Previous month:
December 2016
Next month:
February 2017

14 posts from January 2017

74 Percent of US Broadband Households Have Internet-Connected Televisions

According to new research from The Diffusion Group (TDG), 74 percent of US households had Internet-connected televisions at year-end 2016. In 2013, 50 percent of households had Internet-connected televisions. Michael Greeson, TDG President and Director of Research, said:

"At 74% penetration, connected TV use is squarely in the Late Mainstream phase of its trajectory. Barring any major disruption in TV technology or market conditions, growth will slow each year as the solution reaches saturation... Broadband pay-TV services are particularly well positioned to leverage this utility, which permits scale at much lower costs."

TDG first noted in 2004 that the penetration of connected televisions would closely follow broadband (a/k/a high-speed Internet) services.

Chart by TDG of Internet-connected televisions in the United States. Click to view larger version


Here's Another Way Wells Fargo Took Advantage Of Customers

[Editor's note: today's article by reporters at ProPublica explores some questionable banking practices. This blog contains coverage about Wells Fargo, including this item from 2011. PropPublica originally published this news story on January 23, 2017. It is reprinted with permission.]

by Jesse Eisinger, ProPublica

Wells Fargo logo Wells Fargo, the largest mortgage lender in the country, portrays itself as a stalwart bank that puts customers first. That reputation shattered in September, when it was fined $185 million for illegally opening as many as 2 million deposit and credit-card accounts without customers' knowledge.

Now four former Wells Fargo employees in the Los Angeles region say the bank had another way of chiseling clients: Improperly charging them to extend their promised interest rate when their mortgage paperwork was delayed. The employees say the delays were usually the bank's fault but that management forced them to blame the customers.

The new allegations could exacerbate the lingering damage to the bank's reputation from the fictitious accounts scandal. Last week, Wells Fargo reported declining earnings. In the fourth quarter, new credit card applications tumbled 43 percent from a year earlier, while new checking accounts fell 40 percent.

"I believe the damage done to Wells Fargo mortgage customers in this case is much, much more egregious," than from the sham accounts, a former Wells Fargo loan officer named Frank Chavez wrote in a November letter to Congress that has not previously been made public. "We are talking about millions of dollars, in just the Los Angeles area alone, which were wrongly paid by borrowers/customers instead of Wells Fargo." Chavez, a 10-year Wells Fargo veteran, resigned from his job in the Beverly Hills private mortgage group last April. Chavez sent his letter to the Senate banking committee and the House financial services committee in November. He never got a reply.

Three other former employees of Wells Fargo's residential mortgage business in the Los Angeles area confirmed Chavez's account. Tom Swanson, the Wells Fargo executive in charge of the region, directed the policy, they say.

In response to ProPublica's questions, Wells Fargo spokesman Tom Goyda wrote in an email, "We are reviewing these questions about the implementation of our mortgage rate-lock extension fee policies. Our goal is always to work efficiently, correctly and in the best interests of our customers and we will do a thorough evaluation to ensure that's consistently true of the way we manage our rate-lock extensions." Through the spokesman, Swanson declined a request for an interview.

Wells Fargo's practice of shunting interest rate extension fees for which it was at fault onto the customer appears to have been limited to the Los Angeles region. Two of the former employees say other Wells Fargo employees from different regions told them the bank did not charge the extension fees to customers as a matter of routine.

Three of the former employees, who now work for other banks, say their new employers do not engage in such practices.

Here's how the process works: A loan officer starts a loan application for a client. That entails gathering documents, such as tax returns and bank statements from the customer, as well as getting the title to the property. The loan officer then prepares a credit memo to submit the entire file to the processing department and underwriting department for review. The process should not take more than 60 or 90 days, depending on what kind of loan the customer sought. During this period, the bank allows customers to "lock in" the quoted interest rate on the mortgage, protecting them from rising rates. If the deadline is missed, and rates have gone up, the borrower can extend the initial low rate for a fee, typically about $1,000 to $1,500, depending on the size of the loan.

Wells Fargo's policy is to pay extension fees when it's at fault for delays, according to Goyda. Yet in the Los Angeles region, the former employees say, Wells Fargo made customers pay for its failures to meet deadlines. The former employees attributed the delays to the inexperience and low pay of the processing and underwriting staff. In addition, to keep costs down, the bank understaffed the offices, they say.

"The reason we were not closing on time was predominantly lender related," said a former Wells Fargo employee. When a loan officer asked the bank to pick up the extension fee, "it didn't make a difference if" the written request "was a one-liner or the next War and Peace," said the former employee. "The answer was always the same: No. Declined. 2018Borrower paid,' never 2018Lender paid.'"

Anticipating that it couldn't close on time, the bank adopted a variety of strategies to shift responsibility to customers. The "most blatant methods of attempting to transfer blame onto customers for past and expected future delays," Chavez wrote, included having loan processors flag "the file for 2018missing' customer documentation or information that had already been provided by the borrower." The customers would have to refile, blowing the deadline.

Sometimes loan officers would ask customers to submit extra documents that Wells Fargo did not need for its initial assessments, burdening them with paperwork to ensure they wouldn't meet the deadline. On occasion, employees built in a cushion, quoting a higher fee at the beginning. That way, they didn't have to go back to tell the customer about the extra fee at the end.

One employee says he complained to Swanson's boss about the situation but upper management referred the problem back to Swanson. The employee's immediate manager then scolded him.

Swanson told co-workers that he personally took a hit if the bank paid out too many extension fees, two of the former employees recall. "Swanson would be very upfront that his bonus is tied to extension fees," says one. The other former loan officer says, "During meetings, the branch was told extensions were costing the branch money."

Swanson, an 18 year veteran of the bank, has faced criticism before that he sought profits at the expense of customers. In 2005, customers in Los Angeles sued Wells Fargo for racial discrimination. They contended that Swanson prohibited loan officers in minority neighborhoods from using a software program that gave them the ability to offer borrowers discounted fees. He allowed loan officers to use the same program in white neighborhoods, where residents paid lower fees as a result. Believing that minority borrowers did not shop around for mortgages, Swanson contended Wells Fargo did not need to offer the discounts in their neighborhoods since the bank faced less competition, according to witness testimony at trial.

In 2011, a Los Angeles Superior Court jury found that Wells Fargo intentionally discriminated on a portion of the loans in question and awarded plaintiffs $3.5 million, a decision that was upheld on appeal. With interest, the payout rose to just under $6 million. "The verdict in the case was not in line with the law and the facts, and there was no evidence that class members paid a higher price than other similarly situated borrowers," Goyda said. Nevertheless, he added, the bank decided to pay the judgment rather than pursue additional appeals.

"Swanson runs that place," said Barry Cappello, who co-tried the case against Wells Fargo with his partner Leila Noël. "He is the man. They do what he wants done. Despite the lawsuit and the millions they paid out, the guy is still there."

Shifting extension fees onto borrowers may amount to just poor customer service, rather than a regulatory violation. Still, if it is widespread and systematic, the bank could be running afoul of banking laws that ban unfair or deceptive practices, regulators say.

For a couple of years around 2011, when Wells Fargo was originating a heavy volume of mortgages, the bank made a decision to pay all the extension fees, spokesman Goyda said. But, around 2014, it reverted back to its traditional policy of paying fees only when it's at fault.

Chavez says that the problems began in earnest that year and persisted as of the time he left last April. The precise value of the improperly assigned extension fees in the Los Angeles region is unclear. Chavez and another employee estimate they ran into the millions. One of the former employees estimates a quarter of the mortgages at his branch had to be extended. By that measure, if a loan officer did $100 million in loans in a year, those mortgages would rack up about $62,000 in extension fees. The Beverly Hills office alone did around $800 million to $1 billion in underlying mortgages, generating at least half a million dollars in extension fees, the employee estimates. Swanson's region has 19 branches.

