Tech Musing #3

Ariticle: http://www.montrealgazette.com/business/microsoft+suit+latest+tech+clash+with+over+privacy/11853281/story.html

Overview:

Along with the some breaking news coming out such as former National Security Agency contractor Edward Snowden leaked details of government data-gathering efforts and Apple recently fought a high-profile battle over the FBI's demand for help unlocking an encrypted iPhone in San Bernardino, California, people become more and more concerned of their personal private information, and privacy become a hot topic these days. This article talks about, computer hardware and software industry leader, Microsoft’s latest tech clash suit with US over privacy. In this case, Microsoft suited the Justice Department over its use of court ordered the company to turn over customer files stored in its computer centers, and also not allow them to notifying their customers. Not only ask Microsoft for the US-citizen’s private files, US government but also demanded for emails of a non-U.S. citizen that the company has stored in a data center located in Ireland. Except Microsoft, some other companies also suffered the same thing. The Redmond, Washington-based company says authorities used the 1986 law, known as the Electronic Communications Privacy Act, to demand customer information more than 5,600 times in the last 18 months. This high frequency definitely influences the operation of the company and also affect the company’s competitive advantage in customer’s privacy.

Relevant to Course:

This article is very relevant to what we have leant in class like privacy, information security and potential venerability of data. It also shows me from a new stand point of how government use their power to request user’s personal information. This article provides me how big corporates feel about government’s action and how they use their power to against them. It also shows me the endeavor they have made to protect their user’s privacy.

Importance as an MIS student:

As a MIS student. Information security is a big part of knowledge we should have. Through learning the action government has made and the corporate decisions, we should be able to understand why we need to use different technics to make our information secure. Just like other companies, including Google, Facebook and Yahoo, have increased their use of encryption in order to keep their data safe and hard to compromise, we should learn different technics to keep our information and data secure.  

TECH MUSING #3: Edward Snowden Video

I can’t believe that people are so ignorant with this topic. It’s honestly mind boggling that people don’t have a clue that their information can be used and tampered with at any moments notice. I believe that what Snowden wanted was for the American people to know the truth and to be able to have a say with what happens to their information and their privacy. After watching people get interviewed and not even knowing that the government can do what they’ve been doing for years.. It’s crazy! I guess being an MIS major we’re aware of these things because we take classes such as this one, but I feel like everyone should know what’s going on with their information and really want to know how private, their privacy really is.

Article:
https://theintercept.com/2016/04/25/spy-chief-complains-that-edward-snowden-sped-up-spread-of-encryption-by-7-years/

This article talks about how Edward Snowden pretty much started the domino effect of encryption and how in the next few years there's a great possibility that encryption can be broken. He mentioned that the availability of encryption is so much more transparent people have been working around the clock trying to break in and have our information. This is so relevant to me, my peers, everyone and anyone who uses technology because once the encryption can be broken, we have nothing to protect us from people stealing anything they want from us; from text messages to emails and data. I think in order for our information to remain protected, there needs to be some new form of security and protection, much like the security and privacy that encryption has provided with us. This new form of security and protection must be much stronger and more secure than encryption so that it cannot be broken and deciphered. I’m not sure exactly what this entails but I hope that in the future, some new type of security is created so that we can be able keep our sense in privacy.

Tech Musing 3 - Edward Snowden Video and Suzie 4th Amendment article

Edward Snowden Video
I really enjoyed both the Edward Snowden videos and your article on the 4th Amendment. Citizen privacy vs government protection is a topic that has always fascinated me. I think what about the video struck me the most was in the beginning of the first one with the NSA employee who came up with a new surveillance system. The surveillance system allowed for more data collection while encrypting personal information. Allowing the government to collect the information but not allowing them to see who it was from. If the information was then pertinent they could request a court order. However, when he pitched the idea he was told that the agency was moving forward with another initiative.

What I find most interesting was when that NSA agent went to speak to the agency counsel. When he brought up his concerns about the program the agency decided to pursue, he was told to drop this subject, that the counsel would not speak to him anymore, and to essentially go home.

