21-31 December 2015


CA – IPC Publishes FAQ on Amendments to FIPPA and MFIPPA

Bill 8, the Public Sector and MPP Accountability and Transparency Act, 2014, will come into effect on January 1, 2016. This Bill amends the Freedom of Information and Protection of Privacy Act (FIPPA) and the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) to include requirements for institutions to ensure the preservation of records. As a result of the amendments, heads of institutions will be required to take “reasonable measures” to preserve records in their custody or control. The amendments apply to all stages of the information life cycle and make it an offence to alter, conceal or destroy a record with the intention of denying access. As the body that oversees compliance with FIPPA and MFIPPA, the IPC strongly supports the amendments because they will bring increased transparency and accountability to Ontario public institutions. The IPC has prepared this new paper to help institutions understand their responsibilities under the recordkeeping amendments, as well as develop and implement plans to address these provisions. [Information and Privacy Commissioner /Ontario]

CA – Jennifer Stoddart Named to Order of Canada

Congratulations to Jennifer Stoddart (Officer) and Kent Roach (Member) for being named to the Order of Canada. [Globe&Mail]

CA – Canadian Companies Have Big New Ally in Fight Against Cyber Crime

Nine major Canadian companies, including the big telcos and some of the Big Five banks, along with the Canadian Council of Chief Executives are forming the Canadian Cyber Threat Exchange (“CCTX”), which will allow companies to share information among themselves, government and research institutes about cyber attacks. [Financial Post]


US – Warrantless Online Surveillance Is OK for Most: Poll

According to the new poll, 56% of Americans favor and 28% oppose the ability of the government to conduct surveillance on Internet communications without needing to get a warrant. That includes such surveillance on U.S. citizens. Majorities both of Republicans (67%) and Democrats (55%) favor government surveillance of Americans’ Internet activities to watch for suspicious activity that might be connected to terrorism. Independents are more divided, with 40% in favor and 35% opposed. Only a third of Americans under 30, but nearly two-thirds 30 and older, support warrantless surveillance. [Source]


US – 191 Million Voter Records Unprotected

A database containing personally identifiable information of 191 million voters has been discovered. The database is misconfigured, making it accessible online to anyone. The compromised information includes names, addresses, dates of birth, and voting history dating back to 2000. It has not yet been determined to whom the database belongs. [Wired] [The Hill] [CNET] [The Register] See also: [Livestream Acknowledges Breach] [Database configuration issues expose 191 million voter records: Massive database exposed to public, major political data managers deny ownership] [Massive trove of US voter data discovered on Web]


WW – Google: Bring Your Own Encryption Keys to Google Cloud Platform

Google has introduced Customer-Supplied Encryption Keys for Google Compute Engine in beta, which allow you to bring-your-own-keys to encrypt compute resources. Google Compute Engine already protects all customer data with industry-standard AES-256 bit encryption. Customer-Supplied Encryption Keys marries the hardened encryption framework built into Google’s infrastructure with encryption keys that are owned and controlled exclusively by you. You create and hold the keys, you determine when data is active or at rest, and absolutely no one inside or outside Google can access your at rest data without possession of your keys. Google does not retain your keys, and only holds them transiently in order to fulfill your request. [Google]

EU Developments

EU – GDPR: Orgs Must Obtain User Consent for Personal Data Processing

A law firm (FieldFisher LLC) examines forthcoming changes under the General Data Protection Regulation (“GDPR”). Organisations will have to re-engineer data collection forms, online and mobile user interfaces, privacy policies and terms and conditions to ensure explicit consent can be proven; explicit consent may not be an option where there is a significant imbalance between the individual and the organisation collecting the personal data.


