503 posts categorized "Federal / U.S. Government" Feed

More Year-End Considerations Given The Coming Likely Republican Tax Plan

A prior post discussed the questionable benefits and year-end considerations for middle-class taxpayers of the likely Republican tax reform plan making its way through Congress. The likely tax plan includes lower tax rates paired with many deductions eliminated.

The professional who prepares my taxes provided another warning:

"Dear clients:
It looks like almost a sure thing that, if you itemize deductions, beginning in 2018, you will no longer be able to take a deduction for the Excise Tax on your car or the income taxes that you pay to Massachusetts and other states. You will PROBABLY still be able to deduct your real estate property taxes up to $10,000 a year. If you currently pay the Alternative Minimum Tax (line 45 of your Form 1040), check with me before you follow these recommendations.

All others who itemize, I recommend that you consider the following actions this month (December):

  1. If your total property taxes (including those for a second home) are more than $10,000, pay your city or town as much as you possibly can in December.
  2. Be sure to pay... maybe even over-pay... as much of your State Income Tax as possible by December 31st. If you make estimated payments, your 4th quarter Massachusetts payment is due by January 15th. YOU SHOULD DEFINITELY PAY IT IN DECEMBER INSTEAD.
  3. Even if you don't usually make Estimate Payments to Massachusetts, you should consider making one in December... For example, if you made a payment of $1,000, you might save $150 or $250 or more on your 2017 federal tax return. You will save NOTHING on any state income taxes that you pay in 2018.

I will reach out again if and when the tax bill is finalized and signed into law if there are any other changes that might affect your plans in December."

Obviously, you should consult the professional that prepares your income taxes, since your situation and state may dictate different actions. And, I am not an income tax professional. New legislation always has consequences, and it seems wise to be aware. hence, this informational blog post.

Some additional thoughts. Capping the real estate property tax deduction at $10,000 might help pay for the increased deficits the Republican tax plan would generate, but it will also hurt persons living in high-cost areas (e.g., cities, states with high state taxes, areas with high real estate prices). Plus, the tax cuts are temporary for individuals but permanent for corporations. Slick, eh? Is it fair? Seems not.

My college friends and I are discussing via e-mail the considerations listed above and in my prior blog post. The proposed elimination of deductions for state and local taxes (SALT) is a hot topic. You can find online articles discussing the advantages and disadvantages of eliminating SALT deductions. Regardless, more to discuss with your accountant and/or income tax professional.


Doug Jones Wins In Alabama, Net Neutrality, And The FCC

[7:30 am EST] Congratulations to Doug Jones and his supporters for a stunning victory Tuesday in a special election in Alabama for the open U.S. Senate seat. His victory speech is available online. Late last month, Doug Jones tweeted this:

Later today, the commissioners at the U.S. Federal Communications Commission (FCC) will likely vote during their December 2017 Open Commission Meeting to kill net neutrality rules protecting consumers free and open internet access. The planned vote comes despite clear and mounting evidence of widespread identity theft by unknown persons to submit fake comments distorting and polluting FCC record and website soliciting feedback from the public.

Yesterday, FCC Commissioner Jessica Rosenworcel released the following press release:

"Upon receipt of a letter from New York Attorney General Eric Schneiderman stating that it now appears that two million Americans’ identities may have been misused in the FCC record and a separate letter from 18 State Attorneys General calling on the FCC to delay its net neutrality vote because of its “tainted” record, FCC Commissioner Jessica Rosenworcel released the following statement:

“This is crazy. Two million people have had their identities stolen in an effort to corrupt our public record. Nineteen State Attorneys General from across the country have asked us to delay this vote so they can investigate. And yet, in less than 24 hours we are scheduled to vote on wiping out our net neutrality protections. We should not vote on any item that is based on this corrupt record. I call on my colleagues to delay this vote so we can get to the bottom of this mess.” "

Despite the widespread identity theft and fraud, FCC Chairman Ajit Pai has maintained his position to proceed with a vote today to kill net neutrality protections for consumers. President Trump appointed Pai as FCC Chairman in January, giving the Republican commissioners a majority when voting. Pai has blown off the identity theft and fraud charges as maneuvers by desperate net neutrality advocates.

[Update at 2:20 pm EST: earlier today, the FCC commissioners voted along party lines to kill existing net neutrality rules protecting consumers.]


Was Your Identity Information Misused To Submit Fake Comments To The FCC About Net Neutrality?

After creating a webpage specifically to help New York State residents determine if their identifies were misued for net neutrality comments, Attorney General Schneiderman announced:

"In the last five days alone, over 3,200 people have reported misused identities to the Attorney General’s office, including nearly 350 New Yorkers from across the state. Attorney General Schneiderman urges New Yorkers to continue to check whether their identity was misused and report it to his office in order to inform the investigation."

The webpage automatically links to only net neutrality (Docket 17-108) comments with the U.S. Federal Communications Commission (FCC)  site. So, at least 3,200 persons have confirmed the misuse of their identity information by unknown persons (or bots) to pollute feedback by the public about net neutrality rules protecting consumers' broadband freedoms. You'd think that FCC Chairman Ajit Pai would be concerned about the pollution and fraud; and would delay the upcoming December 14th vote regarding net neutrality. But he's not and blew off the fake comments allegations, as explained in this earlier blog post.

You might think that Chairman Pai and the FCC would be concerned about pollution and fraud in feedback submitted to the FCC site, given the massive Equifax data breach in September which exposed the data elements (e.g., name, street addresses) criminals and fraudsters could easily use to submit fake comments.

This makes one wonder if the FCC can be trusted under Chairman Pai's leadership. Hopefully, Attorneys General in other states will provide similar webpages to help residents in their states... and not only for comments about net neutrality.

Being curious, I visited the webpage by AG Schneiderman. It instructed:

"The Office of the New York State Attorney General is investigating whether public comments regarding net neutrality rules wrongfully used New Yorkers’ identities without their consent. We encourage you to search the FCC’s public comment website and tell us if you see any comments that misuse your name and address.

First, search below to find any comments that may have misused your identity. If results appear, click on any comment that uses your name, and when the comment appears review the name, the address, and the comment text. (If no results appear, your identity most likely was not misused.)"

You don't need to be a New York State resident to use this online tool. My initial search produced 1,046, so I narrowed it by entering my name in quotations ("George Jenkins") for a more precise match. That second search produced 40 comments about net neutrality (e.g., Docket 17-108), a manageable number. I browsed the list which included my valid comment submitted during May, 2017.

I did not see any other comments using my name and address. That's good because I only submitted one comment. I noticed comments by persons with the same name in other states. That seems okay. It's reasonable to expect multiple persons with the same name in a country with a population of about 360 million people.

I did not check the addresses of the other persons with the same name. I realize that could easily hide synthetic ID-theft. In traditional synthetic ID-theft, criminals mix stolen (valid) Social Security numbers with other persons' names to avoid detection. In the ECFS comments system, one could enter valid names with fake addresses; or vice-versa. I hope that AG Schneiderman's fraud analysis also checks for both types of synthetic ID-theft: 1) fake names at real addresses, and 2) real names at fake addresses.

If I had found fraudulent entries, I would have notified AG Schneiderman, the Attorney General's office in the state where I live, and the FCC.

Did you check for misuse of your identity information? What did you find?


Governors and Federal Agencies Are Blocking Nearly 1,300 Accounts on Facebook and Twitter

[Editor's note: today's guest blog post, by the reporters at ProPublica, highlights a little-known practice by some elected officials to block their constituents on social networking sites. Today's post is reprinted with permission.]

By Leora Smith and Derek Kravitz - ProPublica

Amanda Farber still doesn’t know why Maryland Gov. Larry Hogan blocked her from his Facebook group. A resident of Bethesda and full-time parent and volunteer, Farber identifies as a Democrat but voted for the Republican Hogan in 2014. Farber says she doesn’t post on her representatives’ pages often. But earlier this year, she said she wrote on the governor’s Facebook page, asking him to oppose the Trump administration’s travel ban and health care proposal.

She never received a response. When she later returned to the page, she noticed her comment had been deleted. She also noticed she had been blocked from commenting. (She is still allowed to share the governor’s posts and messages.)

Farber has repeatedly emailed and called Hogan’s office, asking them to remove her from their blacklist. She remains blocked. According to documents ProPublica obtained through an open-records request this summer, hers is one of 494 accounts that Hogan blocks. Blocked accounts include a schoolteacher who criticized the governor’s education policies and a pastor who opposed the governor’s stance against accepting Syrian refugees. They even have their own Facebook group: Marylanders Blocked by Larry Hogan on Facebook.

Hogan’s office says they “diligently adhere” to their social media policy when deleting comments and blocking users.

In August, ProPublica filed public-records requests with every governor and 22 federal agencies, asking for lists of everyone blocked on their official Facebook and Twitter accounts. The responses we’ve received so far show that governors and agencies across the country are blocking at least 1,298 accounts. More than half of those — 652 accounts — are blocked by Kentucky Governor Matt Bevin, a Republican.

Four other Republican governors and four Democrats, as well as five federal agencies, block hundreds of others, according to their responses to our requests. Five Republican governors and three Democrats responded that they are not blocking any accounts at all. Many agencies and more than half of governors’ offices have not yet responded to our requests. Most of the blocked accounts appear to belong to humans but some could be “bots,” or automated accounts.

When the administrator of a public Facebook page or Twitter handle blocks an account, the blocked user can no longer comment on posts. That can create an inaccurate public image of support for government policies. (Here’s how you can dig into whether your elected officials are blocking constituents.)

ProPublica made the records requests and asked readers for their own examples after we detailed multiple instances of officials blocking constituents.

We heard from dozens of people. The governors’ offices in Alaska, Maine, Mississippi, Nebraska and New Jersey did not respond to our requests for records, but residents in each of those states reported being blocked. People were blocked after commenting on everything from marijuana legislation to Medicaid to a local green jobs bill.

