481 posts categorized "Federal / U.S. Government" Feed

Bank Of New York Mellon Corporation Fined For 'Unsafe And Unsound' Practices

The Federal Reserve Board (FRB) announced on Tuesday that it had levied a $3 million fine against the Bank of New York Mellon Corporation (BNY Mellon) for "unsafe and unsound practices." The FRB announcement explained:

"In 2010, following a change in the relevant accounting rules, BNY Mellon consolidated a portfolio of collateralized loan obligations onto its balance sheet. BNY Mellon incorrectly assigned the assets a zero-risk weighting, which was improper under the rules in place at the time. As a result of its improper treatment of the portfolio BNY Mellon understated its reported risk-weighted assets and overstated its risk-based capital ratios for nearly 14 quarters."

When the errors were identified, BNY Mellon has since taken corrective action and is now in compliance. The Consent Order (Adobe PDF) dated June 26, 2017 stated:

"The Board of Governors hereby assesses BNY Mellon a civil money penalty in the amount of $3,000,000.00 which shall be paid upon the execution of this Order by Fedwire transfer of immediately available funds to the Federal Reserve Bank of Richmond... This penalty is a penalty paid to a government agency for a violation of law for purposes of 26 U.S.C. § 162(f) and 26 C.F.R. § 1.162-21. The Federal Reserve Bank of Richmond, on behalf of the Board of Governors, shall distribute this sum to the U.S. Department of the Treasury... Each provision of this Consent Penalty Assessment shall remain effective and enforceable until stayed, modified, terminated, or suspended in writing by the Board of Governors.

The Board of Governors hereby agrees not to initiate any further enforcement actions, including for civil money penalties, against BNY Mellon and its affiliates, successors, and assigns, with respect to the conduct that has been or might have been asserted by the Board of Governors described..."

Earlier this month, the FRB barred two former employees of Regions Bank from working within the banking industry, after both men -- Richard Henderson and Philip Cooper -- pled guilty to conspiracy to commit money laundering, and conspiracy to commit bank bribery and wire fraud. In late May, the FRB levied a $41 million penalty, plus a cease-and-desist order, against the U.S. operations of Deutsche Bank AG for anti-money laundering deficiencies.

BNY Mellon can easily afford this fine. In April, the bank reported first quarter earnings of $880 million on revenues of $3.84 billion. The bank has about $29 trillion in assets under custody and administration, and $1.6 trillion in assets under management.


Senator Warren Calls For the Firing Of All Wells Fargo Board Members

Wells Fargo logo In a letter sent Monday to the Federal Reserve Chair Janet Yellen, U.S. Senator Elizabeth Warren (D-Massachusetts) has called for the firing of all 12 board members at Wells Fargo bank for failing to adequately protect accountholders. CNBC reported first the Senator's letter, which read in part:

"The fake accounts scandal cost Wells Fargo customers millions of dollars in unauthorized fees and damaged many of their credit scores," the senator wrote. "The scandal also revealed severe problems with the bank's risk management practices — problems that justify the Federal Reserve's removal of all responsible Board members."

After implementing sales targets and an incentive program, many of the bank's employees secretly opened new accounts and transferred money from other accounts to fund the new accounts -- all without the customers' knowledge nor consent. In some cases, employees applied for credit cards, created PIN numbers, and operated fake e-mail accounts in customers' names.

The Consumer Financial Protection Bureau (CFPB) announced in September, 2016 the consent order with the bank. As a result of the fake-account scandal, the bank paid about $185 million in fines and fired 5,300 lower-level employees for setting up 2 million bogus accounts. Few or no senior executives have been punished.

Many Republicans and President Trump seek to defund and shut down the CFPB.

During October, 2016 Timothy J. Sloan was elected chief executive officer at Wells Fargo bank after the former CEO, John Stumpf, retired. Sloan also joined the board of directors as a member.

CNN Money reported:

"... Wells Fargo suffered from inadequate risk management systems that should have flagged the illegal activity earlier. Shareholder advisory firm Institutional Shareholder Services (ISS) agrees. ISS argued the Wells Fargo board made the scandal worse by failing to provide oversight that could have limited the damage..."

In her letter, Senator Warren urged the Federal Reserve to act:

"I urge you to use the tools Congress has given you to remove the responsible board members and protect the continued safety and soundness of one of the country's largest banks..."

Reportedly, the Senator's letter mentioned the following Wells Fargo board members: John D. Baker II, John S. Chen, Lloyd H. Dean, Elizabeth A. Duke, Enrique Hernandez, Donald M. James, Cynthia H. Milligan, Federico F. Pena, James H. Quigley, Stephen W. Sanger, Susan G. Swenson, and Suzanne M. Vautrinot.

Some banking experts see the demand as unprecedented and unlikely. All of the bank's board members were re-elected during the annual shareholder meeting in April , 2017. Also during April, the bank announced an expansion of its class-action settlement agreements for its retail sales practices. The expansion covered account holders affected as early as May, 2002 by the bogus new account scandal, and added $32 million to the settlement amount total.


Trump Administration Quietly Rolls Back Civil Rights Efforts Across Federal Government

[Editor's Note: today's guest blog post is by the reporters at ProPublica. Consent decrees are an important oversight tool to ensure corporate responsibility after wrongdoing. Today's post is reprinted with permission.]

By Jessica Huseman and Annie Waldman, ProPublica

Department of Justice logo For decades, the Department of Justice has used court-enforced agreements to protect civil rights, successfully desegregating school systems, reforming police departments, ensuring access for the disabled and defending the religious.

Now, under Attorney General Jeff Sessions, the DOJ appears to be turning away from this storied tool, called consent decrees. Top officials in the DOJ civil rights division have issued verbal instructions through the ranks to seek settlements without consent decrees -- which would result in no continuing court oversight.

The move is just one part of a move by the Trump administration to limit federal civil rights enforcement. Other departments have scaled back the power of their internal divisions that monitor such abuses. In a previously unreported development, the Education Department last week reversed an Obama-era reform that broadened the agency's approach to protecting rights of students. The Labor Department and the Environmental Protection Agency have also announced sweeping cuts to their enforcement.

"At best, this administration believes that civil rights enforcement is superfluous and can be easily cut. At worst, it really is part of a systematic agenda to roll back civil rights," said Vanita Gupta, the former acting head of the DOJ's civil rights division under President Barack Obama.

Consent decrees have not been abandoned entirely by the DOJ, a person with knowledge of the instructions said. Instead, there is a presumption against their use -- attorneys should default to using settlements without court oversight unless there is an unavoidable reason for a consent decree. The instructions came from the civil rights division's office of acting Assistant Attorney General Tom Wheeler and Deputy Assistant Attorney General John Gore. There is no written policy guidance.

Devin O'Malley, a spokesperson for the DOJ, declined to comment for this story.

Consent decrees can be a powerful tool, and spell out specific steps that must be taken to remedy the harm. These are agreed to by both parties and signed off on by a judge, whom the parties can appear before again if the terms are not being met. Though critics say the DOJ sometimes does not enforce consent decrees well enough, they are more powerful than settlements that aren't overseen by a judge and have no built-in enforcement mechanism.

Such settlements have "far fewer teeth to ensure adequate enforcement," Gupta said.

Consent decrees often require agencies or municipalities to take expensive steps toward reform. Local leaders and agency heads then can point to the binding court authority when requesting budget increases to ensure reforms. Without consent decrees, many localities or government departments would simply never make such comprehensive changes, said William Yeomans, who spent 26 years at the DOJ, mostly in the civil rights division.

"They are key to civil rights enforcement," he said. "That's why Sessions and his ilk don't like them."

Some, however, believe the Obama administration relied on consent decrees too often and sometimes took advantage of vulnerable cities unable to effectively defend themselves against a well-resourced DOJ.

"I think a recalibration would be welcome," said Richard Epstein, a professor at New York University School of Law and a fellow at the Hoover Institution at Stanford, adding that consent decrees should be used in cases where clear, systemic issues of discrimination exist.

Though it's too early to see how widespread the effect of the changes will be, the Justice Department appears to be adhering to the directive already.

On May 30, the DOJ announced Bernards Township in New Jersey had agreed to pay $3.25 million to settle an accusation it denied zoning approval for a local Islamic group to build a mosque. Staff attorneys at the U.S. attorney's office in New Jersey initially sought to resolve the case with a consent decree, according to a spokesperson for Bernards Township. But because of the DOJ's new stance, the terms were changed after the township protested, according to a person familiar with the matter. A spokesperson for the New Jersey U.S. attorney's office declined comment.

Sessions has long been a public critic of consent decrees. As a senator, he wrote they "constitute an end run around the democratic process." He lambasted local agencies that seek them out as a way to inflate their budgets, a "particularly offensive" use of consent decrees that took decision-making power from legislatures.

On March 31, Sessions ordered a sweeping review of all consent decrees with troubled police departments nationwide to ensure they were in line with the Trump administration's law-and-order goals. Days before, the DOJ had asked a judge to postpone a hearing on a consent decree with the Baltimore Police Department that had been arranged during the last days of the Obama administration. The judge denied that request, and the consent decree has moved forward.

The DOJ has already come under fire from critics for altering its approach to voting rights cases. After nearly six years of litigation over Texas' voter ID law -- which Obama DOJ attorneys said was written to intentionally discriminate against minority voters and had such a discriminatory effect -- the Trump DOJ abruptly withdrew its intent claims in late February.

Attorneys who worked on the case for years were barely consulted about the change -- many weren't consulted at all, according to two former DOJ officials with knowledge of the matter. Gore wrote the filing changing the DOJ's position largely by himself and asked the attorneys who'd been involved in the case for years to sign it to show continuity. Not all of the attorneys fell in line. Avner Shapiro -- who has been a prosecutor in the civil rights division for more than 20 years -- left his name off the filings written by Gore. Shapiro was particularly involved in developing the DOJ's argument that Texas had intentionally discriminated against minorities in crafting its voter ID legislation.

"That's the ultimate act of rebellion," Yeomans, the former civil rights division prosecutor, said. A rare act, removing one's name from a legal filing is one of the few ways career attorneys can express public disagreement with an administration.

Gore has no history of bringing civil rights cases. A former partner at the law firm Jones Day, he has instead defended states against claims of racial gerrymandering and represented North Carolina when the state was sued over its controversial "bathroom bill," which requires transgender people to use the facility that matched their birth gender.

All of the internal changes at the DOJ have left attorneys and staff with "a great deal of fear and uncertainty," said Yeomans. While he says the lawyers there would like to stay at the department, they fear Sessions' priorities will have devastating impact on their work.

The DOJ's civil rights office is not alone in fearing rollbacks in enforcement. Across federal departments, the Trump administration has made moves to diminish the power of civil rights divisions.

U.S. Department of Education logo The Department of Education has laid out plans to loosen requirements on investigations into civil rights complaints, according to an internal memo sent to staff on June 8 and obtained by ProPublica.

Under the Obama administration, the department's office for civil rights applied an expansive approach to investigations. Individual complaints related to complex issues such as school discipline, sexual violence and harassment, equal access to educational resources, or racism at a single school might have prompted broader probes to determine whether the allegations were part of a pattern of discrimination or harassment.

The new memo, sent by Candice Jackson, the acting assistant secretary for civil rights, to regional directors at the department's civil rights office, trims this approach. Jackson was appointed deputy assistant secretary for the office in April and will remain as the acting head of the office until the Senate confirms a full-time assistant secretary. Trump has not publicly nominated anyone for the role yet.

The office will apply the broader approach "only" if the original allegations raise systemic concerns or the investigative team argues for it, Jackson wrote in the memo.

As part of the new approach, the Education Department will no longer require civil rights investigators to obtain three years of complaint data from a specific school or district to assess compliance with civil rights law.

Critics contend the Obama administration's probes were onerous. The office "did such a thorough review of everything that the investigations were demanding and very expensive" for schools, said Boston College American politics professor R. Shep Melnick, adding that the new approach could take some regulatory pressure off schools and districts.

But some civil rights leaders believe the change could undermine the office's mission. This narrowing of the department's investigations "is stunning to me and dangerous," said Catherine Lhamon, who led the Education Department's civil rights office from August 2013 until January 2017 and currently chairs the United States Commission on Civil Rights. "It's important to take an expansive view of the potential for harm because if you look only at the most recent year, you won't necessarily see the pattern," said Lhamon.

The department's new directive also gives more autonomy to regional offices, no longer requiring oversight or review of some cases by department headquarters, according to the memo.

The Education Department did not respond to ProPublica's request for comment.