4th Amendment Article
What I really enjoyed about this article was the point regarding toll data. Nowadays we don't think about all the personal information, the data, that we put into the world around us. In the case of the example, just owning a toll pass can allow people to see into your daily commute. No to mention the data that we create by use of our smartphones.

How this pertains to our class
I think both these articles pertain to our class by virtue of their very nature. We surround ourselves with technology, creating "smart" devices that communicate with each other. Whether it be your radio, car, thermostat, security system, or your toll pass. All of this technology generates data that can be useful to ourselves, and to those around us.

Tech Musing #3 "Panama Papers: inside the Guardian's investigation into offshore secrets"

Article: http://www.theguardian.com/news/2016/apr/16/panama-papers-inside-the-guardians-investigation-into-offshore-secrets 

Overview
An article was posted to the Guardian on April 16th, 2016 titled "Panama Papers: inside the Guardian's investigation into offshore secrets" by Juliette Garside. I have found this article to be the most complete when it come to putting the Panama Papers Scandal into perspective and understanding the timeline of events. Garside begins with the foundation of the scandal, recounting the contact of the "John Doe" wishing to unload some data. From there, Juliette discusses the manner in which the investigation was conducted. She talks about the "red flags" that were identified including the Icelandic Prime Minister walking out of an interview, the stepping down of Mossack Fonseca founding partner, Ramon Fonseca, and the arresting of two Mossack Fonseca employees. Garside then delves into series of events that led to publishing this massive amount of sensitive information.

25 February 2015 - During this time, correspondence with the information source, "John Doe," has been established and information is prepared for unveiling.

June 2015 - News organizations discuss how the information will be delivered to the public and how the information will be handled.

September 2015 - The Guardian secures its position in the information unveiling and participate in the discussion of new handling.

December 2015 - The size of the scandal is beginning to be put into perspective with 2.6 terabytes of data available and accounts of dealings of Vladimir Putin valued at $2bn. This is also the time that Mossack Fonseca employees were arrested, but released while two other Fonseca employees fled the country.

4 March 2016 - Mossack Fonseca is officially informed that information regarding the details of some of their "sensitive" accounts has been acquired and viewed.

11 March 2016 - Icelandic Prime Minister walks out of interview. Ramon Fonseca resigns from adviser position with Panamanian president.

15 March 2016 - Wife of Icelandic Prime Minister uses Facebook to announce that her husband had no official hand in the accounts held at Mossack Fonseca. Coming days before the release of information, it is hard to not sense panic from the pair.

6.48pm, Sunday 3 April - Edward Snowden tweets a link to official leak article.

7pm GMT, Sunday 3 April - Information was revealed to the public.

Relavance to Course
This article is very relevant to our course material. Firstly, there has been much discussion about the case in general, and this article offers a linear, clear point of view. Secondly, we have learned much about information security and privacy, two core concepts of this scandal. It will be interesting to see the aftermath of this scandal and the potential financial repercussions to some of the world's powerful people.

Project Management-Extra Musing

Project Management-Extra Musing

http://www.cio.com/article/3052651/project-management/which-is-best-waterfall-or-agile.html

Waterfall or Agile?

There was a question about a client that asked.. "Which is best – Waterfall or Agile?" What this article is discussing is that it is not about which one is best but it is about which one fits better a specific part of as specific project...

To make it clearer, you probably have many many dresses.. midi dresses, formal dresses, casual dresses, cocktail dresses etc, but when we pick a specific dress we have to chose it based on that special occasion. Lets say we have a job interview; we will not pick a gown because we'll probably look ridiculous. Well, that is exactly the same when choosing which methodology use for a project.

Choosing what is "perfect" for us is subjective, and when selecting a project management method even more. The article mentioned that “A project manager using Waterfall because it's what they know rather than what's best for their project probably knows that there's a better way, but it's a brave paradigm shift to step out of your comfort zone and try a different methodology”. Tons of plans fail because project managers want to stick with what they think is best based on what they know rather than adopting the appropriate methodology for the project at that time. We may prefer to wear our classy formal gown or our sporty skirt but they're no good for a job interview.

