Previous month:
January 2014
Next month:
March 2014

17 posts from February 2014

Consequences From The Target Data Breach

Target Bullseye logo After executives at Target announced in December a data breach that affected the retailer and its customers, there have been plenty of consequences. ABC News reported:

"The nation's second largest discounter said Wednesday that its profit in the fourth quarter fell 46 percent on a revenue decline of 5.3 percent as the breach scared off customers worried about the security of their private data... Target's business has been affected by the breach in a number of ways. During the quarter, the number of transactions fell 5.5 percent... The company also has faced costs related to the breach. Target said it can't yet estimate how much the data breach will cost it in total. But in the fourth quarter, it said the breach resulted in $17 million of net expenses, with $61 million of total expenses partially offset by the recognition of a $44 million insurance receivable."

Typically, after a data breach affected consumers require replacement bank cards (e.g., credit and debit). Banks incur costs to issue replacement cards, to close affected accounts, and open replacement accounts. Consumers incur costs from stolen money, the lost time and aggravation to submitting complaints for reimbursement, and to re-establish online payment account settings.

ABC News also reported:

"Target said expenses may include payments to card networks to cover losses and expenses for reissuing cards, lawsuits, government investigations and enforcement proceedings..."

May? I would say definitely. Why? The Huffington Post reported:

"Costs related to the holiday data theft has now exceeded $200 million for financial institutions, according to data collected by the Consumer Bankers Association and the Credit Union National Association. The two trade associations said Tuesday that 21.8 million of the 40 million compromised credit and debit cards have been replaced."

And, these costs will surely rise since the damage is still ongoing. Target will also incur legal costs to defend itself. The Minneapolis Star Tribune reported:

"A group of First Farmers & Merchants banks in southern Minnesota has sued Target Corp. over alleged damages from the retailer’s data breach late last year. While a number of financial institutions from around the country have sued the company since news of the data heist broke, the First Farmer & Merchants lawsuit is believed to be the first by a financial institution on Target’s home turf in Minnesota... The banks are First Farmers & Merchants National Bank in Luverne, First Farmers & Merchants National Bank in Fairmont, First Farmers & Merchants State Bank in Brownsdale, First Farmers & Merchants State Bank of Grand Meadow and First Farmers & Merchants Bank in Cannon Falls."

According to the Chicago Tribune:

"A House of Representatives committee with broad investigative jurisdiction has turned up the heat on Target Corp, demanding that the No. 3 U.S. retailer turn over internal documents and messages describing how and when it learned of a recent massive consumer data breach... The committee set a deadline of March 10 for Target to turn over the materials... the House committee also requested any documents generated between November 1 and December 19 referring to discussions about notifying others about the data breach, and any documents generated since December 12 in which any federal agency advised the company to avoid providing information to Congress."

Why Congress started this investigation:

"... was prompted, at least in part, after committee officials felt dissatisfied with responses given by Isaac Reyes, an official with Target's government relations department, during a January 30 conference call about the data breach."

About breach costs, the Chicago Tribune reported:

"... several analysts expect Target to slash its share buybacks as it copes with costs tied to the breach, which some estimate will cost the company $500 million to $1.1 billion."

When companies fail to protect consumers' sensitive personal and payment information, there are lots of consequences. There should be lots of consequences. I'll bet that Target executives did not expect the consequences they now face.

My advice to executives at corporations, banks, and mobile app developers:

If you can't protect it, don't collect it.


Measures Of Income Inequality And Where It is Worse

In a December 2013 speech, President Obama stated:

"... a dangerous and growing inequality and lack of upward mobility that has jeopardized middle-class America’s basic bargain -- that if you work hard, you have a chance to get ahead. I believe this is the defining challenge of our time..."

Income inequality represents the difference in incomes between the very wealthy and the poor. Upward mobility is the ability of people at lower income levels to move up to higher income levels. Some people refer to it as "social mobility" since people can (and do) move both up and down between income levels. Both economic concepts measure the health of groups.

This is not a new issue. In 2011, Indiana Governor Mitch Daniels said:

"... upward mobility from the bottom is the crux of the American promise.”

Call it what you want: American promise... American dream... America, the land of opportunity. To understand if the dream, promise, and opportunity are still possible, you have to understand these economic concepts.

Recently, the Brookings Institute recently released a report about income inequality. The report used the "95/20 ratio" statistic:

"This figure represents the income at which a household earns more than 95 percent of all other households, divided by the income at which a household earns more than only 20 percent of all other households. In other words, it represents the distance between a household that just cracks the top 5 percent by income, and one that just falls into the bottom 20 percent."

Income inequality is important not solely because the U.S. President mentioned it, but also because:

"Obama’s speech followed a series of municipal elections in November 2013 in which inequality figured prominently as a campaign issue. Foremost among these was in New York City... Similar themes were sounded in the successful campaigns and first days in office of Marty Walsh in Boston, Ed Murray in Seattle, and Betsy Hodges in Minneapolis. The “Google Bus” in San Francisco’s Mission District has shone a spotlight on growing economic divisions within that city."

