277 posts categorized "Court Cases" Feed

Federal Reserve Board Fined Citigroup For Mishandling Residential Mortgages

Citibank logo The Federal Reserve Board (FRB) announced on Friday that it had fined Citigroup $8.6 million for the "improper execution of residential mortgage-related documents" in a subsidiary. The announcement explained:

"The $8.6 million penalty addresses the deficient execution and notarization of certain mortgage-related affidavits prepared by a subsidiary, CitiFinancial. The improper practices occurred in 2015 and were corrected. CitiFinancial exited the mortgage servicing business in 2017.

Also on Friday, the Board announced the termination of an enforcement action from 2011 against Citigroup and CitiFinancial related to residential mortgage loan servicing. The termination of this action was based on evidence of sustainable improvements."

In 2014, Citigroup paid $7 billion to settle allegations by the Department of Justice (DOJ) and several states attorneys general (AGs) that the bank mislead investors about toxic mortgage-backed securities. So, sloppy or shoddy handling of mortgage paperwork  will get a bank fined. Good. There must be consequences when consumers are abused.

Earlier this month, Wells Fargo admitted to software bugs in its systems which led to the bank accidentally foreclosing on residential homeowners it shouldn't have. 400 homeowners lost their homes. Untold consumers' credit ratings wrecked. That sounds like shabby mortgage paperwork handling, too -- definitely worth a larger fine. What do you think?


How the Case for Voter Fraud Was Tested — and Utterly Failed

[Editor's note: today's blog post, by reporters at ProPublica, explores the results of a trial in Kansas about the state's voter-ID laws and claims of voter fraud. It is reprinted with permission.]

By Jessica Huseman, ProPublica

In the end, the decision seemed inevitable. After a seven-day trial in Kansas City federal court in March, in which Kansas Secretary of State Kris Kobach needed to be tutored on basic trial procedure by the judge and was found in contempt for his “willful failure” to obey a ruling, even he knew his chances were slim. Kobach told The Kansas City Star at the time that he expected the judge would rule against him (though he expressed optimism in his chances on appeal).

Sure enough, federal Judge Julie Robinson overturned the law that Kobach was defending as lead counsel for the state, dealing him an unalloyed defeat. The statute, championed by Kobach and signed into law in 2013, required Kansans to present proof of citizenship in order to register to vote. The American Civil Liberties Union sued, contending that the law violated the National Voter Registration Act (AKA the “motor voter” law), which was designed to make it easy to register.

The trial had a significance that extends far beyond the Jayhawk state. One of the fundamental questions in the debate over alleged voter fraud — whether a substantial number of non-citizens are in fact registering to vote — was one of two issues to be determined in the Kansas proceedings. (The second was whether there was a less burdensome solution than what Kansas had adopted.) That made the trial a telling opportunity to remove the voter fraud claims from the charged, and largely proof-free, realms of political campaigns and cable news shoutfests and examine them under the exacting strictures of the rules of evidence.

That’s precisely what occurred and according to Robinson, an appointee of George W. Bush, the proof that voter fraud is widespread was utterly lacking. As the judge put it, “the court finds no credible evidence that a substantial number of non-citizens registered to vote” even under the previous law, which Kobach had claimed was weak.

For Kobach, the trial should’ve been a moment of glory. He’s been arguing for a decade that voter fraud is a national calamity. Much of his career has been built on this issue, along with his fervent opposition to illegal immigration. (His claim is that unlawful immigrants are precisely the ones voting illegally.) Kobach, who also co-chaired the Trump administration’s short-lived commission on voter fraud, is perhaps the individual most identified with the cause of sniffing out and eradicating phony voter registration. He’s got a gilded resume, with degrees from Harvard University, Yale Law School and the University of Oxford, and is seen as both the intellect behind the cause and its prime advocate. Kobach has written voter laws in other jurisdictions and defended them in court. If anybody ever had time to marshal facts and arguments before a trial, it was Kobach.

But things didn’t go well for him in the Kansas City courtroom, as Robinson’s opinion made clear. Kobach’s strongest evidence of non-citizen registration was anemic at best: Over a 20-year period, fewer than 40 non-citizens had attempted to register in one Kansas county that had 130,000 voters. Most of those 40 improper registrations were the result of mistakes or confusion rather than intentional attempts to mislead, and only five of the 40 managed to cast a vote.

One of Kobach’s own experts even rebutted arguments made by both Kobach and President Donald Trump. The expert testified that a handful of improper registrations could not be extrapolated to conclude that 2.8 million fraudulent votes — roughly, the gap between Hillary Clinton and Trump in the popular vote tally — had been cast in the 2016 presidential election. Testimony from a second key expert for Kobach also fizzled.

As the judge’s opinion noted, Kobach insisted the meager instances of cheating revealed at trial are just “the tip of the iceberg.” As she explained, “This trial was his opportunity to produce credible evidence of that iceberg, but he failed to do so.” Dismissing the testimony by Kobach’s witnesses as unpersuasive, Robinson drew what she called “the more obvious conclusion that there is no iceberg; only an icicle largely created by confusion and administrative error.”

By the time the trial was over, Kobach, a charismatic 52-year-old whose broad shoulders and imposing height make him resemble an aging quarterback, seemed to have shrunk inside his chair at the defense table.

But despite his defeat, Kobach’s causes — restricting immigration and tightening voting requirements — seem to be enjoying favorable tides elsewhere. Recent press accounts noted Kobach’s role in restoring a question about citizenship, abandoned since 1950, to U.S. Census forms for 2020. And the Supreme Court ruled on June 11 that the state of Ohio can purge voters from its rolls when they fail to vote even a single time and don’t return a mailing verifying their address, a provision that means more voters will need to re-register and prove their eligibility again.

For his own part, Kobach is now a candidate for governor of Kansas, running neck and neck with the incumbent in polls for the Republican primary on Aug. 7. It’s not clear whether the verdict will affect his chances — or whether it will lead him and others to quietly retreat from claims of voter fraud. But the judge’s opinion and expert interviews reveal that Kobach effectively put the concept of mass voter fraud to the test — and the evidence crumbled.

Perhaps it was an omen. Before Kobach could enter the courtroom inside the Robert J. Dole U.S. Courthouse each day, he had to pass through a hallway whose walls featured a celebratory display entitled “Americans by Choice: The Story of Immigration and Citizenship in Kansas.” Photographs of people who’d been sworn in as citizens in that very courthouse were superimposed on the translucent window shades.

Public interest in the trial was high. The seating area quickly filled to capacity on the first day of trial on the frigid morning of March 6. The jury box was opened to spectators; it wouldn’t be needed, as this was a bench trial. Those who couldn’t squeeze in were sent to a lower floor, where a live feed had been prepared in a spillover room.

From the moment the trial opened, Kobach and his co-counsels in the Kansas secretary of state’s office, Sue Becker and Garrett Roe, stumbled over the most basic trial procedures. Their mistakes antagonized the judge. “Evidence 101,” Robinson snapped, only minutes into the day, after Kobach’s team attempted to improperly introduce evidence. “I’m not going to do it.”

Matters didn’t improve for Kobach from there.

Throughout the trial, his team’s repeated mishaps and botched cross examinations cost hours of the court’s time. Robinson was repeatedly forced to step into the role of law professor, guiding Kobach, Becker and Roe through courtroom procedure. “Do you know how to do the next step, if that’s what you’re going to do?” the judge asked Becker at one point, as she helped her through the steps of impeaching a witness. “We’re going to follow the rules of evidence here.”

Becker often seemed nervous. She took her bright red glasses off and on. At times she burst into nervous chuckles after a misstep. She laughed at witnesses, skirmished with the judge and even taunted the lawyers for the ACLU. “I can’t wait to ask my questions on Monday!” she shouted at the end of the first week, jabbing a finger in the direction of Dale Ho, the lead attorney for the plaintiffs. Ho rolled his eyes.

Roe was gentler — deferential, even. He often admitted he didn’t know what step came next, asking the judge for help. “I don’t — I don’t know if this one is objectionable. I hope it’s not,” he offered at one point, as he prepared to ask a question following a torrent of sustained objections. “I’ll let you know,” an attorney for the plaintiffs responded, to a wave of giggles in the courtroom. On the final day of trial, as Becker engaged in yet another dispute with the judge, Roe slapped a binder to his forehead and audibly whispered, “Stop talking. Stop talking.”

Kobach’s cross examinations were smoother and better organized, but he regularly attempted to introduce exhibits — for example, updated state statistics that he had failed to provide the ACLU in advance to vet — that Robinson ruled were inadmissible. As the trial wore on, she became increasingly irritated. She implored Kobach to “please read” the rules on which she based her rulings, saying his team had repeated these errors “ad nauseum.”

Kobach seemed unruffled. Instead of heeding her advice, he’d proffer the evidence for the record, a practice that allows the evidence to be preserved for appeal even if the trial judge refuses to admit it. Over the course of the trial, Kobach and his team would do this nearly a dozen times.

Eventually, Robinson got fed up. She asked Kobach to justify his use of proffers. Kobach, seemingly alarmed, grabbed a copy of the Federal Rules of Civil Procedure — to which he had attached a growing number of Post-it notes — and quickly flipped through it, trying to find the relevant rule.

The judge tried to help. “It’s Rule 26, of course, that’s been the basis for my rulings,” she told Kobach. “I think it would be helpful if you would just articulate under what provision of Rule 26 you think this is permissible.” Kobach seemed to play for time, asking clarifying questions rather than articulating a rationale. Finally, the judge offered mercy: a 15-minute break. Kobach’s team rushed from the courtroom.

It wasn’t enough to save him. In her opinion, Robinson described “a pattern and practice by Defendant [Kobach] of flaunting disclosure and discovery rules.” As she put it, “it is not clear to the Court whether Defendant repeatedly failed to meet his disclosure obligations intentionally or due to his unfamiliarity with the federal rules.” She ordered Kobach to attend the equivalent of after-school tutoring: six hours of extra legal education on the rules of civil procedure or the rules of evidence (and to present the court with a certificate of completion).

It’s always a bad idea for a lawyer to try the patience of a judge — and that’s doubly true during a bench trial, when the judge will decide not only the law, but also the facts. Kobach repeatedly annoyed Robinson with his procedural mistakes. But that was nothing next to what the judge viewed as Kobach’s intentional bad faith.

This view emerged in writing right after the trial — that’s when Robinson issued her ruling finding Kobach in contempt — but before the verdict. And the conduct that inspired the contempt finding had persisted over several years. Robinson concluded that Kobach had intentionally failed to follow a ruling she issued in 2016 that ordered him to restore the privileges of 17,000 suspended Kansas voters.

In her contempt ruling, the judge cited Kobach’s “history of noncompliance” with the order and characterized his explanations for not abiding by it as “nonsensical” and “disingenuous.” She wrote that she was “troubled” by Kobach’s “failure to take responsibility for violating this Court’s orders, and for failing to ensure compliance over an issue that he explicitly represented to the Court had been accomplished.” Robinson ordered Kobach to pay the ACLU’s legal fees for the contempt proceeding.

That contempt ruling was actually the second time Kobach was singled out for punishment in the case. Before the trial, a federal magistrate judge deputized to oversee the discovery portion of the suit fined him $1,000 for making “patently misleading representations” about a voting fraud document Kobach had prepared for Trump. Kobach paid the fine with a state credit card.

More than any procedural bumbling, the collapse of Kobach’s case traced back to the disintegration of a single witness.

The witness was Jesse Richman, a political scientist from Old Dominion University, who has written studies on voter fraud. For this trial, Richman was paid $5,000 by the taxpayers of Kansas to measure non-citizen registration in the state. Richman was the man who had to deliver the goods for Kobach.

With his gray-flecked beard and mustache, Richman looked the part of an academic, albeit one who seemed a bit too tall for his suit and who showed his discomfort in a series of awkward, sudden movements on the witness stand. At moments, Richman’s testimony turned combative, devolving into something resembling an episode of The Jerry Springer Show. By the time he left the stand, Richman had testified for more than five punishing hours. He’d bickered with the ACLU’s lawyer, raised his voice as he defended his studies and repeatedly sparred with the judge.

“Wait, wait, wait!” shouted Robinson at one point, silencing a verbal free-for-all that had erupted among Richman, the ACLU’s Ho, and Kobach, who were all speaking at the same time. “Especially you,” she said, turning her stare to Richman. “You are not here to be an advocate. You are not here to trash the plaintiff. And you are not here to argue with me.”

Richman had played a small but significant part in the 2016 presidential campaign. Trump and others had cited his work to claim that illegal votes had robbed Trump of the popular vote. At an October 2016 rally in Wisconsin, the candidate cited Richman’s work to bolster his predictions that the election would be rigged. “You don’t read about this, right?” Trump told the crowd, before reading from an op-ed Richman had written for The Washington Post: “‘We find that this participation was large enough to plausibly account for Democratic victories in various close elections.’ Okay? All right?”

