Privacy for Business

I published "Privacy for Business: Web sites and email" in 2002. Much of the content about privacy principles in business is still relevant. You can download the book free of charge in electronic form as long as you respect the copyright and license agreement.

By clicking the DOWNLOAD button on this page you agree to abide by the licensing agreement below.
Download Privacy for Business eBook

License for the electronic edition of Privacy for Business: Web Sites & Email

THE ABOVE NAMED WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED.
BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS.
1. Definitions
  1. "Adaptation" means a work based upon the Work, or upon the Work and other pre-existing works, such as a translation, adaptation, derivative work, arrangement of music or other alterations of a literary or artistic work, or phonogram or performance and includes cinematographic adaptations or any other form in which the Work may be recast, transformed, or adapted including in any form recognizably derived from the original, except that a work that constitutes a Collection will not be considered an Adaptation for the purpose of this License. For the avoidance of doubt, where the Work is a musical work, performance or phonogram, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered an Adaptation for the purpose of this License.
  2. "Collection" means a collection of literary or artistic works, such as encyclopedias and anthologies, or performances, phonograms or broadcasts, or other works or subject matter other than works listed in Section 1(f) below, which, by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. A work that constitutes a Collection will not be considered an Adaptation (as defined above) for the purposes of this License.
  3. "Distribute" means to make available to the public the original and copies of the Work through sale or other transfer of ownership.
  4. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License.
  5. "Original Author" means, in the case of a literary or artistic work, the individual, individuals, entity or entities who created the Work or if no individual or entity can be identified, the publisher; and in addition (i) in the case of a performance the actors, singers, musicians, dancers, and other persons who act, sing, deliver, declaim, play in, interpret or otherwise perform literary or artistic works or expressions of folklore; (ii) in the case of a phonogram the producer being the person or legal entity who first fixes the sounds of a performance or other sounds; and, (iii) in the case of broadcasts, the organization that transmits the broadcast.
  6. "Work" means the literary and/or artistic work offered under the terms of this License including without limitation any production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression including digital form, such as a book, pamphlet and other writing; a lecture, address, sermon or other work of the same nature; a dramatic or dramatico-musical work; a choreographic work or entertainment in dumb show; a musical composition with or without words; a cinematographic work to which are assimilated works expressed by a process analogous to cinematography; a work of drawing, painting, architecture, sculpture, engraving or lithography; a photographic work to which are assimilated works expressed by a process analogous to photography; a work of applied art; an illustration, map, plan, sketch or three-dimensional work relative to geography, topography, architecture or science; a performance; a broadcast; a phonogram; a compilation of data to the extent it is protected as a copyrightable work; or a work performed by a variety or circus performer to the extent it is not otherwise considered a literary or artistic work.
  7. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation.
  8. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images.
  9. "Reproduce" means to make copies of the Work by any means including without limitation by sound or visual recordings and the right of fixation and reproducing fixations of the Work, including storage of a protected performance or phonogram in digital form or other electronic medium.
2. Fair Dealing Rights. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws.
3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below:
  1. to Reproduce the Work, to incorporate the Work into one or more Collections, and to Reproduce the Work as incorporated in the Collections; and,
  2. to Distribute and Publicly Perform the Work including as incorporated in Collections.
The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats, but otherwise you have no rights to make Adaptations. Subject to 8(f), all rights not expressly granted by Licensor are hereby reserved, including but not limited to the rights set forth in Section 4(d).
4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions:
  1. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from any Licensor You must, to the extent practicable, remove from the Collection any credit as required by Section 4(c), as requested.
  2. You may not exercise any of the rights granted to You in Section 3 above in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation. The exchange of the Work for other copyrighted works by means of digital file-sharing or otherwise shall not be considered to be intended for or directed toward commercial advantage or private monetary compensation, provided there is no payment of any monetary compensation in connection with the exchange of copyrighted works.
  3. If You Distribute, or Publicly Perform the Work or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or if the Original Author and/or Licensor designate another party or parties (e.g., a sponsor institute, publishing entity, journal) for attribution ("Attribution Parties") in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work. The credit required by this Section 4(c) may be implemented in any reasonable manner; provided, however, that in the case of a Collection, at a minimum such credit will appear, if a credit for all contributing authors of Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties.
  4. For the avoidance of doubt:
    1. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License;
    2. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License if Your exercise of such rights is for a purpose or use which is otherwise than noncommercial as permitted under Section 4(b) and otherwise waives the right to collect royalties through any statutory or compulsory licensing scheme; and,
    3. Voluntary License Schemes. The Licensor reserves the right to collect royalties, whether individually or, in the event that the Licensor is a member of a collecting society that administers voluntary licensing schemes, via that society, from any exercise by You of the rights granted under this License that is for a purpose or use which is otherwise than noncommercial as permitted under Section 4(b).
  5. Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable law, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author's honor or reputation.
5. Representations, Warranties and Disclaimer
UNLESS OTHERWISE MUTUALLY AGREED BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
7. Termination
  1. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License.
  2. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above.
8. Miscellaneous
  1. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License.
  2. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable.
  3. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent.
  4. This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You.
  5. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). These rights and subject matter take effect in the relevant jurisdiction in which the License terms are sought to be enforced according to the corresponding provisions of the implementation of those treaty provisions in the applicable national law. If the standard suite of rights granted under applicable copyright law includes additional rights not granted under this License, such additional rights are deemed to be included in the License; this License is not intended to restrict the license of any rights under applicable law.