WW – New Code Will Indicate When Web Content is Being Censored

The Internet Engineering Steering group has approved a new HTTP code, 451, that will let users know when pages they are trying to access are unavailable for legal reasons. The new error status code aims to help users differentiate between pages that are unavailable due to technical errors and those that are unavailable due to deliberate government action. [CNET] [The Register] [Washington Post]

Health / Medical

US – 2015: Worst Year for Healthcare Hacks is a Security Wakeup Call

Without a doubt, 2015 was the year of the healthcare megabreach and a major turning point for the sector. Some 56 major hacker attacks affecting a total of nearly 112 million individuals occurred in 2015, according to the Department of Health and Human Services. The largest of these cyberattacks hit health insurer Anthem, affecting nearly 79 million individuals, making it the biggest healthcare breach ever reported to HHS. “2015 was a blaring wake-up call to healthcare entities and their business associates that protected health information of their patients is a bullseye for fraudsters and other cybercriminals as well as nation states eager to steal IDs,” HealthcareInfoSecurity Executive Editor Marianne Kolbasuk McGee says in a year-end audio blog (click here to listen). [Source] [Data Breaches In Healthcare Totaled Over 112 Million Records In 2015] [US: Few Consequences For Health Privacy Law’s Repeat Offenders]

Horror Stories

WW – Hello Kitty User Database Unprotected

A breach of sanriotown.com has exposed the personal information of 3.3 million Hello Kitty users. The database may have been open to intruders for more than a month. The vulnerable database was found by the same person who recently discovered the unprotected MacKeeper database. [The Register] [NBC News] [Wired] See also: [Canadian data breaches in 2015: Big firms weren’t the only targets]

Identity Issues

US –TSA May Stop Accepting Certain State-Issued IDs

The US Department of Homeland Security (DHS) may soon start enforcing the Real ID Act, which requires states to comply with certain federal security standards when issuing identification cards. People from states with non-compliant systems may find themselves unable to board planes or enter federal buildings with their ID cards. Some of the states are not compliant due to active opposition to the law due to privacy concerns or prohibitive costs. [NYTimes] [ArsTechnica] [DHS.gov]

US – One State Has Started Putting Drivers’ Licenses on Smartphones

The Iowa Department of Transportation spent $40,000 on a pilot program to outfit 15 state employees with a “mobile driver’s license,” or mDL. This iOS app displays a virtual license with a rotatable image of the driver’s head after users take a selfie that is verified against their license photo on file. The mDL program is the result of public interest in the technology, which could be offered to more Iowans this year. Caller IDSome proposed benefits seem obvious: Instant updates to addresses and driving records will shorten lines at the DMV, and eliminating physical licenses saves the state production costs. Also, merchants and financial institutions see it as a means of combating fraud. The driver’s license is already the de facto standard for proving identity, so it follows that cash-strapped states would seek to monetize this service. A system in which businesses would use a license-reader app to verify a credit-card customer’s identity might net the state a small transaction fee. Bars and restaurants could similarly deploy apps for age verification. This could also increase privacy for consumers, who would no -longer need to expose personal information printed on a physical license, choosing to share only their photo and proof of legal drinking age. [Source]

Internet / WWW

WW – Video Game Companies Collecting Massive Amounts of Personal Data

Haven’t read the “terms and conditions” on that video game system you got for the holidays? You may want to take a look. With more and more video game companies collecting ever greater amounts of data about their customers, privacy advocates are starting to warn about risks to gamers’ personal privacy — as well as the dangers in normalizing surveillance. [Source]

WW – Privacy-as-a-Service Scatters Data in Disappearing Clouds

When attackers breach through layers of encryption and firewalls, one good way to keep cloud-based data safe is to keep it scattered, in constant motion. Dispel, a start-up focusing on enterprise-grade digital privacy for small to midsize businesses (SMBs) and individuals, offers digital privacy rooted in ephemeral cloud infrastructure. [pcmag.com]


Online Privacy

WW – Spanish Cybersecurity Agency Outlines Web Tracking Techniques

The Spanish National Institute of Cybersecurity (“INCIBE”) issues an overview of techniques used for web tracking of internet users. Techniques include digital fingerprints (from browsers, software, hardware, networks and geolocation), header injections, preferences and patterns of behavior and client-side identifiers (cookies, caches, session identifiers and super cookies). [INCIBE – Web Tracking of Internet Users]

WW – Facebook and Twitter’s User Privacy Efforts Crushed by New Government Legislation

Facebook and Twitter’s attempts to champion user privacy are being undermined by the intelligence community and UK government following new proposals to jail employees who tip off users that their data has been requested. Under the new offense employees of any communication service provider can be jailed for up to two years for informing a user that security services or law enforcement authorities has requested their data. The move hampers ongoing attempts by Facebook, Twitter and several other social network and technology companies to assure members that their information is secure and that they will be told if any government agency is monitoring them. [thedrum.com] See also: [Twitter Revises Policy Banning Threats and Abuse]

