Previous month:
September 2016
Next month:
November 2016

13 posts from October 2016

Facebook Lets Advertisers Exclude Users by Race

Facebook logo [Editor's note: Today's guest post was originally published by ProPublica on October 28, 2016. It is reprinted with permission.]

by Julia Angwin and Terry Parris Jr., ProPublica

Imagine if, during the Jim Crow era, a newspaper offered advertisers the option of placing ads only in copies that went to white readers.

That's basically what Facebook is doing nowadays.

The ubiquitous social network not only allows advertisers to target users by their interests or background, it also gives advertisers the ability to exclude specific groups it calls "Ethnic Affinities." Ads that exclude people based on race, gender and other sensitive factors are prohibited by federal law in housing and employment.

Here is a screenshot of a housing ad that we purchased from Facebook's self-service advertising portal:

Image

The ad we purchased was targeted to Facebook members who were house hunting and excluded anyone with an "affinity" for African-American, Asian-American or Hispanic people. (Here's the ad itself.)

When we showed Facebook's racial exclusion options to a prominent civil rights lawyer John Relman, he gasped and said, "This is horrifying. This is massively illegal. This is about as blatant a violation of the federal Fair Housing Act as one can find."

The Fair Housing Act of 1968 makes it illegal "to make, print, or publish, or cause to be made, printed, or published any notice, statement, or advertisement, with respect to the sale or rental of a dwelling that indicates any preference, limitation, or discrimination based on race, color, religion, sex, handicap, familial status, or national origin." Violators can face tens of thousands of dollars in fines.

The Civil Rights Act of 1964 also prohibits the "printing or publication of notices or advertisements indicating prohibited preference, limitation, specification or discrimination" in employment recruitment.

Facebook's business model is based on allowing advertisers to target specific groups 2014 or, apparently to exclude specific groups 2014 using huge reams of personal data the company has collected about its users. Facebook's microtargeting is particularly helpful for advertisers looking to reach niche audiences, such as swing-state voters concerned about climate change. ProPublica recently offered a tool allowing users to see how Facebook is categorizing them. We found nearly 50,000 unique categories in which Facebook places its users.

Facebook says its policies prohibit advertisers from using the targeting options for discrimination, harassment, disparagement or predatory advertising practices.

"We take a strong stand against advertisers misusing our platform: Our policies prohibit using our targeting options to discriminate, and they require compliance with the law," said Steve Satterfield, privacy and public policy manager at Facebook. "We take prompt enforcement action when we determine that ads violate our policies."

Satterfield said it's important for advertisers to have the ability to both include and exclude groups as they test how their marketing performs. For instance, he said, an advertiser "might run one campaign in English that excludes the Hispanic affinity group to see how well the campaign performs against running that ad campaign in Spanish. This is a common practice in the industry."

He said Facebook began offering the "Ethnic Affinity" categories within the past two years as part of a "multicultural advertising" effort.

Satterfield added that the "Ethnic Affinity" is not the same as race 2014 which Facebook does not ask its members about. Facebook assigns members an "Ethnic Affinity" based on pages and posts they have liked or engaged with on Facebook.

When we asked why "Ethnic Affinity" was included in the "Demographics" category of its ad-targeting tool if it's not a representation of demographics, Facebook responded that it plans to move "Ethnic Affinity" to another section.

Facebook declined to answer questions about why our housing ad excluding minority groups was approved 15 minutes after we placed the order.

By comparison, consider the advertising controls that the New York Times has put in place to prevent discriminatory housing ads. After the newspaper was successfully sued under the Fair Housing Act in 1989, it agreed to review ads for potentially discriminatory content before accepting them for publication.

Steph Jespersen, the Times' director of advertising acceptability, said that the company's staff runs automated programs to make sure that ads that contain discriminatory phrases such as "whites only" and "no kids" are rejected.

The Times' automated program also highlights ads that contain potentially discriminatory code words such as "near churches" or "close to a country club." Humans then review those ads before they can be approved.

Jespersen said the Times also rejects housing ads that contain photographs of too many white people. The people in the ads must represent the diversity of the population of New York, and if they don't, he says he will call up the advertiser and ask them to submit an ad with a more diverse lineup of models.

But, Jespersen said, these days most advertisers know not to submit discriminatory ads: "I haven't seen an ad with 'whites only' for a long time."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Disenfranchised By Bad Design

[Editor's Note: Today's guest post was originally published by ProPublica on October 20, 2016. It is reprinted with permission. Some towns, municipalities, and cities -- such as Boston -- use paper ballots that are scanned. (This facilitates recounts, when needed.) The city provides AutoMARK machines at polling locations to help voters requiring assistance. The machines use audio cues, magnification, and several languages to mark ballots correctly, especially for low-vision and disabled voters. Inquire about this automation or other assistance when you vote.]

by Lena Groeger, ProPublica

This November 8, even if you manage to be registered in time and have the right identification, there is something else that could stop you from exercising your right to vote.

The ballot. Specifically, the ballot's design.

Bad ballot design gained national attention almost 16 years ago when Americans became unwilling experts in butterflies and chads. The now-infamous Palm Beach County butterfly ballot, which interlaced candidate names along a central column of punch holes, was so confusing that many voters accidentally voted for Patrick Buchanan instead of Al Gore.

Pal Beach Country butterfly ballot
Palm Beach county’s infamous butterfly ballot. (Wikimedia Commons)

We've made some progress since then, but we still likely lose hundreds of thousands of votes every election year due to poor ballot design and instructions. In 2008 and 2010 alone, almost half a million people did not have their votes counted due to mistakes filling out the ballot. Bad ballot design also contributes to long lines on election day. And the effects are not the same for all people: the disenfranchised are disproportionately poor, minority, elderly and disabled.

In the predominantly African American city of East St. Louis, the race for United States senator in 2008 was missing a header that specified the type or level of government (Federal, Congressional, Legislative, etc). Almost 10 percent of East St. Louis voters did not have their vote counted for U.S. Senate, compared to the state average of 4.4 percent. Merely adding a header could have solved the problem. Below you can see the original ballot and the Brennan Center redesign.

Brennan Center ballot redesign
Before: no header for the Senate race, after: consistent headers for all contests. (Brennan Center, Better Design Better Elections)

"When we design things in a way that doesn't work for all voters, we degrade the quality of democracy," said Whitney Quesenbery, a ballot expert and co-director of the Center for Civic Design, an organization that uses design to ensure voters vote the way they want to on Election Day.

