1,022 posts categorized "Corporate Responsibility" Feed

How Two Common Medications Became One $455 Million Specialty Pill

[Editor's Note: today's guest post, by the reporters at ProPublica, explores reasons for the high cost of prescription drugs for patients in the United States. Today's post is reprinted with permission.]

by Marshall Allen, ProPublica

Everything happened so fast as I walked out of the doctor's exam room. I was tucking in my shirt and wondering if I'd asked all my questions about my injured shoulder when one of the doctor's assistants handed me two small boxes of pills.

"These will hold you over until your prescription arrives in the mail," she said, pointing to the drug samples.

Strange, I thought to myself, the doctor didn't mention giving me any drugs.

I must have looked puzzled because she tried to reassure me.

"Don't worry," she said. "It won't cost you any more than $10."

I was glad whatever was coming wouldn't break my budget, but I didn't understand why I needed the drugs in the first place. And why wasn't I picking them up at my local CVS?

At first I shrugged it off. This had been my first visit with an orthopedic specialist and he, Dr. Mohnish Ramani, hadn't been the chatty type. He'd barely said a word as he examined me, tugging my arm this way and bending it that way before rotating it behind my back. The pain made me squirm and yelp, but he knew what he was doing. He promptly diagnosed me with frozen shoulder, a debilitating inflammation of the shoulder capsule.

But back to the drugs. As an investigative reporter who has covered health care for more than a decade, the interaction was just the sort of thing to pique my interest. One thing I've learned is that almost nothing in medicine 2014 especially brand-name drugs 2014 is ever really a deal. When I got home, I looked up the drug: Vimovo.

The drug has been controversial, to say the least. Vimovo was created using two readily and cheaply available generic, or over-the-counter, medicines: naproxen, also known by the brand Aleve, and esomeprazole magnesium, also known as Nexium. The Aleve handles your pain and the Nexium helps with the upset stomach that's sometimes caused by the pain reliever. The key selling point of this new "convenience drug"? It's easier to take one pill than two.

But only a minority of patients get an upset stomach, and there was no indication I'd be one of them. Did I even need the Nexium component?

Of course I also did the math. You can walk into your local drugstore and buy a month's supply of Aleve and Nexium for about $40. For Vimovo, the pharmacy billed my insurance company $3,252. This doesn't mean the drug company ultimately gets paid that much. The pharmaceutical world is rife with rebates and side deals 2014 all designed to elbow ahead of the competition. But apparently the price of convenience comes at a steep mark-up.

Think about it another way. Let's say you want to eat a peanut butter and jelly sandwich every day for a month. You could buy a big jar of peanut butter and a jar of grape jelly for less than 10 bucks. Or you could buy some of that stuff where they combine the peanut butter and grape jelly into the same jar. Smucker's makes it. It's called Goober. Except in this scenario, instead of its usual $3.50 price tag, Smucker's is charging $565 for the jar of Goober.

So if Vimovo is the Goober of drugs, then why have Americans been spending so much on it? My insurance company, smartly, rejected the pharmacy's claim. But I knew Vimovo's makers weren't wooing doctors like mine for nothing. So I looked up the annual reports for the Ireland-based company, Horizon Pharma, which makes Vimovo. Since 2014, Vimovo's net sales have been more than $455 million. That means a lot of insurers are paying way more than they should for their Goober.

And Vimovo wasn't Horizon's only such drug. It has brought in an additional $465 million in net sales from Duexis, a similar convenience drug that combines ibuprofen and famotidine, AKA Advil and Pepsid.

This year I have been documenting the kind of waste in the health care system that's not typically tracked. Americans pay more for health care than anyone else in the world, and experts estimate that the U.S. system wastes hundreds of billions of dollars a year. In recent months I've looked at what hospitals throw away and how nursing homes flush or toss out hundreds of millions of dollars' worth of usable medicine every year. We all pay for this waste, through lower wages and higher premiums, deductibles and out-of-pocket costs. There doesn't seem to be an end in sight 2014 I just got a notice that my premiums may be increasing by another 12 percent next year.

With Vimovo, it seemed I stumbled on another waste stream: overpriced drugs whose actual costs are hidden from doctors and patients. In the case of Horizon, the brazenness of its approach was even more astounding because it had previously been called out in media reports and in a 2016 congressional hearing on out-of-control drug prices.

Health care economists also were wise to it.

"It's a scam," said Devon Herrick, a health care economist with the National Center for Policy Analysis. "It is just a way to gouge insurance companies or employer health care plans."

Unsurprisingly, Horizon says the high price is justified. In fact, the drug maker wrote in an email, "The price of Vimovo is based on the value it brings to patients."

Thousands of patients die and suffer injuries every year, the company said, because of gastric complications from naproxen and other non-steroid anti-inflammatory drugs (NSAIDs). Providing pain relief and stomach protection in a single pill makes it more likely patients will be protected from complications, it said.

And Horizon stressed Vimovo is a "special formulation" of Aleve and Nexium, so it's not the same as taking the two separately. But several experts said that's a scientific distinction that doesn't make a therapeutic difference. "I would take the two medications from the drugstore in a heartbeat 2014 therapeutically it makes sense," said Michael Fossler, a pharmacist and clinical pharmacologist who is chair of the public-policy committee for the American College of Clinical Pharmacology. "What you're paying for with [Vimovo] is the convenience. But it does seem awful pricey for that."

Public outrage is boiling over when it comes to high drug prices, leading the media and lawmakers to scold pharmaceutical companies. You'd think a regulator would monitor this, but the Food and Drug Administration told me they are only authorized to review new drugs for safety and effectiveness, not prices. "Prices are set by manufacturers and distributors," the FDA said in a statement.

Horizon acquired Vimovo in November 2013 from the global pharmaceutical giant AstraZeneca. Horizon knew it faced challenges trying to get top dollar for inexpensive ingredients. "Use of these therapies separately in generic form may be cheaper," it said in its 2013 report to investors. But the company executed a shrewd strategy to give everyone -- insurers, patients, doctors and pharmacies -- the incentive to use Vimovo. It's instructive to review its playbook.

To get Vimovo covered, Horizon made deals with insurance payers and pharmacy benefit managers -- the intermediaries who help determine which drugs get reimbursed. The contracts generally included special rebates and even administrative fees for these intermediaries, the Horizon reports said, so the drug maker got paid much less than the sticker price, though it wouldn't say how much. But the company's net sales show the deals worked.

Horizon put boots on the ground to get the prescriptions rolling, expanding its sales force by the hundreds and focusing its marketing and sales efforts on doctors who already liked to prescribe brand-name drugs. The company's message to doctors emphasized the convenience of prescribing the two ingredients in a single pill and that the single pill protected patients by making it more likely they would take their medication as directed.

Horizon also primed the medical community by giving donations totaling $101,000 to the American Gastroenterology Association, a specialty nonprofit for physicians. Some doctors refuse drug-industry money, if only to at least avoid the appearance of a conflict of interest. ProPublica has done loads of stories showing why doctors taking money is indeed problematic, including one about drug makers' influence on physician specialty groups. When I went on the American Gastroenterology Association's website, the first thing I saw was a pop-up ad from a drug company. Several of the association's board members have received drug-company money, too. Horizon has made clear in its annual reports that donations to the group "help physicians and patients better understand and manage" the risks of pain relievers causing gastric problems.

Horizon also zeroed in on patients' worries about drug costs. To encourage them to fill their prescriptions, Horizon covered all or most of their out-of-pocket costs. That's why my doctor's office could promise me I wouldn't spend too much for my Vimovo. The program, Horizon told investors in reports, addressed the impact of pharmacies switching to less expensive alternatives and could "mitigate" the effect of payers searching for cheaper alternatives.

The strategy worked on me. I didn't even know why I was getting the prescription, but when they told me it wouldn't cost more than I would spend on lunch with a friend, I gave it the OK. A pharmacy I'd never heard of sent me a bottle of Vimovo for $10, even though my insurance company rejected the claim.

Turns out paying the patient's costs motivated my doctor, too. I waited until the end of my next visit to bring up Vimovo, and then we had a follow-up conversation on the phone. Ramani didn't know the price of the drug and found it "disturbing" when I told him. That was a surprise to me, but not to him. He said he leaves billing to his staff and doesn't even know how much he gets paid for a lot of the procedures he performs, let alone how much insurers are being charged for drugs. The marketing arms of companies like Horizon must count on this sort of blindness.

Ramani doesn't receive money or gifts from Horizon. (I confirmed this on ProPublica's Dollars for Docs website, which lists drug-company payments.) He said he likes Vimovo because Horizon covers the patient's out-of-pocket costs, entirely in many cases. Prescribing the generics or over-the-counter medications separately would actually cost more, he said. Which of course is exactly the company's plan. But Ramani agreed that the high cost of the drug to insurers ultimately raises overall health care costs for all Americans.

Knowing Vimovo's price, I asked him if he would continue to prescribe it. "It changes my thought process," he said. "But at the end of the day, I have to think about the patient and whether the patient will be able to pay out of pocket or not."

Ramani said the Horizon drug rep told him Vimovo prescriptions had to go through a particular pharmacy for the patient to receive financial assistance. In its 2016 annual report, Horizon wrote that prescriptions for its drugs might not be filled by certain pharmacies because of insurance-company exclusions, co-payment requirements, or incentives to use lower-priced alternatives. So that's why they didn't give me the option of picking up my pills at my neighborhood drugstore.

Instead, my Vimovo was mailed to me from White Oak Pharmacy in Nutley, New Jersey, which is about 45 minutes from my house. I drove there to find out why. The neighborhood pharmacy is on the bottom floor of a two-story brick building on a street corner, next to a hair salon.

Vishal Chhabria, the pharmacist who owns White Oak, told me the drug company sets the price of Vimovo. He insisted his pharmacy has no special relationship or contract with Horizon. Maybe the drug company steers prescriptions his way, he said, because his pharmacy will process the coupons that reduce or eliminate the patient costs, which some pharmacies don't.

Chhabria said there is no approved generic alternative to Vimovo, so he can't suggest one to patients. And while other drugs, like over-the-counter medications, would be cheaper for the health system overall, they are more expensive for the individual patient, he said.

In poring through Horizon's financial filings, it appears the drug's run may be ending. Horizon said in its report for the first quarter of 2017 that fewer insurance companies have been willing to cover Vimovo and many that do have demanded larger rebates. As a result, Horizon has been eating more of the costs of providing the drug to patients, as they must have in my case. The prescriptions have still been coming in, but net sales were just under $5 million in the first quarter of this year, down 81 percent from the first quarter of 2016.

Critics of Vimovo say that's still more than patients should be spending on the drug. "That number should be zero," said Linda Cahn, an attorney who advises corporations, unions and other payers to help reduce their costs. "If you want to talk about waste, that's waste."

Herrick, the health care economist, said Horizon cashed in by eliminating many of the barriers in the system that are meant to control costs. The company got patients on board by covering their out-of-pocket costs. It appealed to doctors by promoting the benefits to patients. And it did an end-run around chain pharmacies, which typically might suggest a lower-priced alternative, by steering prescriptions to pharmacists who would participate in their patient-assistance program.

"Somebody brainstormed: 'How can we nullify any consumer check and balance in this supply chain? What can we do to keep the customer from asking questions?'" Herrick said.

The scheme that played out with Vimovo is bound to happen again, Herrick said. Maybe it already is. Drug companies are always on the lookout to deploy similar strategies.

I dutifully took my Vimovo for several days, until I noticed it kept me awake until 3 in the morning 2014 a rare side effect. (Perhaps they need to add a third drug to the combo.) I probably have more than 50 pills left in the bottle on my bedside table. Maybe I could sell it back to Horizon for $1,500.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Massive Data Breach By RNC Contractor Exposed Information Of 198 Million Voters

GOP logo A massive data breach by a contractor hired by the Republican National Committee (RNC) has exposed the personal information of 198 million likely voters. The breach happened after a contractor, Deep Root Analytics, accidentally left the database files unprotected on an internet-connected computer server. The Hill reported:

"The databases were part of 25 terabytes of files contained in an Amazon cloud account that could be browsed without logging in. The account was discovered by researcher Chris Vickery of the security firm UpGuard. The files have since been secured."

Deep Root Analytics logo Deep Root Analytics helps a variety of clients, including political organizations, advertisers, and advocacy groups, identify custom audiences for television advertising -- in this instance, likely voters. Reportedly, the data elements exposed include full names, birth dates, residential addresses, and persons' positions on a variety of topics:

"... 46 different issues ranging from "how likely it is the individual voted for Obama in 2012, whether they agree with the Trump foreign policy of 'America First' and how likely they are to be concerned with auto manufacturing as an issue..."

The files exposed during the breach also identified another contractor hired by the RNC, Target Point, which experts conclude:

"... compiled and shared the data with Deep Root. Another folder appears to reference Data Trust, another contracted firm."

At press time, Target Point had not made any statements on its website. Deep Root issued this statement:

"Deep Root Analytics has become aware that a number of files within our online storage system were accessed without our knowledge. Deep Root Analytics builds voter models to help enhance advertiser understanding of TV viewership. The data accessed was not built for or used by any specific client. It is our proprietary analysis to help inform local television ad buying.

The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices. Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access. We take full responsibility for this situation.

Deep Root Analytics maintains industry standard security protocols. We built our systems in keeping with these protocols and had last evaluated and updated our security settings on June 1, 2017.

We are conducting an internal review and have retained cyber security firm Stroz Friedberg to conduct a thorough investigation. Through this process, which is currently underway, we have learned that access was gained through a recent change in access settings since June 1. We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked."

So, Deep Root wasn't aware of this breach until an outside security expert found it. Nor does the company seem certain about exactly what data elements were exposed/accessed by unauthorized persons. Not good. It makes one wonder what other undiscovered breaches may have happened.

Perhaps more troubling, the company's statement differs from news reports about the data elements exposed/accessed. The company's statement mentioned "publicly available" data, while news reports mentioned sensitive, non-public data. Hopefully, the results of Deep Root's internal breach investigation will clarify things. And, if sensitive information was truly exposed/stolen, hopefully Deep Root will do the right thing: notify breach victims and offer free credit monitoring services for at least two years.

