1,098 posts categorized "Corporate Responsibility" Feed

Advertising Agency Paid $2 Million To Settle Deceptive Advertising Charges

Marketing Architects inc. The U.S. Federal Trade Commission (FTC) announced that Minneapolis-based Marketing Architects, Inc. (MAI):

"... an advertising agency that created and disseminated allegedly deceptive radio ads for weight-loss products marketed by its client, Direct Alternatives, has agreed to pay $2 million to the Federal Trade Commission and State of Maine Attorney General’s Office to settle their complaint..."

First, some background. According to the FTC, MAI created advertising for several products (e.g., Puranol, Pur-Hoodia Plus, Acai Fresh, AF Plus, and Final Trim) by Direct Alternatives from 2006 through February 2015. Then, in 2016 the FTC and the State of Maine settled allegations against Direct Alternatives, which required the company to halt deceptive advertising and illegal billing practices.

Additional background according to the FTC: MAI previously created weight-loss ads for Sensa Products, LLC between March 2009 and May 2011. The FTC filed a complaint against Sensa in 2014, and subsequently Sensa agreed to refund $26.5 million to defrauded consumers. So, there's important, relevant history.

In the latest action, the joint complaint alleged that MAI created and disseminated radio ads with false or unsubstantiated weight-loss claims for AF Plus and Final Trim. Besides:

"... receiving FTC’s Sensa order, MAI was previously made aware of the need to have competent and reliable scientific evidence to back up health claims. Among other things, the complaint alleges that Direct Alternatives provided MAI with documents indicating that some of the weight-loss claims later challenged by the FTC needed to be supported by scientific evidence.

The complaint further charges that MAI developed and disseminated fictitious weight-loss testimonials and created radio ads for weight-loss products falsely disguised as news stories. Finally, the complaint charges MAI with creating inbound call scripts that failed to adequately disclose that consumers would be automatically enrolled in negative-option (auto-ship) continuity plans."

The latest action includes a proposed court order to ban MAI from making weight-loss claims about products the FTC has already advised as false, and:

"... requires MAI to have competent and reliable scientific evidence to support any other claims about the health benefits or efficacy of weight-loss products, and prohibits it from misrepresenting the existence or outcome of tests or studies. In addition, the order prohibits MAI from misrepresenting the experience of consumer testimonialists or that paid commercial advertising is independent programming."

This action is a reminder to advertising and digital agency executives everywhere: ensure that claims are supported by competent, reliable scientific evidence.

Good. Kudos to the FTC for these enforcement actions and for protecting consumers.


Mystery Package Scam Operating on Amazon Site. What It Is, The Implications, And Advice For Victims

Amazon logo Last fall, a couple living in a Boston suburb started receiving packages they didn't order from Amazon, the popular online retailer. The Boston Globe reported that the couple living in Acton, Massachusetts:

"... contacted Amazon, only to be told that the merchandise was paid for with a gift card. No sender’s name, no address. While they’ve never been charged for anything, they fear they are being used in a scam... The first package from Amazon landed on Mike and Kelly Gallivan’s front porch in October. And they have continued to arrive, packed with plastic fans, phone chargers, and other cheap stuff, at a rate of one or two a week."

The packages were delivered to the intended recipient. Nobody knows who sent the items: wireless chargers, a high-intensity flashlight, a Bluetooth speaker, a computer vacuum cleaner, LED tent lamps, USB cables, and more. After receiving 25 packages since October, the couple now wants it to stop. What seemed funny at first, is now a nuisance.

The Gallivans are not alone. CBC News reported that students at several universities in Canada have also received mystery packages containing a variety of items they didn't order:

"The items come in Amazon packaging, but there's no indication who's ordering the goods from the online retail giant. "We're definitely confused by it," said Shawn Wiskar, University of Regina Students' Union vice-president of student affairs. His student union has received about 15 anonymous packages from Amazon since late November, many of which contained multiple items. Products sent so far include iPad cases, a kitchen scale and a "fleshlight" — a male sex toy in the shape of a flashlight... Six other university student unions — Dalhousie in Halifax; St. Francis Xavier in Antigonish (Nova Scotia); Ryerson in Toronto; Wilfrid Laurier in Waterloo, Ontario; Royal Roads in Victoria; and the University of Manitoba in Winnipeg — have also confirmed that they've been receiving mysterious Amazon packages since the fall."

Experts speculate that the mystery packages were sent by fraudsters trying to game the retailer's review system. Consumers buy products on Amazon.com either directly from the retailer or from independent sellers listed on the site. The Boston Globe explained:

"Here’s how two experts who used to work for Amazon, James Thomson and Chris McCabe, say it probably works: A seller trying to prop up a product would set up a phony e-mail account that would be used to establish an Amazon account. Then the seller would purchase merchandise with a gift card — no identifying information there — and send it to a random person, in this case the Gallivans. Then, the phantom seller, who controls the “buyer’s” e-mail account, writes glowing reviews of the product, thus boosting the Amazon ranking of the product."

If true, then there probably are a significant number of bogus reviews on the Amazon site. The Boston Globe's news item also suggested that a data breach within a seller's firm might have provided scammers with valid mailing addresses:

"How did Mike, to whom the packages are addressed, get drawn into this? On occasion he’s ordered stuff on Amazon and received it directly from a manufacturer, once from China. That manufacturer or some affiliate may have scooped Mike’s name and address."

If true, then that highlights the downside of offshore outsourcing, where other countries don't mandate data breach disclosures. Earlier in 2017, a resident of Queens in New York City received packages with products she didn't order:

"... All she knows is that the sender is some guy named Kevin who uses Amazon gift cards... And she’s reported the packages to the NYPD, the FBI and the Better Business Bureau since Amazon hasn’t made the deliveries stop."

In that news report, a security expert speculated that criminals were testing stolen debit- and gift-card numbers. Did a seller have a data breach which went unreported? Lots of questions and few answers.

Security experts advise consumers to report packages they didn't order to various law enforcement and agencies, as the Queens resident did. Ultimately, her deliveries stopped, but not for the Gallivans.

Amazon has been unable to identify the perpetrators. At press time, a search of Amazon's Help and Customer Service site section failed to find content helping consumers victimized by this scam.

Perhaps, it is time for law enforcement and the U.S. Federal Trade Commission to step in. Regardless, we consumers will probably hear more news in the future about this scam.


CFPB Backs Off Investigating The Massive Equifax Breach

Logo for Consumer Financial Protection Bureau MarketWatch reported on Monday that the Consumer Financial Protection Bureau (CFPB) has:

"...  scaled back its investigation into a data breach at credit reporting agency Equifax Reuters reported Monday. The CFPB's interim director Mick Mulvaney, appointed by the Trump administration, has not followed "routine steps" that would be involved in a probe, including issuing subpoenas against Equifax and seeking sworn testimony from its executives, Reuters reported.

And when regulators at the Federal Reserve, Federal Deposit Insurance Corp. and Office of the Comptroller of the Currency have offered to help examine the credit bureaus, the CFPB reportedly declined the help... several politicians and consumer advocates said this is the latest sign the CFPB under Mulvaney will be weak in its prosecution of financial firms... The Federal Trade Commission is also investigating the breach, but imposes financial penalties more rarely than the CFPB does... Mulvaney wrote in an op-ed published in January The Wall Street Journal that the bureau will no longer “push the envelope.” “When it comes to enforcement, we will focus on quantifiable and unavoidable harm to the consumer,” he wrote..."

Equifax logo The massive Equifax data breach affected at least 143 million persons in the United States. That was about 44 percent of the United States population... almost half. Nobody in their right mind wants to experience that again, so a thorough investigation seems wise, appropriate, and necessary.