For some, being blocked means losing one of few means to communicate with their elected representatives. Ann-Meredith McNeill, who lives in western rural Kentucky, told ProPublica that Bevin rarely visits anywhere near her. McNeill said she feels like “the internet is all I have” for interacting with the governor.

McNeill said she was blocked after criticizing Bevin’s position on abortion rights. (Last January, Bevin’s administration won a lawsuit that resulted in closing one of Kentucky’s two abortion clinics, the event that McNeill says inspired her comment.)

In response to questions about its social media blocking policies, Bevin’s office said in a statement that “a small number of users misuse [social media] outlets by posting obscene and abusive language or images, or repeated off-topic comments and spam. Constituents of all ages should be able to engage in civil discourse with Governor Bevin via his social media platforms without being subjected to vulgarity or abusive trolls.” McNeill told ProPublica, “I’m sure I got sassy” but she made “no threats or anything.”

Almost every federal agency that responded is blocking accounts. The Department of Veterans Affairs blocked 18 accounts as of July, but said most were originally blocked before 2014. The blocked accounts included a Michigan law firm specializing in auto accident cases and a Virginia real estate consultant who told ProPublica she had “no idea why” she was blocked. The Department of Energy blocked eight accounts as of October. The Department of Labor blocked seven accounts. And the Small Business Administration blocked two accounts, both of which were unverified and claimed to be affiliated with government loan programs.

Many governors and agencies gave us only partial lists or rejected our requests altogether. Outgoing Kansas Gov. Sam Brownback’s office told us they would not share their block lists due to “privacy concerns for those people whose names might appear on it.” Alabama declined to provide public records because our request did not come from an Alabama citizen.

Missouri Gov. Eric Greitens’ office declined to share records from his Facebook or Twitter accounts, arguing they are not “considered to be the ‘official’ social media accounts of the Governor of Missouri” because he created them before he took office.

Increased attention on the issue of blocking seems to be having an impact. In September, the California-based First Amendment Coalition revealed that California Governor Jerry Brown, a Democrat, had blocked more than 1,500 accounts until June, shortly before the organization submitted a request for his social media records.

At some point before fulfilling the coalition’s request, Brown’s office unblocked every account.

Vermont Gov. Phil Scott, a Republican, blocked the activist group Indivisible Vermont on Twitter on Aug. 25. On Aug. 28, Vermont reporter Taylor Dobbs submitted a request for the governor’s full blocked list, shortly after ProPublica’s similar request. Later that day, Scott unblocked the group and released a statement saying the account was “misconstrued as spam.”

Wisconsin Gov. Scott Walker’s office unblocked at least two Facebook users after receiving ProPublica’s request. Here are screenshots they sent us showing that the users have been unblocked:

In the last year, a series of legal claims have called into question the legality of government officials blocking constituents on social media.

At least one federal district court held that government officials who block constituents are violating their First Amendment rights.

Constituents have pending lawsuits against the governors of Kentucky, Maine, and Maryland, as well as Representative Paul Gosar, R-Ariz., and President Trump.

We asked the White House, which is not subject to open-records laws, to disclose the list of people Trump is blocking. Officials there have not responded.

Filed under:

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Photos: December 7 Demonstration In Boston To Keep Net Neutrality

Demonstrations occurred nationwide on December 7 to save net neutrality. Citizens took to the streets to keep our internet services open. About 200 persons attended the demonstration in Boston on Boylston Street. It was encouraging to meet several students from local universities participating in the event. They understand the issue and its seriousness. Several A.C.L.U. members also participated:

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4910

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4897

Boylston Street, Boston. December 7, 2017. Keep net neutrality. Image 4904

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4900

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4905

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4908

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4906

Browse photos from other demonstrations nationwide on December 7. Contact your elected officials in Congress, and learn about the next day of action on December 12, 2017. More resources:


Futurism: Your Life Without Net Neutrality Protections

Federal communications Commission logo You've probably heard that Ajit Pai, the Chairman of the U.S. Federal Communications Commission (FCC), is leading his agency towards a vote on December 14, 2017 to kill net neutrality. How will consumers' online lives change? Futurism described what your online life will be like without net neutrality:

"You’re at work and want to check Facebook on your lunch break to see how your sister is doing. This is not exactly a straightforward task, as your company uses Verizon. You’re not about to ask your boss if they’d consider putting up the extra cash every month so that you can access social media in the office, so you’ll have to wait until you get home.

That evening, you log in to pay your monthly internet bill — or rather, bills.

See, there’s the baseline internet cost, but without net neutrality, you also have to pay a separate monthly fee for social media, another for "leisure" pages like Reddit and Imgur, and another still for liberal-leaning news sites — because your provider’s CEO is politically conservative. Not only is your bill confusing, you’re not sure you can really afford to access all these websites that, at one point in time, you took for granted.

In addition to the sites you can access if you pay for them, there are also websites that have just become lost to you. Websites that you once frequented, but that now, you aren’t even sure how to access anymore. You can’t even pay to access them. You used to like reading strange Wikipedia articles late at night and cruising for odd documentaries — but now, all those interests that once entertained and educated you in your precious and minimal free time are either behind yet another separately provided paywall or blocked entirely. You’ve started to ask around, see if your friends or coworkers with other providers have better access... but the story is pretty much always the same."

Net neutrality meme highlighting blocked content. Click to view larger version In short, without net neutrality:

  1. You will lose the freedom to use the internet bandwidth you've purchased monthly as you desire;
  2. Corporate internet service providers (ISPs) increase their their revenues and profits by adding tolls to each package in a sliced-and-diced approach to internet content;
  3. Your internet bill will become just as confusing, frustrating, and expensive as your cable-TV bill, where ISPs force you to buy several expensive packages of sites in order to access your favorite sites;
  4. The new, expensive tolls allow ISPs to decide what internet content you see and don't see. Sites or content producers unwilling to pay fees to ISPs will find their content blocked or relegated to "slow" speed lanes; and
  5. Both middle-class and poor online users will bear the brunt of the price increases.

If you think this can't happen in the United States, consider:

"Some countries are already living this reality. In New Zealand, Vodafone offers mobile internet packages that are comprised of different types of services. You might have to pay a certain amount to access social apps like Snapchat and Instagram, and a separate fee to chat with friends via Facebook Messenger and iMessage. A similar framework is used by Portugal’s MEO, where messaging, social media, music streaming, video streaming, and email are also split into separate packages.

Long ago, FCC Chairman Pai made his position clear. Breitbart News reported on April 28, 2017:

"Federal Communications Commission (FCC) Chairman Ajit Pai told Breitbart News in an exclusive interview that an open and free internet is vital for America in the 21st century. During a speech at the Newseum on Wednesday, Pai said he plans to roll back the net-neutrality regulations and to restore the light-touch regulatory system established by President Bill Clinton and Congressional Republicans by the 1996 Telecommunications Act... Chairman Pai said during his speech that the internet prospered before net neutrality was enacted... Breitbart News asked the FCC chief why he thinks that net neutrality is a problem, and why we must eliminate the rule. He said: "Number one there was no problem to solve, the internet wasn’t broken in 2015. In that situation, it doesn’t seem me that preemptive market-wide regulation is necessary. Number two, even if there was a problem, this wasn’t the right solution to adopt. These Title II regulations were inspired during the Great Depression to regulate Ma Bell which was a telephone monopoly. And the broadband market we have is very different from the telephone market of 1934. So, it seems to me that if you have 4,462 internet service providers and if a few of them are behaving in a way that is anti-competitive or otherwise bad for consumer welfare then you take targeted action to deal with that. You don’t declare the entire market anti-competitive and treat everyone as if they are a monopolist. Going forward we are going to propose eliminating that Title II classification and figure out the right way forward. The bottom line is, everyone agrees on the principles of a free and open internet what we disagree with is how many regulations are needed to preserve the internet." "

Note the language. Pai uses "free and open internet" to refer to freedoms for ISPs to do what they want; a slick attempt to co-opt language net neutrality proponentsused for freedoms for consumers go online where they want without additional fees. Pai's "Light touch" means fewer regulations for ISPS regardless of the negative consequences upon consumers. Pai's comments in April attempted to spin existing net neutrality laws as antiquated ("the telephone market of 1934"), when, in fact, net neutrality was established recently... in 2010. Even the same Breitbart News article admitted this:

"Net neutrality passed under former Democrat Tom Wheeler’s FCC in 2010."

Pai's exaggerations and falsehoods are astounding. Plenty of bogus claims by Pai and net neutrality critics. In January of this year, President Donald Trump appointed Ajit Pai, a former lawyer with Verizon, as the FCC Chairman. Earlier this year, CNN reported:

"More than 1,000 startups and investors have now signed an open letter to Pai opposing the proposal. The Internet Association, a trade group representing bigger companies like Facebook, Google, and Amazon, has also condemned the plan. "The current FCC rules are working for consumers and the protections need to be kept in tact," Michael Beckerman, president and CEO of the Internet Association, said at a press conference Wednesday."

Regular readers of this blog are aware that more than "a few" ISPs committed abused consumers and content producers. (A prior blog post listed many historical problems and abuses of consumers by some ISPs.) Also, consider this: Pai made his net-neutrality position clear long before the public submitted comments to the FCC this past summer. Sounds like he never really intended to listen to comments from the public. Not very open minded.

As bad it all of this sounds, it's even worse. How? An FCC Commissioner, 28 U.S. senators, and the New York State Attorney General (AG) have lobbied FCC Chairman Pai to delay the net neutrality vote planned by the FCC on December 14, due to clear and convincing evidence of the massive fraud of comments submitted to the FCC's online commenting system.

In short, the FCC's online comments system is corrupted, hacked, and unreliable. The group (e.g., FCC commissioner, 28 Senators, and NY State AG) also objects to the elimination of net neutrality on the merits.