Some customers resented having to pay the extension fees, and took their business elsewhere. After one mortgage application faced a delay, a Wells Fargo assistant vice president in Brentwood named Joshua Oleesky called to tell the customer that he had to pay an interest rate lock extension fee. The customer balked, blaming the bank for missing the deadline. Oleesky "started interrogating me on why Wells Fargo was responsible for the delay," the customer wrote in a June 29, 2015, letter of complaint to Michael Heid, then president of Wells Fargo Home Lending. (He cc'd John Stumpf, Wells Fargo's former CEO, who was ousted after the fictitious accounts scandal.) The customer went with another bank for the mortgage. Through the Wells Fargo spokesman, Oleesky declined comment.

According to the customer, Heid didn't answer the letter.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Western Union Admitted To Money-Laundering Charges. To Pay $586 Million Fine

Western Union Company logo A news item you may have missed during the run-up to the Presidential Inauguration. The U.S. Federal Trade Commission (FTC) announced settlement agreements with Western Union where the company admitted to money-laundering charges and agreed to pay $586 million in fines and restitution.

Western Union inked settlement agreements with the FTC, the Justice Department (DOJ), and with several U.S. Attorneys’ Offices: the Middle District of Pennsylvania, the Central District of California, the Eastern District of Pennsylvania and the Southern District of Florida. The FTC announcement stated:

"In its agreement with the Justice Department, Western Union admits to criminal violations including willfully failing to maintain an effective anti-money laundering program and aiding and abetting wire fraud... According to admissions contained in the deferred prosecution agreement (DPA) with the Justice Department and the accompanying statement of facts, Western Union violated U.S. laws—the Bank Secrecy Act (BSA) and anti-fraud statutes—by processing hundreds of thousands of transactions for Western Union agents and others involved in an international consumer fraud scheme. As part of the scheme, fraudsters contacted victims in the U.S. and falsely posed as family members in need or promised prizes or job opportunities. The fraudsters directed the victims to send money through Western Union to help their relative or claim their prize. Various Western Union agents were complicit in these fraud schemes, often processing the fraud payments for the fraudsters in return for a cut of the fraud proceeds."

The FTC alleged in a complaint filed in U.S. District Court for the Middle District of Pennsylvania that the company’s conduct violated the FTC Act. The complaint alleged that fraudsters globally used Western Union’s money transfer system for many years, even after the company was aware of the problems. The complaint also alleged that some Western Union agents were complicit in fraud. Also, the FTC’s complaint alleged that Western Union failed to implement effective anti-fraud policies and procedures, and it failed to act promptly against problem agents (e.g., suspensions, terminations).

Also, the announcement described the extent and duration of the fraud:

"The BSA requires financial institutions, including money services businesses such as Western Union, to file currency transaction reports (CTRs) for transactions in currency greater than $10,000 in a single day. To evade the filing of a CTR and identification requirements, criminals will often structure their currency transactions so that no single transaction exceeds the $10,000 threshold. Financial institutions are required to report suspected structuring... Western Union knew that certain of its U.S. Agents were allowing or aiding and abetting structuring by their customers. Rather than taking corrective action to eliminate structuring at and by its agents, Western Union, among other things, allowed agents to continue sending transactions... Beginning in at least 2004, Western Union recorded customer complaints about fraudulently induced payments in what are known as consumer fraud reports (CFRs). In 2004, Western Union’s Corporate Security Department proposed global guidelines for discipline and suspension of Western Union agents that processed a materially elevated number of fraud transactions. In these guidelines, the Corporate Security Department effectively recommended automatically suspending any agent that paid 15 CFRs within 120 days. Had Western Union implemented these proposed guidelines, it would have prevented significant fraud losses to victims and would have resulted in corrective action against more than 2,000 agents worldwide between 2004 and 2012."

U.S. Attorney Eileen M. Decker of the Central District of California said:

"Our investigation uncovered hundreds of millions of dollars being sent to China in structured transactions designed to avoid the reporting requirements of the Bank Secrecy Act, and much of the money was sent to China by illegal immigrants to pay their human smugglers... In a case being prosecuted by my office, a Western Union agent has pleaded guilty to federal charges of structuring transactions – illegal conduct the company knew about for at least five years. Western Union documents indicate that its employees fought to keep this agent – as well as several other high-volume independent agents in New York City – working for Western Union because of the high volume of their activity. This action today will ensure that Western Union effectively controls its agents and prevents the use of its money transfer system for illegal purposes."

U.S. Attorney Bruce D. Brandler said:

"The U.S. Attorney’s Office for the Middle District of Pennsylvania has a long history of prosecuting corrupt Western Union Agents... Since 2001 our office, in conjunction with the U.S. Postal Inspection Service, has charged and convicted 26 Western Union Agents in the United States and Canada who conspired with international fraudsters to defraud tens of thousands of U.S. residents via various forms of mass marketing schemes. I am gratified that the deferred prosecution agreement reached today with Western Union ensures that $586 million will be available to compensate the many victims of these frauds."

Terms of the settlement agreements require Western union to:

  • Pay a monetary judgment of $586 million,
  • Implement and maintain a comprehensive anti-fraud program with training for its agents and their front line associates,
  • Monitor to detect and prevent fraud-induced money transfers,
  • Conduct due diligence on all new and renewing company agents, plus suspend or terminate non-compliant agents,
  • Stop transmitting money transfers it knows or reasonably should know are fraud-induced,
  • Block money transfers sent to any person who is the subject of a fraud report,
  • Provide clear and conspicuous consumer fraud warnings on its paper and electronic money transfer forms,
  • Increase the availability of websites and telephone numbers that enable consumers to file fraud complaints,
  • Refund fraudulent money transfers if it failed to comply with its anti-fraud procedures, and
  • Not process money transfers it knows or should know are payments for telemarketing transactions.

Western Union's compliance with these requirements will be monitored for three years by an independent compliance auditor. Western Union said in a January 19th press release:

"The Western Union Company (NYSE: WU) today announced agreements with the U.S. Department of Justice (DOJ) and Federal Trade Commission (FTC) that resolve previously disclosed investigations focused primarily on the Company’s oversight of certain agents and whether its anti-fraud program, as well as its anti-money laundering controls, adequately prevented misconduct by those agents and third parties. The conduct at issue mainly occurred from 2004 to 2012."

"As part of this resolution, Western Union will enter into a deferred prosecution agreement with the DOJ and a consent order with the FTC. The Company will pay a total of $586 million to the federal government, which is to be used to reimburse consumers who were victims of fraud during the relevant period. Western Union also will take specific actions to further enhance its oversight of agents and its protection of customers... Over the past five years, Western Union increased overall compliance funding by more than 200 percent, and now spends approximately $200 million per year on compliance, with more than 20 percent of its workforce currently dedicated to compliance functions. The comprehensive improvements undertaken by the Company have added more employees with law enforcement and regulatory expertise, strengthened its consumer education and agent training, bolstered its technology-driven controls and changed its governance structure so that its Chief Compliance Officer is a direct report to the Compliance Committee of the Board of Directors."

"... [Western Union] will simultaneously resolve, without any additional payment or non-monetary obligations, potential claims by the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) relating to conduct in the 2010 to 2012 period that FinCEN contended violated the Bank Secrecy Act. The Company received a notice of investigation from FinCEN in mid-December 2016. The separate agreement with FinCEN sets forth a civil penalty of $184 million, the full amount of which will be deemed satisfied by the $586 million compensation payment under the DOJ and FTC agreements."


