Read about it here. Related articles:
Last week, the Federal Communications Commission (FCC) announced a settlement agreement with Verizon where the telecommunications company will pay $5 million to resolve charges that it ignored the complaints of rural land-line phone customers who were unable to receive both long-distance and wireless phone calls.
Terms of the agreement require Verizon to pay immediately $2 million to the U.S. Treasury, $3 million over the next three years to fix the rural phone call completion problems, appoint a Rural Call Completion Ombudsman within the company to analyze rural call completion problems, file a report with the FCC at the end of the three years, host workshops and fund academic studies about ways to solve rural phone call completion problems, and develop a system to identify customers' complaints about rural call completion problems.
Verizon filed notices during 2014 that it planned to cease copper phone network services in at least six wireline centers: Belle Harbor (NY), Orchard Park (NY), Farmingdale (NJ), Hummelstown (PA), Lynnfield (MA), and Ocean View (VA). For example, the Farmingdale, New Jersey notice by Verizon (Adobe PDF) stated:
"Verizon intends to retire all copper facilities (feeder, distribution and drop) in the Farmingdale, New Jersey wire center and to serve all customers over a fiber infrastructure... After the retirement of the copper facilities, Verizon will: (1) no longer offer services over copper facilities; and (2) cease maintaining the copper facilities. However, to the extent required by applicable agreements and federal law, Verizon will offer to requesting carriers a 64 Kbps voice-grade channel over fiber loops that have been deployed where copper was retired..."
Sadly, this is not the first time the FCC has had to take action to get a telecommunications company to support rural phone customers. The FCC announcement stated:
"This is the fourth major resolution of a rural call completion investigation and is part of a coordinated effort to address rural call completion problems. The Bureau entered into consent decrees related to rural call completion performance with Matrix Telecom, Inc. and Windstream Corporation in 2014 and with Level 3 Communications, LLC in 2013."
Some experts are concerned about the coming retirement of copper phone land lines. The Ars Technica blog reported in August 2014:
"The National Association of State Utility Consumer Advocates (NASUCA) asked the FCC to delay copper retirements in Belle Harbor and Ocean View until the FCC performs the investigation requested by Public Knowledge. NASUCA also wants the retirements to wait until after the completion of trial runs of all-IP phone networks. The FCC is expected to oversee the first such trials as early as next year in the AT&T wire centers of Kings Point, Florida, and Carbon Hill, Alabama. Verizon says it doesn't want to wait, because that process could take years."
What does this mean? All consumers should realize that phone companies want to get out of the traditional copper land-line phone business and support only wireless phone customers. They view maintenance of the copper infrastructure as costly. You may believe that everyone has already switched to mobile phones, but there are plenty of copper land-lines still in use. The Local Telephone Competition Report by the FCC stated that in June 2013:
"... there were 90 million end-user switched access lines in service, 45 million interconnected VoIP subscriptions, and 306 million mobile subscriptions in the United States, or 441 million retail local telephone service connections in total... Of the 135 million wireline retail local telephone service connections (including both switched access lines and interconnected VoIP subscriptions) in June 2013, 77 million (or 57%) were residential connections and 58 million (or 43%) were business connections..."
It is important for consumers to realize that traditional copper land-lines in homes (and businesses) are going away, probably sooner than you might expect. That means that Internet services that rely on those land lines (e.g., DSL Internet service) will also disappear. DSL customers will have to migrate to other service providers (e.g., cable or fiber) for high-speed connections.
"First it was street-corner phone booths and home delivery of telephone books. Now, land lines are on their way to becoming part of American telecommunications history. As consumers continue to move to wireless, states are passing or considering laws to end the requirement that phone companies provide everyone land-line service. Indiana and Wisconsin are the two most recent states to end the requirement, and many others — including Alabama, Kentucky and Ohio — are considering it..."
There are concerns that rural consumers lack sufficient access to affordable high-speed Internet services, and that high-speed Internet services in the United States don't offer the best value. A major worldwide study found that consumers in the United States pay more for high-speed Internet services than consumers in other countries and get slower speeds.
Rural residents often face multiple obstacles. Prior studies have found that many poor people in rural areas live in "banking deserts," places not served by any banks. According to a recent FCC report, 64 percent of rural Virginia residents don't have access to high-speed Internet services (as defined by the new benchmarks). In West Virginia the number of residents is 74 percent. More than half of rural residents nationwide lack access to high-speed Internet services. Now, add poor phone service to the list of obstacles.
What should rural consumers do about poor phone services? What should any consumer do if you can't contact rural consumers or businesses? Fight for your rights and the services you are paying for. The FCC advises consumers to first learn to recognize the problem:
Next, write down the date, time, and phone number(s) dialed, plus the name of the long-distance or wireless phone carrier. Then, report the problem to your wireless phone provider or to your long-distance service provider. If the problem remains unaddressed, file a Phone Complaint with the FCC.
What are your opinions of the FCC and Verizon settlement? Of land-lines going away? Of the problems rural residents face?
The Office of the Attorney General of Massachusetts announced a settlement agreement with four national banks about claims of unlawful foreclosures on homeowners in the state. The four banks are Bank of America, CitiGroup, JPMorgan Chase, and Wells Fargo:
"The consent judgment, entered today in Suffolk Superior Court, resolves the AG's allegations that Bank of America, JP Morgan Chase Bank, Citi, and Wells Fargo Bank violated Massachusetts foreclosure law and the Massachusetts Consumer Protection Act by illegally foreclosing upon Massachusetts residents’ homes when the banks lacked the legal authority to do so."
The events that led up to this announcement:
"The Supreme Judicial Court ruled in the Ibanez decision that mortgagees seeking to foreclose must strictly comply with Massachusetts foreclosure laws. Under the statutory power of sale and Massachusetts law, a foreclosure is void unless a bank or other foreclosing party is the mortgagee of record or holds the mortgage through a valid assignment before publishing the notice of foreclosure sale... The banks’ failure to obtain a valid assignment of the mortgage prior to foreclosure has adversely impacted titles to numerous properties in the Commonwealth."