So, we should apply that dress selection methodology when holding on an IT project!  What if, as we planned each piece of the project we selected the best methodology for that specific part? Rather than contemplate a project as a whole we should consider each stage of the project independently breaking the overall into manageable pieces and considered what methodology would fit best for each.

Relevance to MIS 441

This article and discussion is very relevant to what we have been learning along this semester about Agile and waterfall methodologies. As we learned earlier in the semester most organization use a combination of Agile tools and methodologies. Agile does not describe a specific approach but offers a collection of tools and best practices, and there are many of them such as Extreme programming, Scrum, Kanban, Crystal family, and many more. We learned over the second part of the semester that the difference between Agile and waterfall is huge. Waterfall is prescriptive, extensive documentation, formal, sequential, process focus and of gradual change. In contrast, Agile is abstract, minimal documentation, informal, continuous, communication focus and of rapid change, and as Bob discussed in an interview Agile methodologies are best in every way because Agile methods are human methods and we are taught about it since very young age.

Importance as an MIS student

As an MIS student we should be able to identified which methodologies are better for each type and part of a specific project. We should be able to organize and direct other people achieve a planned result within a predetermined schedule and budget. We need to be able to execute these processes to plan the project and then to monitor and control it.

As a project manager in the future we are required to have a diverse set of skills including technical, management, conflict management and customer relations. We would have many different responsibilities, internally we should be able to develop project schedules, assessing project risks, monitoring and controlling project deliverables and milestones. Externally, we need to be able to report the project status and progress, work directly with clients and other stakeholders, identifying resource needs and obtain resources. So, it is of high importance for us as MIS students to well understand how and when to execute these methodologies.

Tech Musing Extra Credit: Project Management

Project Management Software: Wrike

This article discusses about how the project management software, Wrike, has developed and its exponential growth making it more effective and efficient. Wrike, founded by Russian born entrepreneur, Andrew Filev, in 2006, is a platform for real time work management and collaboration that helps to make day-to-day work easier, more transparent and efficient for thousands of companies. Around 6,000 paid customers in over 108 countries already enjoyed it cool features and advantages. It also raised $10 million in venture capital funding from prominent investors and their customers include teams from Google, Stanford, and eBay. Filev says, the company started as a collaboration and project management vendor and then as the company were working on managing our clients’ projects, we realized the need for something bigger. We needed a tool to help us collaborate better. So we created Wrike to solve our own problem. Wrike accelerate the growth plan and continue to innovate. Many companies like Google, Hawaiian Airlines and PayPal have already use the platform because it they already have experienced the pain that comes with project management from other software.

Relevance to MIS 441

This article is relevant to our class project and for other project management project because it provides an alternative tool to MS Project for many purposes.  Its role for project management techniques is to implement projects successfully and establish in areas such as the planning and control of time, cost and quality. Its useful features are

-        Task management

-        Calendar integrations with Outlook, Google and iCalendar

-        Assigning members to the task

-        Discussions

-        Real time activity stream

-        Gantt Chart

-        Performance Chart

-        Time tracking

-        Progress report

-        File sharing and editing

Importance as an MIS student

For the MIS student, Wrike, is useful tool for managing their entire project. It is an effective way for managing multiple tasks and sub tasks for multiple projects. It is widely use for small teams members like in our MIS class. You can sync your calendars, tasks, and project milestones through integrations with Outlook Calendar, Google Calendar, and iCalendar. Wrike also offers a range of other 3rd party integrations, including Excel, Word, Google Drive, Box, Dropbox, and Gmail. Wrike’s iPhone and Android apps mean that everyone associated with a project can stay in constant communication, regardless of whether they are in traveling or permanently based in different offices and time zones which is useful when student are out for spring break during the semester. It would be easier for MIS student when they have experience about this kind of tools to get the jobs in industries and tech companies like this.

