If you haven't read it, this Media Bistro article described how a daughter's post on Facebook breached the family's $80,000 settlement of an age discrimination lawsuit. That was an expensive and relevant lesson for the teenage daughter. I can only imagine the feelings and comments said during dinner in that family.
After reading this article, it occurred to me that there are several skills parents can teach their children to safely use mobile devices and social networking sites. Otherwise, the children are likely to breach the family's privacy and their own, by disclosing sensitive personal and financial information.
Many parents allow their children to use mobile devices, despite warnings by pediatric doctors to limit or ban mobile-device usage for children 12 years and younger. The minimum age for social networking sites is 13, but children under the age of ten are online. My children are all grown. If they were younger, below is the list of skills I would teach them to safely use mobile devices and social networking sites:
If your child going to learn all of this at once? Of course, not. It takes time and years to master the above skills. That means several conversations with your children. To learn more, read about social media parenting.
At least 70 million shoppers were affected by the Target data breach. To help breach victims protect themselves, Target arranged free credit monitoring services by Experian. Is the credit monitoring service offered by Target a good deal? To answer this question it is important to understand the risks.
Protecting yourself is important. Doing nothing is not wise. According to Consumer Reports:
"As we reported last February, a whopping 22.5 percent of consumers who received notice of a security breach, like the one that occurred at Target, subsequently became victims of identity theft, according to a survey of 5,000 consumers by Javelin Strategy and Research, a California consulting firm that has studied this crime for more than 10 years."
To protect themselves, Consumer Reports advised breach victims to do four things:
Breach victims can do the above four actions on their own, and do most of them for free. To learn more about the Fraud Alert and Security Freeze tools, you can read this comparison, the experiences of other consumers with Fraud Alerts, my experience with a Security Freeze, and select "Fraud Alert" in the tag cloud in the right column.
However, breach victims interested in monitoring their credit reports need to monitor their credit reports at all three major credit reporting agencies. Deseret News reported last week:
"... each of the three major credit bureaus — Equifax, TransUnion, and Experian — can collect different information. So unless you're checking all of them, you can miss someone trying to steal your identity and open new credit..."
So, it is important to understand this when evaluating Target's offer of free credit monitoring service by Experian. Breach victims also need to understand:
"The credit monitoring service offered by Experian is an ongoing review of your current credit history. If an identity thief opens a new account using your name and personal information, you will receive an alert by email or text message. What the free credit monitoring service through Experian does not do is to monitor transactions — the actual, day-to-day purchases made on your credit and debit cards. That is something you must do yourself."
Breach victims also need to understand (emphasis added):
"The type of free credit monitoring offered by Target monitors only one credit reporting agency — Experian — and not the credit history files maintained by Equifax and TransUnion. This a huge disadvantage... Once consumers enroll in the “free” credit monitoring service, they are enticed with an offer to purchase an Equifax and TransUnion credit report for up to $74 more to supplement the free report provided by Experian."
So, to monitor credit reports at all three major credit reporting agencies, breach victims must pay more. The next judgment breach victims need to make is whether Target's offer of 12 months is long enough.
During the past six years while writing this blog, I have observed plenty of data breaches. There is no magic that stops criminals from using stolen card information after 12 months. Criminals will use stolen card information as long as they think they can use it to commit fraud. Criminals resell stolen card information to other criminals. Breach victims that want coverage longer than 12 months must pay more.
Is Target's credit monitoring service offer a good deal? Each breach victim should decide for their self, as people's needs and situation vary. Some have experienced fraud while others haven't. Hopefully, this blog post has highlighted the considerations for breach victims.
My opinion: Target cut corners with it credit monitoring offer. The retailer should have provided a service that covers credit reports from all three credit reporting agencies and provides coverage for a longer period (e.g., ideally, five years). Target's offer seems like an attempt to do the minimum to protect itself, which shifts the cost burden of credit monitoring services onto its breach victims.
Is this fair? I think not, since the retailer created the problem on its own by failing to protect shoppers' financial payment information. Target's motto applies here, too:
"Expect More, Pay Less."
