Previous month:
June 2014
Next month:
August 2014

19 posts from July 2014

Massachusetts Attorney General Announced Settlement With Travel Company For Pressure Sales And Over-Priced Vacations

The Office of the Massachusetts Attorney General (AG) announced a settlement with Travel Services regarding the firm's marketing tactics:

"... Illinois-based Travel Services, Inc. and its principals have agreed to a $50,000 judgment that permanently prohibits them from selling and marketing vacation club memberships in Massachusetts... The consent judgment, filed Monday in Suffolk Superior Court, settles allegations that Travel Services – formerly known as Funseekers Vacations, Inc. and operating in Massachusetts as “Outrigger Vacation Club” – along with President Christy Spensberger and Vice President William Bailey, facilitated unfair and highly deceptive sales operations at Plymouth-based Only Way 2 Go Travel and Methuen-based Fantasia Travel. "

The 2010 lawsuit alleged that the defendants:

"... conspired to lure consumers to sales presentations using deceptive mail and telephone solicitations and then subject them to high pressure sales pitches containing myriad misrepresentations and omissions designed to induce consumers to purchase Outrigger Vacation Club memberships serviced by Travel Services... consumers entered into the membership contracts based upon false promises that they would receive better-than-Internet wholesale prices on vacation packages, cruises, accommodations and other travel services. Instead, consumers allegedly left sales presentation venues having spent thousands of dollars on vacation club memberships that were essentially worthless..."


Online While On The Toilet

Consumers love being connected online. Perhaps, too much. According to the results of a recent survey posted on the Social Times site:

  • 75 percent of Americans have used their smartphones in the bathroom
  • 63 percent of people read books, magazines, and newspapers while in the bathroom
  • 86 percent of men and 27 percent of women said the toilet was where they did most of their reading
  • Most popular bathroom activities: 67 percent text messages; 63 percent answer phone calls; 42 percent read e-mails; 38 percent surf the Web; 38 percent use apps; 29 percent use social networking
  • 24 percent of people said they never go to the bathroom without their smartphone

View more stats from the survey in the Social Times infographic.

If you are going to spend this much time and effort on the toilet, then you might consider upgrading to a "smart toilet." Several smart toilets are for sale on Ebay, and you can follow tweets by a smart toilet on Twitter. Smart crappers (electronic thrones?) are part of the coming Internet of Things (ioT) for consumers' homes. However, like any other Internet-connected device, smart toilets can be hacked.

In the future, I guess that teenagers won't toilet paper victims' front lawns. Instead, they'll hack and remotely operate/flush unsuspecting victims' smart crappers.

What are your opinions of the Social Times survey? Of smart crappers? If you have bought a smart toilet, please share below your opinions of it.


Proposed Settlement Agreement For Massive 2011 Data Breach At Sony Playstation Network

You may remember the massive data breach in 2011 at Sony Playstation Network (PSN) that affected about 77 million users worldwide. Sony executives apologized to users. Several lawsuits resulted which were combined into a single class-action suit.

InfoSecurity reported that a settlement agreement is pending where Sony would pay about $15 million to users in the United States. Proposed settlement terms:

"... Those who didn’t participate in Sony’s “Welcome Back” package will be entitled to one out of 14 PlayStation 3 or PlayStation Portable games and a choice of three out of six PS3 themes or a three month subscription to PlayStation Plus. However, there’s a $6m limit on these claims... Qriocity users will get a month’s free access to the music streaming service and those who can prove their identity was stolen could receive up to $2,500 in compensation..."

The United Kingdom's Information Commissioner's Office (ICO) fined Sony £250,000 ($395k) in January 2013. The ICO said in a January 2013 announcement:

"If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.

“There’s no disguising that this is a business that should have known better. It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.

“The penalty we’ve issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft."

The proposed settlement has not been approved by a judge, so it is not final. You can read the proposed settlement agreement.


Apple News: Electronic Book Price Fixing Settlement; IBM Partnership; EU Concerns About In-App Purchases By Children

Last week, the Office of the Massachusetts Attorney General (AG) announced a settlement with Apple Inc. regarding electronic book (a/k/a e-book) price fixing allegations. AGs from 33 states had filed lawsuits against the company:

"Contingent upon the resolution of Apple’s appeal of a U.S. District Court verdict from 2013, consumers nationwide will receive a total of $400 million, with Massachusetts consumers estimated to receive more than $12 million in refunds.The agreement also remains subject to approval by the U.S. District Court for the Southern District of New York."

Additional details about the Apple settlement:

"The exact amount of consumer relief is contingent upon the affirmation of a U.S. District Court’s July 2013 verdict that Apple violated federal and state antitrust laws by orchestrating a conspiracy with five publishers – Penguin Group (USA), Inc. (now part of Penguin Random House); Holtzbrinck Publishers LLC d/b/a Macmillan; Hachette Book Group Inc.; HarperCollins Publishers LLC; and Simon & Schuster Inc. – to artificially raise prices for E-books between 2010 and 2012 in order to eliminate retail price competition."

Information about the publishers' settlement:

"E-book purchasers nationwide are already entitled to refunds totaling $166 million in settlement funds paid by the five publishers involved in the conspiracy. Massachusetts consumers are due more than $5 million from these funds in compensation pursuant to these settlements."

Martha Coakley, the Massachusetts AG, said in a statement:

“Price collusion amongst competitors is unacceptable and this agreement will ensure that those responsible are held accountable... We are hopeful that this settlement will go through so that affected consumers can receive significant refunds as a result of these violations.”

New York State AG Eric T. Schneiderman said in a statement:

"... the biggest, most powerful companies in the world must play by the same rules as everyone else... We will continue to work with our colleagues in other states to ensure that all companies compete fairly with the knowledge that no one is above the law.”

Good. I applaud the AGs with this enforcement action. In related news, Apple announced a partnership with IBM Inc. to:

"... redefine the way work will get done, address key industry mobility challenges and spark true mobile-led business change—grounded in four core capabilities:

1. a new class of more than 100 industry-specific enterprise solutions including native apps, developed exclusively from the ground up, for iPhone and iPad;
2. unique IBM cloud services optimized for iOS, including device management, security, analytics and mobile integration;
3. new AppleCare® service and support offering tailored to the needs of the enterprise; and
4. new packaged offerings from IBM for device activation, supply and management."