How to fix your Google Chrome bookmarks if you can't stand the new "enhanced design"

Has Google messed up your Chrome bookmarks with its "new, improved" bookmark system? Don't panic! You can fix it and go back to the way things were, where your bookmarks are organized the way YOU want.

The obscure but simple fix is described below (this works as of April 27, 2015). If you want to know more about the "Enhanced Bookmark" changes that Google has been forcing onto users, scroll down below these steps or click here.

(Note: I am certainly not the first person to describe this fix. That's because Google has been rolling out the new "enhanced" bookmark to Chrome users over time, for several months. Indeed, you might not have seen the new bookmark interface yet, but now you know what the fuss is about.)

Steps to return your Chrome bookmarks to the normal folder arrangement


1. Go to chrome://flags > by typing chrome://flags in the URL bar and tapping Enter. You should see something like this, with one of the worst warning messages you will ever read in any software ever (don't those self-important "user interface enhancement" nerds at Google realize browsers are no joking matter!):

chrome-flags

2. Find the "enhanced bookmarks" setting by using Find (Control/Command + F) and typing enhanced bookmark as seen here (the auto-fill will find it as you type):

search-enhanced-bookmarks

3. Use the blue drop down box control to Change the setting to Disabled, as seen above.

Note: You should not make changes to any other settings on this page unless you are sure of what the effects will be. That part of the warning is appropriate.

4. Make sure there is no unsaved work in any of the pages you have open in Chrome and then click the Relaunch button at the bottom of the page:

restart-chrome

That should make sure your Chrome bookmarks look the way they always have, so when you look at a bookmark it looks like this:

proper-chrome-bookmark

If you haven't yet seen the new "enhanced" Google Chrome bookmark it looks like this:

google-chrome-enhanced-bookmark

Now you know how to make it go away, I will explain why I think this new system is bad, and why forcing it onto Chrome users was a really dumb move by Google, not to mention arrogant.

What the flip did Google do to my bookmarks in Chrome?


your-choices-chrome-bookmarkApart from gobbling up screen real estate, the new user interface for bookmarks in Chrome severely limits your organizational options. For example, it appears to offer no way to choose the folder for the bookmark other than the choices it suggests.