Richman’s 2014 study of non-citizen registration used data from the Cooperative Congressional Election Study — an online survey of more than 32,000 people. Of those, fewer than 40 individuals indicated they were non-citizens registered to vote. Based on that sample, Richman concluded that up to 2.8 million illegal votes had been cast in 2008 by non-citizens. In fact, he put the illegal votes at somewhere between 38,000 and 2.8 million — a preposterously large range — and then Trump and others simply used the highest figure.

Academics pilloried Richman’s conclusions. Two hundred political scientists signed an open letter criticizing the study, saying it should “not be cited or used in any debate over fraudulent voting.” Harvard’s Stephen Ansolabehere, who administered the CCES, published his own peer-reviewed paper lambasting Richman’s work. Indeed, by the time Trump read Richman’s article onstage in 2016, The Washington Post had already appended a note to the op-ed linking to three rebuttals and a peer-reviewed study debunking the research.

None of that discouraged Kobach or Trump from repeating Richman’s conclusions. They then went a few steps further. They took the top end of the range for the 2008 election, assumed that it applied to the 2016 election, too, and further assumed that all of the fraudulent ballots had been cast for Clinton.

Some of those statements found their way into the courtroom, when Ho pressed play on a video shot by The Kansas City Star on Nov. 30, 2016. Kobach had met with Trump 10 days earlier and had brought with him a paper decrying non-citizen registration and voter fraud. Two days later, Trump tweeted that he would have won the popular vote if not for “millions of people who voted illegally.”

On the courtroom’s televisions, Kobach appeared, saying Trump’s tweet was “absolutely correct.” Without naming Richman, Kobach referred to his study: The number of non-citizens who said they’d voted in 2008 was far larger than the popular vote margin, Kobach said on the video. The same number likely voted again in 2016.

In the courtroom, Ho asked Richman if he believed his research supported such a claim. Richman stammered. He repeatedly looked at Kobach, seemingly searching for a way out. Ho persisted and finally, Richman gave his answer: “I do not believe my study provides strong support for that notion.”

To estimate the number of non-citizens voting in Kansas, Richman had used the same methodology he employed in his much-criticized 2014 study. Using samples as small as a single voter, he’d produced surveys with wildly different estimates of non-citizen registration in the state. The multiple iterations confused everyone in the courtroom.

“For the record, how many different data sources have you provided?” Robinson interjected in the middle of one Richman answer. “You provide a range of, like, zero to 18,000 or more.”

“I sense the frustration,” Richman responded, before offering a winding explanation of the multiple data sources and surveys he’d used to arrive at a half-dozen different estimates. Robinson cut him off. “Maybe we need to stop here,” she said.

“Your honor, let me finish answering your question,” he said.

“No, no. I’m done,” she responded, as he continued to protest. “No. Dr. Richman, I’m done.”

To refute Richman’s numbers, the ACLU called on Harvard’s Ansolabehere, whose data Richman had relied on in the past. Ansolabehere testified that Richman’s sample sizes were so small that it was just as possible that there were no non-citizens registered to vote in Kansas as 18,000. “There’s just a great deal of uncertainty with these estimates,” he said.

Ho asked if it would be accurate to say that Richman’s data “shows a rate of non-citizen registration in Kansas that is not statistically distinct from zero?”

“Correct.”

The judge was harsher than Ansolabehere in her description of Richman’s testimony. In her opinion, Robinson unloaded a fusillade of dismissive adjectives, calling Richman’s conclusions “confusing, inconsistent and methodologically flawed,” and adding that they were “credibly dismantled” by Ansolabehere. She labeled elements of Richman’s testimony “disingenuous” and “misleading,” and stated that she gave his research “no weight” in her decision.

One of the paradoxes of Kobach is that he has become a star in circles that focus on illegal immigration and voting fraud despite poor results in the courtroom. By ProPublica’s count, Kobach chalked up a 2–6 won-lost record in federal cases in which he was played a major role, and which reached a final disposition before the Kansas case.

Those results occurred when Kobach was an attorney for the legal arm of the Federation for American Immigration Reform from 2004 to 2011, when he became secretary of state in Kansas. In his FAIR role (in which he continued to moonlight till about 2014), Kobach traveled to places like Fremont, Nebraska, Hazleton, Pennsylvania, Farmers Branch, Texas, and Valley Park, Missouri, to help local governments write laws that attempted to hamper illegal immigration, and then defend them in court. Kobach won in Nebraska, but lost in Texas and Pennsylvania, and only a watered down version of the law remains in Missouri.

The best-known law that Kobach helped shape before joining the Kansas government in 2011 was Arizona’s “show me your papers” law. That statute allowed police to demand citizenship documents for any reason from anyone they thought might be in the country illegally. After it passed, the state paid Kobach $300 an hour to train law enforcement on how to legally arrest suspected illegal immigrants. The Supreme Court gutted key provisions of the law in 2012.

Kobach also struggled in two forays into political campaigning. In 2004, he lost a race for Congress. He also drew criticism for his stint as an informal adviser to Mitt Romney’s 2012 presidential campaign. Kobach was the man responsible for Romney’s much-maligned proposal that illegal immigrants “self-deport,” one reason Romney attracted little support among Latinos. Romney disavowed Kobach even before the campaign was over, telling media outlets that he was a “supporter,” not an adviser.

Trump’s election meant Kobach’s positions on immigration would be welcome in the White House. Kobach lobbied for, but didn’t receive, an appointment as Secretary of Homeland Security. He was, however, placed in charge of the voter fraud commission, a pet project of Trump’s. Facing a raft of lawsuits and bad publicity, the commission was disbanded little more than six months after it formally launched.

Back at home, Kobach expanded his power as secretary of state. Boasting of his experience as a law professor and scholar, Kobach convinced the state legislature to give him the authority to prosecute election crimes himself, a power wielded by no other secretary of state. In that role, he has obtained nine guilty pleas against individuals for election-related misdemeanors. Only one of those who pleaded guilty, as it happens, was a non-citizen.

He also persuaded Kansas’ attorney general to allow Kobach to represent the state in the trial of Kansas’ voting law. Kobach argued it was a bargain. As he told The Wichita Eagle at the time, “The advantage is the state gets an experienced appellate litigator who is a specialist in this field and in constitutional law for the cost the state is already paying, which is my salary.”

Kobach fared no better in the second main area of the Kansas City trial than he had in the first. This part explored whether there is a less burdensome way of identifying non-citizens than forcing everyone to show proof of citizenship upon registration. Judge Robinson would conclude that there were many alternatives that were less intrusive.

In his opening, Ho of the ACLU spotlighted a potentially less intrusive approach. Why not use the Department of Homeland Security’s Systematic Alien Verification for Entitlements System list, and compare the names on it to the Kansas voter rolls? That, Ho argued, could efficiently suss out illegal registrations.

Kobach told the judge that simply wasn’t feasible. The list, he explained, doesn’t contain all non-citizens in the country illegally — it contains only non-citizens legally present and those here illegally who register in some way with the federal government. Plus, he told Robinson, in order to really match the SAVE list against a voter roll, both datasets would have to contain alien registration numbers, the identifier given to non-citizens living in the U.S. “Those are things that a voter registration system doesn’t have,” he said. “So, the SAVE system does not work.”

But Kobach had made the opposite argument when he headed the voter fraud commission. There, he’d repeatedly advocated the use of the SAVE database. Appearing on Fox News in May 2017, shortly after the commission was established, Kobach said, “The Department of Homeland Security knows of the millions of aliens who are in the United States legally and that data that’s never been bounced against the state’s voter rolls to see whether these people are registered.” He said the federal databases “can be very valuable.”

A month later, as chief of the voting fraud commission, Kobach took steps to compare state information to the SAVE database. He sent a letter to all 50 secretaries of state requesting their voter rolls. Bipartisan outrage ensued. Democrats feared he would use the rolls to encourage states to purge legitimately registered voters. Republicans labelled the request federal overreach.

At trial, Kobach’s main expert on this point was Hans von Spakovsky, another member of the voter fraud commission. He, too, had been eager in commission meetings to match state voter rolls to the SAVE database.

But like Kobach, von Spakovsky took a different tack at trial. He testified that this database was unusable by elections offices. “In your experience and expertise as an election administrator and one who studies elections,” Kobach asked, “is [the alien registration number] a practical or even possible thing for a state to do in its voter registration database?” Von Spakovsky answered, “No, it is not.”

Von Spakovsky and Kobach have been friends for more than a decade. They worked together at the Department of Justice under George W. Bush. Kobach focused on immigration issues — helping create a database to register visitors to the U.S. from countries associated with terrorism — while von Spakovsky specialized in voting issues; he had opposed the renewal of the Voting Rights Act.

Von Spakovsky’s history as a local elections administrator in Fairfax County, Va., qualified him as an expert on voting fraud. Between 2010 and 2012, while serving as vice chairman of the county’s three-member electoral board, he’d examined the voter rolls and found what he said were 300 registered non-citizens. He’d pressed for action against them, but none came. Von Spakovsky later joined the Heritage Foundation, where he remains today, generating research that underpins the arguments of those who claim mass voter fraud.

Like Richman, von Spakovsky seemed nervous on the stand, albeit not combative. He wore wire-rimmed glasses and a severe, immovable expression. Immigration is a not-so-distant feature of his family history: His parents — Russian and German immigrants — met in a refugee camp in American-occupied Germany after World War II before moving to the U.S.

Von Spakovsky had the task of testifying about what was intended to be a key piece of evidence for Kobach’s case: a spreadsheet of 38 non-citizens who had registered to vote, or attempted to register, in a 20-year period in Sedgwick County, Kansas.

But the 38 non-citizens turned out to be something less than an electoral crime wave. For starters, some of the 38 had informed Sedgwick County that they were non-citizens. One woman had sent her registration postcard back to the county with an explanation that it was a “mistake” and that she was not a citizen. Another listed an alien registration number — which tellingly begins with an “A” — instead of a Social Security number on the voter registration form. The county registered her anyway.

When von Spakovsky took the stand, he had to contend with questions that suggested he had cherry-picked his data. (The judge would find he had.) In his expert report, von Spakovsky had referenced a 2005 report by the Government Accountability Office that polled federal courts to see how many non-citizens had been excused from jury duty for being non-citizens — a sign of fraud, because jurors are selected from voter rolls. The GAO report mentioned eight courts. Only one said it had a meaningful number of jury candidates who claimed to be non-citizens: “between 1 and 3 percent” had been dismissed on these grounds. This was the only court von Spakovsky mentioned in his expert report.

His report also cited a 2012 TV news segment from an NBC station in Fort Myers, Fla. Reporters claimed to have discovered more than 100 non-citizens on the local voter roll.

“Now, you know, Mr. von Spakovsky, don’t you, that after this NBC report there was a follow-up by the same NBC station that determined that at least 35 of those 100 individuals had documentation to prove they were, in fact, United States citizens. Correct?” Ho asked. “I am aware of that now, yes,” von Spakovsky replied.

That correction had been online since 2012 and Ho had asked von Spakovsky the same question almost two years before in a deposition before the trial. But von Spakovsky never corrected his expert report.

Under Ho’s questioning, von Spakovsky also acknowledged a false assertion he made in 2011. In a nationally syndicated column for McClatchy, von Spakovsky claimed a tight race in Missouri had been decided by the illegal votes of 50 Somali nationals. A month before the column was published, a Missouri state judge ruled that no such thing had happened.

On the stand, von Spakovsky claimed he had no knowledge of the ruling when he published the piece. He conceded that he never retracted the assertion.

Kobach, who watched the exchange without objection, had repeatedly made the same claim — even after the judge ruled it was false. In 2011, Kobach wrote a series of columns using the example as proof of the need for voter ID, publishing them in outlets ranging from the Topeka Capital-Journal to the Wall Street Journal and the Washington Post. In 2012, he made the claim in an article published in the Syracuse Law Review. In 2013, he wrote an op-ed for the Kansas City Star with the same example: “The election was stolen when Rizzo received about 50 votes illegally cast by citizens of Somalia.” None of those articles have ever been corrected.

Ultimately, Robinson would lacerate von Spakovsky’s testimony, much as she had Richman’s. Von Spakovsky’s statements, the judge wrote, were “premised on several misleading and unsupported examples” and included “false assertions.” As she put it, “His generalized opinions about the rates of noncitizen registration were likewise based on misleading evidence, and largely based on his preconceived beliefs about this issue, which has led to his aggressive public advocacy of stricter proof of citizenship laws.”

There was one other wobbly leg holding up the argument that voter fraud is rampant: the very meaning of the word “fraud.”

Kobach’s case, and the broader claim, rely on an extremely generous definition. Legal definitions of fraud require a person to knowingly be deceptive. But both Kobach and von Spakovsky characterized illegal ballots as “fraud” regardless of the intention of the voter.