Meanwhile, many parents in Europe are concerned about how app-based games are marketed. Engadget reported last week:

"... while Google addressed its concerns around games with in-app purchasing, Apple has yet to offer a strategy. Following hordes of complaints by outraged parents, the EU asked both companies to implement changes to the way they sell such apps in their stores. Those include not misleading consumers about supposedly "free" games, not "directly exhorting" children to buy in-game items, thoroughly informing customers about payment arrangements and forcing game-makers to provide contact information."

The request by the European Commission and the Consumer Protection Cooperation (CPC) Network included:

"1. Games advertised as "free" should not mislead consumers about the true costs involved;
2. Games should not contain direct exhortation to children to buy items in a game or to persuade an adult to buy items for them;
3. Consumers should be adequately informed about the payment arrangements for purchases and should not be debited through default settings without consumers’ explicit consent;
4. Traders should provide an email address so that consumers can contact them in case of queries or complaints."

The Engadget news article also included this statement by Apple:

"... over the last year we made sure any app which enables customers to make in-app purchases is clearly marked. We've also created a Kids Section on the App Store with even stronger protections to cover apps designed for children younger than 13. These controls go far beyond the features of others in the industry. But we are always working to strengthen the protections we have in place, and we're adding great new features with iOS 8, such as Ask to Buy, giving parents even more control over what their kids can buy on the App Store..."

This statement was after a $32.5 million settlement in March 2014 with the U.S. Federal Trade Commission (FTC):

"... a final order resolving FTC allegations that Apple Inc. unfairly charged consumers for in-app purchases incurred by children without their parents’ consent... by March 31, 2014, Apple must change its billing practices to ensure that it has obtained express, informed consent from consumers before charging them for in-app purchases. Apple also must provide full refunds, totaling a minimum of $32.5 million, to consumers who were billed for in-app purchases that were incurred by children... Should Apple issue less than $32.5 million in refunds to consumers within the 12 months after the settlement becomes final, the company must remit the balance to the Commission. By April 15, 2014, Apple must notify all consumers charged for in-app purchases with instructions on how to obtain a refund for unauthorized purchases by kids."

In-app purchases can be expensive. Experts advise parents to closely monitor their children's game activity.


Canvas Fingerprinting: What It Is, How Entities Use It To Track You Online, And The Privacy Concerns

"Canvas fingerprinting" is the latest technique entities use to identify and track consumers' online habits and movements. I use the word "entities" since both private-sector corporations and public-sector government agencies use the technique in their websites. The BBC described it well:

"This technique forces a web browser to create a hidden image. Subtle differences in the set-up of a computer mean almost every machine will render the image in a different way enabling that device to be identified consistently."

Those subtle differences include the many features that distinguish your computer's configuration from others: clock setting, default font, software installed, operating system brand and version, browser brand and version, and more. Researchers at Princeton University in the United States and at the University of Leuven in Belgium analyzed tracking techniques at 100,000 websites. They announced their findings in a draft report dated July 1, 2014:

"We present the first large-scale studies of three advanced web tracking mechanisms -- canvas fingerprinting, evercookies, and use of cookie syncing" in conjunction with evercookies. Canvas fingerprinting, a recently developed form of browser fingerprinting, has not previously been reported in the wild; our results show that over 5% of the top 100,000 websites employ it... The tracking mechanisms studied in this paper can be differentiated from their conventional counterparts by their potential to circumvent users' tracking preferences, being hard to discover and resilient to removal."

The researchers emphasized the extremely difficulty confronting consumers:

"Canvas fingerprinting uses the browser's Canvas API to draw invisible images and extract a persistent, long-term fingerprint without the user's knowledge. There doesn't appear to be a way to automatically block canvas fingerprinting without false positives that block legitimate functionality; even a partial fix requires a browser source-code patch. Evercookies actively circumvent users' deliberate attempts to start with a fresh profile by abusing different browser storage mechanisms to store removed cookies. Cookie syncing... allows different trackers to share user identifiers with each other. Besides being hard to detect, cookie syncing enables back-end server-to-server data merges hidden from public view."

Why the researchers produced this report:

"Our goal is to improve transparency of web tracking in general and advanced tracking techniques in particular.We hope that our techniques and results will lead to better defenses, increased accountability for companies deploying exotic tracking techniques and an invigorated and informed public and regulatory debate on increasingly persistent tracking techniques."

The researchers concluded the following about consumers' ability to maintain their privacy online:

"Current options for users to mitigate these threats are limited, in part due to the difficulty of distinguishing unwanted tracking from benign behavior. In the long run, a viable approach to online privacy must go beyond add-ons and browser extensions. These technical efforts can be buttressed by regulatory oversight. In addition, privacy-friendly browser vendors who have hitherto attempted to take a neutral stance should consider integrating defenses more deeply into the browser."

ProPublica reported:

"The researchers found canvas fingerprinting computer code, primarily written by a company called AddThis, on 5 percent of the top 100,000 websites. Most of the code was on websites that use AddThis’ social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish."

I strongly encourage consumers to read the ProPublica article, since it includes an interview with an executive from AddThis. The article also lists five recommendations consumers can do to minimize the online tracking. However, some of the recommendations require technical knowledge and skills beyond what many consumers have.

One recommendation includes using Chameleon with the Google Chrome browser. A reader, who asked me not to mention their name, shared this opinion:

"... Chameleon, it does not appear to be available for Firefox, and I won't run Chrome because of Google's outrageous privacy policy, which is really a disclosure policy that let's Google do pretty much what it wishes with the personal information that its browser, Chrome, collects... putting Chameleon on Chrome just effectively gives Google a monopoly... as it blocks other domains' fingerprinting while leaving Google's collection techniques in Chrome unmolested."

Is this an over-reaction? Consider... earlier this year, Google changed its policy to reflect its continued scanning of all inbound e-mails from non-Gmail users. About the scanning, a United Kingdom newspaper wrote this headline, "Google: Don't Expect Privacy When Sending to Gmail." A simple online search found this review of Google Chrome privacy. Several news organizations reported in December 2013 about how spy agencies in the U.S. and U.K. use Google's proprietary cookie technology.

Plus, MediaPost reported yesterday:

"Back in March of 2012, Google made international headlines with its controversial decision to revise its privacy policy in a way that allowed it to consolidate information about users. Ever since, a group of consumers have been trying to sue the company for allegedly violating users' privacy. This week, a federal judge ruled that the consumers could proceed with a lawsuit -- but not based on their original claims. Instead, U.S. Magistrate Judge Paul Grewal in San Jose, Calif. said that users could continue with allegations that Google wrongly transfers users' names and contact information to app developers."

