.net programming, computers and assorted technology rants

Legal

Like Us on Facebook and Revoke Your Ability to Sue

Cpurtesy Michelle Coffey, blog.marketwtch.com

cheerios

If you like Cheerios, you may want to keep it to yourself.

General Mills  /quotes/zigman/227548/delayed /quotes/nls/gis GIS , maker of Lucky Charms and the Betty Crocker and Pillsbury brands, has installed a new privacy policy in which consumers who engage with its brands online, including liking them on Facebook or downloading coupons, withdraw their legal right to sue the company.

The Fortune 500 powerhouse notes a change in legal terms, warning on its website:

“We’ve updated our Privacy Policy. Please note we also have new Legal Terms which require all disputes related to the purchase or use of any General Mills product or service to be resolved through binding arbitration.”

So consumers who follow General Mills brands on social networks, subscribe to newsletters, enter sweepstakes, print coupons or benefit in any way using the site also enter a contract with the company, waiving all rights to future lawsuits.

General Mills even hinted that consumers who buy the products could be bound by those terms, according to the New York Times, who reached out to the company about its changes.

Food companies are increasingly facing more class-action lawsuits over labeling and ingredients. Last year, General Mills shelled out $8.5 million to settle a suit over how it labeled its Yoplait Yo-Plus yogurt. In 2012, two women sued the company over claims its Nature Valley products were 100% natural, alleging highly processed ingredients were used. That same year, it settled another suit over Strawberry Fruit Roll-Ups, agreeing to remove the word “strawberry” from its packaging.

Credit-card and mobile-phone companies are known for placing airtight restrictions in contracts, but this may be the first instance of a major food manufacturer attempting to block lawsuits.

Lawyers told the New York Times that General Mills’s new language will raise legal questions. And the next time it faces legal action, General Mills will likely need to prove the consumer had prior knowledge of the policy before a court can weigh in about whether the company can be sued, arbitration experts told the Times.


When “Big Data” is Too Much Data

Courtesy David M. Denton, Commentary, InformationWeek.com

(Source: Flickr user jfcherry)

Technology isn’t enough to improve healthcare. Doctors must be able to distinguish between valuable data and information overload.

As a doctor, I know the value of information, but I also know what’s worse than not enough information: misinformation or too much information. In this information age, we seem to have plenty of both.

No matter what you think or believe, you can find proof of it on the Internet. You can also find a million and one ways to decorate your living room, making it overwhelmingly impossible to decide which ideas to use. The Internet is great at quenching our attention deficits by providing novelty at every click. Indeed, we can spend hours reading, watching, listening, or commenting without accomplishing anything at all. On the other hand, we get access to excellent resources and minds, beyond what was possible in a non-connected world.

Modern medicine also struggles with managing information. In our lust for data, we have created systems that store every keystroke, scan, or import, in a limitless cloud. Discrimination is no longer necessary. The pertinent and the frivolous are stored side by side. We no longer have data; we have “big data.” This allows the detection of trends and patterns that could never be identified with our smaller data sets. We are just beginning to understand its power.

Interestingly, however, while computers are great at sorting through data quickly and efficiently, humans aren’t. In fact, “more,” often clogs our ability to discern and decide. Additionally, computers can’t distinguish good data from bad data. At present, humans are still required to use the data to make decisions and care for patients. Until we have computers that can form therapeutic alliances, be compassionate, diagnose conditions, and provide and coordinate reasonable treatments, we are still dependent on fallible biologic beings to provide our medical care.

One of the hopes of electronic health records (EHRs) is that they will revolutionize medicine by collecting information that can be used to improve how we provide care. Getting good data from EHRs can occur if good data is input. This doesn’t always happen. To see patients; document encounters; enter smoking status; create coded problems lists; update medication lists; e-prescribe medications; order tests; find, open, and review multiple prior notes; schedule follow-up appointments; search for SNOWMED codes, search for ICD-9 codes, and find CPT codes to bill encounters (tasks previously delegated to a number of people); and compassionately interact with patients, providers have to take shortcuts.