Indeed, the nine convictions Kobach has obtained in Kansas are almost entirely made up of individuals who didn’t realize they were doing something wrong. For example, there were older voters who didn’t understand the restrictions and voted in multiple places they owned property. There was also a college student who’d forgotten she’d filled out an absentee ballot in her home state before voting months later in Kansas. (She voted for Trump both times.)

Late in the trial, the ACLU presented Lorraine Minnite, a professor at Rutgers who has written extensively about voter fraud, as a rebuttal witness. Her book, “The Myth of Voter Fraud,” concluded that almost all instances of illegal votes can be chalked up to misunderstandings and administrative error.

Kobach sent his co-counsel, Garrett Roe, to cross-examine her. “It’s your view that what matters is the voter’s knowledge that his or her action is unlawful?” Roe asked. “In a definition of fraud, yes,” said Minnite. Roe pressed her about this for several questions, seemingly surprised that she wouldn’t refer to all illegal voting as fraud.

Minnite stopped him. “The word ‘fraud’ has meaning, and that meaning is that there’s intent behind it. And that’s actually what Kansas laws are with respect to illegal voting,” she said. “You keep saying my definition” she said, putting finger quotes around “my.” “But, you know, it’s not like it’s a freak definition.”

Kobach had explored a similar line of inquiry with von Spakovsky, asking him if the list of 38 non-citizens he’d reviewed could be absolved of “fraud” because they may have lacked intent.

“No,” von Spakovsky replied, “I think any time a non-citizen registers, any time a non-citizen votes, they are — whether intentionally or by accident, I mean — they are defrauding legitimate citizens from a fair election.”

After Kobach concluded his questions, the judge began her own examination of von Spakovsky.

“I think it’s fair to say there’s a pretty good distinction in terms of how the two of you define fraud,” the judge said, explaining that Minnite focused on intent, while she understood von Spakovsky’s definition to include any time someone who wasn’t supposed to vote did so, regardless of reason. “Would that be a fair characterization?” she asked.

“Yes ma’am,” von Spakovsky replied.

The judge asked whether a greater number of legitimate voters would be barred from casting ballots under the law than fraudulent votes prevented. In that scenario, she asked, “Would that not also be defrauding the electoral process?” Von Spakovsky danced around the answer, asserting that one would need to answer that question in the context of the registration requirements, which he deemed reasonable.

The judge cut him off. “Well that doesn’t really answer my question,” she said, saying that she found it contradictory that he wanted to consider context when examining the burden of registration requirements, but not when examining the circumstances in which fraud was committed.

“When you’re talking about … non-citizen voting, you don’t want to consider that in context of whether that person made a mistake, whether a DMV person convinced them they should vote,” she said. Von Spakovsky allowed that not every improper voter should be prosecuted, but insisted that “each ballot they cast takes away the vote of and dilutes the vote of actual citizens who are voting. And that’s —”

The judge interrupted again. “So, the thousands of actual citizens that should be able to vote but who are not because of the system, because of this law, that’s not diluting the vote and that’s not impairing the integrity of the electoral process, I take it?” she said.

Von Spakovsky didn’t engage with the hypothetical. He simply didn’t believe it was happening. “I don’t believe that this requirement prevents individuals who are eligible to register and vote from doing so.” Later, on the stand, he’d tell Ho he couldn’t think of a single law in the country that he felt negatively impacted anyone’s ability to register or vote.

Robinson, in the end, strongly disagreed. As she wrote in her opinion, “the Court finds that the burden imposed on Kansans by this law outweighs the state’s interest in preventing noncitizen voter fraud, keeping accurate voter rolls, and maintaining confidence in elections. The burden is not just on a ‘few voters,’ but on tens of thousands of voters, many of whom were disenfranchised” by Kobach’s law. The law, she concluded, was a bigger problem than the one it set out to solve, acting as a “deterrent to registration and voting for substantially more eligible Kansans than it has prevented ineligible voters from registering to vote.”

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


The DIY Revolution: Consumers Alter Or Build Items Previously Not Possible. Is It A Good Thing?

Recent advances in technology allow consumers to alter, customize, or build locally items previously not possible. These items are often referred to as Do-It-Yourself (DIY) products. You've probably heard DIY used in home repair and renovation projects on television. DIY now happens in some unexpected areas. Today's blog post highlights two areas.

DIY Glucose Monitors

Earlier this year, CNet described the bag an eight-year-old patient carries with her everywhere daily:

"... It houses a Dexcom glucose monitor and a pack of glucose tablets, which work in conjunction with the sensor attached to her arm and the insulin pump plugged into her stomach. The final item in her bag was an iPhone 5S. It's unusual for such a young child to have a smartphone. But Ruby's iPhone, which connects via Bluetooth to her Dexcom monitor, allowing [her mother] to read it remotely, illustrates the way technology has transformed the management of diabetes from an entirely manual process -- pricking fingers to measure blood sugar, writing down numbers in a notebook, calculating insulin doses and injecting it -- to a semi-automatic one..."

Some people have access to these new technologies, but many don't. Others want more connectivity and better capabilities. So, some creative "hacking" has resulted:

"There are people who are unwilling to wait, and who embrace unorthodox methods. (You can find them on Twitter via the hashtag #WeAreNotWaiting.) The Nightscout Foundation, an online diabetes community, figured out a workaround for the Pebble Watch. Groups such as Nightscout, Tidepool and OpenAPS are developing open-source fixes for diabetes that give major medical tech companies a run for their money... One major gripe of many tech-enabled diabetes patients is that the two devices they wear at all times -- the monitor and the pump -- don't talk to each other... diabetes will never be a hands-off disease to manage, but an artificial pancreas is basically as close as it gets. The FDA approved the first artificial pancreas -- the Medtronic 670G -- in October 2017. But thanks to a little DIY spirit, people have had them for years."

CNet shared the experience of another tech-enabled patient:

"Take Dana Lewis, founder of the open-source artificial pancreas system, or OpenAPS. Lewis started hacking her glucose monitor to increase the volume of the alarm so that it would wake her in the night. From there, Lewis tinkered with her equipment until she created a closed-loop system, which she's refined over time in terms of both hardware and algorithms that enable faster distribution of insulin. It has massively reduced the "cognitive burden" on her everyday life... JDRF, one of the biggest global diabetes research charities, said in October that it was backing the open-source community by launching an initiative to encourage rival manufacturers like Dexcom and Medtronic to open their protocols and make their devices interoperable."

Convenience and affordability are huge drivers. As you might have guessed, there are risks:

"Hacking a glucose monitor is not without risk -- inaccurate readings, failed alarms or the wrong dose of insulin distributed by the pump could have fatal consequences... Lewis and the OpenAPS community encourage people to embrace the build-your-own-pancreas method rather than waiting for the tech to become available and affordable."

Are DIY glucose monitors a good thing? Some patients think so as a way to achieve convenient and affordable healthcare solutions. That might lead you to conclude anything DIY is an improvement. Right? Keep reading.

DIY Guns

Got a 3-D printer? If so, then you can print your own DIY gun. How did this happen? How did the USA get to here? Wired explained:

"Five years ago, 25-year-old radical libertarian Cody Wilson stood on a remote central Texas gun range and pulled the trigger on the world’s first fully 3-D-printed gun... he drove back to Austin and uploaded the blueprints for the pistol to his website, Defcad.com... In the days after that first test-firing, his gun was downloaded more than 100,000 times. Wilson made the decision to go all in on the project, dropping out of law school at the University of Texas, as if to confirm his belief that technology supersedes law..."

The law intervened. Wilson stopped, took down his site, and then pursued a legal remedy:

"Two months ago, the Department of Justice quietly offered Wilson a settlement to end a lawsuit he and a group of co-plaintiffs have pursued since 2015 against the United States government. Wilson and his team of lawyers focused their legal argument on a free speech claim: They pointed out that by forbidding Wilson from posting his 3-D-printable data, the State Department was not only violating his right to bear arms but his right to freely share information. By blurring the line between a gun and a digital file, Wilson had also successfully blurred the lines between the Second Amendment and the First."

So, now you... anybody with an internet connection and a 3-D printer (and a computer-controlled milling machine for some advanced parts)... can produce their own DIY gun. No registration required. No licenses nor permits. No training required. And, that's anyone anywhere in the world.

Oh, there's more:

"The Department of Justice's surprising settlement, confirmed in court documents earlier this month, essentially surrenders to that argument. It promises to change the export control rules surrounding any firearm below .50 caliber—with a few exceptions like fully automatic weapons and rare gun designs that use caseless ammunition—and move their regulation to the Commerce Department, which won't try to police technical data about the guns posted on the public internet. In the meantime, it gives Wilson a unique license to publish data about those weapons anywhere he chooses."

As you might have guessed, Wilson is re-launching his website, but this time with blueprints for more DIY weaponry besides pistols: AR-15 rifles and semi-automatic weaponry. So, it will be easier for people to skirt federal and state gun laws. Is that a good thing?

You probably have some thoughts and concerns. I do. There are plenty of issues and questions. Are DIY products a good thing? Who is liable? How should laws be upgraded? How can society facilitate one set of DIY products and not the other? What related issues do you see? Any other notable DIY products?


New Jersey to Suspend Prominent Psychologist for Failing to Protect Patient Privacy

[Editor's note: today's guest blog post, by reporters at ProPublica, explores privacy issues within the healthcare industry. The post is reprinted with permission.]

By Charles Ornstein, ProPublica

A prominent New Jersey psychologist is facing the suspension of his license after state officials concluded that he failed to keep details of mental health diagnoses and treatments confidential when he sued his patients over unpaid bills.

The state Board of Psychological Examiners last month upheld a decision by an administrative law judge that the psychologist, Barry Helfmann, “did not take reasonable measures to protect the confidentiality of his patients’ protected health information,” Lisa Coryell, a spokeswoman for the state attorney general’s office, said in an e-mail.

The administrative law judge recommended that Helfmann pay a fine and a share of the investigative costs. The board went further, ordering that Helfmann’s license be suspended for two years, Coryell wrote. During the first year, he will not be able to practice; during the second, he can practice, but only under supervision. Helfmann also will have to pay a $10,000 civil penalty, take an ethics course and reimburse the state for some of its investigative costs. The suspension is scheduled to begin in September.

New Jersey began to investigate Helfmann after a ProPublica article published in The New York Times in December 2015 that described the lawsuits and the information they contained. The allegations involved Helfmann’s patients as well as those of his colleagues at Short Hills Associates in Clinical Psychology, a New Jersey practice where he has been the managing partner.

Helfmann is a leader in his field, serving as president of the American Group Psychotherapy Association, and as a past president of the New Jersey Psychological Association.

ProPublica identified 24 court cases filed by Short Hills Associates from 2010 to 2014 over unpaid bills in which patients’ names, diagnoses and treatments were listed in documents. The defendants included lawyers, business people and a manager at a nonprofit. In cases involving patients who were minors, the lawsuits included children’s names and diagnoses.

The information was subsequently redacted from court records after a patient counter-sued Helfmann and his partners, the psychology group and the practice’s debt collection lawyers. The patient’s lawsuit was settled.

Helfmann has denied wrongdoing, saying his former debt collection lawyers were responsible for attaching patients’ information to the lawsuits. His current lawyer, Scott Piekarsky, said he intends to file an immediate appeal before the discipline takes effect.

"The discipline imposed is ‘so disproportionate as to be shocking to one’s sense of fairness’ under New Jersey case law," Piekarsky said in a statement.

Piekarsky also noted that the administrative law judge who heard the case found no need for any license suspension and raised questions about the credibility of the patient who sued Helfmann. "We feel this is a political decision due to Dr. Helfmann’s aggressive stance" in litigation, he said.

Helfmann sued the state of New Jersey and Joan Gelber, a senior deputy attorney general, claiming that he was not provided due process and equal protection under the law. He and Short Hills Associates sued his prior debt collection firm for legal malpractice. Those cases have been dismissed, though Helfmann has appealed.

Helfmann and Short Hills Associates also are suing the patient who sued him, as well as the man’s lawyer, claiming the patient and lawyer violated a confidential settlement agreement by talking to a ProPublica reporter and sharing information with a lawyer for the New Jersey attorney general’s office without providing advance notice. In court pleadings, the patient and his lawyer maintain that they did not breach the agreement. Helfmann brought all three of these lawsuits in state court in Union County.

Throughout his career, Helfmann has been an advocate for patient privacy, helping to push a state law limiting the information an insurance company can seek from a psychologist to determine the medical necessity of treatment. He also was a plaintiff in a lawsuit against two insurance companies and a New Jersey state commission, accusing them of requiring psychologists to turn over their treatment notes in order to get paid.

"It is apparent that upholding the ethical standards of his profession was very important to him," Carol Cohen, the administrative law judge, wrote. "Having said that, it appears that in the case of the information released to his attorney and eventually put into court papers, the respondent did not use due diligence in being sure that confidential information was not released and his patients were protected."