Article link:

http://www.forbes.com/sites/brucerogers/2014/10/15/andrew-filevs-wrike-wants-to-bring-project-management-and-collaboration-to-the-masses/#54e415e5282e

Tech Musing 3 - CitzenFour

I have the good fortune of having HBO (or my grandparents' HBO password), so I was able to watch CitizenFour in its entirety. I actually watched this documentary when it first came out, because it was my first opportunity to look into who Snowden was as a person. Having watched it again for this class, I found it to be even more chilling the second time around. The unrestrained power the government wields in regards to information collection is staggering, to the point where it is difficult to even wrap my mind around the entire scope and scale of what they're doing. This mass collection is clearly a violation of constitutional rights, and I have a hard time believing people who argue the opposite. That being said, I can see where they  are coming from on a legal standpoint. When the constitution was written 230 years ago, the notion of emails, text messages, metadata or even phones was pure fantasy. As such, the laws have gaps in them where they do not account for these new forms of communication and information exchange. The law simply does not have provisions and protections for the internet, and most likely won't any time soon given the state of Congress. One of the main things I take away from things like this is that our laws are often outdated, and need updating for the modern age (a prime example being the German extradition of a comedian who mocked the Turkish president, using a law from the 1830s as justification to send him to Turkey).

It's unfortunate that we won't likely see change anytime soon, in part because of a technologically illiterate Congress. Many of our elected officials were born before the computer was even invented - certainly before the internet became widespread - and they simply don't understand it. Some of the proposed laws, especially in the wake of the San Bernadino shooting and subsequent legal battle with Apple, show that Congress doesn't understand not only modern technology, but how privacy fits into it. Recently, Diane Feinstein and another Congressman introduced a bill that would required all information exchanged over the internet and mobile devices to be accessible at any time for law enforcement upon request. Essentially, they asked for back doors to every form of encryption, which makes it useless. They basically want to outlaw effective encryption. This would make it even easier for the NSA to run the programs Snowden describes in CitizenFour, It is a felony to steal or tamper with someone's physical mail because it is a massive invasion of privacy. Why should it not be equally illegal to steal and tamper with someone's mail and correspondence just because it is in a different format? These are the kinds of basic parallels that our current Congress seems to be failing to grasp, and why I think many people are frustrated with them.

On the actual topic of privacy, I think a quote from Benjamin Franklin is extremely relevant: "Those who would give up essential liberty, to purchase a little temporary safety, deserve neither safety nor liberty". We should not be forced to give up our rights in the name of national security. Especially in the name of programs that have been shown to not be all that effective in the first place. I do not feel safer knowing the government is watching everyone. I feel more at risk, and like I'm being made out to be an enemy of my own country. I feel more on edge and distrusting of anything the government says. Ironically, distrusting the government would most likely put me more in line with the Founding Fathers than the people who claim to be protecting the Fathers' vision. It's sickening, to be frank. I haven't changed any habits on the internet per se, as I don't think anything I do now will be of any particular interest to the government (unless the government is really into watching Stephen Colbert on YouTube). However, I do find myself caring about my privacy in all other aspects of my life, and being more guarded with the details of my life. I think Snowden has accomplished his goal of getting people to care about their privacy, and taking steps, no matter how small, to protect it. I hope this continues to evolve, and maybe one day shut down the NSA's spy programs. A good start would be to not renew the Patriot Act when it next comes up, however I don't think our next President is likely to do that (assuming it is Hillary or Trump). For now, the only thing we can really do is vote, and pray the politicians actually decide to care.  

Tech Musing #3 - Ransomware: A Formidable Enterprise Threat

Article Link: http://www.securityweek.com/ransomware-formidable-enterprise-threat
Article Title: Ransomware: A Formidable Enterprise Threat (Apr 22nd, 2016)

Article Summary:

This article describes ransomware, a recent trend in cybersecurity.  Ransomware is similar to other malicious computer viruses that can infect devices, but with ransomware attackers attempt to extort their victims.  One example of how this type of attack is orchestrated is attackers will encrypt all files and programs belonging to a victim. The attackers then communicate to the victim that they will provide the ability to decrypt all of the files if a ransom is paid. In recent years, the ransoms are usually requested in Bitcoins, which is a virtual form of currency which helps the attackers evade detection. Attacks can be launched against ordinary citizens which typically have a ransom amount between $200 and $400. However it is more common for these attacks to target corporations and enterprises. This benefits the attackers because they can demand larger ransom amounts without having to constantly worry about resetting their IP settings after each smaller attack.