Education Secretary Betsy DeVos has also proposed cutting over 40 positions from the civil rights office. With reduced staff, the office will have to "make difficult choices, including cutting back on initiating proactive investigations," according to the department's proposed budget.

Elsewhere, Trump administration appointees have launched similar initiatives. In its 2018 fiscal plan, the Labor Department has proposed dissolving the office that handles discrimination complaints. Similarly, new leadership at the Environmental Protection Agency has proposed entirely eliminating the environmental justice program, which addresses concerns that almost exclusively impact minority communities. The Washington Post reports the plan transfers all environmental justice work to the Office of Policy, which provides policy and regulatory guidance across the agency.

Mustafa Ali, a former EPA senior adviser and assistant associate administrator for environmental justice who served more than 20 years, quit the agency in protest days before the plan was announced. In his resignation letter, widely circulated in the media, Ali suggested the new leadership was abandoning "those who need our help most."

Ryan Gabrielson contributed to this report.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Trump Is Not the Only One Blocking Constituents on Twitter

[Editor's note: today's guest blog post, by the reporters at ProPublica, explores the emerging debate about whether the appropriate, perhaps ethical, use of social media by publicly elected officials and persons campaigning for office. Should they be able to block constituents posting views they dislike or disagree with? Is it really public speech on a privately-run social networking sites? Would you vote for person who blocks constituents? Do companies operating social networking site have a responsibility in this? Today's post is reprinted with permission.]

by Charles Ornstein, ProPublica

As President Donald Trump faces criticism for blocking users on his Twitter account, people across the country say they, too, have been cut off by elected officials at all levels of government after voicing dissent on social media.

In Arizona, a disabled Army veteran grew so angry when her congressman blocked her and others from posting dissenting views on his Facebook page that she began delivering actual blocks to his office.

A central Texas congressman has barred so many constituents on Twitter that a local activist group has begun selling T-shirts complaining about it.

And in Kentucky, the Democratic Party is using a hashtag, #BevinBlocked, to track those who've been blocked on social media by Republican Gov. Matt Bevin. (Most of the officials blocking constituents appear to be Republican.)

The growing combat over social media is igniting a new-age legal debate over whether losing this form of access to public officials violates constituents' First Amendment rights to free speech and to petition the government for a redress of grievances. Those who've been blocked say it's akin to being thrown out of a town hall meeting for holding up a protest sign.

On Tuesday, the Knight First Amendment Institute at Columbia University called upon Trump to unblock people who've disagreed with him or directed criticism at him or his family via the @realdonaldtrump account, which he used prior to becoming president and continues to use as his principal Twitter outlet.

Trump blocked me after this tweet.Let's all hope the courts continue to protect us. Never stop resisting. pic.twitter.com/TlR4zgHCoU

-- Nick Jack Pappas (@Pappiness) June 5, 2017

"Though the architects of the Constitution surely didn't contemplate presidential Twitter accounts, they understood that the president must not be allowed to banish views from public discourse simply because he finds them objectionable," Jameel Jaffer, the Knight Institute's executive director, said in a statement.

The White House did not respond to a request for comment, but press secretary Sean Spicer said earlier Tuesday that statements the president makes on Twitter should be regarded as official statements.

Similar flare-ups have been playing out in state after state.

Earlier this year, the American Civil Liberties Union of Maryland called on Governor Larry Hogan, a Republican, to stop deleting critical comments and barring people from commenting on his Facebook page. (The Washington Post reported that the governor had blocked 450 people as of February.)

Deborah Jeon, the ACLU's legal director, said Hogan and other elected officials are increasingly foregoing town hall meetings and instead relying on social media as their primary means of communication with constituents. "That's why it's so problematic," she said. "If people are silenced in that medium," they can't effectively interact with their elected representative.

The governor's office did not respond to a request for comment this week. After the letter, however, it reinstated six of the seven people specifically identified by the ACLU (it said it couldn't find the seventh). "While the ACLU should be focusing on much more important activities than monitoring the governor's Facebook page, we appreciated them identifying a handful of individuals -- out of the over 1 million weekly viewers of the page -- that may have been inadvertently denied access," a spokeswoman for the governor told the Post.

Practically speaking, being blocked cuts off constituents from many forms of interacting with public officials. On Facebook, it means no posts, no likes and no questions or comments during live events on the page of the blocker. Even older posts that may not be offensive are taken down. On Twitter, being blocked prevents a user from seeing the other person's tweets on his or her timeline.

Moreover, while Twitter and Facebook themselves usually suspend account holders only temporarily for breaking rules, many elected officials don't have established policies for constituents who want to be reinstated. Sometimes a call is enough to reverse it, other times it's not.

Eugene Volokh, a constitutional law professor at the UCLA School of Law, said that for municipalities and public agencies, such as police departments, social media accounts would generally be considered "limited public forums" and therefore, should be open to all.

"Once they open it up to public comments, they can't then impose viewpoint-based restrictions on it," he said, for instance allowing only supportive comments while deleting critical ones.

But legislators are different because they are people. Elected officials can have personal accounts, campaign accounts and officeholder accounts that may appear quite similar. On their personal and campaign accounts, there's little disagreement that officials can engage with -- or block -- whoever they want. Last month, for instance, ProPublica reported how Rep. Peter King (Republican, New York) blocked users on his campaign account after they criticized his positions on health reform and other issues.

But what about their officeholder social media accounts?

The ACLU's Jeon says that they should be public if they use government resources, including staff time and office equipment to maintain the page. "Where that's the situation and taxpayer resources are going to it, then the full power of the First Amendment applies," she said. "It doesn't matter if they're members of Congress or the governor or a local councilperson."

Volokh of UCLA disagreed. He said that members of Congress are entitled to their own private speech, even on official pages. That's because each is one voice among many, as opposed to a governor or mayor. "It's clear that whatever my senator is, she's not the government. She is one person who is part of a legislative body," he said. "She was elected because she has her own views and it makes sense that if she has a Twitter feed or a Facebook page, that may well be seen as not government speech but the voice of somebody who may be a government official."

Volokh said he's inclined to see Trump's @realdonaldtrump account as a personal one, though other legal experts disagree.

"You could imagine actually some other president running this kind of account in a way that's very public minded -- 'I'm just going to express the views of the executive branch,'" he said. "The @realdonaldtrump account is very much, 'I'm Donald Trump. I'm going to be expressing my views, and if you don't like it, too bad for you.' That sounds like private speech, even done by a government official on government property."

It's possible the fight over the president's Twitter account will end up in court, as such disputes have across the country. Generally, in these situations, the people contesting the government's social media policies have reached settlements ending the questionable practices.

After being sued by the ACLU, three cities in Indiana agreed last year to change their policies by no longer blocking users or deleting comments.

In 2014, a federal judge ordered the City and County of Honolulu to pay $31,000 in attorney's fees to people who sued, contending that the Honolulu Police Department violated their constitutional rights by deleting their critical Facebook posts.

And San Diego County agreed to pay the attorney's fees of a gun parts dealer who sued after its Sheriff's Department deleted two Facebook posts that were critical of the sheriff and banned the dealer from commenting. The department took down its Facebook page after being sued and paid the dealer $20 as part of the settlement.

Angela Greben, a California paralegal, has spent the past two years gathering information about agencies and politicians that have blocked people on social media -- Democrats and Republican alike -- filing ethics complaints and even a lawsuit against the city of San Mateo, California, its mayor and police department. (They settled with her, giving her some of what she wanted.)

Greben has filed numerous public-records requests to agencies as varied as the Transportation Security Administration, the Seattle Police Department and the Connecticut Lottery seeking lists of people they block. She's posted the results online.

"It shouldn't be up to the elected official to decide who can tweet them and who can't," she said. "Everybody deserves to be treated equally and fairly under the law."

Even though she lives in California, Greben recently filed an ethics complaint against Atlanta Mayor Kasim Reed, a Democrat, who has been criticized for blocking not only constituents but also journalists who cover him. Reed has blocked Greben since 2015 when she tweeted about him... well, blocking people on Twitter. "He's notorious for blocking and muting people," she said, meaning he can't see their tweets but they can still see his.

@LizLemeryJoy @KasimReed Mr. Mayor you are violating the #civilrights of all you have #blocked! @Georgia_AG @FOX5Atlanta @11AliveNews

-- Angela Greben (@AngelaGreben) March 7, 2015

In a statement, a city spokeswoman defended the mayor, saying he's now among the top five most-followed mayors in the country. "Mayor Reed uses social media as a personal platform to engage directly with constituents and some journalists. 2026 Like all Twitter users, Mayor Reed has the right to stop engaging in conversations when he determines they are unproductive, intentionally inflammatory, dishonest and/or misleading."

Asked how many people he has blocked, she replied that the office doesn't keep such a list.

J'aime Morgaine, the Arizona veteran who delivered blocks to the office of Rep. Paul Gosar, a Republican, said being blocked on Facebook matters because her representative no longer hosts in-person town hall meetings and has started to answer questions on Facebook Live. Now she can't ask questions or leave comments.

"I have lost and other people who have been blocked have lost our right to participate in the democratic process," said Morgaine, leader of Indivisible Kingman, a group that opposes the president's agenda. "I am outraged that my congressman is blocking my voice and trampling upon my constitutional rights."

@RepGosar ..You weren't home when I delivered this message to your office, but no worries...there WILL be more!Stop BLOCKING Constituents! pic.twitter.com/JTWGQwhxKt

-- Indivisible Kingman (@IndivisibleCD4) May 13, 2017

Morgaine said the rules are not being applied equally. "They're not blocking everybody who's angry," she said. "They're blocking the voices of dissent, and there's no process for getting unblocked. There's no appeals process. There's no accountability."

A spokeswoman for Gosar defended his decision to block constituents but did not answer a question about how many have been blocked.

"Congressman Gosar's policy has been consistent since taking office in January 2010," spokeswoman Kelly Roberson said in an email. "In short: 2018Users whose comments or posts consist of profanity, hate speech, personal attacks, homophobia or Islamophobia may be banned.'"

On his Facebook page, Gosar posts the policy that guides his actions. It says in part, "Users are banned to promote healthy, civil dialogue on this page but are welcome to contact Congressman Gosar using other methods," including phone calls, emails and letters.

Sometimes, users are blocked repeatedly.

Community volunteer Gayle Lacy was named 2015 Wacoan of the Year for her effort to have the site of mammoth fossils in Waco, Texas, designated a national monument. Lacy's latest fight has been with her congressman, Bill Flores, who was with her in the Oval Office when Obama designated the site a national monument in 2015. She has been blocked three times by Flores' congressional Twitter account and once by his campaign account. One of those blocks happened after she tweeted at him: "My father died in service for this country, but you are not representative of that country and neither is your dear leader."

Lacy said she was able to get unblocked each time from Flores' congressional account by calling his office but remains blocked on the campaign one. "I don't know where to call," she said. "I asked in his D.C. office who I needed to call and I was told that they don't have that information."

Lacy and others said Flores blocks those who question him. Austin lawyer Matt Miller said he was blocked for asking when Flores would hold a town hall meeting. "It's totally inappropriate to block somebody, especially for asking a legitimate question of my elected representative," Miller said.

In a statement, Flores spokesman Andre Castro said Flores makes his policies clear on Twitter and on Facebook. "We reserve the right to block users whose comments include profanity, name-calling, threats, personal attacks, constant harping, inappropriate or false accusations, or other inappropriate comments or material. As the Congressman likes to say 2014 2018If you would not say it to your grandmother, we will not allow it here.'"

Ricardo Guerrero, an Austin marketer who is one of the leaders of a local group opposed to Trump's agenda, said he has gotten unblocked by Flores twice but then was blocked again and "just kind of gave up."

"He's creating an echo chamber of only the people that agree with him," Guerrero said of Flores. "He's purposefully removing any semblance of debate or alternative ideas or ideas that challenge his own -- and that seems completely undemocratic. That's the bigger issue in my mind."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


3 Strategies To Defend GOP Health Bill: Euphemisms, False Statements and Deleted Comments

[Editor's Note: today's guest post is by the reporters as ProPublica. Affordable health care and coverage are important to many, if not most, Americans. It is reprinted with permission.]

by Charles Ornstein, ProPublica

Earlier this month, a day after the House of Representatives passed a bill to repeal and replace major parts of the Affordable Care Act, Ashleigh Morley visited her congressman's Facebook page to voice her dismay.

"Your vote yesterday was unthinkably irresponsible and does not begin to account for the thousands of constituents in your district who rely upon many of the services and provisions provided for them by the ACA," Morley wrote on the page affiliated with the campaign of Representative Peter King (Republican, New York). "You never had my vote and this confirms why."