Several Banks Fined Billions By Justice Department For Alleged Wrongdoing

Credit Suisse logo In case you missed it, the U.S. Department of Justice (DOJ) announced last week several settlement agreements and fines against several banks. First, for conduct with the packaging, securitization, issuance, marketing and sale of residential mortgage-backed securities (RMBS) between 2005 and 2007, Credit Suisse will pay about $5.3 billion in fines and relief. That includes $2.48 billion as a civil penalty under the Financial Institutions Reform, Recovery and Enforcement Act (FIRREA), and $2.8 billion in:

"... relief to underwater homeowners, distressed borrowers and affected communities, in the form of loan forgiveness and financing for affordable housing. Investors, including federally-insured financial institutions, suffered billions of dollars in losses from investing in RMBS issued and underwritten by Credit Suisse between 2005 and 2007."

Principal Deputy Associate Attorney General Bill Baer said:

"Credit Suisse claimed its mortgage backed securities were sound, but in the settlement announced today the bank concedes that it knew it was peddling investments containing loans that were likely to fail... That behavior is unacceptable. Today's $5.3 billion resolution is another step towards holding financial institutions accountable for misleading investors and the American public."

Second, for conduct with the packaging, securitization, marketing, sale and issuance of residential mortgage-backed securities (RMBS) between 2006 and 2007, Deutsche Bank will pay $7.2 billion in fines and relief. That includes a $3.1 billion civil penalty under the Financial Institutions Reform, Recovery and Enforcement Act (FIRREA), and $4.1 billion in relief to underwater homeowners, distressed borrowers and affected communities.

Deutsche bank logo Principal Deputy Associate Attorney General Bill Baer said:

"This $7.2 billion resolution – the largest of its kind – recognizes the immense breadth of Deutsche Bank’s unlawful scheme by demanding a painful penalty from the bank, along with billions of dollars of relief to the communities and homeowners that continue to struggle because of Wall Street’s greed... The Department will remain relentless in holding financial institutions accountable for the harm their misconduct inflicted on investors, our economy and American consumers."

Principal Deputy Assistant Attorney General Benjamin C. Mizer, head of the Justice Department’s Civil Division, said:

"In the Statement of Facts accompanying this settlement, Deutsche Bank admits making false representations and omitting material information from disclosures to investors about the loans included in RMBS securities sold by the Bank. This misconduct, combined with that of the other banks we have already settled with, hurt our economy and threatened the banking system... To make matters worse, the Bank’s conduct encouraged shoddy mortgage underwriting and improvident lending that caused borrowers to lose their homes because they couldn’t pay their loans. Today’s settlement shows once again that the Department will aggressively pursue misconduct that hurts the American public."

State Street Corporation logo Third, State Street Corporation will pay more than $64 million to resolve fraud charges. State Street:

"... entered into a deferred prosecution agreement and agreed to pay a $32.3 million criminal penalty to resolve charges that it engaged in a scheme to defraud a number of the bank’s clients by secretly applying commissions to billions of dollars of securities trades. State Street also agreed to offer an equal amount as a civil penalty to the U.S. Securities and Exchange Commission (SEC)."

Acting Assistant Attorney General Bitkower said:

"State Street engaged in a concerted effort to fleece its clients by secretly charging unwarranted commissions... The bank fundamentally abused its clients’ trust and inflicted very real financial losses. The department will hold responsible those who engage in this type of criminal conduct."

Acting U.S. Attorney Weinreb said:

"State Street cheated its customers by agreeing to charge one price for its services and then secretly charging them something else... Banks that defraud their clients in this way must be held accountable, no matter how big they are."

Kudos to the DOJ for its enforcement actions. If this wrongdoing is ever going to stop, then jail time for executives needs to be applied.


Boston Women's March And Local Law Enforcement

On Saturday, January 21, 2017 the Boston Police Department (BPD) posted on its Facebook page at 5:45 pm the following about the Women's March:

"To the tens of thousands who participated in today’s Women’s March on Boston Common earlier today, Saturday, January 21, 2017, the men and women of the Boston Police Department would like to thank you for the high levels of respectful and responsible behavior on display throughout the day. Said Commissioner Evans: "Really impressed with the amount of respect and courtesy shown to my officers by everybody attending today's Women’s March and I’d just like to personally thank everybody who demonstrated in a peaceful, polite and respectful manner."

The Boston Globe newspaper reported about the event:

"... the enormous crowd began streaming from Boston Common onto Charles Street, heading to Clarendon Street, where they turned around. So many people marched that it took more than an hour and a half to file out of the Common. City officials estimated that 175,000 attended the demonstration... The Boston event was one of more than 600 marches being held nationwide and globally, on the day after Trump took office... Speakers at the Boston kickoff included Warren, Mayor Martin J. Walsh of Boston, US Senator Edward J. Markey, and Attorney General Maura Healey... By about 1 p.m., marchers began to hit the streets, though the crowd was so big that many had to wait before they could get out of the Common. The gathering was almost evenly split between men and women, and a diverse range of agendas was represented: climate change, antiracism, and Trump’s ties to Russia. On Twitter, Boston police thanked protesters for remaining peaceful."

There more demonstrations in Massachusetts in Falmouth, Greenfield, Nantucket, Provincetown, Northampton, and Pittsfield. Social networking posts about the Boston event by the BPD on Twitter:

Tweet about Womens March by Boston Police Department. Click to view larger version

Tweets about Womens March by Boston Police Department. Click to view larger version

Respectful behavior all around: marchers and law enforcement. Congratulations and thanks to everyone involved, plus very respectful messages on social networking sites by the BPD. Hopefully, in the future more citizens and police departments around the country will follow Boston's lead. That is truly #BostonStrong.

Yes, I live and work in Boston. What happened in your city? How did your city's law enforcement respond. Share below.


FINRA Fined 12 Brokerage Firms $14.4 Million For Inadequate Data Security

Just before the long holiday break, the Financial Industry Regulatory Authority (FINRA) announced that it fined 12 banks and brokerage firms a total of $14.4 million for failing to adequately protect information in electronic broker-dealer and customer records. The FINRA announcement explained:

"... at various times, and in most cases for prolonged periods, the firms failed to maintain electronic records in “write once, read many,” or WORM, format, which prevents the alteration or destruction of records stored electronically... Federal securities laws and FINRA rules require that business-related electronic records be kept in WORM format to prevent alteration. The SEC has stated that these requirements are an essential part of the investor protection function... FINRA found that each of these 12 firms had WORM deficiencies that affected millions, and in some cases, hundreds of millions, of records pivotal to the firms’ brokerage businesses, spanning multiple systems and categories of records... each of the firms had related procedural and supervisory deficiencies affecting their ability to adequately retain and preserve broker-dealer records stored electronically. In addition, FINRA found that three of the firms failed to retain certain broker-dealer records the firms were required to keep under applicable record retention rules. In settling this matter, the firms neither admitted nor denied the charges, but consented to the entry of FINRA's findings."

The firms fined and the amounts for each:

"Wells Fargo Securities, LLC and Wells Fargo Prime Services, LLC were jointly fined $4 million. RBC Capital Markets LLC and RBC Capital Markets Arbitrage S.A. were jointly fined $3.5 million. RBS Securities, Inc. was fined $2 million. Wells Fargo Advisors, LLC, Wells Fargo Advisors Financial Network, LLC and First Clearing, LLC were jointly fined $1.5 million. SunTrust Robinson Humphrey, Inc. was fined $1.5 million. LPL Financial LLC was fined $750,000. Georgeson Securities Corporation was fined $650,000. PNC Capital Markets LLC was fined $500,000.

In September, Wells Fargo bank paid $185 million in fines to settle charges of alleged unlawful sales practices during the past five years. LPL Financial had several data breaches during 2007 to 2009.