WW – Twitter Reverses Stance on Archiving Politicians’ Deleted Tweets

Twitter reached an agreement with two transparency-focused organizations, Sunlight Foundation and the Open State Foundation, that will allow them to resume publishing the deleted tweets of politicians and government officials in the new year. In August, Twitter cut off access to Politwoops, a Sunlight Foundation initiative that published elected officials’ deleted tweets. The technology company said Politwoops violated its developer agreement, which mandates that services with access to Twitter’s servers must not display tweets that users have deleted. [Source] See also: [Twitter vows to wage war on internet trolls]

Other Jurisdictions

CN – China Passes Counterterrorism Law

China’s parliament has passed an anti-terrorism law that requires companies doing business in that country to “provide technical support and assistance, including decryption, to police and national security authorities in prevention and investigation of terrorist activities.” The law is a step back from an earlier draft, which would have required companies to provide the Chinese government with encryption codes. Telecoms and ISPs must verify customer identities, implement information content monitoring systems and provide decryption and other technical support to security bodies conducting anti-terrorism investigations; penalties for failure to comply with these requirements range from CNY 100,000-500,000 (approximately USD 15,500-77,122). [Slate] [Counter-Terrorism Law of the People’s Republic of China] [China counterterrorism law: US cyber privacy advocates express concern] [China’s New Big Brother Law Is A Clone Of The West’s Bad Ideas]

Privacy (US)

US – Technology Will Create New Models for Privacy Regulation: Lessig

In a new interview, Harvard law professor Lawrence Lessig shared his view of the future of privacy in this age of data breaches. “The average cost per user of a data breach is now $240 think of businesses looking at that cost and saying, ‘What if I can find a way to not hold that data, but the value of that data?’ When we do that, our concept of privacy will be different. [WSJ] SEE ALSO: [The Year in Tech Law and Digital Brouhaha, from A to Z: The deals, bills and court cases that garnered headlines in 2015] SEE ALSO [2015 was a tipping point for six technologies that will change the world]

Privacy Enhancing Technologies (PETs)

WW – Microsoft Will Ban Man-in-the-Middle Ad Injection Software

Microsoft will block ad injection software that makes use of man-in-the-middle (MiTM) techniques. The company says it aims “to keep the user in control of their browsing experience.” Microsoft will begin enforcing the changes on March 31, 2016. [ZDNet] [TechNet] See also: [Top Ten Privacy Websites]


WW – 2015 Cybersecurity Market is $75B; Expected to Reach $170B by 2020

Fasten your seat belts. 2016 promises to be a big year for the cybersecurity industry. Following up on October’s report, The Business of Cybersecurity: 2015 Market Size, Cyber Crime, Employment, and Industry Statistics. Part II recaps cybersecurity spending in 2015 and projects market growth over the next five years. Worldwide spending on information security will reach $75 billion for 2015, an increase of 4.7% over 2014, according to the latest forecast from Gartner, Inc. The global cybersecurity market is expected to be worth $170 billion by 2020. The cyber security market is estimated to grow at a compound annual growth rate (CAGR) of 9.8% from 2015 to 2020. According to IDC, the hot areas for growth are security analytics / SIEM (10%); threat intelligence (10% +); mobile security (18​%); and cloud security (50%). The global managed security services market is projected to reach nearly $30 billion by 2020, with a CAGR of 15.8% over the next five years. The global enterprise governance, risk and compliance (GRC) market is expected to grow from $5.8 billion in 2014 to $11.5 billion by 2019, at a CAGR of 14.6% for the period 2014 to 2019. A new cybercrime wave is driving IoT spending, and the Internet of Things (IoT) security market is expected to grow from $6.89 billion in 2015 to nearly $29 billion by 2020. The global IoT security market to grow at a CAGR of nearly 55% over the period 2014-2019. [Forbes]

WW – The Top 16 Security Predictions for 2016

GovTech examined hundreds of expert forecasts for 2016 and beyond, with cyber trends and predicted technology events from top companies, it is hard to be optimistic about our online situation. And yet, the combined predictions tell us an important story about online life. So where is cyberspace heading? What surprises await us? Here’s your annual one-stop roundup of what security experts are telling us will happen next:

1)   Symantec: Symantec leads with attacks on the Internet of Things (IoT) and Apple iOS attacks growing dramatically. An impressive Symantec list of 2016 security predictions overall.