The AG's office is still pursuing a judgment against defendant GMAC Mortgage, LLC, which filed bankruptcy in May 2012. Experts have said that the illegal foreclosure problem is widespread across the United States. A 2012 settlement agreement included $25 billion paid by five banks: Ally Financial, Bank of America, Citigroup, JPMorgan Chase, and Wells Fargo. That 2012 settlement, between federal officials and 49 states (what's up Oklahoma?), included mortgage abuses such as robo-signing and incomplete/inaccurate record keeping. A 2013 analysis found that banks illegally foreclosed on more than 700 military personnel. And, in February 2014:
"... Ocwen, the nation’s fourth largest mortgage servicer, entered into a $2.1 billion national settlement with the federal government, and 49 states, including Massachusetts, resulting in an estimated $80 million in principal reduction and cash payments to Massachusetts homeowners over claims of loan servicing misconduct and so-called “robo-signing.” Massachusetts homeowners also received approximately $1.5 million in cash payments from that multistate settlement..."
Terms of the latest consent judgment:
"... the banks are obligated to assist a consumer who makes a claim that the title to his or her residence is void from an unlawful foreclosure by conducting a thorough title review, providing curative documents, releasing junior liens held by the banks, and, in cases where consumers do not have title insurance, paying reasonable costs associated with the title cure. In addition, the banks will pay $2.7 million, $700,000 of which will be allocated to the Attorney General’s Local Consumer Aid Fund to provide consumer assistance. The remaining $2 million of the settlement will be paid to the Commonwealth's General Fund."
While settlements and consent judgments are nice, this wrongdoing will stop only when bank executives go to prison.
Last week, the Attorney General for the State of Florida announced a settlement agreement between DaVita Healthcare Partners, Inc., several states, and the Federal Government. The settlement resolves allegations:
"... that DaVita paid illegal kickbacks to induce the referral of patients to its dialysis clinics, causing false claims to be submitted to the Medicaid program."
The settlement resulted after a whistleblower lawsuit which alleged that:
"... between March 1, 2005 and Feb. 1, 2014 DaVita identified physicians that had significant patient populations suffering renal disease and offered them lucrative opportunities to partner with DaVita by acquiring and/or selling an interest in dialysis clinics to which their patients would be referred for dialysis treatment. DaVita further ensured referrals of these patients to the clinics through a series of secondary agreements with the physicians, including entering into agreements in which the physician agreed not to compete with the DaVita clinic and non-disparagement agreements that would have prevented the physicians from referring their patients to other dialysis providers."
This is not the first settlement involving DaVita. In October 2014:
"... DaVita agreed to pay the United States $350 million in a federal settlement to resolve claims that it violated the False Claims Act by paying kickbacks to induce the referral of patients to its dialysis centers. DaVita agreed to a Civil Forfeiture in the amount of $39 million. Additionally, DaVita entered into a Corporate Integrity Agreement with the Office of Counsel to the Inspector General of the Department of Health and Human Services, which requires it to unwind some of its business arrangements and restructure others, and includes the appointment of an Independent Monitor to prospectively review DaVita’s arrangements with nephrologists and other health care providers for compliance with the Anti-Kickback Statute.
DaVita Healthcare Partners, headquartered in Denver (Colorado), will pay $22 million total in the settlement. The State of Florida will receive $5.6 million. According to its website, total company annual revenue was $11,764 million. Other states participating in the settlement include California, Colorado, Kentucky, and Ohio.
The Attorney General's Office for the Commonwealth of Massachusetts announced earlier this week that it had reached a settlement with Just energy, an electricity supplier, to resolve several deceptive marketing allegations. The lawsuit, filed in Suffolk Superior Court, alleged that:
"... Just Energy, through a third-party telemarketing vendor and door-to-door agents, engaged in deceptive marketing and sales that misled consumers into signing contracts based on attractive introductory pricing, only to later increase their electricity supply costs."
This blog first reported about Just Energy in 2010. After that blog post, consumers in the United States and Canada summited comments, followed by sales and sales management representatives of the electricity supplier. I did not see any mention of the settlement agreement in the Just Energy website. Based in Mississauga, Ontario (Canada0, the company lists a local office for Massachusetts residents in Buffalo, New York. Affiliated companies include Amigo Energy, Commerce Energy, Hudson Energy, and Tara Energy.
The Attorney General's announcement also stated:
"... ust Energy sales representatives allegedly failed to disclose complete and accurate pricing information to its customers by promising savings or representing that they could help consumers keep their electricity bills low. Instead, consumers were charged rates that were higher than the rates for the electricity supply provided by NSTAR and National Grid. Just Energy also allegedly induced elderly and non-native English speaking consumers by continuing to offer electricity supply services even after it became clear that they did not understand the terms of the proposed contract."
"Slamming" is when a consumer's service is switched without their consent. The allegations included slamming:
Consumers were allegedly switched from their distribution company to Just Energy without their authorization... The AG’s Office alleges that Just Energy made false representations concerning its electricity products, including that its products would provide “green” or “renewable” energy at prices comparable to basic service, and that its products were offered as part of a state-run program..."
Terms of the settlement agreement require Just Energy to pay $3.8 million into an independent trust to provide restitution to affected residents, and to pay $200,000 to the Commonwealth. To avoid slamming and deceptive marketing, the Attorney general's Office advises consumers to do these four things:
I congratulate the Attorney General's Office for protecting consumers and enforcing the laws.
Just before the Christmas holiday, the U.S. Federal Trade Commission (FTC) announced that it had charged a data broker with selling consumers' sensitive personal information to fraudsters to commit theft and fraud:
"... LeapLab bought payday loan applications of financially strapped consumers, and then sold that information to marketers whom it knew had no legitimate need for it. At least one of those marketers, Ideal Financial Solutions – a defendant in another FTC case – allegedly used the information to withdraw millions of dollars from consumers’ accounts without their authorization."
Defendants named in the lawsuit include Sitesearch Corporation (doing business as LeapLab), LeapLab, LLC (based in Arizona), Leads Company (based in Nevada), and John Ayers. LeapLab's Twitter account seems dormant, and its website is not operating. BusinessWeek lists John Ayers as Chairman of the Board of LeapLab.
In its complaint, the FTC alleged that LeapLab:
"... collected hundreds of thousands of payday loan applications from payday loan websites known as publishers. Publishers typically offer to help consumers obtain payday loans. To do so, they ask for consumers’ sensitive financial information to evaluate their loan applications and transfer funds to their bank accounts if the loan is approved... The defendants sold approximately five percent of these loan applications to online lenders, who paid them between $10 and $150 per lead... the defendants sold the remaining 95 percent for approximately $0.50 each to third parties who were not online lenders and had no legitimate need for this financial information."