The fraud evidence is pretty damning, but Chairman Pai seems intent upon going ahead with a vote to kill net neutrality despite the comments fraud. Why? How? Ars Technica reported on December 4th:

"FCC Chairman Ajit Pai says that net neutrality rules aren't needed because the Federal Trade Commission can protect consumers from broadband providers... When contacted by Ars, Pai's office issued this statement in response to the [delay request] letter: "This is just evidence that supporters of heavy-handed Internet regulations are becoming more desperate by the day as their effort to defeat Chairman Pai's plan to restore Internet freedom has stalled. The vote will proceed as scheduled on December 14."

I find the whole process deeply disturbing. First, only 28 U.S. Senators seem concerned about the massive comments fraud. Why aren't all 100 concerned? Second, why aren't any House members concerned? Third, President Trump hasn't said anything about it. (This makes one wonder if POTUS45 either doesn't care consumers are hurt, or is asleep at the wheel.) Elected officials in positions of responsibility seem willing to ignore valid concerns.

Logo-verizon-protestsMany consumers are concerned, and protests to keep net neutrality are scheduled for later today outside Verizon stores nationwide. What do you think?


Lower Tax Rate And Fewer Deductions. Questionable Help For Middle Class Taxpayers

Yesterday, I received an alert from the professional that prepares my income taxes:

"Dear Clients,
I know that Congress has not yet finalized the new tax law, but it looks pretty certain that Certain Miscellaneous Deductions will no longer be allowed in 2018. If you want to know if that affects you, see if there is an entry on your Schedule A, Line 27 from 2016. If you take the standard deduction, then don’t worry about it. These deductions include expenses for using your car on the job, un-reimbursed overnight travel and meals, union dues, uniforms, tools, and job training/education.

Some of my clients have huge union dues (police officers, carpenters, electricians, etc.) and others have Second Job Travel or 10-30,000 miles a year in their sales jobs. Every one of you will be hurt by this change.

If there are any expenses you can pay in December, be sure to do that so you can save 15 - 25% on your federal taxes... maybe even more. For example, do you have the option of paying your annual union dues all at once in December? Were you planning to buy a computer used for your job sometime soon? Is there a job-related course... or some tools and supplies... that you can pay for in December rather than next year? Remember... every $100 that you pay in December will save you $15 to $33 in taxes when we meet in a couple months...”

If you haven't consulted with your tax advisor, then now seems to be a good time to do so. I am not an income tax professional, and this blog post is informational.

Many people return to school to get better, high-paying jobs, or as required by their profession. The tax code allows companies to deduct expenses for business and trade associations, so why prevent union members from doing so? It seems that taxpayers with plenty of miscellaneous deductions will be hurt more than persons with fewer or no deductions.

And Republicans are probably hoping that voters won't notice nor feel the pain until after the 2018 elections. President Trump and the Republications promised to help the middle class and poor with tax reform, but the above impacts don't seem helpful. The benefits of lower tax rates are offset by the lost deductions. To use an old saying, that seems like Congress and Republicans are giving taxpayers, "the sleeves off their vests."

You might say this is a "mugging" of many taxpayers. What are your opinions?


'Tens Of Thousands' Of Fake Comments Submitted. New York State Attorney General Demands Answers From the FCC

Just before the Thanksgiving holiday, the attorney general for the New York State sent an open letter to the U.S. Federal Communications Commission (FCC) about fake comments submitted to the agency's online comments system. Eric T. Schneiderman directed his letter to FCC Chairman Ajit Pai. It read in part:

"Recent press reports suggest that the Federal Communications Commission (FCC), under your leadership, soon will release rules to dismantle your agency’s existing “net neutrality” protections under Title II of the Communications Act, which shield the public from anti-consumer behaviors of the giant cable companies that provide high-speed internet to most people... Yet the process the FCC has employed to consider potentially sweeping alterations to current net neutrality rules has been corrupted by the fraudulent use of Americans’ identities — and the FCC has been unwilling to assist my office in our efforts to investigate this unlawful activity.

Specifically, for six months my office has been investigating who perpetrated a massive scheme to corrupt the FCC’s notice and comment process through the misuse of enormous numbers of real New Yorkers’ and other Americans’ identities. Such conduct likely violates state law— yet the FCC has refused multiple requests for crucial evidence in its sole possession that is vital to permit that law enforcement investigation to proceed.

In April 2017, the FCC announced that it would issue a Notice of Proposed Rulemaking concerning repeal of its existing net neutrality rules. Federal law requires the FCC and all federal agencies to take public comments on proposed rules into account — so it is important that the public comment process actually enable the voices of the millions of individuals and businesses who will be affected to be heard. That’s important no matter one’s position on net neutrality, environmental rules, and so many other areas in which federal agencies regulate.

In May 2017, researchers and reporters discovered that the FCC’s public comment process was being corrupted by the submission of enormous numbers of fake comments concerning the possible repeal of net neutrality rules. In doing so, the perpetrator or perpetrators attacked what is supposed to be an open public process by attempting to drown out and negate the views of the real people, businesses, and others who honestly commented on this important issue. Worse, while some of these fake comments used made up names and addresses, many misused the real names and addresses of actual people... My office analyzed the fake comments and found that tens of thousands of New Yorkers may have had their identities misused in this way... Impersonation and other misuse of a person’s identity violates New York law, so my office launched an investigation... So in June 2017, we contacted the FCC to request certain records related to its public comment system that were necessary to investigate which bad actor or actors were behind the misconduct. We made our request for logs and other records at least 9 times over 5 months: in June, July, August, September, October (three times), and November.

We reached out for assistance to multiple top FCC officials, including you, three successive acting FCC General Counsels, and the FCC’s Inspector General. We offered to keep the requested records confidential, as we had done when my office and the FCC shared information and documents as part of past investigative work. Yet we have received no substantive response to our investigative requests. None."

According to an analysis by the New York State AG's office, "tens of thousands" of fraudulent comment were submitted affecting residents not only in New York but also in California, Georgia, Missouri, Ohio, Pennsylvania, and Texas. Clearly, this is both very troubling and unacceptable.

The FCC is supposed to accept comments without tampering and to weigh comments submitted by the public (e.g., consumers, businesses, technology experts, legal experts, etc.) equally to arrive at a decision based upon the majority of comments. If a sizeable portion of the comments submitted were fraudulent, then any FCC decision to kill net neutrality is (at best) both flawed and in error; and (at worst) illegal and undermines both the process and the public's trust.

AG Schneiderman's letter to the FCC is also available on the Medium site. It is most puzzling that the FCC and Chairman Pai have refused data requests since June. What are they hiding? The FCC must balance often competing needs of consumers and industry.

Consumers are very concerned about plans by the FCC to kill net neutrality. Consumers are concerned that their internet needs are not being addressed by the FCC, and that our monthly broadband costs will rise. There is so much concerns that protests are scheduled for December 7th outside Verizon stores. Killing net neutrality may be great for telecom and providers' profits, but it's bad for consumers.

Clearly, the FCC should not make any decisions regarding net neutrality, or any other business, until the fake comments allegations have been answered and resolved. And, an investigation should happen soon. As AG Schneiderman wrote:

"We all have a powerful reason to hold accountable those who would steal Americans’ identities and assault the public’s right to be heard in government rulemaking. If law enforcement can’t investigate and (where appropriate) prosecute when it happens on this scale, the door is open for it to happen again and again."

Democracy and consumers lose if the FCC kills net neutrality. What do you think?


FCC Approved Plan To Allow Telecom Companies To Block Robocalls

Last week, commissioners at the U.S. Federal Communications Commission (FCC) voted to allow telecommunications companies to block automated phone calls, known as robocalls, by scammers.

Unwanted calls, including illegal robocalls, are a leading complaint by consumers. Some experts estimated that consumers in the United States received about 2.4 billion robocalls per month during 2016. Many tools make it cheap and easy to make for scammers to both make robocalls and to "spoof" -- or hide -- the caller’s true identity (e.g.,, Caller ID information). The robocalls usually try to trick consumers into revealing sensitive personal and financial information.

The FCC announcement stated that the agency:

"... approved new rules to protect consumers from unwanted robocalls, allowing phone companies to proactively block calls that are likely to be fraudulent because they come from certain types of phone numbers... For example, perpetrators have used IRS phone numbers that don’t dial out to impersonate the tax agency, informing the people who answer that they are calling to collect money owed to the U.S. government. Such calls appear to be legitimate to those who receive them and can result in fraud or identity theft.

To combat these scams, the new rules approved today expressly authorize voice service providers to block robocalls that appear to be from telephone numbers that do not or cannot make outgoing calls... [telecommunications companies] will be allowed to block calls purporting to be from a phone number placed on a “do not originate” list by the number’s subscriber. They will also be allowed to block calls purporting to be from invalid numbers, like those with area codes that don’t exist..."

Neighbor spoofing is a huge problem and part of the robocall fraud. FCC Chairman Ajit Pai released a statement, which said:

"... the FCC’s top consumer protection priority is aggressively pursuing the scourge of illegal robocalls.  This Report and Order and Further Notice of Proposed Rulemaking is one more step toward fulfilling that commitment... It is important to stress that today’s action is deregulatory in nature. We aren’t piling more rules upon industry. Instead, we’re providing relief from FCC rules that are having the perverse effect of facilitating unlawful and unwanted robocalls."

Pai's statement failed to mention exactly which rules facilitated unlawful and unwanted robocalls. President Trump appointed Pai as FCC Chairman in January.

While this latest FCC action will somewhat help consumers, it won't stop all robocalls. Why? Consumer Reports explained:

"... that only a small percentage of the calls will end up being blocked. David Frankel, a California-based telecommunications professional who has taken up the fight against robocalls, says his analysis of 3.5 million robocall complaints to the Federal Trade Commission shows that the new rules would block only 10 percent of robocalls, at best. And that would probably last for only a short period, he says, as robocallers no doubt change the techniques they use."

Commissioner Clyburn's comments acknowledged the limitations in her comments accompanying the FCC's announcement. Kudos to the agency for trying to help consumers. Hopefully, the FCC will do more for consumers especially since the agency under Chairman Pai's leadership has already hurt consumers by revoking broadband privacy rules, lowering broadband standards, and by moving to overturn net neutrality protections for consumers.