2)   Last December, Raytheon/Websense successfully predicted 2015 health-care concerns in their security predictions overview. This year, Raytheon/Websense leads with predictions about attacker trends (increased abuse of newly created infrastructure), end-user behavior in a post-privacy society and evolving business behaviors as a result of cyberattacks and data breaches — including a surge in cyber insurance.

3)   McAfee (Intel Security): McAfee Labs offer a five-year cybersecurity look ahead in infographic form. They predict a growing attack surface, difficult-to-detect cyberattacks, new device types and much more. They also cover growth in “integrity attacks” where hackers change the data to do harm.

4)   FireEye: FireEye offers a free prediction report on their 2016 webcast which leads with security concerns with Apple devices in 2016 as well as IoT security problems. More sophisticated forms of ransomware attacks. Also, there will be “Increased Attacks on Industrial Control Systems.”

5)   Trend Micro: Trend Micro leads with “2016 will be the year of online extortion.” Second, “At least one consumer-grade smart device failure will be lethal in 2016.” Trend Micro’s presentation of their 2016 security predictions gets them top honors for the best online graphics, clearest presentation, and easiest-to-understand security prediction summary.

6)   Kaspersky: The Kaspersky blog offers a nice narrative of various cyber trends that could lead to major events in 2016, including: “Blackmailing and squeezing money for stolen photos and hacked accounts.” Also car hacks will grow: Culprits probably won’t focus on the systems themselves, but rather on the special protocols, which are implemented to enable communications between cars.

7)   Sophos: Sophos offers their 2016 cybersecurity threat predictions. Like others, they lead with mobile threats rising, IoT platform vulnerabilities and small and medium-size businesses (SMBs) seeing more attacks.

8)   Alert Logic: Alert Logic offers some optimistic 2016 predictions about the cloud — such as: “2016 will be the first year people choose cloud because of the security benefits.” This sets them apart and puts them in the top group.

9)   Network World: Network World’s Jon Oltsik again offers this list, a bit different from other predictions. Leading his 2016 prediction list were: “Greater focus on cyber supply chain security, and the consumerization of authentication.” He also predicted that cyber insurance is set to boom (with others who predicted this).

10) IDC: IDC offers many technology predictions for the CIO Agenda, with #6 By 2016, 70% of IT organizations will shift their focus to advanced ‘contain and control’ security and away from a perimeter mentality. “It’s time for organizations to reframe their security from the old, reactive threat-oriented model to an advanced, proactive, predictive, and integrity-oriented approach,” says Mike Rosen, vice president of research with IDC’s IT Executive Programs (IEP).

11) IBM: IBM offers several intriguing 2016 security predictions. A few include:

  • (More) companies and governments to use block-chain encryption.
  • Cyber intelligence as a service is coming.
  • Vulnerability curators will become prevalent.
  • More data breaches will lead to spikes in cyber-spending.
  • Financial orgs create own fusion centers — leave managed security services.

12) Computer Science Corp. (CSC): CSC’s chief technology officer offers technology trends to watch. Some predictions are on security such as: “As context increases, cybertargets increase.” That is, as data becomes more contextually rich, it becomes more valuable to the enterprise — and to cybercriminals as well.

13) Business Insider offers: “How vulnerable IoT devices are changing the cybersecurity landscape.” This is a deeper look at vulnerable IoT systems:

– Research has repeatedly shown that many IoT device manufacturers and service providers are failing to implement common security measures in their products.

– Hackers could exploit these new devices to conduct data breaches, corporate or government espionage, and damage critical infrastructure like electrical grids.

– Investment in securing IoT devices will increase five-fold over the next five years as adoption of these devices picks up.