So, your bank account information is worth 50 cents to fraudsters. The sensitive consumer information LeapLab allegedly sold to non-lender third parties included consumer’s names, addresses, phone numbers, employers, Social Security numbers, bank account numbers, and bank routing numbers. Who were these non-lender third parties? They included:
"... marketers that made unsolicited sales offers to consumers via email, text message, or telephone call; data brokers that aggregated and then resold consumer information; and phony internet merchants like Ideal Financial Solutions. According to the FTC’s complaint, the defendants had reason to believe these marketers had no legitimate need for the sensitive information they were selling..."
In a separate complaint, the FTC sued Ideal Financial Solutions (based in Las Vegas, Nevada), for allegedly buying information about 2.4 million consumers between 2009 and 2013 from data brokers and using that information:
"... to make millions of dollars in unauthorized debits and charges for purported financial products that the consumers never purchased. LeapLab provided account information for at least 16 percent these victims."
"The complaints are part of a multiyear government crackdown on fraudulent debt collection and other scams that target people in financial distress. But the case against LeapLab indicates that federal regulators are now widening their investigation to include the middlemen who traffic in the kind of closely held consumer details that can make consumers vulnerable to financial scams... Frederick G. Gamble, a lawyer in Tempe, Ariz., who was listed as a statutory agent of LeapLab, did not respond a voice mail message seeking comment..."
Thanks to the FTC staff for enforcing credit laws. I look forward to the FTC pursuing more data brokers and non-lender third parties who engage in similar behaviors.
Thee has to be strong consequences for this type of wrongdoing. I hope that the defendants pay fines, pay the credit monitoring and resolution costs for affected consumers, and serve time in prison. That sounds about right for the amount of damages inflicted upon consumers.
What are your opinions?
News media and social networking sites are ablaze with discussions about Sony Pictures and its film, "The Interview." Everyone has an opinion, and many seem to want the company to stand up for First Amendment rights of creative artists, and not surrender to threats by politically-motivated hackers.
These are all valid concerns. However, Sony seems to be at the nexus of several important, related issues that shouldn't be confused nor overlooked:
This latest data breach at Sony was not the company's first incident. It experienced several breaches during 2011, notably a massive incident at Sony Playstation Network affecting 77 million customers, and at Sony Entertainment Network. Later that year, Sony executives apologized. Earlier this year, the company agreed to a settlement resolving lawsuits about its Playstation Network breach. However, there's more. Forbes magazine reported:
"An email from Courtney Schaberg, VP of legal compliance at Sony Pictures, to general counsel Leah Weil, dated 16 January 2014, reported a compromise of the Sonypictures.de site. The website was swiftly taken down after it emerged the site had been hacked to serve up malware to visitors. Schaberg also expressed concern that email addresses and birth dates for 47,740 individuals who signed up to the site’s newsletter had been accessed by the attacker. On Friday 17 January 2014, Schaberg told Weil that it was unclear whether personal information had been taken as an investigation by a third party would not start until the following Monday, but it was unlikely Sony would disclose the breach publicly."
After the Sony Pictures cyberattack, both current and former employees have already filed lawsuits. TechCrunch described some of the details:
"... Christina Mathis and Michael Corona have filed a federal court complaint against the movie studio, alleging that the company did not take enough precautions to keep employee and employee family data safe... The complaint references tech blog reporting to note that Sony was aware of the insecurity on its network..And it cites several instances of Sony failing to adequately inform former employees of the situation... there were only 11 people on the Sony information security team at the time of the hack..."
The plaintiffs seem to have several valid concerns. Krebs On Security reported:
"According to multiple sources, the intruders also stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical and salary information. What’s more, it’s beginning to look like the attackers may have destroyed data on an unknown number of internal Sony systems."
Krebs on Security also reported:
"Several files being traded on torrent networks seen by this author include a global Sony employee list, a Microsoft Excel file that includes the name, location, employee ID, network username, base salary and date of birth for more than 6,800 individuals... Another file being traded online appears to be a status report from April 2014 listing the names, dates of birth, SSNs and health savings account data on more than 700 Sony employees. Yet another apparently purloined file’s name suggests it was the product of an internal audit from accounting firm Pricewaterhouse Coopers, and includes screen shots of dozens of employee federal tax records and other compensation data."
So, the sensitive personal data stolen is out in the open where criminals can use and abuse it. And, there may be more. The hackers have threatened to release more stolen information if Sony Pictures releases the film.
On December 15, Sony Pictures published several breach notices, including this general breach notice to its current and former employees (Adobe PDF) worldwide. Accompanying this general notice are several specific notices for residents in the United States, Canada, and Puerto Rico. There are detailed breach notices for residents of Maryland, Massachusetts, North Carolina, and Puerto Rico.
The Sony Pictures breach notice for Massachusetts residents (Adobe PDF) listed the specific data exposed and probably stolen:
"... the following types of personally identifiable information that you provided to SPE may have been subject to unauthorized acquisition: (i) name, (ii) address, (iii) social security number, driver’s license number, passport number, and/or other government identifier, (iv) bank account information, (v) credit card information for corporate travel and expense, (vi) username and passwords, (vii) compensation and (viii) other employment related information. In addition, unauthorized individuals may have obtained (ix) HIPAA protected health information, such as name, social security number, claims appeals information you submitted to SPE (including diagnosis), date of birth, home address, and member ID number to the extent that you and/or your dependents participated in SPE health plans, and (x) health/medical information that you provided to SPE outside of SPE health plans..."
If any items had been encrypted, Sony Pictures probably would have mentioned it. Why wasn't this sensitive information encrypted? That's one problem. Next, the data stolen includes the mother-lode of personal, financial, and healthcare information; stuff identity criminals seek for reselling proftiably to other criminals, for impersonating breach victims both online and offline, for taking out fraudulent loans, and for obtaining free health care services.
Sony Pictures has arranged for 12 months of free identity-protection services with AllClearID. As I have written before repeatedly, 12 months is insufficient. the data elements stolen do not magically become obsolete in 12 months. Five or ten years of identity-protection services would be better.
Sony's latest breach, and unencrypted data storage, makes one doubt that its executives have truly learned from prior data breaches; whether the company's executives have truly embraced best practices for data security, or continue to cut corners. As TechCrunch reported:
"Sony Director of Information Security Jason Spaltro even gave an interview in 2007 whose whole point was to revel in Sony’s security loopholes: “it’s a valid business decision to accept the risk” of a security breach. “I will not invest $10 million to avoid a possible $1 million loss,” he said at the time. This hack is estimated to cost Sony $100 million after all is said and done. The last one cost the company a cool $171 million..."