This was not the first data breach of voter-related database data. A CouchDB breach in June 2016 exposed the sensitive information of 154 million voters. Both breaches seem to raise the question about whether political organizations, and the contractors they hire, adequately protect consumers' sensitive personal information.

Many consider this Deep Root data breach the largest voter breach ever. Yes, the data breach was undeniably massive. Why? Two measurement approaches highlight the fact.

First, the Quick Facts page at the U.S. Census Bureau site lists the population of the United States on July 1, 2015 at 321, 418,820 persons. Of those, 22.9 percent were under the age of 18. With a little "rough" math, one can calculate the population aged 18 or older at 247,813,910 persons. So, the Deep Root breach represented about 61.6 percent of the total population or 79.9 percent of the voting age population. That's almost 4 of every 5 adults aged 18 or older.

Second, the breach ranks near the largest when compared to notable data breaches during the past few years:

Regarding the AJLA portal breach earlier this year, the Privacy Rights Clearinghouse reported 1.7 million breach victims in Idaho and 430,000 in Oklahoma. Given this, the true number of breach victims is likely far higher.

What are your opinions about the Deep Root breach? Do political organizations, and the contractors they hire, adequately protect citizens' sensitive information? And, if not, what should be done?

When citizens vote, they expect privacy -- not just within voting booths. So, too, regarding the personal information and opinions data describing their voting. Arguably, voting data is different than other types of consumer information. And there is legal precedent for treating selected consumer information differently. Example: a set of privacy laws govern health care data. Perhaps, you have heard of the term: Protected Health Information (PHI). If data mining companies can't protect voters' data, then we just might need new laws to protect voting-related data: PVI = Protected Voting Information.

When data about voters is compromised (e.g., exposed and/or accessed), that is a strike at the heart of our democracy. Example: the bad guys could pressure voters using stolen information. Does the big-data/data-mining industry require oversight? Does Congress need to intervene to protect our democratic elections? What are your opinions about PVI?

[Correction: an earlier version of this blog post mentioned a database. Files were exposed, not a database nor an RNC database.]


Senator Warren Calls For the Firing Of All Wells Fargo Board Members

Wells Fargo logo In a letter sent Monday to the Federal Reserve Chair Janet Yellen, U.S. Senator Elizabeth Warren (D-Massachusetts) has called for the firing of all 12 board members at Wells Fargo bank for failing to adequately protect accountholders. CNBC reported first the Senator's letter, which read in part:

"The fake accounts scandal cost Wells Fargo customers millions of dollars in unauthorized fees and damaged many of their credit scores," the senator wrote. "The scandal also revealed severe problems with the bank's risk management practices — problems that justify the Federal Reserve's removal of all responsible Board members."

After implementing sales targets and an incentive program, many of the bank's employees secretly opened new accounts and transferred money from other accounts to fund the new accounts -- all without the customers' knowledge nor consent. In some cases, employees applied for credit cards, created PIN numbers, and operated fake e-mail accounts in customers' names.

The Consumer Financial Protection Bureau (CFPB) announced in September, 2016 the consent order with the bank. As a result of the fake-account scandal, the bank paid about $185 million in fines and fired 5,300 lower-level employees for setting up 2 million bogus accounts. Few or no senior executives have been punished.

Many Republicans and President Trump seek to defund and shut down the CFPB.

During October, 2016 Timothy J. Sloan was elected chief executive officer at Wells Fargo bank after the former CEO, John Stumpf, retired. Sloan also joined the board of directors as a member.

CNN Money reported:

"... Wells Fargo suffered from inadequate risk management systems that should have flagged the illegal activity earlier. Shareholder advisory firm Institutional Shareholder Services (ISS) agrees. ISS argued the Wells Fargo board made the scandal worse by failing to provide oversight that could have limited the damage..."

In her letter, Senator Warren urged the Federal Reserve to act:

"I urge you to use the tools Congress has given you to remove the responsible board members and protect the continued safety and soundness of one of the country's largest banks..."

Reportedly, the Senator's letter mentioned the following Wells Fargo board members: John D. Baker II, John S. Chen, Lloyd H. Dean, Elizabeth A. Duke, Enrique Hernandez, Donald M. James, Cynthia H. Milligan, Federico F. Pena, James H. Quigley, Stephen W. Sanger, Susan G. Swenson, and Suzanne M. Vautrinot.

Some banking experts see the demand as unprecedented and unlikely. All of the bank's board members were re-elected during the annual shareholder meeting in April , 2017. Also during April, the bank announced an expansion of its class-action settlement agreements for its retail sales practices. The expansion covered account holders affected as early as May, 2002 by the bogus new account scandal, and added $32 million to the settlement amount total.


Trump Administration Quietly Rolls Back Civil Rights Efforts Across Federal Government

[Editor's Note: today's guest blog post is by the reporters at ProPublica. Consent decrees are an important oversight tool to ensure corporate responsibility after wrongdoing. Today's post is reprinted with permission.]

By Jessica Huseman and Annie Waldman, ProPublica

Department of Justice logo For decades, the Department of Justice has used court-enforced agreements to protect civil rights, successfully desegregating school systems, reforming police departments, ensuring access for the disabled and defending the religious.

Now, under Attorney General Jeff Sessions, the DOJ appears to be turning away from this storied tool, called consent decrees. Top officials in the DOJ civil rights division have issued verbal instructions through the ranks to seek settlements without consent decrees -- which would result in no continuing court oversight.

The move is just one part of a move by the Trump administration to limit federal civil rights enforcement. Other departments have scaled back the power of their internal divisions that monitor such abuses. In a previously unreported development, the Education Department last week reversed an Obama-era reform that broadened the agency's approach to protecting rights of students. The Labor Department and the Environmental Protection Agency have also announced sweeping cuts to their enforcement.

"At best, this administration believes that civil rights enforcement is superfluous and can be easily cut. At worst, it really is part of a systematic agenda to roll back civil rights," said Vanita Gupta, the former acting head of the DOJ's civil rights division under President Barack Obama.

Consent decrees have not been abandoned entirely by the DOJ, a person with knowledge of the instructions said. Instead, there is a presumption against their use -- attorneys should default to using settlements without court oversight unless there is an unavoidable reason for a consent decree. The instructions came from the civil rights division's office of acting Assistant Attorney General Tom Wheeler and Deputy Assistant Attorney General John Gore. There is no written policy guidance.

Devin O'Malley, a spokesperson for the DOJ, declined to comment for this story.

Consent decrees can be a powerful tool, and spell out specific steps that must be taken to remedy the harm. These are agreed to by both parties and signed off on by a judge, whom the parties can appear before again if the terms are not being met. Though critics say the DOJ sometimes does not enforce consent decrees well enough, they are more powerful than settlements that aren't overseen by a judge and have no built-in enforcement mechanism.

Such settlements have "far fewer teeth to ensure adequate enforcement," Gupta said.

Consent decrees often require agencies or municipalities to take expensive steps toward reform. Local leaders and agency heads then can point to the binding court authority when requesting budget increases to ensure reforms. Without consent decrees, many localities or government departments would simply never make such comprehensive changes, said William Yeomans, who spent 26 years at the DOJ, mostly in the civil rights division.

"They are key to civil rights enforcement," he said. "That's why Sessions and his ilk don't like them."

Some, however, believe the Obama administration relied on consent decrees too often and sometimes took advantage of vulnerable cities unable to effectively defend themselves against a well-resourced DOJ.

"I think a recalibration would be welcome," said Richard Epstein, a professor at New York University School of Law and a fellow at the Hoover Institution at Stanford, adding that consent decrees should be used in cases where clear, systemic issues of discrimination exist.

Though it's too early to see how widespread the effect of the changes will be, the Justice Department appears to be adhering to the directive already.

On May 30, the DOJ announced Bernards Township in New Jersey had agreed to pay $3.25 million to settle an accusation it denied zoning approval for a local Islamic group to build a mosque. Staff attorneys at the U.S. attorney's office in New Jersey initially sought to resolve the case with a consent decree, according to a spokesperson for Bernards Township. But because of the DOJ's new stance, the terms were changed after the township protested, according to a person familiar with the matter. A spokesperson for the New Jersey U.S. attorney's office declined comment.

Sessions has long been a public critic of consent decrees. As a senator, he wrote they "constitute an end run around the democratic process." He lambasted local agencies that seek them out as a way to inflate their budgets, a "particularly offensive" use of consent decrees that took decision-making power from legislatures.

On March 31, Sessions ordered a sweeping review of all consent decrees with troubled police departments nationwide to ensure they were in line with the Trump administration's law-and-order goals. Days before, the DOJ had asked a judge to postpone a hearing on a consent decree with the Baltimore Police Department that had been arranged during the last days of the Obama administration. The judge denied that request, and the consent decree has moved forward.

The DOJ has already come under fire from critics for altering its approach to voting rights cases. After nearly six years of litigation over Texas' voter ID law -- which Obama DOJ attorneys said was written to intentionally discriminate against minority voters and had such a discriminatory effect -- the Trump DOJ abruptly withdrew its intent claims in late February.

Attorneys who worked on the case for years were barely consulted about the change -- many weren't consulted at all, according to two former DOJ officials with knowledge of the matter. Gore wrote the filing changing the DOJ's position largely by himself and asked the attorneys who'd been involved in the case for years to sign it to show continuity. Not all of the attorneys fell in line. Avner Shapiro -- who has been a prosecutor in the civil rights division for more than 20 years -- left his name off the filings written by Gore. Shapiro was particularly involved in developing the DOJ's argument that Texas had intentionally discriminated against minorities in crafting its voter ID legislation.

"That's the ultimate act of rebellion," Yeomans, the former civil rights division prosecutor, said. A rare act, removing one's name from a legal filing is one of the few ways career attorneys can express public disagreement with an administration.

Gore has no history of bringing civil rights cases. A former partner at the law firm Jones Day, he has instead defended states against claims of racial gerrymandering and represented North Carolina when the state was sued over its controversial "bathroom bill," which requires transgender people to use the facility that matched their birth gender.

All of the internal changes at the DOJ have left attorneys and staff with "a great deal of fear and uncertainty," said Yeomans. While he says the lawyers there would like to stay at the department, they fear Sessions' priorities will have devastating impact on their work.

The DOJ's civil rights office is not alone in fearing rollbacks in enforcement. Across federal departments, the Trump administration has made moves to diminish the power of civil rights divisions.

U.S. Department of Education logo The Department of Education has laid out plans to loosen requirements on investigations into civil rights complaints, according to an internal memo sent to staff on June 8 and obtained by ProPublica.

Under the Obama administration, the department's office for civil rights applied an expansive approach to investigations. Individual complaints related to complex issues such as school discipline, sexual violence and harassment, equal access to educational resources, or racism at a single school might have prompted broader probes to determine whether the allegations were part of a pattern of discrimination or harassment.

The new memo, sent by Candice Jackson, the acting assistant secretary for civil rights, to regional directors at the department's civil rights office, trims this approach. Jackson was appointed deputy assistant secretary for the office in April and will remain as the acting head of the office until the Senate confirms a full-time assistant secretary. Trump has not publicly nominated anyone for the role yet.

The office will apply the broader approach "only" if the original allegations raise systemic concerns or the investigative team argues for it, Jackson wrote in the memo.

As part of the new approach, the Education Department will no longer require civil rights investigators to obtain three years of complaint data from a specific school or district to assess compliance with civil rights law.

Critics contend the Obama administration's probes were onerous. The office "did such a thorough review of everything that the investigations were demanding and very expensive" for schools, said Boston College American politics professor R. Shep Melnick, adding that the new approach could take some regulatory pressure off schools and districts.

But some civil rights leaders believe the change could undermine the office's mission. This narrowing of the department's investigations "is stunning to me and dangerous," said Catherine Lhamon, who led the Education Department's civil rights office from August 2013 until January 2017 and currently chairs the United States Commission on Civil Rights. "It's important to take an expansive view of the potential for harm because if you look only at the most recent year, you won't necessarily see the pattern," said Lhamon.

The department's new directive also gives more autonomy to regional offices, no longer requiring oversight or review of some cases by department headquarters, according to the memo.

The Education Department did not respond to ProPublica's request for comment.

Education Secretary Betsy DeVos has also proposed cutting over 40 positions from the civil rights office. With reduced staff, the office will have to "make difficult choices, including cutting back on initiating proactive investigations," according to the department's proposed budget.

Elsewhere, Trump administration appointees have launched similar initiatives. In its 2018 fiscal plan, the Labor Department has proposed dissolving the office that handles discrimination complaints. Similarly, new leadership at the Environmental Protection Agency has proposed entirely eliminating the environmental justice program, which addresses concerns that almost exclusively impact minority communities. The Washington Post reports the plan transfers all environmental justice work to the Office of Policy, which provides policy and regulatory guidance across the agency.

Mustafa Ali, a former EPA senior adviser and assistant associate administrator for environmental justice who served more than 20 years, quit the agency in protest days before the plan was announced. In his resignation letter, widely circulated in the media, Ali suggested the new leadership was abandoning "those who need our help most."

Ryan Gabrielson contributed to this report.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Dozens Of Uber Employees Fired Or Investigated For Harassment. Uber And Lyft Drivers Unaware of Safety Recalls

Uber logo Ride-sharing companies are in the news again and probably not for the reasons their management executives would prefer. First, TechCrunch reported on Thursday:

"... at a staff meeting in San Francisco, Uber executives revealed to the company’s 12,000 employees that 20 of their colleagues had been fired and that 57 are still being probed over harassment, discrimination and inappropriate behavior, following a string of accusations that Uber had created a toxic workplace and allowed complaints to go unaddressed for years. Those complaints had pushed Uber into crisis mode earlier this year. But the calamity may be just beginning... Uber fired senior executive Eric Alexander after it was leaked to Recode that Alexander had obtained the medical records of an Uber passenger in India who was raped in 2014 by her driver."