The Brookings report concluded:

"The latest U.S. Census Bureau data confirm that, overall, big cities remain more unequal places by income than the rest of the country. Across the 50 largest U.S. cities in 2012, the 95/20 ratio was 10.8, compared to 9.1 for the country as a whole. The higher level of inequality in big cities reflects that, compared to national averages, big-city rich households are somewhat richer ($196,000 versus $192,000), and big-city poor households are somewhat poorer ($18,100 versus $21,000)."

The specific cities where income inequality is worse:

"The big cities with the highest 95/20 ratios in 2012 were Atlanta, San Francisco, Miami, and Boston. In each of these cities, a household at the 95th percentile of the income distribution earned at least 15 times the income of a household at the 20th percentile. In Atlanta, for instance, the richest 5 percent of households earned more than $280,000, while the poorest 20 percent earned less than $15,000. In another six cities (Washington, D.C., New York, Oakland, Chicago, Los Angeles, and Baltimore), the 95/20 ratio exceeded 12. Overall, 31 of the 50 largest U.S. cities exhibited a higher level of income inequality than the national average."

A second measure of income inequality is the comparison of CEO pay to average workers' pay in companies. In 2012, CNN Money analyzed the differences in pay for the largest (Fortune 50) companies:

"With a staggering total compensation package of $378 million for 2011, Apple's Tim Cook takes the cake for the highest Fortune 50 CEO-to-typical-worker pay ratio. Indeed, it takes 6,258 typical Apple worker salaries to match Cook's total pay. On the opposite side of the spectrum, the ratio for Berkshire Hathaway's Warren Buffett was 11-to-1. Overall, most CEOs took home an average 379 staffers' worth in base pay..."

In this analysis, the CEO/workers pay ratio ranged from a low about 25 to more than 1,000. The ratio was more than 500 at Apple, Walmart, Target, and McKesson. The main conclusion: the CEO/workers pay ratio averaged 379. And, a CEO/worker ratio of 379 is far, far greater than a 95/20 ratio of 15 or 10. Very high CEO/worker pay ratios make it easier for people to demand increases in the minimum wage rate. Very high CEO/worker pay ratios indicate that the increases are easily affordable.

A third way to look at income inequality is to look at how incomes have changed over time. The Economic Policy Institute (EPI) did just that when it analyzed income growth in the United States:

"On average, income in the United States grew 36.9% between 1979 and 2007."

Income growth in the USA from 1979 to 2007 by Economic Policy Institute So, the total income for everyone in the United States went up. That's good, right? Nope. You have to dig deeper. Some people in the United States did far better than others:

"The top 1% snared a disproportionate share of that growth—53.9%. So their massive income growth far eclipsed income growth of the bottom 99%, whose raise was meager when you divide it over three decades."

Income growth in the USA from 2009 to 2011 by Economic Policy Institute Since the last recession, some people in the United States did far better than others:

"The top 1% is recovering, but the bottom 99%'s income has actually gone down in the so-called recovery."

So, it's been a recovery for a tiny few, and a continuing disaster for mostly everyone else. At the EPI site, you can use the interactive features to view income growth in the state where you live.

You can view all of these measures of income inequality as indicators of whether things are getting better or worse. Rising income inequality means things are getting worse for most people... better for the few people at the highest income levels, and worse for everyone else at lower income levels. If trickle-down economics (a/k/a "Reaganomics") worked, then everyone would benefit, not only a tiny few.


4 Reasons Why Your Internet Access Is Expensive And Slow... And Could Get A Lot Worse

Your Internet service is more expensive and slower than necessary. You're probably thinking,  "Really? That can't be. We Americans invented the Internet." Yes, we did. And now, we Americans enjoy second-class Internet service. How did that happen?

Bill Moyers discussed this issue recently during an interview with Susan Crawford, consumer advocate and author of, "Captive Audience: The Telecom Industry and Monopoly Power in the New Gilded Age:"

"... many other countries offer their citizens faster and cheaper access than [in the USA]. The faster high-speed access comes through fiber optic lines that transmit data in bursts of laser light, but many of us are still hooked up to broadband connections that squeeze digital information through copper wire. We’re stuck with this old-fashioned technology because, as Susan Crawford explains, our government has allowed a few giant conglomerates to rig the rules, raise prices, and stifle competition..."

You're probably thinking,"This can't be. We are the USA. We are number one." Well, we aren't when it comes to Internet access (emphasis added):

"For 19 million Americans, many in rural areas, you can't get access to a high speed connection at any price, it's just not there. For a third of Americans, they don't subscribe often because it's too expensive... It's fair to say that the U.S. at the best is in the middle of the pack when it comes to both the speed and cost of high speed internet access connections. So in Hong Kong right now you can get a 500 megabit symmetric connection that's unimaginably fast from our standpoint for about 25 bucks a month. In Seoul, for $30 you get three choices of different providers of fiber in your apartment... In New York City there's only one choice, and it's 200 bucks a month for a similar service. And you can't get that kind of fiber connection outside of New York City in many parts of the country. Verizon's only serving about 10 percent of Americans..."

And, your wireless phone service should be cheaper, too:

"In Europe you can get unlimited texting and voice calls and data for about $30 a month, similar service from Verizon costs $90 a month..."

Meanwhile, back in the United States:

"... according to numbers released by the Department of Commerce, only four out of ten households with annual household incomes below $25,000 reported having wired internet access at home compared with 93 percent of households with incomes exceeding $100,000..."