So, there seems to be enough happening that some consumers understandably might try to minimize or avoid interactions with any Google products and services.

Several news organizations have reported about the high-profile websites that use canvas fingerprinting, including several porn sites and WhiteHouse.gov. Interested readers can browse this list of websites the researchers found that perform canvas fingerprinting.

I would like to thank the researchers for this report. It is greatly appreciated and very valuable. Consumers need to be informed and the websites (e.g., marketers and advertisers) aren't doing it. Tracking methods need to be disclosed and opt-in based.

During the last 7+ years, this blog has covered stories about several technologies (e.g., cookies, “zombie cookies,” Flash cookies, “zombie e-tags,” super cookies, “zombie databases” on mobile devices, etc.) entities have used to persistently track consumers online without their knowledge nor consent; and circumvent consumers' efforts to maintain privacy online. Proponents usually justify the tracking as needed for consumers interested in seeing relevant, target advertisements online (a/k/a "behavioral advertising). Given this history of repeated privacy abuses, sadly I am not surprised about canvas fingerprinting. Frustrated, yes. Surprised, no.

Many of these tracking technologies have resulted in class-action lawsuits, which has been good because the speed of technological change is far faster than both the laws and legislators’ abilities to understand the emerging technologies. I fear that class-actions, as a protection tool for consumers and/or a method to hold privacy abusers accountable, will be more difficult in the future as many banks, telephone, Internet service providers, consumer electronics, software, nursing, and health care companies have added binding arbitration clauses to agreements with their customers.

This persistent tracking raises other issues. Consumers need new browser features to stop this persistent online tracking, as companies user creative ways to restore browser cookies that users have deleted to maintain privacy online. For consumers, help may be on the way in the form of the Privacy Badger tool from the Electronic Frontier Foundation.

A prior blog post discussed the DuckDuckGo search engine as an alternative to traditional search engines (e.g., Google, Bing, Yahoo) for privacy-conscious users. While there was a discussion on one DuckDuckGo community board about canvas fingerprinting, a DuckDuckGo provided the this explanation:

"We removed the canvas check when we launched our reimagined/redesigned version earlier this year. This is no longer a concern. On the old DuckDuckGo, it's function was to detect if anti-aliasing was turned on, because our old default font (Segoe UI) broke when anti-aliasing was off."

So, the revised DuckDuckGo maintains privacy by design. Consumers can continue using the search engine with confidence for privacy.

Some consumers may conclude that using apps on their mobile devices instead of a web browser is an effective way to avoid the online tracking. Assuming this would be foolish given the Google lawsuit mentioned above. Plus, the unique device ID numbers (UDID) on all mobile devices are simply a very tempting identifier and tracking mechanism. It is one reason why so many apps want access to consumers' entire address books and other files on their mobile devices.

Download the researchers' report, "The Web Never Forgets: Persistent Tracking In The Wild" (Adobe PDF, 903 K bytes).

What are your opinions of the researchers' report? Of canvas fingerprinting? Of AddThis? Of Google? Of the failure of websites to inform consumers of the online tracking methods used? If you operate a blog or website using technologies from known canvas fingerprinters, please share your thoughts and/or whether you continue to use these technologies.

[Correction: an earlier version of this blog post mentioned a possible privacy problem with the DuckDuckGo.com search engine. The revised blog post above includes an explanation from DuckDuckGo about how their search engines maintains privacy and avoids canvas fingerprinting.]


Facebook Announces a New 'Save' Feature

On Monday, Facebook announced a new feature allowing members to save links to read later. The new feature is aptly called "Save," will be available during the coming days. Facebook described the new feature:

"... people find all sorts of interesting items on Facebook that they don’t have time to explore right away. Now you can save items that you find on Facebook to check out later when you have more time. You can save items like links, places, movies, TV and music. Only you can see the items you save unless you choose to share them with friends."

The announcement described how members can use the Save feature on mobile devices and via the website. If you read news items via Facebook, the new feature is beneficial.

Facebook's Save feature is long overdue as Twitter provided its users with the "Favorite" feature for many years. Seems like Facebook is playing catchup. It introduced searchable Hashtags in 2013, and now the Save feature.


Florida Enacts Stronger Security And Data Breach Notification Law

On June 20, 2014, Florida Governor Rick Scott signed into law the “Florida Information Protection Act of 2014" (FIPA). FIPA went into effect on July 1, 2014. The positive elements:

  1. The entity must notify both affected customers and the Florida Department of Legal Affairs (DLA) when a breach occurs.
  2. Notice must be given within thirty (30) days after the breach is discovered or occurred, unless law enforcement warrants a delay. The previous law specified 45 days.
  3. The DLA now has the authority, under the Florida Deceptive and Unfair Trade Practices Act, to civilly prosecute violations.
  4. Failure to provide timely notice can results in civil penalties applied to violators.
  5. Covered entities include both commercial entities (e.g., corporations, sole proprietors, partnerships, associations, trusts, estates), and state government agencies. However, state agencies are exempted from civil penalties for failing to provide timely notice.
  6. Notice must be given for a breach affecting 500 or more persons in the State of Florida
  7. The law requires outsourcing companies (e.g., "third-party agents) to notify their hiring entity within ten (10) days after the breach is discovered or occurred
  8. The law requires outsourcing companies, contracted with by covered entities to maintain, process, and store personal information, to take "reasonable measures to protect and secure data in electronic format" for personal information.
  9. The new law expanded the definition of personal information to include a user name or e-mail address in combination with a password or security question used to access an online account.
  10. Covered entities are exempted from providing notice to affected persons individually and can provide notice via ads online or in print, if one of the conditions applies: the cost of notifying persons individually would exceed $250k, there are more than 500k persons affected, or the covered entities lacks both e-mail and snail-mail addresses.
  11. By February 1st of each year, the DLA must submit an annual report of breach notices received

The not-so-good elements of FIPA:

  1. The law defines a "data breach" in terms of files in electronic format, and seems to ignore breaches involving paper files.
  2. The law seems vague if notice is required for breaches affecting both less than 500 persons in Florida and more persons in other states. A better law would have stated 500 persons regardless of their location.
  3. While the law requires both physical and electronic customer records to be be disposed in a way that prevents personal information from being disclosed, government entities are exempted from this provision.
  4. The law seemed vague on what constitutes, "reasonable measures to protect and secure data in electronic format" for personal information. Some states' security and breach notification laws have specified encryption.
  5. The law does not create a private right of action.
  6. The law provides an exemption if there is a determination of no fraud or financial harm:

"... notice to the affected individuals is not required if, after an appropriate investigation and consultation with relevant federal, state, or local law enforcement agencies, the covered entity reasonably determines that the breach has not and will not likely result in identity theft or any other financial harm to the individuals who se personal information has been accessed. Such a determination must be documented in writing and maintained for at least 5 years. The covered entity shall provide the written determination to the department within 30 days after the determination."