The CFPB began supervision of the credit reporting industry in 2012. While the news report by MarketWatch is very troubling, sadly there is even more bad news:

"Consumer advocates are also concerned that the CFPB will get rid of the database of complaints related to current investigations, which allows the public to air complaints publicly. It also provided a direct way for the public to engage with the CFPB’s activities. The database contains hundreds of thousands of complaints filed by consumers about issues ranging from predatory debt collectors to errors on credit reports. Republicans have argued that the database shouldn’t be public, while consumer advocates say the public list of complaints is an important tool for consumers.

A public database has been “a powerful mechanism for keeping financial predators accountable to consumers,” Melissa Stegman, senior policy counsel at the Center for Responsible Lending, a nonprofit based in Durham, N.C., told MarketWatch... Mulvaney announced in January the CFPB may reconsider a rule Cordray implemented for payday lenders that was designed to protect consumers and limit the amount lenders are allowed to loan them, if they do not meet certain borrowing criteria."

Now, you know why you should be concerned, too, about foot-dragging by the CFPB's Equifax probe. There is plenty of evidence that the CFPB has done a spectacular job protecting consumers and their money:

While campaigning for President, Donald Trump positioned himself as a populist... promoting "populist nationalism." A true populist would not appoint a CFPB director that weakens or abandons protection for consumers. What do you think?


Fresenius Medical Care To Pay $3.5 Million For 5 Small Data Breaches During 2012

Logo-fresenius-medical-careFresenius Medical Care Holdings, Inc. has agreed to a $3.5 million settlement agreement regarding five small data breaches the Massachusetts-based healthcare organization experienced during 2012. Fresenius Medical Care Holdings, Inc. does business under the name Fresenius Medical Care North America (FMCNA). This represents one of the largest HIPAA settlements ever by the U.S. Department of Health & Human Services (HHS).

The five small data breaches, at different locations across the United States, affected about 521 persons:

  1. Bio-Medical Applications of Florida, Inc. d/b/a Fresenius Medical Care Duval Facility: On February 23, 2012, two desktop computers were stolen during a break-in. One of the computers contained the electronic Protected Health Information (ePHI) of 200 persons, including patient name, admission date, date of first dialysis, days and times of treatments, date of birth, and Social Security number
  2. Bio-Medical Applications of Alabama, Inc. d/b/a Fresenius Medical Care Magnolia Grove: On April 3, 2012, an unencrypted USB drive was stolen from a worker's car while parked in the organization's parking lot. The USB device contained the ePHI of 245 persons, including patient name, address, date of birth, telephone number, insurance company, insurance account number (a potential social security number derivative for some patients) and the covered entity location where each patient was seen.
  3. Renal Dimensions, LLC d/b/a Fresenius Medical Care Ak-Chin: On June 18, 2012, an anonymous phone tip reported that a hard drive was missing from a desktop computer, which had been taken out of service. The hard drive contained the ePHI of 35 persons, including name, date of birth, Social Security number and Zip code. While the worker notified a manager about the missing hard drive, the manager failed t notify the FMCNA Corporate Risk Management Department.
  4. Fresenius Vascular Care Augusta, LLC: On June 16, 2012, a worker's unencrypted laptop was stolen from her car while parked overnight at home. The laptop bag also include a list of her passwords. The laptop contained the ePHI of 10 persons, including patient name, insurance account number (which could be a social security number derivative) and other insurance information.
  5. WSKC Dialysis Services, Inc. d/b/a Fresenius Medical Care Blue Island Dialysis: On or about June 17 - 18, 2012, three desktop computers and one encrypted laptop were stolen from the office. One of the desktop computers contained the ePHI of 31 persons, including patient name, dates of birth, address, telephone number, and either full or partial Social Security numbers.

Besides the hefty payment, terms of the settlement agreement (Adobe PDF) require FMCNA to implement and complete a Corrective Action Plan:

  • Conduct a risk analysis,
  • Develop and implement a risk management plan,
  • Implement a process for evaluating workplace operational changes,
  • Develop an Encryption Report,
  • Review and revise internal policies and procedures to control devices and storage media,
  • Review and revise policies to control access to facilities,
  • Develop a privacy and security awareness training program for workers, and
  • Submit progress reports at regular intervals to HHS.

The Encryption report identifies and describes the devices and equipment (e.g., desktops, laptops, tables smartphones, etc.) that may be used to access, store, and transmit patients' ePHI information; records the number of devices including which utilize encrypted information; and provides a detailed plan for implementing encryption on devices and media which should contain encrypted information and currently don't.

Some readers may wonder why a large fine for relatively small data breaches, since news reports often cite data breaches affecting thousands or millions of persons. HHS explained that the investigation by its Office For Civil Rights (OCR) unit:

"... revealed FMCNA covered entities failed to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of its ePHI. The FMCNA covered entities impermissibly disclosed the ePHI of patients by providing unauthorized access for a purpose not permitted by the Privacy Rule... Five breaches add up to millions in settlement costs for entity that failed to heed HIPAA’s risk analysis and risk management rules.."

OCR Director Roger Severino added:

"The number of breaches, involving a variety of locations and vulnerabilities, highlights why there is no substitute for an enterprise-wide risk analysis for a covered entity... Covered entities must take a thorough look at their internal policies and procedures to ensure they are protecting their patients’ health information in accordance with the law."


Health Experts To Facebook: Turn Off Messenger Kids

Facebook logo In December 2017, Facebook launched its Messenger Kids service for children ages six to 13. The service includes a free video calling and messaging app where children can connect only with parent-approved contacts. The ad-free service includes masks, frames, stickers and GIFs for children to, "ids can create fun videos and decorate photos to share moments with loved ones."

Pediatricians and health experts are very concerned. Earlier today, dozens of health professionals sent a letter to Facebook (Adobe PDF) urging the social networking giant to terminate Messenger Kids. The letter stated in part:

"Given Facebook’s enormous reach and marketing prowess, Messenger Kids will likely be the first social media platform widely used by elementary school children. But a growing body of research demonstrates that excessive use of digital devices and social media is harmful to children and teens, making it very likely this new app will undermine children’s healthy development.

Younger children are simply not ready to have social media accounts. They are not old enough to navigate the complexities of online relationships, which often lead to misunderstandings and conflicts even among more mature users. They also do not have a fully developed understanding of privacy, including what’s appropriate to share with others and who has access to their conversations, pictures, and videos.

At a time when there is mounting concern about how social media use affects adolescents’ well being, it is particularly irresponsible to encourage children as young as preschoolers to start using a Facebook product. Social media use by teens is linked to significantly higher rates of depression, and adolescents who spend an hour a day chatting on social networks report less satisfaction with nearly every aspect of their lives. Eighth graders who use social media for 6 - 9 hours per week are 47% more likely to report they are unhappy than their peers who use social media less often. A study of girls between the ages of 10 and 12 found the more they used social networking sites like Facebook, the more likely they were to idealize thinness, have concerns about their bodies, and to have dieted. Teen social media use is also linked to unhealthy sleep habits. Messenger Kids is likely to increase the amount of time pre-school and elementary age kids spend with digital devices. Already, adolescents report difficulty moderating their own social media use: 78% check their phones at least hourly, and 50% say they feel addicted to their phones. Almost half of parents say that regulating their child’s screen time is a constant battle. Messenger Kids will exacerbate this problem... Encouraging kids to move their friendships online will interfere with and displace the face-to-face interactions and play that are crucial for building healthy developmental skills, including the ability to read human emotion, delay gratification, and engage with the physical world..."

The letter contains footnotes to citations with supporting research about the above health concerns. Reportedly, Facebook consulted with the National PTA and several academics before introducing the app. Messenger Kids is a separate service, so children using it can't be found using Facebook's search mechanism.