For readers seeking more information, the FINRA announcement includes links to the settlement agreements.


The Boston Keep ACA Rally on January 15 And Senator Warren's Remarks

Crowd gathering an hour before Boston healthcare rally. January 15,, 2017. click to view larger version On Sunday January 15, 2017 I attended the healthcare rally in Boston at iconic Faneuil Hall. It was one of a dozen rallies around the United States. Several people spoke, including Boston Mayor Marty Walsh, U.S. Senator Elizabeth Warren, activist Sarah Grow, Carla Leviano, and U.S. Senator Edward Markey. The attendance was great and far exceeded the capacity for the auditorium inside Faneuil Hall, where it was originally planned.

The event continued outside with what I estimated at least five thousand people standing in the cold 27 degrees Fahrenheit temperature. This blog post contains several photographs I took. The photo on the right shows the crowd gather more than hour before the official 1:00 pm start of the rally.

Carla Lievano, a single-mother whose family is on MassHealth, is worried about losing her health benefits if the Affordable Care Act is repealed. She said:

"I could lose my health benefits... I’m very low income. I don’t know how I would take care of [my daughter]..."

Senator Warren speaking at January 15, 2017 healthcare rally in Boston. Click to view larger version Grow shared the story of her mother's battle against cancer, and how the Affordable Care Act (ACA and a//k/a Obamacare) saved her mother's life. Her mother was able to find a replacement plan under the ACA. Below is the transcript of Senator Elizabeth Warren's remarks (courtesy of the Boston Globe):

"For eight years, Republicans in Congress have complained about health care in America, heaping most of the blame on President Obama. Meanwhile, they’ve hung out on the sidelines making doomsday predictions and cheering every stumble, but refusing to lift a finger to actually improve our health care system.

The GOP is about to control the White House, Senate, and House. So what’s the first thing on their agenda? Are they working to bring down premiums and deductibles? Are they making fixes to expand the network of doctors and the number of plans people can choose from? Nope. The number one priority for congressional Republicans is repealing the Affordable Care Act and breaking up our health care system while offering zero solutions.

Their strategy? Repeal and run.

Many Massachusetts families are watching this play out, worried about what will happen — including thousands from across the Commonwealth that I joined at Faneuil Hall on Sunday to rally in support of the ACA. Hospitals and insurers are watching too, concerned that repealing the ACA will create chaos in the health insurance market and send costs spiraling out of control.

Health care reform in Massachusetts wasn’t partisan. Democrats, Republicans, business leaders, hospitals, insurers, doctors, and consumers all came together behind a commitment that every single person in our Commonwealth deserves access to affordable, high-quality care. When Republican Governor Mitt Romney signed Massachusetts health reform into law in 2006, our state took huge strides toward offering universal health care coverage and financial security to millions of Bay State residents.

That law was a major step forward. Today, more than 97 percent of Bay Staters are covered — the highest rate of any state in the country.

But Massachusetts still has a lot to lose if the ACA is repealed. One big reason for our state’s health care success is that we took advantage of the new opportunities offered under the ACA. In addition to making care more accessible and efficient, our state expanded Medicaid, using federal funds to help even more people. And we combined federal and state dollars to help reduce the cost of insurance on the Health Connector.

When the ACA passed, Massachusetts already had in place some of the best consumer protections in the nation. But the ACA still made a big difference. It strengthened protections for people in Massachusetts with pre-existing conditions, allowed for free preventive care visits, and — for the first time in our state — banned setting lifetime caps on benefits.

If the ACA is repealed, our health care system would hang in the balance. Half a million people in the Commonwealth would risk losing their coverage. People who now have an iron-clad guarantee that they can’t be turned away due to their pre-existing conditions or discriminated against because of their gender could lose that security. Preventive health care, community health centers, and rural hospitals could lose crucial support. In short, the Massachusetts health care law is a big achievement and a national model, but it also depends on the ACA and a strong partnership with the federal government.

If the cost-sharing subsidies provided by the ACA are slashed to zero, Massachusetts will have a tough time keeping down the cost of plans on the Health Connector. The state can’t make funds appear out of thin air to help families on the Medicaid expansion if Republicans yank away support. And our ability to address the opioid crisis will be severely hampered if people lose access to health insurance or if the federal funding provided through the Medicaid waiver disappears. Even in states with strong health care systems — states like Massachusetts — the ACA is critical.

The current system isn’t perfect — not by a long shot. There are important steps Congress could take to lower deductibles and premiums, to expand the network of doctors people can see on their plans, and to increase the stability and predictability of the market. We should be working together to make health care better all across the country, just like we’ve tried to do here in Massachusetts.

This doesn’t need to be a partisan fight. But if congressional Republicans continue to pursue repeal of the ACA with nothing more than vague assurances that they might — someday — think up a replacement plan, the millions of Americans who believe in guaranteeing people’s access to affordable health care will fight back every step of the way.

Repeal and run is for cowards."

Want to read more? Try these hashtags on social networking sites: #repealandrun #ourfirststand #savehealthcare #CareNotChaos. Below are more photos from Sunday's event in Boston.

Protester sign at Boston healthcare rally
Protester sign. Boston healthcare rally. 1/15/17

Protester sign at Boston healthcare rally
Protester sign at Boston healthcare rally. 1/15/17

Boston Mayor Marty Walsh speaking at healthcare rally January 15, 2017
Mayor Marty Walsh speaking at healthcare rally. 1/15/17

View of crowd at Boston healthcare rally January 15, 2017
View from crowd at Boston healthcare rally. 1/15/17


Federal Reserve Study: Noncash Payments In The United States

Americans still love to use the plastic in their wallets and purses. Just before the holidays, the Federal Reserve Board (FRB) released the results of its study about how Americans use non-cash payment methods: debit cards, credit cards, prepaid cards, ACH payments, and checks. The study included the total number and value of non-cash payments by consumers and businesses through 2015.

The total number of U.S. non-cash payments was more than 144 billion payments with a value of almost $178 trillion in 2015. That represented an increase of almost 21 billion payments or about $17 trillion since 2012. Other key findings from the study:

"The number of debit card payments (including payments with prepaid and non-prepaid cards) grew to 69.5 billion in 2015 with a value of $2.56 trillion, up 13.0 billion or $0.46 trillion since 2012. This was the largest increase in number of payments among the payment types considered. Debit card payments grew at an annual rate of 7.1 percent by number or 6.8 percent by value from 2012 to 2015 with most of the growth occurring in non-prepaid debit card payments. The number of credit card payments reached 33.8 billion in 2015 with a value of $3.16 trillion, up 6.9 billion or $0.61 trillion since 2012. Credit card payments grew at an annual rate of 8.0 percent by number or 7.4 percent by value from 2012 to 2015, the largest growth rates among the payment types considered... The number of check payments fell to 17.3 billion with a value of $26.83 trillion, down 2.5 billion or $0.38 trillion since 2012. Check payments fell at an annual rate of 4.4 percent by number or 0.5 percent by value from 2012 to 2015. The decline of checks over the period was slower than previous studies had shown for prior periods since 2003."

Prepaid cards typically include gift cards and payroll cards which consumers load money onto and which aren't linked to bank accounts (e.g., checking, savings). Past studies have documented numerous fees with prepaid cards while some consumers use prepaid cards instead of traditional bank accounts. "Non-prepaid debit cards" refer to debit cards linked to traditional bank accounts.