47 states now have passed, amended or proposed data breach notification laws. Shame on the three laggards. I applaud Florida officials for strengthening their state's privacy and data breach notification law, but wish they'd gone further and addressed the above not-so-good items.

View the full text of FIPA (Adobe PDF). Read the summary of FIPA by Martindale.

What are your opinions of FIPA?


House Representative Introduces Amendment to Stop The FCC From Challenging Local Laws That Prevent Broadband Competition

Federal communications Commission logo Tuesday evening, House Representative Marsha Blackburn (R-Tennessee) attached an amendment to an existing bill. That amendment was designed to block the Federal Communications Commission (FCC) from stopping existing state laws that prevent broadband competition.

I'll repeat that: 20 states already have laws that prevent broadband competition. In June 2014, the FCC announced plans to challenge these restrictive state laws that limit competition, and keep your Internet prices high. Blackburn and her corporate supporters want to stop the FCC from doing the right thing to protect consumers -- you.

Ars Technica described Blackburn's amendment:

"... to a general government appropriations bill that would prohibit taxpayer funds from being used by the FCC to preempt state laws governing municipal broadband. While Blackburn thinks the FCC shouldn't interfere with states' rights, she doesn't seem to be concerned about states interfering with municipalities' rights to offer their own broadband services..."

The likely reasons why Blackburn introduced this amendment:

"Blackburn received $10,000 from the National Cable & Telecommunications Association this year and last year, according to OpenSecrets.org. She received $12,500 in contributions from Verizon, $10,000 from AT&T, $7,500 from Comcast, and $7,000 from representatives of Time Warner Cable..."

Blackburn provided this spin in her website:

"Blackburn Works To Prevent FCC From Trampling on States' Right"

Screen image of Blackburn website on July 16, 2014

Blackburn either ignores or doesn't care that in many areas of the country, consumers have only one or two choices for high-speed Internet access, called broadband. Local laws in 20 states already prevent broadband competition by stopping cities and towns from building their own (low-cost to users) fiber Internet services. This keeps monthly prices by your Internet Service Provider (ISP) high. This limits the freedom of consumers to build broadband alternatives through their cities and towns. Bad for you; good for your ISP.

Consumers clearly want and support the freedom to develop local broadband projects. The Electronic Frontier Foundation (EFF) reported:

"Projects like community mesh networks and mayors’ attempts to bring fiber to their cities should never be illegal or stifled by misguided state laws. On the contrary, they should be encouraged. That’s because community and municipal high-speed Internet projects provide users more options."

Without competition, you have no alternatives should your current ISP treat you badly, provide poor customer service, or raise prices. Some consumers already recognize the benefits that come from the freedom to build local (e.g., municipal) broadband services:

"Consider Chattanooga, Tennessee, a city that has better broadband than San Francisco. Chattanooga is home to one of the nation’s least expensive, most robust municipally owned broadband networks. There, users have access to a gigabit (1,000 megabits) per second Internet connection. That’s far ahead of the average US connection speed, which typically clocks in at 9.8 megabits per second. And in the Mt. Pleasant neighborhood of Washington, DC, residents have built their own community-controlled alternative to expensive Internet companies, and it’s free."

Think about that. Faster Internet access at a lower price. I see nothing wrong with that.

Yet, Blackburn sees that as wrong. By working to keep these local laws in 20 states in place, Blackburn and her supporters are basically saying it is okay for corporations to develop broadband services and not people; that corporations have more rights than people.

And, Blackburn tried to camouflage a pro-big-business, anti-consumer, anti-competition, anti-consumer-freedom amendment in "states rights" language. The last time I heard the "states rights" claim was 50 years ago during the 1964 national campaigns, and when some people opposed the Civil rights Act of 1964 because they wanted to give businesses to arbitrarily refuse service to whomever they wanted. It seems that Representative Blackburn is still stuck in 1964.

"States rights" proponents often advocate a strict adherence to the U.S. Constitution. Last time I looked at the Constitution, it mentioned, "We the people..." and not corporations. To give corporations more rights than the people seems counter to the Constitution.

So, there are two reasons to contact your elected officials, and contact the FCC this week:

  1. Submit comments by Friday July 18th at midnight to keep the Internet fair and open (e.g., Net Neutrality), and
  2. Call your elected officials to stop and vote against the amendment Blackburn introduced

What are your opinions of the amendment Blackburn introduced? Of the state laws that already prevent broadband competition?


Data Collection By N.S.A. Spy Programs Includes Mostly Ordinary People And Not Legal Targets

National Security Agency logo Based upon files released by former government contractor Edward Snowden, law-abiding people far outnumber the bad guys caught in dragnet surveillance programs by the National Security Agency (NSA). The Washington post reported:

"Ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted... from U.S. digital networks, according to a four-month investigation by The Washington Post. Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else... Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents..."

The specific activity volume:

"In a June 26 “transparency report,” the Office of the Director of National Intelligence disclosed that 89,138 people were targets of last year’s collection under FISA Section 702. At the 9-to-1 ratio of incidental collection in Snowden’s sample, the office’s figure would correspond to nearly 900,000 accounts, targeted or not, under surveillance."

So, there's probably data collected about a million or more people. In its efforts to target the bad guys the NSA collected lots of data about everyone else. Now we learn that most -- 90 percent -- of that data collected isn't about the bad guys or people legally targeted.

What does this data collection contain? The Washington Post described it:

"Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes... medical records sent from one family member to another, résumés from job hunters and academic transcripts of schoolchildren. In one photo, a young girl in religious dress beams at a camera... Scores of pictures show infants and toddlers in bathtubs, on swings, sprawled on their backs and kissed by their mothers..."

That sounds like information the people involved probably don't want disclosed. To understand the nature of the data collected:

"The Post reviewed roughly 160,000 intercepted e-mail and instant-message conversations, some of them hundreds of pages long, and 7,900 documents taken from more than 11,000 online accounts."