With Target's credit monitoring offer, breach victims get less and pay more. Target should also pay for breach victims' Security Freeze costs. Will the retailer do the right thing and live up to its motto?
If you have questions about privacy, identity theft, fraud, or related topics, this blog has plenty of answers. You can use the tag cloud in the right column to access blog posts by topic, and you can find answers on the following pages:
For a while, I have thought about compiling a list of favorite films about privacy and related topics. Now that the Oscars are done, I am happy to announce the creation of the list of favorite privacy films. What I need next are suggestions from readers with your favorite films.
Submissions can include any genre: action, drama, fiction, science-fiction, thriller, or documentaries. Submissions must meet the following criteria:
To submit a film, leave a comment below or send your submission to George: ivebeenmugged AT earthlink DOT net. If a film is in a language other than English, please indicate the language with your submission. If you think that a film in the list has been mis-categorized, let me know and I'll consider an update.
Thanks in advance to taking the time to submit your favorite films.
Organizers of the SXSW conference announced that Edward Snowden, a former NSA contractor who leaked documents about secret spy programs by the United States government, will speak at the conference via a live video feed on March 10:
"Our communications are not secure. Our telephone calls, emails, texts, and web browsing activity are largely transmitted without any encryption, making it easy for governments to intercept them, in bulk. Likewise, the mobile devices, apps, and web browsers that we use do not protect our data. In many cases, they intentionally give it to third party companies as part of the sprawling online advertising ecosystem. This only makes the NSA's task easier.
Join us for a conversation between Edward Snowden and Christopher Soghoian, the American Civil Liberties Union’s principal technologist, focused on the impact of the NSA's spying efforts on the technology community, and the ways in which technology can help to protect us from mass surveillance. The conversation will be moderated by Ben Wizner, who is director of the ACLU's Speech, Privacy & Technology Project and Edward Snowden’s legal advisor."
According to the ACLU:
The St. Louis Post-Dispatch reported that a "security investigation" is underway at Sears retail stores to determine the severity and scope of a possible data breach. The U.S. Secret Service is involved, and the investigation so far has not determined if one or multiple stores were affected:
"The security review is still at an early stage as Verizon's digital forensics unit and the U.S. Secret Service sift through the company's computer data to look for traces of hackers and the extent of any incursion, according to two people familiar with the matter... The security review is still at an early stage as Verizon's digital forensics unit and the U.S. Secret Service sift through the company's computer data to look for traces of hackers and the extent of any incursion, according to two people familiar with the matter..."
It is critical to determine what exactly happened because (links added):
"... attacks on Target and Neiman Marcus that exploited retailers' point-of-sale [systems], which process more than $3 trillion in U.S. transactions a year, according to David Robertson, publisher of the Nilson Report, an industry newsletter..."
In January 2014, a TechCrunch article explored reports that the Target and Neiman Marcus data breaches were part of a larger, coordinated holiday attack that included data breaches at three other unnamed U.S. retailers. It seems that Sears is one of the three unnamed retailers.
The acquisition of WhatsApp by Facebook has received a lot of attention in the news media. I recommend reading this LinkedIn article article by Bernard Marr about the combined power of Facebook.com and WhatsApp:
"WhatsApp doesn’t really fit into the Facebook business model because it has always promised its users that it won’t sell ads. So how will Facebook get a return on their $19 billion? I believe that the answer is: by mining the data within WhatsApp."
In my opinion, social networking sites that insist on being free for users have already made the decision to (heavily) mine their customers' data. It's their business model. (This also applies to Google.) Marr wrote this about the extensive amount of information Facebook has already collected about its users:
"... what we look like, who our friends are, what our views are on most things, when our birthday is, whether we are in a relationship or not, the location we are at, what we like and dislike, and much more. This is an awful lot of information (and power) in the hands of one commercial company. Facebook is only beginning to leverage all their data and I believe that even if we all stopped using Facebook today (which is very unlikely), the company would still have more information about people than any other private company on the planet..."
I would add more items to this list of data collected by Facebook:
"Personal information is any information that identifies a User personally, either alone or in combination with other information available to us... For certain Services, MapMyFitness requests a User furnish certain financial information, including but not limited to, a credit card or other payment account information that we maintain in encrypted form on secure servers..."