The letter from health professionals to Facebook also addressed safety concerns:

"Facebook claims that Messenger Kids will provide a safe alternative for the children who have lied their way onto social media platforms designed for teens and adults. But the 11- and 12-year-olds who currently use Snapchat, Instagram, or Facebook are unlikely to switch to an app that is clearly designed for younger children. Messenger Kids is not responding to a need – it is creating one. It appeals primarily to children who otherwise would not have their own social media accounts. It is disingenuous to use Facebook’s failure to keep underage users off their platforms as a rationale for targeting younger children with a new product."

Earlier this month, Facebook's CEO acknowledged problems and promised to do better. We shall see if Facebook's management listens to the documented concerns of pediatricians and health professionals.

What are your opinions about children ages 6 to 13 using social media? About Messenger Kids? Should Facebook terminate Messenger Kids?

Facebook-messenger-kids-how-to


Burger King's Whopper Neutrality Ad. Sincere 'Net Neutrality' Support Or Slick Corporate Advertising?

If you haven't seen it, there is a Whopper Neutrality ad online by Burger King, explains net neutrality in a very easy-to-understand way. Blog post continues after the video:

A November, 2017 poll found that 52 percent of registered voters supported the current rules, including 55 percent of Democrats and 53 percent of Republicans. After that poll, the Commissioners at the FCC voted to killed net neutrality protections for consumers.

Some have questions whether the ad is sincere support of an issue consumers care about, or slick corporate advertising which capitalize on a hot topic. I like the ad. Anything that helps more consumers understand the issue, and what we've lost, is a good thing.

Another view of the ad by The Young Turks. Share your opinions below after the video:

Related posts about net neutrality:


The United States Has A Problem: Declining Foreign Visitors

Visit-usa-coalition-figure1
The United States has a problem: the number of international visitors is declining. What are companies doing to counter this, lost revenues, and other negative impacts? Bloomberg reported (bold emphasis added):

"... 10 business associations, including the U.S. Chamber of Commerce and the National Restaurant Association, have created a travel industry group aimed at reversing the growing unpopularity of the U.S. as a vacation destination. So [last week], some of its biggest players unveiled the "Visit U.S. Coalition" to spur the Trump administration into enacting friendlier visa and border-security policies at a time when federal agencies are doing the opposite... Since 2015, the U.S. and Turkey have been the only places among the top dozen global travel destinations to experience a decline in inbound visitors, a time when other nations such as Australia, Canada, China and the United Kingdom have marked sizable gains..."

Visit-usa-coaltion-figure3Foreign visitors spend their travel money here, which helps businesses in the USA. The amount of the travel decline is measurable:

"... the Commerce Department reported a 3.3 percent drop in traveler spending for last year, through November, the equivalent of $4.6 billion in losses and 40,000 jobs. The U.S. share of international long-haul travel fell to 11.9 percent last year, from 13.6 percent in 2015, according to the U.S. Travel Association, a slippage the group said equates to 7.4 million visitors and $32.2 billion in spending."

According to its website, the Visit U.S. Coalition includes the following founding members: American Gaming Association, American Hotel & Lodging Association, American Society of Association Executives, Asian American Hotel Owners Association, International Association of Exhibitions and Events, National Restaurant Association, National Retail Federation, Society of Independent Show Organizers, the U.S. Chamber of Commerce, and the U.S. Travel Association.

What does this mean? What might the consequences be?

First, if the foreign tourism decline continues, experience tells us that after prolonged revenue losses, affected industries (e.g., hotels, transportation, restaurants, retail shopping, etc.) and companies will layoff or terminate workers. Not good for workers. Not good for the United States economy.

Second, it's great that several companies have organized together into groups... trade associations for several industries; and then several trade associations organized into a coalition... what you might call an uber-trade association... to highlight their concerns, remain competitive, and advocate for their interests. You'd expect any administration which promised to be pro-business would listen these concerns.

Third, the freedom to organize is an important part of a democracy, and a competitive marketplace. Workers want this freedom, too. Sadly, too many corporate executives and politicians deny workers the same freedoms they want their businesses to enjoy. You've probably heard the claim: "corporations are people, my friend." I guess they are a special class of people with more freedom than flesh-and-blood persons.

What do you think of the foreign visitor travel decline?


Royal Caribbean Cruise Line And CPP-The Myers-Briggs Offer Travel Personality Quiz

Inc. Magazine warned in 2016, "ready or not, companies will soon be tracking your emotions." Most Facebook users already knows this. Also in 2016, the social networking site expanded several reaction buttons beyond its (in)famous "Like" button to cover several emotions (e.g., "Love," "Haha," "Wow," "Sad," "Angry"):

Facebook-emotions-buttons

Maybe you have used these reaction buttons. Companies do this because effective marketing appeals to emotions instead of reason.

Now, a popular cruise line has taken things a step further. Cruise Critic, a popular travel site, announced:

"... Royal Caribbean has teamed up with CPP-The Myers-Briggs Company to launch a quiz that offers cruise recommendations based on your personality type. The assessment tool, found on MyAdventurePersonality.com, asks users 13 questions as they pertain to personal behavior and preferences... Once the results are calculated, users will be designated a travel personality type, such as Expert Adventure Planner, Laidback Wanderer and Spontaneous Sightseer. They also will receive an itinerary recommendation best suited for their type, with planning tips."

What is the Myers'Briggs assessment tool? The Myers-Briggs Foundation site explains:

"The purpose of the Myers-Briggs Type Indicator® (MBTI®) personality inventory is to make the theory of psychological types described by C. G. Jung understandable and useful in people's lives. The essence of the theory is that much seemingly random variation in the behavior is actually quite orderly and consistent, being due to basic differences in the ways individuals prefer to use their perception and judgment... In developing the Myers-Briggs Type Indicator [instrument], the aim of Isabel Briggs Myers, and her mother, Katharine Briggs, was to make the insights of type theory accessible to individuals and groups... The identification of basic preferences of each of the four dichotomies specified or implicit in Jung's theory. The identification and description of the 16 distinctive personality types that result from the interactions among the preferences."

Indeed, this assessment tool became very accessible. The Seattle Times reported in 2013:

"Chances are you’ve taken the Myers-Briggs Type Indicator (MBTI), or will. Roughly 2 million people a year do. It has become the gold standard of psychological assessments, used in businesses, government agencies and educational institutions... More than 10,000 companies, 2,500 colleges and universities and 200 government agencies in the United States use the test... It’s estimated that 50 million people have taken the Myers-Briggs personality test since the Educational Testing Service first added the research to its portfolio in 1962... Organizations administer the MBTI assessment to employees in one of two ways. They either pay for someone in their human-resources department to become certified, then pay the materials costs each time employees take the test. Or, they contract with certified, independent training consultants or leadership coaches."

Selected questions from the MyAdventurePersonality site. Click to view larger version The travel quiz uses different and fewer (13 versus ~ 88) forced-choice questions than the MBTI. Plus, the travel quiz categorizes consumers into four travel personality types (versus 16 types by the MBTI). And, the MBTI tool is administered by certified professionals in an ethical manner. So, consumers shouldn't assume that the travel quiz is as rigorous as the MBTI. Admittedly, MyAdventurePersonality may add more questions and/or types in the future.

If you are considering the travel quiz, wise consumers always read the fine print, first. The MyAdventurePersonality site uses the same legal and privacy policies as the core Royal Caribbean cruise line site. So, consumers should know that whatever they submit to the travel quiz will probably be freely shared with other entities, since the Royal Caribbean Privacy Policy does not state any limitations.

The MyAdventurePersonality site may be a marketing gimmick to attract new customers and/or better target e-mail marketing campaigns to current and prospective cruise travelers.

Me? After 28 cruise ship vacations (with many on Royal Caribbean ships) to many areas of the planet, I know my travel needs and preferences very well. So, I doubt the quiz will tell me something I don't already know.

What do you think? Should companies uses these types of quizzes?


