintiffs that was later designated a “state secret.”

The San Francisco-based appeals court had ruled that when Congress wrote the law regulating eavesdropping on Americans and spies, it never waived sovereign immunity in the section prohibiting targeting Americans without warrants. That means Congress did not allow for aggrieved Americans to sue the government, even if their constitutional rights were violated by the United States breaching its own wiretapping laws…

A lower court judge found in 2010 that two American lawyers’ telephone conversations with their clients in Saudi Arabia were siphoned to the National Security Agency without warrants. The allegations were initially based on a classified document the government accidentally mailed to the former al-Haramain Islamic Foundation lawyers Wendell Belew and Asim Ghafoor.

The document was later declared a state secret, removed from the long-running lawsuit and has never been made public.

Concern about the government’s ability to designate nearly anything as a “state secret” in order to prevent the release or use of possibly damning evidence has already been discussed by the Supreme Court during oral arguments in the Clapper v. Amnesty International case. In this case, the belated “state secret” designation effectively limited the plaintiffs to citing circumstantial evidence, which is far less effective than producing an actual document showing that the NSA was doing exactly what the plaintiffs claimed it was.

Between the “sovereign immunity” that is unlikely to ever be waived and the ability to designate damning evidence post-facto as “state secrets,” the NSA has set itself up with the ability to run a constitutionally dubious, but legally sound, domestic spying program. The system of checks and balances our nation was formed on now more closely resembles a series of erected walls protecting government agencies from being held accountable for their actions.

View Source

Citizens in danger across the country will be able to text distress calls to 911 by May 2014, following an agreement with the nation’s four largest wireless carriers, the Federal Communications Commission has announced.

Major deployments of the text-to-911 service should be available through AT&T, Verizon, Sprint and T-Mobile during 2013, FCC Chairman Julius Genachowski said Thursday in a statement.

The carriers have also agreed to offer an automated “bounce back” message by June 2013 alerting people who text 911 if their message wasn’t received, Genachowski said. Those people will be instructed to call 911 instead, he said.

The growing prevalence of texting has led many people to presume they can text emergency requests to 911, but only a fraction of local emergency officials are prepared to accept texts now. Surveys have found more than half of Americans also presume help will arrive if they post a request to an emergency management agencies’ Facebook page.

“Access to 911 must catch up with how consumers communicate in the 21st century — and today, we are one step closer towards that vital goal,” Genachowski said.

The texting service will also benefit people with hearing and speech disabilities who are unable to communicate with 911 operators by phone, he said.

View Source

It’s one of the best-kept secrets in the federal government.

Information about polygraph screening is so guarded by the agencies that use it that job applicants who are tested are urged not to tell anyone. The news media are denied basic information, such as how many government employees are screened, because it’s “sensitive” and could jeopardize national security.

Researchers are told they can’t get studies about how it works. Even the National Academies, the organization set up to advise the federal government on scientific matters, faced stiff resistance when it reviewed polygraph testing. As a result, the academies compared the polygraph profession to the “priesthood keeping its secrets in order to keep its power.”

“It’s a siege mentality,” acknowledged Gordon Barland, a retired federal polygraph researcher who supports polygraph screening but also pushed for greater transparency on some of the data.

Many of the 15 agencies that rely on polygraph testing for job applicants and employees say they’re protecting screening methods from spies or terrorists who might figure out how to infiltrate the government. An unknown number of government polygraph studies remain classified because of this fear. But critics and even some supporters say the federal government should be more open about its programs given the growing use of polygraph screening and the continued scientific controversy over it.

Barland, one of the most prolific government polygraph researchers, asked government officials to publish several classified studies on polygraph screening that he participated in. They declined.

Other government researchers who’ve pushed for publishing such studies also have been turned down, Barland said. Some have left the government in frustration. Researchers and academics generally think it’s essential for studies to be published and peer reviewed. Barland said the government would have benefited from publicizing several of the studies because they demonstrated that polygraph screening worked, but he blames labor unions and civil libertarians for making polygraphers gun-shy.

“They don’t want to give critics any more ammunition,” he said.

Job applicants and employees also are denied the recordings of their polygraph screenings and the charts that polygraphers relied on to determine whether they’re lying. If they want any other records about sessions, they have to file open records requests. Nonetheless, documents often are withheld or redacted for national security reasons. The information is so guarded that people who are polygraphed are urged to “maintain confidentiality” and not to tell co-workers, relatives or friends, documents obtained by McClatchy show.

View Source

In song, the gifts of Christmas include partridges, turtle doves and French hens. But scammers seek a different type of bird — pigeons who’ll fall for their holiday-themed hoaxes. To commemorate those lyrical dozen days, here are 12 tips to avoid getting plucked this holiday season.

12 ways to avoid cons and fraud this shopping season.

1. When doing online searches for names of popular gifts — or even words like “toys” and “discount” — never click on links before you carefully read the website’s address.