[December 24 update: Sony Pictures reversed its prior decision and will release the film in select theatres on Christmas.]
Six states, including Illinois Attorney General Lisa Madigan, announced a $750,000 settlement with Pointroll, a digital advertising firm, after investigations for privacy violations. The Illinois AG announced:
"... Madigan and her counterparts from five other states alleged that PointRoll unlawfully deployed a browser circumvention technique that allowed it to place browser cookies on consumers’ Safari web browsers despite privacy settings configured to “block cookies from third-parties and advertisers” or alternatively set to “accept cookies” from “visited sites” (for Safari browsers on Apple iPhones and iPads) between December 13, 2011, and February 15, 2012."
Browser cookie files, often referred to as "cookies," are small text files web browsers create, update, and save to users' computers. These files allow advertisers to gather information about users online habits often including the sites you visit online. Pointroll is owned by the Gannett Corporation.
Besides Illinois, the states involved in the settlement include Connecticut ($110,000), Florida, Maryland ($110,000), New Jersey ($200,000), and New York ($110,000). The Connecticut Attorney General's announcement included a statement by the state's Consumer Protection Commissioner, William M. Rubenstein:
"Brazenly disregarding consumer preferences is an unwise business practice that borders on unethical conduct... We applaud New Jersey’s leadership in the investigation and negotiation with PointRoll and we will continue to uphold Connecticut consumers’ right to choose.”
Borders on unethical conduct? The settlement terms are pretty standard stuff (e.g., requires Pointroll to respect and comply with users' browser settings to block cookies, train employees, submit to annual assessments, and prominently display buttons with links to privacy-policies on its websites). That the firm had to be forced to do this makes one wonder what Pointroll's internal company culture is regarding ethics and privacy. It makes one wonder how trustworthy, or not, the executives at Pointroll are. Are executives at Gannett paying attention?
Readers of this blog know that advertisers have used a variety of technologies (e.g., browser cookies, "zombie cookies," Flash cookies ("super cookies," etags) to ignore and circumvent consumers' explicit decisions and web browser settings not to be tracked online. I congratulate the six attorneys general and their staff for protecting and enforcing consumers' privacy.
What are your opinions of this settlement agreement?
Nine states joined in an agreement with TD Bank to settle allegations about the bank's March 2012 data breach that affected 260,000 persons, including more than 90,000 in Massaschusetts. In a statement, the Office of Martha Coakley, Attorney General for the Commonwealth of Massachusetts, announced that the bank:
"... violated state data security regulations, including by failing to comply with its own policies requiring encryption of the personal information on the tapes, and by failing to retain a third-party service provider capable of maintaining appropriate security measures when transporting the tapes. The AG’s Office also alleged that TD Bank violated the state data breach notice law by delaying providing notice of the March 2012 data security incident until October 2012."
The breach occurred when the bank's back-up tapes containing unencrypted information (e.g., names, Social Security numbers, bank account numbers, drivers' license numbers, etc.) were lost during shipment to a vendor. Terms of the settlement agreement with Massachusetts:
"... TD Bank has agreed to a settlement amount of $825,000. TD Bank will pay $325,000 in civil penalties, $75,000 in attorney’s fees and costs, and $225,000 to a fund administered by the AG’s Office to promote education or to fund local consumer aid programs. In addition, TD Bank has been credited $200,000 to reflect security measures and upgrades it has already taken following the incident."
The bank also agreed to provide prompt notice of any future data breaches and to comply with Massachusetts data security laws:
Unencrypted computer backup tapes surely make it convenient for identity thieves and criminals. A visit Tuesday to the bank's home page showed an http browser connection instead of a more secure https connection. You'd think that the bank would have upgraded tits home page connection to show both current and prospective customers that it is serious about security. Do the bank's executives get it? Perhaps, the settlement penalty amount was not large enough.
What are your opinions of the settlement agreement?
Paul A Magnuson, a U.S. District Court Judge in Minnesota, ruled on December 2, 2014 that the class-action lawsuit can proceed against Target Corporation for its 2013 data breach.
Target, one of the largest retailers in the country, is headquartered in Minnesota. During its 2013 data breach, hackers stole the credit- and debit-card information for about 110 million shoppers. Lawsuits by both consumers and banks followed, and they were consolidated into the litigation Judge Magnuson ruled upon. Judge Magnuson heard arguments about four complaintss:
"Plaintiffs’ Complaint consists of four claims against Target. Count One contends that Target was negligent in failing to provide sufficient security to prevent the hackers from accessing customer data. Count Two asserts that Target violated Minnesota’s Plastic Security Card Act, and Count Three alleges that this violation constitutes negligence per se. Count Four claims that Target’s failure to inform Plaintiffs of its insufficient security constitutes a negligent misrepresentation by omission."
Target sought dismissal of all four claims arguing that the plaintiffs did not prove their case. Judge Magnuson ruled in favor of the plaintiffs on three of the four counts:
"Plaintiffs have plausibly pled a claim for negligence, a violation of the PCSA, and negligence per se. Plaintiffs failed to plead reliance, however, and therefore their negligent-misrepresentation claim must be dismissed without prejudice.
This meant that the lawsuit can continue based upon the allegations of negligent data security, violation of Minnesota's Plastic Security Card Act (PSCA), that Target's actions were negligent. The judge agreed with the plaintiff's argument that:
"Although the third-party hackers’ activities caused harm, Target played a key role in allowing the harm to occur. Indeed, Plaintiffs’ allegation that Target purposely disabled one of the security features that would have prevented the harm is itself sufficient to plead a direct negligence case: Plaintiffs allege that Target’s “own conduct create[d] a foreseeable risk of injury to a foreseeable plaintiff."
"... the attackers were able to access the POS network and exfiltrate payment card data for 40 million victims via an HVAC contractor’s credentials... Also, the big-box giant admitted that an early-warning system from FireEye that was in place was ignored despite multiple alarms..."
While most people believe the HVAC vendor's credentials story, I am not so sure it was only an HVAC vendor's credentials. Anyway, this court ruling has huge implications for both banks and retailers. According to InfoSecurity:
"Industry watchers have long expected Target and other retailers to eventually find themselves liable for stolen identities and bank fraud stemming from the high-profile point-of-sale (POS) breaches that have become a sad norm on the cyber-incident front. Now, a Minnesota court has paved the way for a series of lawsuits by banks looking to recover their losses, which they say range into the billions for the last year alone."