So how did things get like this? How did service in the United States become second rate? Moyers and Crawford discussed four reasons:

  1. In most areas, there isn't real competition because there is only one high-speed Internet provider
  2. In many areas, the providers lobbied governments to prohibit local towns and cities from installing high-speed fiber on their own
  3. Internet service providers put their profits ahead of the greater social good, which has widened the digital divide between people who have and don't have Internet access
  4. Many people believe that government intervention is bad, and that the magic of the marketplace would provide competition, low prices, and good services

Crawford explained why the promises of competition and benefits to consumers never happened:

"... because it's so much cheaper to upgrade the cable line than it is to dig up the copper and replace it with fiber. The competition evaporated because Wall Street said to the phone companies, "Don't do this, don't be in this business." So you may think of Verizon and AT&T as wired phone companies, they're not. They've gone into an entirely separate market which is wireless. They're the monsters on the wireless side that control two thirds of that market. So there's been a division. Cable takes wired, Verizon/AT&T take wireless. They're actually cooperating. There's a federally blessed non-compete in the form of a joint marketing agreement between Comcast and Verizon..."

The city where I live, Boston, is a good example. We have a new Mayor, and a lot of city pride (e.g., "Boston Strong"). We want to remain a world-class city, but you can't get fiber Internet access (e.g., Verizon FiOS) in Boston. Comcast is the cable provider for high-speed Internet access. You may have seen television commercials with a well-known actor standing in Boston promoting fiber Internet access. You simply can't be a world-class city without fiber Internet. Period.

Boston is not alone in this situation. According to Crawford, Manhattan (New York City) is serviced by Time Warner Cable. Crawford summarized the mess, which I call collusion:

"[High-speed Internet Service Providers] clustered their operations. It makes sense from their standpoint. “You take San Francisco, I'll take Sacramento. You take Chicago, I'll take Boston.” And so Comcast and Time Warner are these giants that never enter each other's territories."

Wouldn't it be great to have cheap, affordable fiber Internet access everywhere in your town or city? Everyone needs it.

Students need it to learn, do homework, and prepare for jobs in a digital age. Entrepreneurs need it to start up and grown their businesses. Consumers need it to shop, bank, do business, work from home or tele-commute, stay current with news, and enjoy entertainment (e.g., online gaming, television, music, etc.).

It's fair to ask: how many more jobs and new businesses would have been created in your state (or city) if it had fiber Internet access everywhere? Some local towns tried and got squashed:

"In North Carolina a couple of years ago lobbyists for Time Warner persuaded the state legislature to make it almost impossible, virtually impossible for municipalities to get their own utility... And so now North Carolina, after being beaten up by the incumbents is at the near the bottom of broadband rankings for the United States... All those students in North Carolina, all those businesses that otherwise would be forming, they don't have adequate connections in their towns to allow this to happen..."

The result: higher cable and Internet prices. That's great for the service providers; bad for consumers. There is no sugar-coating this, folks. You are seeing monopoly power at work, and it must be stopped.

What's the solution? First, Internet access should be treated like a utility, as water and electricity are. Second:

"... we have to separate out content from conduit. It should not be possible for a local cable actor or any distributor to withhold programming based on volume. That's what's going on... That should not be legal. Everybody should get access to the same stuff at the same price and they should be announced prices."

Third, break up the buddy-buddy closeness between the Federal Communications Commission (FCC) and industry. This problem is intertwined with net neutrality;  without which you can expect higher prices and even worse Internet access service.

Fourth, the FCC must operate with broader oversight:

"Just yesterday the former chief of staff of the F.C.C. left to be the general counsel of a regulated company. It happens all the time. And so in order to change this you'd have to make regulation of this area not be carried out by such a focused agency. Right now, the F.C.C.'s asymmetry of information is striking. They only talk to the industry. The community is all so close. In order to break that up you'd have to make sure you had a broad based agency seeing lots of different industries."

Fifth, change will happen only when citizens demand it. Contact your elected officials today and demand faster, cheaper Internet access. Demand that they stop the Comcast's acquisition of Time Warner Cable, too. Tell them that industry consolidation will make the situation worse for consumers, not better. Tell them the U.S. Postal Service should be part of the Internet access solution, too -- especially for rural residents.

Therer are some online petitions. Sign them if you want, but I believe it is always best to directly contact your elected officials.

Crawford's book is available online at Amazon.com and Barnes & Noble.


How To Recognize Eviction Notice Email Scams

The scam artists and fraudsters seem to be getting bolder. Recently, I have received two bogus e-mail messages claiming that I am being evicted from my residence. Both messages include .ZIP file attachments, which probably include malware that either takes over my computer (e.g., "ransomware") or installs spyware to steal banking passwords.

The first spam message:

"From: "Eviction Notice" (support.6@perkinscoie.com)
To: [my e-mail account masked]
Subject: Vacate notice No2264
Date: Thu, 30 Jan 2014 07:51:29 -0700

Eviction notice,

Hereby you are notified that you have to move to another location from the currently occupied premises within the next three weeks. Please find the lawsuit details attached to this letter. If you do not move within this period of time, we will have no other alternative than to have you physically removed from the property per order of the Judge. If we can be of any assistance to you during your relocation, please feel free to contact us any time.