"Recode also reported that Alexander had shared the woman’s file with Kalanick and his senior vice president, Emil Michael, and that the three men suspected the woman of working with Uber’s regional competitor in India, Ola, to hamper its chances of success there. Uber eventually settled a lawsuit brought by the woman against the company..."

News broke in March, 2017 about both the Recode article and the Grayball activity at Uber to thwart local government code inspections. In February, a former Uber employee shared a disturbing story with allegations of sexual harassment.

Lyft logo Second, the investigative team at WBZ-TV, the local CBS afiliate in Boston, reported that many Uber and Lyft drivers are unaware of safety recalls affecting their vehicles. This could make rides in these cars unsafe for passengers:

"Using an app from Carfax, we quickly checked the license plates of 167 Uber and Lyft cars picking up passengers at Logan Airport over a two day period. Twenty-seven of those had open safety recalls or about 16%. Recalls are issued when a manufacturer identifies a mechanical problem that needs to be fixed for safety reasons. A recent example is the millions of cars that were recalled when it was determined the airbags made by Takata could release shrapnel when deployed in a crash."

Both ride-sharing companies treat drivers as independent contractors. WBZ-TV reported:

"Uber told the [WBZ-TV investigative] Team that drivers are contractors and not employees of the company. A spokesperson said they provide resources to drivers and encourage them to check for recalls and to perform routine maintenance. Drivers are also reminded quarterly to check with NHTSA for recall information."

According to the president of the Massachusetts Bar Association Jeffrey Catalano, the responsibility to make sure the car is safe for passengers lies mainly with the driver. But because Uber and Lyft both advertise their commitment to safety on their websites, they too could be held responsible."


Trump Is Not the Only One Blocking Constituents on Twitter

[Editor's note: today's guest blog post, by the reporters at ProPublica, explores the emerging debate about whether the appropriate, perhaps ethical, use of social media by publicly elected officials and persons campaigning for office. Should they be able to block constituents posting views they dislike or disagree with? Is it really public speech on a privately-run social networking sites? Would you vote for person who blocks constituents? Do companies operating social networking site have a responsibility in this? Today's post is reprinted with permission.]

by Charles Ornstein, ProPublica

As President Donald Trump faces criticism for blocking users on his Twitter account, people across the country say they, too, have been cut off by elected officials at all levels of government after voicing dissent on social media.

In Arizona, a disabled Army veteran grew so angry when her congressman blocked her and others from posting dissenting views on his Facebook page that she began delivering actual blocks to his office.

A central Texas congressman has barred so many constituents on Twitter that a local activist group has begun selling T-shirts complaining about it.

And in Kentucky, the Democratic Party is using a hashtag, #BevinBlocked, to track those who've been blocked on social media by Republican Gov. Matt Bevin. (Most of the officials blocking constituents appear to be Republican.)

The growing combat over social media is igniting a new-age legal debate over whether losing this form of access to public officials violates constituents' First Amendment rights to free speech and to petition the government for a redress of grievances. Those who've been blocked say it's akin to being thrown out of a town hall meeting for holding up a protest sign.

On Tuesday, the Knight First Amendment Institute at Columbia University called upon Trump to unblock people who've disagreed with him or directed criticism at him or his family via the @realdonaldtrump account, which he used prior to becoming president and continues to use as his principal Twitter outlet.

Trump blocked me after this tweet.Let's all hope the courts continue to protect us. Never stop resisting. pic.twitter.com/TlR4zgHCoU

-- Nick Jack Pappas (@Pappiness) June 5, 2017

"Though the architects of the Constitution surely didn't contemplate presidential Twitter accounts, they understood that the president must not be allowed to banish views from public discourse simply because he finds them objectionable," Jameel Jaffer, the Knight Institute's executive director, said in a statement.

The White House did not respond to a request for comment, but press secretary Sean Spicer said earlier Tuesday that statements the president makes on Twitter should be regarded as official statements.

Similar flare-ups have been playing out in state after state.

Earlier this year, the American Civil Liberties Union of Maryland called on Governor Larry Hogan, a Republican, to stop deleting critical comments and barring people from commenting on his Facebook page. (The Washington Post reported that the governor had blocked 450 people as of February.)

Deborah Jeon, the ACLU's legal director, said Hogan and other elected officials are increasingly foregoing town hall meetings and instead relying on social media as their primary means of communication with constituents. "That's why it's so problematic," she said. "If people are silenced in that medium," they can't effectively interact with their elected representative.

The governor's office did not respond to a request for comment this week. After the letter, however, it reinstated six of the seven people specifically identified by the ACLU (it said it couldn't find the seventh). "While the ACLU should be focusing on much more important activities than monitoring the governor's Facebook page, we appreciated them identifying a handful of individuals -- out of the over 1 million weekly viewers of the page -- that may have been inadvertently denied access," a spokeswoman for the governor told the Post.

Practically speaking, being blocked cuts off constituents from many forms of interacting with public officials. On Facebook, it means no posts, no likes and no questions or comments during live events on the page of the blocker. Even older posts that may not be offensive are taken down. On Twitter, being blocked prevents a user from seeing the other person's tweets on his or her timeline.

Moreover, while Twitter and Facebook themselves usually suspend account holders only temporarily for breaking rules, many elected officials don't have established policies for constituents who want to be reinstated. Sometimes a call is enough to reverse it, other times it's not.

Eugene Volokh, a constitutional law professor at the UCLA School of Law, said that for municipalities and public agencies, such as police departments, social media accounts would generally be considered "limited public forums" and therefore, should be open to all.

"Once they open it up to public comments, they can't then impose viewpoint-based restrictions on it," he said, for instance allowing only supportive comments while deleting critical ones.

But legislators are different because they are people. Elected officials can have personal accounts, campaign accounts and officeholder accounts that may appear quite similar. On their personal and campaign accounts, there's little disagreement that officials can engage with -- or block -- whoever they want. Last month, for instance, ProPublica reported how Rep. Peter King (Republican, New York) blocked users on his campaign account after they criticized his positions on health reform and other issues.

But what about their officeholder social media accounts?

The ACLU's Jeon says that they should be public if they use government resources, including staff time and office equipment to maintain the page. "Where that's the situation and taxpayer resources are going to it, then the full power of the First Amendment applies," she said. "It doesn't matter if they're members of Congress or the governor or a local councilperson."

Volokh of UCLA disagreed. He said that members of Congress are entitled to their own private speech, even on official pages. That's because each is one voice among many, as opposed to a governor or mayor. "It's clear that whatever my senator is, she's not the government. She is one person who is part of a legislative body," he said. "She was elected because she has her own views and it makes sense that if she has a Twitter feed or a Facebook page, that may well be seen as not government speech but the voice of somebody who may be a government official."

Volokh said he's inclined to see Trump's @realdonaldtrump account as a personal one, though other legal experts disagree.

"You could imagine actually some other president running this kind of account in a way that's very public minded -- 'I'm just going to express the views of the executive branch,'" he said. "The @realdonaldtrump account is very much, 'I'm Donald Trump. I'm going to be expressing my views, and if you don't like it, too bad for you.' That sounds like private speech, even done by a government official on government property."

It's possible the fight over the president's Twitter account will end up in court, as such disputes have across the country. Generally, in these situations, the people contesting the government's social media policies have reached settlements ending the questionable practices.

After being sued by the ACLU, three cities in Indiana agreed last year to change their policies by no longer blocking users or deleting comments.

In 2014, a federal judge ordered the City and County of Honolulu to pay $31,000 in attorney's fees to people who sued, contending that the Honolulu Police Department violated their constitutional rights by deleting their critical Facebook posts.

And San Diego County agreed to pay the attorney's fees of a gun parts dealer who sued after its Sheriff's Department deleted two Facebook posts that were critical of the sheriff and banned the dealer from commenting. The department took down its Facebook page after being sued and paid the dealer $20 as part of the settlement.

Angela Greben, a California paralegal, has spent the past two years gathering information about agencies and politicians that have blocked people on social media -- Democrats and Republican alike -- filing ethics complaints and even a lawsuit against the city of San Mateo, California, its mayor and police department. (They settled with her, giving her some of what she wanted.)

Greben has filed numerous public-records requests to agencies as varied as the Transportation Security Administration, the Seattle Police Department and the Connecticut Lottery seeking lists of people they block. She's posted the results online.

"It shouldn't be up to the elected official to decide who can tweet them and who can't," she said. "Everybody deserves to be treated equally and fairly under the law."

Even though she lives in California, Greben recently filed an ethics complaint against Atlanta Mayor Kasim Reed, a Democrat, who has been criticized for blocking not only constituents but also journalists who cover him. Reed has blocked Greben since 2015 when she tweeted about him... well, blocking people on Twitter. "He's notorious for blocking and muting people," she said, meaning he can't see their tweets but they can still see his.

@LizLemeryJoy @KasimReed Mr. Mayor you are violating the #civilrights of all you have #blocked! @Georgia_AG @FOX5Atlanta @11AliveNews

-- Angela Greben (@AngelaGreben) March 7, 2015

In a statement, a city spokeswoman defended the mayor, saying he's now among the top five most-followed mayors in the country. "Mayor Reed uses social media as a personal platform to engage directly with constituents and some journalists. 2026 Like all Twitter users, Mayor Reed has the right to stop engaging in conversations when he determines they are unproductive, intentionally inflammatory, dishonest and/or misleading."

Asked how many people he has blocked, she replied that the office doesn't keep such a list.

J'aime Morgaine, the Arizona veteran who delivered blocks to the office of Rep. Paul Gosar, a Republican, said being blocked on Facebook matters because her representative no longer hosts in-person town hall meetings and has started to answer questions on Facebook Live. Now she can't ask questions or leave comments.

"I have lost and other people who have been blocked have lost our right to participate in the democratic process," said Morgaine, leader of Indivisible Kingman, a group that opposes the president's agenda. "I am outraged that my congressman is blocking my voice and trampling upon my constitutional rights."

@RepGosar ..You weren't home when I delivered this message to your office, but no worries...there WILL be more!Stop BLOCKING Constituents! pic.twitter.com/JTWGQwhxKt

-- Indivisible Kingman (@IndivisibleCD4) May 13, 2017

Morgaine said the rules are not being applied equally. "They're not blocking everybody who's angry," she said. "They're blocking the voices of dissent, and there's no process for getting unblocked. There's no appeals process. There's no accountability."

A spokeswoman for Gosar defended his decision to block constituents but did not answer a question about how many have been blocked.

"Congressman Gosar's policy has been consistent since taking office in January 2010," spokeswoman Kelly Roberson said in an email. "In short: 2018Users whose comments or posts consist of profanity, hate speech, personal attacks, homophobia or Islamophobia may be banned.'"

On his Facebook page, Gosar posts the policy that guides his actions. It says in part, "Users are banned to promote healthy, civil dialogue on this page but are welcome to contact Congressman Gosar using other methods," including phone calls, emails and letters.

Sometimes, users are blocked repeatedly.

Community volunteer Gayle Lacy was named 2015 Wacoan of the Year for her effort to have the site of mammoth fossils in Waco, Texas, designated a national monument. Lacy's latest fight has been with her congressman, Bill Flores, who was with her in the Oval Office when Obama designated the site a national monument in 2015. She has been blocked three times by Flores' congressional Twitter account and once by his campaign account. One of those blocks happened after she tweeted at him: "My father died in service for this country, but you are not representative of that country and neither is your dear leader."

Lacy said she was able to get unblocked each time from Flores' congressional account by calling his office but remains blocked on the campaign one. "I don't know where to call," she said. "I asked in his D.C. office who I needed to call and I was told that they don't have that information."

Lacy and others said Flores blocks those who question him. Austin lawyer Matt Miller said he was blocked for asking when Flores would hold a town hall meeting. "It's totally inappropriate to block somebody, especially for asking a legitimate question of my elected representative," Miller said.

In a statement, Flores spokesman Andre Castro said Flores makes his policies clear on Twitter and on Facebook. "We reserve the right to block users whose comments include profanity, name-calling, threats, personal attacks, constant harping, inappropriate or false accusations, or other inappropriate comments or material. As the Congressman likes to say 2014 2018If you would not say it to your grandmother, we will not allow it here.'"

Ricardo Guerrero, an Austin marketer who is one of the leaders of a local group opposed to Trump's agenda, said he has gotten unblocked by Flores twice but then was blocked again and "just kind of gave up."

"He's creating an echo chamber of only the people that agree with him," Guerrero said of Flores. "He's purposefully removing any semblance of debate or alternative ideas or ideas that challenge his own -- and that seems completely undemocratic. That's the bigger issue in my mind."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Verizon To Exit Its Copper Wire Telephone Business In Several States In 2018

Verizon logo If your home uses a copper wire telephone service, often called a "landline" or POTS (e.g., Plain Old Telephone Service), you may soon have to make a change. In Boston, Verizon will abandon its landline business in June 2018.

On Saturday, my wife received a letter via postal mail from Verizon. We live in Boston. The "Notice of Copper Retirement" stated:

"Currently, Verizon brings voice and/or data services to your home over copper cables. However, the company is updating to fiber-optic technology in your area, and will be retiring its copper facilities that currently serve you and your neighbors.

To continue to provide you service, Verizon will have to move your service to these fiber-optic facilities. If fiber is available to your home now, we will be contacting you individually soon to schedule an appointment to transition your services to fiber. Otherwise, we will be contacting you once fiber is available. In either case, we will need to move your service well before we retire the copper in your area which is scheduled for on or after June 1, 2018

We will transfer your voice services from copper to fiber at no cost to you. This transfer will not result in any change to the voice service that you currently receive from Verizon. You may continue to subscribe to the same voice service at the same price, terms, and conditions. In addition, any devices that rely upon your voice service, such as fax machines, medical devices, or security alarms connected to a central station, will continue to work in the same way as they currently do over copper. We will also provide you with a battery backup device at no charge. For almost all residential customers, that device uses standard D-cell batteries that can support up to 24 hours of standby voice service during a commercial power outage. In case of a prolonged power outage, you can simply replace the batteries and extend the backup power.