Read the Minnesota U.S.District Court ruling (Adobe PDF).
One thing is certain: we will hear more about both this lawsuit and the squabble between retailers, banks, and credit unions about who should pay for breach-related costs when replacement debit/credit cards and accounts must be issued to breach victims.
Just before the Thanksgiving holiday, a Texas court ruled that a class-action lawsuit can proceed against Compact Information Systems, Inc. (CIS) and several corporate defendants for alleged violations of the Driver Privacy Protection Act (DPPA). This lawsuit is important not only because of the alleged privacy violations, but also because sales of drivers' personal information by state governments can place domestic-violence victims at risk of being victimized again.
The National Organization For Victim Assistance (NOVA) has seen:
"... an explosion in identity theft and cyber stalking victimization. These criminals thrive on access to personal information through electronic data sources, using these bits of PII or personally identifying information to continually harass and re-victimize their targets... With the increase in focus on cyber safety, more attention is being paid to how criminals access their victims’ PII."
NOVA described how drivers' data is acquired and abused:
"The DPPA protects “personal information… that identifies an individual, including an individual’s photograph, social security number, driver identification number, name, address (but not the 5-digit zip code), telephone number, and medical or disability information.” The DPPA states it is “unlawful for any person knowingly to obtain or disclose personal information, from a motor vehicle record, for any use not permitted under section 2721(b)... This infers that the data will only be used for legitimate government agencies or for licensing purposes without consent of the individual. This is not the case. Many states have chosen to interpret this to mean that unless an individual “opts out” of information sharing, they have consented. States are required to determine that your data is being sold to companies with a permissible use. But recent Court rulings have determined that businesses are being allowed to purchase this aggregate data then re-sell it over and over with very little oversight."
The Doe v. CIS lawsuit was originally filed in December, 2013. At that time, the Top Class Actions site reported:
"Plaintiffs Jane Doe and Toby Cross filed the class action lawsuit on behalf of themselves and a proposed class of individuals... plaintiff Jane Doe (who is using a pseudonym to protect her identity) moved to Florida to protect herself from an abusive relationship. Like thousands of other motorists, her PII was requested in bulk, without any information about who is actually requesting the records. She is “outraged by the privacy implications” of this practice... She fears her current physical address could be acquired by her former predator, who poses a serious threat to Doe and her family. According to the class action lawsuit, the state of Texas sells 33 million motor vehicle registration records to bulk requestors each month. Although the entities that request the records claim they are requesting them for DPPA permissible purposes, the plaintiffs claim that they are “willing to ignore the legal implications of the DPPA by providing false and misleading information to the State Motor Vehicle Departments..."
On November 20, 2014, a Magistrate Judge in U.S. District Court in Northern Texas/Dallas Division ruled (Adobe PDF) that the class-action should proceed against CIS, Data Solutions of America, Inc., KMB Statistics LLc, and others. The judge also allowed the plaintiffs to proceed with a motion filed in July to amend their complaint and add AccuData Integrated Marketing, Inc. as a defendant.
During 2014, a third plaintiff, Arthur Lopez, was added to the suit. During the process, the defendants argued that Jane Doe's real identity should be disclosed. A decision about that is pending. In September 2014, a judge dismissed defendant Endurance Warranty Services (EWS) from the suit.
While reading the latest court documents, I noticed that plaintiffs are represented by the Law Office of Joseph H. Malley, P.C. I recognize that name, since Malley has often been referred to as the "Privacy Crusader." Malley was involved with class-action suits against Adzilla, NebuAd, Quantcast ("zombie cookies"), Ringleader, Facebook, and Apple. In 2010, Facebook settled its suit for $9.5 million. So, the plaintiffs have experienced, knowledgeable, and relentless representation. Maybe, "Privacy Pitbull" is a better nickname.
Top Class Actions also provided background information about the DPPA:
"The DPPA was enacted by Congress to protect the personal identifying information (PII) citizens are required to provide to their state Department of Motor Vehicles when acquiring or renewing a drivers’ license. The protection of consumers’ PII is essential to limit the risk of identity theft. For victims of domestic violence, the protection of PII is even more critical. Before the enactment of the DPPA, anyone was able to access public motor vehicle records and could use that information for any purpose. Even with the protections offered by the DPPA, most states sell motor vehicle records."
Additional background information about the DPPA is available at The Electronic Privacy Information Center (EPIC) site:
"The DPPA was passed in reaction to the a series of abuses of drivers' personal information held by government. The 1989 death of actress Rebecca Schaeffer was a prominent example of such abuse. In that case, a private investigator, hired by an obsessed fan, was able to obtain Rebecca Schaeffer's address through her California motor vehicle record. The fan used her address information to stalk and to kill her. Other incidents cited by Congress included a ring of Iowa home robbers who targeted victims by writing down the license plates of expensive cars..."
The problem isn't new. There have been lawsuits as far back as 2010 about alleged DPPA violations. If companies (and executives) are providing false information in order to buy drivers' information, or are using drivers' data for impermissible purposes, then there has to be verification and enforcement. Otherwise, chaos results.
There is a possible solution. The credit reporting industry developed a secure method for consumers to maintain control of their information and prevent their credit reports from being resold. The states' motor vehicle registries could, and should, adopt a similar system, so domestic violence victims and other at-risk consumers can maintain control of their personal data and prevent their drivers' data from being resold.
Does your state sell drivers' personal information? Probably, because it's a revenue generation source. Florida made $63 million in 2010, and Texas made in 2012 probably far more than the $2.1 million known. It can be difficult to determine because most states seem not to want to discuss the matter. You'd think that states' motor vehicle registry websites would clearly display this information, but few seem to and the information is often buried and hard to find.
What are your opinions of the DPPA? Of states' selling of drivers' data? Of the businesses that buy drivers data?
The U.S. Justice Department announced the results of a court case where the developer of StealthGenie, a mobile spyware app, pled guilty and will pay a $500,000 fine. The app remotely monitors phone calls, text messages, video, and other communications on mobile phones.
Assistant Attorney General Leslie R. Caldwell said:
"Spyware is an electronic eavesdropping tool that secretly and illegally invades individual privacy... Make no mistake: selling spyware is a federal crime, and the Criminal Division will make a federal case out if it.”