Court representative,
Isabella Mason"

The second spam message:

From: "Vacate Notice" (service.445@mofo.com)
To: [my e-mail account masked]
Subject: Urgent eviction notice No2806
Date: Mon, 10 Feb 2014 11:01:58 -0400

Vacate Notice,

You are hereby required to quit the premises of which you now hold possession until 03/07/14.

Your tenancy of the premises will be terminated on 03/21/14. Please find a summary court statement enclosed to this letter. Legal action will occur if you do not comply with this notice.

Court bailiff,
HARRIS Kelly

Of course, I did not open the attached .ZIP file. Doing so would have been dumb. Of course, I notified my Internet Service Provider that both messages were spam. How I recognized these e-mail messages as scams:

  1. The sender doesn't know my name and residential address. Neither message is addressed to me, by name.
  2. The sender doesn't know the status of my residence. They guessed that I rent, but I don't.
  3. The sender doesn't specify a real court name, address, and contact information
  4. Bailiff is misspelled. Plus, a bailiff would never send such a message. A court or landlord would send an important message via postal mail with a signature required
  5. The text in both messages tries to get the recipient to open the attachments. I never open attachments from strangers. Never. Nor should you.
  6. The only people that send .ZIP files to me are my consulting clients, and in those cases they notify me beforehand. Experienced, security-conscious Internet users do this and ask if it is okay to send .ZIP files.
  7. While Perkins Coie is the name of a real law firm, a valid eviction notice would come from a court, landlord, or sheriff.

Don't be tricked by spam. Learn to spot it.


Senators Propose A New Bill To Help Consumers And Hold Data Brokers Accountable

Senators John D. "Jay" Rockefeller IV (D.-W.Va.) and Ed Markey (D-Mass.) recently proposed the Data Broker Accountability and Transparency Act of 2014 (DATA Act, S2025) to provide accountability for companies that make money by collecting and selling information about consumers that are not their customers. The Electronic Privacy Information Center (EPIC) explained the proposed legislation:

"Under the DATA Act, consumers would be able to access their personal information, make corrections, and opt out of marketing schemes. The DATA Act would empower the FTC to impose civil penalties on violators, and would prohibit data brokers from collecting consumer data in deceptive ways."

A variety of companies collect, and sell, information about consumers. During the past 6+ years, this blog has reported about some data brokers, including ChoicePoint, Acxiom, Intelius, US Search, Spokeo, and Lexis-Nexis. Several data brokers have experienced data breaches, and some have sold consumers' sensitive personal data to organized crime. Data brokers collect a wide variety of information about consumers including but not limited to: current and past residential addresses, landline and mobile phone numbers, financial records, products and services purchased, autos purchased, retailers you shop at, and a lot more. With the growth of smart phones, mobile devices, and wearable devices, this data collection is growing quickly to also incude consumers' geo-location information and movement in the real world, health information, and exercise/workout information.

With the rise of data mining (a/k/a "big data"), companies seek to collect as much information as possible about their customers as possible. By analyzing this data, companies can deduce your favorite colors, tastes, and related preferences; including whether you are right- or left-handed. Your personal information is bought, sold, and traded between banks, data brokers, retail stores where you shop, telemarketing firms, collections agencies, and your local government.

Senator Markey said:

"“Consumers have the right to access to their personal data, the ability to correct it, and opt-out from marketing purposes, and Chairman Rockefeller’s legislation ensures these critical consumer controls... The data broker industry has for too longer operated in the shadows, compiling dossiers on millions of Americans. It is time to shine a light on this industry, and Chairman Rockefeller’s legislation helps put in place a system of rules that puts consumers in control of their information. I am proud to co-sponsor this bill...”

And:

"The Data Broker Accountability and Transparency Act of 2014 (DATA Act) comes on the heels of an investigation and majority staff report by the Commerce Committee into the multibillion-dollar industry. Released in December 2013, the report revealed the breadth and scope of the sensitive data – including financial, health, and other personal information – that is routinely amassed by data brokers on consumers without their knowledge or consent. The Committee also held a hearing on Dec. 18, 2013, to examine the privacy and accountability concerns with the industry."

Kudos to Senators Markey and Rockefeller for looking after the needs of consumers. The Direct Marketing Association (DMA) opposed the proposed legislation:

"Though similar bills have died on the Senate floor previously, the Direct Marketing Association says it intends to fight the DATA Act's progress “tooth and nail” due to the high profile it receives from Rockefeller... The section of the DATA Act that most offends marketing stakeholders would compel data brokers to grant consumers access to their data with the ability to correct it at least once a year at no cost. The cost would fall on the so-called data brokers."

You would think that an industry that wants to sell accurate information would welcome corrections by consumers, who know their personal information best. It seems that accuracy takes a back seat to profitability. And, the companies making profits with the information they sell are in the best position to absorb the costs of corrections. If they can't do so profitably, then get out of the business.

Read the full text of the proposed DATA Act (Adobe PDF). Contact your elected officials and tell them to support the DATA Act.

In the interest of full disclosure, I worked for Lexis-Nexis in its Dayton, Ohio headquarters from 1984 to 1986.