"MapMyFitness and our partners and licensees may collect, use and share a User’s precise location information, including the real-time geographic location of a User’s mobile device. For some third-party partners, such as Google, this location information will be shared automatically. For others, such as Facebook, this information will only be shared with a User’s explicit permission or if you choose to share it... Location information... may be collected from a User’s wireless carrier, certain third party service providers, or directly from the mobile device that the User previously registered for use with MapMyFitness. The collection and tracking of a User’s location information may occur even when the MapMyFitness mobile phone application is not actively open and running... MapMyFitness may receive certain personally non-identifiable information about the User’s use of the Services. Such information, which may be collected passively using various technologies, or via submission of data by fitness devices the User may have configured to work with the Services, cannot presently be used to specifically identify the User. MapMyFitness may store such information ourselves or it may be included in databases owned and maintained by our affiliates, agents or service providers."
I interpret the last paragraph to include cloud storage vendors and fitness devices in athletic clubs (and gyms) that interact with the mobile app. The policy advises users to use the "Private" privacy setting so data is not shared with friends and the general public. The wording implies that the data is shared ("Private" setting or not) with affiliates, partners, and licensees.
Marr also summarized Facebook's abilities to predict things about its users:
"... Facebook revealed that it can now safely predict when a user is about to change their relationship status from ‘single’ to ‘in relationship’. The insights come from analyzing the way we exchange messages and post on our timeline just before we 'commit'. Read the details here... a recent study shows that it is possible to accurately predict a range of highly sensitive personal attributes simply by analyzing the ‘Likes’ we have clicked on Facebook. The work conducted by researchers at Cambridge University and Microsoft Research shows how the patterns of Facebook ‘Likes’ can very accurately predict your sexual orientation, satisfaction with life, intelligence, emotional stability, religion, alcohol use and drug use, relationship status, age, gender, race and political views among many others."
Marr's warning to consumers and to users of social networking sites:
"WhatsApp's data would reveal who we are sending messages to, how often we do that, what pictures we share and most importantly what we are talking about.Even though Facebook states that the two companies will run independently of each other, I think it is naïve to believe that this will continue for long..."
It is reasonable to assume that everything Facebook knows about your fitness, the NSA and GCHQ probably know, too. And, the HIPAA Privacy Rule exists for several reasons. Some really smart people put that law in place to ensure that health care providers keep patients' personal health information secure. Many consumers seem totally unaware of this, and share their personal health information with any and every social networking site. You can learn more about the HIPAA Privacy Rule here.
"The nation's second largest discounter said Wednesday that its profit in the fourth quarter fell 46 percent on a revenue decline of 5.3 percent as the breach scared off customers worried about the security of their private data... Target's business has been affected by the breach in a number of ways. During the quarter, the number of transactions fell 5.5 percent... The company also has faced costs related to the breach. Target said it can't yet estimate how much the data breach will cost it in total. But in the fourth quarter, it said the breach resulted in $17 million of net expenses, with $61 million of total expenses partially offset by the recognition of a $44 million insurance receivable."
Typically, after a data breach affected consumers require replacement bank cards (e.g., credit and debit). Banks incur costs to issue replacement cards, to close affected accounts, and open replacement accounts. Consumers incur costs from stolen money, the lost time and aggravation to submitting complaints for reimbursement, and to re-establish online payment account settings.
ABC News also reported:
"Target said expenses may include payments to card networks to cover losses and expenses for reissuing cards, lawsuits, government investigations and enforcement proceedings..."
May? I would say definitely. Why? The Huffington Post reported:
"Costs related to the holiday data theft has now exceeded $200 million for financial institutions, according to data collected by the Consumer Bankers Association and the Credit Union National Association. The two trade associations said Tuesday that 21.8 million of the 40 million compromised credit and debit cards have been replaced."