Filed under:

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Supreme Court Ruling Requires Government To Obtain Search Warrants To Collect Users' Location Data

On Friday, the Supreme Court of the United States (SCOTUS) issued a decision which requires the government to obtain warrants in order to collect information from wireless carriers such as geo-location data. 9to5Mac reported that the court case resulted from:

"... a 2010 case of armed robberies in Detroit in which prosecutors used data from wireless carriers to make a conviction. In this case, lawyers had access to about 13,000 location data points. The sticking point has been whether access and use of data like this violates the Fourth Amendment. Apple, along with Google and Facebook had previously submitted a brief to the Supreme Court arguing for privacy protection..."

The Fourth Amendment in the U.S. Constitution states:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

The New York Times reported:

"The 5-to-4 ruling will protect "deeply revealing" records associated with 400 million devices, the chief justice wrote. It did not matter, he wrote, that the records were in the hands of a third party. That aspect of the ruling was a significant break from earlier decisions. The Constitution must take account of vast technological changes, Chief Justice Roberts wrote, noting that digital data can provide a comprehensive, detailed — and intrusive — overview of private affairs that would have been impossible to imagine not long ago. The decision made exceptions for emergencies like bomb threats and child abductions..."

Background regarding the Fourth Amendment:

"In a pair of recent decisions, the Supreme Court expressed discomfort with allowing unlimited government access to digital data. In United States v. Jones, it limited the ability of the police to use GPS devices to track suspects’ movements. And in Riley v. California, it required a warrant to search cellphones. Chief Justice Roberts wrote that both decisions supported the result in the new case.

The Supreme court's decision also discussed historical use of the "third-party doctrine" by law enforcement:

"In 1979, for instance, in Smith v. Maryland, the Supreme Court ruled that a robbery suspect had no reasonable expectation that his right to privacy extended to the numbers dialed from his landline phone. The court reasoned that the suspect had voluntarily turned over that information to a third party: the phone company. Relying on the Smith decision’s “third-party doctrine,” federal appeals courts have said that government investigators seeking data from cellphone companies showing users’ movements do not require a warrant. But Chief Justice Roberts wrote that the doctrine is of limited use in the digital age. “While the third-party doctrine applies to telephone numbers and bank records, it is not clear whether its logic extends to the qualitatively different category of cell-site records,” he wrote."

The ruling also covered the Stored Communications Act, which requires:

"... prosecutors to go to court to obtain tracking data, but the showing they must make under the law is not probable cause, the standard for a warrant. Instead, they must demonstrate only that there were “specific and articulable facts showing that there are reasonable grounds to believe” that the records sought “are relevant and material to an ongoing criminal investigation.” That was insufficient, the court ruled. But Chief Justice Roberts emphasized the limits of the decision. It did not address real-time cell tower data, he wrote, “or call into question conventional surveillance techniques and tools, such as security cameras.” "

What else this Supreme Court decision might mean:

"The decision thus has implications for all kinds of personal information held by third parties, including email and text messages, internet searches, and bank and credit card records. But Chief Justice Roberts said the ruling had limits. "We hold only that a warrant is required in the rare case where the suspect has a legitimate privacy interest in records held by a third party," the chief justice wrote. The court’s four more liberal members — Justices Ruth Bader Ginsburg, Stephen G. Breyer, Sonia Sotomayor and Elena Kagan — joined his opinion."

Dissenting opinions by conservative Justices cited restrictions on law enforcement's abilities and further litigation. Breitbart News focused upon divisions within the Supreme Court and dissenting Justices' opinions, rather than a comprehensive explanation of the majority's opinion and law. Some conservatives say that President Trump will have an opportunity to appoint two Supreme Court Justices.

Albert Gidari, the Consulting Director of Privacy at the Stanford Law Center for Internet and Society, discussed the Court's ruling:

"What a Difference a Week Makes. The government sought seven days of records from the carrier; it got two days. The Court held that seven days or more was a search and required a warrant. So can the government just ask for 6 days with a subpoena or court order under the Stored Communications Act? Here’s what Justice Roberts said in footnote 3: “[W]e need not decide whether there is a limited period for which the Government may obtain an individual’s historical CSLI free from Fourth Amendment scrutiny, and if so, how long that period might be. It is sufficient for our purposes today to hold that accessing seven days of CSLI constitutes a Fourth Amendment search.” You can bet that will be litigated in the coming years, but the real question is what will mobile carriers do in the meantime... Where You Walk and Perhaps Your Mere Presence in Public Spaces Can Be Private. The Court said this clearly: “A person does not surrender all Fourth Amendment protection by venturing into the public sphere. To the contrary, “what [one] seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.”” This is the most important part of the Opinion in my view. It’s potential impact is much broader than the location record at issue in the case..."

Mr. Gidari's essay explored several more issues:

  • Does the Decision Really Make a Difference to Law Enforcement?
  • Are All Business Records in the Hands of Third Parties Now Protected?
  • Does It Matter Whether You Voluntarily Give the Data to a Third Party?

And:

Most people carry their smartphones with them 24/7 and everywhere they go. Hence, the geo-location data trail contains unique and very personal movements: where and whom you visit, how often and long you visit, who else (e.g., their smartphones) is nearby, and what you do (e.g., calls, mobile apps) at certain locations. The Supreme Court, or at least a majority of its Justices, seem to recognize and value this.

What are your opinions of the Supreme Court ruling?


Why Your Health Insurer Doesn’t Care About Your Big Bills

[Editor's note: today's guest post, by the reporters at ProPublica, discusses pricing and insurance problems within the healthcare industry, and a resource most consumers probably are unaware of. It is reprinted with permission.]

By Marshall Allen, ProPublica

Michael Frank ran his finger down his medical bill, studying the charges and pausing in disbelief. The numbers didn’t make sense.

His recovery from a partial hip replacement had been difficult. He’d iced and elevated his leg for weeks. He’d pushed his 49-year-old body, limping and wincing, through more than a dozen physical therapy sessions.

NYU Langone Health logo The last thing he needed was a botched bill.

His December 2015 surgery to replace the ball in his left hip joint at NYU Langone Medical Center in New York City had been routine. One night in the hospital and no complications.

Aetna Inc. logoHe was even supposed to get a deal on the cost. His insurance company, Aetna, had negotiated an in-network “member rate” for him. That’s the discounted price insured patients get in return for paying their premiums every month.

But Frank was startled to see that Aetna had agreed to pay NYU Langone $70,000. That’s more than three times the Medicare rate for the surgery and more than double the estimate of what other insurance companies would pay for such a procedure, according to a nonprofit that tracks prices.

Fuming, Frank reached for the phone. He couldn’t see how NYU Langone could justify these fees. And what was Aetna doing? As his insurer, wasn’t its duty to represent him, its “member”? So why had it agreed to pay a grossly inflated rate, one that stuck him with a $7,088 bill for his portion?

Frank wouldn’t be the first to wonder. The United States spends more per person on health care than any other country. A lot more. As a country, by many measures, we are not getting our money’s worth. Tens of millions remain uninsured. And millions are in financial peril: About 1 in 5 is currently being pursued by a collection agency over medical debt. Health care costs repeatedly top the list of consumers’ financial concerns.

Experts frequently blame this on the high prices charged by doctors and hospitals. But less scrutinized is the role insurance companies — the middlemen between patients and those providers — play in boosting our health care tab. Widely perceived as fierce guardians of health care dollars, insurers, in many cases, aren’t. In fact, they often agree to pay high prices, then, one way or another, pass those high prices on to patients — all while raking in healthy profits.

ProPublica and NPR are examining the bewildering, sometimes enraging ways the health insurance industry works, by taking an inside look at the games, deals and incentives that often result in higher costs, delays in care or denials of treatment. The misunderstood relationship between insurers and hospitals is a good place to start.

Today, about half of Americans get their health care benefits through their employers, who rely on insurance companies to manage the plans, restrain costs and get them fair deals.

But as Frank eventually discovered, once he’d signed on for surgery, a secretive system of pre-cut deals came into play that had little to do with charging him a reasonable fee.

After Aetna approved the in-network payment of $70,882 (not including the fees of the surgeon and anesthesiologist), Frank’s coinsurance required him to pay the hospital 10 percent of the total.

When Frank called NYU Langone to question the charges, the hospital punted him to Aetna, which told him it paid the bill according to its negotiated rates. Neither Aetna nor the hospital would answer his questions about the charges.

Frank found himself in a standoff familiar to many patients. The hospital and insurance company had agreed on a price and he was required to help pay it. It’s a three-party transaction in which only two of the parties know how the totals are tallied.

Frank could have paid the bill and gotten on with his life. But he was outraged by what his insurance company agreed to pay. “As bad as NYU is,” Frank said, “Aetna is equally culpable because Aetna’s job was to be the checks and balances and to be my advocate.”

And he also knew that Aetna and NYU Langone hadn’t double-teamed an ordinary patient. In fact, if you imagined the perfect person to take on insurance companies and hospitals, it might be Frank.

For three decades, Frank has worked for insurance companies like Aetna, helping to assess how much people should pay in monthly premiums. He is a former president of the Actuarial Society of Greater New York and has taught actuarial science at Columbia University. He teaches courses for insurance regulators and has even served as an expert witness for insurance companies.

The hospital and insurance company may have expected him to shut up and pay. But Frank wasn’t going away.

Patients fund the entire health care industry through taxes, insurance premiums and cash payments. Even the portion paid by employers comes out of an employee’s compensation. Yet when the health care industry refers to “payers,” it means insurance companies or government programs like Medicare.

Patients who want to know what they’ll be paying — let alone shop around for the best deal — usually don’t have a chance. Before Frank’s hip operation he asked NYU Langone for an estimate. It told him to call Aetna, which referred him back to the hospital. He never did get a price.

Imagine if other industries treated customers this way. The price of a flight from New York to Los Angeles would be a mystery until after the trip. Or, while digesting a burger, you’d learn it cost 50 bucks.

A decade ago, the opacity of prices was perhaps less pressing because medical expenses were more manageable. But now patients pay more and more for monthly premiums, and then, when they use services, they pay higher co-pays, deductibles and coinsurance rates.

Employers are equally captive to the rising prices. They fund benefits for more than 150 million Americans and see health care expenses eating up more and more of their budgets.

Richard Master, the founder and CEO of MCS Industries Inc. in Easton, Pennsylvania, offered to share his numbers. By most measures MCS is doing well. Its picture frames and decorative mirrors are sold at Walmart, Target and other stores and, Master said, the company brings in more than $200 million a year.

But the cost of health care is a growing burden for MCS and its 170 employees. A decade ago, Master said, an MCS family policy cost $1,000 a month with no deductible. Now it’s more than $2,000 a month with a $6,000 deductible. MCS covers 75 percent of the premium and the entire deductible. Those rising costs eat into every employee’s take-home pay.

Economist Priyanka Anand of George Mason University said employers nationwide are passing rising health care costs on to their workers by asking them to absorb a larger share of higher premiums. Anand studied Bureau of Labor Statistics data and found that every time health care costs rose by a dollar, an employee’s overall compensation got cut by 52 cents.

Master said his company hops between insurance providers every few years to find the best benefits at the lowest cost. But he still can’t get a breakdown to understand what he’s actually paying for.

“You pay for everything, but you can’t see what you pay for,” he said.

Master is a CEO. If he can’t get answers from the insurance industry, what chance did Frank have?

Frank’s hospital bill and Aetna’s “explanation of benefits” arrived at his home in Port Chester, New York, about a month after his operation. Loaded with an off-putting array of jargon and numbers, the documents were a natural playing field for an actuary like Frank.

Under the words, “DETAIL BILL,” Frank saw that NYU Langone’s total charges were more than $117,000, but that was the sticker price, and those are notoriously inflated. Insurance companies negotiate an in-network rate for their members. But in Frank’s case at least, the “deal” still cost $70,882.

With a practiced eye, Frank scanned the billing codes hospitals use to get paid and immediately saw red flags: There were charges for physical therapy sessions that never took place, and drugs he never received. One line stood out — the cost of the implant and related supplies. Aetna said NYU Langone paid a “member rate” of $26,068 for “supply/implants.” But Frank didn’t see how that could be accurate. He called and emailed Smith & Nephew, the maker of his implant, until a representative told him the hospital would have paid about $1,500. His NYU Langone surgeon confirmed the amount, Frank said. The device company and surgeon did not respond to ProPublica’s requests for comment.

Frank then called and wrote Aetna multiple times, sure it would want to know about the problems. “I believe that I am a victim of excessive billing,” he wrote. He asked Aetna for copies of what NYU Langone submitted so he could review it for accuracy, stressing he wanted “to understand all costs.”

Aetna reviewed the charges and payments twice — both times standing by its decision to pay the bills. The payment was appropriate based on the details of the insurance plan, Aetna wrote.