FCC Chairman Says His Agency Will Work To Restore Net Neutrality

In a speech last week at the Univeristy of Colorado Law School, the Chairman of the Federal Communications Commission (FCC) discussed the need to restore Net Neutrality rules. MediaPost explained the problem:

"In January, the D.C. Circuit Court of Appeals gutted the FCC's net neutrality rules, which prohibited broadband providers from blocking lawful content or apps. The court ruled that the FCC couldn't impose common carrier regulations on broadband providers, given that the agency classified broadband as an “information” service in 2002. Neutrality advocates now say the FCC must first reclassify broadband as a telecommunication service if the agency wants to impose neutrality rules that will stand up in court. That way, broadband providers will be subject to the same common carrier rules that require telephone companies to put through all calls."

Portions of the speech by FCC Chairman Tom Wheeler:

"The Network Compact—universal accessibility, interconnection, public safety, and consumer protection—constitute the things we have to promote and protect if we are to be faithful to the public interest imperative. When being offline in America means being unable to participate fully in our economy and our society, it is imperative that the Commission work to ensure that every American has access to affordable broadband."

Chairman Wheeleer said this about the recent court decision:

"The most obvious case where the Commission must act anew is net neutrality.
In its Verizon v. FCC decision, the Court of Appeals invited the Commission to act to preserve a free and open Internet. I accept that invitation, and in the coming days, I will be outlining how I propose to proceed... First, the Court has ruled that the FCC has the legal authority to issue enforceable rules of the road to preserve Internet freedom and openness. It affirmed that Section 706 of the Telecommunications Act of 1996 gives the FCC authority to encourage broadband deployment by, among other things, removing barriers to infrastructure deployment and promoting competition. It also found that the goals of the Open Internet Order are within the scope of authority granted to the Commission. The court opinion specifically included that the Commission was justified in concluding that an open Internet would further the interest of broadband deployment by enabling the virtuous cycle of innovation that unites the long-term interests of end-users, broadband networks and edge-providers... What remains open is not jurisdiction, but rather the best path to securing the public interest..."

We will see if the FCC makes good on the Chairman's words. Read the full text of Chairman Wheeler's speech (Adobe PDF), and here.


Highlights From Yesterday's NSA Reform Protest

The Day We Fight Back. Reform the NSA The protest yesterday included both physical and online events. The online activity included both the #Stopthe NSA and #TheDayWeFightBack hashtags. Consumers placed 86,454 phone calls and sent 178,903 e-mail messages to their elected officials in government worldwide. All within 24 hours.

Activity in the United States:

Visit The Day We Fight Back site to learn more about activity in the United States and worldwide. Notable tweets yesterday by elected officials in the United States:

Tweets by Senators Tom Udall and Ron Wyden

Tweet by Senator Ron Wyden

Tweet by Senator Patrick Leahy

Tweet by Senator Bernie Sanders

Meanwhile yesterday, House Speaker John Boehner tweeted about the ACA and the death of Shirley Temple, but did not tweet anything about NSA reform and surveillance. Senate Leader Harry Reid did not tweet anything about NSA reform and privacy, either.


NSA Reform: Take Action Now

The Day We Fight Back. Reform the NSA I hope that you will join me in today's protest to demand that the USA government reform the National Security Agency (NSA) programs that spy on everyone. Why take action? The Center For Internet And Society (CIS) at Stanford law School explained the situation well:

"With unfettered information about everyone, we can be singled out, targeted, marginalized, investigated, discredited, or jailed for pushing for peaceful change... So we join The Day We Fight Back to help end mass surveillance, and we hope you will join us, too... Last summer, the world learned that the United States’ intelligence agencies are conducting mass surveillance of millions of innocent people--Americans and citizens of other nations. We don’t know the whole story. Surveillance practices are secret, targets are secret, and even some of the laws under which the agencies operate are secret. The government has many techniques for masking the full scope of its information collection. Nevertheless, newspapers report that the National Security Agency obtained 70 million French telephone calls and 60 million Spanish ones in a single 30-day period. In a single day, the agency sucked in 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers. The NSA also collects daily contacts from an estimated 500,000 buddy lists on live-chat services as well as from the inbox displays of Web-based e-mail accounts. It collects approximately 250 million communications and “communications transactions” a year from inside the United States, a collection that includes Americans’ messages and calls with people overseas, as well as improperly collected purely domestic communications the NSA nevertheless keeps. The agency also obtains hundreds of thousands of peoples’ calling records under a law whose primary sponsor says was never conceived of for bulk collection purposes. Perhaps worse, the United States government actively undermines Internet security by subverting the process for adopting encryption standards and forcing companies to install surveillance back doors."

Action by Congress is long overdue. Unfamiliar with the issues? Read the Surveillance section of this blog, and follow any of the above links. Then, take action. You can contact your elected officials using the banner that overlays all posts on this blog, here, or here.