And, these costs will surely rise since the damage is still ongoing. Target will also incur legal costs to defend itself. The Minneapolis Star Tribune reported:
"A group of First Farmers & Merchants banks in southern Minnesota has sued Target Corp. over alleged damages from the retailer’s data breach late last year. While a number of financial institutions from around the country have sued the company since news of the data heist broke, the First Farmer & Merchants lawsuit is believed to be the first by a financial institution on Target’s home turf in Minnesota... The banks are First Farmers & Merchants National Bank in Luverne, First Farmers & Merchants National Bank in Fairmont, First Farmers & Merchants State Bank in Brownsdale, First Farmers & Merchants State Bank of Grand Meadow and First Farmers & Merchants Bank in Cannon Falls."
According to the Chicago Tribune:
"A House of Representatives committee with broad investigative jurisdiction has turned up the heat on Target Corp, demanding that the No. 3 U.S. retailer turn over internal documents and messages describing how and when it learned of a recent massive consumer data breach... The committee set a deadline of March 10 for Target to turn over the materials... the House committee also requested any documents generated between November 1 and December 19 referring to discussions about notifying others about the data breach, and any documents generated since December 12 in which any federal agency advised the company to avoid providing information to Congress."
Why Congress started this investigation:
"... was prompted, at least in part, after committee officials felt dissatisfied with responses given by Isaac Reyes, an official with Target's government relations department, during a January 30 conference call about the data breach."
About breach costs, the Chicago Tribune reported:
"... several analysts expect Target to slash its share buybacks as it copes with costs tied to the breach, which some estimate will cost the company $500 million to $1.1 billion."
When companies fail to protect consumers' sensitive personal and payment information, there are lots of consequences. There should be lots of consequences. I'll bet that Target executives did not expect the consequences they now face.
My advice to executives at corporations, banks, and mobile app developers:
If you can't protect it, don't collect it.
In a December 2013 speech, President Obama stated:
"... a dangerous and growing inequality and lack of upward mobility that has jeopardized middle-class America’s basic bargain -- that if you work hard, you have a chance to get ahead. I believe this is the defining challenge of our time..."
Income inequality represents the difference in incomes between the very wealthy and the poor. Upward mobility is the ability of people at lower income levels to move up to higher income levels. Some people refer to it as "social mobility" since people can (and do) move both up and down between income levels. Both economic concepts measure the health of groups.
This is not a new issue. In 2011, Indiana Governor Mitch Daniels said:
"... upward mobility from the bottom is the crux of the American promise.”
Call it what you want: American promise... American dream... America, the land of opportunity. To understand if the dream, promise, and opportunity are still possible, you have to understand these economic concepts.
Recently, the Brookings Institute recently released a report about income inequality. The report used the "95/20 ratio" statistic:
"This figure represents the income at which a household earns more than 95 percent of all other households, divided by the income at which a household earns more than only 20 percent of all other households. In other words, it represents the distance between a household that just cracks the top 5 percent by income, and one that just falls into the bottom 20 percent."
Income inequality is important not solely because the U.S. President mentioned it, but also because:
"Obama’s speech followed a series of municipal elections in November 2013 in which inequality figured prominently as a campaign issue. Foremost among these was in New York City... Similar themes were sounded in the successful campaigns and first days in office of Marty Walsh in Boston, Ed Murray in Seattle, and Betsy Hodges in Minneapolis. The “Google Bus” in San Francisco’s Mission District has shone a spotlight on growing economic divisions within that city."
The Brookings report concluded:
"The latest U.S. Census Bureau data confirm that, overall, big cities remain more unequal places by income than the rest of the country. Across the 50 largest U.S. cities in 2012, the 95/20 ratio was 10.8, compared to 9.1 for the country as a whole. The higher level of inequality in big cities reflects that, compared to national averages, big-city rich households are somewhat richer ($196,000 versus $192,000), and big-city poor households are somewhat poorer ($18,100 versus $21,000)."
The specific cities where income inequality is worse:
"The big cities with the highest 95/20 ratios in 2012 were Atlanta, San Francisco, Miami, and Boston. In each of these cities, a household at the 95th percentile of the income distribution earned at least 15 times the income of a household at the 20th percentile. In Atlanta, for instance, the richest 5 percent of households earned more than $280,000, while the poorest 20 percent earned less than $15,000. In another six cities (Washington, D.C., New York, Oakland, Chicago, Los Angeles, and Baltimore), the 95/20 ratio exceeded 12. Overall, 31 of the 50 largest U.S. cities exhibited a higher level of income inequality than the national average."