Citigroup Promises To Close Pay Gaps For Female And Minority Workers

Logo-citigroupUSA Today reported that Citigroup:

"... will boost job compensation for women and minorities in a bid to close pay gaps in the U.S., United Kingdom, and Germany, becoming the first U.S. bank to respond to shareholder pressure about the inequalities. The New York-based financial company announced the effort Monday, saying it came after a Citigroup compensation assessment in the three countries found that women on average were paid 99% of what men got and minorities on average received 99% of what non-minorities were paid... Citigroup's action prompted investment advisory company Arjuna Capital to withdraw the 2018 gender pay shareholder proposal it had filed in an effort to force an investor vote that would require the bank to address pay inequality."

So, the bank made changes only after a major investor forced it to. The news report cited other banks (text links added):

"No other U.S. bank has taken similar action, Arjuna said. Along with Citigroup, Arjuna said it had filed gender pay shareholder proposals this year with U.S. banks JPMorgan Chase, Wells Fargo, Bank of America and Bank of New York Mellon. The investment adviser said it had filed similar proposals with American Express, Mastercard, Reinsurance Group, and Progressive Insurance. If approved by shareholders, the proposals would require the companies to publish their policies and goals to reduce gender pay gaps."

JP Morgan Chase promised in 2016 to raise the pay of 18,000 tellers and branch workers. It seems that the banking industry, kicking and screaming, has been forced to confront its pay-gap issues for employees. What do you think?


Uber's Ripley Program To Thwart Law Enforcement

Uber logo Uber is in the news again, and not in a good way. TechCrunch reported:

"Between spring 2015 until late 2016 the ride-hailing giant routinely used a system designed to thwart police raids in foreign countries, according to Bloomberg, citing three people with knowledge of the system. It reports that Uber’s San Francisco office used the protocol — which apparently came to be referred to internally as ‘Ripley’ — at least two dozen times. The system enabled staff to remotely change passwords and “otherwise lock up data on company-owned smartphones, laptops, and desktops as well as shut down the devices”, it reports. We’ve also been told — via our own sources — about multiple programs at Uber intended to prevent company data from being accessed by oversight authorities... according to Bloomberg Uber created the system in response to raids on its offices in Europe: Specifically following a March 2015 raid on its Brussel’s office in which police gained access to its payments system and financial documents as well as driver and employee information; and after a raid on its Paris office in the same week."

In November of last year, reports emerged that the popular ride-sharing service experienced a data breach affecting 57 million users. Regulators said then that Uber tried to cover it up.

In March of last year, reports surfaced about Greyball, a worldwide program within Uber to thwart code enforcement inspections by governments. TechCrunch also described uLocker:

"We’ve also heard of the existence of a program at Uber called uLocker, although one source with knowledge of the program told us that the intention was to utilize a ransomware cryptolocker exploit and randomize the tokens — with the idea being that if Uber got raided it would cryptolocker its own devices in order to render data inaccessible to oversight authorities. The source said uLocker was being written in-house by Uber’s eng-sec and Marketplace Analytics divisions..."

Geez. First Greyball. Then Reipley and uLocker. And these are the known programs. This raises the question: how many programs are there?

Earlier today, Wired reported:

"The engineer at the heart of the upcoming Waymo vs Uber trial is facing dramatic new allegations of commercial wrongdoing, this time from a former nanny. Erika Wong, who says she cared for Anthony Levandowski’s two children from December 2016 to June 2017, filed a lawsuit in California this month accusing him of breaking a long list of employment laws. The complaint alleges the failure to pay wages, labor and health code violations... In her complaint, Wong alleges that Levandowski was paying a Tesla engineer for updates on its electric truck program, selling microchips abroad, and creating new startups using stolen trade secrets. Her complaint also describes Levandowski reacting to the arrival of the Waymo lawsuit against Uber, strategizing with then-Uber CEO Travis Kalanick, and discussing fleeing to Canada to escape prosecution... Levandowski’s outside dealings while employed at Google and Uber have been central themes in Waymo’s trade secrets case. Waymo says that Levandowski took 14,000 technical files related to laser-ranging lidar and other self-driving technologies with him when he left Google to work at Uber..."

Is this a corporation or organized crime? It seems difficult to tell the difference. What do you think?


Google Photos: Still Blind After All These Years

Earlier today, Wired reported:

"In 2015, a black software developer embarrassed Google by tweeting that the company’s Photos service had labeled photos of him with a black friend as "gorillas." Google declared itself "appalled and genuinely sorry." An engineer who became the public face of the clean-up operation said the label gorilla would no longer be applied to groups of images, and that Google was "working on longer-term fixes."

More than two years later, one of those fixes is erasing gorillas, and some other primates, from the service’s lexicon. The awkward workaround illustrates the difficulties Google and other tech companies face in advancing image-recognition technology... WIRED tested Google Photos using a collection of 40,000 images well-stocked with animals. It performed impressively at finding many creatures, including pandas and poodles. But the service reported "no results" for the search terms "gorilla," "chimp," "chimpanzee," and "monkey."

This is the best facial-recognition software solution Google can do, while it also wants consumers to trust the software in its driver-less vehicles? Geez. #fubar Well, maybe this video will help Google engineers feel better:


Telecoms Fired Workers After Lobbying For, And Getting, Tax Cuts And Net Neutrality Repeal

Comcast logo Last week, The Philadelphia Inquirer reported:

"Managers, supervisors, and direct sales people in Chicago, Florida, and other parts of Comcast’s Central region, mostly in the Midwest and Southeastern United States, were terminated around Dec. 15... More than 500 sales employees were terminated, company sources said... Comcast has not reorganized the direct sales forces and approach in the company’s two other big divisions, which include Pennsylvania, New Jersey, and Delaware. Comcast/NBCUniversal employs about 159,000.

In late December, Comcast announced that it would hand out $1,000 bonuses to full-time employees, in response to the Trump tax cut that will slash its corporate tax rate. The fired employees will be eligible for a “$1,000 supplemental severance payment,” Comcast said... Comcast direct sales employees earned $50,000 to $100,000 through a low base salary and commissions, the terminated employee said. The commissions ranged between roughly $75 for a new Internet Plus customer to $350 for a new customer who ordered a triple-play package with home security, the former employee said. Internet Plus is a package of television and broadband services..."

Reportedly, fired employees received severance pay only if they accepted non-disclosure agreements. Also, Comcast fired about 405 workers in Georgia.

Context matters. Earlier this week, Vox reported in December before the tax bill was passed:

"... the prospect for a deal on tax reform looking promising, lobbying reached a pinnacle this year, with 2,065 groups pushing their cause, according to reports published by the nonpartisan Center for Responsive Politics. The efforts are employing more than 6,000 lobbyists, the nonpartisan Public Citizen counted. The four organizations that reported the most lobbying activity on tax issues so far this year are Fortune 500 companies with a huge stake in the outcome: Comcast, Microsoft, Altria Group (formerly Philip Morris), and NextEra Energy."

Many politicians have repeated claims that tax cuts will create new jobs, and that repeal of net neutrality rules would encourage investment by ISPs. And, after the U.S. Federal Communications Commission (FCC) voted in December to repeal existing net neutrality rules, Comcast issued this statement:

"We commend Chairman Pai for his leadership and FCC Commissioners O’Reilly and Carr for their support in adopting the Restoring Internet Freedom Order, returning to a regulatory environment that allowed the Internet to thrive for decades by eliminating burdensome Title II regulations and opening the door for increased investment and digital innovation. Today’s action does not mark the ‘end of the Internet as we know it;’ rather it heralds in a new era of light regulation that will benefit consumers."