Google Patents Include Capabilities To Automatically Collect And Send Your Videos To Law Enforcement

NSA Android logo Last month, Google applied for two U.S. patents containing technologies to automatically identify, catalog, and track videos you upload about any trending event. The first patent application, "Inferring Events Based Upon Mob Sourced Video," included the following description:

"Methods and systems are disclosed for inferring that an event of interest (e.g., a public gathering, a performance, an accident, etc.) has likely occurred. In particular, when there are at least a given number of video clips with similar timestamps and geolocation stamps uploaded to a repository, it is inferred that an event of interest has likely occurred, and a notification signal is transmitted (e.g., to a law enforcement agency, to a news organization, to a publisher of a periodical, to a public blog, etc.)."

Department of Justice logo Note that "a law enforcement agency" is specifically mentioned. That could include local police for your city, or one of the federal agencies (e.g., FBI, NSA, DEA, ATF, etc.). The "mob" reference does not mean organized crime, but instead means videos uploaded by several consumers... regular, innocent people like you and I that probably aren't doing anything illegal except attending a public event. The "repository" could be any single or multiple social networking sites (e.g., Facebook, Instagram, Snapchat, etc.).

The patent collects and monitors videos based upon metadata in the videos that meet the search criteria set by the organization doing the tracking:

"In one embodiment, a computer system pre-processes existing video clips in a video clip repository by defining groups of "related" video clips, based on the timestamps and geolocation stamps of the video clips. When there is a group whose size (i.e., the number of video clips in the group) meets or exceeds a size threshold, the computer system transmits a notification to one or more recipients (e.g., a news organization, etc.) that an event of interest likely occurred at the indicated time and geolocation. In one such embodiment, the computer system also determines the particular recipient(s) of the notification based on the geolocation of the event (e.g., an event in Manhattan might be transmitted to NYC Police and Channel 7 New York, etc.), the time of the event (e.g., an event at 3:00 am might go to the police but not a television station)... In one embodiment, after the repository has been processed, the computer system monitors video clips that are newly-uploaded to the repository and, based on their timestamps and geolocation stamps, adds the newly-uploaded video clips to existing groups, or creates new groups. When a video clip is added to a group and the size of the group has reached, for the first time, the size threshold, the computer system transmits one or more notifications, as described above."

The second patent application, "Mob Source Video Collaboration," includes this description:

"In an embodiment of the present invention, a computer system determines that a set of two or more video clips are of the same event (e.g., a wedding, a sports event, an everyday scene, etc.) when the timestamps and geolocation stamps match, within suitable thresholds. For example, if two video clips have respective timestamps of 2:03-3:05 pm and 2:01-2:56 pm and their geo-location stamps are within 20 meters of each other, then the computer system might identify the two video clips as being of the same event... In one embodiment, a computer system pre-processes the existing video clips in a video clip repository by identifying, based on timestamps and geolocation stamps, video clips that are "related" to one another (i.e., that are of the same event). The computer system then sends a message to each author of a video clip in the repository, inquiring whether the author grants permission to: notify the authors of related video clips of the existence of the video clip, and notify followers of these authors of the existence of the video clip. For example, if Mary Jones has uploaded a video clip of his brother John's wedding to a video clip repository, Mary will receive a message that inquires whether she gives permission to notify the authors of other video clips of John Jones' wedding (e.g., Mary's cousin Betty, etc.) of the existence of her video clip, as well as whether she gives permission for followers of these other authors to also be notified of the existence of the video clip."

So, the technologies in the patents would allow organization to follow videos about breaking events as they happen, as you follow people today within social networking sites. The technologies would also notify you of others who recorded video of the same event, and facilitate connecting with them. Phandroid reported:

"The exact details of this system – if put into practice – would likely be buried deep in a Terms of Service document. We’re guessing the most effective solution (for Google) would be collect aggregate and anonymous data to which you opted-in (time and location data of multimedia), extrapolating that data to identify “mob source” events, and then sharing related, publicly available multimedia to 3rd parties. This could be used in any of the typical “nothing attracts a crowd like a crowd” scenario, from bar fights and car accidents to flash mobs..."

If you aren't aware, your mobile devices automatically attach geolocation data (e.g., GPS coordinates) to every photo and video you take; unless you turn off the GPS feature. Most people don't turn off the GPS feature with their smartphone's camera because other apps (e.g., maps, travel directions, shopping, etc.) use the GPS feature. The geolocation and timestamps data are part of the metadata attached to your photos and videos; data that social networking sites are eager to use.

The technologies in these patent could be helpful to collect videos about a specific event. Many people create event pages on social networking sites. The patents could make it easier for event organizers to collect video about their event. That's the positive. The negative: the technologies could also be used to invade consumers' privacy.

After reading these patent applications, several things came to mind. First, while the patents mentioned harmless applications (e.g., weddings, performances, auto accidents, etc.), this is anything but. It is all about law enforcement. During and after the Marathon bombings in April 2013, law enforcement had difficulty collecting, and then sorting through, the mountain of consumer-produced videos and photographs. The technologies in these two patents would solve those problems. Plus, Google operating system software already contains NSA code. Google seems quite content to pursue technologies to facilitate surveillance.

Second, I found the "mob" description troubling. It implies something negative, when the terms "group-sourced" or "crowd-sourced" could have been easily used instead. I guess that in the surveillance state, everyone is a potential threat whether you have done something illegal or not.

Third, the patents don't really solve a consumer problem. Unless you are new to the Internet and social networking sites, you are already connected to the people you want to follow; and the content your connections produce. For a wedding, the couple has already invited the people they want to attend via registrations at gift or event sites.