Many mistakes can be avoided with tiny tweaks
Designer Marcia Lausen, who directs the School of Design at the University of Illinois at Chicago, wrote a whole book about how democracy can be improved with design. She even tackles the infamous butterfly ballot. The 2000 Chicago Cook County judicial retention ballot crammed 73 candidates into 10 pages of a butterfly layout punch card ballot, with punch holes packed much more tightly together than in previous elections. As in Palm Beach, Yes/No votes for the candidates on the left page were confusingly interlaced with Yes/No votes for the right page.

Lausen's proposed redesign eliminates the interlaced Yes/No votes, introduces a more legible typeface, uses shading and outlines to connect names and Yes/No's with the appropriate punch holes, and removes redundant language.

Democracy For Action butterfly ballot image

Democracy For Action butterfly ballot after redesign image
Before and after butterfly ballots. (Design for Democracy)

In the 2002 midterm election in Illinois' Hamilton County, each column of candidate names was next to a series of incomplete arrows. Voters were supposed to indicate their choice of candidate by completing the arrow on the left of the candidate name. But because we read left to right and the candidate names in two races lined up perfectly, many voters marked the arrow to the right. As presented in a Brennan Center analysis, setting the columns a bit further apart and adding borders would have cleared up this confusion:

Suggested redesign of Illinois' Hamilton County ballot
  Illinois’ Hamilton county confusing ballot, and suggested redesign. (Brennan Center)

In Minnesota in 2008, Al Franken beat Norm Coleman for the U.S. Senate seat by a sliver, less than 300 votes. In that race, almost 4,000 absentee ballots were not counted because the envelope was not signed. The Minnesota Secretary of State's office decided to redesign the mailing envelope. After a series of usability tests, they added a big X to mark where people should sign. In the following election in 2010, the rate of missing signatures dropped to 837.

Minnesota's mailing envelope is a good example of how designers can solve design problems well before any election actually happens 2014 by testing those ballots beforehand.

"Test and test and test," recommends Don Norman, a designer and cognitive scientist who wrote the the book on designing objects for everyday life. The most important aspect of ballot design, he says, is considering the needs of the voters. He suggests doing extensive testing of ballots on a sample of people, which should include those who are "blind, deaf, or people with physical disabilities as well as people with language difficulties."

Bad instructions are a design problem, too
Beyond layout and ordering, the unanimous winner for worst part of ballot design? Instructions.

"The instructions are uniformly horrible!" said usability expert Dana Chisnell, who co-directs the Center for Civic Design with Quesenbery. Confusing jargon, run-on sentences, old-fashioned language left over from 100 years ago: all of these plague ballots across the country. Here are a few example instructions (the first from Kansas, the second from Ohio) along with the Brennan Center's redesign:

Brennan Center suggested redesign of Kansas ballot instructions
(Brennan Center, Better Ballots)

Brennan Center suggested redesign of Ohio ballot instructions
(Brennan Center, Better Ballots)

Even if the instructions are clear, placement of instructions has a huge effect on whether people understand them. In usability tests conducted in Florida's Sarasota and Duval counties in 2008, the majority of participants got to the end of the ballot and stopped. Which was a problem, because the ballot continued on the other side. Despite instructions specifically telling people to vote both sides of the ballot, they didn't.

Designers have already put together guidelines for making better ballots
Luckily, there are resources for how to help avoid these predictable problems. In addition to Lausen's book, the Design for Democracy initiative has worked for years at applying design principles to improve elections. A few years ago the design association AIGA combined forces with Whitney Quesenbery and Dana Chisnell to condense their best practices into a set of handy field guides.

The ballot-specific guide, Designing Usable Ballots, has this advice:

  1. Use lowercase letters.
  2. Avoid centered type.
  3. Use big enough type.
  4. Pick one sans-serif font.
  5. Support process and navigation.
  6. Use clear, simple language.
  7. Use accurate instructional illustrations.
  8. Use informational icons (only).
  9. Use contrast and color to support meaning.
  10. Show what’s most important.

For the designers, these recommendations may seem obvious. But election officials 2014 the ones responsible for laying out a ballot 2014 are not designers.

Sometimes, reality thwarts good design
Even if officials wanted to follow every design best practice, they probably wouldn't be able to.

That's because ballots are as complicated as the elections they represent. Elections in the U.S. are determined at the local level, and so each ballot must be uniquely crafted to its own jurisdiction. Ballots must combine federal, state, and local contests, display measures and propositions, and sometime require voters to express their choices in various formats 2014 for example ranking their choices versus selecting one candidate for the job.

"There will always be special circumstances that present new problems for ballot design," said David Kimball, a political science professor at the University of Missouri-St. Louis who has written extensively on voting behavior and ballot design.

Take what happened this summer in California's Senate race primary. A record number of 34 candidates were running to replace incumbent Democrat Barbara Boxer, and the ballot needed to fit them all. In many counties, elections officials simply couldn't follow the good design recommendation of "Put all candidate names in one column."

To make matters worse, bad design is written right into the law
Election officials are often constricted in what they can and can't do by specific language in their local election code. More often than not, the law is to blame for bad design.

For example, numerous jurisdictions require that candidate names and titles be written in capital letters. This goes against huge amounts of evidence that lowercase letters are easier to read. Other requirements like setting a specific font size, making sections bold or center-aligning headers make it next to impossible to follow all the design best practices.

Image of Illinois Election Code
Illinois Election Code used to require candidate names to be printed in capital letters. (Statutes of the State of Illinois)

Some election code requirements just seem to invite clutter. In Kansas, a candidate's hometown must be listed under their name. In California, the candidate's occupation. Designers argue that this additional text complicates the ballot with needless information, but they can't get rid of it without breaking the law.

"It's amazing how many design prescriptions are written into law by non-designers," said designer Drew Davies, who has worked with numerous jurisdictions to improve their ballots and voting materials and is design director of AIGA's Design for Democracy.

Some of those prescriptions border on the comical. In New York, election law requires that each candidate name must be preceded by "the image of a closed fist with index finger extended pointing to the party or independent row." Here's how that actually looks on real New York ballots:

[insert ny closed fist image]

In design, everything matters 2014 even the order of the candidate names
Some design problems are not as obvious as a pointing finger. Take something as simple as the order of the candidates' names. There is a well known advantage for being listed first on the ballot. The "primacy effect" can significantly sway elections, especially in smaller races not widely covered in the media where there is no incumbent. One study of the 1998 Democratic primary in New York found that in seven races the advantage from being listed first was bigger than the margin of victory. In other words, if the runner-up candidates in those races had been listed first on the ballot, they likely would have won.

As one report puts it, "a non-negligible portion of local governmental policies are likely being set by individuals elected only because of their ballot position." To combat this unconscious bias, some states have already mandated that names are randomly ordered on the ballot. Still, many states and jurisdictions do not have a standard system for organizing these names.