A final FCC vote to kill net neutrality is expected on December 14. Consumers want to decide how to use their high-speed internet connections to visit the sites they want to visit. Killing net neutrality would prevent this and allow internet service providers to create higher-cost "fast lanes" to some websites with "paid prioritization." That would be great for telecommunications companies' profits and bad for consumers with price increases; and internet bills as complicated and convoluted as cable TV bills.

Chairman Pai seems intent upon pleasing his corporate overlords while doing little to help consumers.


Why The IRS Gave Equifax A No-Bid Contract Extension

You've probably heard the news. The Internal Revenue Service (IRS) gave a no-bid contract to Equifax, even after knowing about the credit reporting agency's massive data breach and arguably lackadaisical data security approaches by management.

Why would the IRS do this? The contract's synopsis in the Federal Business Opportunities (FBO) site stated on September 30:

"This action was to establish an order for third party data services from Equifax to verify taxpayer identity and to assist in ongoing identity verification and validations needs of the Service. A sole source order is required to cover the timeframe needed to resolve the protest on contract TIRNO-17-Z-00024. This is considered a critical service that cannot lapse."

C/Net explained the decision and sequence of key events:

"The IRS already had enough trouble dealing with tax fraud, losing $5.8 billion to scammers in 2013... The contract, first reported by Politico,... describes the agreement as a "sole source order," calling Equifax's help a "critical service." When it comes to credit monitoring, there are really only three major names in the US: Equifax, Experian and TransUnion. Experian has also suffered a breach... The IRS actually awarded its authentication service contract to another company in July, Jeffrey Tribiano, the agency's deputy commissioner for operations support told members of Congress. Equifax protested losing the contract to the US Government Accountability Office on July 7, according to documents. The office will decide on the protest by October 16. Until then, the IRS could not move onto its new partner. That meant that when the IRS' old contract with Equifax was supposed to expire on Friday (Sept. 29), Tribiano said, millions of Americans would not have been able to verify their identity with the agency for more than two weeks."

Wow! So, the IRS was caught between a rock and a hard place... or "caught between a rock and a hacked place" as C/Net described. Apparently, consumers taxpayers are also caught.

Once again, another mess involving Equifax gives consumers that "I've been mugged" feeling.


Equifax: 2.5 Million More Persons Affected By Massive Data Breach

Equifax logo Equifax disclosed on Monday, October 2, that 2.5 more persons than originally announced were affected by its massive data breach earlier this year. According to the Equifax breach website:

"... cybersecurity firm Mandiant has completed the forensic portion of its investigation of the cybersecurity incident disclosed on September 7 to finalize the consumers potentially impacted... The completed review determined that approximately 2.5 million additional U.S. consumers were potentially impacted, for a total of 145.5 million. Mandiant did not identify any evidence of additional or new attacker activity or any access to new databases or tables. Instead, this additional population of consumers was confirmed during Mandiant’s completion of the remaining investigative tasks and quality assurance procedures built into the investigative process."

The September breach announcement said that persons outside the United States may have been affected. The October 2nd update addressed that, too:

"The completed review also has concluded that there is no evidence the attackers accessed databases located outside of the United States. With respect to potentially impacted Canadian citizens, the company previously had stated that there may have been up to 100,000 Canadian citizens impacted... The completed review subsequently determined that personal information of approximately 8,000 Canadian consumers was impacted. In addition, it also was determined that some of the consumers with affected credit cards announced in the company’s initial statement are Canadian. The company will mail written notice to all of the potentially impacted Canadian citizens."

So, things are worse than originally announced in September: more United States citizens affected, fewer Canadian citizens affected overall but more Canadians' credit card information exposed, and we still don't know the number of United Kingdom residents affected:

"The forensic investigation related to United Kingdom consumers has been completed and the resulting information is now being analyzed in the United Kingdom. Equifax is continuing discussions with regulators in the United Kingdom regarding the scope of the company’s consumer notifications...

And, there's this statement by Paulino do Rego Barros, Jr., the newly appointed interim CEO (after former CEO Richard Smith resigned):

"... As this important phase of our work is now completed, we continue to take numerous steps to review and enhance our cybersecurity practices. We also continue to work closely with our internal team and outside advisors to implement and accelerate long-term security improvements..."

To review? That means Equifax has not finished the job of making its systems and websites more secure with security fixes based upon how the attackers broke in, which identify attacks earlier, and which prevent future breaches. As bad as this sounds, the reality is probably worse.

After testimony before Congress by former Equifax CEO Richard Smith, Wired documented "six fresh horrors" about the breach and the leisurely approach by the credit reporting agency's executives. First, this about the former CEO:

"... during Tuesday's hearing, former CEO Smith added that he first heard about "suspicious activity" in a customer-dispute portal, where Equifax tracks customer complaints and efforts to correct mistakes in their credit reports, on July 31. He moved to hire cybersecurity experts from the law firm King & Spalding to start investigating the issue on August 2. Smith claimed that, at that time, there was no indication that any customer's personally identifying information had been compromised. As it turns out, after repeated questions from lawmakers, Smith admitted he never asked at the time whether PII being affected was even a possibility. Smith further testified that he didn't ask for a briefing about the "suspicious activity" until August 15, almost two weeks after the special investigation began and 18 days after the initial red flag."

Didn't ask about PII? Geez! PII describes the set of data elements which are the most sensitive information about consumers. It's the business of being a credit reporting agency. Waited 2 weeks for a briefing? Not good either. And, that is a most generous description since some experts question whether the breach actually started in March -- about four months before the July event.

Wired reported the following about Smith's Congressional testimony and the March breach:

"Attackers initially got into the affected customer-dispute portal through a vulnerability in the Apache Struts platform, an open-source web application service popular with corporate clients. Apache disclosed and patched the relevant vulnerability on March 6... Smith said there are two reasons the customer-dispute portal didn't receive that patch, known to be critical, in time to prevent the breach. The first excuse Smith gave was "human error." He says there was a particular (unnamed) individual who knew that the portal needed to be patched but failed to notify the appropriate IT team. Second, Smith blamed a scanning system used to spot this sort of oversight that did not identify the customer-dispute portal as vulnerable. Smith said forensic investigators are still looking into why the scanner failed."

Geez! Sounds like a managerial failure, too. Nobody followed up with the unnamed persons responsible for patching the portal? And Equifax executives took a leisurely (and perhaps lackadaisical) approach to protecting sensitive information about consumers:

"When asked by representative Adam Kinzinger of Illinois about what data Equifax encrypts in its systems, Smith admitted that the data compromised in the customer-dispute portal was stored in plaintext and would have been easily readable by attackers... It’s unclear exactly what of the pilfered data resided in the portal versus other parts of Equifax’s system, but it turns out that also didn’t matter much, given Equifax's attitude toward encryption overall. “OK, so this wasn’t [encrypted], but your core is?” Kinzinger asked. “Some, not all," Smith replied. "There are varying levels of security techniques that the team deploys in different environments around the business."

Geez! So, we now have confirmation that the "core" information -- the most sensitive data about consumers -- in Equifax's databases is only partially encrypted.

Context matters. In January of this year, the Consumer Financial Protection Bureau (CFPB) took punitive action against TransUnion and Equifax for deceptive marketing practices involving credit scores and related subscription services. That action included $23.1 million in fines and penalties.

Thanks to member of Congress for asking the tough questions. No thanks to Equifax executives for taking lackadaisical approaches to data security. (TransUnion, Innovis, and Experian executives: are you watching? Learning what mistakes not to repeat?) Equifax has lost my trust.

Until Equifax hardens its systems (I prefer NSA-level hardness), it shouldn't be entrusted with consumers' sensitive personal and payment information. Consumers should be able to totally opt out of credit reporting agencies that fail with data security. This would allow the marketplace to govern things and stop the corporate socialism benefiting credit reporting agencies.

What are your opinions?

[Editor's note: this post was amended on October 7 with information about the CFPB fines.]


FCC: You Really Don't Need High-Speed Internet Services

The U.S. Federal Communications Commission (FCC) seeks to lower key internet standards: the minimum download and upload speeds for services to qualify as high-speed internet (a/k/a broadband). What the heck you ask? Sadly, this is no joke.

First, some background. Section 706 of the Telecommunications Act requires the FCC to determine whether broadband services are deployed to all Americans in a reasonable and timely manner. In 2015, the FCC raised the standard after a 2015 report found that that broadband deployment wasn't keeping pace in the United States with its citizens needs nor with the rest of the planet:

"Congress directed us to evaluate annually "whether advanced telecommunications capability is being deployed to all Americans in a reasonable and timely fashion." For a service to be considered advanced, it must enable Americans "to originate and receive high-quality voice, data, graphics, and video telecommunications." We can no longer conclude that broadband at speeds of 4 megabits per second (Mbps) download and 1 Mbps upload (4 Mbps/1 Mbps)—a benchmark established in 2010 and relied on in the last three Reports—supports the “advanced” functions Congress identified. Trends in deployment and adoption, the speeds that providers are offering today, and the speeds required to use high-quality video, data, voice, and other broadband applications all point at a new benchmark. The average household has more than 2.5 people, and for family households, the average household size is as high as 4.3... we find that, having “advanced telecommunications capability” requires access to actual download speeds of at least 25 Mbps and actual upload speeds of at least 3 Mbps (25 Mbps/3 Mbps)... Although public- and private-sector initiatives continue to advance deployment, these advances are not occurring broadly enough or quickly enough. Recent data show that approximately 55 million Americans (17 percent) live in areas unserved by fixed 25 Mbps/3 Mbps broadband or higher service, and that gap closed only by three percentage points in the last year... Americans living in rural areas and on Tribal lands disproportionately lack access to broadband. Our data show that 25 Mbps/3 Mbps capability is unavailable to 8 percent of Americans living in urban areas, compared to 53 percent of Americans living in rural areas and 63 percent of Americans living on Tribal lands and in the U.S. Territories. The gap between those with and without access declined by only 2 percent in rural areas..."