A second measure of income inequality is the comparison of CEO pay to average workers' pay in companies. In 2012, CNN Money analyzed the differences in pay for the largest (Fortune 50) companies:
"With a staggering total compensation package of $378 million for 2011, Apple's Tim Cook takes the cake for the highest Fortune 50 CEO-to-typical-worker pay ratio. Indeed, it takes 6,258 typical Apple worker salaries to match Cook's total pay. On the opposite side of the spectrum, the ratio for Berkshire Hathaway's Warren Buffett was 11-to-1. Overall, most CEOs took home an average 379 staffers' worth in base pay..."
In this analysis, the CEO/workers pay ratio ranged from a low about 25 to more than 1,000. The ratio was more than 500 at Apple, Walmart, Target, and McKesson. The main conclusion: the CEO/workers pay ratio averaged 379. And, a CEO/worker ratio of 379 is far, far greater than a 95/20 ratio of 15 or 10. Very high CEO/worker pay ratios make it easier for people to demand increases in the minimum wage rate. Very high CEO/worker pay ratios indicate that the increases are easily affordable.
A third way to look at income inequality is to look at how incomes have changed over time. The Economic Policy Institute (EPI) did just that when it analyzed income growth in the United States:
"On average, income in the United States grew 36.9% between 1979 and 2007."
So, the total income for everyone in the United States went up. That's good, right? Nope. You have to dig deeper. Some people in the United States did far better than others:
"The top 1% snared a disproportionate share of that growth—53.9%. So their massive income growth far eclipsed income growth of the bottom 99%, whose raise was meager when you divide it over three decades."
Since the last recession, some people in the United States did far better than others:
"The top 1% is recovering, but the bottom 99%'s income has actually gone down in the so-called recovery."
So, it's been a recovery for a tiny few, and a continuing disaster for mostly everyone else. At the EPI site, you can use the interactive features to view income growth in the state where you live.
You can view all of these measures of income inequality as indicators of whether things are getting better or worse. Rising income inequality means things are getting worse for most people... better for the few people at the highest income levels, and worse for everyone else at lower income levels. If trickle-down economics (a/k/a "Reaganomics") worked, then everyone would benefit, not only a tiny few.
Your Internet service is more expensive and slower than necessary. You're probably thinking, "Really? That can't be. We Americans invented the Internet." Yes, we did. And now, we Americans enjoy second-class Internet service. How did that happen?
Bill Moyers discussed this issue recently during an interview with Susan Crawford, consumer advocate and author of, "Captive Audience: The Telecom Industry and Monopoly Power in the New Gilded Age:"
"... many other countries offer their citizens faster and cheaper access than [in the USA]. The faster high-speed access comes through fiber optic lines that transmit data in bursts of laser light, but many of us are still hooked up to broadband connections that squeeze digital information through copper wire. We’re stuck with this old-fashioned technology because, as Susan Crawford explains, our government has allowed a few giant conglomerates to rig the rules, raise prices, and stifle competition..."
You're probably thinking,"This can't be. We are the USA. We are number one." Well, we aren't when it comes to Internet access (emphasis added):
"For 19 million Americans, many in rural areas, you can't get access to a high speed connection at any price, it's just not there. For a third of Americans, they don't subscribe often because it's too expensive... It's fair to say that the U.S. at the best is in the middle of the pack when it comes to both the speed and cost of high speed internet access connections. So in Hong Kong right now you can get a 500 megabit symmetric connection that's unimaginably fast from our standpoint for about 25 bucks a month. In Seoul, for $30 you get three choices of different providers of fiber in your apartment... In New York City there's only one choice, and it's 200 bucks a month for a similar service. And you can't get that kind of fiber connection outside of New York City in many parts of the country. Verizon's only serving about 10 percent of Americans..."
And, your wireless phone service should be cheaper, too:
"In Europe you can get unlimited texting and voice calls and data for about $30 a month, similar service from Verizon costs $90 a month..."