The next day, Morley said, her comment was deleted and she was blocked from commenting on or reacting to King's posts. The same thing has happened to others critical of King's positions on health care and other matters. King has deleted negative feedback and blocked critics from his Facebook page, several of his constituents say, sharing screenshots of comments that are no longer there.

"Having my voice and opinions shut down by the person who represents me -- especially when my voice and opinion wasn't vulgar and obscene -- is frustrating, it's disheartening, and I think it points to perhaps a larger problem with our representatives and maybe their priorities," Morley said in an interview.

King's office did not respond to requests for comment.

As Republican members of Congress seek to roll back the Affordable Care Act, commonly called Obamacare, and replace it with the American Health Care Act, they have adopted various strategies to influence and cope with public opinion, which polls show mostly opposes their plan. ProPublica, with our partners at Kaiser Health News, Stat and Vox, has been fact-checking members of Congress in this debate and we've found misstatements on both sides, though more by Republicans than Democrats. The Washington Post's Fact Checker has similarly found misstatements by both sides.

Today, we're back with more examples of how legislators are interacting with constituents about repealing Obamacare, whether online or in traditional correspondence. Their more controversial tactics seem to fall into three main categories: providing incorrect information, using euphemisms for the impact of their actions, and deleting comments critical of them. (Share your correspondence with members of Congress with us.)

Incorrect Information

Representative Vicky Hartzler (Republican, Missouri) sent a note to constituents this month explaining her vote in favor of the Republican bill. First, she outlined why she believes the ACA is not sustainable -- namely, higher premiums and few choices. Then she said it was important to have a smooth transition from one system to another.

"This is why I supported the AHCA to follow through on our promise to have an immediate replacement ready to go should the ACA be repealed," she wrote. "The AHCA keeps the ACA for the next three years then phases in a new approach to give people, states, and insurance markets plenty of time to make adjustments."

Except that's not true.

"There are quite a number of changes in the AHCA that take effect within the next three years," wrote ACA expert Timothy Jost, an emeritus professor at Washington and Lee University School of Law, in an email to ProPublica.

The current law's penalties on individuals who do not purchase insurance and on employers who do not offer it would be repealed retroactively to 2016, which could remove the incentive for some employers to offer coverage to their workers. Moreover, beginning in 2018, older people could be charged premiums up to five times more than younger people -- up from three times under current law. The way in which premium tax credits would be calculated would change as well, benefiting younger people at the expense of older ones, Jost said.

"It is certainly not correct to say that everything stays the same for the next three years," he wrote.

In an email, Hartzler spokesman Casey Harper replied, "I can see how this sentence in the letter could be misconstrued. It's very important to the Congresswoman that we give clear, accurate information to her constituents. Thanks for pointing that out."

Other lawmakers have similarly shared incorrect information after voting to repeal the ACA. Representative Diane Black (Republican, Tennessee) wrote in a May 19 email to a constituent that "in 16 of our counties, there are no plans available at all. This system is crumbling before our eyes and we cannot wait another year to act."

Black was referring to the possibility that, in 16 Tennessee counties around Knoxville, there might not have been any insurance options in the ACA marketplace next year. However, 10 days earlier, before she sent her email, BlueCross BlueShield of Tennessee announced that it was willing to provide coverage in those counties and would work with the state Department of Commerce and Insurance "to set the right conditions that would allow our return."

"We stand by our statement of the facts, and Congressman Black is working hard to repeal and replace Obamacare with a system that actually works for Tennessee families and individuals," her deputy chief of staff Dean Thompson said in an email.

On the Democratic side, the Washington Post Fact Checker has called out representatives for saying the AHCA would consider rape or sexual assault as pre-existing conditions. The bill would not do that, although critics counter that any resulting mental health issues or sexually transmitted diseases could be considered existing illnesses.

Euphemisms

A number of lawmakers have posted information taken from talking points put out by the House Republican Conference that try to frame the changes in the Republican bill as kinder and gentler than most experts expect them to be.

An answer to one frequently asked question pushes back against criticism that the Republican bill would gut Medicaid, the federal-state health insurance program for the poor, and appears on the websites of Representative Garret Graves (Republican, Louisiana) and others.

"Our plan responsibly unwinds Obamacare's Medicaid expansion," the answer says. "We freeze enrollment and allow natural turnover in the Medicaid program as beneficiaries see their life circumstances change. This strategy is both fiscally responsible and fair, ensuring we don't pull the rug out on anyone while also ending the Obamacare expansion that unfairly prioritizes able-bodied working adults over the most vulnerable."

That is highly misleading, experts say.

The Affordable Care Act allowed states to expand Medicaid eligibility to anyone who earned less than 138 percent of the federal poverty level, with the federal government picking up almost the entire tab. Thirty-one states and the District of Columbia opted to do so. As a result, the program now covers more than 74 million beneficiaries, nearly 17 million more than it did at the end of 2013.

The GOP health care bill would pare that back. Beginning in 2020, it would reduce the share the federal government pays for new enrollees in the Medicaid expansion to the rate it pays for other enrollees in the state, which is considerably less. Also in 2020, the legislation would cap the spending growth rate per Medicaid beneficiary. As a result, a Congressional Budget Office review released Wednesday estimates that millions of Americans would become uninsured.

Sara Rosenbaum, a professor of health law and policy at the Milken Institute School of Public Health at George Washington University, said the GOP's characterization of its Medicaid plan is wrong on many levels. People naturally cycle on and off Medicaid, she said, often because of temporary events, not changing life circumstances -- seasonal workers, for instance, may see their wages rise in summer months before falling back.

"A terrible blow to millions of poor people is recast as an easing off of benefits that really aren't all that important, in a humane way," she said.

Moreover, the GOP bill actually would speed up the "natural turnover" in the Medicaid program, said Diane Rowland, executive vice president of the Kaiser Family Foundation, a health care think tank. Under the ACA, states were only permitted to recheck enrollees' eligibility for Medicaid once a year because cumbersome paperwork requirements have been shown to cause people to lose their coverage. The American Health Care Act would require these checks every six months -- and even give states more money to conduct them.

Rowland also took issue with the GOP talking point that the expansion "unfairly prioritizes able-bodied working adults over the most vulnerable." At a House Energy and Commerce Committee hearing earlier this year, GOP representatives maintained that the Medicaid expansion may be creating longer waits for home- and community-based programs for sick and disabled Medicaid patients needing long-term care, "putting care for some of the most vulnerable Americans at risk."

Research from the Kaiser Family Foundation, however, showed that there was no relationship between waiting lists and states that expanded Medicaid. Such waiting lists pre-dated the expansion and they were worse in states that did not expand Medicaid than in states that did.

"This is a complete misrepresentation of the facts," Rosenbaum said.

Graves' office said the information on his site came from the House Republican Conference. Emails to the conference's press office were not returned.

The GOP talking points also play up a new Patient and State Stability Fund included in the AHCA, which is intended to defray the costs of covering people with expensive health conditions. "All told, $130 billion dollars would be made available to states to finance innovative programs to address their unique patient populations," the information says. "This new stability fund ensures these programs have the necessary funding to protect patients while also giving states the ability to design insurance markets that will lower costs and increase choice."

The fund was modeled after a program in Maine, called an invisible high-risk pool, which advocates say has kept premiums in check in the state. But Senator Susan Collins (Republican, Maine) says the House bill's stability fund wasn't allocated enough money to keep premiums stable.

"In order to do the Maine model 2014 which I've heard many House people say that is what they're aiming for -- it would take $15 billion in the first year and that is not in the House bill," Collins told Politico. "There is actually $3 billion specifically designated for high-risk pools in the first year."

Deleting Comments

Morley, 28, a branded content editor who lives in Seaford, New York, said she moved into Representative King's Long Island district shortly before the 2016 election. She said she did not vote for him and, like many others across the country, said the election results galvanized her into becoming more politically active.

Earlier this year, Morley found an online conversation among King's constituents who said their critical comments were being deleted from his Facebook page. Because she doesn't agree with King's stances, she said she wanted to reserve her comment for an issue she felt strongly about.

A day after the House voted to repeal the ACA, Morley posted her thoughts. "I kind of felt that that was when I wanted to use my one comment, my one strike as it would be," she said.

By noon the next day, it had been deleted and she had been blocked.

"I even wrote in my comment that you can block me but I'm still going to call your office," Morley said in an interview.

Some negative comments about King remain on his Facebook page. But King's critics say his deletions fit a broader pattern. He has declined to hold an in-person town hall meeting this year, saying, "to me all they do is just turn into a screaming session," according to CNN. He held a telephonic town hall meeting but only answered a small fraction of the questions submitted. And he met with Liuba Grechen Shirley, the founder of a local Democratic group in his district, but only after her group held a protest in front of his office that drew around 400 people.

"He's not losing his health care," Grechen Shirley said. "It doesn't affect him. It's a death sentence for many and he doesn't even care enough to meet with his constituents."

King's deleted comments even caught the eye of Andy Slavitt, who until January was the acting administrator of the Centers for Medicare and Medicaid Services. Slavitt has been traveling the country pushing back against attempts to gut the ACA.

.@RepPeteKing, are you silencing your constituents who send you questions? Assume ppl in district will respond if this is happening.

-- Andy Slavitt (@ASlavitt) May 12, 2017

Since the election, other activists across the country who oppose the president's agenda have posted online that they have been blocked from following their elected officials on Twitter or commenting on their Facebook pages because of critical statements they've made about the AHCA and other issues.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Coming Soon: A New HD Video Standard For TV. Will Over-The-Air Broadcasts Remain Free?

Federal communications Commission logo Soon, consumers will hear about improvements in over-the-air broadcast television. Free, broadcast television has been around since forever, and High Definition (HD) broadcast signals have been around since 2009. Many consumers have chosen free, over-the-air broadcast television to avoid expensive monthly cable-TV bills.

Consumer Reports explained:

"Technically called ATSC 3.0, the new broadcast standard is—thankfully—being more generally billed as "Next-Gen Broadcast TV." There are a few big differences between our current ATSC 1.0 broadcasts and the new ones we'll receive as part of ATSC 3.0. A key one is that the new standard is IP (internet protocol)-based, which means it can carry internet content alongside traditional TV broadcasts. The broadcasts can also include 4K video and high dynamic range (HDR) content—the two biggest selling points in TVs right now."

And, consumers will be able to receive the new HD broadcast signals on their smart phones. Reportedly, the coming ATSC 3.0 standard will use a more efficient video format, called HEVC or H.265, which streaming services already use.

Last year, WRAL-TV in Raleigh, North Carolina began to broadcast using the new standard with a documentary, "Take Me Out To the Bulls' Game." The U.S. Federal Communications Commission (FCC) announced in February a Notice of Proposed Rulemaking (NPRM) which sought comments from the public about the new HD broadcast standard. That FCC announcement stated, in part:

"ATSC 3.0 has the potential to greatly improve broadcast signal reception on mobile devices and television receivers without outdoor antennas.  It is also intended to enable broadcasters to offer enhanced and innovative new features to consumers, including Ultra High Definition picture and immersive audio, more localized programming content, an advanced emergency alert system capable of waking up sleeping devices to warn consumers of imminent emergencies, improved accessibility options, and interactive services.

A coalition of broadcast and consumer electronics industry representatives petitioned the Commission to allow the use of the new standard. The upgraded technology is intended to merge the capabilities of over-the-air broadcasting with the broadband viewing and information delivery methods of the Internet using the same 6 MHz channels presently allocated for digital television (DTV)."

Like most things in life, details matter. Consumer Reports warned:

"... Jonathan Schwantes, senior policy counsel at Consumers Union, the policy and mobilization arm of Consumer Reports, says that some consumers could lose the ability to get some ATSC 1.0 signals if the host station is located farther away than their current broadcaster.

"Our position is that next-gen TV can and will be beneficial to consumers if implemented by the FCC in a measured and conscientious manner," he says. That could include making sure the current coverage areas are preserved as much as possible, not allowing broadcasters to downgrade the quality of ATSC 1.0 broadcasts from high to standard definition, and providing consumers with education on issues such as the timing of the transition and what new equipment they may need."

So, some broadcasters might choose to cut corners while migrating to the new standard: reduce their existing HD over-the-air signal strength, degrade their existing HD signal quality, or both. Not good.