There are significant differences between the volume and value for each non-cash payment type. For example, debit cards generated the largest share of payment volume and the smallest share by value:

Figure 1: Distribution of noncash payments by type, volume and value in 2015. FRB Study 2016. Click to view larger version

Another way of looking at the variety of non-cash payment types is the volume of payments over time:

Figure 2: Volume of noncash payments from 2000 to 2015. FRB Study 2016. Click to view larger version

Additional findings about prepaid cards:

"The number of prepaid debit card payments reached 9.9 billion with a value of $0.27 trillion in 2015, up 0.6 billion or $0.04 trillion since 2012. Almost all of the growth in prepaid debit card payments by number and value came from general-purpose prepaid cards, which can be used over the same general-purpose networks as non-prepaid debit cards. General-purpose prepaid card payments increased to 3.7 billion in 2015 by number, up 0.6 billion from 2012 to 2015, which was much less than the growth of 1.8 billion from 2009 to 2012... The average value of payments using these types of cards dropped slightly from $35 in 2012 to $34 in 2015.

Private-label prepaid card payments declined slightly by number, but rose somewhat by value from 2012 to 2015. In 2012, such payments totaled 3.7 billion by number or $0.05 trillion by value, while, in 2015, they totaled 3.6 billion by number or $0.07 trillion by value. Private-label prepaid card payments dropped at an annual rate of 0.3 percent by number but rose 15.0 percent by value. Hence, the average value of these payments rose from $13 to $20.

Payments made by prepaid EBT cards increased slightly from 2.5 billion in 2012 to 2.6 billion in 2015, or 1.7 percent per year, while the value of these payments also increased slightly from $0.07 trillion to $0.08 trillion, or 0.20 percent per year. The average value of prepaid EBT card payments declined slightly, from $30 to $29.

In 2015, non-prepaid debit and general-purpose prepaid cards were used in 5.8 billion cash withdrawals at ATMs, virtually the same level as in 2012, after dropping from 6.0 billion ATM cash withdrawals in 2009. The average value of ATM cash withdrawals rose from $118 to $122 between 2012 and 2015, continuing an upward trend in average value since 2003."

To minimize fraud and waste, banks and retailers began the migration to chip cards in the United States in 2015. The FRB study included findings about fraud:

"Payments with general-purpose cards using embedded microchips, which improve the security of in-person payments to help prevent fraud, have grown by 230 percent per year since 2012. But payments with the chip-based cards amounted to only about 2 percent share of total in-person general-purpose card payments in 2015, reflecting the early stages of a broad industry effort to roll out chip card technology. In 2015, the proportion of total general-purpose card fraud by value attributed to counterfeiting, the most prevalent type of in-person card fraud in the United States, was substantially greater than in countries where chip technology has been more widely adopted."

The United States was one of the last developed countries to switch to chip cards. So, chip card usage in the United States still has a long way to go. The types of fraud with debit/credit/prepaid cards:

  • Counterfeit card: Fraud is perpetrated using an altered or cloned card.
  • Lost or stolen card: Fraud is undertaken using a lost or stolen card.
  • Card issued but not received: A newly issued card sent via postal mail to a cardholder is intercepted and used to commit fraud.
  • Fraudulent application: A new card is issued based on a fake identity or on someone else’s identity.
  • Other: “Other” fraud includes account takeover and other types of fraud not covered above.
  • Fraudulent use of account number: Fraud is perpetrated without using a physical card.

Fraud is perpetrated via two channels: 1) in-person when the cardholder has their card, and 2) remote when the cardholder is not present (e.g., postal mail, online, telephone). To learn more, download the "2016 Federal Reserve Payments Study" (Adobe PDF) and/or read the FRB announcement.


FTC Lawsuit Claims D-Link Products Have Inadequate Security

Do you use D-Link modem/routers or routers? Do you have or plan to buy smart home appliances or electronics (a/k/a the Internet of Things or IoT) you want to connect via your home WiFi network to these or other brand routers? Are you concerned about the security of IoT devices? If you answered yes to any of these questions, then today's blog post is for you.

The U.S. Federal Trade Commission (FTC) has filed a complaint against Taiwan-based D-Link Corporation and its U.S. subsidiary alleging the tech company didn't do enough to make its products secure from hacking. The FTC announcement stated that its complaint alleged:

"... that D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras... D-Link promoted the security of its routers on the company’s website, which included materials headlined “EASY TO SECURE” and “ADVANCED NETWORK SECURITY.” But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws, such as: a) "hard-coded" login credentials integrated into D-Link camera software -- such as the username “guest” and the password “guest” -- that could allow unauthorized access to the cameras’ live feed; b) a software flaw known as “command injection” that could enable remote attackers to take control of consumers’ routers by sending them unauthorized commands over the Internet; c) the mishandling of a private key code used to sign into D-Link software, such that it was openly available on a public website for six months; and d) leaving users’ login credentials for D-Link’s mobile app unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information."

Besides the D-Link shopping site, the company's products are available at many online stores, including Best Buy, Target, Walmart, and Amazon. The FTC complaint (Adobe PDF) stated 5 Counts describing in detail the alleged security lapses, some of  which allegedly contradict advertising claims. The redacted complaint did not list specific product model numbers. Apple Insider reported:

"The security lapses also extended to mobile apps offered by D-Link to access and manage IP cameras and routers from a smartphone or tablet."

If these allegations are true, then item "C" is troubling. it raises questions about how and why a private key code were available on a public, unprotected server and for so long. It raises questions why this information wasn't encrypted. Access codes on a public server may help government intelligence agencies perform their tasks, but it suggests insufficient security for consumers. Access codes and login credentials are the holy grail for criminals. This is the information they seek in order to hack accounts and hijack devices.

Consumers connect via home routers a variety of IoT or smart devices: security systems, cameras, baby monitors, thermostats, home electronics, home appliances, toys, lawn mowers, and more. If true, the vulnerabilities could allow criminals to case home furnishings, eavesdrop on conversations, watch residents' patterns and discover when they are away from home, disable security systems, access tax and financial records, redirect users' Internet usage to fraudulent sites, and more.

The risks are real. A prior blog post discussed some of the security issues with IoT devices. Home routers have been hijacked and used to shut down targeted sites. ZDNet warned in May 2015:

"According to a report released by cybersecurity firm Incapsula on Wednesday, lax security practices concerning small office and home office (SOHO) routers has resulted in tens of thousands of routers becoming hijacked -- ending up as slave systems in the botnet network. Distributed denial-of-service (DDoS) attacks are a common way to disrupt networks and online services. The networks are often made up of compromised PCs, routers and other devices. Attackers control the botnet through a command and control center (C&C) in order to flood specific domains with traffic... ISPs, vendors and users themselves -- who do not lay down basic security foundations such as changing default passwords and keeping networks locked -- have likely caused the slavery of "hundreds of thousands [...] more likely millions" of routers now powering DDoS botnets which can cause havoc for both businesses and consumers..."

And a December 7, 2016 report by Incapsula listed about 18 vendors, including D-Link, that were susceptible to the Mirai malware used by botnets. So, the threat is real. Home routers have already been hijacked by bad guys to attack sites.

D-Link posted on its site a response to the FTC complaint:

"D-Link Systems, Inc. will vigorously defend itself against the unwarranted and baseless charges made by the Federal Trade Commission (FTC)... D-Link Systems maintains a robust range of procedures to address potential security issues, which exist in all Internet of Things (IOT) devices. Notably, the complaint does not allege any breach of a D-Link Systems device. Instead, the FTC speculates that consumers were placed “at risk” to be hacked, but fails to allege, as it must, that actual consumers suffered or are likely to suffer actual substantial injuries."

That response raises more questions. Breaches involve unauthorized persons accessing computers and/or networks. Clearly, botnets are collections of hijacked devices controlled by unauthorized persons using malware. The Incapsula reports clearly documented this. So, how are hijacked home routers and IoT devices with malware not breaches? And, botnets are designed to attack targeted sites, and not necessarily the hijacked routers and devices. So, the "actual substantial injuries" argument falls apart.