Mr. Hammad Akbar, 31 and a Danish citizen, was the chief executive officer of InvoCode Pvt. Limited and Cubitium Limited, the companies that advertised and sold StealthGenie online. Users could install StealthGenie on a variety of mobile phones including Apple’s iPhone, Google’s Android, and Blackberry Limited’s Blackberry. The app was advertised as being untraceable.
This is the first ever criminal conviction involving the marketing of a mobile device spyware app. U.S. Attorney Dana J. Boente described how the app worked:
"The defendant advertised and sold a spyware app that could be secretly installed on smart phones without the knowledge of the phone's owner... This spyware app allowed individuals to intercept phone calls, electronic mail, text messages, voice-mails and photographs of others. The product allowed for the wholesale invasion of privacy by other individuals..."
Kudos to the Justice Department and F.B.I. for this conviction. I look forward to reading about more prosecutions and convictions of developers of similar mobile apps.
Customers of Frontier Communications have filed a class-action lawsuit against the Internet service provider (ISP) for allegedly failing to provide the broadband connection speeds promised. The Charleston Gazette reported:
"Customers also complained about frequent Internet outages... according to the lawsuit filed last week in Lincoln County Circuit Court. Frontier advertised a service called, "High-speed Internet Max" which provides speeds of up to 12 megabits per second. But the company "throttled" back Internet speeds, particularly in rural areas, without properly notifying customers. Some customers were receiving speeds below one megabit per second, but paying for the faster service, the suit alleges."
Some customers claim the ISP didn't provide speeds anywhere near what was promised. A spokesperson for the ISP said:
"Although we cannot guarantee Internet speeds due to numerous factors, such as traffic on the Internet and the capabilities of a customer's computer, Frontier tested each plaintiff's line and found that in all cases the service met or exceeded the "up to" broadband speeds to which they subscribed..."
Reportedly, Frontier is the the only ISP is parts of West Virginia. lack of competition hurts consumers. The lawsuit also alleged that Frontier accepted $42 million in Federal stimulus money to build a high-speed network across the state, and then failed to allow competitiors to use the network as required.
It will be interesting to see what happens. The Consumerist reported:
"The lawsuit faces one huge roadblock... According to the Frontier Terms & Conditions [PDF], residential service subscribers are not only forbidden from joining together in a class action, but must each individually resolve any legal dispute with the company through mandatory binding arbitration — a process that is heavily unbalanced in favor of the business. But the plaintiffs believe they are not bound by this clause, as the only way to access the terms of service is via the Frontier website, and the company never obtains “informed written consent” from customers."
Binding arbitration means that for an unresolved problem or dispute, the customer must use the arbitration process specified. It also means that the customer has lost at least three rights: to sue, to participate in any class-action lawsuits, and to benefit from mediation. These rights probably are important to you. Bankrate published this in 2004:
"Binding arbitration, a little noticed clause in many agreements and contracts, strips consumers of their fundamental rights, including the right to sue individually or join a class-action suit if they have a problem with a company. Under binding arbitration, a consumer can be forced to pay thousands of dollars upfront to pursue a complaint, travel thousands of miles to a location of the company's choosing for the hearing, argue their case before an arbitrator who depends on the company for future business and surrender such basic legal weapons as the right to discovery and the right to appeal a decision... Labeled by the National Consumer Law Center as "astonishingly unfair and undemocratic," these clauses affect millions of consumers across the country. Corporations insert them into employment and home building contracts, in agreements for credit cards, computer software and hardware purchases, and many types of loans."
And, arbitration can cost more than a traditional court trial:
"Consumers' costs for arbitration vary widely and depend on the arbitration company, the type of dispute and the cost of the proposed remedy. The American Arbitration Association offers a streamlined process for consumer disputes that limits costs, but limits your rights too. While the American Arbitration Association is an umbrella group for arbitration companies, not all arbitration companies follow its suggested rules. Under these consumer rules, there is a filing fee of $125 if your dispute is under $10,000 and $350 if it is over that amount... However, in exchange for the low filing fees and streamlined process, you must give up some of your rights... There is no contingency in arbitration. Also, these costs don't include costs for an attorney if you want one..."
According to the National Association of Consumer Advocates (NACA):
"One of the alleged benefits of arbitration is that it costs less than litigation, but frequently this is not true for consumers and employees. Forced arbitration frequently costs more than taking a case to court and can cost thousands of dollars. Individuals often have to pay a large fee simply to initiate the arbitration process. If they are able to get an in-person hearing, individuals sometimes have to travel thousands of miles on their own dime to attend the arbitration. In the end, the loser (usually the individual) often pays the company’s legal fees."
The Public Citizen website lists the banks, retail stores, entertainment, online shopping, telecommunications, consumer electronics, software, nursing homes, and health care companies that include binding arbitration clauses in their contracts with customers. If this bothers you (and I hope that it does), you can take action at the NACA website.
Last week, the attorney generals (AGs) in several states announced a multi-state settlement agreement with TD Bank about the bank's 2012 data breach which exposed the sensitive financial information of consumers. New York State AG Eric T. Schneiderman announced:
"The data breach occurred in 2012, when TD Bank reported the loss of unencrypted backup tapes in Massachusetts. The tapes contained 1.4 million files and 1,800 different file types that had been accumulated over a period of 8 to 10 years. In total, the files contained various personal information for 260,000 TD Bank customers nationwide, including 31,407 in New York State.... The $850,000 settlement requires the bank to reform its practices to help ensure that future incidents do not occur. New York State will receive $114,106.11 under the settlement."
Other terms of the settlement agreement:
"The agreement requires TD Bank notify state residents of any future security breaches or other acquisitions of personal information a timely manner. TD Bank also agreed to maintain reasonable security policies to protect personal information. The agreement ensures that no backup tapes will be transported unless they are encrypted and all security protocols are complied with. TD Bank will review on a bi-annual basis their existing internal policies regarding the collection, storage and transfer of consumers’ personal information and will make changes to better protect such information. TD Bank will also institute further training for its employees."
The State of Florida led the settlement negotiation along with Connecticut, Maine, Maryland, New Jersey, New York, North Carolina, Pennsylvania and Vermont.
43,157 residents in Connecticut were affected by the data breach. Connecticut AG George Jepsen stated in an announcement:
"The importance of this agreement goes significantly beyond financial remedies by seeking to ensure that future similar breaches are prevented. Consumers have a reasonable expectation of privacy and protection when it comes to their personal and financial information. This agreement recognizes those rights and ensures that TD Bank will continue to work to address the policies and procedures in place in 2012 that contributed to this breach in the first place..."