So, let's summarize events. After receiving two huge benefits (e.g., tax cuts, repeal of net neutrality rules), Comcast immediately terminated workers. Ars Technica asked Comcast why they fired workers when tax cuts were supposed to create new jobs:

"... Comcast gave us this statement but offered no further details: "Periodically, we reorganize groups of employees and adjust our sales tactics and talent. This change in the Central Division is an example of this practice and occurred in the context of our adding hundreds of frontline and sales employees. All these employees were offered generous severance and an opportunity to apply for other jobs at Comcast." "

One of the claims by corporate ISPs and by FCC Chairman Ajit Pai has been that net neutrality rules killed infrastructure investments by telecoms. Ars analyzed this claim:

"The firings happened around December 15. On December 20, Comcast announced that, because of the pending tax cut and recent repeal of net neutrality rules, it would give "special bonuses" of $1,000 to more than 100,000 employees and invest more than $50 billion in infrastructure over the next five years. "With these investments, we expect to add thousands of new direct and indirect jobs," Comcast said at the time.

We examined Comcast's investment claims in an article on December 21. As it turns out, Comcast's annual investments already soared during the two-plus years that net neutrality rules were on the books, and the $50 billion amount could be achieved if those investments simply continued increasing by a modest amount."

AT&T logo So, a few workers received bigger bonuses while others lost their jobs. And, it is worse. AT&T fired about 700 workers after promising to increase investments by $1 billion of Congress passed the tax cuts bill. Congress did, and AT&T didn't wait to terminate workers.

One can conclude:

  1.  The investment claims, by ISPs and advocates of repealing net neutrality rules, were bogus,
  2. Voters either didn't pay attention or were duped by claims that net neutrality rules killed investments by telecoms,
  3. Voters were duped during the 2016 election into believing claims that tax cuts would create jobs,
  4. Voters accepted these job-creation promises without demanding any guarantees, and
  5. Tax cuts are being used to reward employees and managers with bigger bonuses.

The bigger bonuses are great, if you have a job. Regardless, we now see the results: tax cuts help companies and fewer jobs hurt workers. Repeal of net neutrality rules will hurt public libraries, the poor, and disabled persons. And, there's more to come as ISPs roll out their revised broadband services (with higher prices) without net neutrality rules.

Yes, this stinks. What do you think? Is this what you expected?


Facebook CEO Admits His Social Service Has Problems, And Promises To Do Better In 2018

Facebook logo Mark Zuckerberg, the CEO at Facebook, recently admitted that his social networking service has problems. And, he promised to do better in 2018. The article is important since it highlights the issues causing concerns for Mr. Zuckerberg. The Independent UK reported:

"Each year, the Facebook boss takes on a challenge to complete over the year. For 2018, he has promised to try and fix his company... He said that he had made the decision to concentrate on his own company this year because the world was so divided and he thinks he will "learn more by focusing intensely on these issues..." "

Huh? What else was he focused on instead? You'd think that he'd be focused 24/7/365 on a service with 23,265 employees and 2 billion monthly users worldwide.

The report by the Independent UK also described for Mr. Zuckerberg's concerns, which have implications for everyone:

"... Facebook has been blamed for helping spread hatred and division in the wake of the [2016 U.S.] election, as well as potentially helping with the spread of fake news that allowed it to tip in Donald Trump's favour. Even the site itself has admitted that it can be upsetting and disruptive for those who use it, in a press release that said using the site might be bad for you... He pointed to the fact that the rise of tech companies like Facebook and their increasing power over the internet meant that the internet was becoming centralized in a few powerful hands. He pointed to other technologies like crypto-currency as challenges to that, but said that overall people had "lost faith" in the power of the internet to decentralize things.

A number of complaints have pointed at Facebook's unprecedented power over the way the internet works as a danger. Facebook's ability to control much of the news people read has been blamed for the spread of fake reporting, for instance, and projects like Facebook's Free Basics tools have been blamed for undermining net neutrality. But many of those same projects have been attempts by Facebook to grow its user base... He said he would look at using new technologies – encryption as well as cryptocurrency – to help improve Facebook and the internet by allowing it to stop being controlled by just a few people..."

Regular readers of this blog are aware of the problems, many of which were discussed in prior posts:

Will Mr. Zuckerberg and his senior management team fix these problems? Can they? Some of the ad-targeting mechanisms (that create abuses) have been around for years. Given its history, the cynic in me thinks that Facebook can only get better. Will Facebook do better in 2018? Tell us what you think.


Report: Air Travel Globally During 2017 Was The Safest Year On Record

The Independent UK newspaper reported:

"The Dutch-based aviation consultancy, To70, has released its Civil Aviation Safety Review for 2017. It reports only two fatal accidents, both involving small turbo-prop aircraft, with a total of 13 lives lost. No jets crashed in passenger service anywhere in the world... The chances of a plane being involved in a fatal accident is now one in 16 million, according to the lead researcher, Adrian Young... The report warns that electronic devices in checked-in bags pose a growing potential danger: “The increasing use of lithium-ion batteries in electronics creates a fire risk on board aeroplanes as such batteries are difficult to extinguish if they catch fire... The UK has the best air-safety record of any major country. No fatal accidents involving a British airline have happened since the 1980s. The last was on 10 January 1989... In contrast, sub-Saharan Africa has an accident rate 44 per cent worse than the global average, according to the International Air Transport Association (IATA)..."

Read the full 2017 aviation safety report by To70. Below is a chart from the report.

Accident Data Chart from To70 Air Safety Review for 2017. Click to view larger version


Dozens of Companies Are Using Facebook to Exclude Older Workers From Job Ads

[Editor's note: everyone looks for a new job during their life. Today's guest blog post, by the reporters at ProPublica, explores an advertising practice by recruiters using social networking sites. Today's post is reprinted with permission.]

By Julia Angwin and Ariana Tobin of ProPublica, with Noam Scheiber, of The New York Times

A few weeks ago, Verizon placed an ad on Facebook to recruit applicants for a unit focused on financial planning and analysis. The ad showed a smiling, millennial-aged woman seated at a computer and promised that new hires could look forward to a rewarding career in which they would be "more than just a number."

Some relevant numbers were not immediately evident. The promotion was set to run on the Facebook feeds of users 25 to 36 years old who lived in the nation’s capital, or had recently visited there, and had demonstrated an interest in finance. For a vast majority of the hundreds of millions of people who check Facebook every day, the ad did not exist.

Verizon is among dozens of the nation's leading employers — including Amazon, Goldman Sachs, Target and Facebook itself — that placed recruitment ads limited to particular age groups, an investigation by ProPublica and The New York Times has found.

The ability of advertisers to deliver their message to the precise audience most likely to respond is the cornerstone of Facebook’s business model. But using the system to expose job opportunities only to certain age groups has raised concerns about fairness to older workers.

Several experts questioned whether the practice is in keeping with the federal Age Discrimination in Employment Act of 1967, which prohibits bias against people 40 or older in hiring or employment. Many jurisdictions make it a crime to “aid” or “abet” age discrimination, a provision that could apply to companies like Facebook that distribute job ads.

"It’s blatantly unlawful," said Debra Katz, a Washington employment lawyer who represents victims of discrimination.

Facebook defended the practice. "Used responsibly, age-based targeting for employment purposes is an accepted industry practice and for good reason: it helps employers recruit and people of all ages find work," said Rob Goldman, a Facebook vice president.

The revelations come at a time when the unregulated power of the tech companies is under increased scrutiny, and Congress is weighing whether to limit the immunity that it granted to tech companies in 1996 for third-party content on their platforms.

Facebook has argued in court filings that the law, the Communications Decency Act, makes it immune from liability for discriminatory ads.

Although Facebook is a relatively new entrant into the recruiting arena, it is rapidly gaining popularity with employers. Earlier this year, the social network launched a section of its site devoted to job ads. Facebook allows advertisers to select their audience, and then Facebook finds the chosen users with the extensive data it collects about its members.

The use of age targets emerged in a review of data originally compiled by ProPublica readers for a project about political ad placement on Facebook. Many of the ads include a disclosure by Facebook about why the user is seeing the ad, which can be anything from their age to their affinity for folk music.