And, there's more bad news for consumers. The new HD broadcast standard may cost more. You're probably wondering how, since over-the-air broadcasts have been free since television was introduced. Consumer Reports explained:

"... broadcasters could encrypt at least part of their programming, and require users to create an account and pay for access to certain features. No details are available on how this would work from the consumer's point of view. Consumers Union and other groups say they will insist that consumers continue to have access to free over-the air high-definition TV reception."

The new HD broadcast standard should not include hidden costs or new fees for consumers. For many consumers, new televisions are expensive and out of reach. Many consumers have chosen to "cut the cord" to save money. For these consumers, free over-the-air broadcast television is vital.

Nor should broadcasters be able to cut corners and force consumers to the new HD standard by degrading their existing HD signal strength and/or quality. The new HD broadcast standard should be voluntary for consumers. Nor should consumers be forced to submit to broadcasters their personal, contact, and payment information. One of the benefits of over-the-air broadcasts is privacy.

The next-gen TV standard offers benefits to both consumers and broadcasters. The FCC must balance the needs of both, and not serve only one group. The industry uses the term "Multi-channel Video Programming Distributors" (MVPD) to describe companies that provide video content. These MVPD companies include video producers and distributors: legacy cable-TV providers, TV networks, and others that provide programming via cable, the Internet, and over-the-air broadcasts.

Some MVPDs do both: produce and distribute video content. These MVPDs have a financial bias to force consumers from free over-the-air broadcasts to their proprietary, higher cost distribution networks (e.g., cable, internet). Consumers must have the freedom to choose how they consumer video content, and not have a distribution network forced upon them via bundling, "retransmission consent system," or other MVPD tactics.

What are retransmission consent systems? This 16-142 filing by Consumer's Union, Public Knowledge, and New America's Open Technology Institute explained (Adobe PDF):

"It is increasingly axiomatic that, when MVPDs and broadcast groups engage in retransmission consent negotiations, consumers end up suffering, or footing the bill, or both. Increased broadcast retransmission consent fees are passed on to consumers by MVPDs who have little choice but to accept most broadcaster demands or face crippling blackouts.... Large MVPDs, and those which also own broadcast interests, also use the retransmission consent process to extract favorable terms, potentially limiting the growth or viability of competitive video services. Comcast, for example, is rumored to have fleshed out its fledgling over-the-top (OTT) service by exercising most-favored-nation clauses in many of its carriage contracts. Comcast can only demand such favorable contract terms due to its dominant position in the video delivery marketplace, and once again, consumers are left holding the bag..."

So, the FCC must not make things worse for consumers by allowing the new HD broadcast standard to reduce competition and raise prices. Higher prices may be good for MVPDs (and their stockholders) but not for consumers.

If you want to submit a comment or read comments already submitted about the new HD broadcast standard, search for the 16-142 Filing within the FCC's Electronic Filing & Comment System (ECFS). At press time, only 167 persons, companies, and entities had submitted filings and comments (compared to 2,869,632 comments via ECFS about Net Neutrality). Not good.

What are your opinions about the new HD video broadcast standard?


FCC Voted Yesterday To Start To Overturn Net Neutrality Rules

Federal communications Commission logo Yesterday, the Federal Communications Commission (FCC) voted to kill net neutrality rules it enacted a couple years ago. The FCC announcement:

"The Federal Communications Commission today took the first step toward restoring Internet freedom and promoting infrastructure investment, innovation, and choice by proposing to end utility-style regulation of broadband Internet access service. In a Notice of Proposed Rulemaking, the FCC proposes to return to the bipartisan framework that preserved a flourishing free and open Internet for almost 20 years.  First, the Notice proposes to reverse the FCC’s 2015 decision to impose heavy-handed Title II utility-style government regulation on Internet service providers (ISPs) and return to the longstanding, successful light-touch framework under Title I of the Communications Act.

Second, the Notice proposes to return to the Commission’s original classification of mobile broadband Internet access service as a private mobile service.  Given the historical innovation and success of the wireless marketplace prior to the Title II Order, this proposal is expected to substantially benefit consumers and the marketplace.

Third, the Notice proposes to eliminate the catch-all Internet conduct standard created by the Title II Order.  Because the Internet conduct standard is extremely vague and expansive, ISPs must guess at what they are permitted to do.  Eliminating the Internet conduct standard is therefore expected to promote innovation and network investment by eliminating regulatory uncertainty."

The vote happened on the scheduled date, despite the unavailability for several hours Sunday morning, May 7, of the FCC website for public comments. The FCC said its site crashed due to a DDoS attack. Before the vote, more than 2 million persons and organizations submitted feedback to the FCC.

The vote was expected since Republicans dominate the three-member committee. FCC Chairman Pai and Commissioner Michael O'Rielly, voted for the change. Commissioner Mignon Clyburn, the only Democrat on the three-member committee, voted against it. In January of this year, President Donald Trump appointed Ajit Pai, a former lawyer with Verizon, as the FCC Chairman.

In a statement about the vote, FCC Chairman Ajit Pai repeated prior claims about "heavy-handed" regulation, an internet that wasn't broken, and decreased infrastructure investment by internet service providers (ISPs). All of these claims were discussed and debunked previously after Chairman Pai's speech in April.

C/Net reported:

"Eliminating the Open Internet Order takes away the internet's level playing field and would allow a select few corporations to choose winners and losers, preventing consumers from accessing the content that they want, when they want it," said Jonathan Schwantes, senior policy counsel for Consumers Union. Democratic Senator Al Franken of Minnesota called it "a major step toward destroying the internet as we know it."

CNN reported:

"More than 1,000 startups and investors have now signed an open letter to Pai opposing the proposal. The Internet Association, a trade group representing bigger companies like Facebook, Google, and Amazon, has also condemned the plan. "The current FCC rules are working for consumers and the protections need to be kept in tact," Michael Beckerman, president and CEO of the Internet Association, said at a press conference Wednesday."

USA Today reported:

"Congress could eventually have a say on the issue. At about the same time the FCC was considering the issue, Sen. John Thune, R-S.D., called for Congress to pass legislation "to protect the internet." Thune, who is the chairman of the Senate Commerce Committee, urged colleagues "to begin bipartisan work on such legislation without any further delay. Innovation and job creation should no longer take a backseat to partisan point-scoring," he said..."

After re-reading the FCC announcement several times, I noticed that it failed to mention nor summarize the feedback received from the public. This makes one wonder if Chairman Pai and the committee took the time to review the comments submitted. During the last thirty (3) days, the public submitted 2,174,196 filings and comments. (See image below.) The feedback included a mix of comments for and against the latest changes.

Did Chairman Pai and the committee read this feedback, or were their minds already made up? And if so, did they simply ignore more than 2 million comments? Fortunately, the public can continue to submit feedback about Proceeding 17-108 until August for the subsequent final FCC vote.

Image of most active items in the FCC Electronic Comment Filing System as of May 19, 2017. Click to view larger version


Any Half-Decent Hacker Could Break Into Mar-a-Lago

[Editor's Note: Today's guest blog post is by the reporters at ProPublica. The article explores the security issues about key locations the President visits repeatedly and does business at. It was originally published yesterday, and is reprinted with permission.]

by Jeff Larson and Julia Angwin, ProPublica; and by Surya Mattu, Gizmodo

Two weeks ago, on a sparkling spring morning, we went trawling along Florida's coastal waterway. But not for fish.

We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained.

A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation.

We have also visited two of President Donald Trump's other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.

The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises.

"Those networks all have to be crawling with foreign intruders, not just ProPublica," said Dave Aitel, chief executive officer of Immunity, Inc., a digital security company, when we told him what we found.

Security lapses are not uncommon in the hospitality industry, which -- like most industries and government agencies -- is under increasing attack from hackers. But they are more worrisome in places where the president of the United States, heads of state and public officials regularly visit.

U.S. leaders can ill afford such vulnerabilities. As both the U.S. and French presidential campaigns showed, hackers increasingly exploit weaknesses in internet security systems in an effort to influence elections and policy. Last week, cyberattacks using software stolen from the National Security Agency paralyzed operations in at least a dozen countries, from Britain's National Health Service to Russia's Interior Ministry.

Since the election, Trump has hosted Chinese President Xi Jinping, Japanese Prime Minister Shinzo Abe and British politician Nigel Farage at his properties. The cybersecurity issues we discovered could have allowed those diplomatic discussions -- and other sensitive conversations at the properties -- to be monitored by hackers.

The Trump Organization follows "cybersecurity best practices," said spokeswoman Amanda Miller. "Like virtually every other company these days, we are routinely targeted by cyberterrorists whose only focus is to inflict harm on great American businesses. While we will not comment on specific security measures, we are confident in the steps we have taken to protect our business and safeguard our information. Our teams work diligently to deploy best-in-class firewall and anti-vulnerability platforms with constant 24/7 monitoring."

The White House did not respond to repeated requests for comment.

Trump properties have been hacked before. Last year, the Trump hotel chain paid $50,000 to settle charges brought by the New York attorney general that it had not properly disclosed the loss of more than 70,000 credit card numbers and 302 Social Security numbers. Prosecutors alleged that hotel credit card systems were "the target of a cyber-attack" due to poor security. The company agreed to beef up its security; it's not clear if the vulnerabilities we found violate that agreement. A spokesman for the New York attorney general declined comment.

Our experience also indicates that it's easy to gain physical access to Trump properties, at least when the president is not there. As Politico has previously reported, Trump hotels and clubs are poorly guarded. We drove a car past the front of Mar-a-Lago and parked a boat near its lawn. We drove through the grounds of the Bedminster golf course and into the parking lot of the golf course in Sterling, Virginia. No one questioned us.

Both President Obama and President Bush often vacationed at the more traditional presidential retreat, the military-run Camp David. The computers and networks there and at the White House are run by the Defense Information Systems Agency.

In 2016, the military spent $64 million on maintaining the networks at the White House and Camp David, and more than $2 million on "defense solutions, personnel, techniques, and best practices to defend, detect, and mitigate cyber-based threats" from hacking those networks.

Even after spending millions of dollars on security, the White House admitted in 2015 that it was hacked by Russians. After the hack, the White House replaced all its computer systems, according to a person familiar with the matter. All staffers who work at the White House are told that "there are people who are actively watching what you are doing," said Mikey Dickerson, who ran the U.S. Digital Service in the Obama administration.

By comparison, Mar-a-Lago budgeted $442,931 for security in 2016 -- slightly more than double the $200,000 initiation fee for one new member. The Trump Organization declined to say how much Mar-a-Lago spends specifically on digital security. The club, last reported to have almost 500 members paying annual dues of $14,000 apiece, allotted $1,703,163 for all administration last year, according to documents filed in a lawsuit Trump brought against Palm Beach County in an effort to halt commercial flights from flying over Mar-a-Lago. The lawsuit was dropped, but the FAA now restricts flights over the club when the president is there.

It is not clear whether Trump connects to the insecure networks while at his family's properties. When he travels, the president is provided with portable secure communications equipment. Trump tracked the military strike on a Syrian air base last month from a closed-door situation room at Mar-a-Lago with secure video equipment.

However, Trump has held sensitive meetings in public spaces at his properties. Most famously, in February, he and the Japanese prime minister discussed a North Korean missile test on the Mar-a-Lago patio. Over the course of that weekend in February, the president's Twitter account posted 21 tweets from an Android phone. An analysis by an Android-focused website showed that Trump had used the same make of phone since 2015. That phone is an older model that isn't approved by the NSA for classified use.

Photos of Trump and Abe taken by diners on that occasion prompted four Democratic senators to ask the Government Accountability Office to investigate whether electronic communications were secure at Mar-a-Lago.

In March, the GAO agreed to open an investigation. Chuck Young, a spokesman for the office, said in an interview that the work was in "the early stages," and did not offer an estimate for when the report would be completed.

So, we decided to test the cybersecurity of Trump's favorite hangouts ourselves.

Our first stop was Mar-a-Lago, a Trump country club in Palm Beach, Florida, where the president has spent most weekends since taking office. Driving past the club, we picked up the signal for a Wi-Fi-enabled combination printer and scanner that has been accessible since at least February 2016, according to a public Wi-Fi database.

An open printer may sound innocuous, but it can be used by hackers for everything from capturing all the documents sent to the device to trying to infiltrate the entire network.

To prevent such attacks, the Defense Information Systems Agency, which secures the White House and other military networks, forbids installing printers that anyone can connect to from outside networks. It also warns against using printers that do more than printing, such as faxing. "If an attacker gains network access to one of these devices, a wide range of exploits may be possible," the agency warns in its security guide.

We also were able to detect a misconfigured and unencrypted router, which could potentially provide a gateway for hackers.