Frank also repeatedly called and wrote NYU Langone to contest the bill. In its written reply, the hospital didn’t explain the charges. It simply noted that they “are consistent with the hospital’s pricing methodology.”

Increasingly frustrated, Frank drew on his decades of experience to essentially serve as an expert witness on his own case. He gathered every piece of relevant information to understand what happened, documenting what Medicare, the government’s insurance program for the disabled and people over age 65, would have paid for a partial hip replacement at NYU Langone — about $20,491 — and what FAIR Health, a New York nonprofit that publishes pricing benchmarks, estimated as the in-network price of the entire surgery, including the surgeon fees — $29,162.

He guesses he spent about 300 hours meticulously detailing his battle plan in two inches-thick binders with bills, medical records and correspondence.

ProPublica sent the Medicare and FAIR Health estimates to Aetna and asked why they had paid so much more. The insurance company declined an interview and said in an emailed statement that it works with hospitals, including NYU Langone, to negotiate the “best rates” for members. The charges for Frank's procedure were correct given his coverage, the billed services and the Aetna contract with NYU Langone, the insurer wrote.

NYU Langone also declined ProPublica’s interview request. The hospital said in an emailed statement it billed Frank according to the contract Aetna had negotiated on his behalf. Aetna, it wrote, confirmed the bills were correct.

After seven months, NYU Langone turned Frank’s $7,088 bill over to a debt collector, putting his credit rating at risk. “They upped the ante,” he said.

Frank sent a new flurry of letters to Aetna and to the debt collector and complained to the New York State Department of Financial Services, the insurance regulator, and to the New York State Office of the Attorney General. He even posted his story on LinkedIn.

But no one came to the rescue. A year after he got the first bills, NYU Langone sued him for the unpaid sum. He would have to argue his case before a judge.

You’d think that health insurers would make money, in part, by reducing how much they spend.

Turns out, insurers don’t have to decrease spending to make money. They just have to accurately predict how much the people they insure will cost. That way they can set premiums to cover those costs — adding about 20 percent to for their administration and profit. If they’re right, they make money. If they’re wrong, they lose money. But, they aren’t too worried if they guess wrong. They can usually cover losses by raising rates the following year.

Frank suspects he got dinged for costing Aetna too much with his surgery. The company raised the rates on his small group policy — the plan just includes him and his partner — by 18.75 percent the following year.

The Affordable Care Act kept profit margins in check by requiring companies to use at least 80 percent of the premiums for medical care. That’s good in theory but it actually contributes to rising health care costs. If the insurance company has accurately built high costs into the premium, it can make more money. Here’s how: Let’s say administrative expenses eat up about 17 percent of each premium dollar and around 3 percent is profit. Making a 3 percent profit is better if the company spends more.

It’s like if a mom told her son he could have 3 percent of a bowl of ice cream. A clever child would say, “Make it a bigger bowl.”

Wonks call this a “perverse incentive.”

“These insurers and providers have a symbiotic relationship,” said Wendell Potter, who left a career as a public relations executive in the insurance industry to become an author and patient advocate. “There’s not a great deal of incentive on the part of any players to bring the costs down.”

Insurance companies may also accept high prices because often they aren’t always the ones footing the bill. Nowadays about 60 percent of the employer benefits are “self-funded.” That means the employer pays the bills. The insurers simply manage the benefits, processing claims and giving employers access to their provider networks. These management deals are often a large, and lucrative, part of a company’s business. Aetna, for example, insured 8 million people in 2017, but provided administrative services only to considerably more — 14 million.

To woo the self-funded plans, insurers need a strong network of medical providers. A brand-name system like NYU Langone can demand — and get — the highest payments, said Manuel Jimenez, a longtime negotiator for insurers including Aetna. “They tend to be very aggressive in their negotiations.”

On the flip side, insurers can dictate the terms to the smaller hospitals, Jimenez said. The little guys, “get the short end of the stick,” he said. That’s why they often merge with the bigger hospital chains, he said, so they can also increase their rates.

Other types of horse-trading can also come into play, experts say. Insurance companies may agree to pay higher prices for some services in exchange for lower rates on others.

Patients, of course, don’t know how the behind-the-scenes haggling affects what they pay. By keeping costs and deals secret, hospitals and insurers dodge questions about their profits, said Dr. John Freedman, a Massachusetts health care consultant. Cases like Frank’s “happen every day in every town across America. Only a few of them come up for scrutiny.”

In response, a Tennessee company is trying to expose the prices and steer patients to the best deals. Healthcare Bluebook aims to save money for both employers who self-pay, and their workers. Bluebook used payment information from self-funded employers to build a searchable online pricing database that shows the low-, medium- and high-priced facilities for certain common procedures, like MRIs. The company, which launched in 2008, now has more than 4,500 companies paying for its services. Patients can get a $50 bonus for choosing the best deal.

Bluebook doesn’t have price information for Frank’s operation — a partial hip replacement. But its price range in the New York City area for a full hip replacement is from $28,000 to $77,000, including doctor fees. Its “fair price” for these services tops out at about two-thirds of what Aetna agreed to pay on Frank’s behalf.

Frank, who worked with mainstream insurers, didn’t know about Bluebook. If he had used its data, he would have seen that there were facilities that were both high quality and offered a fair price near his home, including Holy Name Medical Center in Teaneck, New Jersey, and Greenwich Hospital in Connecticut. NYU Langone is one of Bluebook’s highest-priced, high-quality hospitals in the area for hip replacements. Others on Bluebook’s pricey list include Montefiore New Rochelle Hospital in New Rochelle, New York, and Hospital for Special Surgery in Manhattan.

ProPublica contacted Hospital for Special Surgery to see if it would provide a price for a partial hip replacement for a patient with an Aetna small-group plan like Frank’s. The hospital declined, citing its confidentiality agreements with insurance companies.

Frank arrived at the Manhattan courthouse on April 2 wearing a suit and fidgeted in his seat while he waited for his hearing to begin. He had never been sued for anything, he said. He and his attorney, Gabriel Nugent, made quiet conversation while they waited for the judge.

In the back of the courtroom, NYU Langone’s attorney, Anton Mikofsky, agreed to talk about the lawsuit. The case is simple, he said. “The guy doesn’t understand how to read a bill.”

The high price of the operation made sense because NYU Langone has to pay its staff, Mikofsky said. It also must battle with insurance companies who are trying to keep costs down, he said. “Hospitals all over the country are struggling,” he said.

“Aetna reviewed it twice,” Mikofsky added. “Didn’t the operation go well? He should feel blessed.”

When the hearing started, the judge gave each side about a minute to make its case, then pushed them to settle.

Mikofsky told the judge Aetna found nothing wrong with the billing and had already taken care of most of the charges. The hospital’s position was clear. Frank owed $7,088.

Nugent argued that the charges had not been justified and Frank felt he owed about $1,500.

The lawyers eventually agreed that Frank would pay $4,000 to settle the case.

Frank said later that he felt compelled to settle because going to trial and losing carried too many risks. He could have been hit with legal fees and interest. It would have also hurt his credit at a time he needs to take out college loans for his kids.

After the hearing, Nugent said a technicality might have doomed their case. New York defendants routinely lose in court if they have not contested a bill in writing within 30 days, he said. Frank had contested the bill over the phone with NYU Langone, and in writing within 30 days with Aetna. But he did not dispute it in writing to the hospital within 30 days.

Frank paid the $4,000, but held on to his outrage. “The system,” he said, “is stacked against the consumer.”

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

 


Connecticut And Federal Regulators Announce $1.3 Million Settlement With Substance Abuse Healthcare Provider

Connecticut and federal regulators recently announced a settlement agreement to resolve allegations that New Era Rehabilitation Center (New Era), operating in New Haven and Bridgeport, submitted false claims to both state and federal healthcare programs. The office of George Jepsen, Connecticut Attorney General, announced that New Era:

"... and its co-founders and owners – Dr. Ebenezer Kolade and Dr. Christina Kolade – are enrolled as providers in the Connecticut Medical Assistance Program (CMAP), which includes the state's Medicaid program. As part of their practice, they provide methadone treatment services for patients dealing with opioid addiction. Most of their patients are CMAP beneficiaries.

During the relevant time period, CMAP reimbursed methadone clinics by paying a weekly bundled rate that included all of the services associated with methadone maintenance, including the patient's doses of methadone; the initial intake evaluation; a physical examination; periodic drug testing; and individual, group and family drug counseling... The state and federal governments alleged that, from October 2009 to November 2013, New Era and the Kolades engaged in a pattern and practice of billing CMAP weekly for the methadone bundled service rate and then also submitting a separate claim to the CMAP for virtually every drug counseling session provided to clients by using a billing code for outpatient psychotherapy. The state and federal governments further alleged that those psychotherapy sessions were actually the drug counseling sessions already included and reimbursed through the bundled rate."

These actions were part of the State of Connecticut's Inter-agency Fraud Task Force created in 2013 to investigate and prosecute healthcare fraud. The joint investigation included the Connecticut AT's office, the office of Connecticut U.S. Attorney John H. Durham, and the U.S. Health and Human Services, Office of Inspector General – Office of Investigations.

Connecticut Fight Fraud logo Terms of the settlement agreement require NERC to pay $1,378,533 in settlement funds. Of that amount, $881,945 will be returned to CMAP.

Connecticut residents suspecting healthcare fraud or abuse should contact the Attorney General’s Antitrust and Government Program Fraud Department (phone at 860-808-5040, or email at ag.fraud@ct.gov), or the Department of Social Services fraud (hotline at 1-800-842-2155, online at www.ct.gov/dss/reportingfraud, or email at providerfraud.dss@ct.gov). Residents in other states can contact their state's attorney general's office.


Backpage Executive Pled Guilty In Three States. Several Other Executives Indicted

Late last week, the Washington Post reported:

"Carl Ferrer, the chief executive of Backpage.com whose name was conspicuously absent from an indictment of seven other Backpage officials unsealed Monday, has pleaded guilty in state courts in California and Texas and federal court in Arizona to charges of money laundering and conspiracy to facilitate prostitution. In addition, he agreed to testify against the men who co-founded Backpage with him, Michael Lacey and James Larkin, who remained in jail Thursday in Arizona on facilitating prostitution charges. Backpage, in addition to hosting thinly veiled ads for prostitution since 2004, was accused of hosting child sex trafficking ads on its site... Court records show that Ferrer pleaded guilty to conspiracy to facilitate prostitution and money laundering in federal court in Phoenix on April 5, with the hearing and documents sealed. Backpage.com also pleaded guilty, by Ferrer as the CEO, to a money laundering conspiracy in Phoenix, where Backpage was created. Ferrer then on Monday appeared in state court in Corpus Christi, Texas, where he personally pleaded guilty to money laundering..."


Fair Housing Groups Sue Facebook for Allowing Discrimination in Housing Ads

[Editor's Note: today's guest post, by reporters at ProPublica, is the latest in a series about advertising and social networking services. It is reprinted with permission.]

Facebook logo By Julia Angwin and Ariana Tobin, ProPublica

In February 2017, in response to a ProPublica investigation, Facebook pledged to crack down on efforts by advertisers of rental housing to discriminate against tenants based on race, disability, gender and other characteristics.

But a new lawsuit, filed Tuesday by the National Fair Housing Alliance in U.S. District Court in the Southern District of New York, alleges that the world’s largest social network still allows advertisers to discriminate against legally protected groups, including mothers, the disabled and Spanish-language speakers.

Since 2018 marks the 50th anniversary of the Fair Housing Act, "it is all the more egregious and shocking" that "Facebook continues to enable landlords and real estate brokers to bar families with children, women and others from receiving rental and sales ads or housing," the lawsuit states. It asks the court, among other things, to declare that Facebook’s policies violate fair housing laws, to bar the company from publishing discriminatory ads, and to require it to develop and make public a written fair housing policy for advertising.

Diane Houk, lead counsel for the alliance, said this type of discrimination is especially difficult to uncover and combat. "The person who is being discriminated against has no way to know" it, because the technology "keeps the discrimination hidden in hopes that it will not be caught," she said.

Facebook disputes the housing groups’ allegations. "There is absolutely no place for discrimination on Facebook. We believe this lawsuit is without merit, and we will defend ourselves vigorously," said Facebook spokesman Joe Osborne.

The lawsuit adds to Facebook’s woes, which are mounting on multiple fronts. The company’s stock plunged last week on the news that it had allowed a voter-profiling outfit, Cambridge Analytica, to obtain data on 50 million of its users without their knowledge or consent. The news came after a troubling year in which, among other things, Facebook admitted that it unwittingly allowed a Russian disinformation operation on its platform and had been promoting fake news in its News Feed algorithm. As a result, lawmakers and regulators around the world have launched investigations into Facebook.