The precision of Facebook’s ad delivery has helped it dominate an industry once in the hands of print and broadcast outlets. The system, called microtargeting, allows advertisers to reach essentially whomever they prefer, including the people their analysis suggests are the most plausible hires or consumers, lowering the costs and vastly increasing efficiency.

Targeted Facebook ads were an important tool in Russia’s efforts to influence the 2016 election. The social media giant has acknowledged that 126 million people saw Russia-linked content, some of which was aimed at particular demographic groups and regions. Facebook has also come under criticism for the disclosure that it accepted ads aimed at "Jew-haters" as well as housing ads that discriminated by race, gender, disability and other factors.

Other tech companies also offer employers opportunities to discriminate by age. ProPublica bought job ads on Google and LinkedIn that excluded audiences older than 40 — and the ads were instantly approved. Google said it does not prevent advertisers from displaying ads based on the user’s age. After being contacted by ProPublica, LinkedIn changed its system to prevent such targeting in employment ads.

The practice has begun to attract legal challenges. On Wednesday, a class-action complaint alleging age discrimination was filed in federal court in San Francisco on behalf of the Communications Workers of America and its members — as well as all Facebook users 40 or older who may have been denied the chance to learn about job openings. The plaintiffs’ lawyers said the complaint was based on ads for dozens of companies that they had discovered on Facebook.

The database of Facebook ads collected by ProPublica shows how often and precisely employers recruit by age. In a search for “part-time package handlers,” United Parcel Service ran an ad aimed at people 18 to 24. State Farm pitched its hiring promotion to those 19 to 35.

Some companies, including Target, State Farm and UPS, defended their targeting as a part of a broader recruitment strategy that reached candidates of all ages. The group of companies making this case included Facebook itself, which ran career ads on its own platform, many aimed at people 25 to 60. "We completely reject the allegation that these advertisements are discriminatory," said Goldman of Facebook.

After being contacted by ProPublica and the Times, other employers, including Amazon, Northwestern Mutual and the New York City Department of Education, said they had changed or were changing their recruiting strategies.

"We recently audited our recruiting ads on Facebook and discovered some had targeting that was inconsistent with our approach of searching for any candidate over the age of 18," said Nina Lindsey, a spokeswoman for Amazon, which targeted some ads for workers at its distribution centers between the ages of 18 and 50. "We have corrected those ads."

Verizon did not respond to requests for comment.

Several companies argued that targeted recruiting on Facebook was comparable to advertising opportunities in publications like the AARP magazine or Teen Vogue, which are aimed at particular age groups. But this obscures an important distinction. Anyone can buy Teen Vogue and see an ad. Online, however, people outside the targeted age groups can be excluded in ways they will never learn about.

"What happens with Facebook is you don’t know what you don’t know," said David Lopez, a former general counsel for the Equal Employment Opportunity Commission who is one of the lawyers at the firm Outten & Golden bringing the age-discrimination case on behalf of the communication workers union.

‘They Know I’m Dead’

Age discrimination on digital platforms is something that many workers suspect is happening to them, but that is often difficult to prove.

Mark Edelstein, a fitfully employed social-media marketing strategist who is 58 and legally blind, doesn’t pretend to know what he doesn’t know, but he has his suspicions.

Edelstein, who lives in St. Louis, says he never had serious trouble finding a job until he turned 50. “Once you reach your 50s, you may as well be dead,” he said. "I’ve gone into interviews, with my head of gray hair and my receding hairline, and they know I’m dead."

Edelstein spends most of his days scouring sites like LinkedIn and Indeed and pitching hiring managers with personalized appeals. When he scrolled through his Facebook ads on a Wednesday in December, he saw a variety of ads reflecting his interest in social media marketing: ads for the marketing software HubSpot ("15 free infographic templates!") and TripIt, which he used to book a trip to visit his mother in Florida.

What he didn’t see was a single ad for a job in his profession, including one identified by ProPublica that was being shown to younger users: a posting for a social media director job at HubSpot. The company asked that the ad be shown to people aged 27 to 40 who live or were recently living in the United States.

"Hypothetically, had I seen a job for a social media director at HubSpot, even if it involved relocation, I ABSOLUTELY would have applied for it," Edelstein said by email when told about the ad.

A HubSpot spokeswoman, Ellie Botelho, said that the job was posted on many sites, including LinkedIn, The Ladders and Built in Boston, and was open to anyone meeting the qualifications regardless of age or any other demographic characteristic.

She added that “the use of the targeted age-range selection on the Facebook ad was frankly a mistake on our part given our lack of experience using that platform for job postings and not a feature we will use again.”

For his part, Edelstein says he understands why marketers wouldn’t want to target ads at him: "It doesn’t surprise me a bit. Why would they want a 58-year-old white guy who’s disabled?"

Looking for ’Younger Blood’

Although LinkedIn is the leading online recruitment platform, according to an annual survey by SourceCon, an industry website. Facebook is rapidly increasing in popularity for employers.

One reason is that Facebook’s sheer size — two billion monthly active users, versus LinkedIn’s 530 million total members — gives recruiters access to types of workers they can’t find elsewhere.

Consider nurses, whom hospitals are desperate to hire. “They’re less likely to use LinkedIn,” said Josh Rock, a recruiter at a large hospital system in Minnesota who has expertise in digital media. "Nurses are predominantly female, there’s a larger volume of Facebook users. That’s what they use."

There are also millions of hourly workers who have never visited LinkedIn, and may not even have a résumé, but who check Facebook obsessively.

Deb Andrychuk, chief executive of the Arland Group, which helps employers place recruitment ads, said clients sometimes asked her firm to target ads by age, saying they needed “to start bringing younger blood” into their organizations. “It’s not necessarily that we wouldn’t take someone older,” these clients say, according to Andrychuk, “but if you could bring in a younger set of applicants, it would definitely work out better.”

Andrychuk said that “we coach clients to be open and not discriminate” and that after being contacted by The Times, her team updated all their ads to ensure they didn’t exclude any age groups.

But some companies contend that there are permissible reasons to filter audiences by age, as with an ad for entry-level analyst positions at Goldman Sachs that was distributed to people 18 to 64. A Goldman Sachs spokesman, Andrew Williams, said showing it to people above that age range would have wasted money: roughly 25 percent of those who typically click on the firm’s untargeted ads are 65 or older, but people that age almost never apply for the analyst job.

"We welcome and actively recruit applicants of all ages," Williams said. "For some of our social-media ads, we look to get the content to the people most likely to be interested, but do not exclude anyone from our recruiting activity."

Pauline Kim, a professor of employment law at Washington University in St. Louis, said the Age Discrimination in Employment Act, unlike the federal anti-discrimination statute that covers race and gender, allows an employer to take into account “reasonable factors” that may be highly correlated with the protected characteristic, such as cost, as long as they don’t rely on the characteristic explicitly.

The Question of Liability

In various ways, Facebook and LinkedIn have acknowledged at least a modest obligation to police their ad platforms against abuse.

Earlier this year, Facebook said it would require advertisers to "self-certify" that their housing, employment and credit ads were compliant with anti-discrimination laws, but that it would not block marketers from purchasing age-restricted ads.

Still, Facebook didn’t promise to monitor those certifications for accuracy. And Facebook said the self-certification system, announced in February, was still being rolled out to all advertisers.

LinkedIn, in response to inquiries by ProPublica, added a self-certification step that prevents employers from using age ranges once they confirm that they are placing an employment ad.

With these efforts evolving, legal experts say it is unclear how much liability the tech platforms could have. Some civil rights laws, like the Fair Housing Act, explicitly require publishers to assume liability for discriminatory ads.

But the Age Discrimination in Employment Act assigns liability only to employers or employment agencies, like recruiters and advertising firms.