Read More…http://www.informationweek.com/healthcare/electronic-health-records/doctors-are-drowning-in-data/d/d-id/1141595?f_src=informationweek_editorspicks_rss&google_editors_picks=true


.NET to iOS/Android? Microsoft Buying Xamarin?

Courtesy Keith Ward, VisualStudioMagazine.com

Mary Jo Foley’s reporting that Microsoft may be either buying tool-maker Xamarin outright, or making a big investment in the company. It’s all speculative at this point, but this is an idea that just makes too much sense.

Xamarin makes it possible for .NET/C#-focused developers to create apps for the two most popular mobile platforms — iOS and Android — without leaving the comfort of their favorite language  and IDE (that would be Visual Studio, of course). Xamarin has been making these products for a number of years now; they used to be called MonoTouch and Mono for Android, and have morphed into Xamarin.iOS and Xamarin.Android. Xamarin has been churning out frequent updates, and furtherintegrating the products with Visual Studio. I’ve felt for some time that Xamarin would be absorbed into Visual Studio, eventually becoming a transparent part of the IDE.

Note that these reports are only substantial rumors at this point. But the rumors have credibility, at least in part, based on the natural fit of these parts. It’s not the type of head-scratcher that some other deals were. Xamarin and its founders, Miguel de Icaza and Nat Friedman, are serious software developers, and make a serious product that many developers think is the best way to write cross-platform code for the mobile platform (you may have noticed that we think it’s serious enough to have a column dedicated to the topic).

It would also be a forward-looking move for Microsoft. It needs to get iOS and Android developers to use both Visual Studio and Windows Azure, and integrating Xamarin into its core IDE would do that. It would also encourage more development in C# among the non-C# crowd, who may like what the language offers, but are wary of any Microsoft-branded stuff.

It’s hard to think of any downsides for developers of such a deal. One fear could be that the pace of innovation that Xamarin now shows could be slowed, once it’s absorbed in the Redmond behemoth. But, at least in the dev area, Microsoft has truly adopted a speedy release cycle of upgrades and fixes. After all, Visual Studio 2013 came just a year after the previous major version, and is now approaching Update 2. It’s hard to imagine that Xamarin wouldn’t be similarly upgraded, especially since it’ll be baked in.

Worth noting, too, is that new CEO Satya Nadella is a techie, so the potential acquisition might appeal to his geeky nature. He understands development in a way ex-CEO Steve Ballmer couldn’t hope to, and may be quicker to understand the benefits involved.

This is all speculation, of course, but it’s something I think should happen. What do you think?


NSA paid RSA $10 Mill to make flawed crypto algorithm the default

Courtesy Peter Bright, ArsTechnica.com

Security company RSA was paid $10 million to use the flawed Dual_EC_DRBG pseudorandom number generating algorithm as the default algorithm in its BSafe crypto library, according to sources speaking to Reuters.

The Dual_EC_DRBG algorithm is included in the NIST-approved crypto standard SP 800-90 and has been viewed with suspicion since shortly after its inclusion in the 2006 specification. In 2007, researchers from Microsoft showed that the algorithm could be backdoored: if certain relationships between numbers included within the algorithm were known to an attacker, then that attacker could predict all the numbers generated by the algorithm. These suspicions of backdooring seemed to be confirmed this September with the news that the National Security Agency had worked to undermine crypto standards.

The impact of this backdooring seemed low. The 2007 research, combined with Dual_EC_DRBG’s poor performance, meant that the algorithm was largely ignored. Most software didn’t implement it, and the software that did generally didn’t use it.

One exception to this was RSA’s BSafe library of cryptographic functions. With so much suspicion about Dual_EC_DRBG, RSA quickly recommended that BSafe users switch away from the use of Dual_EC_DRBG in favor of other pseduorandom number generation algorithms that its software supported. This raised the question of why RSA had taken the unusual decision to use the algorithm in the first place given the already widespread distrust surrounding it.

RSA said that it didn’t enable backdoors in its software and that the choice of Dual_EC_DRBG was essentially down to fashion: at the time that the algorithm was picked in 2004 (predating the NIST specification), RSA says that elliptic curves (the underlying mathematics on which Dual_EC_DRBG is built) had become “the rage” and were felt to “have advantages over other algorithms.”