Note: the FCC phrase "advanced telecommunications capability" equals broadband. The vote in 2015 by FCC commissioners to raise the standard was 3-2 along party lines. (Democrats held a majority.) Third, the FCC released a Fact Sheet on January 7, 2016 which (again) highlighted the broadband deployment shortfalls:

"While the nation continues to make progress in broadband deployment, advanced telecommunications capability is not being deployed in a reasonable and timely fashion to all Americans. Factors leading to this conclusion are as follows: a) Approximately 34 million Americans still lack access to fixed broadband at the FCC’s benchmark speed of 25 Mbps for downloads, 3 Mbps for uploads; b) A persistent urban-rural digital divide has left 39 percent of the rural population without access to fixed broadband. By comparison, only 4 percent living in urban areas lack access. 10 percent lack access nationwide; c) 41 percent of Tribal Lands residents lack access; d) 41 percent of schools have not met the Commission’s short-term goal of 100 Mbps per 1,000 students/staff. These schools educate 47 percent of the nation’s students... Internationally, the U.S. continues to lag behind a number of other developed nations, ranking 16th out of 34 countries."

16th place is not American excellence. Not even close. We can and should do much better. The Fact Sheet also concluded that everyone needs both fixed and mobile internet access:

"Fixed and mobile service offer distinct functions meeting both complementary and distinct needs: a) Fixed broadband offers high -speed, high-capacity connections capable of supporting bandwidth-intensive uses, such as streaming video, by multiple users in a household; b) But fixed broadband can’t provide consumers with the mobile Internet access required to support myriad needs outside the home and while working remotely.

Mobile devices provide access to the web while on the go, and are especially useful for real-time two-way interactions, mapping applications, and social media. But consumers who rely solely on mobile broadband tend to perform a more limited range of tasks and are significantly more likely to incur additional usage fees or forgo use of the Internet."

We all need fast, wired internet at home, at work, and in school. We all need fast, wireless internet when traveling on business, vacation, or working away from the office or school. Sensible.

On Thursday, Jessica Rosenworcel, one of the commissioners at the FCC, posted on Twitter:

What gives? Last month, the FCC filed a Notice of Inquiry (a/k/a "Inquiry Concerning Deployment of Advanced Telecommunications Capability to All Americans in a Reasonable and Timely Fashion" - document #17-109A1) which attempts to consolidate the fixed and mobile broadband speeds into a single standard:

"...We propose to incorporate both fixed and mobile advanced telecommunications services into our Section 706 inquiry... According to the Pew Research Center, the percentage of Americans subscribing to fixed broadband has reached an all-time high of approximately 73 percent. At the same time, 13 percent of Americans across all demographic groups are relying solely on smartphones for home internet access. Given that Americans use both fixed and mobile broadband technologies, we seek comment on whether we should evaluate the deployment of fixed and mobile broadband as separate and distinct ways to achieve advanced telecommunications capability... Alternatively, we seek comment on whether we should evaluate the deployment based on the presence of both fixed and mobile services... We seek comment on the appropriate benchmark for fixed advanced telecommunications capability. Should we maintain the 25 Mbps download, 3 Mbps upload (25 Mbps/3 Mbps) speed benchmark, and to apply it to all forms of fixed broadband?... The [FCC] has not previously set a mobile speed benchmark... Should the Commission set a mobile speed benchmark, and if so, what it should be? We anticipate that any speed benchmark we set would be lower than the 25 Mbps/3 Mbps benchmark adopted for fixed broadband services, given differing capabilities of mobile broadband... We seek comment on whether a mobile speed benchmark of 10 Mbps/1 Mbps is appropriate for mobile broadband services. Would a download speed benchmark higher or lower than 10 Mbps be appropriate for the purpose of assessing American consumers’ access to advanced telecommunications capability?"

A subsequent FCC document extended the comment period. The first deadline for the public -- you -- to submit comments ended Thursday, September 21, 2017. The next deadline for comments is October 6, 2017. You can still submit comments to the FCC until October 6 during the reply comment period (Filing 17-199).

To recap the decision: the FCC could use two different standards (one for fixed internet and a second for wireless internet), or go with a lower, lower standard which (supposedly) accommodates both.

Some readers are probably wondering: a lower broadband standard seems like taking the country backwards. During both the 2016 campaign and after entering office, President Trump promised to improve the country's crumbling infrastructure. Faster internet seems to be a pretty damn important part of the country's infrastructure. And, President Trump appointed Ajit Pai as the new Chairman at the FCC, which gave Republicans a majority of the voting commissioners.

Ars Technica reported:

"Democratic Commissioner Mignon Clyburn objected to parts of the Notice of Inquiry when it was released, saying that the home broadband speed standard should be raised and that mobile should not be considered a substitute for home Internet... Rosenworcel didn't make an official statement when the Notice of Inquiry was released because she wasn't on the commission at that time; she was sworn in for a new term just days later. She previously served on the FCC before a temporary departure caused by political haggling in the Senate."

Rosenworcel released a statement:

"... It’s time to dream big. This is the country that put a man on the moon. We invented the Internet. We can do audacious things — if we set big goals. So I believe we need big broadband goals... I am glad that last year we upped the ante and changed that threshold to 25 Megabits. I support the continued use of this standard today. But I think we need to go big and be bold. I think our new threshold should be 100 Megabits — and Gigabit speed should be in our sights. I believe anything short of goals like this shortchanges our children, our future, and our digital economy."

I agree with Rosenworcel. Moreover, the Pai-led FCC seems intent upon doing what corporate broadband services demand: roll back privacy, roll back net neutrality, and next a lower broadband standards. In 2015, Pai (then a commissioner) opposed the increase in standards.

The skeptic in me worries that a lower, slower standard allows corporate broadband providers to rely solely upon wireless to serve consumers and businesses -- especially those in rural areas. A single, lower standard allows broadband providers to take the foot off the gas pedal of building out the fixed broadband infrastructure -- the fiber-optic and other cabling we all use and need. In this scenario, consumers (yet again) take it on the chin with slower wireless speeds compared to a built-out fixed broadband infrastructure.

Those supporting a single, lower, slower broadband standard might as well yell: "We are number 16. Yeah!" What do you think?


Experts Say the Use of Private Email by Trump’s Voter Fraud Commission Isn’t Legal

[Editor's note: today's guest post is by the reporters at ProPublica. It is reprinted with permission.]

By Jessica Huseman, ProPublica

President Donald Trump’s voter fraud commission came under fire earlier this month when a lawsuit and media reports revealed that the commissioners were using private emails to conduct public business. Commission co-chair Kris Kobach confirmed this week that most of them continue to do so.

Experts say the commission’s email practices do not appear to comport with federal law. "The statute here is clear," said Jason R. Baron, a lawyer at Drinker Biddle and former director of litigation at the National Archives and Records Administration.

Essentially, Baron said, the commissioners have three options: 1. They can use a government email address; 2. They can use a private email address but copy every message to a government account; or 3. They can use a private email address and forward each message to a government account within 20 days. According to Baron, those are the requirements of the Presidential Records Act of 1978, which the commission must comply with under its charter.

"All written communications between or among its members involving commission business are permanent records destined to be preserved at the National Archives," said Baron. "Without specific guidance, commission members may not realize that their email communications about commission business constitute White House records."

ProPublica reviewed dozens of emails to and from members of the commission as well as written directives on records retention. The commissioners appear to have been given no instructions to use government email or copy or forward messages to a government account.

Commissioner Matthew Dunlap, the secretary of state for Maine, confirmed that he’d received no such directives. "That’s news to me," he said, when read the PRA provision governing emails. "I think it would be a little cleaner if I had a us.gov email account."

Dunlap’s account is disputed by Andrew Kossack, the executive director of the commission. Kossack said attorneys from the Government Services Administration provided training on the PRA before the commission’s first meeting on July 19. Kossack provided a copy of the PowerPoint presentation. However, the word "email" appears in only a single slide — with no mention of anything relating to the use of government email.

Notably, the commission did not receive any training in records retention until the July 19 meeting, even though the commission was formed in May and had been actively engaged in commission business.

Indeed, the commission had kicked into high gear on June 28, when it sent a letter to all 50 secretaries of state requesting publicly available voter rolls. The response was swift and negative, and commissioners began receiving a wave of messages from election officials and the public.

Despite this, the commissioners were offered no instructions then on how to preserve communications. Baron said such messages would presumptively be considered presidential records, and "the obligation to preserve such records would have arisen on day one."

In a statement, Kossack denied there is an obligation to provide commissioners with government email addresses. He maintained that the commission is required only to "preserve emails and other records related to work on commission matters, regardless of the forum on which the records are created or sent, which the commission and its members are doing."

After the commission’s most recent meeting, on Tuesday, Kobach confirmed that he plans to continue to use his personal Gmail account to conduct commission business. Using his Kansas secretary of state email address, he said, would be a "waste of state resources" as he’s acting as a private citizen on the commission and not in his role as secretary of state.

Dunlap has interpreted the requirements differently. He’s trying to ensure his state email account is used so that emails can be made available to constituents under Maine state law. Even this is a struggle, he said, asserting that commissioners continue to email him at his personal account despite multiple requests that they send email to his government account.

"I really don’t understand why they keep using my personal Gmail account instead of my official state email. But I’m saving everything!" Dunlap wrote to himself on August 7, when he forwarded a communication from the commission to his government address. He has, it appears, continued to immediately forward all emails sent to his personal address by the commission to his state address.

At ProPublica’s request, Dunlap shared every email he has received or sent relating to the commission. The majority went to personal email accounts.

At their recent meeting in New Hampshire, Kossack provided commissioners printed instructions on how to retain their own emails related to a lawsuit filed against the commission by the Lawyers Committee for Civil Rights Under Law.