If you subscribe to our High Speed Internet service, the migration to fiber will require a change since that service is not available on our fiber facilities. The Internet access service that we offer on fiber is FiOS Internet. FiOS Internet is available at significantly faster speeds than High Speed Internet. We will offer the service at a special rate for customers who migrate from copper to fiber facilities as a result of the retirement of our copper facilities. In some cases, this price may be lower or higher than what you currently pay for internet access.

Please review the Frequently Asked Questions for additional information about the fiber update or visit us at verizon.com/fiberupgrade. If you still have questions, please call us Monday through Friday, 8 a.m. - 8 p.m., or Saturday 9 a.m. - 5 p.n. at 1-877-439-7442.

You may also contact the Federal Communications Commission or your State Commission if you have any questions. Thank you for continuing to be a loyal customer. We greatly appreciate your business.

Sincerely

Janet Gazlay Martin
Director, Network Transformation

I visited the website mentioned in the notice. That site pitches the FiOS Internet service, and doesn't explain the company's copper landline retirement activities. You have to do a little digging online to find the locations where Verizon announced its retirement of copper-wire telephone services. The locations include several states in the Northeast and Middle Atlantic regions. Earlier this month, Verizon announced the retirement of copper landlines next year in the following states, cities, and towns:

  • Delaware: Newark, Ocean View
  • Maryland: Bethesda, Columbia, Glen Burnie, Rockville, Towson
  • Massachusetts: Danvers, Dorchester, Framingham, Hanover, Lawrence, Leominster, Marblehead, Newton, North Chelmsford, Roxbury, Stoughton, West Roxbury
  • New Jersey: Bergen, Berlin, Cape May, Cranford, East Dover, East Orange, Ewing, Freehold, Hackensack, Haddonfield, Journal Square, Marlton, Medford, Merchantville, Morristown, New Brunswick, Red Bank, Somerville, Toms River, Union City, Wall Township, Woodbury
  • New York: Cayuga Williamsville, Cornwall, Mineola, Mount Vernon, Plainview Central, Skaneateles, White Plains, and multiple areas within all of the five boroughs of New York City
  • Pennsylvania: Allentown, Dormont, Glenolden, Jefferson, Jenkintown, Mayfair, Mechanicsburg, portions of Philadelphia, Pilgrim, Turtle Creek, Wilkinsburg
  • Rhode Island: portions of Providence
  • Virginia: Arlington, Falls Church, Reston, Springfield, Virginia Beach, and portions of Richmond

The telecommunications company made similar announcements during February, 2017 about other areas within the same states. Verizon is not alone. Telephone companies have planned for years to abandon their their copper landline services. In August 2015, the Institute of Electrical and Electronics Engineers (IEEE) reported that the U.S. Federal Communications Commission (FCC):

"... set new ground rules for carriers seeking to replace their old copper telephone networks. Approved by a 3-2 vote at an open meeting yesterday, the rules require carriers to notify customers in advance and to seek FCC approval before reducing services... FCC chairman Tom Wheeler and others have been pushing to shift telephone traffic to fiber optics and the Internet. Critics have charged that phone companies are allowing their old copper networks to decay to force customers to shift to fiber service. But some 37 million households —- many of them headed by elderly people —- remain on legacy copper, commissioner Mignon Clyburn noted at the hearing. Other holdouts live in rural areas that lack cellular and broadband service. Some prefer copper connections because they are independent of local power lines, and offer better 911 emergency service.

The FCC ruling requires that carriers notify retail customers at least three months before shutting down a copper network, and provide six-months notice to interconnecting carriers using the old lines. (Clyburn complained that that's much less time than the FCC gave before shutting down analog broadcast television, but voted for the measure anyway.) Carriers also must seek FCC approval if the telephone changeover would "discontinue, reduce or impair" service... In a separate vote, all five FCC commissioners agreed to require carriers to offer customers backup power supplies that maintain their phone service during prolonged power outages..."

You can read announcements by AT&T about copper landline retirements. CenturyLink notified the FCC last year about copper landline retirements in eight states: in Alabama, Florida, Michigan, Minnesota, Pennsylvania, Virginia, Washington, and Wisconsin.

Since the FCC set copper-retirement rules in 2015, technology adoption has climbed slightly. In January of this year, Pew Research reported that 77 percent of adults in the USA own a smartphone and 73 percent have broadband internet at home. However, while:

"... broadband adoption has increased to its highest level since the Center began tracking this topic in early 2000, not all Americans have shared in these gains. For instance, those who have not graduated from high school are nearly three times less likely than college graduates to have home broadband service (34 percent vs. 91 percent)... 12 percent of Americans say they are “smartphone dependent” when it comes to their online access – meaning they own a smartphone but lack traditional broadband service at home. The share of Americans who are smartphone dependent has increased 4 percentage points since 2013, and smartphone reliance is especially pronounced among young adults, nonwhites and those with relatively low household incomes."

While more people have smartphones and internet access at home, a sizeable number still have copper landlines. Phys.org reported in November 2016 the results of a recent survey:

"... 20 percent of the nation's households still view having a landline or fixed telephone as the most important of their telecommunications choices, according to a survey that queried consumers about their telephone and internet preferences... The study also found that for the average consumer, having mobile telephone service is about 3.5 times more important than a landline or fixed telephone service... Study findings suggest about 90 percent of American households have at least one mobile phone, 75 percent have fixed internet service, 58 percent have mobile internet service and 49 percent have fixed telephone service. Mobile telephone service was the most important service for the typical respondent, followed by fixed internet service, mobile internet service and fixed telephone service, although a portion rank fixed telephone first."

According to the 2012 United States Census, there are about 117 million households in the United States, and 2.59 persons on average per household. So, a substantial portion of the population will probably view negatively the termination of copper wire telephone services in their homes.

Verizon's copper termination notice was unnecessarily complicated, which could confuse many consumers. The portion of its notice which said "If fiber is available to your home..." was laughable. FiOS is already available in our neighborhood. Verizon notified me months ago, and I already migrated my antiquated DSL (Digital Subscriber Line) internet service on my phone line to FiOS. Verizon's landline business unit should know what its FiOS division is doing.The left hand should know what the right hand is doing.

So, Verizon's notice wasn't as customized nor as relevant as it could have been. It makes one wonder if, in its zeal to terminate its copper wire phone business, Verizon rushed the customer letters.

Readers of this blog remember the Boston City Council's hearings in 2015 about residents' requests for FiOS. In 2015, Verizon hadn't deployed FiOS even though it had been available in several suburban towns for many years. Example: a friend in Lexington has had FiOS since at least 2009. So, Verizon could have deployed FiOS far sooner, providing consumers more time to migrate their phone service without rushing.

What should consumers do? It depends upon your lifestyle. If you already have a smartphone, you may want to simply terminate your landline phone service and use your smartphone instead. If you don't have a smartphone, you can migrate your copper landline phone service to Verizon's FiOS fiber connection, to a smartphone, or to another telephone service provider. For example, many cable-TV providers, such as Comcast, provide phone service in residences.

Some consumers value security and privacy. If you perform phone-based banking or online banking with your desktop/laptop computer, then security is a concern. Since smartphones or wireless phones using home WiFi networks transmit using radio waves, you'll probably want to encrypt you wireless online banking transmissions to protect against theft by criminals or hackers. Several brands of Virtual Private Network (VPN) software and apps are available to encrypt your wireless transmissions. If you are unfamiliar with VPN software, this prior blog post contains links to online primers and tutorials.

If you received a copper termination letter from your phone company, what were your opinions of it? Did you switch to fiber landlines or to wireless?


3 Strategies To Defend GOP Health Bill: Euphemisms, False Statements and Deleted Comments

[Editor's Note: today's guest post is by the reporters as ProPublica. Affordable health care and coverage are important to many, if not most, Americans. It is reprinted with permission.]

by Charles Ornstein, ProPublica

Earlier this month, a day after the House of Representatives passed a bill to repeal and replace major parts of the Affordable Care Act, Ashleigh Morley visited her congressman's Facebook page to voice her dismay.

"Your vote yesterday was unthinkably irresponsible and does not begin to account for the thousands of constituents in your district who rely upon many of the services and provisions provided for them by the ACA," Morley wrote on the page affiliated with the campaign of Representative Peter King (Republican, New York). "You never had my vote and this confirms why."

The next day, Morley said, her comment was deleted and she was blocked from commenting on or reacting to King's posts. The same thing has happened to others critical of King's positions on health care and other matters. King has deleted negative feedback and blocked critics from his Facebook page, several of his constituents say, sharing screenshots of comments that are no longer there.

"Having my voice and opinions shut down by the person who represents me -- especially when my voice and opinion wasn't vulgar and obscene -- is frustrating, it's disheartening, and I think it points to perhaps a larger problem with our representatives and maybe their priorities," Morley said in an interview.

King's office did not respond to requests for comment.

As Republican members of Congress seek to roll back the Affordable Care Act, commonly called Obamacare, and replace it with the American Health Care Act, they have adopted various strategies to influence and cope with public opinion, which polls show mostly opposes their plan. ProPublica, with our partners at Kaiser Health News, Stat and Vox, has been fact-checking members of Congress in this debate and we've found misstatements on both sides, though more by Republicans than Democrats. The Washington Post's Fact Checker has similarly found misstatements by both sides.

Today, we're back with more examples of how legislators are interacting with constituents about repealing Obamacare, whether online or in traditional correspondence. Their more controversial tactics seem to fall into three main categories: providing incorrect information, using euphemisms for the impact of their actions, and deleting comments critical of them. (Share your correspondence with members of Congress with us.)

Incorrect Information

Representative Vicky Hartzler (Republican, Missouri) sent a note to constituents this month explaining her vote in favor of the Republican bill. First, she outlined why she believes the ACA is not sustainable -- namely, higher premiums and few choices. Then she said it was important to have a smooth transition from one system to another.

"This is why I supported the AHCA to follow through on our promise to have an immediate replacement ready to go should the ACA be repealed," she wrote. "The AHCA keeps the ACA for the next three years then phases in a new approach to give people, states, and insurance markets plenty of time to make adjustments."

Except that's not true.

"There are quite a number of changes in the AHCA that take effect within the next three years," wrote ACA expert Timothy Jost, an emeritus professor at Washington and Lee University School of Law, in an email to ProPublica.

The current law's penalties on individuals who do not purchase insurance and on employers who do not offer it would be repealed retroactively to 2016, which could remove the incentive for some employers to offer coverage to their workers. Moreover, beginning in 2018, older people could be charged premiums up to five times more than younger people -- up from three times under current law. The way in which premium tax credits would be calculated would change as well, benefiting younger people at the expense of older ones, Jost said.

"It is certainly not correct to say that everything stays the same for the next three years," he wrote.

In an email, Hartzler spokesman Casey Harper replied, "I can see how this sentence in the letter could be misconstrued. It's very important to the Congresswoman that we give clear, accurate information to her constituents. Thanks for pointing that out."

Other lawmakers have similarly shared incorrect information after voting to repeal the ACA. Representative Diane Black (Republican, Tennessee) wrote in a May 19 email to a constituent that "in 16 of our counties, there are no plans available at all. This system is crumbling before our eyes and we cannot wait another year to act."

Black was referring to the possibility that, in 16 Tennessee counties around Knoxville, there might not have been any insurance options in the ACA marketplace next year. However, 10 days earlier, before she sent her email, BlueCross BlueShield of Tennessee announced that it was willing to provide coverage in those counties and would work with the state Department of Commerce and Insurance "to set the right conditions that would allow our return."

"We stand by our statement of the facts, and Congressman Black is working hard to repeal and replace Obamacare with a system that actually works for Tennessee families and individuals," her deputy chief of staff Dean Thompson said in an email.

On the Democratic side, the Washington Post Fact Checker has called out representatives for saying the AHCA would consider rape or sexual assault as pre-existing conditions. The bill would not do that, although critics counter that any resulting mental health issues or sexually transmitted diseases could be considered existing illnesses.

Euphemisms

A number of lawmakers have posted information taken from talking points put out by the House Republican Conference that try to frame the changes in the Republican bill as kinder and gentler than most experts expect them to be.

An answer to one frequently asked question pushes back against criticism that the Republican bill would gut Medicaid, the federal-state health insurance program for the poor, and appears on the websites of Representative Garret Graves (Republican, Louisiana) and others.

"Our plan responsibly unwinds Obamacare's Medicaid expansion," the answer says. "We freeze enrollment and allow natural turnover in the Medicaid program as beneficiaries see their life circumstances change. This strategy is both fiscally responsible and fair, ensuring we don't pull the rug out on anyone while also ending the Obamacare expansion that unfairly prioritizes able-bodied working adults over the most vulnerable."

That is highly misleading, experts say.

The Affordable Care Act allowed states to expand Medicaid eligibility to anyone who earned less than 138 percent of the federal poverty level, with the federal government picking up almost the entire tab. Thirty-one states and the District of Columbia opted to do so. As a result, the program now covers more than 74 million beneficiaries, nearly 17 million more than it did at the end of 2013.

The GOP health care bill would pare that back. Beginning in 2020, it would reduce the share the federal government pays for new enrollees in the Medicaid expansion to the rate it pays for other enrollees in the state, which is considerably less. Also in 2020, the legislation would cap the spending growth rate per Medicaid beneficiary. As a result, a Congressional Budget Office review released Wednesday estimates that millions of Americans would become uninsured.

Sara Rosenbaum, a professor of health law and policy at the Milken Institute School of Public Health at George Washington University, said the GOP's characterization of its Medicaid plan is wrong on many levels. People naturally cycle on and off Medicaid, she said, often because of temporary events, not changing life circumstances -- seasonal workers, for instance, may see their wages rise in summer months before falling back.

"A terrible blow to millions of poor people is recast as an easing off of benefits that really aren't all that important, in a humane way," she said.

Moreover, the GOP bill actually would speed up the "natural turnover" in the Medicaid program, said Diane Rowland, executive vice president of the Kaiser Family Foundation, a health care think tank. Under the ACA, states were only permitted to recheck enrollees' eligibility for Medicaid once a year because cumbersome paperwork requirements have been shown to cause people to lose their coverage. The American Health Care Act would require these checks every six months -- and even give states more money to conduct them.