Aware consumers don't want their smart televisions, refrigerators, dishwashers, home security systems, baby monitors, cameras, and other devices hijacked by bad guys. The whole situation seems to provide two important reminders for consumers: 1) protect your IoT devices, and 2) be informed shoppers.

Protecting your IoT devices means changing the default passwords, especially on your routers and disabling remote access features. Informed shoppers Inquire before purchase about software security updates for IoT devices. Are those updates included in the product price, available in a separate subscription, or not at all? There are plenty of examples of smart home products with vulnerabilities and questionable security. Informed shoppers know before purchase.

If the product offers a separate subscription for software security updates, the money spent will be well worth it to protect your sensitive personal and financial information, to protect your family's privacy, and to avoid hijacked devices. If the product lacks software security updates, you want to know what you're buying and maybe barter for a lower price. Me? I'd keep shopping for alternatives with better security.

Protect your WiFi-connected home electronics, devices, and appliances. Don't contribute to Internet security problems.

Since most consumers lack the technical expertise to understand and detect breaches on their IoT devices, I am grateful for the FTC enforcement action; and for its guidelines in 2015 for companies offering IoT devices. Plus, the FTC is concerned with industry-wide threats that could hamper commerce. Perhaps, an economist can calculate the negative impacts upon commerce, the U.S. economy, and GDP from botnet attacks.

What are your opinions of the FTC lawsuit against D-Link Corporation? Of the security of IoT devices?


2 Credit Reporting Agencies To Pay $23.1 Million To Settle Deceptive Advertising Charges

Last week, the Consumer Financial Protection Bureau (CFPB) announced the actions it had taken against two credit reporting agencies and their subsidiaries for deceptive advertising practices with credit scores and related subscription programs. The CFPB announcement explained:

"TransUnion, since at least July 2011, and Equifax, between July 2011 and March 2014, violated the Dodd-Frank Wall Street Reform and Consumer Financial Protection Act by: 1) Deceiving consumers about the value of the credit scores they sold: In their advertising, TransUnion and Equifax falsely represented that the credit scores they marketed and provided to consumers were the same scores lenders typically use to make credit decisions. In fact, the scores sold by TransUnion and Equifax were not typically used by lenders to make those decisions; 2) Deceiving consumers into enrolling in subscription programs: In their advertising, TransUnion and Equifax falsely claimed that their credit scores and credit-related products were free or, in the case of TransUnion, cost only “$1.” In reality, consumers who signed up received a free trial of seven or 30 days, after which they were automatically enrolled in a subscription program. Unless they cancelled during the trial period, consumers were charged a recurring fee – usually $16 or more per month. This billing structure, known as a “negative option,” was not clearly and conspicuously disclosed to consumers."

Credit scores are numerical summaries designed to predict consumer repayment behavior and while using credit. Those numeric summaries attempt to indicate a consumer's credit worthiness based up like their bill-paying history: the number and type of credit accounts, the total amount of debt, if the credit accounts are maxed out, the age of that debt, whether bills are paid on time, collection activities by lenders to get paid, and the age of the consumer's accounts.

It is important for consumers to know that lenders rely in part on credit scores when deciding whether to extend credit to consumers and how much credit to extend. Plus, there are several branded credit scores in the marketplace. So, no single credit score is used by all lenders, and lenders may use one or more branded credit scores when making lending decisions. Also, the credit scores sold to consumers by TransUnion:

"... are based on a model from VantageScore Solutions, LLC. Although TransUnion has marketed VantageScores to lenders and other commercial users, VantageScores are not typically used for credit decisions."

Generally, the higher a credit score, the less risky that consumer is to lenders. The U.S. Federal Trade Commission (FTC) has a helpful site that explains credit scores and provides answers to common questions by consumers.

The CFPB actions require Equifax and TransUnion to pay fines totaling $5.5 million to the CFPB, and to pay more than $17.6 million in restitution to affected consumers.TransUnion's share of the fines is $3 million, and Equifax's share is $2.5 million. Other terms of the enforcement action:

"TransUnion and Equifax must clearly inform consumers about the nature of the scores they are selling to consumers... Before enrolling a consumer in any credit-related product with a negative option feature, TransUnion and Equifax must obtain the consumer’s consent. TransUnion and Equifax must give consumers a simple, easy-to-understand way to cancel the purchase of any credit-related product, and stop billing and collecting payments for any recurring charge when a consumer cancels."

"Negative option" is when a free trial automatically converts to a monthly paid subscription if the fails to cancel during the free trial period. Historically, the three major credit reporting agencies have offshore outsourced call center operations. So, it will be interesting to see how many of these jobs return to the United States given the policy positions of the incoming President and his administration. And, the industry has come under scrutiny for failing to fix errors in the credit reports they sell.

The industry has had some spectacular information security failures. A May 2016 breach at Equifax exposed the sensitive personal information of more than 430,000 employees of its Kroger supermarkets client. In 2012, Equifax and some of its customers paid $1.6 million to settle allegations by the FTC about the improper sales of customer lists from January 2008 and to early 2010.

The CFPB began supervision of the credit reporting industry in 2012. CFPB Director Richard Cordray said about this recent enforcement action:

"TransUnion and Equifax deceived consumers about the usefulness of the credit scores they marketed, and lured consumers into expensive recurring payments with false promises... Credit scores are central to a consumer’s financial life and people deserve honest and accurate information about them."

Kudos to the CFPB for this enforcement action.


The State of Massachusetts Data Breach Archive Is Available Online

The Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) announced the public availability online of its data breach notification archive. To comply with Massachusetts state laws enacted in 2007, companies and entities must notify both the OCABR and the Attorney General's Office anytime personal information is accidentally or intentionally compromised.

Consumer Affairs Undersecretary John Chapman stated:

“The Data Breach Notification Archive is a public record that the public and media have every right to view... Making it easily accessible by putting it online is not only in keeping with the guidelines suggested in the new Public Records law, but also with Governor Baker’s commitment to greater transparency throughout the Executive Office.”

The OCABR breach archive includes a tabular listing of data breaches in Adobe PDF format. Each listing includes the following data elements: date the breach was reported, organization name, breach type, number of residents affected, types of sensitive personal data (e.g., Social Security Number, account number, driver's license identifier, credit card number) exposed or stolen, whether the organization offered free credit monitoring to affected residents, if the data was encrypted, and if the breach included mobile devices. The archive does not include the full text of the breach notification letters received. The breach archive also includes summary information:

Breaches and Residents Affected By Year
Year # Notifications # Affected Residents
2007 (Nov to Dec) 30 8,499
2008 413 700,918
2009 437 357,869
2010 473 1,015,693
2011 614 1,163,917
2012 1,139 326,411
2013 1,829 1,163,643
2014 1,603 354,130
2015 1,834 1,338,048
2016 1,866 188,809
Total 10,238 5,454,294

According to the Census Bureau, Massachusetts' population was just under 6.8 million in 2015. So, the total number of affected residents equals about 80 percent of the state's population.

Nebraska, Nevada, Rhode Island, and Tennessee recently strengthened their breach laws with expanded definitions, encryption, requirements to notify the state's attorney general, and requirements to notify affected persons within forty-five (45) days. While most states -- 46 have some type of breach laws, some (California, Indiana, Iowa, Maryland, Montana, New Hampshire, Oregon, Vermont, Washington, Wisconsin) post online breach notices they have received.

Some states' sites provide their breach archives using static Adobe PDF file formats. The better-designed sites make it easy for residents to search and view information about specific breach incidents. these sites feature interactive search mechanisms that allow users to enter the name of company or state agency, date range filters, and file download options compatible with spreadsheet software. Some states -- California, South Carolina, and Washington -- produce detailed breach reports explaining the breaches by industry, type, and cause.