The lawsuit filed against Facebook on behalf of the communications workers argues that the company essentially plays the role of an employment agency — collecting and providing data that helps employers locate candidates, effectively coordinating with the employer to develop the advertising strategies, informing employers about the performance of the ads, and so forth.

Regardless of whether courts accept that argument, the tech companies could also face liability under certain state or local anti-discrimination statutes. For example, California’s Fair Employment and Housing Act makes it unlawful to "aid, abet, incite, compel or coerce the doing" of discriminatory acts proscribed by the statute.

"They may have an obligation there not to aid and abet an ad that enables discrimination," said Cliff Palefsky, an employment lawyer based in San Francisco.

The question may hinge on Section 230 of the federal Communications Decency Act, which protects internet companies from liability for third-party content.

Tech companies have successfully invoked this law to avoid liability for offensive or criminal content — including sex trafficking, revenge porn and calls for violence against Jews. Facebook is currently arguing in Federal court that Section 230 immunizes it against liability for ad placement that blocks members of certain racial and ethnic groups from seeing the ads.

Related Reading ad object. List of coompanies and their age-based ads "Advertisers, not Facebook, are responsible for both the content of their ads and what targeting criteria to use, if any," Facebook argued in its motion to dismiss allegations that its ads violated a host of civil rights laws. The case does not allege age discrimination.

Eric Goldman, professor and co-director of the High Tech Law Institute at the Santa Clara University School of Law, who has written extensively about Section 230, says it is hard to predict how courts would treat Facebook’s age-targeting of employment ads.

Goldman said the law covered the content of ads, and that courts have made clear that Facebook would not be liable for an advertisement in which an employer wrote, say, “no one over 55 need apply.” But it is not clear how the courts would treat Facebook’s offering of age-targeted customization.

According to a federal appellate court decision in a fair-housing case, a platform can be considered to have helped “develop unlawful content” that users play a role in generating, which would negate the immunity.

"Depending on how the targeting is happening, you can make potentially different sorts of arguments about whether or not Google or Facebook or LinkedIn is contributing to the development" of the ad, said Deirdre K. Mulligan, a faculty director of the Berkeley Center for Law and Technology.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


FCC Action To Kill Net Neutrality Will Likely Hurt Public Libraries, The Poor, And The Disabled

American Library Association logo Jim Neal, the president of the American Library Association, released a statement condemning the December 14th vote by the Republican-led U.S. Federal Communications Commission (FCC) to kill net neutrality protections for internet users:

"The majority of the FCC has just dealt a blow to equitable access to online information and services which puts libraries, our patrons, and America’s communities at risk... By rolling back essential and enforceable net neutrality protections, the FCC has enabled commercial interests at the expense of the public who depends on the internet as their primary means of information gathering, learning, and communication. We will continue to fight the FCC’s decision and advocate for strong, enforceable net neutrality protections."

New York Public Library logo The Verge interviewed New York Public Library (NYPL) president Tony Marx, and Greg Cam the NYPL director of information policy. During 2017, the NYPL provided 3.1 million computer sessions across all branches (using 4,700 computers), plus 3 million wireless sessions. Based upon that activity, Marx said:

"... the simple fact is that the poorest of New York rely on the library as the only place they can go and get free use of computers and free Wi-Fi. It’s one of the reasons why the library is the most visited civic institution in New York. We have also, in recent years, been lending people what we call hot spots, which are Wi-Fi boxes they can take home, typically for a year. That gives them digital access at home — broadband access — which something like 2 million New Yorkers can’t afford and don’t have..."

And, New York City is one of the more prosperous areas of the country. It makes one wonder how citizens in poor or rural areas; or in areas without any public libraries will manage. Disabled users will also be negatively affected by the FCC vote. Marx explained:

"... the New York Public Library runs the Andrew Heiskell Library for the visually impaired. I believe it is a three-state depository, so it plays a role in getting access in all the ways you described — not just in New York City but way beyond. A lot of that now happens online and it could simply stop working, which means they’re gonna cut people off completely."

Cram explained the wide range of tasks people use the internet for at public libraries:

"Our users depend on the library, and libraries in general, for things like completing homework assignments, locating e-government resources, e-government services, accessing oral histories and primary source materials. Things that are resource-intensive like video and audio and image collections are dependent on a free and open internet. Also things like applying and interviewing for jobs. More and more jobs involve a first round of interviews that are done over the internet. If we have to put things in the slow lane, we’re worried about those interview services being downgraded."

"Slow lanes" are one of about five possible consequences by the FCC decision to kill net neutrality. Marx summarized the concerns of many library managers:

"We live in a world where access to information is essential for opportunity, for learning, for success, for civic life, for checking facts. Anything that reduces that, particularly for people who can’t afford alternatives, is a body blow to the basic democratic principles that the library stands for. Whether people or the library are shoved to the slow lane, and/or forced to pay to be in the fast lane with resources that are already stretched thin, is really sort of shocking. To put it sort of bluntly, the FCC should be defending communications."

Basically, internet access is a utility like water or electricity; something corporate providers have long denied and fought. Everyone needs and uses broadband internet. What are your opinions?


The Limitations And Issues With Facial Recognition Software

We've all seen television shows where police technicians use facial recognition software to swiftly and accurately identify suspects, or catch the bad guys. How accurate is that? An article in The Guardian newspaper discussed the promises, limitations, and issues with facial recognition software used by law enforcement:

"The software, which has taken an expanding role among law enforcement agencies in the US over the last several years, has been mired in controversy because of its effect on people of color. Experts fear that the new technology may actually be hurting the communities the police claims they are trying to protect... "It’s considered an imperfect biometric," said Clare Garvie, who in 2016 created a study on facial recognition software, published by the Center on Privacy and Technology at Georgetown Law, called The Perpetual Line-Up. "There’s no consensus in the scientific community that it provides a positive identification of somebody"... [Garvie's] report found that black individuals, as with so many aspects of the justice system, were the most likely to be scrutinized by facial recognition software in cases. It also suggested that software was most likely to be incorrect when used on black individuals – a finding corroborated by the FBI's own research. This combination, which is making Lynch’s and other black Americans’ lives excruciatingly difficult, is born from another race issue that has become a subject of national discourse: the lack of diversity in the technology sector... According to a 2011 study by the National Institute of Standards and Technologies (Nist), facial recognition software is actually more accurate on Asian faces when it’s created by firms in Asian countries, suggesting that who makes the software strongly affects how it works... Law enforcement agencies often don’t review their software to check for baked-in racial bias – and there aren’t laws or regulations forcing them to."


Facebook to Temporarily Block Advertisers From Excluding Audiences by Race

[Editor's note: today's guest blog post, by the reporters at ProPublica, discusses advertising practices by both Facebook, a popular social networking site, and some advertisers using the site. Today's post is reprinted with permission.]

By Julia Angwin, ProPublica

Facebook said it would temporarily stop advertisers from being able to exclude viewers by race while it studies the use of its ad targeting system.

“Until we can better ensure that our tools will not be used inappropriately, we are disabling the option that permits advertisers to exclude multicultural affinity segments from the audience for their ads,” Facebook Sheryl Sandberg wrote in a letter to the Congressional Black Caucus.

ProPublica disclosed last week that Facebook was still allowing advertisers to buy housing ads that excluded audiences by race, despite its promises earlier this year to reject such ads. ProPublica also found that Facebook was not asking housing advertisers that blocked other sensitive audience categories — by religion, gender, or disability — to “self-certify” that their ads were compliant with anti-discrimination laws.

Under the Fair Housing Act of 1968, it’s illegal to “to make, print, or publish, or cause to be made, printed, or published any notice, statement, or advertisement, with respect to the sale or rental of a dwelling that indicates any preference, limitation, or discrimination based on race, color, religion, sex, handicap, familial status, or national origin.” Violators face tens of thousands of dollars in fines.