Rowland also took issue with the GOP talking point that the expansion "unfairly prioritizes able-bodied working adults over the most vulnerable." At a House Energy and Commerce Committee hearing earlier this year, GOP representatives maintained that the Medicaid expansion may be creating longer waits for home- and community-based programs for sick and disabled Medicaid patients needing long-term care, "putting care for some of the most vulnerable Americans at risk."

Research from the Kaiser Family Foundation, however, showed that there was no relationship between waiting lists and states that expanded Medicaid. Such waiting lists pre-dated the expansion and they were worse in states that did not expand Medicaid than in states that did.

"This is a complete misrepresentation of the facts," Rosenbaum said.

Graves' office said the information on his site came from the House Republican Conference. Emails to the conference's press office were not returned.

The GOP talking points also play up a new Patient and State Stability Fund included in the AHCA, which is intended to defray the costs of covering people with expensive health conditions. "All told, $130 billion dollars would be made available to states to finance innovative programs to address their unique patient populations," the information says. "This new stability fund ensures these programs have the necessary funding to protect patients while also giving states the ability to design insurance markets that will lower costs and increase choice."

The fund was modeled after a program in Maine, called an invisible high-risk pool, which advocates say has kept premiums in check in the state. But Senator Susan Collins (Republican, Maine) says the House bill's stability fund wasn't allocated enough money to keep premiums stable.

"In order to do the Maine model 2014 which I've heard many House people say that is what they're aiming for -- it would take $15 billion in the first year and that is not in the House bill," Collins told Politico. "There is actually $3 billion specifically designated for high-risk pools in the first year."

Deleting Comments

Morley, 28, a branded content editor who lives in Seaford, New York, said she moved into Representative King's Long Island district shortly before the 2016 election. She said she did not vote for him and, like many others across the country, said the election results galvanized her into becoming more politically active.

Earlier this year, Morley found an online conversation among King's constituents who said their critical comments were being deleted from his Facebook page. Because she doesn't agree with King's stances, she said she wanted to reserve her comment for an issue she felt strongly about.

A day after the House voted to repeal the ACA, Morley posted her thoughts. "I kind of felt that that was when I wanted to use my one comment, my one strike as it would be," she said.

By noon the next day, it had been deleted and she had been blocked.

"I even wrote in my comment that you can block me but I'm still going to call your office," Morley said in an interview.

Some negative comments about King remain on his Facebook page. But King's critics say his deletions fit a broader pattern. He has declined to hold an in-person town hall meeting this year, saying, "to me all they do is just turn into a screaming session," according to CNN. He held a telephonic town hall meeting but only answered a small fraction of the questions submitted. And he met with Liuba Grechen Shirley, the founder of a local Democratic group in his district, but only after her group held a protest in front of his office that drew around 400 people.

"He's not losing his health care," Grechen Shirley said. "It doesn't affect him. It's a death sentence for many and he doesn't even care enough to meet with his constituents."

King's deleted comments even caught the eye of Andy Slavitt, who until January was the acting administrator of the Centers for Medicare and Medicaid Services. Slavitt has been traveling the country pushing back against attempts to gut the ACA.

.@RepPeteKing, are you silencing your constituents who send you questions? Assume ppl in district will respond if this is happening.

-- Andy Slavitt (@ASlavitt) May 12, 2017

Since the election, other activists across the country who oppose the president's agenda have posted online that they have been blocked from following their elected officials on Twitter or commenting on their Facebook pages because of critical statements they've made about the AHCA and other issues.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Coming Soon: A New HD Video Standard For TV. Will Over-The-Air Broadcasts Remain Free?

Federal communications Commission logo Soon, consumers will hear about improvements in over-the-air broadcast television. Free, broadcast television has been around since forever, and High Definition (HD) broadcast signals have been around since 2009. Many consumers have chosen free, over-the-air broadcast television to avoid expensive monthly cable-TV bills.

Consumer Reports explained:

"Technically called ATSC 3.0, the new broadcast standard is—thankfully—being more generally billed as "Next-Gen Broadcast TV." There are a few big differences between our current ATSC 1.0 broadcasts and the new ones we'll receive as part of ATSC 3.0. A key one is that the new standard is IP (internet protocol)-based, which means it can carry internet content alongside traditional TV broadcasts. The broadcasts can also include 4K video and high dynamic range (HDR) content—the two biggest selling points in TVs right now."

And, consumers will be able to receive the new HD broadcast signals on their smart phones. Reportedly, the coming ATSC 3.0 standard will use a more efficient video format, called HEVC or H.265, which streaming services already use.

Last year, WRAL-TV in Raleigh, North Carolina began to broadcast using the new standard with a documentary, "Take Me Out To the Bulls' Game." The U.S. Federal Communications Commission (FCC) announced in February a Notice of Proposed Rulemaking (NPRM) which sought comments from the public about the new HD broadcast standard. That FCC announcement stated, in part:

"ATSC 3.0 has the potential to greatly improve broadcast signal reception on mobile devices and television receivers without outdoor antennas.  It is also intended to enable broadcasters to offer enhanced and innovative new features to consumers, including Ultra High Definition picture and immersive audio, more localized programming content, an advanced emergency alert system capable of waking up sleeping devices to warn consumers of imminent emergencies, improved accessibility options, and interactive services.

A coalition of broadcast and consumer electronics industry representatives petitioned the Commission to allow the use of the new standard. The upgraded technology is intended to merge the capabilities of over-the-air broadcasting with the broadband viewing and information delivery methods of the Internet using the same 6 MHz channels presently allocated for digital television (DTV)."

Like most things in life, details matter. Consumer Reports warned:

"... Jonathan Schwantes, senior policy counsel at Consumers Union, the policy and mobilization arm of Consumer Reports, says that some consumers could lose the ability to get some ATSC 1.0 signals if the host station is located farther away than their current broadcaster.

"Our position is that next-gen TV can and will be beneficial to consumers if implemented by the FCC in a measured and conscientious manner," he says. That could include making sure the current coverage areas are preserved as much as possible, not allowing broadcasters to downgrade the quality of ATSC 1.0 broadcasts from high to standard definition, and providing consumers with education on issues such as the timing of the transition and what new equipment they may need."

So, some broadcasters might choose to cut corners while migrating to the new standard: reduce their existing HD over-the-air signal strength, degrade their existing HD signal quality, or both. Not good.

And, there's more bad news for consumers. The new HD broadcast standard may cost more. You're probably wondering how, since over-the-air broadcasts have been free since television was introduced. Consumer Reports explained:

"... broadcasters could encrypt at least part of their programming, and require users to create an account and pay for access to certain features. No details are available on how this would work from the consumer's point of view. Consumers Union and other groups say they will insist that consumers continue to have access to free over-the air high-definition TV reception."

The new HD broadcast standard should not include hidden costs or new fees for consumers. For many consumers, new televisions are expensive and out of reach. Many consumers have chosen to "cut the cord" to save money. For these consumers, free over-the-air broadcast television is vital.

Nor should broadcasters be able to cut corners and force consumers to the new HD standard by degrading their existing HD signal strength and/or quality. The new HD broadcast standard should be voluntary for consumers. Nor should consumers be forced to submit to broadcasters their personal, contact, and payment information. One of the benefits of over-the-air broadcasts is privacy.

The next-gen TV standard offers benefits to both consumers and broadcasters. The FCC must balance the needs of both, and not serve only one group. The industry uses the term "Multi-channel Video Programming Distributors" (MVPD) to describe companies that provide video content. These MVPD companies include video producers and distributors: legacy cable-TV providers, TV networks, and others that provide programming via cable, the Internet, and over-the-air broadcasts.

Some MVPDs do both: produce and distribute video content. These MVPDs have a financial bias to force consumers from free over-the-air broadcasts to their proprietary, higher cost distribution networks (e.g., cable, internet). Consumers must have the freedom to choose how they consumer video content, and not have a distribution network forced upon them via bundling, "retransmission consent system," or other MVPD tactics.

What are retransmission consent systems? This 16-142 filing by Consumer's Union, Public Knowledge, and New America's Open Technology Institute explained (Adobe PDF):

"It is increasingly axiomatic that, when MVPDs and broadcast groups engage in retransmission consent negotiations, consumers end up suffering, or footing the bill, or both. Increased broadcast retransmission consent fees are passed on to consumers by MVPDs who have little choice but to accept most broadcaster demands or face crippling blackouts.... Large MVPDs, and those which also own broadcast interests, also use the retransmission consent process to extract favorable terms, potentially limiting the growth or viability of competitive video services. Comcast, for example, is rumored to have fleshed out its fledgling over-the-top (OTT) service by exercising most-favored-nation clauses in many of its carriage contracts. Comcast can only demand such favorable contract terms due to its dominant position in the video delivery marketplace, and once again, consumers are left holding the bag..."

So, the FCC must not make things worse for consumers by allowing the new HD broadcast standard to reduce competition and raise prices. Higher prices may be good for MVPDs (and their stockholders) but not for consumers.

If you want to submit a comment or read comments already submitted about the new HD broadcast standard, search for the 16-142 Filing within the FCC's Electronic Filing & Comment System (ECFS). At press time, only 167 persons, companies, and entities had submitted filings and comments (compared to 2,869,632 comments via ECFS about Net Neutrality). Not good.

What are your opinions about the new HD video broadcast standard?


Attorneys General In Several States Announce Settlement Agreements With Target

Target Bullseye logo The Office of the Attorney General (AG) for the Commonwealth of Massachusetts announced on Wednesday that the state will receive $625,000 as part of the settlement agreement with Target Corporation. The settlement agreement, which includes 47 states plus the District of Colombia, resolves claims by states about the retailer's massive data breach in 2013.

Card issuers had also sued the retailer. Target settled with Visa in August, 2015 to resolve claims in which 110 million consumers' records were stolen, including 40 million credit- and debit-card numbers. Also, debit card PIN numbers were stolen.

The announcement by Massachusetts AG Maura Healey explained:

"The investigation found that the stolen credentials were used to exploit weaknesses in Target’s system, which allowed the attackers to access a customer service database, install malware on the system and then capture data from credit or debit card transactions at Target stores (including stores in Massachusetts) from Nov. 27, 2013 to Dec. 15, 2013. The stolen data included consumers’ full names, telephone numbers, email addresses, mailing addresses, payment card numbers, expiration dates, security codes, and encrypted debit PINs... The breach affected more than 41 million customer payment card accounts and contact information for more than 60 million customers nationwide. In Massachusetts, the breach compromised information from approximately 947,000 customer payment card accounts and other personally-identifying information of about 1.5 million Massachusetts residents."

Terms of the settlement require Target:

"... to develop, implement and maintain a comprehensive information security program and to employ an executive or officer who is responsible for executing the plan. The company is required to hire an independent, qualified third-party to conduct a comprehensive security assessment... to maintain and support software on its network; to maintain appropriate encryption policies, particularly as pertains to cardholder and personal information data; to segment its cardholder data environment from the rest of its computer network; and to undertake steps to control access to its network, including implementing password rotation policies and two-factor authentication for certain accounts."

California will receive $1.4 million from the settlement. New York AG Eric T. Schneiderman said about the settlement agreement:

"New Yorkers need to know that when they shop, their data will be protected... This settlement marks an important win for New Yorkers – bringing over $635,000 into the state, in addition to the free credit monitoring services for those impacted by the data breach, and key security improvements to help protect Target consumers moving forward."

Yes, indeed. Shoppers everywhere need to know their data will be protected.

Besides Massachusetts, New York and California, the other states participating in this settlement include Alaska, Arizona, Arkansas, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, and the District of Columbia.

AL.com reported:

"Alabama won't be cashing in on the largest multi-state data breach settlement in history, however. The reason, according to the Alabama Attorney General's Office, is the absence of a state law that requires entities to notify customers whose information could have been exposed in a breach and then take steps to remediate any injuries.

"Alabama is one of the few states in the nation that is not a party to the recent Target settlement because our state does not have data breach notification law," said Mike Lewis, Communications Director for the Office of the Alabama Attorney General."

Connecticut and Illinois led the states' investigation. The participating states have not yet announced how the settlement money will be distributed.

[Editor's Note: a prior version of this blog post did not include the report by AL.com.]


Hacking Group Reported Security Issues With Samsung 8 Phone's Iris Recognition

Image of Samsung Galaxy S8 phones. Click to view larger version The Computer Chaos Club (CCC), a German hacking group founded in 1981, posted the following report on Monday:

"The iris recognition system of the new Samsung Galaxy S8 was successfully defeated by hackers... The Samsung Galaxy S8 is the first flagship smartphone with iris recognition. The manufacturer of the biometric solution is the company Princeton Identity Inc. The system promises secure individual user authentication by using the unique pattern of the human iris.

A new test conducted by CCC hackers shows that this promise cannot be kept: With a simple to make dummy-eye the phone can be fooled into believing that it sees the eye of the legitimate owner. A video shows the simplicity of the method."

The Samsung Galaxy S8 runs the Android operating system, claims a talk time of up to 30 hours, has a screen optimized for virtual reality (VR) apps, and features Bixby, an "... intelligent interface that is built into the Galaxy S8. With every interaction, Bixby can learn, evolve and adapt to you. Whether it's through touch, type or voice, Bixby will seamlessly help you get things done. (Voice coming soon)"

The CCC report also explained:

"Iris recognition may be barely sufficient to protect a phone against complete strangers unlocking it. But whoever has a photo of the legitimate owner can trivially unlock the phone. "If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication," says Dirk Engling, spokesperson for the CCC."

Phys.org reported that Samsung executives are investigating the CCC report. Samsung views the Galaxy S8 as critical to the company's performance given the Note 7 battery issues and fires last year.

Some consumers might conclude from the CCC report that the best defense against against iris hacks would be to stop posting selfies. This would be wrong to conclude, and an insufficient defense:

"The easiest way for a thief to capture iris pictures is with a digital camera in night-shot mode or the infrared filter removed... Starbug was able to demonstrate that a good digital camera with 200mm-lens at a distance of up to five meters is sufficient to capture suitably good pictures to fool iris recognition systems."