14) Forbes Magazine Online: Forbes leads their security prediction list for 2016 with the “leadership over luck theme.” Here’s an excerpt: “Unfortunately in most respects, 2016 won’t change much: users will still click on malicious links; IT will still be bad at patching; the bad guys will still attack; and the tide of misery from breaches will continue. What matters most is whether your organization will be a victim or not. Of course you could do nothing, and be lucky. But the only way to control your fate is to lead your organization to high ground based on a well-considered, security-first strategy. …

15) LogRhythm offers 10 interesting predictions such as: “An uptick in all-in-one home surveillance systems.” We are seeing more motion sensing/camera/recording devices in the home that can be managed through personal devices. This type of technology will continue to expand, and with this expansion, hackers will try to exploit them or cause chaos. Also: A rise in the use of mobile wallet apps. Like having virtual money and an ID in one’s pocket, mobile wallet apps are at the intersection of marketing and payments. And although a mobile wallet is convenient, it is directly tied to one’s mobile phone, which is a critical access vector for cyber threats.

16) Imperva: Imperva has some fascinating and big predictions worth reading, including contractors getting more scrutiny in “Cyber Pat Downs.”

Source: [GovTech] See also: [The weird and wacky of 2015: strange security and privacy stories]

WW – Oracle Reaches Settlement with FTC Over Java SE Security

Oracle, one of the nation’s largest tech companies, is settling federal charges that it misled consumers about the security of its software, which is installed on roughly 850 million computers around the world. The company won’t be paying a fine, and it isn’t admitting to any wrongdoing or fault in its settlement with the FTC. But Oracle will be required to tell consumers explicitly if they have outdated, insecure copies of the software — and to help them remove it. The software, known as Java SE, helps power many of the features consumers expect to see when they browse the Web, from browser-based games to online chatrooms. But security experts say Java is notoriously vulnerable to attack. It has been linked to a staggering array of security flaws that can enable hackers to steal personal information from users, including the login information for people’s financial accounts, the FTC said. [Washington Post]


US – Gov’t Warrantless Collection of Communications is Constitutionally Valid

Jamshid Muhtorov (“Defendant”) moves to dismiss evidence the United States of America (“Plaintiff”) allegedly illegally collected under the FISA Amendments Act of 2008 (“FAA”). In the context of national security, a warrantless search and seizure of electronic communications under the FISA Amendments Act (“FAA”) was reasonable since privacy expectations are diminished as an individual puts more information out into the ether of the global telecommunications network (the controls provided in FISA balance the government’s use of FAA-acquired communications against the individual’s privacy interests). [United States of America v Jamshid Muhtorov and Bakhtiyor Jumaev – Criminal Case No 12-CR-00033-JLK – USDC for the District of Colorado]

EU – Dutch DPA: WiFi Tracking in Stores Conflicts with Data Protection Law

The data protection authority in the Netherlands (“DPA”) investigated Bluetrace, a technology company, for collection of tracking and location data of shoppers and passersby. Measurement data was collected from individuals in shopping malls (mac addresses of mobile phones, signal strength of WiFi, serial number of sensor and timing); data was collected 24 hours a day, 7 days a week and kept indefinitely, individuals could be identified using a combination of the data, and shoppers were not informed about collection. [DPA Netherlands – WiFi Tracking Around Stores in Conflict with the Law]

UK – Hyde Park Visitors Covertly Tracked Via Mobile Phone Data

Visitors to Hyde Park, one of London’s most famous tourist spots, were covertly tracked via their mobile phone signals in a trial undertaken by the Royal Parks to analyse footfall amid drastic funding cuts. Officials were able to retrospectively locate park-goers for 12 months using anonymised mobile phone data provided by the network operator EE via a third party. Aggregated age and gender data was also made available during the initiative. If a zone of the park contained more than 50 people at once, it was possible to “drill down” to the aggregated demographic data of visitors to that area too, creating a detailed picture of how different people used the park in previous months. [The Guardian]


US – California’s DMV Puts the Brakes on Self-Driving Cars

The California DMV released its draft guidelines for the deployment of some autonomous vehicles, offering an early window into how regulators will address safety and privacy concerns surrounding the emerging technology. But officials excluded fully self-driving vehicles from their proposal, citing safety concerns. The current draft rules appear to be a barrier to companies interested in offering fleets of fully autonomous vehicles as a ride service in the state. “We’re gravely disappointed that California is already writing a ceiling on the potential for fully self-driving cars,” Google said in a statement. “Safety is our highest priority and primary motivator as we do this.” [Washington Post]