This data collection highlights the failed oversight mechanisms within government:

"No government oversight body, including the Justice Department, the Foreign Intelligence Surveillance Court, intelligence committees in Congress or the president’s Privacy and Civil Liberties Oversight Board, has delved into a comparably large sample of what the NSA actually collects..."

This data collection highlights what the NSA shares with other agencies:

"The NSA treats all content intercepted incidentally from third parties as permissible to retain, store, search and distribute to its government customers. Raj De, the agency’s general counsel, has testified that the NSA does not generally attempt to remove irrelevant personal content, because it is difficult for one analyst to know what might become relevant to another."

This data collection highlights the rationale NSA analysts use to classify targets as foreign:

"The rationales they use to judge foreignness sometimes stretch legal rules or well-known technical facts to the breaking point.... colleagues and supervisors often remind the analysts that PRISM and Upstream collection have a “lower threshold for foreignness ‘standard of proof’ ” than a traditional surveillance warrant from a FISA judge... One analyst rests her claim that a target is foreign on the fact that his e-mails are written in a foreign language... Others are allowed to presume that anyone on the chat “buddy list” of a known foreign national is also foreign. In many other cases, analysts seek and obtain approval to treat an account as “foreign” if someone connects to it from a computer address that seems to be overseas..."

So, if you or I use a computer in an Internet cafe in another country -- say, Paris, France -- we are likely to be categorized by spy analysts as foreign. That strikes me as very lazy, sloppy, and highly inaccurate spy work. It makes me wonder why our elected officials in Congress that are charged with oversight haven't fought against this lazy, sloppy, and inaccurate classification method.

And, this inacccurate data collection is also wasteful:

"Apart from the fact that tens of millions of Americans live and travel overseas, additional millions use simple tools called proxies to redirect their data traffic around the world, for business or pleasure. World Cup fans this month have been using a browser extension called Hola to watch live-streamed games that are unavailable from their own countries. The same trick is routinely used by Americans who want to watch BBC video. The NSA also relies routinely on locations embedded in Yahoo tracking cookies, which are widely regarded by online advertisers as unreliable."

So, the NSA is wasting taxpayers' money by collecting a lot of irrelevant data about people not targeted. If that bothers you, I hope that it does. It bothers me, too.

That the NSA collects and archives this sensitive data about people not targeted (and innocent), it highlights the related and important question: how well does the NSA protect this sensitive data collected? Once again, I thank Edward Snowden for sharing this information so we U.S. citizens can have an informed conversation about our government's spy activities; and if we want this to continue, changed, and if so how.

What are your opinions of these latest surveillance revelations?


Citigroup To Pay $7 Billion Settlement For Misleading Investors About Toxic Mortgage Backed Securities

Citibank logo The age of mufti-billion dollar settlements by banks is fully upon us. On Monday, The U.S. Department of Justice (DOJ) and several states attorneys general (AGs) announced settlements with Citigroup to resolve allegations that the bank mislead investors about toxic mortgage-backed securities. The DOJ announcement:

"... a $7 billion settlement with Citigroup Inc. to resolve federal and state civil claims related to Citigroup’s conduct in the packaging, securitization, marketing, sale and issuance of residential mortgage-backed securities (RMBS) prior to Jan. 1, 2009.  The resolution includes a $4 billion civil penalty – the largest penalty to date under the Financial Institutions Reform, Recovery and Enforcement Act (FIRREA).  As part of the settlement, Citigroup acknowledged it made serious misrepresentations to the public – including the investing public – about the mortgage loans it securitized in RMBS."

The settlement includes a payment of $4.5 billion to resolve federal and state claims, and $2.5 billion in relief to affected consumers. Attorney General Eric Holder said about the settlement:

“The bank's activities contributed mightily to the financial crisis that devastated our economy in 2008.  Taken together, we believe the size and scope of this resolution goes beyond what could be considered the mere cost of doing business. Citi is not the first financial institution to be held accountable by this Justice Department, and it will certainly not be the last.”

The announcement described the bank's unlawful activities:

"... Citigroup made representations to RMBS investors about the quality of the mortgage loans it securitized and sold to investors. Contrary to those representations, Citigroup securitized and sold RMBS with underlying mortgage loans that it knew had material defects. As the statement of facts explains, on a number of occasions, Citigroup employees learned that significant percentages of the mortgage loans reviewed in due diligence had material defects..."

The breakdown of the $4.5 billion payment to settle federal and state claims:

  • 4 billion civil penalty to settle DOJ claims under FIRREA,
  • $208.25 million to settle federal and state securities claims by the Federal Deposit Insurance Corporation (FDIC),
  • $102.7 million to settle claims by the state of California,
  • $92 million to settle claims by the state of New York,
  • $44 million to settle claims by the state of Illinois,
  • $45.7  million to settle claims by the Commonwealth of Massachusetts,
  • $7.35 to settle claims by the state of Delaware

The $2.5 billion payment of relief to affected consumers will include:

  1. Loan modifications for homeowners with mortgages underwater,
  2. Refinancing for distressed borrowers,
  3. Down payment and closing cost assistance to homebuyers,
  4. Donations to organizations assisting communities in redevelopment and affordable rental housing for low-income families in high-cost areas.

An independent monitor will review the payments to ensure that the bank satisfies its obligations. If Citigroup fails to satisfy the settlement agreement by December 2018, it must pay liquidated damages in the amount of the shortfall to NeighborWorks America. Perhaps, most importantly the DOJ stated in its settlement announcement:

"The settlement does not absolve Citigroup or its employees from facing any possible criminal charges."

The bank's quarterly earning fell by 96 percent due to the settlement payment. This latest settlement part of a long list of RBMS settlements by the Massachusetts Attorney General:


Traveling Abroad? New T.S.A. Rules For Inbound Flights To The U.S.A.

In response to intelligence reports about possible terrorist attacks Al Qaeda groups in Yemen, the Transportation Security Administration (TSA) issued new rules for flights inbound to the USA. The New York Times reported:

"... the United States has, for the first time, asked officials at more than a dozen foreign airports to confiscate from passengers any electronic devices that cannot be turned on, American officials said on Monday... Passengers will have to turn on the electronic devices while being screened by security personnel to prove that the devices are harmless, the T.S.A. said Sunday. The fear is that unresponsive phones have been hollowed out and filled with explosives..."

The affected airports are in Europe, the Middle East and Africa. The TSA does not screen passengers at foreign airports. The government agencies in each country perform that task, but:

"... foreign airports have to meet a series of requirements from the Department of Homeland Security and the Transportation Security Administration in checking such passengers before they board."