For example, there is a very specific folder on my system for pages related to something called HIMSS, but that folder does not appear as a choice, and I can't get to it from this box.

Google says I have to put the bookmark in the Bookmarks Bar or the Sysadmin folder (seriously, WTF has Sysadmin got to do with HIMSS).

But Stephen, what about the "VIEW ALL BOOKMARKED ITEMS" option, you ask. Oh no, you don't want to go there, because "there" is where you see just how badly Google has messed up your carefully curated bookmarks, about 15 years' worth of bookmarks in my case, maybe even more for you.

I mean there I was, cheerfully bookmarking pages in Chrome, gathering material for a research project in the third module of my Criminology degree course, saving the pages in: Mobile Bookmarks > MSc > Module 3. Then boom! Some arrogant, "I understand users better than you" expert at Google, says "Stephen, your system sucks, try this!" And here is a glimpse of what you see when you view all bookmarks in the new in-your-face interface:

chrome-bookmark-tiles

Believe me when I tell you that no amount of scrolling down the list on the left takes me to "Mobile Bookmarks > MSc > Module 3". That structure is just not there. And I will add more thoughts about that on this page when I have calmed down. For now, I want to put this "fix" out there. If you want to come back for more, please bookmark this page (he said with no trace of irony at all, honest).

 

Taxes, Lady Godiva, Coventry, privacy, and the first Peeping Tom

Naked Woman on Horseback might sound like a porn video but it's also a timely topic for the month of April, the month when taxes are front of mind for many Americans: personal income taxes for the previous calendar year must be paid on or before the 15th of the month.

For me, the topic of paying taxes conjures up many images, some more pleasant than others. The oldest of these images is indeed a woman on a white horse: the celebrated tax protester, Lady Godiva, for which my home town of Coventry in England is famous.

(Or rather, Coventry should be famous for Lady Godiva, but I suspect that many Americans eat delicious Godiva Chocolate in complete ignorance of the story behind the logo of the naked lady on the horse, for she truly has no historical connection with chocolate - the confection did not even exist when she made her famous ride.)

Lady Godiva was the wife of the Earl of Leofric, ruler of the central region of England, known as Mercia, in the early years of the eleventh century. Leofric was one of the most powerful Earls in the country prior to the Norman invasion of 1066 (Leofric died in 1057). Historical records show that both Leofric and his wife were great benefactors, donating land and money to establish monasteries as well as jewelry for shrines, even gold-fringed vestments for St. Paul's cathedral in London.

The Lady Godiva Clock in Coventry, with Peeping Tom.Unfortunately, the power struggles that beset England in those times consumed resources that included taxes levied on the Earls' subjects. These were not predictable annual levies. Times of conflict would produce successive tolls to fund armies, at least until the posturing or fighting was over. When Lady Godiva implored her husband not to impose more taxes he is said to have declared something to this effect: "The day I stop raising taxes is the day you ride naked through the city." So that is what she did.

If you're looking for a really bad pun you could say something about calling his bluff in the buff, but the good folk of Coventry took this act of courage very seriously. At Lady Godiva's request they all went inside at the appointed hour and shuttered their windows; all except one, whose name was Tom.

As Lady Godiva rode by on her white horse, long blonde hair draped across her body, Tom peeped out. Legend has it that Tom, the original Peeping Tom, was struck blind by God for his voyeurism. On the bright side, Leofric kept his word and "abolished the onerous taxes."

This story is commemorated every day in the center of Coventry where, every hour, on the hour, a clock displays the figure of Lady Godiva riding by, while from above leers the despicable Peeping Tom.

To be honest, the ride of Lady Godiva is more legend than documented historical fact, although the lady herself was very definitely a real person. She outlived her husband and and at the time of her death still maintained a large estate, as recorded in the Domesday Book. By the time I was born, and this was several centuries after Lady Godiva's "allegendary" ride, the city of Coventry had a well-established tradition of re-enacting the event, by which I mean a woman would ride a horse in a large procession through the city. The citizenry did not go inside, instead they came out to watch. The woman was not always naked and nobody was blinded.