So, more photos besides selfies could reveal your iris details. The CCC report also reminded consumers of the security issues with using fingerprints to protect their devices:

"CCC member and biometrics security researcher starbug has demonstrated time and again how easily biometrics can be defeated with his hacks on fingerprint authentication systems – most recently with his successful defeat of the fingerprint sensor "Touch ID" on Apple’s iPhone. "The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris," Dirk Engling remarked."

What are your opinions of the CCC report?


The Guardian Site Reviews Documents Used By Facebook Executives To Moderate Content

Facebook logo The Guardian news site in the United Kingdom (UK) published the findings of its review of "The Facebook Files" -- a collection of documents which comprise the rules used by executives at the social site to moderate (e.g., review, approve, and delete) content posted by the site's members. Reporters at The Guardian reviewed:

"... more than 100 internal training manuals, spreadsheets and flowcharts that give unprecedented insight into the blueprints Facebook has used to moderate issues such as violence, hate speech, terrorism, pornography, racism and self-harm. There are even guidelines on match-fixing and cannibalism.

The Facebook Files give the first view of the codes and rules formulated by the site, which is under huge political pressure in Europe and the US. They illustrate difficulties faced by executives scrabbling to react to new challenges such as “revenge porn” – and the challenges for moderators, who say they are overwhelmed by the volume of work, which means they often have “just 10 seconds” to make a decision..."

The Guardian summarized what it learned about Facebook's revenge porn rules for moderators:

Revenge porn content rules found by The Guardian's review of Facebook documents

Reportedly, Facebook moderators reviewed as many as 54,000 cases in a single month related to revenge porn and "sextortion." In January of 2017, the site disabled 14,000 accounts due to this form of sexual violence. Previously, these rules were not available publicly. Findings about other rules are available at The Guardian site.

Other key findings found by The Guardian during its document review:

"One document says Facebook reviews more than 6.5m reports a week relating to potentially fake accounts – known as FNRP (fake, not real person)... Many moderators are said to have concerns about the inconsistency and peculiar nature of some of the policies. Those on sexual content, for example, are said to be the most complex and confusing... Anyone with more than 100,000 followers on a social media platform is designated as a public figure – which denies them the full protections given to private individuals..."

The social site struggles with how to handle violent language:

"Facebook’s leaked policies on subjects including violent death, images of non-sexual physical child abuse and animal cruelty show how the site tries to navigate a minefield... In one of the leaked documents, Facebook acknowledges “people use violent language to express frustration online” and feel “safe to do so” on the site. It says: “They feel that the issue won’t come back to them and they feel indifferent towards the person they are making the threats about because of the lack of empathy created by communication via devices as opposed to face to face..."

Some industry watchers in Europe doubt that Facebook can do what it has set out to accomplish, lacks sufficient staff to effectively moderate content posted by almost 2 billion users, and Facebook management should be more transparent about its content moderation rules. Others believe that Facebook and other social sites should be heavily fined "for failing to remove extremist and hate-crime material."

To learn more, The Guardian site includes at least nine articles about its review of The Facebook Files:

Collection of articles by The Guardian which review Facebook's content policies. Click to view larger version


Any Half-Decent Hacker Could Break Into Mar-a-Lago

[Editor's Note: Today's guest blog post is by the reporters at ProPublica. The article explores the security issues about key locations the President visits repeatedly and does business at. It was originally published yesterday, and is reprinted with permission.]

by Jeff Larson and Julia Angwin, ProPublica; and by Surya Mattu, Gizmodo

Two weeks ago, on a sparkling spring morning, we went trawling along Florida's coastal waterway. But not for fish.

We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained.

A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation.

We have also visited two of President Donald Trump's other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.

The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises.

"Those networks all have to be crawling with foreign intruders, not just ProPublica," said Dave Aitel, chief executive officer of Immunity, Inc., a digital security company, when we told him what we found.

Security lapses are not uncommon in the hospitality industry, which -- like most industries and government agencies -- is under increasing attack from hackers. But they are more worrisome in places where the president of the United States, heads of state and public officials regularly visit.

U.S. leaders can ill afford such vulnerabilities. As both the U.S. and French presidential campaigns showed, hackers increasingly exploit weaknesses in internet security systems in an effort to influence elections and policy. Last week, cyberattacks using software stolen from the National Security Agency paralyzed operations in at least a dozen countries, from Britain's National Health Service to Russia's Interior Ministry.

Since the election, Trump has hosted Chinese President Xi Jinping, Japanese Prime Minister Shinzo Abe and British politician Nigel Farage at his properties. The cybersecurity issues we discovered could have allowed those diplomatic discussions -- and other sensitive conversations at the properties -- to be monitored by hackers.

The Trump Organization follows "cybersecurity best practices," said spokeswoman Amanda Miller. "Like virtually every other company these days, we are routinely targeted by cyberterrorists whose only focus is to inflict harm on great American businesses. While we will not comment on specific security measures, we are confident in the steps we have taken to protect our business and safeguard our information. Our teams work diligently to deploy best-in-class firewall and anti-vulnerability platforms with constant 24/7 monitoring."

The White House did not respond to repeated requests for comment.

Trump properties have been hacked before. Last year, the Trump hotel chain paid $50,000 to settle charges brought by the New York attorney general that it had not properly disclosed the loss of more than 70,000 credit card numbers and 302 Social Security numbers. Prosecutors alleged that hotel credit card systems were "the target of a cyber-attack" due to poor security. The company agreed to beef up its security; it's not clear if the vulnerabilities we found violate that agreement. A spokesman for the New York attorney general declined comment.

Our experience also indicates that it's easy to gain physical access to Trump properties, at least when the president is not there. As Politico has previously reported, Trump hotels and clubs are poorly guarded. We drove a car past the front of Mar-a-Lago and parked a boat near its lawn. We drove through the grounds of the Bedminster golf course and into the parking lot of the golf course in Sterling, Virginia. No one questioned us.

Both President Obama and President Bush often vacationed at the more traditional presidential retreat, the military-run Camp David. The computers and networks there and at the White House are run by the Defense Information Systems Agency.

In 2016, the military spent $64 million on maintaining the networks at the White House and Camp David, and more than $2 million on "defense solutions, personnel, techniques, and best practices to defend, detect, and mitigate cyber-based threats" from hacking those networks.

Even after spending millions of dollars on security, the White House admitted in 2015 that it was hacked by Russians. After the hack, the White House replaced all its computer systems, according to a person familiar with the matter. All staffers who work at the White House are told that "there are people who are actively watching what you are doing," said Mikey Dickerson, who ran the U.S. Digital Service in the Obama administration.

By comparison, Mar-a-Lago budgeted $442,931 for security in 2016 -- slightly more than double the $200,000 initiation fee for one new member. The Trump Organization declined to say how much Mar-a-Lago spends specifically on digital security. The club, last reported to have almost 500 members paying annual dues of $14,000 apiece, allotted $1,703,163 for all administration last year, according to documents filed in a lawsuit Trump brought against Palm Beach County in an effort to halt commercial flights from flying over Mar-a-Lago. The lawsuit was dropped, but the FAA now restricts flights over the club when the president is there.

It is not clear whether Trump connects to the insecure networks while at his family's properties. When he travels, the president is provided with portable secure communications equipment. Trump tracked the military strike on a Syrian air base last month from a closed-door situation room at Mar-a-Lago with secure video equipment.

However, Trump has held sensitive meetings in public spaces at his properties. Most famously, in February, he and the Japanese prime minister discussed a North Korean missile test on the Mar-a-Lago patio. Over the course of that weekend in February, the president's Twitter account posted 21 tweets from an Android phone. An analysis by an Android-focused website showed that Trump had used the same make of phone since 2015. That phone is an older model that isn't approved by the NSA for classified use.

Photos of Trump and Abe taken by diners on that occasion prompted four Democratic senators to ask the Government Accountability Office to investigate whether electronic communications were secure at Mar-a-Lago.

In March, the GAO agreed to open an investigation. Chuck Young, a spokesman for the office, said in an interview that the work was in "the early stages," and did not offer an estimate for when the report would be completed.

So, we decided to test the cybersecurity of Trump's favorite hangouts ourselves.

Our first stop was Mar-a-Lago, a Trump country club in Palm Beach, Florida, where the president has spent most weekends since taking office. Driving past the club, we picked up the signal for a Wi-Fi-enabled combination printer and scanner that has been accessible since at least February 2016, according to a public Wi-Fi database.

An open printer may sound innocuous, but it can be used by hackers for everything from capturing all the documents sent to the device to trying to infiltrate the entire network.

To prevent such attacks, the Defense Information Systems Agency, which secures the White House and other military networks, forbids installing printers that anyone can connect to from outside networks. It also warns against using printers that do more than printing, such as faxing. "If an attacker gains network access to one of these devices, a wide range of exploits may be possible," the agency warns in its security guide.

We also were able to detect a misconfigured and unencrypted router, which could potentially provide a gateway for hackers.

To get a better line of sight, we rented a boat and piloted it to within sight of the club. There, we picked up signals from the club's wireless networks, three of which were protected with a weak and outmoded form of encryption known as WEP. In 2005, an FBI agent publicly broke this type of encryption in minutes.

By comparison, the military limits the signal strength of networks at places such as Camp David and the White House so that they are not reachable from a car driving by. It also requires wireless networks to use the strongest available form of encryption.

From our desks in New York, we were also able to determine that the club's website hosts a database with an insecure login page that is not protected by standard internet encryption. Login forms like this are considered a severe security risk, according to the Defense Information Systems Agency.

Without encryption, spies could eavesdrop on the network until a club employee logs in, and then steal his or her username and password. They then could download a database that appears to include sensitive information on the club's members and their families, according to videos posted by the club's software provider.

This is "bad, very bad," said Jeremiah Grossman, chief of Security Strategy for cybersecurity firm SentinelOne, when we described Mar-a-Lago's systems. "I'd assume the data is already stolen and systems compromised."

A few days later, we took our equipment to another Trump club in Bedminster, New Jersey. During the transition, Trump had interviewed candidates for top administration positions there, including James Mattis, now secretary of defense.

We drove on a dirt access road through the middle of the golf course and spotted two open Wi-Fi networks, TrumpMembers and WelcomeToTrumpNationalGolfClub, that did not require a password to join.

Such open networks allow anyone within range to scoop up all unencrypted internet activity taking place there, which could, on insecure sites, include usernames, passwords and emails.

Robert Graham, an Atlanta, Georgia, cybersecurity expert, said that hackers could use the open Wi-Fi to remotely turn on the microphones and cameras of devices connected to the network. "What you're describing is typical hotel security," he said, but "it's pretty concerning" that an attacker could listen to sensitive national security conversations.

Two days after we visited the Bedminster club, Trump arrived for a weekend stay.

Then we visited the Trump International Hotel in Washington, D.C., where Trump often dines with his son-in-law and senior adviser Jared Kushner, whose responsibilities range from Middle East diplomacy to revamping the federal bureaucracy. We surveyed the networks from a Starbucks in the hotel basement.

From there, we could tell there were two Wi-Fi networks at the hotel protected with what's known as a captive portal. These login screens are often used at airports and hotels to ensure that only paying customers can access the network.

However, we gained access to both networks just by typing "457" into the room number field. Because we provided a room number, the system assumed we were guests. We looked up the hotel's public IP address before logging off.

From our desks in New York, we could also tell that the hotel is using a server that is accessible from the public internet. This server is running software that was released almost 13 years ago.

Finally, we visited the Trump National Golf Club in Sterling, Virginia, where the president sometimes plays golf. From the parking lot, we recognized three encrypted wireless networks, an encrypted wireless phone and two printers with open Wi-Fi access.

The Trump club websites are hosted by an Ohio-based company called Clubessential. It offers everything from back-office management and member communications to tee time and room reservations.

In a 2014 presentation, a company sales director warned that the club industry as a whole is "too lax" in managing and protecting passwords. There has been a "rising number of attacks on club websites over the last two years," according to the presentation. Clubessential "performed [an] audit of security in the club industry" and "found thousands of sensitive documents from clubs exposed on [the] Internet," such as "lists of members and staff, and their contact info; board minutes, financial statements, etc."

Still, the club software company has set up a backend server accessible on the internet, and configured its encryption incorrectly. Anyone who reaches the login page is greeted with a warning that the encryption is broken. In its documentation, the company advises club administrators to ignore these warnings and log in regardless. That means that anybody snooping on the unprotected connection could intercept the administrators' passwords and gain access to the entire system.

The company also publishes online, without a password, many of the default settings and usernames for its software 2014 essentially providing a roadmap for intruders.

Clubessential declined comment.

Aitel, the CEO of Immunity, said the problems at Trump properties would be difficult to fix: "Once you are at a low level of security it is hard to develop a secure network system. You basically have to start over."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


FCC Says Denial-Of-Service Attacks Caused Its Site To Crash Sunday Morning

Federal communications Commission logo Last weekend, the U.S. Federal Communications Commission (FCC) website crashed during a key period when the public relied upon it to submit feedback about proposed changes to net neutrality rules. Dr. David Bray, the FCC Chief Information Officer, released a statement on Monday that the crash was due to a distributed denial-of-service (DDoS) attack:

"Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC. While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments. We have worked with our commercial partners to address this situation and will continue to monitor developments going forward."

The FCC’s , Electronic Comment Filing System (ECFS) is the site the public users to submit and review feedback about proposed changes. Bray's statement did not identify the "bad actors" responsible for the DDoS attack, did not state the countries or locations of the illegitimate site traffic, nor offer much in the way of any substantial details.

A DDoS attack is when hundreds or thousands of internet-connected devices, often coordinated by malware and/or criminals, overwhelm a targeted website by trying to access it simultaneously. This type of attack prevents legitimate users from accessing the targeted site to perform desired tasks (view/buy products, register for services, view videos, get help, contact representatives, etc.). This can easily disable the targeted website for hours, days, or weeks. It can also disrupt businesses, and cause financial losses.

This blog and its hosting service experienced a DDoS attack in 2014 when offshore advertisers retaliated after the hosting service implemented stronger measures to block illegitimate traffic. An October, 2016 DDoS attack against Dyn, a major DNS provider, interrupted many popular websites and services including Spotify, Reddit, and Twitter. Some DDoS attacks are about politics or censorship. A September, 2016 DDoS attack disabled the Krebs On Security blog.

Generally, security experts are concerned about botnets, collections of internet-connected devices used to perform DDoS attacks. These devices can include home WiFi routers, security cameras, and unprotected computers infected with malware. Often, home devices are used without consumers' knowledge nor consent.

Others were skeptical of the FCC's explanation. Some people attributed the crash to John Oliver, the host of the "This Week Tonight" show on HBO. In 2014, the show's viewers crashed the FCC site trying to submit feedback about net neutrality. Oliver published a similar video this past weekend in support of net neutrality.

Broadcasting & Cable reported:

"Fight for the Future is calling on the FCC to release logs on the attack to an independent third party—a security researcher or media outlet—to independently verify the attack. "The agency has a responsibility to maintain a functioning website to receive large numbers of comments and feedback from the public," said Evan Greer campaign director for Fight for the Future. "They can't blame DDoS attacks without proof, they need to fix this problem and ensure that comments on this important issue are not lost."

MediaPost reported that at least two U.S. Senators have demanded answers:

"Senators Ron Wyden (D-Oregon) and Brain Schatz (D-Hawaii) are also seeking answers from the FCC. "As you know, it is critical to the rulemaking and regulatory process that the public be able to take part without unnecessary technical or administrative burdens," the lawmakers write. "Any potentially hostile cyber activities that prevent Americans from being able to participate in a fair and transparent process must be treated as a serious issue."

They are asking the FCC to provide details about any malicious traffic, including how many devices sent malicious traffic to the agency. The lawmakers also have asked the FCC whether it requested investigatory assistance from other federal agencies, and whether it uses any commercial protection services."

A reasonable demand for the FCC to provide proof. If the DDoS attack was a new form of 21st-centry censorship to stop concerned citizens (e.g., voters) from submitting feedback in support of net neutrality, then we all need to know. And, we need to know what the FCC is doing to protect its systems.


America's Other Drug Problem

[Editor's Note: today's guest blog post, by reporters at ProPublica, explores the waste problem in the health care industry, and the accompanying pollution. It is reprinted with permission.]

by Marshall Allen, ProPublica

Every week in Des Moines, Iowa, the employees of a small nonprofit collect bins of unexpired prescription drugs tossed out by nursing homes after residents died, moved out or no longer needed them. The drugs are given to patients who couldn't otherwise afford them.

But travel 1,000 miles east to Long Island, New York, and you'll find nursing homes flushing similar leftover drugs down the toilet, alarming state environmental regulators worried they'll further contaminate the water supply.

In Baltimore, Maryland, a massive incinerator burns up tons of the drugs each year -- for a fee -- from nursing homes across the Eastern seaboard.

If you want to know why the nation's health care costs are among the highest in the world, a good place to start is with what we throw away. Across the country, nursing homes routinely toss large quantities of perfectly good prescription medication: tablets for diabetes, syringes of blood thinners, pricey pills for psychosis and seizures.

At a time when anger over soaring drug costs has perhaps never been more intense, redistributing discarded drugs seems like a no-brainer. Yet it's estimated that American taxpayers, through Medicare, spend hundreds of millions of dollars each year on drugs for nursing home patients -- much of which literally go down the tubes.

"It would not surprise me if as much as 20 percent of the medications we receive we end up having to destroy," said Mark Coggins, who oversees the pharmacy services for Diversicare, a chain of more than 70 nursing homes in 10 states. "It's very discouraging throwing away all those drugs when you know it can benefit somebody."

No one tracks this waste nationwide, but estimates show it's substantial. Colorado officials have said the state's 220 long-term care facilities throw away a whopping 17.5 tons of potentially reusable drugs every year, with a price tag of about $10 million. The Environmental Protection Agency estimated in 2015 that about 740 tons of drugs are wasted by nursing homes each year.

This is, of course, part of a bigger problem. The National Academy of Medicine estimated in 2012 that the United States squanders more than a quarter of what it spends on health care 2014 about $765 billion a year.

ProPublica is investigating the types of waste in health care that academics and politicians typically overlook. Our first installment examined the tens of millions worth of equipment and brand new supplies that hospitals jettison.

Today we look at the wasteful, and potentially harmful, ways nursing homes dispose of leftover meds -- and how some states, like Iowa, have found a solution.

On a recent Wednesday in Des Moines, Ami Bradwell, a certified pharmacy technician, popped open the lids of several 31-gallon bins full of prescription drugs. In each were hundreds of what are known as "bingo cards" filled with rows of pills in sealed bubbles.

"Metformin -- for diabetics," Bradwell said, holding up a card of large white pills. "It's not crazy expensive, but it's in high demand."

She held up an entire box of the anti-nausea drug Ondansetron. It goes for about $5 a pill, according to the website drugs.com. "Expensive."

Another card had three large pills stuffed in each chamber, a find Bradwell called "a 'jackpot' card. You can't live without it because it's a seizure medication."

Image from SafeNetRx Drug Donation Repository Bradwell works for the nonprofit SafeNetRx. Each week the group takes in dozens of bins full of such drugs, as well as boxes mailed in from across Iowa and several other states -- pharmaceutical trash that exists because, for convenience and cost, long-term care pharmacies often dispense nursing home patients' medications in bulk, a month's worth at a time.

Should a patient die, leave or stop taking the drug, what's left is typically tossed. The drugs have already been paid for, by Medicare in most cases, so there's little incentive to try to recycle them. In some states, such reuse is against the law.

Some of the cards Bradwell examined that day were missing only a few pills. One card had been thrown out even though it only lacked one of its 31 doses of oxybutynin, which reduces muscle spasms of the bladder. The remaining 30 are worth more than $13.

"There are literally millions of dollars of prescription medications thrown away every day in this country," said John Forbes, an Iowa pharmacist who dispenses SafeNetRx's recovered drugs to his low-income patients.

Although most states technically allow some leftover drugs to be recycled, Iowa is one of the few rescuing a significant percentage of the drugs from destruction. The state funds the program for about $600,000 a year, said SafeNetRx CEO Jon Rosmann, who calls it a "common sense" solution. In fiscal 2016 the program recovered and distributed drugs valued at about $3.4 million. This year it's on pace to top $5 million.

Forbes, who is also an Iowa state representative, said there are additional savings when low-income patients have access to the drugs they need. Patients who don't take their drugs "end up in the emergency room," he said, "which will wind up costing our health care system way more money."

At SafeNetRx, the drugs are sorted and organized in a 1,500-square-foot room lined with shelves stacked with bins of drugs. In the center, folding tables hold hundreds of bingo cards, sorted alphabetically by generic drug name, from the blood pressure drug acebutolol to the antipsychotic ziprasidone. None of the medications are controlled substances, though those may be included in the future.

Pharmacy officials say there may be a million dollars' worth of drugs in this small room. The 30 mg syringes of the blood thinner Enoxaparin are used by patients for weeks before and after heart surgery. They can go for $13 per dose.

One box contains scores of doses of Spiriva, inhalation capsules for chronic obstructive pulmonary disease that would sell for about $18 each. The antipsychotic Abilify runs about $46 per pill.

The biggest ticket items are the cancer drugs. They are typically donated directly from patients or their families. Those can run $8,000 or more per month.

The cancer drugs are passed on to people like Amber Judge, a patient advocate at Medical Oncology and Hematology Associates, a cancer clinic in Des Moines. Judge is accustomed to patients coming into her office in a panic. They've just learned they have cancer, only to find out they can't afford the drugs they need to battle the disease. That's when Judge opens one of the file drawers in her office, which are filled with tens of thousands of dollars' worth of the drugs recovered by SafeNetRx.

In one filing drawer she has about 30 boxes of Tasigna, which costs about $100 per pill. In another drawer she has a gallon-sized plastic bag with bottles of Stivarga, about $188 per pill.

The process is similar to patients receiving drug samples at a doctor's office. They leave her office with the drugs they need -- for free.

"I give them a month's supply if I have it," Judge said. "They're so thankful. They're incredulous."

In many places in the United States, however, these leftover drugs meet a very different end, one that is not only wasteful, but potentially harmful.

In recent years, scientists have detected something disturbing in the Long Island's aquifer: low levels of pharmaceuticals.

Though consumers have been warned not to flush their drugs down the toilet because sewer waste can contaminate groundwater, many still do it; more worrisome still, flushing remains a common practice at nursing homes in New York and across the country. The effects of such contamination on humans are unclear, but it has been shown to slow the metamorphosis of frogs and increase the feminization of fish.

Three years ago, New York's Department of Environmental Conservation started an annual program, funded by the state legislature, to scoop up unused medications before they were flushed. Even though the pickup service is free to facilities, only two dozen of 169 eligible Long Island nursing homes participated this February, turning over 660 pounds of drugs.

Those valuable medications didn't go into the water supply, but they didn't go to needy patients, either, though such recycling is now allowed in New York. Instead, they went to an incinerator company. Experts, including the EPA, have recommended incineration for getting rid of pharmaceuticals.

Destroying the unused drugs is always going to have environmental implications, said Carrie Meek Gallagher, region 1 director for the department. "It's always a trade-off of what's most harmful. For us, anything getting into the water is the worst solution."

The National Conference of State Legislatures said 39 states had passed laws that allowed the donation of drugs. But almost half of these states with laws lack programs to get the drugs safely from one appropriate user to another, and many of those that do have programs are focused on cancer drugs, the analysis showed.

There hasn't been a lot of public opposition to redistributing the drugs, even among drugmakers. Most concerns circle around logistics, although in Illinois trial attorneys have lobbied against a proposed program, saying it muddies liability issues.

Richard Cauchi, program director for health for the conference of state legislatures, said just passing laws doesn't guarantee success. A state agency or organization needs to oversee the program, encouraging participation and streamlining its administration so it's not a burden for pharmacies and nursing homes.

"It's a lot of work, and from a retail point of view, an expense," Cauchi said. "How do you accept these drugs? How do you confirm their safety? How do you know they meet the proper standards?"

Federal agencies are of little help, each pursuing their own, often contradictory, agendas.

The EPA discourages flushing drugs because they contaminate the water supply. But it doesn't have the authority to prohibit "sewering" the medications. Only local authorities can take that stance. It has, however, proposed reclassifying the unused drugs as hazardous waste, which would then prohibit flushing them.

The Food and Drug Administration says certain medications are so dangerous that they should be disposed of immediately, even if that means flushing them. It even provides a list of drugs recommended for flushing, mostly controlled substances like diazepam, better known as Valium, and the potent painkiller fentanyl.

The Drug Enforcement Administration wants to ensure controlled substances, like narcotic painkillers, aren't diverted to the illegal drug market. It has recommended that long-term pharmacies collect leftover drugs by placing boxes in nursing homes that must be emptied at least every three days, but that creates expense, hassle and potential liability.

Some advocates say the makers of the drugs should be responsible for disposing or recycling them. Scott Cassel, CEO of the Product Stewardship Institute, a nonprofit organization dedicated to reducing the environmental impact of consumer products, said the producers of batteries, electronics, paint and other products are required by law in some areas to pay for the safe disposal of their products. Similar laws require drug makers to pay for the destruction of leftover household drugs in two states and about a dozen counties, but no laws address nursing homes.

Coggins, who leads the pharmacy services for the Diversicare chain, said people in the nursing home industry would like to do something about the waste. But their options are dictated by laws and regulations, and there's been a lack of investment in cost-effective solutions like the one in Iowa.

About half the states where Diversicare operates allow the donation of unused drugs, but the programs required too much work sorting and inventorying the drugs without any reimbursement, he said. "It's like people have created legislation and it's a feel-good thing, but nobody's come back to see why it's not working."

Diversicare avoids flushing drugs whenever possible, Coggins said, but it still occurs sometimes. The organization has switched to a product called Rx Destroyer that chemically deactivates the medication so it can be put in the trash, he said, but even that is controversial because it goes into a landfill.

In many nursing homes, flushing is just part of the routine.

"Oh my goodness, it's so sad," said Jennifer Ramsey, a nurse who formerly worked as a house supervisor for a nursing home in South Haven, Mississippi. Once a month she and another nurse would gather all the unused blister packs of medication, she said, piles of them, probably worth tens of thousands of dollars. Then they would pop the pills one by one into the toilet.

"You would spend almost your whole eight-hour day doing it," Ramsey recalled.

Ramsey now works for the nonprofit Good Shepherd Pharmacy in Memphis. In Tennessee, the law requires nursing homes to destroy unused drugs on site. Good Shepherd's founder is pressing to change the law so the drugs can be saved and donated.

In March, state Rep. Cameron Sexton, a Republican whose wife is a pharmacist, introduced a bill that would allow unexpired medications to be donated in Tennessee. "Unfortunately, we don't have a process set up to do that so all these drugs have to be destroyed," he said.

Perhaps the most graphic way to see the waste firsthand is a visit to the Curtis Bay Medical Waste facility on the south side of Baltimore, home of the largest incinerator of its kind in the country.

Here Curtis Bay's fleet of trucks delivers load after load of unused, unexpired drugs from hundreds of nursing homes and other facilities and clinics up and down the East Coast. Drugs also come from medical waste companies like SteriCycle and Daniels Sharpsmart. In 2015, 204 tons of non-hazardous pharmaceutical waste came from the Daniels location in the Bronx, according to records filed in New York. Such waste includes not only drugs tossed by nursing homes, but also those from hospitals, doctors' offices and other facilities.

Inside Curtis Bay, the drugs are processed and destroyed in an area the size of several hockey rinks. A conveyor belt about 15 feet off the ground snakes through the facility loaded with hundreds of boxes of pharmaceutical and medical waste 2014 all leading to the two incineration chambers.

On a recent visit, the chamber was over 2,000 degrees, a heat that could be felt from 20 feet away.

From a platform above the incinerator's maw, you can watch as thousands of dollars of potentially lifesaving pills and medications tumble, box by box, into the steaming opening. Then they are shoveled into the blaze.