US – Astronaut Tim Peake Calls Wrong Number from Space Station

UK astronaut Tim Peake has apologised for dialing a wrong number from space and saying to a woman on the other end of the line: “Hello, is this planet Earth?” Mr Peake said on Twitter it was not intended to be a “prank call”. [BBC]

US Government Programs

US – Law Student Sues to Overturn New TSA Full-Body Scan Policy

A law student in Miami has asked a federal appeals court to overturn a new Transportation Security Administration policy that could require travelers to use full-body scanners at airport checkpoints even if they opt for a pat-down search. [USA Today]

US – FAA Issues Final Rule for Drone Registration and Marking Requirements

The Federal Aviation Administration (“FAA”) amends Title 14 of the Code of Federal Regulations to implement registration and marking requirements for small unmanned aircraft (“drones”). The interim final rule implements a web-based aircraft registration process for owners of small drones; registrants will receive their Certificate of Aircraft Registration/Proof of Ownership, valid for 3 years, that will include a unique identification number that must be marked on the drone. The normal registration fee is $5, but in an effort to encourage registration, the FAA is waiving this fee for the first 30 days (from December 21, 2015 to January 20, 2016). Comments on this interim final rule are due by January 15, 2016. [FAA – 14 CFR Parts 1_45_47_48_91 and 375 – Interim Final Rule – Registration and Marking Requirements for Small Unmanned Aircraft] [Press Release] [Politico: Drone privacy push could stall out] See also: [FAA drone ban extended 30 miles beyond DC] [The FAA’s rules are clashing with established and more developed rules: NYT] [Here’s how to register your drone with the government] AND [CA – OPP Issues Message for Drone Users]

US Legislation

US – Amendments to GLBA Provides Exemptions to Notice Requirements

Financial Institutions will no longer be required to provide customers with an annual privacy notice provided they meet 2 conditions – they provide non-public personal information (“PI”) about customers to non-affiliated third parties only pursuant to GLBA exceptions permitting such disclosure, and they have not changed its policies and practices relating to disclosure of nonpublic PI from those disclosed in its most recent GLBA privacy notice. H.R. 22, Fixing America’s Surface Transportation Act (“FAST Act”) amends the Gramm-Leach-Bliley Act (“GLBA”) and the Fair Credit Reporting Act (“FCRA”): The Bill was signed by President Obama on December 4, 2015. [Congress Close to Approving Limited GLBA Regulatory Relief – Nathan D Taylor, Partner, Morrison Foerster, LLP]

Workplace Privacy

EU – French Supreme Court Ruled Supervisor Unlawfully Uploaded Employee Personal Data to Intranet Site

An employee’s supervisor’s negligence and system error lead to the unlawful disclosure of an employee’s performance review (the review was posted on the company intranet site rather than the supervisor’s secretary’s inbox) without authorisation from the employee, in contravention of the Personal Data Protection Act. [Laurent X v Francois-Gilles Y – Supreme Court of France – Case No 13-85587]

WW – The Open-Office Trend is Destroying the Workplace

New open floor plans are ideal for maximizing a company’s space while minimizing costs. Bosses love the ability to keep a closer eye on their employees, ensuring clandestine porn-watching, constant social media-browsing and unlimited personal cellphone use isn’t occupying billing hours. But employers are getting a false sense of improved productivity. A 2013 study found that many workers in open offices are frustrated by distractions that lead to poorer work performance. Nearly half of the surveyed workers in open offices said the lack of sound privacy was a significant problem for them and more than 30% complained about the lack of visual privacy. Meanwhile, “ease of interaction” with colleagues — the problem that open offices profess to fix – was cited as a problem by fewer than 10% of workers in any type of office setting. In fact, those with private offices were least likely to identify their ability to communicate with colleagues as an issue. In a previous study, researchers concluded that “the loss of productivity due to noise distraction … was doubled in open-plan offices compared to private offices.” The New Yorker, in a review of research on this nouveau workplace design, determined that the benefits in building camaraderie simply mask the negative effects on work performance. While employees feel like they’re part of a laid-back, innovative enterprise, the environment ultimately damages workers’ attention spans, productivity, creative thinking, and satisfaction. [Washington Post]




Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: