Governors and Federal Agencies Are Blocking Nearly 1,300 Accounts on Facebook and Twitter

[Editor's note: today's guest blog post, by the reporters at ProPublica, highlights a little-known practice by some elected officials to block their constituents on social networking sites. Today's post is reprinted with permission.]

By Leora Smith and Derek Kravitz - ProPublica

Amanda Farber still doesn’t know why Maryland Gov. Larry Hogan blocked her from his Facebook group. A resident of Bethesda and full-time parent and volunteer, Farber identifies as a Democrat but voted for the Republican Hogan in 2014. Farber says she doesn’t post on her representatives’ pages often. But earlier this year, she said she wrote on the governor’s Facebook page, asking him to oppose the Trump administration’s travel ban and health care proposal.

She never received a response. When she later returned to the page, she noticed her comment had been deleted. She also noticed she had been blocked from commenting. (She is still allowed to share the governor’s posts and messages.)

Farber has repeatedly emailed and called Hogan’s office, asking them to remove her from their blacklist. She remains blocked. According to documents ProPublica obtained through an open-records request this summer, hers is one of 494 accounts that Hogan blocks. Blocked accounts include a schoolteacher who criticized the governor’s education policies and a pastor who opposed the governor’s stance against accepting Syrian refugees. They even have their own Facebook group: Marylanders Blocked by Larry Hogan on Facebook.

Hogan’s office says they “diligently adhere” to their social media policy when deleting comments and blocking users.

In August, ProPublica filed public-records requests with every governor and 22 federal agencies, asking for lists of everyone blocked on their official Facebook and Twitter accounts. The responses we’ve received so far show that governors and agencies across the country are blocking at least 1,298 accounts. More than half of those — 652 accounts — are blocked by Kentucky Governor Matt Bevin, a Republican.

Four other Republican governors and four Democrats, as well as five federal agencies, block hundreds of others, according to their responses to our requests. Five Republican governors and three Democrats responded that they are not blocking any accounts at all. Many agencies and more than half of governors’ offices have not yet responded to our requests. Most of the blocked accounts appear to belong to humans but some could be “bots,” or automated accounts.

When the administrator of a public Facebook page or Twitter handle blocks an account, the blocked user can no longer comment on posts. That can create an inaccurate public image of support for government policies. (Here’s how you can dig into whether your elected officials are blocking constituents.)

ProPublica made the records requests and asked readers for their own examples after we detailed multiple instances of officials blocking constituents.

We heard from dozens of people. The governors’ offices in Alaska, Maine, Mississippi, Nebraska and New Jersey did not respond to our requests for records, but residents in each of those states reported being blocked. People were blocked after commenting on everything from marijuana legislation to Medicaid to a local green jobs bill.

For some, being blocked means losing one of few means to communicate with their elected representatives. Ann-Meredith McNeill, who lives in western rural Kentucky, told ProPublica that Bevin rarely visits anywhere near her. McNeill said she feels like “the internet is all I have” for interacting with the governor.

McNeill said she was blocked after criticizing Bevin’s position on abortion rights. (Last January, Bevin’s administration won a lawsuit that resulted in closing one of Kentucky’s two abortion clinics, the event that McNeill says inspired her comment.)

In response to questions about its social media blocking policies, Bevin’s office said in a statement that “a small number of users misuse [social media] outlets by posting obscene and abusive language or images, or repeated off-topic comments and spam. Constituents of all ages should be able to engage in civil discourse with Governor Bevin via his social media platforms without being subjected to vulgarity or abusive trolls.” McNeill told ProPublica, “I’m sure I got sassy” but she made “no threats or anything.”

Almost every federal agency that responded is blocking accounts. The Department of Veterans Affairs blocked 18 accounts as of July, but said most were originally blocked before 2014. The blocked accounts included a Michigan law firm specializing in auto accident cases and a Virginia real estate consultant who told ProPublica she had “no idea why” she was blocked. The Department of Energy blocked eight accounts as of October. The Department of Labor blocked seven accounts. And the Small Business Administration blocked two accounts, both of which were unverified and claimed to be affiliated with government loan programs.

Many governors and agencies gave us only partial lists or rejected our requests altogether. Outgoing Kansas Gov. Sam Brownback’s office told us they would not share their block lists due to “privacy concerns for those people whose names might appear on it.” Alabama declined to provide public records because our request did not come from an Alabama citizen.

Missouri Gov. Eric Greitens’ office declined to share records from his Facebook or Twitter accounts, arguing they are not “considered to be the ‘official’ social media accounts of the Governor of Missouri” because he created them before he took office.

Increased attention on the issue of blocking seems to be having an impact. In September, the California-based First Amendment Coalition revealed that California Governor Jerry Brown, a Democrat, had blocked more than 1,500 accounts until June, shortly before the organization submitted a request for his social media records.

At some point before fulfilling the coalition’s request, Brown’s office unblocked every account.

Vermont Gov. Phil Scott, a Republican, blocked the activist group Indivisible Vermont on Twitter on Aug. 25. On Aug. 28, Vermont reporter Taylor Dobbs submitted a request for the governor’s full blocked list, shortly after ProPublica’s similar request. Later that day, Scott unblocked the group and released a statement saying the account was “misconstrued as spam.”

Wisconsin Gov. Scott Walker’s office unblocked at least two Facebook users after receiving ProPublica’s request. Here are screenshots they sent us showing that the users have been unblocked:

In the last year, a series of legal claims have called into question the legality of government officials blocking constituents on social media.

At least one federal district court held that government officials who block constituents are violating their First Amendment rights.

Constituents have pending lawsuits against the governors of Kentucky, Maine, and Maryland, as well as Representative Paul Gosar, R-Ariz., and President Trump.

We asked the White House, which is not subject to open-records laws, to disclose the list of people Trump is blocking. Officials there have not responded.

Filed under:

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Photos: December 7 Demonstration In Boston To Keep Net Neutrality

Demonstrations occurred nationwide on December 7 to save net neutrality. Citizens took to the streets to keep our internet services open. About 200 persons attended the demonstration in Boston on Boylston Street. It was encouraging to meet several students from local universities participating in the event. They understand the issue and its seriousness. Several A.C.L.U. members also participated:

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4910

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4897

Boylston Street, Boston. December 7, 2017. Keep net neutrality. Image 4904

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4900

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4905

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4908

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4906

Browse photos from other demonstrations nationwide on December 7. Contact your elected officials in Congress, and learn about the next day of action on December 12, 2017. More resources:


Futurism: Your Life Without Net Neutrality Protections

Federal communications Commission logo You've probably heard that Ajit Pai, the Chairman of the U.S. Federal Communications Commission (FCC), is leading his agency towards a vote on December 14, 2017 to kill net neutrality. How will consumers' online lives change? Futurism described what your online life will be like without net neutrality:

"You’re at work and want to check Facebook on your lunch break to see how your sister is doing. This is not exactly a straightforward task, as your company uses Verizon. You’re not about to ask your boss if they’d consider putting up the extra cash every month so that you can access social media in the office, so you’ll have to wait until you get home.

That evening, you log in to pay your monthly internet bill — or rather, bills.

See, there’s the baseline internet cost, but without net neutrality, you also have to pay a separate monthly fee for social media, another for "leisure" pages like Reddit and Imgur, and another still for liberal-leaning news sites — because your provider’s CEO is politically conservative. Not only is your bill confusing, you’re not sure you can really afford to access all these websites that, at one point in time, you took for granted.

In addition to the sites you can access if you pay for them, there are also websites that have just become lost to you. Websites that you once frequented, but that now, you aren’t even sure how to access anymore. You can’t even pay to access them. You used to like reading strange Wikipedia articles late at night and cruising for odd documentaries — but now, all those interests that once entertained and educated you in your precious and minimal free time are either behind yet another separately provided paywall or blocked entirely. You’ve started to ask around, see if your friends or coworkers with other providers have better access... but the story is pretty much always the same."

Net neutrality meme highlighting blocked content. Click to view larger version In short, without net neutrality:

  1. You will lose the freedom to use the internet bandwidth you've purchased monthly as you desire;
  2. Corporate internet service providers (ISPs) increase their their revenues and profits by adding tolls to each package in a sliced-and-diced approach to internet content;
  3. Your internet bill will become just as confusing, frustrating, and expensive as your cable-TV bill, where ISPs force you to buy several expensive packages of sites in order to access your favorite sites;
  4. The new, expensive tolls allow ISPs to decide what internet content you see and don't see. Sites or content producers unwilling to pay fees to ISPs will find their content blocked or relegated to "slow" speed lanes; and
  5. Both middle-class and poor online users will bear the brunt of the price increases.

If you think this can't happen in the United States, consider:

"Some countries are already living this reality. In New Zealand, Vodafone offers mobile internet packages that are comprised of different types of services. You might have to pay a certain amount to access social apps like Snapchat and Instagram, and a separate fee to chat with friends via Facebook Messenger and iMessage. A similar framework is used by Portugal’s MEO, where messaging, social media, music streaming, video streaming, and email are also split into separate packages.

Long ago, FCC Chairman Pai made his position clear. Breitbart News reported on April 28, 2017:

"Federal Communications Commission (FCC) Chairman Ajit Pai told Breitbart News in an exclusive interview that an open and free internet is vital for America in the 21st century. During a speech at the Newseum on Wednesday, Pai said he plans to roll back the net-neutrality regulations and to restore the light-touch regulatory system established by President Bill Clinton and Congressional Republicans by the 1996 Telecommunications Act... Chairman Pai said during his speech that the internet prospered before net neutrality was enacted... Breitbart News asked the FCC chief why he thinks that net neutrality is a problem, and why we must eliminate the rule. He said: "Number one there was no problem to solve, the internet wasn’t broken in 2015. In that situation, it doesn’t seem me that preemptive market-wide regulation is necessary. Number two, even if there was a problem, this wasn’t the right solution to adopt. These Title II regulations were inspired during the Great Depression to regulate Ma Bell which was a telephone monopoly. And the broadband market we have is very different from the telephone market of 1934. So, it seems to me that if you have 4,462 internet service providers and if a few of them are behaving in a way that is anti-competitive or otherwise bad for consumer welfare then you take targeted action to deal with that. You don’t declare the entire market anti-competitive and treat everyone as if they are a monopolist. Going forward we are going to propose eliminating that Title II classification and figure out the right way forward. The bottom line is, everyone agrees on the principles of a free and open internet what we disagree with is how many regulations are needed to preserve the internet." "

Note the language. Pai uses "free and open internet" to refer to freedoms for ISPs to do what they want; a slick attempt to co-opt language net neutrality proponentsused for freedoms for consumers go online where they want without additional fees. Pai's "Light touch" means fewer regulations for ISPS regardless of the negative consequences upon consumers. Pai's comments in April attempted to spin existing net neutrality laws as antiquated ("the telephone market of 1934"), when, in fact, net neutrality was established recently... in 2010. Even the same Breitbart News article admitted this:

"Net neutrality passed under former Democrat Tom Wheeler’s FCC in 2010."

Pai's exaggerations and falsehoods are astounding. Plenty of bogus claims by Pai and net neutrality critics. In January of this year, President Donald Trump appointed Ajit Pai, a former lawyer with Verizon, as the FCC Chairman. Earlier this year, CNN reported:

"More than 1,000 startups and investors have now signed an open letter to Pai opposing the proposal. The Internet Association, a trade group representing bigger companies like Facebook, Google, and Amazon, has also condemned the plan. "The current FCC rules are working for consumers and the protections need to be kept in tact," Michael Beckerman, president and CEO of the Internet Association, said at a press conference Wednesday."

Regular readers of this blog are aware that more than "a few" ISPs committed abused consumers and content producers. (A prior blog post listed many historical problems and abuses of consumers by some ISPs.) Also, consider this: Pai made his net-neutrality position clear long before the public submitted comments to the FCC this past summer. Sounds like he never really intended to listen to comments from the public. Not very open minded.

As bad it all of this sounds, it's even worse. How? An FCC Commissioner, 28 U.S. senators, and the New York State Attorney General (AG) have lobbied FCC Chairman Pai to delay the net neutrality vote planned by the FCC on December 14, due to clear and convincing evidence of the massive fraud of comments submitted to the FCC's online commenting system.

In short, the FCC's online comments system is corrupted, hacked, and unreliable. The group (e.g., FCC commissioner, 28 Senators, and NY State AG) also objects to the elimination of net neutrality on the merits.

The fraud evidence is pretty damning, but Chairman Pai seems intent upon going ahead with a vote to kill net neutrality despite the comments fraud. Why? How? Ars Technica reported on December 4th:

"FCC Chairman Ajit Pai says that net neutrality rules aren't needed because the Federal Trade Commission can protect consumers from broadband providers... When contacted by Ars, Pai's office issued this statement in response to the [delay request] letter: "This is just evidence that supporters of heavy-handed Internet regulations are becoming more desperate by the day as their effort to defeat Chairman Pai's plan to restore Internet freedom has stalled. The vote will proceed as scheduled on December 14."

I find the whole process deeply disturbing. First, only 28 U.S. Senators seem concerned about the massive comments fraud. Why aren't all 100 concerned? Second, why aren't any House members concerned? Third, President Trump hasn't said anything about it. (This makes one wonder if POTUS45 either doesn't care consumers are hurt, or is asleep at the wheel.) Elected officials in positions of responsibility seem willing to ignore valid concerns.

Logo-verizon-protestsMany consumers are concerned, and protests to keep net neutrality are scheduled for later today outside Verizon stores nationwide. What do you think?


The Limitations And Issues With Facial Recognition Software

We've all seen television shows where police technicians use facial recognition software to swiftly and accurately identify suspects, or catch the bad guys. How accurate is that? An article in The Guardian newspaper discussed the promises, limitations, and issues with facial recognition software used by law enforcement:

"The software, which has taken an expanding role among law enforcement agencies in the US over the last several years, has been mired in controversy because of its effect on people of color. Experts fear that the new technology may actually be hurting the communities the police claims they are trying to protect... "It’s considered an imperfect biometric," said Clare Garvie, who in 2016 created a study on facial recognition software, published by the Center on Privacy and Technology at Georgetown Law, called The Perpetual Line-Up. "There’s no consensus in the scientific community that it provides a positive identification of somebody"... [Garvie's] report found that black individuals, as with so many aspects of the justice system, were the most likely to be scrutinized by facial recognition software in cases. It also suggested that software was most likely to be incorrect when used on black individuals – a finding corroborated by the FBI's own research. This combination, which is making Lynch’s and other black Americans’ lives excruciatingly difficult, is born from another race issue that has become a subject of national discourse: the lack of diversity in the technology sector... According to a 2011 study by the National Institute of Standards and Technologies (Nist), facial recognition software is actually more accurate on Asian faces when it’s created by firms in Asian countries, suggesting that who makes the software strongly affects how it works... Law enforcement agencies often don’t review their software to check for baked-in racial bias – and there aren’t laws or regulations forcing them to."


Lower Tax Rate And Fewer Deductions. Questionable Help For Middle Class Taxpayers

Yesterday, I received an alert from the professional that prepares my income taxes:

"Dear Clients,
I know that Congress has not yet finalized the new tax law, but it looks pretty certain that Certain Miscellaneous Deductions will no longer be allowed in 2018. If you want to know if that affects you, see if there is an entry on your Schedule A, Line 27 from 2016. If you take the standard deduction, then don’t worry about it. These deductions include expenses for using your car on the job, un-reimbursed overnight travel and meals, union dues, uniforms, tools, and job training/education.

Some of my clients have huge union dues (police officers, carpenters, electricians, etc.) and others have Second Job Travel or 10-30,000 miles a year in their sales jobs. Every one of you will be hurt by this change.

If there are any expenses you can pay in December, be sure to do that so you can save 15 - 25% on your federal taxes... maybe even more. For example, do you have the option of paying your annual union dues all at once in December? Were you planning to buy a computer used for your job sometime soon? Is there a job-related course... or some tools and supplies... that you can pay for in December rather than next year? Remember... every $100 that you pay in December will save you $15 to $33 in taxes when we meet in a couple months...”

If you haven't consulted with your tax advisor, then now seems to be a good time to do so. Many people return to school to get better, high-paying jobs, or as required by their profession. The tax code allows companies to deduct expenses for business and trade associations, so why prevent union members from doing so? It seems that taxpayers with plenty of miscellaneous deductions will be hurt more than persons with fewer or no deductions.

And Republicans are probably hoping that voters won't notice nor feel the pain until after the 2018 elections.

President Trump and the Republications promised to help the middle class and poor with tax reform, but the above impacts don't seem helpful. The benefits of lower tax rates are offset by the lost deductions. To use an old saying, that seems like Congress and Republicans are giving taxpayers, "the sleeves off their vests."

You might say this is a "mugging" of many taxpayers. What are your opinions?


Report: Several Impacts From Technology Changes Within The Financial Services Industry

For better or worse, the type of smart device you use can identify you in ways you may not expect. First, a report by London-based Privacy International highlighted the changes within the financial services industry:

"Financial services are changing, with technology being a key driver. It is affecting the nature of financial services from credit and lending through to insurance and even the future of money itself. The field known as “fintech” is where the attention and investment is flowing. Within it, new sources of data are being used by existing institutions and new entrants. They are using new forms of data analysis. These changes are significant to this sector and the lives of the people it serves. We are seeing dramatic changes in the ways that financial products make decisions. The nature of the decision-making is changing, transforming the products in the market and impacting on end results and bottom lines. However, this also means that treatment of individuals will change. This changing terrain of finance has implications for human rights, privacy and identity... Data that people would consider as having nothing to do with the financial sphere, such as their text-messages, is being used at an increasing rate by the financial sector...  Yet protections are weak or absent... It is essential that these innovations are subject to scrutiny... Fintech covers a broad array of sectors and technologies. A non-exhaustive list includes:

  • Alternative credit scoring (new data sources for credit scoring)
  • Payments (new ways of paying for goods and services that often have implications for the data generated)
  • Insurtech (the use of technology in the insurance sector)
  • Regtech (the use of technology to meet regulatory requirements)."

"Similarly, a breadth of technologies are used in the sector, including: Artificial Intelligence; Blockchain; the Internet of Things; Telematics and connected cars..."

While the study focused upon India and Kenya, it has implications for consumers worldwide. More observations and concerns:

"Social media is another source of data for companies in the fintech space. However, decisions are made not on just on the content of posts, but rather social media is being used in other ways: to authenticate customers via facial recognition, for instance... blockchain, or distributed ledger technology, is still best known for cryptocurrencies like BitCoin. However, the technology is being used more broadly, such as the World Bank-backed initiative in Kenya for blockchain-backed bonds10. Yet it is also used in other fields, like the push in digital identities11. A controversial example of this was a very small-scale scheme in the UK to pay benefits using blockchain technology, via an app developed by the fintech GovCoin12 (since renamed DISC). The trial raised concerns, with the BBC reporting a former member of the Government Digital Service describing this as "a potentially efficient way for Department of Work and Pensions to restrict, audit and control exactly what each benefits payment is actually spent on, without the government being perceived as a big brother13..."

Many consumers know that you can buy a wide variety of internet-connected devices for your home. That includes both devices you'd expect (e.g., televisions, printers, smart speakers and assistants, security systems, door locks and cameras, utility meters, hot water heaters, thermostats, refrigerators, robotic vacuum cleaners, lawn mowers) and devices you might not expect (e.g., sex toys, smart watches for children, mouse traps, wine bottlescrock pots, toy dolls, and trash/recycle bins). Add your car or truck to the list:

"With an increasing number of sensors being built into cars, they are increasingly “connected” and communicating with actors including manufacturers, insurers and other vehicles15. Insurers are making use of this data to make decisions about the pricing of insurance, looking for features like sharp acceleration and braking and time of day16. This raises privacy concerns: movements can be tracked, and much about the driver’s life derived from their car use patterns..."

And, there are hidden prices for the convenience of making payments with your favorite smart device:

"The payments sector is a key area of growth in the fintech sector: in 2016, this sector received 40% of the total investment in fintech22. Transactions paid by most electronic means can be tracked, even those in physical shops. In the US, Google has access to 70% of credit and debit card transactions—through Google’s "third-party partnerships", the details of which have not been confirmed23. The growth of alternatives to cash can be seen all over the world... There is a concerted effort against cash from elements of the development community... A disturbing aspect of the cashless debate is the emphasis on the immorality of cash—and, by extension, the immorality of anonymity. A UK Treasury minister, in 2012, said that paying tradesman by cash was "morally wrong"26, as it facilitated tax avoidance... MasterCard states: "Contrary to transactions made with a MasterCard product, the anonymity of digital currency transactions enables any party to facilitate the purchase of illegal goods or services; to launder money or finance terrorism; and to pursue other activity that introduces consumer and social harm without detection by regulatory or police authority."27"

The report cited a loss of control by consumers over their personal information. Going forward, the report included general and actor-specific recommendations. General recommendations:

  • "Protecting the human right to privacy should be an essential element of fintech.
  • Current national and international privacy regulations should be applicable to fintech.
  • Customers should be at the centre of fintech, not their product.
  • Fintech is not a single technology or business model. Any attempt to implement or regulate fintech should take these differences into account, and be based on the type activities they perform, rather than the type of institutions involved."

Want to learn more? Follow Privacy International on Facebook, on Twitter, or read about 10 ways of "Invisible Manipulation" of consumers.


Facebook to Temporarily Block Advertisers From Excluding Audiences by Race

[Editor's note: today's guest blog post, by the reporters at ProPublica, discusses advertising practices by both Facebook, a popular social networking site, and some advertisers using the site. Today's post is reprinted with permission.]

By Julia Angwin, ProPublica

Facebook said it would temporarily stop advertisers from being able to exclude viewers by race while it studies the use of its ad targeting system.

“Until we can better ensure that our tools will not be used inappropriately, we are disabling the option that permits advertisers to exclude multicultural affinity segments from the audience for their ads,” Facebook Sheryl Sandberg wrote in a letter to the Congressional Black Caucus.

ProPublica disclosed last week that Facebook was still allowing advertisers to buy housing ads that excluded audiences by race, despite its promises earlier this year to reject such ads. ProPublica also found that Facebook was not asking housing advertisers that blocked other sensitive audience categories — by religion, gender, or disability — to “self-certify” that their ads were compliant with anti-discrimination laws.

Under the Fair Housing Act of 1968, it’s illegal to “to make, print, or publish, or cause to be made, printed, or published any notice, statement, or advertisement, with respect to the sale or rental of a dwelling that indicates any preference, limitation, or discrimination based on race, color, religion, sex, handicap, familial status, or national origin.” Violators face tens of thousands of dollars in fines.

In her letter, Sandberg said the company will examine how advertisers are using its exclusion tool — “focusing particularly on potentially sensitive segments” such as ads that exclude LGBTQ communities or people with disabilities. “During this review, no advertisers will be able to create ads that exclude multicultural affinity groups,” Facebook Vice President Rob Goldman said in an e-mailed statement.

Goldman said the results of the audit would be shared with “groups focused on discrimination in ads,” and that Facebook would work with them to identify further improvements and publish the steps it will take.

Sandberg’s letter to the Congressional Black Caucus is the outgrowth of a dialogue that has been ongoing since last year when ProPublica published its first article revealing Facebook was allowing advertisers to exclude people with an “ethnic affinity” for various minority groups, including African Americans, Asian Americans and Hispanics, from viewing their ads.

At that time, four members of the Congressional Black Caucus reached out to Facebook for an explanation. “This is in direct violation of the Fair Housing Act of 1968, and it is our strong desire to see Facebook address this issue immediately,” wrote the lawmakers.

The U.S. Department of Housing and Urban Development, which enforces the nation’s fair housing laws, opened an inquiry into Facebook’s practices.

But in February, Facebook said it had solved the problem — by building an algorithm that would allow it to spot and reject housing, employment and credit ads that discriminated using racial categories. For audiences not selected by race, Facebook said it would require advertisers to “self-certify” that their ads were compliant with the law.

HUD closed its inquiry. But last week, ProPublica successfully purchased dozens of racist, sexist and otherwise discriminatory ads for a fictional housing company advertising a rental. None of the ads were rejected and none required a self-certification. Facebook said it was a “technical failure” and vowed to fix the problem.

U.S. Rep. Robin Kelly, D-Ill., said that Facebook’s actions to disable the feature are “an appropriate action.” “When I first raised this issue with Facebook, I was disappointed. When it became necessary to raise the issue again, I was irritated,” she said. “I will continue watching this issue very closely to ensure these issues do not raise again.”

Filed under:

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

 


State Of Washington Sues Uber For Alleged Data Breach Law Violations

The Office of the Attorney General (AG) for Washington State has filed a lawsuit against Uber, the popular ride-sharing company, for alleged violations of the state's data breach laws. The AG's office explained in a press release:

"Under a 2015 amendment to the state’s data breach law requested by AG Bob Ferguson, consumers must be notified within 45 days of a breach, and the Attorney General’s Office also must be notified within 45 days if the breach affects 500 or more Washingtonians. This is the first lawsuit filed under the revised statute... Uber notified the Attorney General’s Office of the breach Nov. 21, 2017, roughly 372 days after it discovered the breach. Rather than reporting the breach as required by law, the company has admitted to paying the hackers to destroy the stolen data."

Uber logo The massive data breach affected 57 million users, including both riders and drivers. This is critical because:

"... the hackers also obtained the names and driver’s license numbers of about 7 million drivers for the company. About 600,000 of those drivers live in the United States, and at least 10,888 live in Washington... The [AG's] office argues each day Uber failed to report for each individual qualifies as a separate violation under the law. Ferguson’s lawsuit asks for civil penalties of up to $2,000 per violation, which should result in a penalty in the millions of dollars. The state also asks for recovery of its costs and fees."

Important information for residents of Washington State:

"Washington has two data breach laws: One applying to individuals and businesses, the other for local and state government agencies. The laws are essentially the same and require notification to Washingtonians at risk of harm because of a security breach that includes personal information, meaning someone’s name and any of the following: a) Social Security number; b) Driver’s license number or Washington identification card number; or c) Bank account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s account."

Since 48 states have data breach notification laws, I expect many more lawsuits. (Consumers in Alabama and South Dakota might ask their elected officials why their states don't have laws requiring notice.) When a company intentionally decides not to comply with states' laws, there must be consequences. Corporate executives must be held accountable for their actions and decisions; especially when they negatively affect consumers.

What are your opinions?


Security Researchers Announce Another Method To Defeat Apple Face ID

Bkav-artificial-mask
You may remember, earlier this year Apple launched its iPhone X with Face ID feature for users to unlock their phones:

"Your face is now your password. Face ID is a secure and private new way to unlock, authenticate, and pay... Face ID is enabled by the TrueDepth camera and is simple to set up. It projects and analyzes more than 30,000 invisible dots to create a precise depth map of your face."

Like it or not, there is no security system for your smartphone that can't be defeated. Mashable reported yesterday that security researchers have found another method to defeat Face ID:

"The same Vietnamese team that managed to trick Face ID with an elaborately constructed mask now says it has found a way to create a replicated face capable of unlocking Apple's latest and greatest biometric using a series of surreptitiously snagged photographs. Apple has copped to the fact that Face ID, for all its technical prowess, isn't perfect. It can be tricked by twins. For

The Bkav researchers explained in a blog post how their crude mask defeated Face ID:

"Bkav used a 3D mask (which costs ~200 USD), made of stone powder, with glued 2D images of the eyes. Bkav experts found out that stone powder can replace paper tape (used in previous mask) to trick Face ID' AI at higher scores. The eyes are printed infrared images – the same technology that Face ID itself uses to detect facial image. These materials and tools are casual for anyone. An iPhone X has its highest security options enabled, then has the owner's face enrolled to set up Face ID, then is immediately put in front of the mask, iPhone X is unlocked immediately. There is absolutely no learning of Face ID with the new mask in this experiment."

The same blog post also explained how a three-dimensional model can defeat Face ID:

"Bkav researchers said that making 3D model is very simple. A person can be secretly taken photos in just a few seconds when entering a room containing a pre-setup system of cameras located at different angles. Then, the photos will be processed by algorithms to make a 3D object.

It can be said that, until now, Fingerprint is still the most secure biometric technology. Collecting a fingerprint is much harder than taking photos from a distance. Meanwhile, just by taking photos from a distance to create 3D objects as mentioned above, both Apple's Face ID and Samsung's Iris Scanner can be bypassed easily."

Experts advise consumers to continue using passcodes, especially for online banking apps. And high-value targets (e.g., senior corporate executives, government officials, politicians, attorneys, etc.) probably shouldn't use facial recognition features to unlock their mobile devices.

I guess that 3-D models will provide law enforcement (and spy agencies) with new ways to use their archived collections of facial images. The Guardian reported earlier this year:

"Approximately half of adult Americans’ photographs are stored in facial recognition databases that can be accessed by the FBI, without their knowledge or consent, in the hunt for suspected criminals. About 80% of photos in the FBI’s network are non-criminal entries, including pictures from driver’s licenses and passports. The algorithms used to identify matches are inaccurate about 15% of the time, and are more likely to misidentify black people than white people."

What do you think?


Uber: Data Breach Affected 57 Million Users. Some Say A Post Breach Coverup, Too

Uber logo Uber is in the news again. And not in a good way. The popular ride-sharing service experienced a data breach affecting 57 million users. While many companies experience data breaches, regulators say Uber went further and tried to cover it up.

First, details about the data breach. Bloomberg reported:

"Hackers stole the personal data of 57 million customers and drivers... Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers..."

Second, details about the coverup:

"... the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers... At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet."

Geez. Not tell regulators about a breach? Not tell affected users? 48 states have data breach notification laws requiring various levels of notifications. Consumers need notice in order to take action to protect themselves and their sensitive personal and payment information.

Third, Uber executives learned about the breach soon thereafter:

"Kalanick, Uber’s co-founder and former CEO, learned of the hack in November 2016, a month after it took place, the company said. Uber had just settled a lawsuit with the New York attorney general over data security disclosures and was in the process of negotiating with the Federal Trade Commission over the handling of consumer data. Kalanick declined to comment on the hack."

Reportedly, breach victims with stolen drivers license information will be offered free credit monitoring and identity theft services. Uber said that no Social Security numbers and credit card information was stolen during the breach, but one wonders if Uber and its executives can be trusted.

The company has a long history of sketchy behavior including the 'Greyball' worldwide program by executives to thwart code enforcement inspections by governments, dozens of employees fired or investigated for sexual harassment, a lawsuit descrbing how the company's mobile app allegedly scammed both riders and drivers, and privacy abuses with the 'God View' tool. TechCrunch reported that Uber:

"... reached a settlement with [New York State Attorney General] Schneiderman’s office in January 2016 over its abuse of private data in a rider-tracking system known as “God View” and its failure to disclose a previous data breach that took place in September 2014 in a timely manner."

Several regulators are investigating Uber's latest breach and alleged coverup. CNet reported:

"The New York State Attorney General has opened an investigation into the incident, which Uber made public Tuesday. Officials for Connecticut, Illinois and Massachusetts also confirmed they're investigating the hack. The New Mexico Attorney General sent Uber a letter asking for details of the hack and how the company responded. What's more, Uber appears to have broken a promise made in a Federal Trade Commission settlement not to mislead users about data privacy and security, a legal expert says... In addition to its agreement with the FTC, Uber is required to follow laws in New York and 47 other states that mandate companies to tell people when their drivers' license numbers are breached. Uber acknowledged Tuesday it had a legal requirement to disclose the breach."

The Financial Times reported that the U.K. Information Commissioner's Office is investigating the incident, along with the National Crime Agency and the National Cyber Security Centre. New data protection rules will go into effect in May, 2018 which will require companies to notify regulators within 72 hours of a cyber attack, or incur fines of up to 20 million Euro-dollars or 4 percent of annual global revenues.

Let's summarize the incident. It seems that a few months after settling a lawsuit about a data breach and its data security practices, the company had another data breach, paid the hackers to keep quiet about the breach and what they stole, and then allegedly chose not to tell affected users nor regulators about it, as required by prior settlement agreements, breach laws in most states, and breach laws in some international areas. Geez. What chutzpah!

What are your opinions of the incident? Can Uber and its executives be trusted?


'Tens Of Thousands' Of Fake Comments Submitted. New York State Attorney General Demands Answers From the FCC

Just before the Thanksgiving holiday, the attorney general for the New York State sent an open letter to the U.S. Federal Communications Commission (FCC) about fake comments submitted to the agency's online comments system. Eric T. Schneiderman directed his letter to FCC Chairman Ajit Pai. It read in part:

"Recent press reports suggest that the Federal Communications Commission (FCC), under your leadership, soon will release rules to dismantle your agency’s existing “net neutrality” protections under Title II of the Communications Act, which shield the public from anti-consumer behaviors of the giant cable companies that provide high-speed internet to most people... Yet the process the FCC has employed to consider potentially sweeping alterations to current net neutrality rules has been corrupted by the fraudulent use of Americans’ identities — and the FCC has been unwilling to assist my office in our efforts to investigate this unlawful activity.

Specifically, for six months my office has been investigating who perpetrated a massive scheme to corrupt the FCC’s notice and comment process through the misuse of enormous numbers of real New Yorkers’ and other Americans’ identities. Such conduct likely violates state law— yet the FCC has refused multiple requests for crucial evidence in its sole possession that is vital to permit that law enforcement investigation to proceed.

In April 2017, the FCC announced that it would issue a Notice of Proposed Rulemaking concerning repeal of its existing net neutrality rules. Federal law requires the FCC and all federal agencies to take public comments on proposed rules into account — so it is important that the public comment process actually enable the voices of the millions of individuals and businesses who will be affected to be heard. That’s important no matter one’s position on net neutrality, environmental rules, and so many other areas in which federal agencies regulate.

In May 2017, researchers and reporters discovered that the FCC’s public comment process was being corrupted by the submission of enormous numbers of fake comments concerning the possible repeal of net neutrality rules. In doing so, the perpetrator or perpetrators attacked what is supposed to be an open public process by attempting to drown out and negate the views of the real people, businesses, and others who honestly commented on this important issue. Worse, while some of these fake comments used made up names and addresses, many misused the real names and addresses of actual people... My office analyzed the fake comments and found that tens of thousands of New Yorkers may have had their identities misused in this way... Impersonation and other misuse of a person’s identity violates New York law, so my office launched an investigation... So in June 2017, we contacted the FCC to request certain records related to its public comment system that were necessary to investigate which bad actor or actors were behind the misconduct. We made our request for logs and other records at least 9 times over 5 months: in June, July, August, September, October (three times), and November.

We reached out for assistance to multiple top FCC officials, including you, three successive acting FCC General Counsels, and the FCC’s Inspector General. We offered to keep the requested records confidential, as we had done when my office and the FCC shared information and documents as part of past investigative work. Yet we have received no substantive response to our investigative requests. None."

According to an analysis by the New York State AG's office, "tens of thousands" of fraudulent comment were submitted affecting residents not only in New York but also in California, Georgia, Missouri, Ohio, Pennsylvania, and Texas. Clearly, this is both very troubling and unacceptable.

The FCC is supposed to accept comments without tampering and to weigh comments submitted by the public (e.g., consumers, businesses, technology experts, legal experts, etc.) equally to arrive at a decision based upon the majority of comments. If a sizeable portion of the comments submitted were fraudulent, then any FCC decision to kill net neutrality is (at best) both flawed and in error; and (at worst) illegal and undermines both the process and the public's trust.

AG Schneiderman's letter to the FCC is also available on the Medium site. It is most puzzling that the FCC and Chairman Pai have refused data requests since June. What are they hiding? The FCC must balance often competing needs of consumers and industry.

Consumers are very concerned about plans by the FCC to kill net neutrality. Consumers are concerned that their internet needs are not being addressed by the FCC, and that our monthly broadband costs will rise. There is so much concerns that protests are scheduled for December 7th outside Verizon stores. Killing net neutrality may be great for telecom and providers' profits, but it's bad for consumers.

Clearly, the FCC should not make any decisions regarding net neutrality, or any other business, until the fake comments allegations have been answered and resolved. And, an investigation should happen soon. As AG Schneiderman wrote:

"We all have a powerful reason to hold accountable those who would steal Americans’ identities and assault the public’s right to be heard in government rulemaking. If law enforcement can’t investigate and (where appropriate) prosecute when it happens on this scale, the door is open for it to happen again and again."

Democracy and consumers lose if the FCC kills net neutrality. What do you think?


Some U.S. Hospitals Don’t Put Americans First for Liver Transplants

[Editor's note: today's guest blog post, by the reporters at ProPublica, discusses a largely unknown practice by some hospitals in the health care industry. Is this practice right? Ethical? Today's post is reprinted with permission.]

By Charles Ornstein, ProPublica

Earlier this fall, a leader of the busiest hospital for organ transplants in New York state — where livers are particularly scarce — pleaded for fairer treatment for ailing New Yorkers.

“Patients in equal need of a liver transplant should not have to wait and suffer differently because of the U.S. state where they reside,” wrote Dr. Herbert Pardes, former chief executive and now executive vice president of the board at NewYork-Presbyterian Hospital.

But Pardes left out his hospital’s own contribution to the shortage: From 2013 to 2016, it gave 20 livers to foreign nationals who came to the United States solely for a transplant — essentially exporting the organs and removing them from the pool available to New Yorkers.

That represented 5.2 percent of the hospital’s liver transplants during that time, one of the highest ratios in the country.

Little known to the public, or to sick patients and their families, organs donated domestically are sometimes given to patients flying in from other countries, who often pay a premium. Some hospitals even seek out foreign patients in need of a transplant. A Saudi Arabian company, Ansaq Medical Co., whose stated aim is to “facilitate the procedures and mechanisms of ‘medical tourism,’” said it signed an agreement with Ochsner Medical Center in New Orleans in 2015.

The practice is legal, and foreign nationals must wait their turn for an organ in the same way as domestic patients. Transplant centers justify it on medical and humanitarian grounds. But at a time when President Donald Trump is espousing an “America First” policy and seeking to ban visitors and refugees from certain countries, allocating domestic organs to foreigners may run counter to the national mood.

Even beyond the realm of health care, some are questioning whether foreigners should be able to access limited spots that might otherwise be available to U.S. citizens. For instance, public colleges compensate for reductions in state funding by accepting more foreign students paying higher tuition, and critics say in-state students are being denied opportunities as a result.

Dr. Sander Florman, director of the transplant institute at the Mount Sinai Hospital in New York, said he struggles with “in essence, selling the organs we do have to foreign nationals with bushels of money.”

Mount Sinai has not performed any transplants on patients who came to this country specifically for that purpose, but it has done so for international patients here for other reasons.

Between 2013 and 2016, 252 foreigners came to the U.S. purely to receive livers at American hospitals. In 2016, the most recent year for which data is available, the majority of foreign recipients were from countries in the Middle East, including Saudi Arabia, Kuwait, Israel and United Arab Emirates. Another 100 foreigners staying in the U.S. as non-residents also received livers.

All the while, more than 14,000 people, nearly all of them American citizens, are waiting for liver transplants, a figure that has remained stubbornly high for decades. By comparison, fewer than 8,000 liver transplants were performed last year in the United States — and that was an all-time high. The national median wait time for a liver is more than 14 months, and in states like New York, the wait is far longer. (The wait for livers varies from one state to the next, depending on such factors as the number of organ donors, and the resourcefulness of organ procurement agencies.)

Many patients die before reaching the front of the line. In 2016, more than 2,600 patients were removed from waiting lists nationally because they either died or were too sick to receive a liver transplant.

Most transplant centers only serve American citizens or residents, either by happenstance or by design. Foreign transplants are concentrated among a handful of centers, including NewYork-Presbyterian, Memorial Hermann-Texas Medical Center in Houston (31 such transplants from 2013 to 2016), Ochsner (30), and Cleveland Clinic in Ohio (21).

“When you take people from other parts of the world and provide an organ transplant to them rather than someone who’s here, there’s a real cost, there’s a real life that’s lost,” said Jane Hartsock, a visiting assistant professor of medical humanities and health studies at the Indiana University School of Liberal Arts. Hartsock and her colleagues wrote a journal article published last year saying foreigners should be last in line for a transplant.

NewYork-Presbyterian said it does not advertise its transplant program to foreign patients and that the majority of the transplants it performed on foreign nationals traveling to New York for that reason — 11 of the 20 — were on children under 18.

In a statement, the hospital and its academic partner Columbia University said they follow federal guidelines. “We strongly support efforts that aim to address the critical issue of equitable distribution of livers for transplant and are working closely with a wide range of stakeholders to help increase the number of organ donor registrations in New York State.”

A spokeswoman for the Cleveland Clinic, Eileen Sheil, said her hospital does not actively seek out foreign national business and has a “thoughtful and ethical approach that is well within the rules and aligned with our overall mission for taking care of patients.” Ochsner similarly said, “patients seek out Ochsner’s expertise because of our relentless commitment to provide the highest-quality, complex care.” Memorial Hermann did not respond to requests for comment.

To be sure, the proportion of available livers that go to foreigners is tiny — slightly less than 1 percent of liver transplants nationwide from 2013 to 16. The figure appears to be dropping further in 2017. Even if all recipients were Americans, wait times would still be substantial. Moreover, foreigners queue up on the waitlist like everybody else — although it may be easier for them, since they aren’t rooted in any particular state, to choose a hospital in an area with a shorter wait, such as Ochsner. And some Americans discouraged by the lengthy wait in this country have gone abroad for transplants.

The transplant figures in this article do not include transplants involving living donors, meaning a relative or friend who donates part of his or her liver to a patient. No one interviewed for this story said it is inappropriate for a foreign national to come to the U.S. for a procedure with a living donor.

There’s also an important distinction between giving an organ to a foreigner who happens to be in the U.S. — someone on a student visa or even an undocumented immigrant — and giving one to someone flying over just for surgery. Someone in the first group would be eligible to donate an organ if something happened to them in this country; someone in the latter group would not because livers must be transplanted quickly and there wouldn’t be enough time to ship them.

“If you live in the United States, no matter what your [citizenship] status is, you could potentially be an organ donor if you get hit by a car or something happens to you,” said Dr. Gabriel M. Danovitch, medical director of the kidney and pancreas transplant program at Ronald Reagan UCLA Medical Center, who previously led the UNOS international relations committee. “But if your home is somewhere else, a long way away, there’s no way that you can be a donor or your family or your friends could be donors.

“And in some respects, when you then come to the United States, you are using up a valuable resource that is in great shortage here.”

Foreign patients generally are not entitled to the same discounts as those with private insurance or Medicare, the federal insurance program for seniors and the disabled. In 2015, for instance, the average sticker price for a liver transplant at NewYork-Presbyterian was $371,203, but the average payment for patients in Medicare was less than one-third of that, $112,469, according to data from the Centers for Medicare and Medicaid Services, which runs Medicare. In the case of Saudi Arabia, its embassy in Washington often guarantees payment for patients.

The topic is emerging now because the nation’s transplant leaders will meet next month to consider rewriting the rules governing how livers are distributed, giving programs in New York City, Los Angeles, Chicago and other areas greater access to organs from people who die in nearby regions. The proposal by a committee of the United Network for Organ Sharing, the federal contractor that runs the national transplant system, faces opposition from programs and regions that stand to lose organs. Pardes’ comments were posted in an online comment forum devoted to the proposal, which does not address the issue of transplants for foreigners.

UNOS said it has worked to get better data on foreigners that receive transplants in this country but ultimately, federal law doesn’t prohibit these transplants.

“This is an individual medical decision that the individual transplant hospital makes,” spokesman Joel Newman said. “If we addressed citizenship or residency as a particular reason for whether to accept a patient or not, then that would open up the door to lots of other nonmedical criteria — religion, race, political preference, any number of things that as a community we have decided from an ethical standpoint not to consider.”

UNOS has the authority to ask questions of transplant centers about surgeries on foreign nationals, but Newman said UNOS committees are still trying to figure out what information they would want, and, in any event, the transplant centers don’t have to answer the questions.

The federal rules governing the transplant system, written more than three decades ago, say organ allocation decisions must be based on medical criteria, which would exclude consideration of a person’s nationality or citizenship. While centers can perform as many transplants on foreigners as they want, many programs have tried to keep them below 5 percent of all transplants for each organ type. Until several years ago, 5 percent was the threshold above which UNOS could audit a program. No programs were ever formally audited, and the cutoff was eventually eliminated.

It’s time to revisit the rules, some lawmakers say.

“As a general rule, you’ve got to take care of Americans first as long as you have more demand than supply,” said Sen. John Kennedy, R-La., whose state is home to Ochsner, a leader in transplants for foreign nationals. Kennedy said he would favor curbing transplants for foreigners, while creating a national board that could make exceptions. “But what you don’t want to get into, it seems to me, is subjective areas like well, ‘If this person could live an extra few years, what could they contribute to society?’”

There have been scandals in the past about foreigners and organ transplants. In 2005, a liver transplant center in Los Angeles shut its doors after disclosing that its team had taken a liver that should have gone to a patient at another hospital and instead had implanted it in a Saudi national. The hospital said its staff members falsified documents to cover up the incident.

The University of California, Los Angeles, came under fire in 2008 for performing liver transplants on a powerful Japanese gang boss and other men linked to Japanese gangs, and then receiving donations afterward from at least two of the men. The hospital and its surgeon said they do not make moral judgments about patients.

Further complicating matters is a 2008 document endorsed by transplant organizations around the world, called the Declaration of Istanbul, which seeks to eliminate organ trafficking and reduce transplant tourism internationally. One concern was that patients went to China and received transplants using organs from prisoners. (China said it was stopping the practice in 2015, but experts question whether that has happened.) Another concern was that if a country’s wealthiest or most powerful residents could get transplants overseas, its leaders may not have an incentive to set up a system of their own.

The non-binding declaration also says that there should be a ban on “soliciting, or brokering for the purpose of transplant commercialism, organ trafficking, or transplant tourism.” It was endorsed by UNOS and other national transplant groups.

Former Ochsner employees say they recall Saudi nationals coming for transplants, some wealthy and some not. A New Orleans bar posted a photo on Facebook in 2015 of a young man who brought his mom from Saudi Arabia for a transplant.

Ochsner said in a statement that it was proud of its liver transplant program, which is the nation’s largest. It said that it is willing to accept donated organs that other centers turn down for medical reasons, expanding its ability to help patients while keeping its survival rate high. And it noted that the median waiting time for its patients is only 2.1 months, far below the national median.

“UNOS does not have any restrictions preventing transplant for international patients and they are subject to the same guidelines as domestic patients,” the statement said.

Still, many American candidates for livers don’t make Ochsner’s waiting list. It refused to put Brian “Bubba” Greenlee Jr. on its list right after Christmas in 2015, because of his “poor insight into his drinking and lack of proper social support,” his medical records show. He had cirrhosis and died weeks later at age 45.

His sister, Theresa Greenlee-Jeffers, said Ochsner led her brother to believe that he would get a new liver. Her brother had stopped drinking and she had volunteered to take care of him after a transplant, but then the hospital suddenly reversed course.

“His last Christmas, he was given false hope that he was going to get a transplant. That’s not OK. You don’t play with somebody’s emotions like that,” Greenlee-Jeffers said.

Ocshner did not answer questions about Greenlee’s care but said in its statement, “Not every patient is a candidate for transplant.” It said its criteria are similar to those of other liver transplant centers.

“At Ochsner, we are caregivers, dedicated to providing our patients with high-quality care, improved outcomes and the gift of a second chance at life,” its statement said.

Greenlee-Jeffers wonders if Ochsner excluded her brother and other Americans to make room for foreigners willing to pay more. “It’s not OK,” she said. “We need to take care of our people here at home first. We don’t have enough of this to go around.”

Filed under:

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.