Dunlap said these instructions are the only written set of instructions on records retention he recalls receiving. (The instructions leave records retention entirely to the discretion of each member of the commission, which Dunlap said concerns him.)

Past commissions with similar missions were not allowed such wide discretion. The Presidential Commission on Election Administration, formed by the Obama administration in March 2013, provided ethics and records retention training days after commissioners were nominated. Each commissioner was provided with a federal email address that automatically archived all messages. PCEA documents show extensive, specific instructions on records retention and compliance with FACA.

Richard Painter, who served as the George W. Bush administration’s chief ethics lawyer from 2005 to 2007, expressed shock that the current commission is being allowed to rely on personal email accounts (which are to be forwarded to Kossack at their discretion). "This is just sloppy," he said, adding that waiting more than two months to offer ethics training was just another sign that the Trump administration "doesn’t take ethics training seriously."

One footnote: Among the emails provided by Dunlap was a message from Carter Page, a former policy adviser to the Trump campaign who has reportedly attracted the attention of investigators probing the Russia imbroglio. Page sent an email on July 5 to three accounts associated with Kobach and cc’d Dunlap, New Hampshire Secretary of State Bill Gardner and Indiana Secretary of State Connie Lawson. In it, he implored the commission to investigate "the Obama administration’s misuse of federal resources of the Intelligence Community in their unjustified attacks on myself and other volunteers who peacefully supported [Trump’s] campaign as private citizens."

"The work of your commission offers an essential opportunity to take further steps toward helping to further restore the integrity of the American democracy following their abuses of last year," he wrote.

There is no evidence this email was forwarded to a federal email account. Page, Kossack and Kobach did not respond to requests for comment about the email.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


The Equifax Breach: Several Investigations Underway

The Office of the Attorney General (AG) for the State of Nevada announced yesterday an investigation into the Equifax data breach. About 143 million persons were affected. The announcement stated:

"The breach, which took place from mid-May through July of this year, neglected to keep important personal identifying information safe and allowed hackers to access names, Social Security numbers, birth dates, addresses and even some driver’s license numbers. As a result of this breach, approximately 209,000 individuals throughout the country are estimated to have had their credit card numbers stolen."

Nevada AG Adam Paul Laxalt said:

"As a part of my commitment to safeguard the identities and personal information of Nevadans, my office will be working diligently with other states to investigate the cause of the Equifax breach... I encourage Nevadans to contact Equifax to determine whether their data was compromised, and to consider taking additional steps to protect themselves."

The statement did not mention the other states the Nevada AG's Office is working with. Residents of Nevada should read the announcement which lists specific actions consumers in that state should take to protect themselves.

The Attorney General for the State of New York announced on September 8 both an investigation into the Equifax data breach and a consumer alert:

"Under New York law, businesses with New York customers are required to inform customers and the Attorney General’s Office about security breaches that have placed personal information in jeopardy. The Attorney General’s Office investigates data breaches to determine if customers were properly notified of the breach and if the entity had appropriate safeguards in place to protect customers’ data..."

The consumer alert portion of the announcement:

"1) Check your credit reports from Equifax, Experian, and TransUnion by visiting annualcreditreport.com. Accounts or activity that you do not recognize could indicate identity theft. This is a free service; 2) Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. It will not prevent a thief from using any of your existing accounts; 3) Monitor your existing credit card and bank accounts closely for unauthorized charges. Call the credit card company or bank immediately about any charges you do not recognize; and 4) Since Social Security numbers were affected, there is risk of tax fraud. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Consider filing your taxes early and pay close attention to correspondence from the IRS."

Annulacreditreport.com is the official site for free credit reports.  The U.S. Federal Trade Commission (FTC) issued new rules in 2010 which addressed consumer confusion in the marketplace about sites offering free credit reports. When using unofficial sites, some consumers found the "free" credit reports weren't truly free because they included expensive subscriptions to credit monitoring services.

On September 11, the New York AG's issued a warning about cyber attacks resulting from the Equifax breach:

"In addition to taking measures to protect their credit cards and bank accounts, New Yorkers should also think twice before clicking on any suspicious [e-mail] links claiming to be from Equifax or financial institutions... Hackers are resourceful criminals who are constantly looking to exploit any vulnerabilities... New Yorkers should be on the lookout for these possible attacks: a) Phishing emails that claim to be from Equifax where you can check if your data was compromised; b) Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information; c) Calls from scammers that claim they are from your bank or credit union..."

Also, the Los Angeles Times confirmed an investigation by the U.S. Federal Trade Commission (FTC):

"The FTC’s disclosure of an ongoing probe is highly unusual, underscoring the enormous stakes involved in the incident affecting what amounts to half the country."

The news report cited comments by Peter Kaplan, the agency’s acting director of public affairs. So far, little is known which aspects of the breach the FTC is investigating.

No doubt, there is more news to come.


What We Know -- And Don't Know -- About Hate Crimes in America

[Editor's Note: today's guest blog post explores the problem of hate crimes. Recent surveys about harassment found that what happens online often doesn't stay online. Hopefully, future reports by ProPublica will explore the linkages. Today's blog post is reprinted with permission.]

By Rachel Glickhouse, ProPublica

"Go home. We need Americans here!" white supremacist Jeremy Joseph Christian yelled at two black women -- one wearing a hijab -- on a train in Portland, Oregon, in May. According to news reports, when several commuters tried to intervene, he went on a rampage, stabbing three people. Two of them died.

If the fatal stabbing was the worst racist attack in Portland this year, it was by no means the only one. In March, Buzzfeed reported on hate incidents in Oregon and the state's long history as a haven for white supremacists. Some of the incidents they found were gathered by Documenting Hate, a collaborative journalism project we launched earlier this year.

Documenting Hate is an attempt to overcome the inadequate data collection on hate crimes and bias incidents in America. We've been compiling incident reports from civil-rights groups, as well as news reports, social media and law enforcement records. We've also asked people to tell us their personal stories of witnessing or being the victim of hate.

It's been about six months since the project launched. Since then, we've been joined by more than 100 newsrooms around the country. Together, we're verifying the incidents that have been reported to us -- and telling people's stories.

We've received thousands of reports, with more coming every day. They come from cities big and small, and from states blue and red. People have reported hate incidents from every part of their communities: in schools, on the road, at private businesses, in the workplace. ProPublica and our partners have produced more than 50 stories using the tips from the database, from New York to Seattle, Minneapolis to Phoenix. Some examples:

Univision, HuffPost, and The New York Times opinion section identified a common thread in the reports we've received in which people of color are harassed "Go back to your country." This type of harassment affects both immigrants and U.S. citizens alike, reporters found.

Several stories published by our partners focused on racial harassment on public transportation, using tips to illustrate something officials were also seeing. The New York City Commission on Human Rights observed a 480 percent increase in claims of discriminatory harassment between 2015 and 2016, according to The New York Times Opinion section. The Massachusetts Bay Transportation Authority recorded 24 cases of offensive graffiti through April, compared to 35 in all of last year, the Boston Globe found. Univision covered multiple incidents involving Latinos targeted in incidents on the New York City subway.

Combing through our database, Buzzfeed discovered there were dozens of reported incidents in K-12 schools in which students cited President Donald Trump's name or slogans to harass minority classmates. This echoed a pattern Univision had reported on: In November, the Teaching Tolerance project at the Southern Poverty Law Center received more than 10,000 responses to an educator survey indicating an uptick in anti-Semitic, anti-Muslim and anti-immigrant activity in schools.

Our local partners reported on how hate incidents affect communities across the country: anti-Semitic graffiti in Phoenix, Islamophobia in Minneapolis, racist vandalism and homophobic threats in Seattle, white supremacist activity at a California university, racist harassment and vandalism in Boston, racism in the workplace in New Orleans, and hate incidents throughout Florida.

There are a few questions for which answers continue to elude us: How many hate crimes happen each year, and why is the record keeping so inadequate?

The FBI, which is required to track hate crimes, counts between 5,000 and 6,000 of them annually. But the Bureau of Justice Statistics estimates the total is closer to 250,000. One explanation for the gap is that many victims -- more than half, according to a recent estimate -- don't report what happened to them to police.

Even if they do, law enforcement agencies aren't all required to report to the FBI, meaning their reports might never make it into the national tally. The federal government is hardly a model of best practices; many federal agencies don't report their data, either -- even though they're legally required to do so.

We'll spend the next six months continuing to tackle these questions and more. And we and our partners will keep working our way through the tips in our database, telling people's stories and doing our best to understand what's happening.

There are ways that you can help us move the project forward:

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Neighbor Spoofing: What It Is And The Best Way To Stop It

A friend recently posted on social media:

"I get five to seven phone calls daily from a 617-388-(random) number. I keep blocking them but new ones keep calling. My number is a 617-388- number. I've called a few back and they're actually people's personal mobile numbers. What is going on?! Anyone know how to stop it?"

This is neighbor spoofing... where robocallers pretend to be neighbors with familiar looking phone numbers. NPR explained neighbor spoofing is:

"... when callers disguise their real phone numbers with a fake phone number that has the same area code and prefix as yours. The idea is you might be more likely to pick up because maybe you're thinking, this call could be my neighbor or my kid's school, someone I know... Even the chairman of the Federal Communications Commission, Ajit Pai, cannot escape... The calls have gotten so aggravating to Pai, he is doubling down and making the fight against spoofers a top priority for the FCC. Robocalls and telemarketers are the No. 1 complaint the agency gets from the public. New technology has made spoofing easier to do and harder to detect. Last year, people received about 2.5 billion robocalls every month...this spring, the FCC started investigating ways to let phone carriers block calls from spoofers..."

The best solution is a system where phone companies authenticate callers. That would stop or block neighbor spoofing. Until then, the FCC is using deterrence. Back in June, the FCC proposed a $120 million fine against a habitual robocall scammer, Adrian Abramovich, based in Florida:

"Over the course of several years, Abramovich's companies disrupted emergency services, bilked vulnerable consumers out of thousands of dollars and hurt legitimate businesses, the FCC contends... TripAdvisor was deluged by consumer complaints about robocalls that the company had not initiated or authorized. After conducting an internal investigation, TripAdvisor determined that the offending calls were linked to a Mexican hotel and resort chain that had contracted with Abramovich for advertising services."