If you will travel abroad, this means you should make sure that all of your electronic devices (e.g., laptops, smartphones, tablets, etc.) are charged because you will be asked to turn them on in order to board your flight to the USA. Otherwise, you may have to leave behind your powerless device.

Read the July 6 announcement by the TSA.

What are your opinions of the new T.S.A. rules?


Net Neutrality: Deadline To Submit Comments To The FCC Is July 15

[Editor's Note: on July 14th the FCC extended the deadline for comments to midnight on Friday, July 18.]

If you care about keeping an open, fair Internet (commonly referred to as "Net Neutrality"), the deadline to submit comments to the Federal Communications Commission (FCC) is Tuesday, July 15. The On May 15, 2014

On May 15, the FCC released this Fact Sheet, which started a four-month period of seeking comments from the public:

"Since February, tens of thousands of Americans have offered their views to the Commission on how to protect an Open Internet. The proposal reflects the substantial public input we have received. The Commission wants to continue to hear from Americans across the country throughout this process. An extended four-month public comment period on the Commission’s proposal will be opened on May 15 – 60 days (until July 15) to submit initial comments and another 57 days (until September 10) for reply comments."

The Fact Sheet also stated:

"This Notice seeks public comment on the benefits of applying Section 706 of the Telecommunications Act of 1996 and Title II of the Communications Act, including the benefits of one approach over the other, to ensure the Internet remains an open platform for innovation and expression. While the Notice reflects a tentative conclusion that Section 706 presents the quickest and most resilient path forward..."

As I explained in a May 15 blog post, this legalese about Section 706 refers to the current classification of broadband as an "information service," meaning slow and fast lanes are allowed, as said by the courts. Title II refers to re-classifying broadband as a telecommunications service (e.g., utility), which allows the FCC to enforce strict net neutrality as we've all known the Internet to be until now.

Strict net neutrality means that you, the consumer, decides where you go on the Internet. Your Internet Service Provider (ISP) provides you with bandwidth and you decide where to go and what to do with that bandwidth. Without net neutrality, your ISP decides.

The phrase "quickest and most resilient path forward" probably refers to FCC Chairman Tom Wheeler's preference not to re-classify broadband as a telecommunications service, and avoid a long political battle aggains ISPs and their lobbyists. Reclassification would allow the FCC to enforce strict net neutrality and prohibit the ISPs from charging both fees to certain website operators (e.g., Netflix and others) and higher fees to consumers for "fast lane" Internet access to those websites that have paid fees, while relegating website operators that don't pay the fees to the "slow lane."

If you want to learn more, read this analysis by the Center For Internet and Society at Stanford Law School, this summary by the Electronic Frontier Foundation (EFF), and/or the Internet Access section of this blog. What the FCC Fact Sheet omitted was the fact the FCC first classified broadband as an "information service" in 2002, after President George W. Bush had appointed Michael Powell as FCC Chairman in 2001. Before President Obama appointed Wheeler as FCC Chairman, Wheeler served as an industry lobbyist.

To make matters worse, the corporate ISPs have already gained restrictive laws in some states that prevent towns and municipalities from operating their own fiber Internet services. If is fair to ask: how many more jobs and new businesses would have been created in your state (or city) if it had fiber Internet access everywhere? Some local towns tried and got squashed:

"In North Carolina a couple of years ago lobbyists for Time Warner persuaded the state legislature to make it almost impossible, virtually impossible for municipalities to get their own utility... And so now North Carolina, after being beaten up by the incumbents is at the near the bottom of broadband rankings for the United States... All those students in North Carolina, all those businesses that otherwise would be forming, they don't have adequate connections in their towns to allow this to happen..."

Is this fair? Not to me, and I believe you feel similarly. ISPs can't have it both ways, less regulation by killing net neutrality and restrictive local laws to limit true competition. If you believe that more competition leads to lower prices, then it is fair to wonder how many more jobs would have been created in the USA with broadband reclassified as a telecommunications service (e.g., a utility)?

So, it is time for all consumers to do their part and contact the FCC. You have several options:

  1. The offical FCC Electronic Comment Filing system for comments between now and July 15
  2. The official FCC e-mail address for comments. It's probably best to include either Proceeding Number 14-28 or 09-191 with your e-mail comments and the subject line (although the FCC should have clarified these instructions)
  3. Write via postal mail: Federal Communications Commission, 445 12th Street SW, Washington, DC 20554
  4. Call the FCC at: 1-888-225-5322 (TTY: 1-888-835-5322)
  5. The Dear FCC.org form created by the Electronic Frontier Foundation (EFF)
  6. The form at U.S. Senator Bernie Sanders' website (I-Vermont)
  7. Petitions: U.S. Senator Markey (D-Massachusetts), MoveOn, Credo Action, Daily Kos, Bold Progressives, and the White House

Of course, besides submitting comments directly to the FCC you should also contact your elected officials. What to tell the FCC? That's your decision. A good first step is to read the FCC's May 15 Fact Sheet, so you submit comments that are brief, relevant and specific to each Proceeding Number, when using method #1 above.

Also, I suggest:

  • To keep Net Neutrality; real Net Neutrality not the fake Net Neutrality in the latest policy proposed by FCC Chairman Wheeler.
  • The healthiest democracy possible, with everyone having access to information.
  • To keep the freedom to choose the websites you visit, and not lose that freedom when ISPs choose. Consumers decide what they do with the electricity, water, phone, and gas services to their homes. The same freedom of choice applies to Internet access and bandwidth
  • The FCC to reclassify broadband as a utility (e.g., telecommunications).
  • Real broadband competition everywhere, not the fake competition where the corporate ISPs have gentleman's agreements that divided up the country so cable never competes against fiber. That also includes stopping the proposed merger of Comcast and Time Warner Cable
  • Local prohibitions removed so local governments and their residents can develop broadband utilities, if they choose. Local governments should have the same freedoms as corporate ISPs. This increases competition and will (hopefully) lower broadband prices.
  • Everyone to have broadband at the lowest prices possible: for education and schools, to create jobs, and to encourage entrepreneurs to start new businesses.