The Godiva procession has been revived in recent years and the city of Coventry has done more to tell the world about its most famous lady. Less attention is paid to Peeping Tom, but he has become synonymous with voyeur throughout the English-speaking world, even as the digital revolution has expanded the potential for voyeurism and invasion of privacy. The digital equivalent of blinding those who look where they shouldn't has not yet been invented, but this age is yet young.

p.s. I have no idea why Godiva Chocolate chose Lady Godiva as a logo, but I do give them credit for the Lady Godiva program it started in 2012 "to celebrate inspirational women around the world." The program seeks to support "extraordinary women who embody the spirit of Lady Godiva through their attributes of selflessness, generosity and leadership." Amen to that!

Complacency is the curse of comfort

A writer once wrote: Complacency is the curse of comfort. I think what he means is that a comfortable life can lead us to become complacent about the world's problems, which can then turn up on our doorstep to discomfit us. Actually, I know that is what the writer meant, because I am that writer.

Back in the 1970s, when I was a long-haired student of the arts, my favorite writers, other than Shakespeare, were Montaigne, Bacon, and Blake. I liked Michel de Montaigne because he put so much of himself into his writing and pioneered literary non-fiction centuries long before it was called that. I liked Francis Bacon because he claimed the entire world as his subject matter. And I liked William Blake because he invented self-publishing, held picnics in the nude, and wrote some wicked proverbs, like: "The road of excess leads to the palace of wisdom."

I was fascinated with these proverbs and the way we humans will quote memorable sayings for centuries after the sayer has died. As a student I remember thinking that it would be cool to say something that memorable. I had been scribbling poems since I was eight and by eighteen I was writing everything from free form verse to sonnets (the latter were usually written to girlfriends, as in hand-written and hand delivered, so they have not survived). One day, it occurred to me to write a saying or proverb.

I looked around at my world of white privilege and felt how seductive it was to relax back into the comfortable life that was all around me; and then I saw my parents go out in the evenings, often after a hard day of work, and try to raise money for worthy causes, try to raise awareness of injustices that afflicted others, often on the other side of the world. I realized that there was more to being alive than being comfortable. That's when I came up with: "Complacency is the curse of comfort."

Of course, I then had to figure out how to spread my proverb to the world. I carried on writing poetry but my efforts to get published went nowhere. I thought about being a playwright but that seemed even less likely to get me published than being a poet. I did plot a number of novels and I figured that I would put those wise words into the mouth of one of my characters. (All of this was before self-publishing and digital publishing became a big deal, and although Blake was a brilliant poet and artist but his publishing business was not a big money maker.)

Eventually, my career in computers and security took up all of my writing energy. In a period of seven years I wrote more than twenty big thick computer texts. They accumulated sales of more than one million books, but they were all what you might call non-literary non-fiction.

When blogging came along I saw a chance to "publish" a few things that were more creative, like the story of the little redback spider and the truth about what Willie Sutton said. And now of course, I have published my proverb. One of the many benefits of the Internet is that it simplifies laying claim to words. I have Googled "Complacency is the curse of comfort" numerous times and it does appear that I am the person who said this.

I am also the person who said: "The best weapon with which to protect information is information." True enough, but hardly a universally useful saying. So I need to work on more inspired aphorisms, like Blake's:

  • The most sublime act is to set another before you.

  • The man who never alters his opinion is like standing water, and breeds reptiles of the mind.

  • If the fool would persist in his folly he would become wise.


I live if hope!

Of Spiders and Sin

What follows is the definitive telling of my story about the Australian redback spider and its pedagogical employment in a theological context. This is a tale I have told many times in the company of friends but it has never been recorded for posterity, until now. I have included some notes below the story that might be of interest and will add more later as they occur to me.
.
The phrase ‘liberal Baptist church’ might sound like an oxymoron, but I grew up in Coventry, England, and the theology of some English Baptists is quite liberal. Indeed, I was raised by a congregation of souls so liberal that I became a Sunday school teacher even though I had never been baptized and had not yet – nor have I since – accepted Jesus Christ as my Lord and Savior. Back then, as the sixties were turning into the seventies, Sunday school was more about the geography of poverty, feeding the hungry, and boycotting companies that did business with the white regime in South Africa.

The person who leads the services in an English Baptist church is referred to as the minister, although said person might be addressed as Reverend. From time to time, our regular Reverend went on holiday and Sunday services were conducted by guest ministers, which is how I first encountered the redback spider.

The guest minister that Sunday was from the continent that is the home of said spider, Australia. The deacons who arranged his visit were apparently unaware that some Australian Baptists were much closer in spirit to their evangelical cousins in the southern states of America, and their manner of sermonizing more that of preacher than minister. Such was the case with this unfortunate fellow, as his address to our Sunday school children would reveal, quite painfully as it turned out.

“Good morning children,” this preacher began, “I come from Australia, a place some people call ‘the land down under,’ and in that land we have some amazing creatures.”

His unfamiliar accent, and his dramatic emphasis on the last two words, definitely got the attention of his young audience, which ranged from about four to fourteen. The preacher continued, “One creature, the redback spider, is no bigger than the nail of my little finger, but his bite is deadly.”

To my English ears, this last word, which should have carried a lot of weight, sounded like ‘diddly’ which may explain how this children’s sermon went astray.

He continued, “Although he is so small, just one bite from this little fellah can kill you … dramatic pause … dead.”

Again, the ‘dead’ sounded like ‘did’ to me but the preacher’s delivery left no doubt that death was what this small but fearsome creature delivered. One bite could end your life. I could see some of the younger children sitting up a little straighter, eager for whatever came next.

“Now then children, what does this remind us of?”

The preacher paused for an answer. Scanned the young faces. Nothing.

“Just one bite and you’re dead. What does this remind us of?”

More silence.

“Sin!” he proclaimed, apparently failing to detect in the faces before him the signs of confusion that this word caused.

The preacher took a deep breath and forged ahead, asking a question he assumed would solve the riddle: “How many sins does it take to keep you out of heaven?”

More silence with just a hint of embarrassed shuffling from the adults in the congregation. The preacher was undeterred.

“Come on children,” he continued, as though this was the first thing you learned in Sunday school, “How many sins does it take to keep you out of heaven? Is it two? Five? Ten? A hundred?”

The sequence of numbers was enunciated with what sounded to me like a mild but mounting sense of despair. It was at this point that young Mark Jacobs from my class shot up his hand. No more than seven years old, Mark was a bit of a handful, but very quick on the uptake. I could tell he was sure he had this one figured out.

“Yes!” exclaimed the preacher, extending his palms towards Mark, who loudly delivered his answer, a logical deduction from the clues provided, but also – I like to think – a reflection of the spirit of the church in which he was being raised:

“Infinity!”

My heart went out to the preacher as he stood there and said about all he could say at that point: “No. It’s one. Just one sin can keep you out of heaven. Now let us sing hymn number 127: “All Things Bright and Beautiful."

Notes:

1. The chorus of that hymn, written by Cecil Francis Alexander in 1848, goes like this:

All things bright and beautiful,
All creatures great and small,
All things wise and wonderful:
The Lord God made them all.

I have no idea if Alexander had the redback spider in mind when she penned line two.

2. Very few renditions of this hymn today include the third verse of the original, which goes like this:

The rich man in his castle,
The poor man at his gate,
God made them, high or lowly,
And ordered their estate.

In fact, several members of our congregation refused to sing the hymn at all, owing to the fact that its author held views so opposed to their own.

3. The English Baptists believe in adult baptism, a belief I greatly respect because it holds that nobody should take this step in life unless they make an informed decision to do so. I was never pressured to make this choice, again something I greatly respect. I remain unbaptized, but always welcome at that church.

4. Many years later I encountered redback spiders in Alice Springs, Australia. They were pointed out by the very gifted engineer who worked on my wife's off-road racing vehicle, in a dark corner of his garage. He had recently been bitten by one, causing a very nasty injury, but fortunately he survived.

5. My wife was living in Alice Springs at the time because she was in charge of network security at a place called JDFPG for Joint Defense Facility Pine Gap, which is probably one of the largest computing facilities in the Southern Hemisphere.

6. JDFPG has a rugby team called the Redbacks with an awesome emblem. I know because one of their shirts is a prized possession of mine.

7. Theologically speaking one can argue that both Mark and the preacher were correct. Hard line protestant thinking on sins is that just one is enough to keep you out of heaven -- and thus send you to hell when you die -- unless you accept Jesus Christ as your savior and are baptized, in which case your sins are washed away. Technically, if you committed an infinite number of sins, you could still get into heaven because God's forgiveness is infinite.

 
.

Fighting malware, cybercrime, and hemochromatosis = I've been busy

I enjoy reading a wide range of blogs. Recently, I was shocked to visit one of my own blogs -- this one -- and see that I had not posted anything since February. Surely I had written more than that? In fact, I have been doing a lot of writing, but on other blogs. So I decided to post a roundup of recent writings and presentations, for my own edification, and to show that I have not been slacking. Enjoy!

Living Security


A lot of my writing these days appears on We Live Security, the website that grew out of the Threat Blog at blog.eset.com. Here are some highlights:

Being Security


I have also been writing some posts about security and privacy on my first blog, Scobbs Blogspot. The idea is to put security pieces there when they are not a good fit for We Live Security, for example, a strong personal opinion, or a speculative piece. (In general, I want to keep this blog here, Cobbsblog, for non-security stuff.) Recent posts on Scobbs Blogspot include:

Security Slides and Webinars and Podcasts


You can find some of the slides from my security presentations at SlideShare under the zcobb account. These include slides that ESET graciously makes available for anyone who is working to increase security awareness in their organization. Here is a recent example from a webinar on cybercrime:



Some of my security education presentations are done as webinars and you can find these in the ESET channel on a service called BrightTalk. The channel requires a one-time registration process but is free and there are dozens of recorded webinars available from myself and my colleagues.

I have also recorded a lot of podcasts on security and privacy. These are available on this page but they are not marked as to author. All of the podcasts are worth a listen and feature my fellow researchers at ESET.

Earlier this year I answered several questions for a reporter while visiting the Latin America headquarters of ESET. Topics covered in the resulting video include the effects of Snowden's revelations about the NSA, the relationship between privacy and security, and social media issues for young people. Spanish subtitles are provided.



Fighting Hemochromatosis


My writings on hemochromatosis started here on this blog in 2008, with "dsgds". Then, in 2010, I created CelticCurse.org and post there when I have something substantial. Here are some recent posts.

In addition to Celtic Curse, I created another channel of communication about hemochromatosis, the Hemochromatosis page on Facebook. This has reached over 100,000 people so far this year and led to the publication of the first ever "Hemo Doc Stars" list of recommended hemochromatosis doctors from around the world.

So, the next time I am wondering to myself "what have I accomplished this year?" I can look at this page and refresh my memory. And the above is not everything. I also got accepted into a postgraduate degree program in security and risk management in the Criminology Department of the University of Leicester, in England. I hope to have time to share some instructive tales of distance learning here as the program progresses.

How to find $168 billion in annual spending cuts while saving the world

Allow me to explain where the U.S. federal government can find $168 billion. That could be a $168 billion cut in annual spending from the current budget, or $168 billion of spending shifted to more worthwhile endeavors. It could even end world hunger while giving us all tax rebates.

Lately, I've been looking at a lot of numbers related to safety and security, like how much money we spend on fighting wars and cyber crime, how many people die from different causes, and so on. I was inspired to research such things by a comment made to the press by my friend and boss, Andrew Lee, CEO of ESET North America, who was asked what he thought of General Keith Alexander's keynote at Blackhat last year. (The General spoke about mass surveillance by the National Security Agency (NSA) as revealed by former federal contractor Edward Snowden.) Andrew said that we should be asking ourselves if the levels of surveillance now being revealed constitute a proportionate response.

Personally, and I stress that this is my personal opinion, I think that the $50 billion my country spends annually on spying is way too much (BTW, for new readers, "my country" = the United States of America, the country of which I have been a citizen for more than 30 years).

To put that $50 billion spend on spying in perspective, it dwarfs the total spend on life-saving health research by the federal government is $30 billion (that's funding for over 300,000 researchers at more than 2,500 institutions). I'm pretty sure that $50 billion is about the same as the operating expenses of Google and Microsoft combined. Aside from the sheer amount, the challenge of oversight and efficiency across multiple agencies is huge, leading to some terrible decision-making, as revealed by some of the Snowden papers.

But let's leave the spy budget aside and consider what we spend to defend our country. Suppose we were to decide that the appropriate annual budget for defending America is twice the total annual military spend of our two closest rivals, China and Russia. Those two countries spend $166 billion and $90 billion respectively, or $256 billion combined; double that is $512 billion, which is $168 billion less than the $680 billion that the U.S. spends.

military-spendingSurely we can adequately defend America by allocating twice what China and Russia spend combined. Still nervous? Want a comfort zone greater than 2X?

Consider the $272 billion annual military spending by our six strongest allies (UK, Japan, France, Germany, Australia, Canada). Figures are from SIPRI Yearbook 2013.

Want more perspective? With our $168 billion savings we could drastically reduce the deficit, lower taxes, and still have enough left over to END WORLD HUNGER (estimated cost of that is $30 billion).

So, let's recap, the Cobb budget plan for America would:

  • Spend more on defense than China and Russia combined

  • End world hunger

  • Reduce the deficit

  • Enable lower tax rates


What's not to love about that?

Happy Blogging New Year 2014!

Happy New Year! While it took me a few days to get around to this, I did want to mark the beginning of the new year with at least one blog post here on Cobbsblog. In fact, I have been doing quite a bit of blogging around the turn of the year.

Over on WeLiveSecurity.com I was privielged to present some of the 2014 security predictions from my fellow researchers at ESET. My colleagues in Latin America shone again this year, producing a 30+ page review of malware trends and predictions.

That report very rightly fingered privacy as a hot topic for 2014 and I am heading for Washington, D.C. in a few weeks to be on a panel about data privacy at a Data Privacy Day event at the Pew Charitable Trusts (January 28 is Data Privacy Day).

Predictions are one thing, but what practical good are they? What advice can they generate for IT security managers? I will try to answer that question in a free webinar happening January 15 on ESET's Brighttalk channel.

I made some information security predictions of my own, over on my security blog: scobb's information security blog. That blog was in fact my first, and lately I have been reviving it. My idea for 2014 is to use Cobbsblog for more personal posts, and put my security related posts on scobb's. Of course, in 2014 I will be writing about security on WeLiveSecurity.com as well, but sometimes I have things to say on the topic that don't quite fit there.

And sometimes my thoughts will migrate to other blogs. For example, Graham Cluley liked my prediction about the persistent misrepresentation of antivirus software, and reprinted it (with my permission) on his very information blog.

I wish you a safe and happy 2014 and pledge to do my best to provide you with informative and thought-provoking content all year long.

Free professional security advice for Palestinian hackers

First of all, welcome. I am glad you found this page. Please don't hack it.