To get a better line of sight, we rented a boat and piloted it to within sight of the club. There, we picked up signals from the club's wireless networks, three of which were protected with a weak and outmoded form of encryption known as WEP. In 2005, an FBI agent publicly broke this type of encryption in minutes.

By comparison, the military limits the signal strength of networks at places such as Camp David and the White House so that they are not reachable from a car driving by. It also requires wireless networks to use the strongest available form of encryption.

From our desks in New York, we were also able to determine that the club's website hosts a database with an insecure login page that is not protected by standard internet encryption. Login forms like this are considered a severe security risk, according to the Defense Information Systems Agency.

Without encryption, spies could eavesdrop on the network until a club employee logs in, and then steal his or her username and password. They then could download a database that appears to include sensitive information on the club's members and their families, according to videos posted by the club's software provider.

This is "bad, very bad," said Jeremiah Grossman, chief of Security Strategy for cybersecurity firm SentinelOne, when we described Mar-a-Lago's systems. "I'd assume the data is already stolen and systems compromised."

A few days later, we took our equipment to another Trump club in Bedminster, New Jersey. During the transition, Trump had interviewed candidates for top administration positions there, including James Mattis, now secretary of defense.

We drove on a dirt access road through the middle of the golf course and spotted two open Wi-Fi networks, TrumpMembers and WelcomeToTrumpNationalGolfClub, that did not require a password to join.

Such open networks allow anyone within range to scoop up all unencrypted internet activity taking place there, which could, on insecure sites, include usernames, passwords and emails.

Robert Graham, an Atlanta, Georgia, cybersecurity expert, said that hackers could use the open Wi-Fi to remotely turn on the microphones and cameras of devices connected to the network. "What you're describing is typical hotel security," he said, but "it's pretty concerning" that an attacker could listen to sensitive national security conversations.

Two days after we visited the Bedminster club, Trump arrived for a weekend stay.

Then we visited the Trump International Hotel in Washington, D.C., where Trump often dines with his son-in-law and senior adviser Jared Kushner, whose responsibilities range from Middle East diplomacy to revamping the federal bureaucracy. We surveyed the networks from a Starbucks in the hotel basement.

From there, we could tell there were two Wi-Fi networks at the hotel protected with what's known as a captive portal. These login screens are often used at airports and hotels to ensure that only paying customers can access the network.

However, we gained access to both networks just by typing "457" into the room number field. Because we provided a room number, the system assumed we were guests. We looked up the hotel's public IP address before logging off.

From our desks in New York, we could also tell that the hotel is using a server that is accessible from the public internet. This server is running software that was released almost 13 years ago.

Finally, we visited the Trump National Golf Club in Sterling, Virginia, where the president sometimes plays golf. From the parking lot, we recognized three encrypted wireless networks, an encrypted wireless phone and two printers with open Wi-Fi access.

The Trump club websites are hosted by an Ohio-based company called Clubessential. It offers everything from back-office management and member communications to tee time and room reservations.

In a 2014 presentation, a company sales director warned that the club industry as a whole is "too lax" in managing and protecting passwords. There has been a "rising number of attacks on club websites over the last two years," according to the presentation. Clubessential "performed [an] audit of security in the club industry" and "found thousands of sensitive documents from clubs exposed on [the] Internet," such as "lists of members and staff, and their contact info; board minutes, financial statements, etc."

Still, the club software company has set up a backend server accessible on the internet, and configured its encryption incorrectly. Anyone who reaches the login page is greeted with a warning that the encryption is broken. In its documentation, the company advises club administrators to ignore these warnings and log in regardless. That means that anybody snooping on the unprotected connection could intercept the administrators' passwords and gain access to the entire system.

The company also publishes online, without a password, many of the default settings and usernames for its software 2014 essentially providing a roadmap for intruders.

Clubessential declined comment.

Aitel, the CEO of Immunity, said the problems at Trump properties would be difficult to fix: "Once you are at a low level of security it is hard to develop a secure network system. You basically have to start over."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


60 Minutes Re-Broadcast Its 2014 Interview With FBI Director Comey

60 Minutes logo Last night, the 60 Minutes television show re-broadcast its 2014 interview with former Federal Bureau of Investigation (FBI) Director James Comey. The interview is important for several reasons.

Politically liberal people have criticized Comey for mentioning to Congress just before the 2016 election the FBI investigation of former Secretary of State Hilary Clinton's private e-mail server. Many believe that Comey's comments helped candidate Donald Trump win the Presidential election. Politically conservative people criticized Comey for not recommending prosecution of former Secretary Clinton.

The interview is a reminder of history and that reality is often far more nuanced and complicated. Back in 2004, when the George W. Bush administration sought a re-authorization of warrant-less e-mail/phone searches, 60 Minutes explained:

"At the time, Comey was in charge at the Justice Department because Attorney General John Ashcroft was in intensive care with near fatal pancreatitis. When Comey refused to sign off, the president's Chief of Staff Andy Card headed to the hospital to get Ashcroft's OK."

In the 2014 interview, Comey described his concerns in 2004 about key events:

"... [the government] cannot read your emails or listen to your calls without going to a federal judge, making a showing of probable cause that you are a terrorist, an agent of a foreign power, or a serious criminal of some sort, and get permission for a limited period of time to intercept those communications. It is an extremely burdensome process. And I like it that way... I was the deputy attorney general of the United States. We were not going to authorize, reauthorize or participate in activities that did not have a lawful basis."

During the interview in 2014 by 60 Minutes, then FBI Director Comey warned all Americans:

"I believe that Americans should be deeply skeptical of government power. You cannot trust people in power. The founders knew that. That's why they divided power among three branches, to set interest against interest... The promise I've tried to honor my entire career, that the rule of law and the design of the founders, right, the oversight of courts and the oversight of Congress will be at the heart of what the FBI does. The way you'd want it to be..."

The interview highlighted the letter Comey kept on his desk as a cautionary reminder of the excesses of government. That letter was about former FBI Director Herbert Hoover's investigations and excessive surveillance of the late Dr. Martin Luther King, Jr. Is Comey the bad guy that people on both sides of the political spectrum claim? Yes, history is far more complicated and nuanced.

So, history is complex and nuanced... far more than a simplistic, self-serving tweet:

Many have paid close attention for years. After the Snowden disclosures in 2013 about broad, warrantless searches and data collection programs by government intelligence agencies, in 2014 Comey urged all USA citizens to participate in a national discussion about the balance between privacy and surveillance.

You can read the full transcript of the 60 Minutes interview in 2014, watch this preview on Youtube, or watch last night's re-broadcast by 60 Minutes of the 2014 interview.


FCC Says Denial-Of-Service Attacks Caused Its Site To Crash Sunday Morning

Federal communications Commission logo Last weekend, the U.S. Federal Communications Commission (FCC) website crashed during a key period when the public relied upon it to submit feedback about proposed changes to net neutrality rules. Dr. David Bray, the FCC Chief Information Officer, released a statement on Monday that the crash was due to a distributed denial-of-service (DDoS) attack:

"Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC. While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments. We have worked with our commercial partners to address this situation and will continue to monitor developments going forward."

The FCC’s , Electronic Comment Filing System (ECFS) is the site the public users to submit and review feedback about proposed changes. Bray's statement did not identify the "bad actors" responsible for the DDoS attack, did not state the countries or locations of the illegitimate site traffic, nor offer much in the way of any substantial details.

A DDoS attack is when hundreds or thousands of internet-connected devices, often coordinated by malware and/or criminals, overwhelm a targeted website by trying to access it simultaneously. This type of attack prevents legitimate users from accessing the targeted site to perform desired tasks (view/buy products, register for services, view videos, get help, contact representatives, etc.). This can easily disable the targeted website for hours, days, or weeks. It can also disrupt businesses, and cause financial losses.

This blog and its hosting service experienced a DDoS attack in 2014 when offshore advertisers retaliated after the hosting service implemented stronger measures to block illegitimate traffic. An October, 2016 DDoS attack against Dyn, a major DNS provider, interrupted many popular websites and services including Spotify, Reddit, and Twitter. Some DDoS attacks are about politics or censorship. A September, 2016 DDoS attack disabled the Krebs On Security blog.

Generally, security experts are concerned about botnets, collections of internet-connected devices used to perform DDoS attacks. These devices can include home WiFi routers, security cameras, and unprotected computers infected with malware. Often, home devices are used without consumers' knowledge nor consent.

Others were skeptical of the FCC's explanation. Some people attributed the crash to John Oliver, the host of the "This Week Tonight" show on HBO. In 2014, the show's viewers crashed the FCC site trying to submit feedback about net neutrality. Oliver published a similar video this past weekend in support of net neutrality.

Broadcasting & Cable reported:

"Fight for the Future is calling on the FCC to release logs on the attack to an independent third party—a security researcher or media outlet—to independently verify the attack. "The agency has a responsibility to maintain a functioning website to receive large numbers of comments and feedback from the public," said Evan Greer campaign director for Fight for the Future. "They can't blame DDoS attacks without proof, they need to fix this problem and ensure that comments on this important issue are not lost."

MediaPost reported that at least two U.S. Senators have demanded answers:

"Senators Ron Wyden (D-Oregon) and Brain Schatz (D-Hawaii) are also seeking answers from the FCC. "As you know, it is critical to the rulemaking and regulatory process that the public be able to take part without unnecessary technical or administrative burdens," the lawmakers write. "Any potentially hostile cyber activities that prevent Americans from being able to participate in a fair and transparent process must be treated as a serious issue."

They are asking the FCC to provide details about any malicious traffic, including how many devices sent malicious traffic to the agency. The lawmakers also have asked the FCC whether it requested investigatory assistance from other federal agencies, and whether it uses any commercial protection services."

A reasonable demand for the FCC to provide proof. If the DDoS attack was a new form of 21st-centry censorship to stop concerned citizens (e.g., voters) from submitting feedback in support of net neutrality, then we all need to know. And, we need to know what the FCC is doing to protect its systems.


Update: Net Neutrality, Adminstrative Law, The Courts, And Next Steps

Federal communications Commission logo A lot has happened since Federal Communications Commission (FCC) Chairman Ajit Pai disclosed his plan last week to kill net neutrality. While the FCC commissioners will vote on May 18 about the rules changes, a federal law could affect the outcome. First, Wired reported:

"A 1946 law called the Administrative Procedure Act bans federal agencies making “capricious” decisions. The law is meant, in part, to keep regulations from yo-yoing back and forth every time a new party gained control of the White House. The FCC successfully argued in favor of Title II reclassification in federal court just last summer. That effort means Pai might have to make the case that things had changed enough since then to justify a complete reversal in policy."

Read the text of the Administrative Procedure Act (APA). Learn more here.

The recent actions (e.g., privacy, net neutrality) by the Republican-led FCC have definitely resulted in both uncertainty and a yo-yoing of rules. At times, it feels like watching a tennis match. While Pai and other advocates of killing net neutrality have claimed that infrastructure investment has declined due to the reclassification by the FCC, the reality:

"During a hearing earlier this year, senator Edward Markey (D-Massachusetts) pointed to US Census Bureau estimates that broadband investment increased slightly from $86.6 in 2014 to $87.2 billion in 2015..."

Data for 2016 isn't available yet. As I mentioned in a prior post, telecommunications companies made conscious decisions and could have diverted money from other spending to infrastructure. They didn't and chose this legislation path instead. Again from Wired's analysis:

"Other business considerations could also play into changes in telecom spending on network infrastructure, such as a desire to wait and let previous investments pay for themselves before making new ones. The CEO of Verizon, for example, told shareholders that Title II didn’t affect the company’s investment plans. And Martin points out that a recent auction in which companies spent $19.8 billion to buy rights to use more of the wireless spectrum doesn’t exactly look like an industry shy of investing."

"If the infrastructure argument doesn’t fly, Pai could also argue that the rules are unnecessary because proverbial fast and slow lanes for the internet never existed. The problem is that’s not true. The Bush-era FCC ordered Comcast to stop throttling BitTorrent traffic in 2008... Under a secret agreement with AT&T, Apple blocked iPhone users from making Skype calls over the carrier’s network until the FCC pressured the companies into reversing the policy in 2009..."

Read the entire Wired analysis. It makes it crystal clear how corporate ISPs are trying to rig the system for themselves and against consumers.

Second, a recent decision by a federal court rejected big telecom's petition to have the existing FCC's net neutrality rules overturned. On Monday, Ars Technica reported:

"The US Court of Appeals for the District of Columbia Circuit denied the broadband industry's petition for a rehearing of a case that upheld net neutrality rules last year. A three-judge panel ruled 2-1 in favor of the FCC in June 2016, but ISPs wanted an en banc review in front of all of the court's judges. The request for an en banc review was denied in the order issued today."