Without the full text, interactive search, and filter mechanisms, the OCABR breach archive is a marginally helpful resource. Consumers can still use it to verify the breach notices they have received via postal mail, since identity thieves often send fake breach notices trying to trick consumers into revealing their sensitive personal information. Using the OCABR breach archive is slow and awkward, since users must download each PDF file and perform a text search for an organization with each file. Plus, the archive lacks both street address and company business unit information, making it impossible for users to distinguish between entries with the same organization name.

Basically, something is better than nothing.

What are your opinions of the breach archive by Massachusetts? If I missed any states that provide beach notices online, please share below.


Win $25K In The FTC Internet-Of-Things Home Inspector Challenge

For the holidays, many consumers gave or received devices for their homes that are WiFi-connected, often referred to as the "Internet of Things" (IoT). Those devices include Internet routers, security cameras, home security systems, and a variety of appliances and electronics: televisions, refrigerators, clothes washers, lighting, heating/cooling systems, toys, DVRs, and more. Residences outfitted with these devices are often referred to as "Smart Homes" or "Connected Homes."

Experts forecast 50 billion devices globally by 2020. Plus, utilities have already installed smart meters in homes that regularly transmit consumers' water/oil/gas usage to their utility providers. Protecting those devices against hackers is critical.

U.S. Federal Trade Commission logo While the FTC has published guidelines for manufacturers of IOT devices, those guidelines aren't mandatory. The privacy threats of IoT devices are known, and researchers have warned about the vulnerabilities in specific products.

To help consumers manage their WiFi-connected home devices, the U.S. Federal Trade Commission (FTC) announced a prize competition called the "IoT Home Inspector Challenge." The FTC will award the $25,000 top prize to the solution that best helps consumers protect their IoT devices against vulnerabilities and to manage passwords (e.g., replace factory-defaults) for all home devices. Up to three honorable mention prizes of $3,000 each area also available.

Consumers working individually, or in teams, can register and submit entries beginning March 1, 2017. The deadline for entries is May 22, 2017. Winners will be announced on July 27, 2017. To be considered, entries must meet the following criteria:

  • Provide a technical solution, rather than a policy or legal solution
  • Work on home IoT devices that currently exist on the market
  • Protect information it collects both in transit and at rest,
  • Explain how the tool or solution will avoid or mitigate any additional security risks that the tool itself might introduce into the consumer’s home by (example, software upgrades)

The judges will rate each entry based upon how well it addresses the following four components:

  1. Recognize what IoT devices are operating in the consumer’s home. This may be automatic or provide instructions for consumer input,
  2. Determine what software version is already on those IoT devices. Again, this may be automatic or provide instructions for consumer input,
  3. Determine the latest software version each home IoT device should have, and
  4. Assist with updates.

Visit the FTC IoT Home Inspector Challenge site for complete details about the competition, including contest rules, judges, FAQs, and the registration/submission process.


Researchers Conclude Voting Systems In the USA Are Vulnerable To Hacking And Errors

McClatchyDC reported:

"Pennsylvania is one of 11 states where the majority of voters use antiquated machines that store votes electronically, without printed ballots or other paper-based backups that could be used to double-check the balloting. There's almost no way to know if they've accurately recorded individual votes — or if anyone tampered with the count... These paperless digital voting machines, used by roughly 1 in 5 U.S. voters last month, present one of the most glaring dangers to the security of the rickety, underfunded U.S. election system."

I strongly suggest that all voters read the entire McClatchyDC article. It is an eye-opener. Let's unpack the above paragraph. There's plenty to consider.

First, a significant number of voting districts across the nation use only paperless digital voting machines. A prior blog post confirmed this usage:

"... half of registered voters (47%) live in jurisdictions that use only optical-scan as their standard voting system, and about 28% live in DRE-only jurisdictions... Another 19% of registered voters live in jurisdictions where both optical-scan and DRE systems are in use... Around 5% of registered voters live in places that conduct elections entirely by mail – the states of Colorado, Oregon and Washington, more than half of the counties in North Dakota, 10 counties in Utah and two in California. And in more than 1,800 small counties, cities and towns – mostly in New England, the Midwest and the inter-mountain West – more than a million voters still use paper ballots that are counted by hand."

That prior blog post also included a map with voting technologies by district. Second, the paperless digital voting machines make recounts difficult to impossible. Why? They lack printed ballots or paper backups to re-scan and verify against the machines' recorded totals. Optical-scan voting machines are better since they use paper ballots. Those paper ballots can be re-scanned during a recount to verify the machines' totals. Reportedly, advanced countries including Germany, Britain, Japan and Singapore all require scannable paper ballots.

Third, all of this means paperless digital voting machines are a hacker's delight. Or a corrupt politician's delight. If one is going to hack voting systems with a low to zero chance of getting caught, then smart hackers would target machines without paper backups where tampering would be impossible to detect during recounts.

Fourth, the vulnerabilities aren't just theory, or what-ifs. The McClathcyDC article also reported:

"But a cadre of computer scientists from major universities backed Stein's recounts to underscore the vulnerability of U.S. elections. These researchers have been successfully hacking e-voting machines for more than a decade in tests commissioned by New York, California, Ohio and other states."

You can easily find reports online about the vulnerable machines, such as the Sequoia AVC Advantage used in Louisiana, New Jersey, Virginia, and Pennsylvania. Another example: last year, the State of Virginia de-certified using the AVS WINVote made by Advanced Voting Solutions, which had previously been used also in Pennsylvania and Mississippi. The security review by the Virginia Information Technologies Agency (Adobe PDF) is available online.

The Brennan Center for Justice (BCJ) produced a report in 2015: "America's Voting Machines At Risk" (Adobe PDF). The BCJ interviewed more than 30 state and 80 local election officials, plus dozens of election technology, administration and security experts. They also gathered input from "computer scientists, policy analysts, usability experts, election security experts, voting equipment vendors, and various innovators in the field of election technology." The BCJ's report summarized the problem:

"... an impending crisis... from the widespread wearing out of voting machines purchased a decade ago... Jurisdictions do not have the money to purchase new machines, and legal and market constraints prevent the development of machines they would want even if they had funds..."

The BCJ found:

"Unlike voting machines used in past eras, today’s systems were not designed to last for decades. In part this is due to the pace of technological change... although today’s machines debuted at the beginning of this century, many were designed and engineered in the 1990s... experts agree that for those purchased since 2000, the expected lifespan for the core components of electronic voting machines is between 10 and 20 years, and for most systems it is probably closer to 10 than 20... 43 states are using some machines that will be at least 10 years old in 2016. In most of these states, the majority of election districts are using machines that are at least 10 years old. In 14 states, machines will be 15 or more years old.

Nearly every state is using some machines that are no longer manufactured and many election officials struggle to find replacement parts. The longer we delay purchasing new equipment, the more problems we risk. The biggest risk is increased failures and crashes, which can lead to long lines and lost votes.

Older machines can also have serious security and reliability flaws that are unacceptable today. For example, Virginia recently decertified a voting system used in 24 percent of precincts after finding that an external party could access the machine’s wireless features to “record voting data or inject malicious data... Several election officials mentioned “flipped votes” on touch screen machines, where a voter touches the name of one candidate, but the machine registers it as a selection for another... Election jurisdictions in at least 31 states want to purchase new voting machines in the next five years. Officials from 22 of these states said they did not know where they would get the money to pay for them."

The USA can do better. It must do better. State and local elections officials must find the money. Elected politicians must help them find the money. Our democracy is at stake.