Fourth, the technologies in these patents probably represent the next step of the tracking technology. We consumers have already experienced facial recognition in social networking websites. The goal has been to identify people and locations in photographs. Now, the goal is to identify people and places in videos. Fifth, neither patent mentions minors and how the video targeting and cataloging technologies won't run afoul of FTC rules about the collection of data about minor children.

Think about this the next time you record videos at a public event: concert, sports game, group activity (e.g., bicycling, swim or track meet, etc.), vacation, school outing to a museum, dinner in a restaurant with friends or classmates, and/or a public demonstration or protest. You are at the event enjoying it and minding your own business. yet, the videos you upload are potentially considered part of some "mob" action.

Does that sound right to you? Not to me.

Many flash mobs were harmless, fun events such as dancing, couples dancing, and marriage proposals. It is also important to emphasize the First Amendment of the U.S. Constitution (emphasis added):

"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."

Nobody wants a new technology to intimidate or hinder the rights of citizens to assemble peaceably.

Want some privacy online? It's getting more and more difficult. Turn off the GPS feature for the camera in your mobile device when taking photographs and videos. Be careful about what video you upload to social networking Web sites. Make your privacy settings "friends only" for videos you post on social networking sites.

What are your opinions of the two patents?


February 11, 2014. The Day To Fight Back Against NSA Surveillance

Fight back on February 11, 2014 against N.S.A. government surveillance Now is the time to take action. If you believe that it is wrong for the NSA to perform bulk collection of telephone metadata of citizens not suspected of any crimes. insert NSA code into software products without notice to consumers, and undermine Internet encryption standards, then now is the time to take action. Unacceptable privacy violations have happened, and too many questions are still unanswered.

If you believe that the proposed surveillance reforms by the Obama Administration are insufficient, then now is the time to take action.

On Tuesday, February 11, Internet users across the United States and several organization (including Demand Progress, the Electronic Frontier Foundation, Fight for the Future, Free Press, BoingBoing, Reddit, Mozilla, and others) will join together to pressure lawmakers to end mass surveillance.

Click on the "Fight Back" image to learn more. At the "Fight Back" site, you can read more, sign up for e-mail alerts, and find events near you.


5 Ways The Loss Of 'Net Neutrality' Will Affect Netflix And Other Video Streaming Users

ABC News published a news story recently that helps make the loss of Net Neutrality real for consumers... especially those that stream video content. A Federal appeals court recently ruled in favor of Verizon in its lawsuit against the Federal Communications Commission.

How consumers could (probably will) be affected:

  1. Degraded service
  2. Higher costs
  3. Greater technological divide by income, demographics

To see the complete list of impacts, read/watch the ABC News report. To learn more about Net Neutrality, read this blog post.

Of course, Verizona nd others claim the loss of Net Neutraility will spur innovation. Yep... inovative ways to charge consumers more. And, your Internet bill will look more like your cable TV bill: complicated and more expensive.

I sincerely hope that this bothers you, because it is time to act to save the Internet. Contact your elected officials today and demand action. There are several online petitions you can sign, including the ACLU, Bold Progressives, and Daily Kos.


Giving Voice to Values Announces Venture With Business Expert Press

Logo for Babson College and Giving Voice To Values The Giving Voice To Values initiative (GVV) announced recently a joint venture with Business Expert Press (BEP) to produce a series of books on Business Ethics and Corporate Social Responsibility. According to the The announcement (Adobe PDF), the goal of the book collection is to provide:

"... practical, solutions-oriented, skill-building approach to the salient questions of values-driven leadership... [and] emphasize research-based practical examples and guidance on how to positively enact values-driven leadership positions, rather than to focus solely or primarily upon ethical debate."

GVV includes both research and a curriculum taught worldwide in higher-education schools worldwide.  GVV is:

"... designed to transform the foundational assumptions upon which the teaching of business ethics is based, and importantly, to equip future business leaders to not only know what is right — but how to make it happen."

The joint venture seeks concise business education books of about 150 pages that target undergraduate, MBA, and executive education students:

"Books may be focused upon a functional area (e.g., Accounting Ethics); an industry (e.g., Ethics in the Financial Sector); a regional area (e.g., Practical Ethics in India); or some combination of the above. Although it is fully expected that some manuscripts may well include a focus upon the theory and analysis of ethical questions, or the history and benchmarks of Corporate Social Responsibility as it has evolved..."

I look forward to hearing more about the GVV/BEP joint venture and the books it publishes. Improved ethics by executives are sorely needed. One doesn't have to look far to find examples of unethical executive behavior, fines, and wrongdoing: JPMorgan Bank, Johnson & Johnson, Moneygram, CVS, government contractors, companies with data breachesemployers that commit wage theft, companies that produce leaky mobile apps, and companies that publish fake online reviews. A 2013 study found that junior banking executives consider wrongdoing an accepted way to advance in their careers.

Logo for Business Expert Press BEP is a leading resource in business education. The company publishes collections of concise, academically sound, and applied books for undergraduate, MBA and executive business education. Books are available in both print and e-book formats.