What to make of this? The bottom line is that the circuit court decided to uphold the reclassification of broadband ISPs as common carriers and the FCC's net neutrality rules. While big telecom could appeal the decision with the Supreme Court, that seems unlikely since they know that the FCC, led by Chairman Ajit Pai, a Republican, has a majority of Republican commissioners who will vote to overturn net neutrality rules on May 18. And, Chairman Pai will have to overcome any challenges with the APA.

In response to the court decision, FCC Chairman Pai issued this statement:

"In light of the fact that the Commission on May 18 will begin the process of repealing the FCC’s Title II regulations, it is not surprising, as Judges Srinivasan and Tatel pointed out, that the D.C. Circuit would decide not to grant the petitions for rehearing en banc. Their opinion is important going forward, however, because it makes clear that the FCC has the authority to classify broadband Internet access service as an information service..."

Chairman Pai seems hell-bent upon ignoring the historical problems in the broadband industry that plagued consumers, in order to change the rules in favor of big telecom. Those problems led to the reclassification by the FCC. A prior blog post listed some of those problems:

"The lack of ISP competition in key markets meant consumers in the United States pay more for broadband and get slower speeds compared to other countries. Rural consumers and low-income areas lacked broadband services. There were numerous complaints by consumers about usage Based Internet Pricing. There were privacy abuses and settlement agreements by ISPs involving technologies such as deep-packet inspection and 'Supercookies' to track customers online, despite consumers' wishes not to be tracked. Many consumers didn't get the broadband speeds ISP promised. Some consumers sued their ISPs, and the New York State Attorney General invited residents to check their broadband speed with this tool. Tim Berners-Lee, the founder of the internet, cited in March three reasons why the Internet is in trouble. His number one reason: consumers had lost control of their personal information... Some consumers found that their ISP hijacked their online search results without notice nor consent. An ISP in Kansas admitted in 2008 to secret snooping after pressure from Congress."

Third, big telecom is engaged in some savvy, deceptive maneuvering. Ars Technica discussed bizarre claims by Verizon:

"... Verizon's general counsel, Craig Silliman, wants you to believe that Verizon never opposed net neutrality rules, even though it sued the FCC to eliminate them. He's also making the claim that the FCC isn't even talking about eliminating the net neutrality rules, even though FCC Chairman Ajit Pai is proposing to do exactly that."

Watch the Verizon video with Verizon's Silliman. When Silliman said, "changing the legal footing," he is referring to comments by others that the FTC should regulate broadband services, and not the FCC. That places the burden on consumers and the FTC to sue when broadband providers don't deliver the services promised; assuming that broadband providers disclose in their terms-of-service and privacy policies what they will deliver. With regulation by the FCC, consumers would have been in charge of their privacy, big telecom would have been forced to be transparent and explain what they were doing, and big telecom couldn't slice up the internet into slow and fast lanes forcing consumers to pay more to access certain sites.

During the last fight about neutrality in 2014, about about 90 tech companies sent a letter to FCC Chairman Tom Wheeler (Adobe PDF) encouraging the FCC to support for a free and open internet, where consumers decide where to go online with the broadband services purchased. Several notable companies signed that 2014 letter: Amazon, Dropbox, Ebay, Facebook, Gawker, Google, Microsoft, Mozilla, Netflix, Twitter, Vonage, and Yahoo. I did not see Verizon (nor Comcast) in the list of signers.

That's some brilliant and deceptive maneuvering. Big telcom can appear reasonable and deny talking about killing net neutrality rules while knowing that their representative, Chairman Pai and his fellow Republican commissioners at the FCC, will do it for them. Again, from Ars Technica:

"No major Internet service provider has done more to prevent implementation of net neutrality rules in the US than Verizon. After years of fighting the rules in courts of law and public opinion, Verizon is about to get what it wants as the FCC—now led by a former Verizon lawyer—prepares to eliminate the rules and the legal authority that allows them to be enforced."

Fourth, the FCC released its Notice of Proposed Rule Making (NPRM): Proceeding 17-108, "Restoring Internet Freedom" - April 26, 2017 (Adobe PDF). Just as before in 2014 - 15, the new rule is open to public comments. This means, it is time for citizens and voters to take action.

FCC Chairman Pai and others claim that the Internet was working well before, and net neutrality rules are unnecessary and a government intrusion. Ordinary broadband customers can have a great impact. It is time for consumers to submit comments to the FCC. About 25,578 people have already submitted comments. For example, a comment by Darion from Austin, Texas:

"The FCC Open Internet Rules (net neutrality rules) are extremely important to me. I urge you to protect them. Most Americans only have one choice for true high speed Internet access: our local cable company. Cable companies (and wireless carriers) are actively lobbying Congress and the FCC for the power to: i) Block sites and apps, to charge them "access fees;" ii) Slow sites and apps to a crawl, to establish paid "fast lanes" (normal speed) and slow lanes (artificially low speeds); and iii) Impose arbitrarily low data caps, so they can charge sites to escape those caps, or privilege their own services ("zero rating").
They're doing it so they can use their monopoly power to stand between me and the sites I want to access, extorting money from us both. I'll be forced to pay more to access the sites I want, and sites will have to pay a kind of protection money to every major cable company or wireless carrier—just to continue working properly!

The FCC's Open Internet Rules are the only thing standing in their way. I'm sending this to letter to my two senators, my representative, the White House, and the FCC. First, to the FCC: don’t interfere with my ability to access what I want on the Internet, or with websites' ability to reach me. You should leave the existing rules in place, and enforce them.

To my senators: you have the power to stop FCC Chair Ajit Pai from abusing the rules by refusing to vote for his reconfirmation. I expect you to use that power. Pai, a former Verizon employee, has made it clear he intends to gut the rules to please his former employer and other major carriers, despite overwhelming support for the rules from voters in both parties... To the White House: Ajit Pai, a former Verizon employee, is acting in the interests of his former employer, not the American people. America deserves better... To my representative: please publicly oppose Ajit Pai's plan to oppose the rules... I would be happy to speak more with anyone on your staff about the rules and why they’re so important to me. Please notify me of any opportunities to meet with you or your staff."

Be brief. Use your own words. Submit your comments soon, since the deadline fast approaches. Also, tell your elected officials. Participate in local marches and protests. Join the Fight For The Future. Support the EFF.


The Top Complaints About Financial Services. One Complaint Type Grew 325 Percent

Logo for Consumer Financial Protection Bureau After encountering unresolved issues with financial services, many consumers file complaints with the Consumer Financial Protection Bureau (CFPB). After each complain, the CFP works hard to get each consumer a reply within 15 days. This process allows the CFPB to track which issues affect most consumers, and to identify emerging problems.

According to its April Monthly Complaint Report, debt collection issues generated the most complaints on average, and complaints about student loans grew the fastest:

"As of April 1, 2017, the CFPB has handled approximately 1,163,200 complaints, including approximately 28,000 complaints in March 2017... Student loan complaints showed the greatest percentage increase from January - March 2016 (773 complaints) to January - March 2017 (3,284 complaints), representing about a 325 percent increase. Part of this year-to-year increase can be attributed to the CFPB updating its student loan complaint form to accept complaints about Federal student loan servicing in late February 2016. The CFPB also initiated an enforcement action against a student loan servicer during this time period."

CFPB Monthly Compalint Report. April, 2017. Table 1. Click to view larger version

The top five categories of complaints about during March, 2017:

  1. Debt collection: 8,711
  2. Credit reporting: 5,498
  3. Mortgages: 3,965
  4. Credit cards: 2,522
  5. Bank account or service: 2,476

Also during March: debt collection complaints represented about 31 percent of complaints; debt collection, credit reporting and mortgage were the top three most-complained-about consumer financial products and services. Together, these three categories represented 65 percent of complaints during March.

The top five categories of complaints since the CFPB began:

  1. Debt collection: 316,810
  2. Mortgages: 272,153
  3. Credit reporting: 195,826
  4. Credit cards: 118,732
  5. Bank account or service: 115,055

The CFPB began accepting complaints for different products and services at different times:

There were regional differences in complaint volume:

"Montana (54 percent), Georgia (46 percent), and Wyoming (45 percent) experienced the greatest complaint volume percentage increase from January - March 2016 to January - March 2017. New Mexico (-20 percent), Iowa (-5 percent), and Kansas (-0.7 percent) experienced the greatest complaint volume percentage decrease... Of the five most populated states, Texas (35 percent) experienced the greatest complaint volume percentage increase and Florida (8 percent) experienced the least complaint volume percentage increase from January - March 2016 to January - March 2017."

The report also tracks complaints by company:

CFPB Monthly Complaint Report. April, 2017. Figure 1. Click to view larger version

The CFPB reported additional details about student loan complaints:

"Approximately 32,700 (or 74 percent) of all student loan complaints handled by the CFPB from July 21, 2011 through March 31, 2017 were sent by the CFPB to companies for review and response. The remaining complaints have been found to be incomplete (7 percent), referred to other regulatory agencies (19 percent), or are pending with the CFPB or the consumer (0.5 percent and 0.4 percent, respectively)... The most common issues identified by consumers are problems dealing with their lenders or servicers (64 percent) and being unable to repay their loans (33 percent)."

"Federal student loan borrowers reported that when contacting their loan servicers regarding financial distress, servicers provided them with information on hardship forbearance or deferment, instead of potentially more beneficial repayment options like income-driven repayment plans... loan borrowers complained of difficulty enrolling in income-driven repayment plans. Borrowers reported lost documentation, extended application processing times, and unclear guidance when seeking to switch from one income-driven repayment plan to another."

Federal student loan borrowers described their experiences when trying to obtain guidance in completing annual income recertification for their income-driven repayment plan. Borrowers reported receiving insufficient information from their servicers to meet recertification deadlines and lengthy processing times. Some federal student loan borrowers stated their payments were misapplied. Borrowers reported overpayments were not applied to specified accounts but rather applied to all accounts managed by the servicer. Additionally, some borrowers’ overpayments—intended to reduce principal balance—were credited to the account as an early payment, resulting in their ac count reflecting a paid ahead status..."

To read more, download the full "April 2017: CFPB Monthly Complaint Report: Vol. 22" (Adobe PDF).


Speech By FCC Chairman. Time For Citizens To Fight To Keep Net Neutrality Protections

Federal communications Commission logo Earlier today, Ajit Pai, the Chairman of the U.S. Federal Communications Commission (FCC), gave a speech titled, "The Future Of Internet Freedom" at the Newseum in Washington, DC. He discussed the history of the Internet, regulation, business investment, innovation, and jobs. He also shared his views on regulation and a desire for the FCC's to pursue a "light touch" regulatory approach:

"First, we are proposing to return the classification of broadband service from a Title II telecommunications service to a Title I information service—that is, light-touch regulation drawn from the Clinton Administration.  As I mentioned earlier, this Title I classification was expressly upheld by the Supreme Court in 2005, and it’s more consistent with the facts and the law.

Second, we are proposing to eliminate the so-called Internet conduct standard. This 2015 rule gives the FCC a roving mandate to micromanage the Internet... The FCC used the Internet conduct standard to launch a wide-ranging investigation of free-data programs. Under these programs, wireless companies offer their customers the ability to stream music, video, and the like free from any data limits. They are very popular among consumers, particularly lower-income Americans... Following the presidential election, we terminated this investigation before the FCC was able to take any formal action. But we shouldn’t leave the Internet conduct standard on the books for a future Commission to make mischief.

And third, we are seeking comment on how we should approach the so-called bright-line rules adopted in 2015. But you won’t just have to take my word about what is in the Notice of Proposed Rulemaking. I will be publicly releasing the entire text of the document tomorrow afternoon..."

This should not be a surprise. We've heard much of this before from Congresswoman Blackburn, the author of the recently passed House legislation to roll back consumers' online privacy protection. Blackburn said the same about FCC reclassification; that it was bad, and that the internet wasn't broken. Well it was broken prior to to 2014, and in several specific ways.

The lack of ISP competition in key markets meant consumers in the United States pay more for broadband and get slower speeds compared to other countries. Rural consumers and low-income areas lacked broadband services. There were numerous complaints by consumers about usage Based Internet Pricing. There were privacy abuses and settlement agreements by ISPs involving technologies such as deep-packet inspection and 'Supercookies' to track customers online, despite consumers' wishes not to be tracked. Many consumers didn't get the broadband speeds ISP promised. Some consumers sued their ISPs, and the New York State Attorney General invited residents to check their broadband speed with this tool. Tim Berners-Lee, the founder of the internet, cited in March three reasons why the Internet is in trouble. His number one reason: consumers had lost control of their personal information. With all of this evidence, how can Pai and Blackburn claim the internet wasn't broken?