Discrimination in housing advertising has been a persistent problem for Facebook. In October 2016, we described how Facebook let advertisers exclude specific groups with what it called "ethnic affinities," including blacks and Hispanics, from seeing ads. Although Facebook responded by announcing it had built a system to flag and reject these ads, we bought dozens of rental housing ads in November 2017 that we specified would not be shown to blacks, Jews, people interested in wheelchair ramps and other groups.

It wasn’t until ProPublica brought the issue of advertising discrimination on Facebook to light, Houk said, that fair housing advocates learned of it. Emulating ProPublica’s technique, the Washington, D.C.-based national fair housing group, along with member groups in New York, San Antonio and Miami created fake housing companies and placed discriminatory ads on Facebook. The ads were approved by Facebook over a period of a few months, with the most recent buys occurring on Feb. 23.

Using Facebook’s dropdown "exclusion" menu, they were able to buy housing ads that blocked groups such as "trendy moms," "soccer moms," "parents with teenagers," people interested in a disabled parking permit and people interested in Telemundo, the Spanish-language television network.

The Fair Housing Act makes it illegal to publish any advertisement "with respect to the sale or rental of a dwelling that indicates any preference, limitation or discrimination based on race, color, religion, sex, handicap, familial status or national origin." Violators may face tens of thousands of dollars in fines.

After ProPublica’s investigation, Facebook added a self-certification option, which asks housing advertisers to certify that their advertisement is not discriminatory. In some cases, Houk said, the housing groups encountered the self-certification option, and did not submit the ads to Facebook for approval and publication. But that only happened in some of the ad buys, she said.

Since advertisers can falsely attest to fairness, the self-certification screens don’t "seem like a whole-hearted commitment to trying to change the advertising platform to comply with the Fair Housing Act and local fair housing laws," Houk said.

A couple of weeks after the groups bought housing ads, so did ProPublica (independently) — and we excluded some of the same categories, such as "soccer moms." In most of those tests, we encountered self-certification screens. However, when we bought another housing ad this week, we were able to exclude people interested in Telemundo.

Houk said there were so many possible explanations for the difference in results — such as the number of categories excluded or the types of exclusions sought — that it was impossible to speculate about what caused many of her clients’ ad purchases to be approved but not ProPublica’s.

Both the fair housing groups and ProPublica found that Facebook has blocked the use of race as an exclusion category — as it promised to do in November. Facebook rejected a ProPublica housing ad that was specifically aimed at African Americans. It also denied our attempts to buy employment ads targeted by race, and removed a job listing with a question designed to filter by race. However, the housing groups’ and ProPublica’s ability to exclude people interested in Telemundo suggests that advertisers could still discriminate by using proxies for race or ethnicity.

In a separate federal case in California, challenging Facebook’s use of racial exclusions in ad targeting, Facebook has argued that it has immunity against liability for such discrimination. It cited Section 230 of the 1996 federal Communications Decency Act, which protects internet companies from liability for third-party content.

"Advertisers, not Facebook, are responsible for both the content of their ads and what targeting criteria to use, if any," Facebook contended.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Securities & Exchange Commission Charges Former Equifax Executive With Insider Trading

Last week, the U.S. Securities and Exchange Commission (SEC) charged a former Equifax executive with insider trading. While an employee, Jun Ying allegedly used confidential information to dump stock and avoid losses before Equifax announced its massive data breach in September, 2017.

The SEC announced on March 14th that it had:

"... charged a former chief information officer of a U.S. business unit of Equifax with insider trading in advance of the company’s September 2017 announcement about a massive data breach that exposed the social security numbers and other personal information of about 148 million U.S. customers... The SEC’s complaint charges Ying with violating the antifraud provisions of the federal securities laws and seeks disgorgement of ill-gotten gains plus interest, penalties, and injunctive relief... According to the SEC’s complaint, Jun Ying, who was next in line to be the company’s global CIO, allegedly used confidential information entrusted to him by the company to conclude that Equifax had suffered a serious breach. The SEC alleges that before Equifax’s public disclosure of the data breach, Ying exercised all of his vested Equifax stock options and then sold the shares, reaping proceeds of nearly $1 million. According to the complaint, by selling before public disclosure of the data breach, Ying avoided more than $117,000 in losses... The U.S. Attorney’s Office for the Northern District of Georgia today announced parallel criminal charges against Ying."

The massive data breach affected about 143 million persons. Equifax announced in March, 2018 that even more people were affected, than originally estimated in its September, 2017 announcement.

MarketWatch reported that Ying:

"... found out about the breach on Friday afternoon, August 25, 2017... The SEC complaint says that Ying’s internet browsing history shows he learned that Experian’s stock price had dropped approximately 4% after the public announcement of [a prior 2015] Experian breach. Later Monday morning, Ying exercised all of his available stock options for 6,815 shares of Equifax stock that he immediately sold for over $950,000, and a gain of over $480,000... on Aug. 30, the global CIO for Equifax officially told Ying that it was Equifax that had been breached. One of the company’s attorneys, unaware that Ying had already traded on the information, told Ying that the news about the breach was confidential, should not be shared with anyone, and that Ying should not trade in Equifax securities. According the SEC complaint, Ying did not volunteer the fact that he had exercised and sold all of his vested Equifax options two days before. Equifax finally announced the breach on Sept. 7, and Equifax common stock closed at $123.23 the next day, a drop of $19.49 or nearly 14%..."


Analysis: Closing The 'Regulatory Donut Hole' - The 9th Circuit Appeals Court, AT&T, The FCC And The FTC

The International Association of Privacy Professionals (IAPP) site has a good article explaining what a recent appeals court decision means for everyone who uses the internet:

"When the 9th U.S. Circuit Court of Appeals ruled, in September 2016, that the Federal Trade Commission did not have the authority to regulate AT&T because it was a “common carrier,” which only the Federal Communications Commission can regulate, the decision created what many in privacy foresaw as a “regulatory doughnut hole.” Indeed, when the FCC, in repealing its broadband privacy rules, decided to hand over all privacy regulation of internet service providers to the FTC, the predicted situation came about: The courts said “common carriers” could only be regulated by the FCC, but the FCC says only the FTC should be regulating privacy. So, was there no regulator to oversee a company like AT&T’s privacy practices?

Indeed, argued Gigi Sohn, formerly counsel to then-FCC Chair Tom Wheeler, “The new FCC/FTC relationship lets consumers know they’re getting screwed. But much beyond that, they don’t have any recourse.” Now, things have changed once again. With an en banc decision, the 9th Circuit has reversed itself... This reversal of its previous decision by the 9th Circuit now allows the FTC to go forward with its case against AT&T and what it says were deceptive throttling practices, but it also now allows the FTC to once again regulate internet service providers’ data-handling and cybersecurity practices if they come in the context of activities that are outside their activities as common carriers."

Somebody has to oversee Internet service providers (ISPs). Somebody has to do their job. It's an important job. The Republicans-led FCC, by Trump appointee Ajit Pai, has clearly stated it won't given its "light touch" approach to broadband regulation, and repeals last year of both broadband privacy and net neutrality rules. Earlier this month, the National Rifle Association (NRA) honored FCC Chairman Pai for repealing net neutrality rules.

"No touch" is probably a more accurate description. A prior blog post listed many historical problems and abuses of consumers by some ISPs. Consumers should buckle up, as ISPs slowly unveiled their plans in a world without net neutrality protections for consumers. What might that look like? What has AT&T said about this?

Bob Quinn, the Vice President of External and Legislative Affairs for AT&T, claimed today in a blog post:

"Net neutrality has been an emotional issue for a lot of people over the past 10 years... For much of those 10 years, there has been relative agreement over what those rules should be: don’t block websites; censor online content; or throttle, degrade or discriminate in network performance based on content; and disclose to consumers how you manage your network to make that happen. AT&T has been publicly committed to those principles... But no discussion of net neutrality would be complete without also addressing the topic of paid prioritization. Let me start by saying that the issue of paid prioritization has always been hazy and theoretical. The business models for services that would require end-to-end management have only recently begun to come into focus... Let me clear about this – AT&T is not interested in creating fast lanes and slow lanes on anyone’s internet."

Really? The Ars Technica blog called out AT&T and Quinn on his claim:

"AT&T is talking up the benefits of paid prioritization schemes in preparation for the death of net neutrality rules while claiming that charging certain content providers for priority access won't create fast lanes and slow lanes... What Quinn did not mention is that the net neutrality rules have a specific carve-out that already allows such services to exist... without violating the paid prioritization ban. Telemedicine, automobile telematics, and school-related applications and content are among the services that can be given isolated capacity... The key is that the FCC maintained the right to stop ISPs from using this exception to violate the spirit of the net neutrality rules... In contrast, AT&T wants total control over which services are allowed to get priority."

Moreover, fast and slow lanes by AT&T already exist:

"... AT&T provides only DSL service in many rural areas, with speeds of just a few megabits per second or even less than a megabit. AT&T has a new fixed wireless service for some rural areas, but the 10Mbps download speeds fall well short of the federal broadband standard of 25Mbps. In areas where AT&T has brought fiber to each home, the company might be able to implement paid prioritization and manage its network in a way that prevents most customers from noticing any slowdown in other services..."

So, rural (e.g., DSL) consumers are more likely to suffer and notice service slowdowns. Once the final FCC rules are available without net neutrality protections for consumers and the lawsuits have been resolved, then AT&T probably won't have to worry about violating any prioritization bans.

The bottom line for consumers: expect ISPs to implement first changes consumers won't see directly. Remember the old story about a frog stuck in a pot of water? The way to kill it is to slowly turn up the heat. You can expect ISPs to implement this approach in a post-net-neutrality world. (Yes, in this analogy we consumers are the frog, and the heat is higher internet prices.) Paid prioritization is one method consumers won't directly see. It forces content producers, and not ISPs, to raise prices on consumers. Make no mistake about where the money will go.

Consumers will likely see ISPs introduce tiered broadband services, with lower-priced service options that exclude video streaming content... spun as greater choice for consumers. (Some hotels in the United States already sell to their guests WiFi services with tiered content.) Also, expect to see more "sponsored data programs," where video content owned by your ISP doesn't count against wireless data caps. Read more about other possible changes.

Seems to me the 9th Circuit Appeals Court made the best of a bad situation. I look forward to the FTC doing an important job which the FCC chose to run away from. What do you think?


Advertising Agency Paid $2 Million To Settle Deceptive Advertising Charges

Marketing Architects inc. The U.S. Federal Trade Commission (FTC) announced that Minneapolis-based Marketing Architects, Inc. (MAI):

"... an advertising agency that created and disseminated allegedly deceptive radio ads for weight-loss products marketed by its client, Direct Alternatives, has agreed to pay $2 million to the Federal Trade Commission and State of Maine Attorney General’s Office to settle their complaint..."

First, some background. According to the FTC, MAI created advertising for several products (e.g., Puranol, Pur-Hoodia Plus, Acai Fresh, AF Plus, and Final Trim) by Direct Alternatives from 2006 through February 2015. Then, in 2016 the FTC and the State of Maine settled allegations against Direct Alternatives, which required the company to halt deceptive advertising and illegal billing practices.

Additional background according to the FTC: MAI previously created weight-loss ads for Sensa Products, LLC between March 2009 and May 2011. The FTC filed a complaint against Sensa in 2014, and subsequently Sensa agreed to refund $26.5 million to defrauded consumers. So, there's important, relevant history.

In the latest action, the joint complaint alleged that MAI created and disseminated radio ads with false or unsubstantiated weight-loss claims for AF Plus and Final Trim. Besides:

"... receiving FTC’s Sensa order, MAI was previously made aware of the need to have competent and reliable scientific evidence to back up health claims. Among other things, the complaint alleges that Direct Alternatives provided MAI with documents indicating that some of the weight-loss claims later challenged by the FTC needed to be supported by scientific evidence.

The complaint further charges that MAI developed and disseminated fictitious weight-loss testimonials and created radio ads for weight-loss products falsely disguised as news stories. Finally, the complaint charges MAI with creating inbound call scripts that failed to adequately disclose that consumers would be automatically enrolled in negative-option (auto-ship) continuity plans."

The latest action includes a proposed court order to ban MAI from making weight-loss claims about products the FTC has already advised as false, and:

"... requires MAI to have competent and reliable scientific evidence to support any other claims about the health benefits or efficacy of weight-loss products, and prohibits it from misrepresenting the existence or outcome of tests or studies. In addition, the order prohibits MAI from misrepresenting the experience of consumer testimonialists or that paid commercial advertising is independent programming."

This action is a reminder to advertising and digital agency executives everywhere: ensure that claims are supported by competent, reliable scientific evidence.

Good. Kudos to the FTC for these enforcement actions and for protecting consumers.


Fresenius Medical Care To Pay $3.5 Million For 5 Small Data Breaches During 2012

Logo-fresenius-medical-careFresenius Medical Care Holdings, Inc. has agreed to a $3.5 million settlement agreement regarding five small data breaches the Massachusetts-based healthcare organization experienced during 2012. Fresenius Medical Care Holdings, Inc. does business under the name Fresenius Medical Care North America (FMCNA). This represents one of the largest HIPAA settlements ever by the U.S. Department of Health & Human Services (HHS).