Consumers interested in something they could do might consider Nomorobo, which works (landline or mobile) with many service providers. Users of Apple and Andorid OS phones might investigate Hiya. Windows and BlackBerry phone users can check the CTIA Wireless Association's guide for free (or low-cost) mobile apps to block robocalls.

Robocalls from schools, physicians, airlines, and law enforcement are helpful, while robocalls from scammers aren't. The best solution -- true authentication -- can't come fast enough. Consumers and businesses are suffering.

While I don't wish anything bad on anyone, I am happy that FCC Chairmann Pai is also directly feeling the pain. Perhaps, now he knows how consumers feel. The loss of broadband privacy and Pai's push to kill net neutrality annoy consumers almost as much as neighbor spoofing.


The Bogus Claims By Broadband Providers And Their Allies About Net Neutrality

The Techdirt blog has called out -- in plain language -- the bogus claims and distortions by broadband providers about net neutrality rules. Techdirt reported:

"... one of AT&T, Comcast and Verizon's favorite bogus claims about net neutrality rules is that such consumer protections will somehow prevent the sick or disabled from getting the essential internet connectivity they need. For example, Verizon once tried to claim that the deaf and disabled would be harmed if large ISPs weren't allowed to create fast or slow lanes.. this claim that net neutrality rules somehow prevent ISPs from prioritizing essential medical technologies or other priority traffic has always been bullshit. The FCC's 2015 open internet rules (pdf) are embedded with numerous, significant caveats when it comes to creating fast and slow lanes... In fact, the existing rules go to great lengths to differentiate "Broadband Internet Access Service (BIAS),” (your e-mail, Netflix streams and other more ordinary traffic) from “Non-BIAS data services,” which can include everything from priority VoIP traffic to your heart monitor and other Telemedicine systems."

The U.S. Federal Communications Commission (FCC), led by Ajit Pai a former lawyer at Verizon, moved closer to eliminating net neutrality with a preliminary vote in May. For those who don't know or have forgotten, net neutrality is when consumers are in control -- consumers choose where to go online with the broadband they've purchased, and ISPs must treat all content equally. That means no blocking, no throttling, and no paid prioritization. Net neutrality means consumers stay in control of where they go online.

Without net neutrality, consumers lose the freedom of choice. ISPs will decide where consumers can go online, which sites you can visit, and which sites you can visit only if you pay more. ISPs will likely group web sites into tiers (e.g., slow vs. fast "lanes"), similar to premium cable-TV channels. Do you want your monthly internet bill as confusing, complicated, and expensive as your cable-TV bill? I don't, and I doubt you do either.

TechDirt highlighted other bogus claims:

... how net neutrality kills network investment) doesn't stop it from being circulated repeatedly by the army of politicians, think tankers, consultants, fauxcademics, and lobbyists paid to pee in the net neutrality discourse pool.

One of the core perpetrators of this myth is AT&T, which just scored a massive, lucrative $6.5 billion contract to build the nation's first, unified emergency first responder network: aka FirstNet... AT&T isn't worried about net neutrality rules harming medical services, since they've long-been exempted. AT&T's worried about one thing: any rules stopping it from abusing a lack of broadband competition to drive up prices and engage in anti-competitive behavior."

Back in May, the U.S. Federal Communications Commission (FCC) tmoved closer to eliminating net neutrality with a preliminary vote in May.

What can you do? Plenty. Now is the time for more concerned citizens to rise, speak up, and fight back. Write to your elected officials. Tell your friends, classmates, coworkers, and family members. Use this action form to contact your elected officials. Participate in local marches and protests. Join the Fight For The Future. Support the EFF.


National Parks: Buy Your Senior Pass Before the Price Hike

The U.S. National Park Service (NPS) is responsible for the care of the nation's parks. With 417 sites, its park system includes 129 historical parks or sites, 87 national monuments, 59 national parks, 25 battlefields or military parks, 19 preserves, 18 recreation areas, 10 seashores, four parkways, four lake shores, and two reserves. Last year, the NPS celebrated its 100th anniversary.

Visiting and camping within national parks are popular activities, especially during the summertime. More than 307 million persons visited the national park system during 2015. The NPS operates 879 visitor centers and contact stations. It employs more than 22,000 permanent, temporary, and seasonal workers. 440,000 volunteers assist those workers. Browse more NPS statistics (Adobe PDF), and the proposed 2018 budget to fix much deferred maintenance.

The NPS offers a variety of passes for frequent users and groups. Lifetime passes for seniors (age 62 or older) are a bargain since the pass holder can use it plus accompanying passengers is a single, private, non-commercial vehicle. The price of a senior pass will rise from $10.00 to $80.00 on August 28. For those counting, that is a 700 percent price increase!

U.S. citizens or permanent residents can buy passes. There are three ways to buy senior passes:

A $10.00 processing fee is charged for online and postal orders. Applicants must provide documentation proving citizenship and age. See the Frequently Asked Questions: Recreational Passes page (USGS site) for additional information, including forms of acceptable documentation. Within the parks and recreational sites, there may be additional fees for special services (e.g., camping, swimming, boat launch, specialized interpretive services). The senior pass may provide a 50 percent discount on these fees, but does not cover fees charged by concession stands.

Six agencies participate in the Interagency Pass Program: National Park Service, U.S. Forest Service, U.S. Fish and Wildlife Service, Bureau of Land Management, Bureau of Reclamation, and the U.S. Army Corps of Engineers. So, senior passes also provide access to other agencies' sites -- more than 2,000 sites in total.

Not a senior? Besides standard annual passes ($80.00 each), the NPS offers a variety of annual passes: free passes for military members and their dependents, passes for 4th grade students, free passes for persons with disabilities, and free passes for volunteers. To learn more, visit the NPS site and use its park search finder.

Want to buy your pass in person? Not all sites sell passes, so check this list of federal recreation sites that issue passes (Adobe PDF) for the site nearest to you.

I bought my senior pass as the Adams National Historic Park in Quincy, Massachusetts. The park includes the birthplaces of two presidents, the "summer White House," Stone Library, the Adams Carriage House, and 13 acres of a historic landscapes. Guided tours (April 19 - November 10) start at the visitor center (1250 Hancock Street, Quincy, MA), where senior, military, and 4th grade recreational passes can also be purchased in person.

National parks offer much to see and do. I've visited several national parks covering a wide variety of natural environments, scenery, and wildlife: Denali National Park, Glacier National Park, Grand Canyon National Park, Haleakala National Park, and Volcanoes National Park. Words and photos cannot express the beauty!

I want my grandchildren and great-grandchildren to be able to visit and see the natural wonders in our national parks. Have you visited a national park? Which is your favorite?


U.S. Treasury Department Fined ExxonMobil $2 Million For Sanction Violations

ExxonMobil logo On Thursday, the U.S. Department of the Treasury fined ExxonMobil Corporation $2 million for violations of sanctions while current Secretary of State Rex Tillerson was the company's Chief Executive Officer. The Office of Foreign Assets Control (OFAC) within the Treasury Department issued the fine. According to the announcement:

"Between on or about May 14, 2014 and on or about May 23, 2014, ExxonMobil violated § 589.201 of the Ukraine-Related Sanctions Regulations when the presidents of its U.S. subsidiaries dealt in services of an individual whose property and interests in property were blocked, namely, by signing eight legal documents related to oil and gas projects in Russia with Igor Sechin, the President of Rosneft OAO, and an individual identified on OFAC’s List of Specially Designated Nationals and Blocked Persons.

OFAC determined that ExxonMobil did not voluntarily self-disclose the violations to OFAC, and that the violations constitute an egregious case."

During March of 2014, Russia officially annexed Crimea, a peninsula in the Black Sea, from Ukraine. Moscow retaliated by banning nine U.S. officials and lawmakers from entering Russia. Then, President Obama ordered more sanctions against two-dozen members of Putin's inner circle and against Bank Rossiya, the Russian bank supporting them.

During August of 2014, Russian troops invaded eastern areas of Ukraine along the country's southeast coast. Reportedly, Russian troops fought with pro-Russia rebels against Ukrainian military.

 The Treasury Department released an "Enforcement Information for July 20, 2017" document which stated in part:

"... ExxonMobil did not voluntarily self-disclose the violations to OFAC and that the violations constitute an egregious case. Both the base civil monetary penalty and the statutory maximum civil monetary penalty amounts for the violations were $2,000,000. OFAC thoroughly considered the arguments ExxonMobil set forth in its submissions to OFAC, and the penalty amount reflects OFAC's consideration of the following facts and circumstances... OFAC considered the following to be aggravating factors: (1) ExxonMobil demonstrated reckless disregard for U.S. sanctions requirements when it failed to consider warning signs associated with dealing in the blocked services of an SDN; (2) ExxonMobil's senior-most executives knew of Sechin's status as an SDN when they dealt in the blocked services of Sechin; (3) ExxonMobil caused significant harm to the Ukraine-related sanctions program objectives by engaging the services of an SDN designated on the basis that he is an official of the Government of the Russian Federation contributing to the crisis in Ukraine; and (4) ExxonMobil is a sophisticated and experienced oil and gas company that has global operations and routinely deals in goods, services, and technology subject to U.S economic sanctions and U.S. export controls. OFAC considered the following to be a mitigating factor: ExxonMobil has not received a penalty notice or Finding of Violation from OFAC in the five years preceding the date of the first transaction giving rise to the violation..."

It seems that OFAC would have fined ExxonMobil more if it could have. During 2016, ExxonMobil generated sales revenues of $197.52 billion and net income of $7.84 billion. So, the company can easily afford this fine.

ExxonMobil issued a press release on July 20 which denied the violations and claimed that it had received clear guidance from the Treasury Department that the transactions were legal, "so long as the activity related to Rosneft’s business and not Sechin’s personal business." The press release also cited several news sources. You'd think that the company's executive would simply have gone straight to the source, the OFAC, and bypassed intermediaries.