There are more examples. Some consumers found that their ISP hijacked their online search results without notice nor consent. An ISP in Kansas admitted in 2008 to secret snooping after pressure from Congress. Given all of this, something had to be done. The FCC stepped up to the plate and acted when it was legally able to; and reclassified broadband after open hearings. Then, the FCC adopted new privacy rules in November, 2016. Proposed rules were circulated prior to adoption. It was done in the open. It made sense.

Meanwhile, the rollback of FCC broadband privacy rules is very unpopular among consumers. Comments by Pai and Blackburn seem to ignore both that and key events (listed above) in broadband history. That is practicing the "revisionist history" Pai said in his speech he disliked. That leaves me questioning whether they can be trusted to develop reasonable solutions that serve the interests of consumers.

With their victory last month to roll back the FCC's online privacy protections, pro-big-telecom advocates claim they are acting in consumers' best interests. What bull. With that rollback, consumers are no longer in control of their information. (The opt-in and other controls were killed.) Plus, we live in a capitalist society where the information that describes us is valuable property. That's why so many companies want to collect it. Consumers should be in control of their online privacy and the information that describes them, not corporate ISPs.

Corporate ISPs' next target is "net neutrality." Pai referred to it in the "bright lines" portion of his speech. For those who don't know or have forgotten, net neutrality is when consumers are in control -- consumers choose where to go online with the broadband they've purchased, and when ISPs must treat all content equally. That means no blocking, no throttling, and no paid prioritization. Net neutrality means consumers stay in control of where they go online.

Pai claimed this was unclear. Again, more bull. The FCC's no blocking, no throttling, and no paid prioritization position was crystal clear.

Without net neutrality, ISPs decide where consumers can go online, which sites you can visit, and which sites you can visit only if you pay more. ISPs would likely group web sites into tiers (e.g., slow vs. fast "lanes"), similar to premium cable-TV channels. Do you want your monthly internet bill as confusing, complicated, and expensive as your cable-TV bill? I don't, and I doubt you do either.

Pai and Blackburn claim that net neutrality (and privacy) kills innovation. I guess that depends how you define "innovation." If you define innovation as the ability of ISPs to carve up the internet to maximize they profits where consumers pay more, then it should be killed. That's not innovation. That's customer segmentation by price and paid prioritization.

In his speech, Pai provided an appealing explanation about how ISPs spent less on infrastructure. He neglected to mention that decreased infrastructure spending was a choice by ISPs. They could have cut expenses elsewhere and continued infrastructure spending, but they didn't. Instead, ISPs chose the path we see: utilize a compliant, sympathetic Republican-led Congress and White House to get what they wanted -- the ability to charge higher broadband prices -- and use slick, misleading language to appear to be consumer friendly.

Take action today to defend net neutrality protections. Fight For The Future The Pai-led FCC isn't consumer friendly. The GOP-led Congress isn't, either. Regardless of how they spin it. Don't be fooled.

Anyone paying attention already knows this. Concerned citizens fought for and won net neutrality in 2014. Sadly, we might fight the net neutrality fight again.

It will be an uphill fight for two reasons. First, Republicans control the White House, House of Representatives, and Senate. Second, the Trump Administration is working simultaneously on rollbacks for several key issues (e.g., health care, immigration, wall along Mexican border, tax reform, environment, education, terrorism, etc.), making it easier to distract opponents with other issues (and with outrageous midnight tweets). Yet, people demonstrated last week at an open FCC meeting. (Video is also available here.) Now is the time for more concerned citizens to rise, speak up, and fight back. Write to your elected officials. Tell your friends, classmates, coworkers, and family members. Use this action form to contact your elected officials. Participate in local marches and protests. Join the Fight For The Future. Support the EFF.

Some elected officials have already committed to defend net neutrality protections:

What about your elected officials? Have they made a commitment to defend net neutrality? Ask them. Don't be silent. Now is not the time to sit on the sideline and wait for others to do the fighting for you.


LeapLab And Other Defendants Settled With FTC

Recently, a reader wrote via e-mail with feedback about this December 2014 blog post which discussed a lawsuit filed by the U.S. Federal Trade Commission (FTC) against a data broker, LeapLab, and other defendants. The suit alleged that the defendants sold consumers' sensitive personal information to fraudsters.

The reader was unhappy because he was unable to submit a comment on that blog post. The policy of this blog is to close comments on all blog posts after a year. The reader seemed to interpret that policy as a slight against one of the defendants. No. The closing of comments after a year is equal, consistent treatment.

The reader was also unhappy with comments posted by other readers to that 2014 blog post. Like other blogs, readers freely share their opinions and feedback in the comments section. Like other blogs, I am not responsible for readers' comments. Nor do I censor comments for content. I remind everyone to read the Terms of Service.

The reader's e-mail feedback claimed the blog post was incomplete and one sided. Today's blog post reports the rest of the story.

LeapLab and the other defendants settled the lawsuit with the FTC in February, 2016. The February 18, 2016 FTC announcement stated:

"A group of defendants have settled Federal Trade Commission charges that they knowingly provided scammers with hundreds of thousands of consumers’ sensitive personal information – including Social Security and bank account numbers. The proposed federal court orders prohibit John Ayers, LeapLab and Leads Company from selling or transferring sensitive personal information about consumers to third parties. The defendants will also be prohibited from misleading consumers about the terms of a loan offer or the likelihood of getting a loan. In addition, the settlements require the defendants to destroy any consumer data in their possession within 30 days.

The orders include a $5.7 million monetary judgment, which is suspended based on the defendants sworn inability to pay. In addition to the settlement orders, the court entered an unsuspended $4.1 million default judgment with similar prohibitions against SiteSearch, the remaining defendant in the case."

You can follow the above links to the settlement agreements between each defendant and the FTC, which were approved by the court. Links are also available on the FTC-Leaplab proceedings page.

As a solo blogger with limited resources, I do my best to get it right. There's plenty of privacy news to cover, and I should have reported the above settlement agreements sooner. Hopefully, today's blog post corrects that oversight. I sincerely thank all readers for their feedback and comments.


Security Experts State Privacy Issues With Proposed NHTSA Rules For Vehicle Automation

The Center For Democracy & Technology (CDT) and four cryptographers have stated their security and privacy concerns regarding proposed rules by the National Highway Traffic Safety Administration (NHTSA) for vehicle automation and communications. In a CDT blog post, Chief Technologist Lorenzo Hall stated that the group's concerns about NHTSA's:

"... proposed rulemaking to establish a new Federal Motor Vehicle Safety Standard (FMVSS), No. 150, which intends to mandate and standardize vehicle-to-vehicle (V2V) communications for new light vehicles... Our comments highlight our concern that NHTSA’s proposal standard may not contain adequate measures to protect consumer privacy from third parties who may choose to listen in on the Basic Safety Message (BSM) broadcast by vehicles. Inexpensive real-time tracking of vehicles is not a distant future hypothetical. Vehicle tracking will be exploited by a multitude of companies, governments, and criminal elements for a variety of purposes such as vehicle repossession, blackmail, gaining an advantage in a divorce settlement, mass surveillance, commercial espionage, organized crime, burglary, or stalking.

Our concern is that the privacy protections currently proposed for V2V communications may be easily circumvented by any party determined to perform large-scale real-time tracking of multiple vehicles at once. This poses a serious costs for both individual privacy and society at large..."

FMVSS Standards include regulations automobile and vehicle manufacturers must comply with. Read the proposed FMVSS Rule 150 in the Federal Register. The proposed rule specifies how vehicles will automatically broadcast Basic Safety Messages (BSM).

The group's detailed submission (Adobe PDF) to the U.S. Department of Transportation (DOT) described specific privacy concerns. One example:

"2.1 Linking a vehicle to an individual
The NPRM proposes that vehicle location accurate to within 1.5 meters be included in every BSM. Such high accuracy is sufficient to identify a vehicle’s specific parking spot. Assuming a suburban environment where the parking spot is a driveway, this information is enough to identify the owners or tenants... Vehicles can be further disambiguated among members of a household or people sharing parking spots by when they leave and where they go. For instance, shift workers, 9-to-5 office workers, high school students, and stay-at-home parents will all have different, distinguishable patterns of vehicle use. Even among office commuters, the first few turns after leaving the driveway will be very useful for disambiguating people working at different locations..."

So, when you leave home and the route you take can easily identify individuals. You don't have to be the registered owner of the car. Yes, your smartphone broadcasts to the nearest cellular tower and that identifies your location, but not as precisely. Privacy is needed because the bad guys -- stalkers, criminals -- could also use BSMs to spy upon individuals.

The security experts found the proposed BSM privacy statement by NHTSA to be one-sided and incomplete:

"The examples of third-party collection provided in paragraph (b) of the privacy statement mention only benign collection for beneficial purposes, such as accident avoidance, transit maintenance, or valuable commercial services. They selectively highlight the socially beneficial uses of V2V information without mentioning commercial services [which] may not [be] valuable for consumers; or other potential, detrimental, or even criminal uses. This is especially troubling..."

The CDT and security experts recommended that due to the privacy risks described:

"... we firmly believe that, unless a considerably more privacy-conscious proposal is put forward, consumers should be given the choice to opt-in or opt-out (without a default opt-in), and should be made clearly aware of what they are opting in to..."

I agree. A totally sensible and appropriate approach. The group's detailed submission also compared several vehicle tracking methods:

"... physically following a car or placing a GPS device on it, do not allow for mass tracking of most vehicles in a given area. Some options, such as cellphone tracking or toll collection history, require specialized access to a private infrastructure. Cellular data does not provide precise position information to just anyone who listens in... Moreover, cellular technology is evolving rapidly — today it provides more privacy than in the past... license-plate-based tracking requires a line of sight to a given vehicle, and thus is usually neither pervasive nor real-time. A vehicle can be observed driven or parked, but not tracked continuously unless followed. Only a few vehicles can be observed by a camera at any given time. Thus, license-plate-based tracking provides only episodic reports of locations for most vehicles. In contrast, because receiving the BSM does not require a line of sight and the BSM is transmitted ten times per second, multiple vehicles can be tracked simultaneously, continuously, and in real time.

The Privacy Technical Analysis Report concluded that the only option other than BSMs that may be viable for large-scale real-time tracking without any infrastructure access is via toll transponders."

License-plate tracking and the cameras used are often referred to as Automated License Plate Readers (ALPR). Law enforcement uses four types of ALPR technologies: mobile cameras, stationary cameras, semi-stationary cameras, and ALPR databases.

So, BSM provides large-scale real-time tracking. And, while toll transponders provide consumers with a convenient method to pay and zoom through tolls, the technology can be used to track you. Read the full CDT blog post.


Tax Day Protest in Cambridge, Massachusetts. Protesters Demand President Releases His Tax Returns

Rallies and marches in more than 190 cities and towns were held on Saturday April 15 to demand more transparency and fairness related to taxes. The transparency demand is for the 45th President of the United States. During the 2016 presidential campaign, candidate Trump promised to release his tax returns after an Internal Revenue Service (IRS) audit was completed. After winning the election and entering office, President Trump refused to release his tax returns.

The issue is partisan. A Yougov survey in May 2016 found that 61 percent of Americans, 81 percent of Democrats, 60 percent of Independents, and 38 percent of Republicans wanted candidate Trump to release his detailed tax returns.

An estimated 2,500 persons attended the greater Boston area event held on the Cambridge Commons in Cambridge, Massachusetts. The emcee was Mike Connolly, a Massachusetts State representative for Somerville and Cambridge. Several local organizers spoke, including calls for fairness with taxes and the federal budget. The entire rally paused for a moment of silence to remember the victims in the Boston Marathon bombing four years ago.

Future rallies are scheduled to support science, public education, and recognition of climate change. Learn more about today's event at #TaxDayMarch and at #TaxMarchBoston. Photographs of today's event in Cambridge appear below.