Reuters’ report suggests that RSA wasn’t merely following the trends when it picked the algorithm and that contrary to its previous claims, the company has inserted presumed backdoors at the behest of the spy agency. The $10 million that the agency is said to have been paid was more than a third of the annual revenue earned for the crypto library.

Other sources speaking to Reuters said that the government did not let on that it had backdoored the algorithm, presenting it instead as a technical advance.


Wake Up Christie : This is Already Unconstitutional

Courtesy Kyle Orland,  ArsTechnica

When a New Jersey state legislator first proposed a bill to ban sales of M- and AO-rated games to anyone under 18 last month, we figured it was just another small-time politician trying to make a name for himself with a proposal that wouldn’t go anywhere. And when a New Jersey state task forcerecommended regulating violent video games as part of its “gun protection, addiction, mental health and families, and education safety” report, we figured it was the kind of cover-your-ass bureaucratic language that would (hopefully) be ignored in a report focused on more substantive gun safety measures.

But then New Jersey governor Chris Christie put his political weight behind restrictions on selling video games to minors last week. Now we realize that the New Jersey political establishment seems dead-set on making a serious push for this blatantly unconstitutional measure.

It’s sad, because this is exactly the kind of waste of state legislative resources that the Supreme Court aimed to stop with its 2010 Schwarzenegger vs. EMA ruling, which gave full first amendment protections to video games. Before that ruling, roughly a dozen states had passed various measures to limit minors’ access to violent video games. All those initiatives were eventually struck down by state or federal courts after lengthy legal battles. With Supreme Court precedent on the books, the thinking went, no other state legislature would have to waste its time dealing with what was now an established constitutional precedent to protect game sales.

Apparently New Jersey’s politicians didn’t get that message. “Ensuring there are common-sense safety measures when purchasing guns is not enough,” Christie said at a press conference last Friday. “We must address the many different contributing factors… This is just common sense and means that parents and legal guardians are actively engaged and aware of the kinds of games their kids are buying and renting.”

It’s interesting that Christie appeals to “common sense” when defending this measure, because scientific studies into the supposed effects of video game violence actually contradict that common sense. There have been plenty of studies and metastudies making the same point, but the Supreme Court itself probably summed it up best:

Psychological studies purporting to show a connection between exposure to violent video games and harmful effects on children do not prove that such exposure causes minors to act aggressively. Any demonstrated effects are both small and indistinguishable from effects produced by other media. Since California has declined to restrict those other media, e.g., Saturday morning cartoons, its video-game regulation is wildly underinclusive, raising serious doubts about whether the State is pursuing the interest it invokes or is instead disfavoring a particular speaker or viewpoint.

The plan Christie is now touting is nearly identical to the California bill that was passed in 2005 and struck down by the high court five years later—after a legal battle that cost the state’s taxpayers $2 million dollars in opposing legal fees (not to mention the cost to their own attorney general’s office). Christie and other New Jersey politicians backing this measure should be aware that their bill would undoubtedly lead to nothing but similar wasted legal fees with no actual law to show for it. Plenty of legal experts can tell them just that. Even if the bill were somehow successful in court, it would do little to improve upon current self-regulation among video game retailers. The FTC has found game retailer self-regulation to be the best among all major entertainment media.

The video game legislation seems out of place with the raft of proposed gun control legislation that Christie also rolled out on Friday. In the wake of various mass shootings and terror attacks in the United States, video games serve as a useful scapegoat and a convenient distraction for politicians who want to look like they’re doing more than just going after guns. Despite its 40+ year history, the video games medium is still new and unfamiliar enough to a voting population skewed toward the elderly, so politicians can still attack it without paying much, if any, price at the polls.

This situation won’t last forever, though, as a generation that grew up with games rises to power knowing first-hand that the moral panic surrounding gaming is just as empty as previous outcries over comic books, rock and roll, and young-adult novels. We had hoped that the Supreme Court had ushered in that era just a little sooner, but New Jersey is doing its best to prove otherwise.