The future will bring new design challenges --but also new ways to make voting more accessible
As more and more states adopt absentee and vote-by-mail systems, they make voting more accessible and convenient 2014 but they also introduce new ways of making mistakes. And those errors are only caught after the ballot has been mailed in, too late to change. A polling place acts as a fail-safe, giving you the opportunity to ask a poll worker for help or letting you fill out a new ballot if yours gets rejected by the voting machine. But on an absentee ballot, if you made a mistake and your vote isn't counted, you'll never know.

There are several current efforts to overhaul the ballot entirely. Los Angeles County, for example, has teamed up with the design company IDEO to create an easier and more accessible way to vote. Their customizable device would let people fill out a sample ballot on their own time from a computer or mobile device, and then scan a code at the polling place to automatically transfer their choices to a real ballot.

The Anywhere Ballot is another open-source project that's designed to create a better voting experience for everyone 2014 including voters with low literacy or mild cognitive issues. Their digital ballot template, which came out of extensive user testing and follows all the current ballot design best practices, lets anyone use their own electronic device to mark a ballot.

But of course, the design problems that plague ballots affect all aspects of the voting process.

Voter registration materials, mailed voter guides and education booklets, election department websites and online instructions, poll worker materials 2014 all of these have problems that can be improved with better design.

"Ballots are where all the drama happens," said designer Lausen, "but there is much more to election design."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Potential Security Issues Regarding the Internet of Things

Header potential IoT device security issues

[Editor's Note: today's blog post is by guest author Cassie Phillips, a technology blogger who developed a special interest in cybersecurity after her webcam was hacked. While she’s interested to see how the Internet of Things changes how we use technology, she is very concerned about all the risks it poses.]

By Cassie Phillips

Many people and organizations have raised concerns about the potential risks related to the Internet of Things (IoT). It turns out that they were right to be concerned. Last month the France-based hosting provider, OVH, fell victim to an enormous distributed denial-of-service (DDoS) attack on the Minecraft servers that OVH was hosting.

DDoS attacks are attempts to make a resource (usually a website) inaccessible to its users through an inundation of requests, aiming to overburden the system. In the past, DDoS attacks were carried out by computers, with or without their owner’s consent. Hot Hardware reported:

“OVH was the victim of a wide-scale DDoS attack that was carried via a network of over 152,000 IoT devices… Of those IoT devices participating in the DDoS attack, they were primarily comprised of CCTV cameras and DVRs.”

Before the attack on OVH, there was another DDoS attack on prominent internet security researcher Brian Krebs’ website. This attack was also carried out by IoT devices. Akamai Technologies Inc., a provider of security services worldwide for major companies, cut ties with Mr. Krebs because the DDoS attack on Krebs’ website was enormous. Josh Shaul, Akamai’s vice president, said it was the worst DDoS attack the company had ever seen.

These broad attacks prove that the IoT does pose a significant security risk. And DDoS attacks are by no means the only security risks that the IoT presents. Let’s look at what the IoT is, the risks it presents and, most importantly, how to ensure that any IoT devices you use are secure.

What Is the Internet of Things?
The IoT is the idea that any device can be designed to be able to connect to the internet and other devices. These devices include mobile phones, washing machines, refrigerators, coffee makers, televisions, home thermostats, motion sensors, headphones, Barbie dolls and baby monitors. There is no limit except the imagination.

There are even buildings, cars, and health-related implants (such as pacemakers) that can connect to the internet and to each other. All of these devices can exchange information and collect data, creating a huge pool of information and an enormous network.

What Risks Does the Internet of Things Pose?
As mentioned above, the IoT poses a few risks and concerns. There are four key risks associated with the IoT, with the first being reliability. IoT devices are not necessarily reliable. While this may not be a crisis if the device in question is a refrigerator, it is deadly if devices such as cars fail or are hacked.

The second major risk related to the IoT is privacy. Each device in a network of the IoT can collect and share data. As consumers, we don’t always know who gets this data and what it is used for. The data will almost certainly be used to track consumers’ behavior, allowing companies to target each consumer with tailor-made advertising. While this data probably won’t always be used for nefarious purposes, it can be used in a way that violates our right to privacy. According to Buzzfeed:

“ "We were sleeping in bed, and basically heard some music coming from the nursery, but then when we went into the room the music turned off,” said the anonymous mother. They tracked the IP address that had accessed their camera and discovered a website with “thousands and thousands of pictures of cameras just like their own.” Anyone could use the site to access hacked cameras and monitors located in at least 15 different countries."

This leads to the third major risk associated with the IoT, namely security. Again, each of the IoT devices collects and transmits data. If these devices are hacked, criminals will have access to vast amounts of consumers' private information. Depending on the device, criminals can learn our routines, find out what valuables we keep in our homes, gain access to information about any security measures we use, and even collect sensitive information such as financial payment information.

Another security risk is the potential for hacking medical devices and implants. According to a report by research and advisory firm, Forrester, ransomware in medical devices is the single biggest cybersecurity threat for this year. Security researchers have already managed to hack into hospitals’ networks, pacemakers and other medical devices. This will put people’s lives at risk.

The potential for cyberattacks is the fourth major risk associated with the IoT. Because all these devices are connected, they have the potential to spread malware across homes and entire companies. However, the greatest risk lies in criminals’ ability to use our IoT devices in massive cyberattacks, such as the DDoS attack on OVH. Widespread vulnerabilities are only a few missteps away, and that is a seriously concerning fact.

How to Protect Yourself When Using IoT Devices
Given the risks listed above, it’s vital that consumers learn to protect our devices, our homes, and ourselves. The following actions are all essential to your security when using IoT devices:

  • Carefully consider how much connectivity you need in your home and life. Then try to avoid any devices that unnecessarily connect to the internet. After all, you can always opt for a coffeemaker with a timer instead of one that connects to a mobile app on your phone.
  • If you do decide to buy an IoT device, be sure to find one with the best security features possible.
  • Read all the terms and conditions and privacy policies for any IoT device you intend to purchase. This will help you understand what data the device collects and what it does with the data.
  • When you buy an IoT device, change its default password immediately. This also applies to any IoT devices that you already own. Be sure to use strong passwords and manage them effectively.
  • Always keep the software on IoT devices up to date. Updates often contain essential bug fixes and security patches.
  • If your IoT device supports security software, install it. Don’t forget that your mobile phone and tablet count as IoT devices!
  • Use a reputable Virtual Private Network, such as one recommended by Secure Thoughts.
  • If your IoT device allows it, use encryption technology.
  • Switch off and unplug any IoT devices when you are not using them.
  • If your IoT device uses location data unnecessarily, turn it off if possible.
  • If your IoT device has a camera or monitor that you don’t think it needs, block the lens.