California AG Steps Up Actions To Stop Alleged False Advertising By For-Profit College

Logo for Corinthian Colleges, Inc. Just before the July 4th holiday weekend, the State of California Office of the Attorney General filed a motion in its lawsuit against Corinthian Colleges, Inc. (CCI):

"... asking San Francisco Superior Court for permission to move on an expedited basis to file a supplemental complaint enhancing the original complaint Harris filed against CCI in October 2013, which accused the company of false and predatory advertising, intentional misrepresentations to students, securities fraud, and unlawful use of military seals in advertisements. Wednesday’s motion also indicates Attorney General Harris’ intention to subsequently move for a temporary restraining order and/or preliminary injunction against CCI to force the company to immediately cease its misleading advertisements and inform prospective students about its dire finances."

The California AG office had filed a lawsuit against CCI in October 2013. In a document filed with the U.S. Securities and Exchange Commission on June 19th, CCI informed investors of its serious financial troubles and plans to close or sell its campuses. During the last week of June, CCI signed an agreement with the U.S. Department of Education to close or sell its campuses.

On Monday of this week, the Denver Post reported that the company will sell 85 campuses:

"... including three Everest College campuses in Colorado and WyoTech in Laramie... Corinthian spokesman Kent Jenkins Jr. said WyoTech and Everest College campuses in Colorado Springs, Aurora and Thornton continue to enroll new students and hold classes for those seeking associate's degrees or diploma certifications. A fourth Everest Campus, in North Aurora, was put up for sale in September and stopped enrolling students in February. Corinthian enrolls 72,000 students nationwide, who receive $1.4 billion of federal financial aid annually..."

False and deceptive advertising by for-profit schools is a problem. Consumers don't get the benefits they paid for and taxpayer money (federal and state) is wasted for veterans' education. According to the Center For Investigative Reporting:

"... $600 million dollars in GI bill money had gone to hundreds of for-profit schools in California with low graduation rates and high rates of student loan default."

California AG Kamala D. Harris said in a statement:

"It is unacceptable yet not surprising that Corinthian Colleges continues to illegally target vulnerable Californians—including low income individuals, single mothers and veterans returning from combat—by lying about its dire finances and failing to tell prospective students that the schools to which they apply will all be sold or closed... My office is seeking expedited action to force Corinthian Colleges to put the interests of its students above its rapidly shrinking profits.”

It is a stark and sad reminder that for-profit entities, by design, will put their interests in profit-making ahead of all other interests.

[Editor's Note: Corinthian spokesperson Kent Jenkins, Jr. and I are not related.]


Consequences Continue For Target After Its Massive Data Breach

Target Bullseye logo Consequences continue for Target Corporation after the retailer announced in December 2013 a massive data breach. Zacks Investment Research issued yesterday this advisory:

"Target has been grappling with the massive data breach that has hurt the company’s results... fallout from the breach is likely to keep traffic at bay for some time and may result in potential costs (litigation, compensation, etc.) during the first half of fiscal 2014, putting Target’s revenues and margins under pressure. We believe that it will take time for effects of the breach to get completely mitigated."

Besides the data breach, a lukewarm entry into the Canadian market and weak online sales have put downward pressure on the company's estimated earnings:

"Given the negativity, analysts have become less constructive on the stock as reflected in the downward estimate revisions for fiscal 2014 and 2015. Over the last 60 days, estimates have gone down 7.7% to $3.71 for fiscal 2014 and 9.7% to $4.29 for fiscal 2015."


How To Protect Your Smartphone From Online Crime

56 percent of all adults in the U.S. own and use smartphones. Ownership climbs to 79 percent for people ages 18 to 24; to 81 percent for people ages 25-34. Ownership climbs even higher for people with higher incomes. With 4.5 million smartphone stolen during 2013, the threat of theft is real. So, it makes sense to protect both your phone and the sensitive personal and financial information you have saved on it.

Yes, there are apps to track a stolen mobile device (e.g., phone, tablet), but when your device is stolen your sensitive information is out there for thieves to use and abuse. And, some types of theft occur while you still have your phone in your hand.

How should a consumer protect their smartphone or tablet? There are 12 things you should do.

The first recommendation on the list probably is not what you'd expect. The obvious recommendation to lock your device with a PIN (personal ID number) or password is number 12 on the list. There are several more important things you should do first.

The top four recommendations by AARP to protect your mobile device:

"1. If your phone offers encryption, enable it. You can learn how at help.unc.edu/help/encrypting-cell-phones. "Most encryption software will then automatically update as needed," says Adam Levin, founder of IDentity Theft 911."

Encryption protects both your device and your information during wireless transmissions both to and from your device. It makes the transmissions unreadable to everyone else, but you. Anyone spying on your wireless transmissions would see illegible gibberish.

This protection is critical especially when using public WiFi hotspots. Thieves often lurk at these locations to scan the air waves for un-encrypted transmissions with cosnumers' login credentials (e.g., user name, password) to their bank accounts, retail stores, e-mail services, social networking sites, and so forth. Thieves will use stolen credentials to access as many online accounts as possible, since many consumers use the same passwords at multiple websites.

Using HTTPS (instead of HTTP) at websites with your web browser is a good start. There are other and stronger encryption solutions available, such at GetCocoon and PrivateWiFi. As a usability and information architecture consultant, my clients regularly require the use of Virtual Private Network (VPN) software to remotely access their network and information. VPN software encrypts transmissions.

Next on the list of security recommendations:

"2. Use security software recommended by your carrier or phone manufacturer, or free products by companies such as AVG, Avast and Lookout Mobile Security.

If you visit websites infected with malware, chances are your mobile device will get infected. It doesn't matter what brand of mobile device you use. Scan your device frequently (e.g., once or twice monthly) with security software to identify and purge any malware. Keep that software updated. Also:

"3. When using your smartphone to shop, use retailers' dedicated apps rather than your phone's browser.

4. Before installing apps, read their reviews — and stick with trusted vendors such as Google or Apple. Always read the "permissions" before downloading apps; avoid those wanting your OK to reveal your identity and location."

This can't be over-emphasized. Reviews can indicate how trustworthy the app and the app developer are. Reviews can also indicate if an app has encryption built into it, or not. Plus, you don't want to download and use an app that has already abused other persons' privacy. One chief privacy abuse has been the theft of contact information from address books on consumers' devices -- without notice to users and without consent.

Besides reading the reviews, also read the terms-of-use and privacy policies before downloading an app. The policies indicate how much of your personal information that app will share with other companies and business affiliates. If an app doesn't have these policies, experts advise consumers not to download that app. Some states, such as California, enforce the disclosure of these policies to consumers both before and after download.

Read the full list of 12 AARP recommendations to safeguard your mobile device. To surfithe web and/or do online banking on your mobile device without these security protections is just plain foolhardy, in my opinion.