The five small data breaches, at different locations across the United States, affected about 521 persons:

  1. Bio-Medical Applications of Florida, Inc. d/b/a Fresenius Medical Care Duval Facility: On February 23, 2012, two desktop computers were stolen during a break-in. One of the computers contained the electronic Protected Health Information (ePHI) of 200 persons, including patient name, admission date, date of first dialysis, days and times of treatments, date of birth, and Social Security number
  2. Bio-Medical Applications of Alabama, Inc. d/b/a Fresenius Medical Care Magnolia Grove: On April 3, 2012, an unencrypted USB drive was stolen from a worker's car while parked in the organization's parking lot. The USB device contained the ePHI of 245 persons, including patient name, address, date of birth, telephone number, insurance company, insurance account number (a potential social security number derivative for some patients) and the covered entity location where each patient was seen.
  3. Renal Dimensions, LLC d/b/a Fresenius Medical Care Ak-Chin: On June 18, 2012, an anonymous phone tip reported that a hard drive was missing from a desktop computer, which had been taken out of service. The hard drive contained the ePHI of 35 persons, including name, date of birth, Social Security number and Zip code. While the worker notified a manager about the missing hard drive, the manager failed t notify the FMCNA Corporate Risk Management Department.
  4. Fresenius Vascular Care Augusta, LLC: On June 16, 2012, a worker's unencrypted laptop was stolen from her car while parked overnight at home. The laptop bag also include a list of her passwords. The laptop contained the ePHI of 10 persons, including patient name, insurance account number (which could be a social security number derivative) and other insurance information.
  5. WSKC Dialysis Services, Inc. d/b/a Fresenius Medical Care Blue Island Dialysis: On or about June 17 - 18, 2012, three desktop computers and one encrypted laptop were stolen from the office. One of the desktop computers contained the ePHI of 31 persons, including patient name, dates of birth, address, telephone number, and either full or partial Social Security numbers.

Besides the hefty payment, terms of the settlement agreement (Adobe PDF) require FMCNA to implement and complete a Corrective Action Plan:

  • Conduct a risk analysis,
  • Develop and implement a risk management plan,
  • Implement a process for evaluating workplace operational changes,
  • Develop an Encryption Report,
  • Review and revise internal policies and procedures to control devices and storage media,
  • Review and revise policies to control access to facilities,
  • Develop a privacy and security awareness training program for workers, and
  • Submit progress reports at regular intervals to HHS.

The Encryption report identifies and describes the devices and equipment (e.g., desktops, laptops, tables smartphones, etc.) that may be used to access, store, and transmit patients' ePHI information; records the number of devices including which utilize encrypted information; and provides a detailed plan for implementing encryption on devices and media which should contain encrypted information and currently don't.

Some readers may wonder why a large fine for relatively small data breaches, since news reports often cite data breaches affecting thousands or millions of persons. HHS explained that the investigation by its Office For Civil Rights (OCR) unit:

"... revealed FMCNA covered entities failed to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of its ePHI. The FMCNA covered entities impermissibly disclosed the ePHI of patients by providing unauthorized access for a purpose not permitted by the Privacy Rule... Five breaches add up to millions in settlement costs for entity that failed to heed HIPAA’s risk analysis and risk management rules.."

OCR Director Roger Severino added:

"The number of breaches, involving a variety of locations and vulnerabilities, highlights why there is no substitute for an enterprise-wide risk analysis for a covered entity... Covered entities must take a thorough look at their internal policies and procedures to ensure they are protecting their patients’ health information in accordance with the law."


Net Neutrality: Massachusetts Joins Multi-State Lawsuit Against FCC. What Next?

The Attorney General (AG) for the Commonwealth of Massachusetts is suing the U.S. Federal Communications Commission (FCC) after the FCC voted on December 14th to repeal existing net neutrality rules protecting consumers. Maura Healey, the Massachusetts AG, announced that her office has joined a multi-state lawsuit with the New York State AG:

"... joined New York Attorney General Eric T. Schneiderman in announcing that they will be filing a multi-state lawsuit against the Federal Communications Commission (FCC) over its vote to rollback net neutrality protections...The FCC recently issued a proposed final order rolling back net neutrality protections and on December 14th, voted 3-2 on party lines to implement the final order. On December 13th, AG Healey joined a coalition of 18 attorneys general in sending a letter to the FCC after reports emerged that nearly two million comments submitted in support of the agency were fake."

AG Healey said about the multi-state lawsuit:

"With the FCC vote, Americans will pay more for the internet and will have fewer options... The agency has completely failed to justify this decision and we will be suing to stand up for the free exchange of ideas and to keep the American people in control of internet access."

The December 13th letter to the FCC about fake comments was signed by AGs from California, District of Columbia, Delaware, Hawaii, Iowa, Illinois, Kentucky, Massachusetts, Maryland, Maine, Mississippi, North Carolina, Oregon, Pennsylvania, Rhode Island, Virginia, Vermont, and Washington. The AGs' letter stated, in part:

"One of the most important roles that we perform is to prosecute fraud. It is a role we take extremely seriously, and one that is essential to a fair marketplace... The ‘Restore Internet Freedom’ proposal, also known as net neutrality rollback (WC Docket No. 17- 108) has far-reaching implications for the everyday life of Americans... Recent attempts by New York Attorney General Schneiderman to investigate supposed comments received by the FCC have revealed a pattern of facts that should raise alarm bells for every American about the integrity of the democratic process. A careful review of the publicly available information revealed a pattern of fake submissions using the names of real people. In fact, there may be over one million fake submissions from across the country. This is akin to identity theft on a massive scale – and theft of someone’s voice in a democracy is particularly concerning.

As state Attorneys General, many of our offices have received complaints from consumers indicating their distress over their names being used in such a manner. While we will investigate these consumer complaints through our normal processes, we urge the Commission to take immediate action and to cooperate with law enforcement investigations. Woven throughout the Administrative Procedures Act is a duty for rulemakers to provide information to the public and to listen to the public. We know from advising our rulemakers at the state level that listening to the public provides insights from a diversity of viewpoints. But, if the well of public comment has been poisoned by falsified submissions, the Commission may be unable to rely on public comments that would help it reach a legitimate conclusion to the rulemaking process. Or, it must give less weight to the public comments submitted which also undermines the process..."

The FCC ignored the AGs' joint letter about fraud and proceeded with its net-neutrality vote on December 14. FCC Chairman Ajit Pai had blown off the identity theft and fraud charges as maneuvers by desperate net neutrality advocates.

California AG Xavier Becerra said:

"... the FCC failed to do what is right... The FCC decided that consumers do not deserve free, open, and equal access to the internet. It decided to ignore the millions of Americans who voiced their strong support for our existing net neutrality rules. Here in California – a state that is home to countless start-ups and technology giants alike – we know that a handful of powerful companies should not dictate the sources for the information we seek..."

Residents in some states can use special sites to notify their state's AG about the misuse of their identity data in fake comments submitted to the FCC: Pennsylvania, New York.

The FCC under Chairman Pai seems to listen and respond to the needs of corporate internet service providers (ISPs), and not to consumers. A November 21 - 25 poll found that 52 percent of registered voters support the current rules, including 55 percent of Democrats and 53 percent of Republicans.

While that is down from prior polls, a majority support net neutrality rules. A poll by Mozilla and Ipsos in June, 2017 found overwhelming support across party lines: 76% of Americans, 81% of Democrats, and 73% of Republicans favor keeping net neutrality rules. The poll included approximately 1,000 American adults across the U.S. with 354 Democrats, 344 Republicans, and 224 Independents.

Before the FCC affirmed net neutrality rules in 2015, a poll by the Center for Political Communication at the University of Delaware in 2014 found strong and widespread support:

"... About 81 percent of Americans oppose allowing Internet providers like Comcast and Verizon to charge Web sites and services more if they want to reach customers more quickly... Republicans were slightly more likely to support net neutrality than Democrats. 81 percent of Democrats and 85 percent of Republicans in the survey said they opposed fast lanes."

Experts have debated the various ways of moving forward after the December 14th FCC vote. Wired reported:

"Most immediately, the activity will move to the courts... The most likely argument: that the commission’s decision violates federal laws barring agencies from crafting “arbitrary and capricious” regulations. After all, the FCC’s net neutrality rules were just passed in 2015... as capricious as the current FCC's about-face may seem, legal experts say the challenges won’t be a slam-dunk case. Federal agencies are allowed to change their minds about previous regulations, so long as they adequately explain their reasoning... The FCC's main argument for revoking the 2015 rules is that the regulations hurt investment in broadband infrastructure. But, as WIRED recently detailed, many broadband providers actually increased their investments, while those that cut back on spending told shareholders that the net neutrality rules didn't affect their plans. University of Pennsylvania Law School professor Christopher Yoo says courts generally defer to an agency's expertise in interpreting evidence submitted into the record... net neutrality advocates could also argue that the agency's decision-making process was corrupted by the flood of fake comments left by bots. But FCC Chair AJit Pai will argue that the agency discarded low-quality and repeated comments and focused only on matters of substance... A long-term solution to net neutrality will require Congress to pass laws that won't change every time control of the White House passes to another party... Senator John Thune (R-South Dakota) recently called for Congress to pass bipartisan net neutrality legislation. In 2015, Thune and Representative Fred Upton (R-Michigan) introduced a bill that would have banned blocking or slowing legal content, but limited the FCC's authority over internet service providers. It never moved forward. Thune is clearly hoping that growing demand from the public for net neutrality protections will bring more Republicans to the table... Senator Ron Wyden (D-Oregon) told WIRED earlier this year that he won't support a bill with weaker protections than the 2015 rules..."

President Trump appointed Pai as FCC Chairman in January, giving the Republican commissioners at the FCC a voting majority. Neither the President nor the White House staff said anything in its daily e-mail blast or in their website about the FCC vote; and instead discussed tax reform, general remarks about reducing regulation, and infrastructure (e.g., roads, bridges, tunnels).

Seems to me the internet is a key component of our country's infrastructure. What are your opinions? If your state isn't in the above list, we'd like to hear from you, too.


$5.5 Million Settlement Agreement Between Nationwide Insurance And 32 States

Nationwide Mutual Insurance Company logo Last week, 32 states inked a settlement agreement with Nationwide Mutual Insurance for the insurance company's data breach in 2012. The Attorney General's Office for the Commonwealth of Massachusetts participated in the agreement, and explained in an announcement: that the data breach reach in 2012 was:

"... allegedly caused by Nationwide’s failure to apply a critical software security patch. The breach resulted in the loss of personal information belonging to 1.27 million consumers, with nearly 950 in Massachusetts, including their social security numbers, driver’s license numbers, credit scoring information, and other personal data. The lost personal information was collected by Nationwide in order to provide insurance quotes to consumers applying for insurance. AG Healey’s Office is not aware of any fraud or identity theft involving Massachusetts residents related to this data breach."

Other states participating in the settlement agreement include the Attorneys General of Alaska, Arizona, Arkansas, Connecticut, Florida, Hawaii, Illinois, Indiana, Iowa, Kentucky, Louisiana, Maine, Maryland, Mississippi, Missouri, Montana, Nebraska, Nevada, New Jersey, New Mexico, New York, North Carolina, North Dakota, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Vermont, Washington, and the District of Columbia. Terms of the settlement agreement require Nationwide to:

"... both generally update its security practices and to ensure that it keeps software up-to-date, including timely applying patches and other updates to its software. Nationwide must also hire a technology officer responsible for monitoring and managing software and application security updates, including supervising employees responsible for evaluating and coordinating the maintenance, management, and application of all security patches and software and application security updates.

Many of the consumers whose data was lost as a result of the data breach were consumers who never became Nationwide’s insureds, but whose information was retained by the company in order to provide the consumers re-quotes at a later date. The settlement requires Nationwide to be more transparent about its data collection practices by requiring it to disclose to consumers that it retains their personal information even if they do not become its customers."

950 Massachusetts residents were affected. Massachusetts' share of the payment is $100,000. Massachusetts Attorney General (AG) Maura Healey said in a statement:

"People shopping for financial products should be assured that companies collecting their personal information will protect it no matter what... Nationwide knew their software was vulnerable to hacking but did not promptly address it, leaving sensitive data vulnerable to identity thieves. This settlement holds the company accountable for subjecting our residents to this avoidable risk."

2,810 New York residents were affected. New York State's share of the payment is $107,736. New York State AG Eric T. Schneiderman said:

"Nationwide demonstrated true carelessness while collecting and retaining information from prospective customers, needlessly exposing their personal data in the process... This settlement should serve as a reminder that companies have a responsibility to protect consumers’ personal information regardless of whether or not those consumers become customers..."