Conclusion
While it would be best if security features were built into the design of IoT devices, that’s not always the case. So it’s crucial that you implement the security ideas discussed above. Hopefully, we’ll start seeing a move toward creating an international standard for all IoT devices in the future.

Have you had any bad experiences with IoT devices? How do you think the technology is progressing? Share your thoughts in the comments section below.


Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking

[Editor's Note: Today's guest post was originally published by ProPublica on October 21, 2016. It is reprinted with permission.]

Google logo by Julia Angwin, ProPublica

When Google bought the advertising network DoubleClick in 2007, Google founder Sergey Brin said that privacy would be the company's "number one priority when we contemplate new kinds of advertising products."

And, for nearly a decade, Google did in fact keep DoubleClick's massive database of web-browsing records separate by default from the names and other personally identifiable information Google has collected from Gmail and its other login accounts.

But this summer, Google quietly erased that last privacy line in the sand -- literally crossing out the lines in its privacy policy that promised to keep the two pots of data separate by default. In its place, Google substituted new language that says browsing habits "may be" combined with what the company learns from the use Gmail and other tools.

The change is enabled by default for new Google accounts. Existing users were prompted to opt-in to the change this summer.

Revised Google privacy terms

The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on the keywords they used in their Gmail. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct.

The move is a sea change for Google and a further blow to the online ad industry's longstanding contention that web tracking is mostly anonymous. In recent years, Facebook, offline data brokers and others have increasingly sought to combine their troves of web tracking data with people's real names. But until this summer, Google held the line.

"The fact that DoubleClick data wasn't being regularly connected to personally identifiable information was a really significant last stand," said Paul Ohm, faculty director of the Center on Privacy and Technology at Georgetown Law.

"It was a border wall between being watched everywhere and maintaining a tiny semblance of privacy," he said. "That wall has just fallen."

Google spokeswoman Andrea Faville emailed a statement describing Google's change in privacy policy as an update to adjust to the "smartphone revolution"

"We updated our ads system, and the associated user controls, to match the way people use Google today: across many different devices," Faville wrote. She added that the change "is 100% optional -- if users do not opt-in to these changes, their Google experience will remain unchanged." (Read Google's entire statement.)

Existing Google users were prompted to opt-into the new tracking this summer through a request with titles such as "Some new features for your Google account."

The "new features" received little scrutiny at the time. Wired wrote that it "gives you more granular control over how ads work across devices." In a personal tech column, the New York Times also described the change as "new controls for the types of advertisements you see around the web."

Connecting web browsing habits to personally identifiable information has long been controversial.

Privacy advocates raised a ruckus in 1999 when DoubleClick purchased a data broker that assembled people's names, addresses and offline interests. The merger could have allowed DoubleClick to combine its web browsing information with people's names. After an investigation by the Federal Trade Commission, DoubleClick sold the broker at a loss.

In response to the controversy, the nascent online advertising industry formed the Network Advertising Initiative in 2000 to establish ethical codes. The industry promised to provide consumers with notice when their data was being collected, and options to opt out.

Most online ad tracking remained essentially anonymous for some time after that. When Google bought DoubleClick in 2007, for instance, the company's privacy policy stated:

"DoubleClick's ad-serving technology will be targeted based only on the non-personally-identifiable information."

In 2012, Google changed its privacy policy to allow it to share data about users between different Google services - such as Gmail and search. But it kept data from DoubleClick 2013 whose tracking technology is enabled on half of the top 1 million websites -- separate.

But the era of social networking has ushered in a new wave of identifiable tracking, in which services such as Facebook and Twitter have been able to track logged-in users when they shared an item from another website.

Two years ago, Facebook announced that it would track its users by name across the Internet when they visit websites containing Facebook buttons such as "Share" and "Like" 2013 even when users don't click on the button. (Here's how you can opt out of the targeted ads generated by that tracking).

Offline data brokers also started to merge their mailing lists with online shoppers. "The marriage of online and offline is the ad targeting of the last 10 years on steroids," said Scott Howe, chief executive of broker firm Acxiom.

To opt-out of Google's identified tracking, visit the Activity controls on Google's My Account page, and uncheck the box next to "Include Chrome browsing history and activity from websites and apps that use Google services." You can also delete past activity from your account.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


German Regulators Ask Tesla To Stop Advertising 'Autopilot' Term

Government regulators have asked the automaker Tesla to stop using the term "autopilot" for its driver-assist feature. Deutsche Welle (DW) reported that a letter:

"... published in the newspaper "Bild am Sonntag," called on Tesla to take urgent action "in order to prevent misunderstandings and false expectations from clients." The KBA transport regulator said the term "autopilot" was misleading, and called for it to be removed in future advertisements for Tesla products. The self-driving feature has been available on the California-based automaker's Model S since October 2015."

The Autopilot feature manages the car's speed, steers within a lane, changes lanes (when the driver taps a turn signal), scan for a parking space, and parallel parks on command. Officials in Germany are still conducting an investigation into the car's capabilities.

After the fatal crash in May of a Tesla Model S car operating beta-version software for its Autopilot feature, Tesla engineers said in August the problem was with the car's brakes and not its Autopilot feature.

DW also reported:

"... the German transport regulator wrote to Tesla owners warning them that the autopilot function was purely to assist the driver and did not turn the car into a highly-automated vehicle. The feature still required the driver's unrestricted attention at all times, the letter said. Under German road traffic regulations, the driver is required to remain alert and in control of the vehicle at all times when using the system, the letter added."

The Los Angeles Times reported:

"Tesla Chief Executive Elon Musk has repeatedly said he’s sticking with the name, and the company responded to the German report as it does every time the subject comes up: The term “autopilot” has a long history in aerospace, where human pilots and autopilot systems work together to fly a plane."


Report Documents The Problems And Privacy Risks With Unregulated Facial Recognition Databases By Law Enforcement

According to a report by the Center on Privacy and Technology (CPT) at Georgetown Law school, about 48 percent of adult Americans -- 117 million people-- are already profiled in facial-recognition databases by law enforcement. The U.S. Federal Bureau of Investigation (FBI) maintains a facial-recognition database, but local police departments do, too.

Issues raised by findings in the report:

"Across the country, state and local police departments are building their own face recognition systems, many of them more advanced than the FBI’s. We know very little about these systems. We don’t know how they impact privacy and civil liberties. We don’t know how they address accuracy problems. And we don’t know how any of these systems—local, state, or federal—affect racial and ethnic minorities."