Facebook Apologizes (Again) Meme

Facebook apologizes again meme

To learn about this and past privacy abuses, read:


Bank BNP Paribus To Plead Guilty And Pay Almost $9 Billion For Illegal Transactions

There seem to be more and more huge billion dollar settlements by banks for wrongdoing. Earlier this week, the U.S. Department of Justice (DOJ) announced an agreement with Bank BNP Paribus (BNPP) where the bank has agreed to plead guilty for illegal financial transactions with countries under U.S. sanctions. The French bank allegedly violated:

"... the International Emergency Economic Powers Act (IEEPA) and the Trading with the Enemy Act (TWEA) by processing billions of dollars of transactions through the U.S. financial system on behalf of Sudanese, Iranian, and Cuban entities subject to U.S. economic sanctions. The agreement by the French bank to plead guilty is the first time a global bank has agreed to plead guilty to large-scale, systematic violations of U.S. economic sanctions."

Investigations found that the bank processed $8.8 billion in illegal financial transactions with sanctioned entities.To avoid detection, the bank allegedly routed illegal payments through third-party banks and instructed other banks not to disclose the names of sanctioned entities in those transactions.

The bank entered a written plea agreement and will pay total financial penalties of $8.9736 billion, including a forfeiture of $8.8336 billion and a fine of $140 million. The DOJ annouced additional terms of the plea agreement:

"BNPP will waive indictment and be charged in a one-count felony criminal information, filed in federal court in the Southern District of New York, charging BNPP with knowingly and willfully conspiring to commit violations of IEEPA and TWEA, from 2004 through 2012."

The bank is scheduled to formally enter its guilty plea in United States District Court on July 9, 2014 at 4:30 p.m. Deputy Attorney General James M. Cole said:

"BNPP ignored US sanctions laws and concealed its tracks. And when contacted by law enforcement it chose not to fully cooperate... This failure to cooperate had a real effect -- it significantly impacted the government’s ability to bring charges against responsible individuals, sanctioned entities and satellite banks. This failure together with BNPP’s prolonged misconduct mandated the criminal plea and the nearly $9 billion penalty that we are announcing today.”

Assistant Attorney General Caldwell said:

"By providing dollar clearing services to individuals and entities associated with Sudan, Iran, and Cuba – in clear violation of U.S. law – BNPP helped them gain illegal access to the U.S. financial system... In doing so, BNPP deliberately disregarded U.S. law of which it was well aware, and placed its financial network at the services of rogue nations, all to improve its bottom line. Remarkably, BNPP continued to engage in this criminal conduct even after being told by its own lawyers that what it was doing was illegal.”

BNP Paribus stated in a press release:

"BNP Paribas also accepts a temporary suspension of one year starting 1st January 2015 of the USD direct clearing focused mainly on the Oil & Gas Energy & Commodity Finance business line in certain locations... BNP Paribas will maintain its licenses as part of the settlements, and expects no impact on its operational or business capabilities to serve the vast majority of its clients... "

In its press release, the bank announced new internal compliance and control processes:

"... a new department called Group Financial Security US, part of the Group Compliance function, will be headquartered in New York and will ensure that BNP Paribas complies globally with US regulation related to international sanctions and embargoes... all USD flows for the entire BNP Paribas Group will be ultimately processed and controlled via the branch in New York. As a result of BNP Paribas’ internal review, a number of managers and employees from relevant business areas have been sanctioned, a number of whom have left the Group."

The bank generated annual revenues in 2013 of Euros 36.1 million. The current exchange rate: 1.0 Euro = 1.37 U.S. dollars.

I congratulate government officials for the investigations and for enforcing the law. I look forward to the results of investigations of banks that worked with BNP Paribus to hide the illegal transaction. However, I have only one question: why are no BNP Paribus bank executives going to prison? The criminal conduct seems to warrant prison time.

What are your opinions of the plea agreement by Bank BNP Paribus?


Celebrating 7 Years Online!

Seven years ago today, I started the I've Been Mugged blog. Since then, I've learned a lot about identity theft, fraud, privacy, and data breaches. This blog has been a good tool to organize my thoughts, learnings, and the online resources I've found.

And wow has readership grown! During those early days in 2007, about 8,000 people total read this blog during six months. Now, about the same number of users read the blog every twelve days.

For that growth, some thank-you messages are necessary. First, I'd like to thank all I've Been Mugged readers. I am grateful for our readership and for the comments you have submitted. We have explored together many interesting topics.

Second, I'd like to thank the bloggers and the consumer advocates I've met online. Without their suggestions and encouragement, The quality of I've Been Mugged posts wouldn't be as high. Some bloggers I'd like to thank by name: Lori Magno, Michael Krigsman, Drew McLelland, and Ronni Bennett (who leads by example far more than she realizes). I'd also like to thank my numerous followers on Twitter, including GetCocoon.

Third, I'd like to thank guest authors Bill Seebeck, and R. Michelle Green. Fourth, I'd like to thank the Privacy Crusaders. If you know who they are, then you know the good they've done.

Fifth, I'd like to thank IBM for losing my sensitive personal data during its February 2007 data breach. That incident caused me to start blogging, and more importantly to start thinking about the privacy of my personal information. The more I learned about data breaches and the way companies assist (or don't) their data-breach victims, the more I realized that I had to do something. Rather than be angry, blogging seemed like a healthy and appropriate response.

If you haven't noticed yet, I named this blog in honor of IBM's data breach = I've Been Mugged.

And, I especially want to thank my wife, Alison. Without her support and flexibility, I couldn't write I've Been Mugged.

What's next? The rapid pace of technological change means there is a lot to write about. That includes the Internet of Things (ioT) and privacy. It also includes changes as the FCC makes decisions about Net Neutrality rules and Internet Services Providers. A variety of new digital devices, products, and services will provide more opportunities for companies and governments to collect (and resell) more sensitive data about consumers; forcing consumers to demand better privacy protections, and more transparent terms of use and privacy policies.

We'll continue to write about identity theft topics, data breaches, privacy, banking, mobile devices, and areas where corporate responsibility lags. And, we'll continue to report on both emerging and controversial issues that affect consumers.

If you are a new visitor, there are several easy ways to explore the blog:

  • The right column includes a tag cloud with subjects
  • The right column also includes featured blog posts
  • If you are curious about a topic, use the search box on the right
  • To access product and service reviews, select Reviews in the above horizontal navigation bar