774 Connecticut residents were affected. Connecticut's share of the payment is $256,559. Connecticut AG George Jepsen said:

"Connecticut law requires that anyone in possession of another person's personal information safeguard that data... It is critically important that companies take seriously the maintenance of their computer software systems and their data security protocols..."


Homeowners Receive $6.3 Million In Refunds Due To Improper Charges By Insurance Company

Assurant logo Last week, the Attorney General's office for the Commonwealth of Massachusetts announced the results of a post-settlement agreement audit with American Security Insurance Company, a subsidiary of Assurant, Inc., where homeowners in the state will receive $6.3 million in refunds for improper "forced-place insurance" charges. The announcement explained:

"Force-placed insurance is a type of property insurance that mortgage servicers can purchase on behalf of borrowers if they fail to maintain adequate homeowners insurance coverage on mortgaged properties. Mortgage servicers often hire insurance companies like Assurant to monitor whether borrowers are maintaining adequate homeowners insurance coverage and to issue force-placed insurance policies when appropriate homeowners coverage is not in place.

Premiums for force-placed policies are high—often two or three times as expensive as regular homeowners insurance—and the coverage provided is quite limited. Some mortgage servicers accept commission payments from force-placed insurers, which contribute to the high cost of force-placed insurance and create conflicts of interest for mortgage servicers."

The settlement agreement was first announced in November, 2015. The latest announcement described the results of the audit:

"Although force-placed insurance is only intended for circumstances in which the borrower has failed to adequately insure the mortgaged property, the Attorney General’s audit of Assurant found thousands of cases of duplicative insurance coverage for Massachusetts homeowners. Borrowers eligible for settlement money were previously required by their mortgage servicer to purchase force-placed insurance from Assurant, or were overcharged for force-placed insurance because they were mistakenly sold commercial policies rather than less expensive residential policies..."

4,500 homeowners were improperly charged. The average refund per homeowner is about $1,400. Refund checks were mailed last week to affected homeowners.


Microsoft Fights Foreign Cyber Criminals And Spies

The Daily Beast explained how Microsoft fights cyber criminals and spies, some of whom with alleged ties to the Kremlin:

"Last year attorneys for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft’s trademarks. The action, though, is not about dragging the hackers into court. The lawsuit is a tool for Microsoft to target what it calls “the most vulnerable point” in Fancy Bear’s espionage operations: the command-and-control servers the hackers use to covertly direct malware on victim computers. These servers can be thought of as the spymasters in Russia's cyber espionage, waiting patiently for contact from their malware agents in the field, then issuing encrypted instructions and accepting stolen documents.

Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear. The company’s approach is indirect, but effective. Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them. These are addresses like “livemicrosoft[.]net” or “rsshotmail[.]com” that Fancy Bear registers under aliases for about $10 each. Once under Microsoft’s control, the domains get redirected from Russia’s servers to the company’s, cutting off the hackers from their victims, and giving Microsoft a omniscient view of that servers’ network of automated spies."

Kudos to Microsoft and its attorneys.


U.S. Treasury Department Fined ExxonMobil $2 Million For Sanction Violations

ExxonMobil logo On Thursday, the U.S. Department of the Treasury fined ExxonMobil Corporation $2 million for violations of sanctions while current Secretary of State Rex Tillerson was the company's Chief Executive Officer. The Office of Foreign Assets Control (OFAC) within the Treasury Department issued the fine. According to the announcement:

"Between on or about May 14, 2014 and on or about May 23, 2014, ExxonMobil violated § 589.201 of the Ukraine-Related Sanctions Regulations when the presidents of its U.S. subsidiaries dealt in services of an individual whose property and interests in property were blocked, namely, by signing eight legal documents related to oil and gas projects in Russia with Igor Sechin, the President of Rosneft OAO, and an individual identified on OFAC’s List of Specially Designated Nationals and Blocked Persons.

OFAC determined that ExxonMobil did not voluntarily self-disclose the violations to OFAC, and that the violations constitute an egregious case."

During March of 2014, Russia officially annexed Crimea, a peninsula in the Black Sea, from Ukraine. Moscow retaliated by banning nine U.S. officials and lawmakers from entering Russia. Then, President Obama ordered more sanctions against two-dozen members of Putin's inner circle and against Bank Rossiya, the Russian bank supporting them.

During August of 2014, Russian troops invaded eastern areas of Ukraine along the country's southeast coast. Reportedly, Russian troops fought with pro-Russia rebels against Ukrainian military.

 The Treasury Department released an "Enforcement Information for July 20, 2017" document which stated in part:

"... ExxonMobil did not voluntarily self-disclose the violations to OFAC and that the violations constitute an egregious case. Both the base civil monetary penalty and the statutory maximum civil monetary penalty amounts for the violations were $2,000,000. OFAC thoroughly considered the arguments ExxonMobil set forth in its submissions to OFAC, and the penalty amount reflects OFAC's consideration of the following facts and circumstances... OFAC considered the following to be aggravating factors: (1) ExxonMobil demonstrated reckless disregard for U.S. sanctions requirements when it failed to consider warning signs associated with dealing in the blocked services of an SDN; (2) ExxonMobil's senior-most executives knew of Sechin's status as an SDN when they dealt in the blocked services of Sechin; (3) ExxonMobil caused significant harm to the Ukraine-related sanctions program objectives by engaging the services of an SDN designated on the basis that he is an official of the Government of the Russian Federation contributing to the crisis in Ukraine; and (4) ExxonMobil is a sophisticated and experienced oil and gas company that has global operations and routinely deals in goods, services, and technology subject to U.S economic sanctions and U.S. export controls. OFAC considered the following to be a mitigating factor: ExxonMobil has not received a penalty notice or Finding of Violation from OFAC in the five years preceding the date of the first transaction giving rise to the violation..."

It seems that OFAC would have fined ExxonMobil more if it could have. During 2016, ExxonMobil generated sales revenues of $197.52 billion and net income of $7.84 billion. So, the company can easily afford this fine.

ExxonMobil issued a press release on July 20 which denied the violations and claimed that it had received clear guidance from the Treasury Department that the transactions were legal, "so long as the activity related to Rosneft’s business and not Sechin’s personal business." The press release also cited several news sources. You'd think that the company's executive would simply have gone straight to the source, the OFAC, and bypassed intermediaries.

The OFAC Enforcement Information document debunked the energy company's claim:

"ExxonMobil claims that it interpreted press statements as establishing a distinction between Sechin's "professional" and "personal" capacity, in part citing to a news article published in April 2014 that quoted a Department of the Treasury representative as saying that a U.S. person would not be prohibited from participating in a meeting of Rosneft' s board of directors. However, that brief statement did not address the conduct in this case.

Furthermore, the plain language of the Ukraine-Related Sanctions Regulations (which were issued after the Executive branch statements) and E.O. 13661 do not contain a "personal" versus "professional" distinction, and OFAC has neither interpreted its Regulations in that manner nor endorsed such a distinction. The press release statements provided context for the policy rationale surrounding the targeted approach during the early days of the Ukraine crisis, which was to isolate designated individuals who were targeted as a result of the crisis in Ukraine, rather than imposing blocking sanctions on the large companies that they managed. No materials issued by the White House or the Department of the Treasury asserted an exception or carve-out for the professional conduct of designated or blocked persons, nor did any materials suggest that U.S. persons could continue to conduct or engage in business with such individuals.

Separately, there was a Frequently Asked Question (FAQ) publicly available on the OFAC website at the time of the violations that specifically spoke to the conduct at issue in this case..."

The Enforcement Information document is available at the Treasury Department's website and here (Adobe PDF).

While at the Treasury Department's website, I noticed that the Treasury Notes blog stopped publishing on January 19, 2017 -- about the same time as the Presidential Inauguration. What's up with that? Does the Treasury Department, under the Trump Administration, believe that it is okay not to inform citizens, taxpayers, and voters?


Attorneys General In Several States Announce Settlement Agreements With Target

Target Bullseye logo The Office of the Attorney General (AG) for the Commonwealth of Massachusetts announced on Wednesday that the state will receive $625,000 as part of the settlement agreement with Target Corporation. The settlement agreement, which includes 47 states plus the District of Colombia, resolves claims by states about the retailer's massive data breach in 2013.

Card issuers had also sued the retailer. Target settled with Visa in August, 2015 to resolve claims in which 110 million consumers' records were stolen, including 40 million credit- and debit-card numbers. Also, debit card PIN numbers were stolen.

The announcement by Massachusetts AG Maura Healey explained:

"The investigation found that the stolen credentials were used to exploit weaknesses in Target’s system, which allowed the attackers to access a customer service database, install malware on the system and then capture data from credit or debit card transactions at Target stores (including stores in Massachusetts) from Nov. 27, 2013 to Dec. 15, 2013. The stolen data included consumers’ full names, telephone numbers, email addresses, mailing addresses, payment card numbers, expiration dates, security codes, and encrypted debit PINs... The breach affected more than 41 million customer payment card accounts and contact information for more than 60 million customers nationwide. In Massachusetts, the breach compromised information from approximately 947,000 customer payment card accounts and other personally-identifying information of about 1.5 million Massachusetts residents."

Terms of the settlement require Target:

"... to develop, implement and maintain a comprehensive information security program and to employ an executive or officer who is responsible for executing the plan. The company is required to hire an independent, qualified third-party to conduct a comprehensive security assessment... to maintain and support software on its network; to maintain appropriate encryption policies, particularly as pertains to cardholder and personal information data; to segment its cardholder data environment from the rest of its computer network; and to undertake steps to control access to its network, including implementing password rotation policies and two-factor authentication for certain accounts."

California will receive $1.4 million from the settlement. New York AG Eric T. Schneiderman said about the settlement agreement:

"New Yorkers need to know that when they shop, their data will be protected... This settlement marks an important win for New Yorkers – bringing over $635,000 into the state, in addition to the free credit monitoring services for those impacted by the data breach, and key security improvements to help protect Target consumers moving forward."

Yes, indeed. Shoppers everywhere need to know their data will be protected.

Besides Massachusetts, New York and California, the other states participating in this settlement include Alaska, Arizona, Arkansas, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, and the District of Columbia.

AL.com reported:

"Alabama won't be cashing in on the largest multi-state data breach settlement in history, however. The reason, according to the Alabama Attorney General's Office, is the absence of a state law that requires entities to notify customers whose information could have been exposed in a breach and then take steps to remediate any injuries.

"Alabama is one of the few states in the nation that is not a party to the recent Target settlement because our state does not have data breach notification law," said Mike Lewis, Communications Director for the Office of the Alabama Attorney General."

Connecticut and Illinois led the states' investigation. The participating states have not yet announced how the settlement money will be distributed.

[Editor's Note: a prior version of this blog post did not include the report by AL.com.]


LeapLab And Other Defendants Settled With FTC

Recently, a reader wrote via e-mail with feedback about this December 2014 blog post which discussed a lawsuit filed by the U.S. Federal Trade Commission (FTC) against a data broker, LeapLab, and other defendants. The suit alleged that the defendants sold consumers' sensitive personal information to fraudsters.

The reader was unhappy because he was unable to submit a comment on that blog post. The policy of this blog is to close comments on all blog posts after a year. The reader seemed to interpret that policy as a slight against one of the defendants. No. The closing of comments after a year is equal, consistent treatment.

The reader was also unhappy with comments posted by other readers to that 2014 blog post. Like other blogs, readers freely share their opinions and feedback in the comments section. Like other blogs, I am not responsible for readers' comments. Nor do I censor comments for content. I remind everyone to read the Terms of Service.

The reader's e-mail feedback claimed the blog post was incomplete and one sided. Today's blog post reports the rest of the story.

LeapLab and the other defendants settled the lawsuit with the FTC in February, 2016. The February 18, 2016 FTC announcement stated:

"A group of defendants have settled Federal Trade Commission charges that they knowingly provided scammers with hundreds of thousands of consumers’ sensitive personal information – including Social Security and bank account numbers. The proposed federal court orders prohibit John Ayers, LeapLab and Leads Company from selling or transferring sensitive personal information about consumers to third parties. The defendants will also be prohibited from misleading consumers about the terms of a loan offer or the likelihood of getting a loan. In addition, the settlements require the defendants to destroy any consumer data in their possession within 30 days.

The orders include a $5.7 million monetary judgment, which is suspended based on the defendants sworn inability to pay. In addition to the settlement orders, the court entered an unsuspended $4.1 million default judgment with similar prohibitions against SiteSearch, the remaining defendant in the case."

You can follow the above links to the settlement agreements between each defendant and the FTC, which were approved by the court. Links are also available on the FTC-Leaplab proceedings page.

As a solo blogger with limited resources, I do my best to get it right. There's plenty of privacy news to cover, and I should have reported the above settlement agreements sooner. Hopefully, today's blog post corrects that oversight. I sincerely thank all readers for their feedback and comments.