Facial recognition software is not new, and the report acknowledges that its use is inevitable by law enforcement. The facts include:

"FBI face recognition searches are more common than federal court-ordered wiretaps. At least one out of four state or local police departments has the option to run face recognition searches through their or another agency’s system. At least 26 states (and potentially as many as 30) allow law enforcement to run or request searches against their databases of driver’s license and ID photos. Roughly one in two American adults has their photos searched this way... Historically, FBI fingerprint and DNA databases have been primarily or exclusively made up of information from criminal arrests or investigations. By running face recognition searches against 16 states’ driver’s license photo databases, the FBI has built a biometric network that primarily includes law-abiding Americans. This is unprecedented and highly problematic..."

The report does not want to stop facial-recognition software usage, and it acknowledges that most law enforcement personnel do not want to invade citizens' privacy. The report' raises concerns based upon the data collection primarily includes law-abiding citizens and not just criminals; plus the lack of transparency and regulation regarding accuracy, training, and deployment. Some of the uses that raise concerns:

"Real-time face recognition lets police continuously scan the faces of pedestrians walking by a street surveillance camera... at least five major police departments—including agencies in Chicago, Dallas, and Los Angeles—either claimed to run real-time face recognition off of street cameras, bought technology that can do so, or expressed a written interest in buying it... A face recognition search conducted in the field to verify the identity of someone who has been legally stopped or arrested is different, in principle and effect, than an investigatory search of an ATM photo against a driver’s license database, or continuous, real-time scans of people walking by a surveillance camera. The former is targeted and public. The latter are generalized and invisible. While some agencies, like the San Diego Association of Governments, limit themselves to more targeted use of the technology, others are embracing high and very high risk deployments."

The report described specific examples of usage at the state and local levels:

"No state has passed a law comprehensively regulating police face recognition. We are not aware of any agency that requires warrants for searches or limits them to serious crimes. This has consequences. The Maricopa County Sheriff’s Office enrolled all of Honduras’ driver’s licenses and mug shots into its database. The Pinellas County Sheriff’s Office system runs 8,000 monthly searches on the faces of seven million Florida drivers—without requiring that officers have even a reasonable suspicion before running a search..."

A major concern the report discussed is the:

"... real risk that police face recognition will be used to stifle free speech. There is also a history of FBI and police surveillance of civil rights protests. Of the 52 agencies that we found to use (or have used) face recognition, we found only one, the Ohio Bureau of Criminal Investigation, whose face recognition use policy expressly prohibits its officers from using face recognition to track individuals engaging in political, religious, or other protected free speech."

Another major concern the report discussed:

"Face recognition is less accurate than fingerprinting, particularly when used in real-time or on large databases. Yet we found only two agencies, the San Francisco Police Department and the Seattle region’s South Sound 911, that conditioned purchase of the technology on accuracy tests or thresholds. There is a need for testing. One major face recognition company, FaceFirst, publicly advertises a 95% accuracy rate but disclaims liability for failing to meet that threshold in contracts with the San Diego Association of Governments... Companies and police departments largely rely on police officers to decide whether a candidate photo is in fact a match. Yet a recent study showed that, without specialized training, human users make the wrong decision about a match half the time... an FBI co-authored study suggests that face recognition may be less accurate on black people..."

Regarding the lack of transparency by law enforcement:

"Ohio’s face recognition system remained almost entirely unknown to the public for five years. The New York Police Department acknowledges using face recognition; press reports suggest it has an advanced system. Yet NYPD denied our records request entirely. The Los Angeles Police Department has repeatedly announced new face recognition initiatives—including a “smart car” equipped with face recognition and real-time face recognition cameras—yet the agency claimed to have “no records responsive” to our document request. Of 52 agencies, only four (less than 10%) have a publicly available use policy. And only one agency, the San Diego Association of Governments, received legislative approval for its policy... Maryland’s system, which includes the license photos of over two million residents, was launched in 2011. It has never been audited. The Pinellas County Sheriff’s Office system is almost 15 years old and may be the most frequently used system in the country. When asked if his office audits searches for misuse, Sheriff Bob Gualtieri replied, “No, not really.” Despite assurances to Congress, the FBI has not audited use of its face recognition system, either..."

Learn more about the expanded facial-recognition system the FBI deployed in 2014. The New York Times reported last year about some of the problems:

"Facial recognition software, which American military and intelligence agencies used for years in Iraq and Afghanistan to identify potential terrorists, is being eagerly adopted by dozens of police departments around the country to pursue drug dealers, prostitutes and other conventional criminal suspects. But because it is being used with few guidelines and with little oversight or public disclosure... Law enforcement officers say the technology is much faster than fingerprinting at identifying suspects, although it is unclear how much it is helping the police make arrests... "

The CPT report proposed the following solutions to address privacy concerns:

  • Use mug-shot databases (and not driver’s license databases and ID photos) as the default for facial recognition searches. Periodically purge them of innocent persons,
  • Searches of driver's license databases and ID photos should require a court order showing probable cause, except in instances of identity theft and fraud,
  • Notify the public if the policy includes searches of databases maintained by motor-vehicle agencies,
  • Local communities should decide real-time facial recognition surveillance is used in public places of the public and/or with police-worn body cameras. Real-time facial recognition surveilance should be a last resort used only in life-threatening emergencies supported by probable cause with limits as to scope and duration.

The year-long investigation by the CPT included more than 100 records requests to police departments around the country. Read the full report: "The Perpetual Line-up: Unregulated Police Face Recognition in America."

We know the National Security Agency (NSA) uses facial recognition software. Some agencies probably acquire photos and related information from them, too. If so, this should be disclosed. In 2012, the U.S. Federal Trade Commission (FTC) proposed guidelines for facial-recognition by social networking sites, companies, and retail stores. Since governments are supposed to report to and serve citizens, similar guidelines should apply to law enforcement.

What are your opinions of real-time facial recognition surveillance? Of the issues raised by the CDT report?


Department of Transportation Bans All Galaxy Note7 Phones From Airplanes

Image of Samsung Galaxy Note7 smartphone. Click to view larger version The U.S. Department of Transportation (DOT) has banned all Samsung Galaxy Note7 smartphones from airplanes. The DOT announced the ban along with the Federal Aviation Administration (FAA) and the Pipeline and Hazardous Materials Safety Administration (PHMSA). The ban became effective on Saturday, October 15, 2016 at Noon EDT.

The ban resulted from both the permanent stoppage of sales of the phone by Samsung, and the recall of the phone. The DOT announcement also stated:

"The Samsung Galaxy Note7 device is considered a forbidden hazardous material under the Federal Hazardous Material Regulations (HMR; 49 CFR Parts 171-185), which forbid airline passengers or crew from traveling with lithium cells or batteries or portable electronic devices that are likely to generate a dangerous evolution of heat. PHMSA has issued a special permit to Samsung to facilitate commercial shipment of the recalled devices by ground transportation."