Who am I? I am one of many people in the computer security world who have great sympathy for the Palestinian people. We agree with you that the Palestinian people deserve to live in peace. We let our politicians know what we think. We use social media to spread news and awareness of the injustices suffered by the Palestinian people at the hands of Western governments and their allies in the region.

As computer security professionals, we also work hard to protect the privacy and cybersecurity of hundreds millions of individuals around the world. Some of those people are Palestinians. For example, I work at ESET, a company which protects the computers and smartphones of many millions of people in more than 180 different countries. I'm guessing some of them are Palestinian sympathizers.

Recently, some of you have been busy redirecting website traffic AWAY from sites that many people, including some Palestinian sympathizers, rely on for help in protecting their privacy and their data, and TO a page that calls for Palestinian rights. I have to say, I don't think this strategy is helping you, or the Palestinian cause; it hurts law-abiding human beings who use computers and smartphones to make an honest living, to connect with their families, and in some cases, to campaign for peace and justice.

[Note: When I say sympathy with the plight of the Palestinian people, or sympathy with the Palestinian cause, I mean that I think the people of Palestine have been, and are being, treated inhumanely, and that they deserve a secure homeland in which they are free to enjoy the rights and liberties that Americans take for granted. I do not mean that violence against civilians in pursuit of political aspirations is justified: it is not, ever, no matter what side you are on. Yet complacency and apathy in the face of inhumanity and injustice are equally objectionable.]

So, what is my professional advice? Use your computer skills to advance the cause in ways that don't impact innocent digital bystanders. Let me give you an example. This website you are reading right now is hosted on a web server that was hacked a few months ago in the name of freedom for Palestinians. The same web server hosts information about a potentially fatal genetic condition that doctors often fail to diagnose. That website helps a lot of people but it went down because someone thought hacking it would help the Palestinian cause. Did it help? I don't see any evidence that it did. Several kind and generous people had to give up their time to fix the website. Some innocent people in need of helpful information could not get to that information for days.

kdms-palestineDid the hack provide any benefit to anyone? Not really. Security experts already know that websites can be hacked, and it is well known that the DNS servers which direct traffic to websites can be messed with. But the more protection that is applied to protect sites and infrastructure, the more expensive and cumbersome the Internet becomes. And I'm guessing you use the Internet for more things than hacking. How about use of the Internet to organize humanitarian aid for Palestine? How about use of the Internet to raise awareness of, and sympathy for, the Palestinian cause? Why not apply your skills and energy to those efforts? Help the people who are trying, or may be persuaded to try, to help you.

No quest for peace and freedom can prosper without a critical mass of support that comes from many quarters. Annoying people who might otherwise be persuaded to support you just seems counter-productive.

Respectfully...Stephen Cobb, CISSP

Thank you Layla, for all that you gave to us, 2004-2013


A photo snapped in August: Layla Cobb, 2004-2013


This is just a short note to all who knew and loved our Layla.
Earlier this week she ended her journey here in San Diego,
peacefully and with loving hands upon her.


Layla was not only a joy to us and those who met her, she was an enormous comfort to us through some very tough times. She steadfastly refused to leave Chey's side whenever Chey was feeling ill, and faithfully presented me with a retrieved object whenever I came through the front door.

Only recently did we discover that Layla had stoically endured many years of arthritis so severe that the vets, when they got the X-rays, said they were amazed that she was able to walk at all. But Layla has always soldiered on stoically, despite everything, from Florida to New York, and then the long journey out to San Diego. Living out here, Dog Beach became her favorite place. When she stopped wanting to go onto the beach we both knew that we would not have her much longer.

So here's to you Princess Layla, Super Trooper, Snow Dog,
indefatigable source of comfort and joy.


Snow dog Layla

Layla's first snow, New York, 2007


Layla Cobb, 2004-2013

Do I really have to go back inside dad?


 

laylacc2

Hello world, my first portrait, 2004