Experts say incineration is the least environmentally objectionable end-of-life option for unused drugs. But it's also the most expensive destruction method -- from 50 cents to a dollar per pound, paid for by the facilities themselves -- which is why many nursing homes resort to flushing.

Nursing homes save the disposal fees in Iowa, because they can donate them to SafeNetRx, where they benefit needy patients like Max Armstrong.

The 82-year-old suffers from multiple chronic conditions -- emphysema, congestive heart failure and more. The ailments were manageable until 2015, when he suffered blood clots in his leg and lung. Doctors put him on the generic blood thinner warfarin, but it "almost killed me," he said, so he switched to Xarelto, a newer brand name drug that costs about $700 a month.

The total tab for the Xarelto and the other 14 medications Armstrong must take each month would cost at least $1,200, according to his daughter. Armstrong, whose savings took a hit during the financial crisis, lives on $1,158 a month in Social Security.

It's "stupid" to throw away drugs that can keep so many other people healthy, Armstrong said. "There's a lot of people out there in this world who need help."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


The Need For A Code Of Ethics With The Internet Of Things

Earlier this week, The Atlantic website published and interview with Francine Berman, a computer-science professor at Rensselaer Polytechnic Institute, about the need for a code of ethics for connected, autonomous devices, commonly referred to as the internet-of-things (IoT). The IoT is exploding.

Experts forecast 8.4 billion connected devices in use worldwide in 2017, up 31 percent from 2016. Total spending for those devices will reach almost $2 trillion in 2017, and $20.4 billion by 2020. North America, Western Europe, and China, which already comprise 67 percent of the installed base, will drive much of this growth.

In a February, 2017 article (Adobe PDF) in the journal Communications of the Association for Computing Machinery, Berman and Vint Cerf, an engineer, discussed the need for a code of ethics:

"Last October, millions of interconnected devices infected with malware mounted a "denial-of-service" cyberattack on Dyn, a company that operates part of the Internet’s directory service. Such attacks require us to up our technical game in Internet security and safety. They also expose the need to frame and enforce social and ethical behavior, privacy, and appropriate use in Internet environments... At present, policy and laws about online privacy and rights to information are challenging to interpret and difficult to enforce. As IoT technologies become more pervasive, personal information will become more valuable to a diverse set of actors that include organizations, individuals, and autonomous systems with the capacity to make decisions about you."

Given this, it seems wise for voters to consider whether or not elected officials in state, local, and federal government understand the issues. Do they understand the issues? If they understand the issues, are they taking appropriate action? If they aren't taking appropriate action, is due to other priorities? Or are different elected officials needed? At the federal level, recent events with broadband privacy indicate a conscious decision to ignore consumers' needs in favor of business.

In their ACM article, Bermand and Cerf posed three relevant questions:

  1. "What are your rights to privacy in the internet-of-things?
  2. Who is accountable for decisions made by autonomous systems?
  3. How do we promote the ethical use of IoT technologies?"

Researchers and technologists have already raised concerns about the ethical dilemmas of self-driving cars. Recent events have also highlighted the issues.

Some background. Last October, a denial-of-service attack against a hosting service based in France utilized a network of more than 152,000 IoT devices, including closed-circuit-television (CCTV) cameras and DVRs. The fatal crash in May of a Tesla Model S car operating in auto-pilot mode and the crash in February of a Google self-driving car raised concerns. According to researchers, 75 percent of all cars shipped globally will have internet connectivity by 2020. Last month, a security expert explained the difficulty with protecting connected cars from hackers.

And after a customer posted a negative review online, a developer of connected garage-door openers disabled both the customer's device and online account. (Service was later restored.) Earlier this year, a smart TV maker paid $2.2 million to settle privacy abuse charges by the U.S. Federal Trade Commission (FTC). Consumers buy and use a wide variety of connected devices: laptops, tablets, smartphones, personal assistants, printers, lighting and temperature controls, televisions, home security systems, fitness bands, smart watches, toys, smart wine bottles, and home appliances (e.g., refrigerators, hot water heaters, coffee makers, crock pots, etc.). Devices with poor security features don't allow operating system and security software updates, don't encrypt key information such as PIN numbers and passwords, and build the software into the firmware where it cannot be upgraded. In January, the FTC filed a lawsuit against a modem/router maker alleging poor security in its products.

Consumers have less control over many IoT devices, such as smart utility meters, which collect information about consumers. Typically, the devices are owned and maintained by utility companies while installed in or on consumers' premises.

Now, back to the interview in The Atlantic. Professor Berman reminded us that society has met the ethical challenge before:

"Think about the Industrial Revolution: The technologies were very compelling—but perhaps the most compelling part were the social differences it created. During the Industrial Revolution, you saw a move to the cities, you saw the first child-labor laws, you saw manufacturing really come to the fore. Things were available that had not been very available before..."

Well, another revolution is upon us. This time, it includes changes brought about by the internet and the IoT. Berman explained today's challenges include considerations:

"... we never even imagined we’d have to think about. A great example: What if self-driving cars have to make bad choices? How do they do that? Where are the ethics? And then who is accountable for the choices that are made by autonomous systems? This needs to be more of a priority, and we need to be thinking about it more broadly. We need to start designing the systems that are going to be able to support social regulation, social policy, and social practice, to bring out the best of the Internet of Things... Think about designing a car. I want to design it so it’s safe, and so that the opportunity to hack my car is minimized. If I design Internet of Things systems that are effective, provide me a lot of opportunities, and are adaptive, but I only worry about really important things like security and privacy and safety afterwards, it’s much less effective than designing them with those things in mind. We can lessen the number of unintended consequences if we start thinking from the design stage and the innovation stage how we’re going to use these technologies. Then, we put into place the corresponding social framework."

Perhaps, most importantly:

"There’s a shared responsibility between innovators, companies, the government, and the individual, to try and create and utilize a framework that assigns responsibility and accountability based on what promotes the public good."

Will we meet the challenge of this revolution? Will innovators, companies, government, and individuals share responsibility? Will we work for the public good or solely for business growth and profitability?

What do you think?


LeapLab And Other Defendants Settled With FTC

Recently, a reader wrote via e-mail with feedback about this December 2014 blog post which discussed a lawsuit filed by the U.S. Federal Trade Commission (FTC) against a data broker, LeapLab, and other defendants. The suit alleged that the defendants sold consumers' sensitive personal information to fraudsters.

The reader was unhappy because he was unable to submit a comment on that blog post. The policy of this blog is to close comments on all blog posts after a year. The reader seemed to interpret that policy as a slight against one of the defendants. No. The closing of comments after a year is equal, consistent treatment.

The reader was also unhappy with comments posted by other readers to that 2014 blog post. Like other blogs, readers freely share their opinions and feedback in the comments section. Like other blogs, I am not responsible for readers' comments. Nor do I censor comments for content. I remind everyone to read the Terms of Service.

The reader's e-mail feedback claimed the blog post was incomplete and one sided. Today's blog post reports the rest of the story.

LeapLab and the other defendants settled the lawsuit with the FTC in February, 2016. The February 18, 2016 FTC announcement stated:

"A group of defendants have settled Federal Trade Commission charges that they knowingly provided scammers with hundreds of thousands of consumers’ sensitive personal information – including Social Security and bank account numbers. The proposed federal court orders prohibit John Ayers, LeapLab and Leads Company from selling or transferring sensitive personal information about consumers to third parties. The defendants will also be prohibited from misleading consumers about the terms of a loan offer or the likelihood of getting a loan. In addition, the settlements require the defendants to destroy any consumer data in their possession within 30 days.

The orders include a $5.7 million monetary judgment, which is suspended based on the defendants sworn inability to pay. In addition to the settlement orders, the court entered an unsuspended $4.1 million default judgment with similar prohibitions against SiteSearch, the remaining defendant in the case."

You can follow the above links to the settlement agreements between each defendant and the FTC, which were approved by the court. Links are also available on the FTC-Leaplab proceedings page.

As a solo blogger with limited resources, I do my best to get it right. There's plenty of privacy news to cover, and I should have reported the above settlement agreements sooner. Hopefully, today's blog post corrects that oversight. I sincerely thank all readers for their feedback and comments.


For-Profit School Chain Camelot Suffers Setback Following Abuse Allegations

[Editor's note: today's guest post, by the reporters at ProPublica, provides an update about a for-profit school operating in the State of Georgia. The article was originally published on April 12, 2017 and is reprinted with permission.]

by Zoë Kirsch, The Teacher Project, ProPublica

The Muscogee County School Board in Columbus, Georgia, dealt another blow to embattled Camelot Education when it voted Monday night on April 10 to delay for three months a decision on whether to hire the company to run its alternative education programs.

The delay in awarding the $6.4 million annual contract comes in the wake of a recent report by ProPublica and Slate that more than a dozen Camelot students were allegedly shoved, beaten or thrown by staff members -- incidents almost always referred to as "slamming." The for-profit Camelot runs alternative programs across the country for more than 3,000 students, most of whom have emotional or behavioral difficulties or have fallen far behind academically.

"The abuse allegations were one of many red flags for me," said Muscogee school board member Frank Myers, one of five board members who supported postponement, while three were opposed. If the district is going to privatize such an important service, he said, "You ought to have an outfit that has a pristine record."

The board bucked the wishes of school district officials, including Superintendent of Education David Lewis, who pushed to hire Camelot. "There was no transparency," Myers said. "They wanted us to rush this thing."

Instead, a community advisory council will be created, and additional public hearings will be held. The council is expected to report back within three months.

Efforts to reach Lewis were unsuccessful. Camelot spokesman Kirk Dorn said in an email that the company often encounters delays when it enters new partnerships. The company expects to meet with the community later this month "and will continue to ensure that those who still have questions get answers," Dorn said. "We know from experience that the more a community learns about how we help students succeed the more reassured they become that we will be an asset."

Camelot has faced recent setbacks in other states as well. On March 9, the day after the report was published, the Houston school board voted unanimously not to renew its contract with Camelot, instead bringing management of its alternative program in house. And a Philadelphia city councilwoman called for more information about the city's alternative schools, including their disciplinary practices.

About half a million people in the United States attend alternative schools, which are publicly funded but often managed by private, for-profit companies such as Camelot, which was founded in 2002. They frequently serve as a last resort for struggling low-income and minority students.

The Columbus branch of the NAACP announced last week that it opposed hiring Camelot, citing the Slate and ProPublica investigation. "Abuse is failure," branch president Tonza Thomas told the Columbus Ledger-Enquirer.

"Our community has competent educators that assist our children with challenges daily," the organization said in a news release. "Yet they were not consulted before a decision was made to introduce an out-of-state, for profit, security-corporation to our school district."

Abuse allegations made by teachers and students against Camelot span ten years and four states: Pennsylvania, New Jersey, Florida and Louisiana. For the most part, staffers who allegedly assaulted students have faced no criminal charges or internal discipline; some have even been promoted.

In written statements, Camelot and its chief executive, Todd Bock, have said it provides effective and supportive services to thousands of the country's most challenging and needy students, and have denied any claims of systemic abuse across its programs.

"The idea of 'slamming' a student is offensive and counter to Camelot's values, culture and procedures," the company said on March 22. "Camelot does not currently practice nor has it ever practiced 'slamming' kids."

Monday night's decision in Muscogee County, located in western Georgia, was the second delay for Camelot there since Superintendent Lewis recommended hiring the company. On March 27, the school board postponed its vote for two weeks so that residents could attend two public forums about the proposal.

At those forums, both Camelot executives and Lewis touted the company's potential benefits, according to Fife Whiteside, a local attorney who served on the Muscogee school board from 1993 to 2008. Lewis told community members that hiring Camelot could help the district save money by cutting staffing costs.

At the start of one forum, Marianne Young, the parent of a child with special needs, tried to hand out fliers that were critical of Camelot. Young said in an interview that a security guard initially told her she couldn't distribute the fliers.

Another parent called a school board member to complain, Young said. Lewis then allowed Young to give out the fliers, she said. "I have a lot of concerns" about this contract, Young said, including "the abuse allegations, and the lack of oversight that our district has for these situations."

Whiteside, the former school board member, said he was surprised that the board opposed the superintendent. The reports of abuse allegations played a role in turning some board members against Camelot, he said. "The board rarely fails to support the superintendent in his initiatives," Whiteside said.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Security Expert Says Protecting Driverless Cars From Hackers Is Hard

Wired Magazine recently interviewed Charlie Miller, an automobile security expert, about the security of driverless cars. You may remember Miller. He and an associated remotely hacked a moving Jeep vehicle in 2015 to demonstrate security vulnerabilities in autos. Miller later worked for Uber, and recently joined Didi.

Wired Magazine reported:

"Autonomous vehicles are at the apex of all the terrible things that can go wrong,” says Miller, who spent years on the NSA’s Tailored Access Operations team of elite hackers before stints at Twitter and Uber. “Cars are already insecure, and you’re adding a bunch of sensors and computers that are controlling them…If a bad guy gets control of that, it’s going to be even worse."

The article highlights the security issues with driverless used by ride-sharing companies. Simply, the driverless taxi or ride-share car is unattended for long periods of time.. That is a huge opportunity for hackers posing as riders to directly access and hack driverless cars:

"There’s going to be someone you don’t necessarily trust sitting in your car for an extended period of time,” says Miller. “The OBD2 port is something that’s pretty easy for a passenger to plug something into and then hop out, and then they have access to your vehicle’s sensitive network."

The article also highlights some of the differences between driverless cars used as personal vehicles versus as ride-sharing (or taxi) cars. In a driverless personal vehicle, the owner -- who is also the inattentive driver -- can regain control after a remote hack and steer/brake to safety. Not so in a driverless ride-sharing car or taxi.

Do you believe that criminals won't try to hack driverless (ride-sharing and taxi) cars? History strongly suggests otherwise. Since consumers love the convenience of pay-at-the-pump in gas stations, criminals have repeatedly installed skimming devices in unattended gas station pumps to steal drivers' debit/credit payment information. No doubt, criminals will want to hack driverless cars to steal riders' payment information.

What are your opinions of the security of driverless cars?