The ban includes flights within the United States, and flights to/from the United States from other countries. Travelers cannot board planes with the phones, nor pack the phones in their carry-on luggage, nor pack the phones in their checked luggage. Passengers attempting to board planes with these phones will be denied boarding. Passengers attempting to avoid detection by packing these phones in their checked luggage will be subject to criminal prosecution.

The DOT advised passengers already traveling with Samsung Galaxy Note7 phones to immediately contact either Samsung or their wireless provider to obtain replacement phones. The DOT announcement also stated:

"If a flight crew member identifies that a passenger is in possession of a Samsung Galaxy Note7 device while the aircraft is in flight, the crew member must instruct the passenger to power off the device, not use or charge the device while aboard the aircraft, protect the device from accidental activation, including disabling any features that may turn on the device, such as alarm clocks, and keep the device on their person and not in the overhead compartment, seat back pocket, nor in any carry-on baggage, for the duration of the flight."

The ban also applies to U.S. Postal Mail shipments, so Galaxy Note7 owners returning their devices for replacements should arrange for ground deliveries. While the warnings to Galaxy Note7 owners seems clear, some confusion has still resulted. Both Samsung and wireless providers seem unprepared to handle phone replacements given the ban. Gizmodo reported:

"We asked our readers how [the ban] was working out around the globe and from the replies we’ve received, it’s safe to say that, so far, this sucks..."

Excerpts of horror stories from Gizmodo readers:

"At the security checkpoint as a husband/partner was saying goodbye to his wife/partner, she gave her phone to him because she thought she couldn’t take it on the plane. It was a Galaxy S5 or S6, I couldn’t really tell, but definitely not a Note. So lots of confusion."

"I have been in Asia for a few weeks and head back to the US early tomorrow. I called AT&T and Samsung (on several occasions) inquiring about what to do with my phone now that there is a ban. Yesterday [10/16/16] when I called, AT&T sent me over to Samsung (and after a long hold time) I was told by a rep that I could smuggle the phone back in a sock! When I suggested that wasn’t a good idea and that I wouldn’t do that, he said someone from management would contact me. It’s been more than 24 hours and I haven’t heard from them..."

"So I flew from California to Israel for vacation a week ago, kept my Note 7 powered down in my pocket while on United Airlines on the way. I plan to fly back to California later this week — but now what? There’s no way I can think of to get my phone from Israel to my home in California. I can’t bring it aboard the plane since it’s completely banned now, powered down or not, and apparently it’s also illegal now to ship it by cargo plane. If I can’t get it home, how am I going to turn it in for a rebate or for a new phone? And if I can’t bring it back with me, how do I safely trash it here in Israel?"

You can read more horror stories at the Gizmodo site. If you have a Galaxy Note7 phone, what was your experience while flying? What was your experience getting a replacement phone?


Report: Consumer Usage of Video Streaming Services in The US

New research revealed that 16% of the "viewing population" have multiple subscription video-on-demand (SVOD) services in their homes. That's up from 10% three years ago. Consumer market research firm Gfk studied consumers in the United States, and also found that almost half (49%) of the "viewing population" subscribes to at least one SVOD service, 17% have both Netflix and Amazon Prime, 9% have Netflix and Hulu Plus, and 5% have all three of the major services.

The “viewing population” includes consumers who watch video at least once per week via any format: regular TV, streaming, or otherwise. According to Gfk, this is 95 percent of the total number of people 13 to 64 US years of age. Gfk also found that consumers:

"... who pay for combinations of Netflix, Amazon Prime, Hulu, and other subscription streaming services – are more likely to have kids under 18 in their homes (50%, versus an average of 41% among all weekly viewers of any type). “Self-bundlers” also have higher mean incomes than average weekly viewers – at $90,000 per year versus $76,000 – but are less likely to subscribe to traditional pay TV services.."

GfK interviewed 1,054 consumers in the United States for its “Over-the-Top TV 2016: A Complete Video Landscape” report. In related studies during the past year, Gfk found:

Below is an infographic from Gfk's "Over the Top TV 2016" report with additional information:

Infographic from Gfk Over the Top TV 2016 report. Click to view larger version


Comcast Fined $2.3 Million For Charging Customers For Unrequested Services

Federal communications Commission logo After receiving numerous complaints from consumers, the U.S. Federal Communications Commission (FCC) investigated and announced yesterday that Comcast will pay a $2.3 million fine for charging its customers for services and equipment they did not request. The FCC announcement explained:

"The Communications Act and the FCC’s rules prohibit a cable provider from charging its subscribers for services or equipment they did not affirmatively request, a practice known as “negative option billing.”  Negative option billing burdens customers with the responsibility of contacting a cable company to dispute the charges and obtain refunds. The Communications Act and the FCC’s rules prohibit a similar practice by telecommunications carriers when unauthorized charges are placed on customers’ phone bills, an abuse known as cramming."

Comcast logo The complaints by consumers included:

"... unordered services or products, such as premium channels, set-top boxes, or digital video recorders (DVRs). In some complaints, subscribers claimed that they were billed despite specifically declining service or equipment upgrades offered by Comcast. In others, customers claimed that they had no knowledge of the unauthorized charges until they received unordered equipment in the mail, obtained notifications of unrequested account changes by email, or conducted a review of their monthly bills. Consumers described expending significant time and energy to attempt to remove the unauthorized charges from their bills and obtain refunds..."

This is the largest civil penalty assessed by the FCC to a cable provider. Additional terms of the settlement agreement require Comcast to implement a five-year compliance plan:

"Specifically, Comcast will adopt processes and procedures designed to obtain affirmative informed consent from customers prior to charging them for any new services or equipment. Comcast will also send customers an order confirmation separate from any other bill, clearly and conspicuously describing newly added products and their associated charges. Further, Comcast will offer to customers, at no cost, the ability to block the addition of new services or equipment to their accounts. In addition, the settlement requires Comcast to implement a detailed program for redressing disputed charges in a standardized and expedient fashion, and limits adverse action (such as referring an account to collections or suspending service) while a disputed charge is being investigated."

Comcast customers experiencing unresolved problems are encouraged to submit complaints online to the FCC, or contact the FCC Consumer Center at 1-888-225-5322, TTY at 1-888-835-5322, fax at 1-866-418-0232, or via postal mail:

Federal Communications Commission
Consumer and Governmental Affairs Bureau
Consumer Inquiries and Complaints Division
445 12th Street, SW
Washington, DC 20554

Comcast has a checkered history of customer service. In 2014, the Internet service provider (ISP) began to convert customers home wireless routers to public hotspots, which placed the burden on customers to opt out. A customer-friendly approach instead would have asked interested customers to opt in.