659 residents in Maryland were affected by the data breach. Maryland AG Douglas F. Gansler said about the settlement:
""Banks are as obligated to safeguard their customers' personal information as they are to protect their customers' money... While it appears this breach did not lead to any cases of identity theft, we must be aggressive to combat both traditional fraudsters and sophisticated hackers."
This was not the bank's first data breach. TD bank experienced data breaches before 2012:
The New York Times reported recently about a surge in lawsuits by workers against their employers:
"... a flood of recent cases — brought in California and across the nation — that accuse employers of violating minimum wage and overtime laws, erasing work hours and wrongfully taking employees’ tips... Some federal and state officials agree. They assert that more companies are violating wage laws than ever before, pointing to the record number of enforcement actions they have pursued."
One possible reason why wage theft is increasing:
"... underlying changes in the nation’s business structure. The increased use of franchise operators, subcontractors and temp agencies leads to more employers being squeezed on costs and more cutting corners... companies on top can deny any knowledge of wage violations [by contractors]...".
The news story reported plenty of examples:
"... Guadalupe Rangel worked seven days straight, sometimes 11 hours a day, unloading dining room sets, trampolines, television stands and other imports... Even though he often clocked 70 hours a week at the Schneider warehouse here, he was never paid time-and-a-half overtime, he said. And now, having joined a lawsuit involving hundreds of warehouse workers..."
One wage-theft tactic is to force workers to sign blank timesheets:
"Julie Su, the state labor commissioner, recently ordered a janitorial company in Fremont to pay $332,675 in back pay and penalties to 41 workers who cleaned 17 supermarkets. She found that the company forced employees to sign blank time sheets, which it then used to record inaccurate, minimal hours of work."
Reclassifying jobs is another tactic:
"... in California, a federal appeals court ruled last week that FedEx had in effect committed wage theft by insisting that its drivers were independent contractors rather than employees. FedEx orders many drivers to work 10 hours a day, but does not pay them overtime, which is required only for employees. FedEx said it planned to appeal."
And, the wage theft problem is spreading:
"Commissioner Su of California said... My agency has found more wages being stolen from workers in California than any time in history... This has spread to multiple industries across many sectors. It’s affected not just minimum-wage workers, but also middle-class workers..."
Terrible business practices and unethical behaviors. The tiny bit of good news: more workers are learning what their rights are and are standing up for their rights.
I am not surprised at all by these mounting wage-theft allegations. Why? First, professor and former U.S. Labor Secretary Robert Reich summarized the ethical problem well in September 2013 on Twitter.com while discussing wrongdoing at the big banks:
"Fines effective only if risk of being caught x probability of being prosecuted x amount of fine > profits to be made."
Besides banks, executives in other and medium-sized businesses have done the math, too. Browse the website for the atate attorney general where you live. Some enforce wage laws vigorously. Others, not so much -- leaving it to workers to file civil suits. Low- and minimum-wage workers often don't have the funds to hire an attorney; if they know their rights. They are busy trying to survive, feed their families, and pay their bills.
Second, many unethical executives have concluded that labor laws in their states are weak. This 2013 study by NELP highlighted the problem: 83 percent of workers still had problems collecting unpaid wages -- even when they already had a court decision in their favor. That means, employers realize there are likely no consequences from violating labor laws.
Third, with any search engine you can easily find news reports about wage-theft settlements. I have reported about some recent cases in New York State: Domino's, McDonald's, and Masonry Services. Fourth, you see similar unethical behavior by executives with employer-operated retirement plans. This blog post reported about some typical cases. Overall, the U.S. Department of Labor recovered $1.2 billion in 2012 for workers. The facts speak for themselves.
What are your opinions of the wage-theft allegations?
Maybe you were away on vacation and missed this. On August 21, the U.S. Justice Department (DOJ) and several states' attorney generals announced the largest civil settlement ever with a single entity.
The $16.65 billion settlement agreement with Bank of America resolves both federal and state civil investigations into activities by the bank's former and current subsidiaries, including Countrywide Financial Corporation and Merrill Lynch, related to the packaging, marketing, sale, and issuance of residential mortgage-backed securities (RMBS). The bank acquired Merrill Lynch in 2009, and Countrywide in 2008.
According to the DOJ announcement, the bank agreed to pay:
"... a $5 billion penalty under the Financial Institutions Reform, Recovery and Enforcement Act (FIRREA) – the largest FIRREA penalty ever – and provide billions of dollars of relief to struggling homeowners, including funds that will help defray tax liability as a result of mortgage modification, forbearance or forgiveness. The settlement does not release individuals from civil charges, nor does it absolve Bank of America, its current or former subsidiaries and affiliates or any individuals from potential criminal prosecution."
This settlement is part of President Obama’s Financial Fraud Enforcement Task Force and its Residential Mortgage-Backed Securities (RMBS) Working Group, which has recovered $36.65 billion to date for American consumers and investors. The RMBS Working Group is led by Director Geoffrey Graber and five co-chairs: Assistant Attorney General for the Civil Division Stuart Delery, Assistant Attorney General for the Criminal Division Leslie Caldwell, Director of the SEC’s Division of Enforcement Andrew Ceresney, U.S. Attorney for the District of Colorado John Walsh, and New York Attorney General Eric Schneiderman.
Additional terms of the settlement:
"...includes a statement of facts, in which the bank has acknowledged that it sold billions of dollars of RMBS without disclosing to investors key facts about the quality of the securitized loans. When the RMBS collapsed, investors, including federally insured financial institutions, suffered billions of dollars in losses.."
These losses and other activities contributed to the economic recession during 207 to 2009, from which the country is still trying to recover. Additional terms of the settlement:
"... almost $10 billion will be paid to settle federal and state civil claims by various entities related to RMBS, CDOs and other types of fraud. Bank of America will pay a $5 billion civil penalty to settle the Justice Department claims under FIRREA. Approximately $1.8 billion will be paid to settle federal fraud claims related to the bank’s origination and sale of mortgages, $1.03 billion will be paid to settle federal and state securities claims by the Federal Deposit Insurance Corporation (FDIC), $135.84 million will be paid to settle claims by the Securities and Exchange Commission. In addition, $300 million will be paid to settle claims by the state of California, $45 million to settle claims by the state of Delaware, $200 million to settle claims by the state of Illinois, $23 million to settle claims by the Commonwealth of Kentucky, $75 million to settle claims by the state of Maryland, and $300 million to settle claims by the state of New York."