In her letter, Sandberg said the company will examine how advertisers are using its exclusion tool — “focusing particularly on potentially sensitive segments” such as ads that exclude LGBTQ communities or people with disabilities. “During this review, no advertisers will be able to create ads that exclude multicultural affinity groups,” Facebook Vice President Rob Goldman said in an e-mailed statement.

Goldman said the results of the audit would be shared with “groups focused on discrimination in ads,” and that Facebook would work with them to identify further improvements and publish the steps it will take.

Sandberg’s letter to the Congressional Black Caucus is the outgrowth of a dialogue that has been ongoing since last year when ProPublica published its first article revealing Facebook was allowing advertisers to exclude people with an “ethnic affinity” for various minority groups, including African Americans, Asian Americans and Hispanics, from viewing their ads.

At that time, four members of the Congressional Black Caucus reached out to Facebook for an explanation. “This is in direct violation of the Fair Housing Act of 1968, and it is our strong desire to see Facebook address this issue immediately,” wrote the lawmakers.

The U.S. Department of Housing and Urban Development, which enforces the nation’s fair housing laws, opened an inquiry into Facebook’s practices.

But in February, Facebook said it had solved the problem — by building an algorithm that would allow it to spot and reject housing, employment and credit ads that discriminated using racial categories. For audiences not selected by race, Facebook said it would require advertisers to “self-certify” that their ads were compliant with the law.

HUD closed its inquiry. But last week, ProPublica successfully purchased dozens of racist, sexist and otherwise discriminatory ads for a fictional housing company advertising a rental. None of the ads were rejected and none required a self-certification. Facebook said it was a “technical failure” and vowed to fix the problem.

U.S. Rep. Robin Kelly, D-Ill., said that Facebook’s actions to disable the feature are “an appropriate action.” “When I first raised this issue with Facebook, I was disappointed. When it became necessary to raise the issue again, I was irritated,” she said. “I will continue watching this issue very closely to ensure these issues do not raise again.”

Filed under:

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

 


Security Researchers Announce Another Method To Defeat Apple Face ID

Bkav-artificial-mask
You may remember, earlier this year Apple launched its iPhone X with Face ID feature for users to unlock their phones:

"Your face is now your password. Face ID is a secure and private new way to unlock, authenticate, and pay... Face ID is enabled by the TrueDepth camera and is simple to set up. It projects and analyzes more than 30,000 invisible dots to create a precise depth map of your face."

Like it or not, there is no security system for your smartphone that can't be defeated. Mashable reported yesterday that security researchers have found another method to defeat Face ID:

"The same Vietnamese team that managed to trick Face ID with an elaborately constructed mask now says it has found a way to create a replicated face capable of unlocking Apple's latest and greatest biometric using a series of surreptitiously snagged photographs. Apple has copped to the fact that Face ID, for all its technical prowess, isn't perfect. It can be tricked by twins. For

The Bkav researchers explained in a blog post how their crude mask defeated Face ID:

"Bkav used a 3D mask (which costs ~200 USD), made of stone powder, with glued 2D images of the eyes. Bkav experts found out that stone powder can replace paper tape (used in previous mask) to trick Face ID' AI at higher scores. The eyes are printed infrared images – the same technology that Face ID itself uses to detect facial image. These materials and tools are casual for anyone. An iPhone X has its highest security options enabled, then has the owner's face enrolled to set up Face ID, then is immediately put in front of the mask, iPhone X is unlocked immediately. There is absolutely no learning of Face ID with the new mask in this experiment."

The same blog post also explained how a three-dimensional model can defeat Face ID:

"Bkav researchers said that making 3D model is very simple. A person can be secretly taken photos in just a few seconds when entering a room containing a pre-setup system of cameras located at different angles. Then, the photos will be processed by algorithms to make a 3D object.

It can be said that, until now, Fingerprint is still the most secure biometric technology. Collecting a fingerprint is much harder than taking photos from a distance. Meanwhile, just by taking photos from a distance to create 3D objects as mentioned above, both Apple's Face ID and Samsung's Iris Scanner can be bypassed easily."

Experts advise consumers to continue using passcodes, especially for online banking apps. And high-value targets (e.g., senior corporate executives, government officials, politicians, attorneys, etc.) probably shouldn't use facial recognition features to unlock their mobile devices.

I guess that 3-D models will provide law enforcement (and spy agencies) with new ways to use their archived collections of facial images. The Guardian reported earlier this year:

"Approximately half of adult Americans’ photographs are stored in facial recognition databases that can be accessed by the FBI, without their knowledge or consent, in the hunt for suspected criminals. About 80% of photos in the FBI’s network are non-criminal entries, including pictures from driver’s licenses and passports. The algorithms used to identify matches are inaccurate about 15% of the time, and are more likely to misidentify black people than white people."

What do you think?


Uber: Data Breach Affected 57 Million Users. Some Say A Post Breach Coverup, Too

Uber logo Uber is in the news again. And not in a good way. The popular ride-sharing service experienced a data breach affecting 57 million users. While many companies experience data breaches, regulators say Uber went further and tried to cover it up.

First, details about the data breach. Bloomberg reported:

"Hackers stole the personal data of 57 million customers and drivers... Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers..."

Second, details about the coverup:

"... the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers... At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet."

Geez. Not tell regulators about a breach? Not tell affected users? 48 states have data breach notification laws requiring various levels of notifications. Consumers need notice in order to take action to protect themselves and their sensitive personal and payment information.

Third, Uber executives learned about the breach soon thereafter:

"Kalanick, Uber’s co-founder and former CEO, learned of the hack in November 2016, a month after it took place, the company said. Uber had just settled a lawsuit with the New York attorney general over data security disclosures and was in the process of negotiating with the Federal Trade Commission over the handling of consumer data. Kalanick declined to comment on the hack."

Reportedly, breach victims with stolen drivers license information will be offered free credit monitoring and identity theft services. Uber said that no Social Security numbers and credit card information was stolen during the breach, but one wonders if Uber and its executives can be trusted.

The company has a long history of sketchy behavior including the 'Greyball' worldwide program by executives to thwart code enforcement inspections by governments, dozens of employees fired or investigated for sexual harassment, a lawsuit descrbing how the company's mobile app allegedly scammed both riders and drivers, and privacy abuses with the 'God View' tool. TechCrunch reported that Uber:

"... reached a settlement with [New York State Attorney General] Schneiderman’s office in January 2016 over its abuse of private data in a rider-tracking system known as “God View” and its failure to disclose a previous data breach that took place in September 2014 in a timely manner."

Several regulators are investigating Uber's latest breach and alleged coverup. CNet reported:

"The New York State Attorney General has opened an investigation into the incident, which Uber made public Tuesday. Officials for Connecticut, Illinois and Massachusetts also confirmed they're investigating the hack. The New Mexico Attorney General sent Uber a letter asking for details of the hack and how the company responded. What's more, Uber appears to have broken a promise made in a Federal Trade Commission settlement not to mislead users about data privacy and security, a legal expert says... In addition to its agreement with the FTC, Uber is required to follow laws in New York and 47 other states that mandate companies to tell people when their drivers' license numbers are breached. Uber acknowledged Tuesday it had a legal requirement to disclose the breach."

The Financial Times reported that the U.K. Information Commissioner's Office is investigating the incident, along with the National Crime Agency and the National Cyber Security Centre. New data protection rules will go into effect in May, 2018 which will require companies to notify regulators within 72 hours of a cyber attack, or incur fines of up to 20 million Euro-dollars or 4 percent of annual global revenues.

Let's summarize the incident. It seems that a few months after settling a lawsuit about a data breach and its data security practices, the company had another data breach, paid the hackers to keep quiet about the breach and what they stole, and then allegedly chose not to tell affected users nor regulators about it, as required by prior settlement agreements, breach laws in most states, and breach laws in some international areas. Geez. What chutzpah!

What are your opinions of the incident? Can Uber and its executives be trusted?