In 2015, reports surfaced that 13,000 consumers had filed complaints about the ISP's usage-based pricing services. The same year, Comcast paid $33 million to settle privacy violations affecting its VOIP phone customers. Earlier this year, Comcast proposed the idea of charging customers (phone, Internet, TV, cable) additional fees for privacy.

Comcast issued a statement down-playing the FCC fine and consent order:

"We have been working very hard on improving the experience of our customers in all respects and are laser-focused on this. We acknowledge that, in the past, our customer service should have been better and our bills clearer, and that customers have at times been unnecessarily frustrated or confused. That’s why we had already put in place many improvements to do better for our customers even before the FCC’s Enforcement Bureau started this investigation almost two years ago. The changes the Bureau asked us to make were in most cases changes we had already committed to make, and many were already well underway or in our work plan to implement in the near future.

We do not agree with the Bureau’s legal theory here, and in our view, after two years, it is telling that it found no problematic policy or intentional wrongdoing, but just isolated errors or customer confusion. We agree those issues should be fixed and are pleased to put this behind us and proceed with these customer service-enhancing changes."

This latest incident with Comcast reminds me of the unlawful sales practices at Wells Fargo, where bank staff created new accounts without customers' consent or notice, all to game the sales incentive system. The CFPB assessed a massive fine on the bank earlier this year. Both incidents seem to indicate poor or asleep management and a lack of internal oversight and controls. 13,000 consumer complaints seems substantial.

What are your opinions of Comcast and the FCC fine?


Samsung Permanently Stops Sales And Recalls All Galaxy Note 7 Phones

Image of Samsung Galaxy Note7 smartphone. Click to view larger version Samsung has stopped sales worldwide of its Galaxy Note7 smartphone. The tech giant announced yesterday:

"Samsung is working with the US Consumer Product Safety Commission (CPSC) to investigate the recently reported cases involving the Galaxy Note7. While the investigation is taking place, Samsung is asking all carrier and retail partners here and around the globe to stop sales and exchanges of the Galaxy Note7. Since the affected devices can overheat and pose a safety risk, we are asking consumers with an original Galaxy Note7 or a replacement Galaxy Note7 to power it down and contact the carrier or retail outlet where you purchased your Galaxy Note7. If you bought your Galaxy Note7 from Samsung.com or have questions, you should contact us at 1-844-365-6197 and we can help you."

Owners of Galaxy Note7 phones can either exchange their device for a Galaxy S7 Edge with a refund of the price difference, or get a full refund from the retailer they purchased their phone from. The announcement listed the phone numbers and websites of wireless providers for phone owners to obtain refunds or exchanges.

The New York Times reported:

"Authorities in the U.S. and South Korea are still investigating why even the replacement Note 7 phones that Samsung equipped with a safer battery are catching fire. An official at the South Korean safety agency said the replacement phones may have a defect that is different from the problem with the original Note 7s... Also Tuesday, China's product safety regulator said Samsung will recall all Galaxy Note 7 smartphones sold in mainland China, amounting to around 191,000 units. The General Administration of Quality Supervision, Inspection and Quarantine said it was investigating for defects in the devices.."

Elliot F. Kaye, the Chairman of the U.S. Consumer Product Safety Commission, released a brief statement:

"No one should have to be concerned that their phone will endanger them, their family, or their property. Due to the ongoing safety concerns with Galaxy Note7 phones, it is the right move for Samsung to suspend the sale and exchange all Galaxy Note7s..."

Most Galaxy Note7 owners, about 90 percent, had stuck with the device. Samsung announced on September 27 that 60 percent of all Galaxy Note7 phones sold in the United Stated and Korea had already been exchanged. Given yesterday's recall announcement, it confirms that the replacement devices categorized as "safe' really aren't. And, it seems to be the end of the Galaxy Note7 device.

Recent events remind me of the Ford Edsel and Chevrolet Corvair. What are your opinions?


Exploding Phones And Washing Machines. It's Been A Rough Time For Samsung

Image of Samsung Galaxy Note7 smartphone. Click to view larger version It has been a busy and rough few months at Samsung, after the consumer electronics company introduced the Galaxy Note7 smartphone on August 19. Soon afterwards, reports surfaced of a phone catching fire while charging, exploding phones in separate incidents which burned down a garage and a car, and another exploding phone which caused $1,380 in damage to a hotel room.

On September 2, Samsung Electronics America, Inc. (SEA) announced an exchange program in the United States "regarding isolated battery cell issues" with the phone. The exchange program allowed current Galaxy Note7 users to get a new Galaxy Note7 phone, or a Galaxy S7 Edge. Customers were offered a $25 gift card or bill credit from select carrier retail outlets. Also on September 2, SEA announced the results of an investigation with 35 cases reported worldwide of problems with the phone's battery.

Headquartered in Ridgefield Park, N.J., SEA is a wholly owned subsidiary of Samsung Electronics Co. Limited. The retailer also stopped sales of the device on September 2. On September 8, three Australian airlines banned passengers from using or charging Samsung Galaxy Note7 smartphones during flights. Reportedly Qantas, Jetstar, and Virgin Australia all issued the voluntary bans without orders from aviation regulators. The airlines did it as a precaution.

The U.S. Federal Aviation Administration (FAA) issued this warning on September 8:

"In light of recent incidents and concerns raised by Samsung about its Galaxy Note7 devices, the Federal Aviation Administration strongly advises passengers not to turn on or charge these devices on board aircraft and not to stow them in any checked baggage."

On September 9, SEA announced that it worked jointly with the Consumer Product Safety Commission (CPSC) in the United States to implement a "voluntary corrective plan" to recall all Galaxy Note7 phones sold from August 2015 through September 15, 2016. 2.5 million devices had been sold by that time.

While this is Samsung's largest recall, it is not the largest recall ever. The New York Times reported:

"While the recall of the Galaxy Note7 is Samsung’s largest voluntary recall, it is not the biggest on record. In 2007, Nokia announced a recall of 46 million cellphone batteries. In 2006, Dell recalled 4.1 million lithium-ion batteries for notebook computers."

On September 15, SEA announced approval by the CSPC of its corrective plan and product recall. On September 20, SEA announced a firmware update and the availability of 500,000 new Galaxy Note7 replacement devices in the United States. The firmware update:

"The software updates are being delivered in partnership with Carriers and will display a green battery icon on the status bar found on the top right hand of the screen. The green icon indicates that consumers have a new Galaxy Note7 with an unaffected battery.

Samsung and the U.S. CPSC have and continue to urge all consumers of Note7s sold prior to September 15 to power down their device. For those not heeding that advice or are still not aware of the recall notice, a software update will be pushed to all recalled devices. Once installed, users will be prompted with a safety notice that urges owners to power down and exchange their recalled device. The notice will appear every time a user powers up or charges their device."