Beware of unfamiliar vendors or ones whose addresses have missing letters, misspellings or other tweaks of a legitimate company’s name (such as www.tiffanyco.mn instead of the legit www.tiffany.com). Click on these bum addresses and you may be steered to a scammer-run site that unleashes rogue programs known as malware onto your computer. Or you may be taken to a “cybersquatting” site that poses as a legitimate company’s online outpost to sell cheap counterfeit goods and collect credit card numbers.

2. Before ordering, check the site’s “Contact Us” page for a phone number and physical address and a “Terms and Conditions” page for return policies and such. Bogus websites often don’t have those pages at all or have crude imitations (being loaded with grammatical errors is one tip-off).

3. When buying gifts online, don’t provide your credit card or other information unless the page’s address begins with “https://” The “s” is for “secure.”

4. Never trust offers that come after you lose a bid in an online auction. You may be told you can get the same thing offsite. It’s probably a scam.

5. At online marketplaces sites such as Craigslist, deal only with sellers who provide a phone number. Call the number and speak with the person. Don’t rely solely on email correspondence. Assume that any request for wire-transfer payment means a scam.

6. Don’t believe “too-good-to-be-true” prices from sellers who claim to be soldiers needing a quick deal before deployment overseas or cite hard-luck stories. They are common tricks to get advance payment — and you’ll likely get no merchandise.

Read More

Earlier this week, Sophos released the latest edition of its Security Threat Report, summing up the biggest threats seen during 2012, along with five trends that are likely to factor into IT security in the coming year.

Regarding the malware rides we experienced in 2012 and the thrills we can expect in 2013, there will be cross-over, for sure: Blackhole was huge in 2012, and it’s not going away, barring the law nailing the person/s running it, the report notes.

Between October 2011 and March 2012, out of all threats detected by SophosLabs, nearly 30% either came from Blackhole directly or were redirects to Blackhole kits from compromised legitimate sites, as Naked Security’s coverage of Blackhole exploits attests.

This adroit exploit kit rapidly mutates to thwart security efforts against it, while its software-as-a-service business model is, as the report notes, something for business school grads to drool over.

The professionalization of crimeware such as Blackhole marks a major shift as we head into the new year.

Read More

You don’t need to be Mensa qualified to understand the importance of background checks for bringing on board new hires, especially in some industries. The Liars Index, a report compiled by Jude M. Wern & Associates, reported that nearly 21 percent of resumes had false education claims for the period of the first half of 2012. But that doesn’t mean that the need for this type of hiring strategy is widely needed across the board. These are some industries that may or may not be immediately obvious that definitely should have pre-employment background screening for all employees.

The Education Industry

In this day and age, anyone who is dealing with children is a prime candidate for a thorough background check. Most schools today don’t limit this to the people who have direct access and responsibility for the children, but also for every substitute teacher, parent volunteer, custodian, bus driver, and teacher’s aide.

Background checks for people in the education industry aren’t limited to criminal histories alone. Most states require certain certifications in order to teach or work in certain capacities within the schools. Background checks also serve to verify that the person in question is who he or she claims to be and that he or she also has the required certifications and endorsements.

The Financial Services Industry

Whether or not your employees handle money directly, it should go without saying that if you have employees working in a financial setting, it’s vital to obtain screen them with a background check before hiring. Credit unions, banks, accounting firms, mortgage brokerages, investment companies, and tax preparation firms are all examples of types of companies in the financial arena that need this extra screening criteria.

The Gaming Industry

This is an industry that has a reputation of less than savory practices. That’s one reason that current rules and regulations concerning gaming establishments are so stringent. Most gaming industry businesses are governed by some authority of the state.

It’s the state that makes most of the rules about the types of background checks that are required of employees in which positions. Security staff, surveillance staff members, casino bank managers (sometimes referred to as cage managers), and high ranking members of the casino hierarchy, those who have direct access to cash, are required to go through varying degrees of pre-employment background screening. There’s too much money that goes into and out of a casino each and every day to place people with poor money management, criminal histories—especially with crimes involving money, and other background check red flags in positions of responsibility when it comes to money.

The Hospitality Industry

Do you run a bed and breakfast, quaint inn, or small motel? If so, you most likely have housekeepers that are armed with key to gain access to guess rooms — and it would be more than appropriate to conduct a background check on these and other hospitality employees, such as the bellhop.

The Caregivers Industry

This is an industry where background checks tend to be a little wider reaching than some of the others. Caregiver screenings should cover criminal background screenings for abusive behavior in the past, sex offender registration, drug screenings, and financial screenings. Depending on the specific caregiving role you’re hiring for, there may also be the need for additional screening to verify certifications and/or education.

Caregivers not only have access to patients, their possessions (in some cases), and their families; some caregivers also have access to the, sometimes; powerful medications they are required to dispense in their roles are care providers.

While these industries may seem so large, and there are plenty of small businesses within each of them — and it’s often the small businesses that struggle most when it comes to employees who are either innocently dishonest on their employee applications or tell blatant lies in the interview process. Besides conducting employee background checks, another option to consider is purchasing employee dishonesty insurance coverage to help defray any costs to you that occur as a result of hiring this particular candidate.

View Source