Interested authors can discuss book ideas with Mary C. Gentile, Director of Giving Voice To Values initiative, Senior Research Scholar at Babson College, and Editor of the GVV/BEP book collection.


Neiman Marcus Discloses Some Details About Its Data Breach

Neiman Marcus logo The Neiman Marcus Group disclosed some detail about its recent data breach. In a letter to its customers, Karen Kay the President and CEO, stated that malware had been secretly installed in its systems, and stole shoppers' payment information from July 16, 2013 to October 30, 2013. As many as 1.1 million shoppers were affected. The letter also said:

"... Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently."

The retailer notified thiese 2,400 breach victims on January 10. So far, only shopper's debit/credit card payment information has been stolen: card numbers, expiraton dates, and cardholders' names:

"Social security numbers and birth dates were not compromised. Our Neiman Marcus and Bergdorf Goodman cards have not seen any fraudulent activity. Customers that shopped online do not appear to have been impacted. PINs were never at risk because we do not use PIN pads in our stores."

Several state governments require companies to notify them about data breaches affecting their residents. In a breach notification letter (Adobe PDF) to the New Hampshire Department of Justice, the retailer provided more details about the breach:

"As a result of the investigation we initiated, using two of the leading computer forensice investigative firms, we learned for the first time on January 1, 2014 (preliminarily), and then more concretely on January 2 and 3, that sophisticated, self-concealing malware that can "scrape" (copy from temporary memory during execution of payment) payment card information ("the scraping malware") had been clandestinely inserted into our system. We later learned that this malware had been inserted in our system as early as July 2013... it appears that the scraping malware was active between July 16, 2013 and October 30, 2013... it appears that the scraping malware was not operating at all Neiman Marcus Group stores..."

So, the malware affected shoppers in several of the retailer's store chains. The usage of the term "system" seems to suggest that the retailer's network was infected with malware, not just point-of-sale (PoS) computers. It seems that multiple types of malware were involved in the breach:

"Separate, related malware that allows this scraping malware to function appears to have been clandestinely inserted earlier in 2013. Neiman Marcus was not aware of any of this hidden malware until it was discovered this month by our investigative experts..."

The retailer said it has postal (street) address information for only 31% of the 1.1 million shoppers, and it has identified 822 New Hampshire residents (with street addresses) affected by the breach. The Neiman Marcus Web site contains the breach letter and frequently-asked-questions; basic content for shoppers that have never experienced a data breach before.


RSA Announced "ChewBacca" Malware Attacked Retailers In 11 Countries

Global security firm RSA announced the discovery of "ChewBacca" malware attacks which targeted point-of-sale (PoS) systems in retail stores. The malware attacked and stole shoppers' credit card payment information in 11 countries, including the United States, Australia, Canada, and Russia:

"While the malware used in the operation is not new, RSA researchers discovered that, beginning October 25th, it had logged track 1 and 2 data of payment cards it had scraped from infected PoS systems."

Tracks 1 and 2, developed by the banking industry, on the magnetic stripe on your credit cards typically include the following payment information:

  • Cardholder's full name
  • Credit card number
  • Credit card expiration date
  • Country code

Track 3 of the magnetic stripe is used to store PIN, currency, authorized amounts, and other payment data for debit card transactions. It appears that a different malware version targetd both credit and debit cards via infected PoS terminals during the Target data breach. Neiman Marcus has disclosed a few details about its data breach, while Michaels Stores hase not -- so far.

The malware copied payment information from the PoS terminal's memory when the shopper's payment data was unencrypted. The malware then sent the stolen payment information to a  hidden Internet-connected server.

The Trojan was named "ChewBacca" because the sign-in page for malware users features an image of the popular character from the Star Wars films. To protect shoppers' payment data against malware like ChewBacca, RSA suggested:

"Retailers have a few choices against these attackers. They can increase staffing levels and develop leading-edge capabilities to detect and stop attackers (comprehensive monitoring and incident response), or they can encrypt or tokenize data at the point of capture and ensure that it is not in plaintext view on their networks, thereby shifting the risk and burden of protection to the card issuers and their payment processors."

So, doing nothing is not an option. Business-as-usual is not an option.


A New I've Been Mugged Blog Feature To Fight Comments Spam

I receive a lot of spam comments on my I've Been Mugged blog, and I wanted to alert readers to a small change.

Most of the comments spam seems to be from offshore people trying to promote products for their clients. You'd be shocked by the advertising garbage people try to slip into comments. The spam advertises products, services, and topics (e.g., handbags, face creams, athletic shoes, power tools, child care, etc.)in a variety of languages that are  totally unrelated to this blog. You never see this spam because all comments are moderated. I reject spam comments and post valid comments for blog posts.

Know that the comments spam is ongoing. It never stops. I probably receive four to eight spam comments daily, and I'd rather spend my time doing other tasks that are productive and enjoyable. So, to help screen out the comments spam, this blog now requiress commenters to have JavaScript enabled in their Web browsers.

Most readers whon't seen any differences because most (good) people already have JavaScript enabled in their Web browsers. The spammers don't.

If you don't have JavaScript enabled in your Web browser, then your Web browser or this blogging service (e.g., Typepad) may prompt you to enable JavaScript. Thanks for your readership.

George Jenkins
Editor
http://ivebeenmugged.typepad.com