There is a glimmer of good news. Researchers at Rice University have developed a digital voting machine prototype that prints a paper trail. The paper trail provide verification of voters' selections, which would facilitate recounts and should replace the paperless DRE equipment. It is one of three publicly funded projects across the country. Bidding is open for manufacturers to produce the equipment.

While Stein's recount efforts ultimately failed, the vulnerabilities still exist. As McClatchyDC reported:

"The U.S. voting system — a loosely regulated, locally managed patchwork of more than 3,000 jurisdictions overseen by the states — employs more than two dozen types of machinery from 15 manufacturers.

So, something needs to be done soon to increase the security of DRE or paperless digital voting machines. It's time for voters to demand better voting security and accountability from state and local elections officials (and their politicians) who selected paperless voting equipment for their districts. It seems foolish to tighten voter ID and registration procedures while both under-funding and ignoring the vulnerabilities with paperless digital voting machines.

What are your opinions?


Trump's Treasury Pick Excelled at Kicking Elderly People Out of Their Homes

[Editor's note: today's guest post is by reporters at ProPublica. This news story was originally published on December 27, 2016. It is reprinted with permission.]

by Paul Kiel and Jesse EisingerProPublica

In 2015, OneWest Bank moved to foreclose on John Yang, an 80-year-old Korean immigrant living in Orange Park, Florida, a small suburb of Jacksonville. The bank believed he wasn't living in his home, violating the terms of its loan. It dispatched an agent to give him legal notification of the foreclosure.

Where did the bank find him? At the same single-story home the bank had said in court papers he did not occupy.

Still OneWest pressed on, forcing Yang, a former Christian missionary, to seek help from legal aid attorneys. This year, during a deposition, an employee of OneWest's servicing division was asked the obvious question: Why would the bank pursue a foreclosure that seemed so clearly unjustified by the facts?

The employee's response was blunt: "You're trying to make logic out of an illogical situation."

Yang was lucky. The bank eventually dropped its efforts against him. But others were not so fortunate. In recent years, OneWest has foreclosed on at least 50,000 people, often in circumstances that consumer advocates say run counter to federal rules and, as in Yang's case, common sense.

President-elect Donald Trump's nomination of Steven Mnuchin as Treasury Secretary has prompted new scrutiny of OneWest's foreclosure practices. Mnuchin was the lead investor and chairman of the company during the years it ramped up its foreclosure efforts. Representatives from the company and the Trump transition team did not respond to requests for comment.

Records show the attempt to push Mr. Yang out of his home was not an unusual one for OneWest's Financial Freedom unit, which focused on controversial home loans known as reverse mortgages. Regulators and consumer advocates have long worried that these loans, popular during the height of the housing bubble, exploit elderly homeowners.

The loans allow people to benefit from the equity they have built up over many years without selling their houses. The money is paid in a variety of ways, from lump sums to a stream of monthly checks. Borrowers are allowed to stay in their homes for as long as they live.

The loans are guaranteed by the U.S. Department of Housing and Urban Development, meaning the agency pays lenders like Freedom Financial the difference between the ultimate sale price of the home and the size of the reverse mortgage.

But the fees are often high and the interest charges mount up quickly because the homeowner isn't paying down any of the principal on the loan. Homeowners remain on the hook for property taxes and insurance and can lose their homes if they miss those payments.

A 2012 report to Congress by the Consumer Financial Protection Bureau said that "vigorous enforcement is necessary to ensure that older homeowners are not defrauded of a lifetime of home equity."

ProPublica found numerous examples where Financial Freedom had foreclosed for legally questionable reasons. The company served several other homeowners at their homes to let them know they were being sued for not occupying their homes. In Florida, a shortfall of only $0.27 led to a foreclosure attempt. In Atlanta, the company sought to foreclose on a widow after her husband's death, but backed down when a legal aid attorney sued, citing federal law that allowed the surviving spouse to remain in the home.

"It appears their business approach is scorched earth, in a way that doesn't serve communities, homeowners or the taxpayer," said Alys Cohen, a staff attorney for the National Consumer Law Center in Washington D.C.

Since the financial crisis, OneWest, through Financial Freedom, has conducted a disproportionate number of the nation's reverse mortgage foreclosures. It was responsible for 16,200 foreclosures on government-backed reverse mortgages, or 39 percent of all foreclosures nationwide, from 2009 through late 2014, even though it only serviced about 17 percent of the loans, according to government data analyzed by the California Reinvestment Coalition, an advocacy group for low-income consumers. While some foreclosures were justified, legal aid attorneys say Financial Freedom has refused to work with borrowers in foreclosure to establish payment plans, in contrast with other servicers of reverse mortgages.

Experts say the companies are not entirely to blame for the wave of foreclosures. HUD oversees standards on most reverse mortgages. In the years after the housing crash, HUD's rules evolved, creating a miasma of confusion for mortgage servicers. Companies say the new federal rules required them to foreclose when borrowers fell far behind on property and insurance costs, rather than work out payment plans.

OneWest's rough treatment of homeowners extended to its behavior toward borrowers with standard mortgages in the aftermath of the housing crash. In 2009, the Obama administration launched a program to encourage mortgage servicers to work out affordable mortgage modifications with borrowers. OneWest, weighed down by several hundred thousand souring mortgages, signed up.

It didn't go well. About three-quarters of homeowners who sought a modification from OneWest through the program were denied, according to the latest figures from the Treasury Department. OneWest was among the worst performing large servicers in the program by that measure. In 2011, activists protested OneWest's indifference at Mnuchin's Bel Air mansion in Los Angeles.

"We're in a difficult economic environment and very sympathetic to the problems many homeowners face, but under the government's program there's not a solution in every case," Mnuchin told the Wall Street Journal in that year.

Despite the controversy, Mnuchin and the other investors in OneWest made a killing on their purchase. In 2009, Mnuchin's investment group bought the failed mortgage bank IndyMac, which had been taken over by the Federal Deposit Insurance Corporation after the financial crisis, changing the name to OneWest. They paid about $1.5 billion, with the FDIC sharing the ongoing mortgage losses. George Soros, a Clinton backer at whose hedge fund Mnuchin had worked, and John Paulson, a hedge fund manager who also supported Trump, invested alongside Mnuchin in IndyMac.

In 2015, CIT, a lender to small and medium-sized businesses, bought OneWest for $3.4 billion, more than doubling the Mnuchin group's initial investment. Mnuchin personally made about $380 million on the sale, according to Bloomberg estimates. He retains around a 1 percent stake in CIT, worth around $100 million, which he may have to divest if confirmed.

CIT has found the reverse mortgage business to be a headache. Recently, CIT took a $230 million pretax charge after it discovered that OneWest had mistakenly charged the government for payments that the company should have shouldered itself. An investigation of Financial Freedom's practices by HUD's inspector general is ongoing.

Yang's lawyers at Jacksonville Area Legal Aid fought his foreclosure for a year. Though Yang had run a dry cleaning business in Florida and roamed the world as a missionary, working in North Korea, China, and Afghanistan, the bank's torrent of paperwork had overwhelmed him. Yang didn't speak English well. OneWest claimed it had sent him forms to verify he was living at his home, but that he never sent them back.

Under HUD rules, OneWest was required to verify that each borrower continued to use the property as a principal residence. It is a condition of all the HUD-backed loans in order to help ensure the government subsidy goes to those who need it.

But Yang can be forgiven for thinking that OneWest could not have doubted that he was still in his home. During the same period that OneWest was moving to foreclose on Yang for not living in his home, another arm of the bank regularly spoke and corresponded with him at his home about a delinquent insurance payment, according to court documents.

A Financial Freedom employee testified in the case that the department that handled delinquent insurance payments and the department that handled occupancy did not communicate with each other in those circumstances.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.