Meanwhile, back in the United States:
"... according to numbers released by the Department of Commerce, only four out of ten households with annual household incomes below $25,000 reported having wired internet access at home compared with 93 percent of households with incomes exceeding $100,000..."
So how did things get like this? How did service in the United States become second rate? Moyers and Crawford discussed four reasons:
Crawford explained why the promises of competition and benefits to consumers never happened:
"... because it's so much cheaper to upgrade the cable line than it is to dig up the copper and replace it with fiber. The competition evaporated because Wall Street said to the phone companies, "Don't do this, don't be in this business." So you may think of Verizon and AT&T as wired phone companies, they're not. They've gone into an entirely separate market which is wireless. They're the monsters on the wireless side that control two thirds of that market. So there's been a division. Cable takes wired, Verizon/AT&T take wireless. They're actually cooperating. There's a federally blessed non-compete in the form of a joint marketing agreement between Comcast and Verizon..."
The city where I live, Boston, is a good example. We have a new Mayor, and a lot of city pride (e.g., "Boston Strong"). We want to remain a world-class city, but you can't get fiber Internet access (e.g., Verizon FiOS) in Boston. Comcast is the cable provider for high-speed Internet access. You may have seen television commercials with a well-known actor standing in Boston promoting fiber Internet access. You simply can't be a world-class city without fiber Internet. Period.
Boston is not alone in this situation. According to Crawford, Manhattan (New York City) is serviced by Time Warner Cable. Crawford summarized the mess, which I call collusion:
"[High-speed Internet Service Providers] clustered their operations. It makes sense from their standpoint. “You take San Francisco, I'll take Sacramento. You take Chicago, I'll take Boston.” And so Comcast and Time Warner are these giants that never enter each other's territories."
Wouldn't it be great to have cheap, affordable fiber Internet access everywhere in your town or city? Everyone needs it.
Students need it to learn, do homework, and prepare for jobs in a digital age. Entrepreneurs need it to start up and grown their businesses. Consumers need it to shop, bank, do business, work from home or tele-commute, stay current with news, and enjoy entertainment (e.g., online gaming, television, music, etc.).
It's fair to ask: how many more jobs and new businesses would have been created in your state (or city) if it had fiber Internet access everywhere? Some local towns tried and got squashed:
"In North Carolina a couple of years ago lobbyists for Time Warner persuaded the state legislature to make it almost impossible, virtually impossible for municipalities to get their own utility... And so now North Carolina, after being beaten up by the incumbents is at the near the bottom of broadband rankings for the United States... All those students in North Carolina, all those businesses that otherwise would be forming, they don't have adequate connections in their towns to allow this to happen..."
The result: higher cable and Internet prices. That's great for the service providers; bad for consumers. There is no sugar-coating this, folks. You are seeing monopoly power at work, and it must be stopped.
What's the solution? First, Internet access should be treated like a utility, as water and electricity are. Second:
"... we have to separate out content from conduit. It should not be possible for a local cable actor or any distributor to withhold programming based on volume. That's what's going on... That should not be legal. Everybody should get access to the same stuff at the same price and they should be announced prices."
Third, break up the buddy-buddy closeness between the Federal Communications Commission (FCC) and industry. This problem is intertwined with net neutrality; without which you can expect higher prices and even worse Internet access service.
Fourth, the FCC must operate with broader oversight:
"Just yesterday the former chief of staff of the F.C.C. left to be the general counsel of a regulated company. It happens all the time. And so in order to change this you'd have to make regulation of this area not be carried out by such a focused agency. Right now, the F.C.C.'s asymmetry of information is striking. They only talk to the industry. The community is all so close. In order to break that up you'd have to make sure you had a broad based agency seeing lots of different industries."
Fifth, change will happen only when citizens demand it. Contact your elected officials today and demand faster, cheaper Internet access. Demand that they stop the Comcast's acquisition of Time Warner Cable, too. Tell them that industry consolidation will make the situation worse for consumers, not better. Tell them the U.S. Postal Service should be part of the Internet access solution, too -- especially for rural residents.
Therer are some online petitions. Sign them if you want, but I believe it is always best to directly contact your elected officials.