The settlment includes relief for consumers:
"... $7 billion in the form of relief to aid hundreds of thousands of consumers harmed... That relief will take various forms, including principal reduction loan modifications that result in numerous homeowners no longer being underwater on their mortgages and finally having substantial equity in their homes. It will also include new loans to credit worthy borrowers struggling to get a loan, donations to assist communities in recovering from the financial crisis, and financing for affordable rental housing.... $490 million in a tax relief fund to be used to help defray some of the tax liability that will be incurred by consumers receiving certain types of relief if Congress fails to extend the tax relief coverage of the Mortgage Forgiveness Debt Relief Act of 2007."
Related announcements were made by several states' attorney generals, including California, Florida, and Maryland. The settlement also resolves an August 2013 complaint against the bank by the U.S. Attorney’s Office for the Western District of North Carolina about $850 million of RMBS activities.
I encourage consumers to read the entire DOJ announcement, the 37-page settlement agreement (Adobe PDF), and the 30-page statement of facts addendum (Adobe PDF). The relief programs and payments to homeowners and consumers are good, but as former U.S. Labor Secretary Robert Reich said in September 2013 on Twitter.com:
"Fines effective only if risk of being caught x probability of being prosecuted x amount of fine > profits to be made."
This wrongdoing by bank executives will stop also when individual bank executives are convicted of fraud and are sent to prison for lengthy periods (with the loss of significant personal assets). Until then, the country will have two sets of laws where poor people who commit crimes and are caught go to prison, while rich people (including bank and corporate executives) who commit crimes and are caught have their employers pay modest fines.
Fraud is fraud. Theft is theft. Consequences need to be consistent. What are your opinions of the settlement agreement?
The U.S. Federal Trade Commission (FTC) announced that the U.S. District Court in Southern New York had ordered fraudsters to pay $5.1 million. The court:
"... issued default judgments against fourteen corporate defendants and fourteen individual defendants that allegedly operated the tech support scams. The operations were mostly based in India and targeted English-speaking consumers in the United States and several other countries... The judgments also ban them from continuing their deceptive tactics and from disclosing, selling or failing to dispose of information they obtained from victims."
The defendants are permanently banned from marketing technical support services. The firms the FTC had filed lawsuits against:
Two defendants in the PCCare247 case settled with the FTC in November 2013. Two defendants in the Marczak case settled with the FTC in April 2013. The latest court action applied to all remaining defendants.
The FTC had charged the defendants with violating the FTC Act, which prohibits deceptive marketing tactics. The agency had also charged the defendants with violating the Telemarketing Sales Rule, as they had allegedly called phone numbers illegally on the Do Not Call Registry.
The FTC's complaints described the fraudsters' deceptive marketing tactics:
"... the defendants claimed they were affiliated with legitimate companies, including Dell, Microsoft, McAfee, and Norton, and told consumers they had detected malware that posed an imminent threat to their computers. The defendants then charged these consumers hundreds of dollars to remotely access and “fix” the computers."
This sounds very similar to a tech support phone call I received in February, 2012.
I congratulate the FTC and the Court on this enforcement.
Last week, the Huffington Post and U.S. Senator Elizabeth Warren (D-Massachusetts) posted an interesting infographic about the vast sums banks have paid in settlements for alleged wrongdoing. If you haven't seen the infographic, it is definitely worth a view.
"Since 2009, big banks in the U.S. and Europe have paid at least $128 billion to regulators, according to data compiled by the Wall Street Journal, Reuters, and The Huffington Post, for issues tied to the housing collapse and other financial misdeeds, including aiding and abetting money laundering and tax evasion."
Some statistics from the infographic:
View the infographic to see more. This suggests an industry in crisis and out of control. Consider a 2013 ethics survey which found that young bankers view wrongdoing as a necessary evil and fear reporting misconduct. Sadly, some of these settlements have been tax deductible, but often such details aren't disclosed. When settlements are tax deductible, that means taxpayers -- you and I -- who did nothing wrong, are really paying part of these fines. Do you want to pay part of these fines and settlements? I don't, and I doubt that you do either.
"... the fact that a portion of settlements can be tax-deductible sends the wrong message to the public.... every dollar in tax write-offs for the companies has to be made up for by the government in higher tax rates, cuts to programs or more national debt... The really pernicious thing here is both the (government) agencies and the banks have an incentive to tout larger but illusory pretax numbers. The agency looks good because they get to hold up a bigger number. The company gets a better bottom line because it can get a big write-off... The only one who loses is the public."
On August 12, U.S. Senator Elizabeth Warren posted on Facebook:
"Since 2009, the big banks and financial institutions have paid at least $128 billion to regulators for the tricks and traps that brought down our economy. But they are happy to pay the fines – in fact, JP Morgan gave its CEO Jamie Dimon a 74% raise for negotiating its settlement. If these settlements are so weak that Wall Street is celebrating, it's not a good deal for the American people. That's why I introduced the Truth in Settlements Act to require accessible, detailed disclosures about settlement agreements. Just a couple weeks ago, the bill made it through the Senate Homeland Security & Governmental Affairs Committee and can now receive a full Senate vote. We're one step closer to stronger transparency and accountability."
Executives often use settlements as a way to avoid admitting any wrongdoing (and to avoid jail time), Some highlights from the Truth in Settlements Act (Adobe PDF):
"If enforcement agencies are confident that settlements are a good deal for the people they represent, they should be willing to publicly disclose the key terms of those agreements. The Truth in Settlements Act demands specificity and transparency in all federal agency settlements that include over $1 million in payments. The Act ensures that relevant details and terms of non-confidential settlements are publicized truthfully, and that the process by which settlements are deemed confidential is assessed and monitored..."
Specific provisions in the legislation require federal agencies to:
The Act also requires companies that settlement with federal enforcement agencies to publish in their SEC filings whether they have deducted any settlement payments from their taxes. You can easily track online the progress of S 1898 (The Truth in Settlements Act).
The Act sounds like an excellent deal for consumers and taxpayers. You want to know what your government is doing so you can hold it accountable. Contact your elected officials and demand that they support the Truth in Settlements Act (S 1898).
What are your opinions of the huge banking settlements? About the tax deductions in many settlements? Of the Truth In Settlements Act?