This meant users who bought their phones before September 15 shouldn't use them they have received a replacement device through the exchange program. Earlier this week, Southwest Airlines evacuated an airplane after a passenger's Samsung Galaxy Note7 phone began popping and smoking. USA Today reported:

"The incident brings more damage to Samsung’s reputation and calls into question the very future of the Note7 itself, a phone that was highly regarded when it first hit the market in late August, before reports began to surface about batteries that caught fire. Making matters worse, the device was apparently one of the replacement handsets that the South Korean company had previously deemed “safe.” Now it appears that the issue is far from settled. The CSPC, the federal agency overseeing the U.S. recall of the Note 7, late Wednesday said it is investigating the Southwest flight incident..."

So, the replacement batteries, replacement phones, and firmware updates may not have fixed the battery problem. Given the continuing bad news, some customers may want refunds instead of replacement phones. It is unclear of Samsung will provide refunds to customers who don't want replacement devices.

Sadly, there was more bad news about Samsung products. ABC News reported on September 28:

"The U.S. Consumer Product Safety Commission (CPSC) has issued a warning about certain top-loading Samsung washing machines after reports that some exploded, ABC News has learned exclusively. The agency said it is working with Samsung on a remedy to fix the issue, which apparently affects some units made from March 2011 to April 2016..."

One affected consumer was in Dallas, Georgia and another was in Holly Springs, North Carolina. Reportedly, there have been 21 cases of exploding Samsung top-loading clothes washing machines. You can see photos of the damaged products at the ABC News website. Also, SEA announced on September 28:

"We are in active discussions with the CPSC to address potential safety issues related to certain top-load washing machines manufactured between March 2011 and April 2016. In rare cases, affected units may experience abnormal vibrations that could pose a risk of personal injury or property damage when washing bedding, bulky or water-resistant items. Samsung is recommending that consumers with affected models use the lower speed delicate cycle when washing bedding, bulky or water-resistant materials. There have been no reported incidents when using this cycle."

Now, I am not suggesting the two incidents are related. Both products probably were designed by separate engineering and development teams, and built at separate manufacturing facilities. My main points: it's been a rough time at Samsung as consumers have been inconvenienced, and in some instances placed in danger. Plus, the apparent fix seems ineffective. Will the brand recover? Can it recover?

Do you believe the battery problems are fixed with the Galaxy Note7 phones? Would you travel on an airplane where other passengers carried Samsung galaxy Note7 phones? If you purchased one of the affected products, what has been your experience? Are you satisfied with the corrective and replacement program?


Federal Reserve Bars 2 HSBC Foreign Exchange Traders From Working In The Industry

HSBC Holdings logo The Federal Reserve Board (FRB) has prohibited two former foreign exchange (FX) traders from working in the banking industry. Both persons, Mark Johnson and Stuart Scott were managers at London-based HSBC Bank plc, a subsidiary of HSBC bank Johnson had been a managing director and the global head of FX cash trading. Scott reported to Johnson and had managed the bank's FX trading for Europe, the Middle East, and Africa.

The FRB's press release explained the reasons for its actions:

"Mark Johnson and Stuart Scott, former senior HSBC managers, were recently indicted for criminal wire fraud in connection with their trading activities... According to the indictment, Johnson and Scott made multiple misrepresentations to an FX client of HSBC in connection with a large pre-arranged currency transaction. The indictment also alleges Johnson and Scott engaged in conduct to trade to the detriment of HSBC's client and for their own (and HSBC's) benefit... the Board found that given the indictment, Johnson's and Scott's continued participation in any depository institution may threaten to impair public confidence in that institution."

The U.S. Department of Justice filed criminal charges on July 16, 2016 against Johnson and Scott in U.S. District Court for the Eastern District of New York. On August 16, 2016, a federal grand jury indicted Johnson and Scott with multiple counts of wire fraud and conspiracy to commit wire fraud. The alleged fraud happened during November and December, 2011, in part, in New York City at the offices of HSBC Bank USA National Association, a unit of HSBC.

HSBC Bank plc is a unit of HSBC Holdings plc (HSBC). HSBC's website says it has 4,400 offices in 71 countries that serve 46 million customers worldwide.  Bloomberg described HSBC Bank plc's activities:

"HSBC Bank plc provides various banking products and services worldwide. The company operates through Retail Banking and Wealth Management, Commercial Banking, Global Banking and Markets, and Global Private Banking segments. It accepts various deposits, such as current, savings, and business bank accounts..."

The prohibition is effective immediately and until the criminal charges against Johnson and Scott are resolved.


Massachusetts Regulator Charges Morgan Stanley Bank With Operating 'Unethical' Sales Contests

Another bank seems to have had difficulty managing a high-pressured sales incentive program. The office of the Secretary of the Commonwealth for Massachusetts has charged Morgan Stanley bank with running "dishonest and unethical" sales contests. The Boston Herald newspaper reported:

"The contests focused on the sales of securities-based loans, or SBLs, which let customers borrow against the value of the securities in their investment accounts with their securities as collateral, authorities said. Secretary of the Commonwealth William Galvin said 30 financial advisers in the Springfield, Wellesley, Worcester, Waltham and Providence, R.I., offices were offered incentives of $1,000 for 10 loans, $3,000 for 20 loans and $5,000 for 30 loans, creating a conflict of interest."

Reportedly, Galvin stated the contests were officially prohibited by the bank, but it proceeded anyway as the highly profitable contests tripled loan origination and added $24 million to new loan balances. Allegedly, bank executives were slow to recognize the improper activities and shut down the sales contests which began in 2014. The bank denies the allegations and claims that clients' consent was obtained first.

In July, Morgan Stanley reported financial results (Adobe PDF) with net revenues of $8.9 billion for the second quarter which ended June 30, 2016, compared with $9.7 billion for the same period a year ago. Net income was $1.6 billion compared with $1.8 billion for the same period a year ago. A data breach in 2011 exposed the sensitive personal information of 34,000 investment clients. Earlier this year, the bank paid a $1.0 million fine to settled charges by the U.S. Securities and Exchange Commission (SEC) that it failed to adequately protect customer information from 2011 to 2014 when 730,000 accounts were hacked.

Last month, Wells Fargo paid a $185 million fine to settle allegations by regulators that its employees created thousands of phony new accounts to earn sales incentive compensation. Investigations are still ongoing by Wells Fargo, regulators, and the Justice Department.

Both scandals raise two important questions: a) the appropriateness of incentive programs to encourage employees to cross-sell existing customers with more types of accounts, and b) accounts those customers may not need (nor want). The cross-selling programs may conflict with the bank's fiduciary duty to its investment clients.

Read more about the latest Morgan Stanley scandal at Fortune. What are your opinions?