Implications:

I chose this article for a couple reasons. The first is because I recently witnessed this type of attack firsthand. I always used to think: “well those attacks probably never really happen,” but about a month ago, the company I work for was targeted by ransomware.  All of our files were encrypted and could not be opened. The company database was also inaccessible. However we were able to resolve the issue within 24 hours and did not have to pay the ransom. This was due in part to the fact that my company backs up all data every single day, which the article states is one of the simplest yet most effective counters to a ransomware attack.  The article stated that only 38% of companies said that they have a strategy in place to deal with a ransomware attack which I found surprising. The ransomware got installed into a workstation computer at my company by an employee opening an e-mail attachment which brings me to my second reason for choosing this topic. As MIS students, we have heard multiple times that these types of attacks are usually the result of human/employee error. Employee education can go a long way for preventing these types of attacks.

Tech Musing #3

I started in a Security Co-Op position with Raytheon at the beginning of the semester. While I was going through the interview process, I was asked multiple times what I thought of Edward Snowden and what he did in his position at the NSA. This was when I began to understand the impact of Snowden’s actions as they pertained to the US Government and its defense contractors holding Classified information.

There will always be multiple beliefs of whether Snowden’s actions were beneficial to the American public or not. On one hand, the information he released informed the public of the monitoring abilities the Government was capable of. As a Democracy, it is important that the public is understanding of what the Government can do that will affect them, both negatively and positively, in order to prevent any unwarranted monitoring. After watching John Oliver’s interview with Snowden, it is clear that the general public is unaware of what Snowden has done to inform them of the current intrusion to privacy that was occurring within the United States. This leak of Classified information may have encouraged some to change their current ways to enhance their privacy. However, this leak did not seem to affect the public as much as Edward Snowden hoped that it would.

As for the Government, the Snowden leaks seem to have affected them and their processes substantially more than the public’s processes. Working for Raytheon’s Security department has shown me the how the Government and their contractors have changed their ways to prevent another Classified information leak. The Defense Security Services (DSS) has implemented additional checks and balances in order to prevent additional leaks by monitoring who is capable of downloading and printing Classified information. It also regulates the amount of content that users are able to access and download. While the regulations will not eliminate the possibility of leaks, it will reduce the access that users have to Classified content. The DSS has also encouraged contractors to enhance their insider threat mitigation programs. Therefore, Raytheon employees are now regularly reminded of the importance of reporting any suspicious activity within the company. It is unfortunate that these precautions did not take place until a leak occurred, but it Is nice to see that US Classified information is becoming more secure.

The American public will always want the Government to protect them from any threats. In order to do this however, sometimes the Government is required to look within its own population for these potential threats. Whether it is the right thing to do or not, it will always be a topic of discussion for those that care about their own safety and privacy.

Tech Musing #3: What you Need to Know About the Panama Papers

Before taking this class or any privacy class I had heard about the leak Edward Snowden had released to the media and the implications it had nationally, but I had never truly understood the details or investigated exactly what everything meant.  This semester I had the opportunity to take a class on privacy and security that has helped me understand the concept of privacy in today's society. Personally I could take both sides of Snowden's argument because I understand the reasons the NSA may monitor within the United States but I also see the privacy concerns citizens are affected by. My argument for the NSA is that the reason for their monitoring is national security and the surveillance of any important information to protect our country from internal threats. Many would argue that this monitoring is a breach of their privacy and they don't want an agency to be monitoring their activity. But in reality, if you are a common citizen in the United States that works 40 hours a week, owns a home and has a family with 2.5 kids, the NSA is not worried about monitoring your activity because it would be a waste of time. It is when you may have something to hide that you have to worry about this surveillance.

On the other hand, the NSA should not have the right to simply breach any privacy methods to keep tabs on all citizens without some sort of permission or probably cause. This country guarantees freedom to all citizens and after finding out about this surveillance, many felt that their freedom and rights were being violated. Certainly this is why warrants and probable cause exist. In order to keep the government in check and from being able to do whatever they wish to do which is why many believe that what the NSA is doing is not right. Unfortunately there is no way for us to know whether we are being monitored or not and if this will ever change in any way. The companies we thought we could trust are voluntarily providing them with the information they request so as regular consumers there are not many directions we can turn to.