The OFAC Enforcement Information document debunked the energy company's claim:

"ExxonMobil claims that it interpreted press statements as establishing a distinction between Sechin's "professional" and "personal" capacity, in part citing to a news article published in April 2014 that quoted a Department of the Treasury representative as saying that a U.S. person would not be prohibited from participating in a meeting of Rosneft' s board of directors. However, that brief statement did not address the conduct in this case.

Furthermore, the plain language of the Ukraine-Related Sanctions Regulations (which were issued after the Executive branch statements) and E.O. 13661 do not contain a "personal" versus "professional" distinction, and OFAC has neither interpreted its Regulations in that manner nor endorsed such a distinction. The press release statements provided context for the policy rationale surrounding the targeted approach during the early days of the Ukraine crisis, which was to isolate designated individuals who were targeted as a result of the crisis in Ukraine, rather than imposing blocking sanctions on the large companies that they managed. No materials issued by the White House or the Department of the Treasury asserted an exception or carve-out for the professional conduct of designated or blocked persons, nor did any materials suggest that U.S. persons could continue to conduct or engage in business with such individuals.

Separately, there was a Frequently Asked Question (FAQ) publicly available on the OFAC website at the time of the violations that specifically spoke to the conduct at issue in this case..."

The Enforcement Information document is available at the Treasury Department's website and here (Adobe PDF).

While at the Treasury Department's website, I noticed that the Treasury Notes blog stopped publishing on January 19, 2017 -- about the same time as the Presidential Inauguration. What's up with that? Does the Treasury Department, under the Trump Administration, believe that it is okay not to inform citizens, taxpayers, and voters?


CBP Responds To Senator's Query About Border Searches Of Returning Travelers' Devices

This has implications for all U.S. citizens returning to the country from international travel; business or vacation. An important exchange occurred recently between government officials about Fourth Amendment rights and protections, or the lack thereof, for citizens.

Earlier this year, U.S. Senator Ron Wyden (D-Oregon) sent a letter (Adobe PDF) asking the Department of Homeland Security (DHS), the parent agency of U.S. Customs & Border Protection (CBP), about CBP's detaining of citizens returning from international travel, and warrantless demands to access citizens' locked mobile devices. The Senator's letter read in part:

U.S. Department of Homeland Security logo "Dear Secretary Kelly,
I am alarmed by recent media reports of Americans being detained by CBP and pressured to give CBP agents access to their smartphone PIN numbers or otherwise provide access to locked devices. These reports are particularly troubling, particularly in light of your recent comments suggesting that CBP might begin demanding social media passwords from visitors to the United States. With those passwords, CBP may then be able to log into accounts and access data that they would only be able to get from Internet companies with a warrant. Circumventing the normal protections for such private information is simply unacceptable.

There are well-established rules governing how law enforcement agencies may obtain data from social media companies and email providers... In addition to violating the privacy and civil liberties of travelers, these digital dragnet border search practices weaken our national and economic security. Indiscriminate digital searches distract CBP from its core mission and needlessly divert agency resources away from those who truly threaten our nation. Likewise, if businesses fear their data can be seized when employees cross the border, they may reduce non-essential employee international travel, or deploy technical countermeasures..."

Senator Wyden's concerns focus upon the rights of companies and individuals to protect intellectual property, without which many businesses -- large, small, startups, and journalists -- cannot operate. Senator Wyden asked for a response from DHS by March 20, 2017 with answers to five questions (links added):

"1. What legal authority permits CBP to ask for, or demand, as a condition of entry, that a U.S. person disclose their social media or email password?
2. How is CBP use of a traveler's password to gain access to data stored in the cloud consistent with the Computer Fraud And Abuse Act?
3. What legal authority permits CBP to ask for, or demand, as a condition of entry, that a U.S. person turn over their device PIN or password to gain access to encrypted data? How are such demands consistent with the Fifth Amendment?
4. How many times in each calendar year 2012 - 2016 did CBP ask for, or demand, as a condition of entry, that a U.S. person disclose a smartphone or computer password, or otherwise provide access to a locked smartphone or computer? How many times has this occurred since January 20, 2017?
5. How many times in each calendar year 2012, 2013, 2014, 2015,and 2016 did CBP ask for, or demand, as a condition of entry, that a U.S. person disclose a social media or email account password, or otherwise provide CBP personnel access to data stored in an online account? How many times has this occurred since January 20, 2017?"

In April, Senator Wyden, with Senator Rand Paul (R-Kentucky), Representative Jared Polis (D-Colorado), and Representative Blake Farenthold (R-Texas) introduced the Protecting Data at the Border Act (PDBA) to ensure that U.S. citizens are not forced to endure indiscriminate and suspicion-less searches of their phones, laptops and other digital devices when crossing the United State's borders.

U.S. Customs and Border Protection logo On June 20, Kevin McAleenan, the Nominee for CBP Commissioner, responded to Senator's Wyden's letter. NBC News reported:

"U.S. border officers aren't allowed to look at any data stored only in the "cloud" — including social media data — when they search U.S. travelers' phones, Customs and Border Protection acknowledged in a letter obtained Wednesday by NBC News. The letter (PDF), sent in response to inquiries by Sen. Ron Wyden, D-Ore., and verified by Wyden's office, not only states that CBP doesn't search data stored only with remote cloud services, but also — apparently for the first time — declares that it doesn't have that authority in the first place... McAleenan's letter says officers can search a phone without consent and, except in very limited cases, without a warrant or even suspicion — but only for content that is saved directly to the device, like call histories, text messages, contacts, photos and videos... Travelers don't even have to unlock their devices or hand over their passwords when asked — but if they refuse, officers can "detain" the phone, McAleenan wrote."

When your phone or mobile device is detained, that means CBP agents keep it for a time before returning it to you. So, while you may enter the country fairly quickly, your seized device(s) may not. There are notable horror stories about travelers returning to the United States. It doesn't matter if the device is yours or your employer's.

McAleenan's letter did not answer questions #4 and #5 about search activity. Not good. In fact, the letter stated:

"DHS's May 9, 2017 letter stated that CBP did not have data responsive to this request."

Huh? This seems incredulous. Consider this scenario: a CBP agent detains a citizen's device(s) and inspects those devices (with or without the assistance of another federal agency). McAleenan's response would have us believe that the CBP doesn't have data documenting this event. This implies that the CBP either doesn't collect or doesn't maintain records of how its agents account for their time: when, where, why, the duration, which agents inspected, and types of devices inspected; nor when the detained device was ultimately returned to its owner. It also implies that the CBP doesn't have any records (e.g., doesn't know) about when, where, or the amount of data uploaded from detained devices and stored in CBP databases. This seems unbelievable and a huge managerial failure.

During my business career I had to submit and complete data into several online time-tracking systems; which tracked workers' time down to 15 minute intervals. Perhaps, it is appropriate to query the CBP about its time-tracking systems. Some ad hoc queries may yield responsive data.

Moreover, the CBP site contains and displays plenty of statistics about the agency's operations (e.g., staffing, sector performance, etc.) and enforcement (e.g., "inadmissibles," illegal aliens apprehended, arrests of wanted criminals, drug seizures, gang affiliated enforcement, etc.), but nothing about citizens detained for device searches nor the volume of passwords collected.

More about that in a few minutes. So, keep reading.

What to make of this? U.S. citizens have no Fourth Amendment rights when traveling across our borders. Not good. It doesn't matter whether you are law-abiding or not. Not good. Why? How? McAleenan's letter confirmed it:

"While 8 U.S.C. 1357 is an example of CBP's authority to conduct a search in the immigration context, CBP currently operates under a host of additional statutory authorities that more broadly provide that all persons, baggage, and merchandise arriving, or departing from, the United States are subject to search, inspection, and detention. See, e.g., 19 U.S.C. 1461; 1496; 1499. Those statutory Customs authorities are applicable to all travelers entering the United States, regardless of their citizenship.

"On this point, because CBP must determine the admissibility of both the traveler and his or her goods and baggage, even after a returning U.S. citizen has established their identity and U.S. citizenship, CBP may conduct a border search of the goods he or she is seeking to bring into the country to ensure that those goods are permitted to enter. In other words, because any traveler may be carrying an electronic device that contains evidence relating to offenses such as terrorism, illegal smuggling, child pornography, CBP's authority to search such a device at the border does not depend upon the citizenship of the traveler.

In the exceedingly rare instances when CBP seeks to conduct a border search of information in an electronic device -- which affects less than one-hundredth of one percent of travelers arriving to the United States because of a need to inspect that traveler's device. Therefore, although CBP may detain an arriving traveler's electronic device for further examination, in the limited circumstances when that is appropriate, CBP will not prevent a traveler who is confirmed to be a U.S. citizen from entering the country because of a need to conduct that additional examination..."

U.S. international travel statistics for Fiscal year 2016. The U.S. Customs and Border Protection. Click to view larger version Exceedingly rare? Perhaps on a percentage basis. We know from the CBP statistics page:

"CBP officers processed more than 390 million travelers at air, land, and sea ports of entry in FY2016, including more than 119 million travelers at air ports of entry..."

Some simple math using data supplied by the CBP: 0.01 percent X 390 million = 39,000 passengers during 2016 who have had their electronic devices detained and searched for information. Next, multiple that annual total by 10 or more years. The true total fast approaches half a million incidents.

Plus, the detainment and search rate may not be rare at all for frequent travelers. Some jobs require employees to travel frequently to international destinations.

Also, the above statement highlights the CBP approach: all travelers entering the country are presumed to be threats without any supporting data or evidence. No Fourth Amendment protections for U.S. citizens at our borders. Do you find this troubling? I hope that you do. Contact your elected representatives and demand that they support the Protecting Data at the Border Act.

A wise friend once said, "You just can't run away from the Fourth Amendment." I agree. What do you think?