Avoiding scams and manipulation. A data breach at CDHE--will this get an investigation? Let's hope politics won't get in the way.

Avoiding scams and manipulation. 

I've written before about the show called Hidden Brain on NPR and I heard another one recently that I thought worth sharing.

This particular one is about scams and how to spot them.  There is a whole lot in the podcast linked below worth covering.  It's definitely worth an hour of your time.  I'd recommend listening.  The book by one of the people interviewed is also on my list.

Knowing how people would seek to manipulate you--their tools, their techniques--and the faulty reasoning that allows this to happen is important and a big interest of mine.  I hope it is for you too.  

Many things in there are familiar and I am not a huge fan of retreading familiar ground, so I picked out some of the things that were new to me or rephrased in a way that I thought illuminating.  I also tossed in some of the things that I've learned along the way.

In no particular order then:

--Slow down.  Scams and manipulation work by short-circuiting your higher mammalian brain.  There is no need to provide an immediate reaction to an idea or some thing you read.  It'll keep.  Stop, research, and think.  


--Remember the skeptic's maxim:  big claims need big evidence.  Sometimes extraordinary claims are true.  But they require more evidence that more run of the mill claims.  And bringing that evidence is the job of the person making the claim. 


--In keeping with the one above, stop and check things.  Hear something fantastic?  Check it on Google. Get an email or a phone call from someone important that feels "off"?  Contact that person and double check before acting.  

  
--Be careful in reading!  Communication between humans is never a one-to-one* proposition and manipulators play on this with great skill.  When someone says a word stop and make sure you understand the sense they mean it in.  A real clear example came up recently with the coal train wreck near Pueblo on I-25.  Look at the headline in screenshot 1.  The word "derail" (highlighted) carries with it certain meanings and images to you and they might not match those of the writer.  I don't think it's still clear what happened in the wreck, but there are a couple scenarios.  In one, the train jumped the tracks and fell off the bridge.  In the other, the bridge failed and that made the train come off the tracks.  Me personally, however, seeing "derail" makes me think the  former and not the latter.  It was only by reading the article that I got a sense of the ambiguity in the what caused the accident.  

--Last one:  an expert in one domain is an ordinary human in another.  If you ask me a question about physics I could probably talk in detail and my answer would better reflect the state of science on the matter than someone else you pick at random.  Ask me about Medieval French poetry and my answer would not be any better than another human's picked at random.  Knowing one field well doesn't mean that the person knows all fields well.  It doesn't mean anything more when an astrophysicist talks about gender reassignment than it does when any other randomly-chosen individual does.  It doesn't mean anything more when a Nobel Prize** winning economist talks about global warming than it does for any other individual (save for perhaps economic impacts as an example).  


Keep your head up and your wits about you out there!  If you know of other things to watch for, please add to the comments.


*Said here in the math sense where one thing maps directly and uniquely to another.  See the part circled in red in screenshot two.  The green set here is one to one.  The purple is not.

**My intuition here tells me that likely someone that has risen to be world-renown in a field like astrophysics or that has won a Nobel Prize in anything is likely to be, in general, better at creative problem solving than a randomly chosen person, that doesn't mean that he or she is more knowledgeable than a randomly-chosen person outside their field.  


https://hiddenbrain.org/podcast/how-to-spot-a-scam/

---

Data breach at the Colorado Department of Higher Ed (CDHE)

I posted in the past about the data breach that happened at CDHE.  Some movement has happened there and so I wanted to update.  Let's go in order.

A quick history:  CDHE records were attacked sometime between June 11 and 19.  Student names, SSN's, and other education records were hacked and leaked.  Later, August 4th or so, CDHE notified both the public and the AG's Office (the AG's notification required by statute to happen within 30 days).  At the time, CDHE stated the delay in notification was due to (quoting the first link below): "...'gathering information and following statute.'"


Ironic no?


At any rate, I think someone's nose perked up at the delay and potential for political embarrassment and so a CORA request was made.  Perhaps I'm too dull to see who, but I have yet to see a specific name for a requestor.  If you know, please share.


In their response, CDHE withheld some records pertinent to the breach and that is now the subject of a lawsuit.  See the second link below.


The allegation is that CDHE is abusing the "deliberative process privilege" (the sometimes-bane of my existence as someone who does a fair number of CORA requests):  an exception to the open records law that prevents the release of records that might cause agency employees to be less than fully forthright in their discussions because they know their words could be public record.  The agency is apparently not stating the details behind the withheld records, simply that they're being withheld under this privilege.  The suit asks the judge to review the records in private and then determine whether or not they were properly withheld.  I'll update if and when I see a ruling there.


In the meantime, and this is why I made the remark above about political embarrassment, House Republicans wrote Polis and AG Weiser asking for an investigation into the delay in notifications.  See the third link below.
This is, politics aside, a reasonable thing to ask and I hope they do open an investigation.** Beyond the unaccounted for extra time in notifying both the AG and the victims, there were other, pretty serious missteps by the director of CDHE. Again, see the third link for details.

My fear is that the Democrats who run the AG's office and the other Executive Branch offices will put their aversion to political egg on their face ahead of doing what's right.  I say this having seen more than once that the Democrats in this state work strongly to protect their own.  And that's a shame.  

You'll pardon some cynicism on my part, but I think the Republicans and whoever did the CORA request are acting from less than altruistic motives here.  

Still, this doesn't negate the fact that we the public should have an accounting of what happened and a complete look at what might prevent same in the future.

**Toward the end of finding out more, I wrote the AG's press person and asked if the AG intended to open an investigation.  I was told, and I quote the email, "The attorney general’s office cannot confirm or otherwise comment on investigations or complaints."  A reasonable enough thing to say.  After all, if you were the subject, you would not want the opening of an investigation to tarnish your reputation prior to the findings.  Additionally, I'd like to point out the fact that other, similar investigations have been opened by the AG's office about data breaches and these have resulted in settlements and, one hopes, a fix.  See the fourth link below.   


https://gazette.com/news/education/colorado-students-records-exposed-after-massive-data-breach/article_81d01ec8-330d-11ee-a369-573fcb48d5b2.html

https://coloradofoic.org/public-trust-institute-and-state-higher-ed-department-vie-in-court-over-withheld-emails-about-cyberattack/?fbclid=IwAR24fOjzXvbNaTCkd3HLATiesYYE0z4OAX0KjjywbXJ0tLgHsfSpUYQBCfI


https://www.thelobby-co.com/content-library/colorado-house-republicans-demand-answers-in-higher-education-data-breach-cover-up

https://coag.gov/press-releases/attorney-general-phil-weiser-announces-settlement-with-broomfield-skilled-nursing-facility-over-2021-data-breach/

Related:

JeffCo now has a data breach of their own? Seems like they’re at least a little more timely in notifying people.

https://denvergazette.com/news/jeffco-schools-report-possible-cyber-attack/article_c4b46326-79bb-11ee-ae2d-5b60b1986b3a.html