Another data leak that recently made a big impact in many governments was the Panama Papers. After researching this topic I found a credible article outlining the most important details of the largest data leak in history. The 11.5 million files totaling 2.6 terabytes exposed many government officials and regimes committing a numerous amount of financial crimes. It basically exposed many offshore accounts linked to politically affiliated individuals. Although offshore accounts are legal and have many legitimate uses, these cases were linked to money laundering as well as tax evasion.

One of the biggest accounts was a $2 billion dollar trail leading back to Russia's president Vladmir Putin. The funds were expected to be Russian state banks that is hidden offshore. Among other notable leaders were Nawaz Sharif the Pakistani Prime Minister, President of Ukraine Petro Poroshenko and the Prime Minister of Iceland Sigmundur David Gunnlaugsson. Overall over 300 accounts were discovered exposing 143 politicians and 12 national leaders. To date many of the national leaders and politicians have stepped down from their respective positions including the Pime Minister of Iceland.

http://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-about-the-panama-papers

Tech Musing 3: Apple Pulls Plug On QuickTime for Windows

Article: http://www.forbes.com/sites/tonybradley/2016/04/19/apple-abruptly-pulls-plug-on-quicktime-for-windows/#3de3756c775c

Apple abruptly decided to cease development and future support of its QuickTime player for Microsoft’s Windows operating system. Normally when a company discontinues development of a product, it comes with much prior warning along with instructions on what the general public should do when development and support of that product stop.  In typical Apple fashion, however, the company took the liberty to just scrub their own website of any mention to a “QuickTime for Windows” download file. The company also didn’t release any kind of statement to its QuickTime users letting them know of the change.

Now, you may be wondering why Apple abruptly ending software development of a product is such a big deal. Well, anytime a company does this, this also means that security vulnerabilities with the software will no longer be patched through software updates. This means that the millions of users who have QuickTime for Windows installed on their computers are now completely open to have malicious attacks performed through their computers via this now-unsupported software. According to the article, using unsupported software opens the door to potential negative consequences such as loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets (Forbes 2016).

As a result, the risk has been deemed so severe that even the Department of Homeland Security has released a public statement urging anyone using QuickTime for Windows to uninstall the program from their computers as soon as possible. Clearly, the risk for potential harm could be very great if the vulnerabilities in QuickTime are exposed and utilized by hackers.

This potential for harm is only exponentially multiplied when you take into account the sheer number of users that likely have QuickTime installed on their Windows PCs. QuickTime for Windows has been around since the 1990s. It used to be required by anyone using iTunes, but that requirement has recently been dropped. QuickTime’s functionality has also been greatly eclipsed by alternative software in the marketplace. But even though you may not be an active QuickTime user, the chances of you still having this program installed on your PC is very great.

There’s also a pretty significant ethical side of the equation to take a look at here. As I said earlier, normally when a company discontinues development of a piece of software, they do so by putting in place the necessary provisions to enable users to safely and successful either migrate to a newer piece of (supported) software OR to uninstall the affected software. In the case of QuickTime for Windows, apple did neither. While of course Apple has the right to discontinue any one of its products, they should be doing so in a way that limits risk to their users. When usage of QuickTime is as widespread as it is, Apple really should have initiated some systems to help mitigate and avoid risk on their customers.

In addition to posing a significant security risk to consumers with QuickTime installed on their Windows PCs, this also has caused both security and development headache for other companies that happens to utilize QuickTime in their software applications. Developers now have to cut into productivity time to update their apps to not use QuickTime anymore. Adobe has already felt this headache as they’ve had to notify users of Adobe Creative Cloud of this new change by Apple.

Clearly, Apple really didn’t seem to take their user’s security concerns into great account when discontinuing QuickTime. In doing so without warning, they’ve put many of their users at risk to malicious computer hackers. All companies have to discontinue products at one point or another; it’s just a way of business for everyone. However, Apple has set an example of how not to handle these situations. Other companies should take note of this to ensure that they don’t repeat Apple’s careless mistakes.