Greater Boston area Tax Rally. April 15, 2017

Greater Boston area Tax Rally. April 15, 2017

Greater Boston area Tax Rally. April 15, 2017

Greater Boston area Tax Rally. April 15, 2017

Greater Boston area Tax Rally. April 15, 2017

Greater Boston area Tax Rally. April 15, 2017

Greater Boston area Tax Rally. April 15, 2017

Greater Boston area Tax Rally. April 15, 2017

Greater Boston area Tax Rally. April 15, 2017

Greater Boston area Tax Rally. April 15, 2017

Greater Boston area Tax Rally. April 15, 2017

Greater Boston area Tax Rally. April 15, 2017

Greater Boston area Tax Rally. April 15, 2017

Greater Boston area Tax Rally. April 15, 2017


Poll Finds Republicans Rollback of Broadband Privacy Very Unpopular

A recent poll found that the Republican rollback of broadband privacy rules is very unpopular. Very unpopular. The poll included 1,000 Americans, and the results cut across age, gender, and political affiliations. Despite this, President Trump signed the privacy-rollback legislation on April 3. Since then, many consumers have sought online tools to protect their privacy.

Vox reported the survey results:

Image of Yougov poll results about Republican rollback of broadband privacy. Click to view larger version

Late last week, several Republicans in the House of Representatives sent a letter (Adobe PDF) to Ajit Pai, the Chairman of the U.S. Federal Communications Commission (FCC), urging the FCC to regulate broadband service providers. The letter read, in part:

"We write to ensure that the Federal Communications Commission (FCC) stands ready to protect consumer privacy... The Federal Trade Commission (FTC) has long been the standard bearer for striking the right balance of consumer protection with a pro-innovative construct that encourages consumer choice, opportunities, and new jobs... An FCC approach that mirrors the FTC will continue to protect consumers in this tumultuous time... Until such time as the FCC rectifies the Title II reclassification that inappropriately removed ISPs from the FTC's jurisdiction, we urge the FCC to hold Internet service providers (ISPs) to their privacy promises..."

The letter was signed by Greg Walden (Chairman, Committee on Energy & Commerce), Marsha Blackburn (Chairman, Subcommittee on Communications & Technology), and 48 other representatives.

Tumultuous times? The tumult was created by the rollback of privacy rules -- a situation created by Republicans. All would have been fine if they'd left the FCC's broadband privacy rules in place; rules consumers clear want -- rules that keep users in control of their online privacy.

Representative Blackburn and her fellow Republicans either doesn't know history or have chosen to ignore it. Several problems have plagued the industry: a lack of ISP competition in key markets, consumers in the United States pay more for broadband and get slower speeds compared to other countries, and numerous privacy violations and lawsuits:

Clearly, the FCC had to act, it did, it held hearings, and then finalized improved broadband privacy rules to help consumers. Now, the Congress and President undid all of that creating the tumult they now claim to want to solve.

Clearly, Representative Blackburn and others are happy to comply with the wishes of their corporate donors -- who don't want broadband classified as a utility. Internet access is a basic consumer need for work, entertainment, and school -- just like water, electricity, and natural gas (for cooking). Internet access is a utility, like it or not. The FCC under Chairman Wheeler had the right consumer-friendly approach, despite the spin by Blackburn and others.

What are your opinions?


President Trump Signed Legislation Revoking FCC's Broadband Privacy Rules. Lots Of Consequences

Late yesterday, President Trump signed legislation revoking broadband privacy rules adopted by the Federal Communications Commission (FCC). The rules would have kept consumers in control of their information online. Instead, internet service providers (ISPs) are free to collect, archive, and share at will without notice nor consent information about consumers' online activities (e.g., far more than browsing histories).

The legislation narrowly passed both in the Senate (50 - 48) and in the House (210 - 205). Proponents of the legislation claimed duplicate legislation. Representative Marsha Blackburn (R-Tenn.), who introduced the legislation in the House, said plenty recently according to Breitbart News:

"What we are doing is recalling a privacy rule that the FCC issued right at the end of the Obama administration, and the reason we are doing this is because it is additional and duplicative regulation... What the FCC did was clearly overreach. It gives you two sets of regulators that you’re trying to comply with, not one. So we are recalling the FCC’s rule, and that authority will go back to the FTC...”

"What the Obama administration did... they reclassified your Internet service as Title II, which is a common carrier classification. It is the rule that governs telephone usage... Those rules were put on the books in the thirties. So what the Democrats did... they reclassified Internet, which is an information service, as a telephone service, and then put those 1930s-era rules on top of your Internet service... They did that so they could tax it, so they could begin to regulate it..."

"You don’t need another layer of regulation. It’s like flashing alerts: We don’t need net neutrality. We don’t need Title II. We don’t need additional regulations heaped on the Internet under Title II. The Internet is not broken. It has done just fine without the government controlling it."

Not broken? The founder of the internet, Tim Berners-Lee gave three solid reasons why the internet is broken. His number one reason: consumers have lost control over their personal information.

And, Representative Blackburn either doesn't know history or has chosen to ignore it. Several problems have plagued the industry: a lack of ISP competition in key markets, consumers in the United States pay more for broadband and get slower speeds compared to other countries, and numerous privacy violations and lawsuits:

Clearly, the FCC had to act, it did, it held hearings, and then finalized improved broadband privacy rules to help consumers. Now, the Congress and President undid all of that.

There are plenty of consequences. To regain some online privacy lost due to the new legislation, many consumers have considered Virtual Private Networks (VPNs) and other online tools to prevent ISPs from spying on them. VPNs are not a cure-all. ISPs can still block or throttle consumers' VPN connection, and VPNs won't protect e-mail nor internet-of-things devices installed in homes.

Basically, there is no substitute for consumers being in control of their online privacy with transparent notice by ISPs. The impact upon consumers: less online privacy and higher internet prices. Consumers are forced to spend more money on VPN and other tools.

Blackburn and others claimed that the U.S. Federal Trade Commission (FTC) should regulate ISPs. Regulation by the FTC is not a slam-dunk. AdAge reported:

"If the FTC does regain its oversight, the result is likely to be weaker privacy protections than what the FCC intended with its rules, as well as a relatively clear path for telcos to pursue their data-revenue-generating goals... One legal peak to climb: precedent set by a U.S district court ruling siding with AT&T against the FTC last year which carved out an exemption for companies that provide bundled phone and ISP services which effectively protected AT&T from FTC regulations protecting consumers from unfair or deceptive practices.

Even if the FTC eventually garners ISP jurisdiction, argued [Gigi Sohn, a senior counselor to former FCC Chairman Tom Wheeler], "it will lead to some privacy protection but much weaker than what people just lost." She pointed to FTC Chairman Ohlausen's high bar for showing harm against consumers before actions against companies are taken, noting, "She wants to see harm first. Well, rules protect you before you're harmed." "

Despite the claims by Blackburn and others, the bottom line is:

"... what we're left with is a period of uncertainty where the carriers may do certain things but it's unclear. Does the FCC have jurisdiction or does the FTC have jurisdiction?"

The Los Angeles Times reported:

"The FTC is empowered to bring lawsuits against companies that violate its privacy guidelines, but it has no authority to create new rules for industry. It also cannot enforce its own guidelines against Internet providers because of a government rule that places those types of companies squarely within the jurisdiction of the FCC and out of the reach of the FTC. As a result, Internet providers exist in a "policy gap" in which the only privacy regulators for the industry operate at the state, not federal, level, analysts say."

Ambiguity. Lack of clarity. Policy gap. None of those are good for business, or for consumers.

Read more about President Trump's signing of the legislation at C/Net and Reuters.


Congress Passed Joint Resolution To Revoke New Online Privacy Rules By The FCC. Plenty of Consequences

On Tuesday, the U.S. House of Representatives approved legislation to revoke new online privacy rules the U.S. Federal Communications Commission (FCC) adopted in 2016 to protect consumers by govern the data collection and sharing of consumers' personal information by Internet Service providers (ISPs). Several cable, telecommunications, and advertising lobbies sent a letter in January asking Congress to remove the new broadband privacy rules, which they viewed as burdensome.

Congress quickly complied. The new legislation consisted of two companion bills: Senate Joint Resolution 34 (S.J. Res. 34) and House Joint Resolution 86 (H.J. Res. 86). The House vote was close: 210 to 205 with 215 Republican representatives voting for S.J. Res. 34. 190 Democratic and 15 Republican representatives voted against it. Consumers can view H.J. Res. 86 votes by their elected officials.

Representative Marsha Blackburn (R-Tenn.) introduced the legislation in the House. Blackburn said plenty in an interview published on Breitbart News:

"What we are doing is recalling a privacy rule that the FCC issued right at the end of the Obama administration, and the reason we are doing this is because it is additional and duplicative regulation... What the FCC did was clearly overreach. It gives you two sets of regulators that you’re trying to comply with, not one. So we are recalling the FCC’s rule, and that authority will go back to the FTC...”

"What the Obama administration did... they reclassified your Internet service as Title II, which is a common carrier classification. It is the rule that governs telephone usage... Those rules were put on the books in the thirties. So what the Democrats did... they reclassified Internet, which is an information service, as a telephone service, and then put those 1930s-era rules on top of your Internet service... They did that so they could tax it, so they could begin to regulate it..."

"You don’t need another layer of regulation. It’s like flashing alerts: We don’t need net neutrality. We don’t need Title II. We don’t need additional regulations heaped on the Internet under Title II. The Internet is not broken. It has done just fine without the government controlling it."

Not broken? Really? The founder of the internet, Tim Berners-Lee gave three solid reasons why the internet is broken. His number one reason on his list: consumers have lost control over their personal information.

Plus, Representative Blackburn either doesn't know history or has chosen to ignore it. Several problems have plagued the industry: a lack of ISP competition in key markets, consumers in the United States pay more for broadband and get slower speeds compared to other countries, and numerous privacy violations and lawsuits:

Clearly, the FCC had to act; and it did. Congress held hearings, too.

Advertisement in the New York Times newspaper after the Senate vote. Click to view larger version The Senate passed S.J. Res. 34 about a week before the House vote Tuesday. The Senate vote was also close: 50 to 48. Senator Jeff Flake (R-Arizona) introduced the legislation in the Senate, and he repeated the same over-reach claims:

"The FCC’s midnight regulation has the potential to limit consumer choice, stifle innovation, and jeopardize data security by destabilizing the internet ecosystem. Passing my resolution is the first step toward restoring a consumer-friendly approach to internet privacy regulation that empowers consumers to make informed choices on if and how their data can be shared. It will not change or lessen existing consumer privacy protections.”

Consumers can view S.J. Res 34 votes by their elected officials. The press release by Senator Flake's office also stated:

"Flake’s resolution, S.J.Res. 34, would not change or lessen existing consumer privacy regulations. It is designed to block an attempt by the Federal Communications Commission (FCC) to expand its regulatory jurisdiction and impose prescriptive data restrictions on internet service providers. These restrictions have the potential to negatively impact consumers and the future of internet innovation."

Federal communications Commission logo Flake's spin of "midnight regulation" is unfair and inaccurate. The new FCC privacy rules were proposed in April 2016, and enacted in October. That provided plenty of time for discussion and input from consumers, experts, and companies. In March 2016, the FCC released a broadband privacy Fact Sheet, which explained the need for the new privacy rules:

"Telephone networks have had clear, enforceable privacy rules for decades, but broadband networks currently do not... An ISP handles all of its customers’ network traffic, which means it has an unobstructed view of all of their unencrypted online activity – the websites they visit, the applications they use. If customers have a mobile device, their provider can track their physical and online activities throughout the day in real time. Even when data is encrypted, broadband providers can still see the websites that a customer visits, how often they visit them, and the amount of time they spend on each website. Using this information, ISPs can piece together enormous amounts of information about their customers – including private information such as a chronic medical condition or financial problems. A consumer’s relationship with her ISP is very different than the one she has with a website or app. Consumers can move instantaneously to a different website, search engine or application. But once they sign up for broadband service, consumers can scarcely avoid the network for which they are paying a monthly fee."

To distinguish spin from facts, it is critical to read the FCC announcement of its new broadband privacy rules from last year:

"Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.

Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out.” All other individually identifiable customer information – for example, email address or service tier information – would be considered non-sensitive and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations.

Exceptions to consent requirements: Customer consent is inferred for certain purposes specified in the statute, including the provision of broadband service or billing and collection. For the use of this information, no additional customer consent is required beyond the creation of the customer-ISP relationship.

Transparency requirements that require ISPs to provide customers with clear, conspicuous and persistent notice about the information they collect, how it may be used and with whom it may be shared, as well as how customers can change their privacy preferences;

A requirement that broadband providers engage in reasonable data security practices and guidelines on steps ISPs should consider taking, such as implementing relevant industry best practices, providing appropriate oversight of security practices, implementing robust customer authentication tools, and proper disposal of data consistent with FTC best practices and the Consumer Privacy Bill of Rights.

Common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information."

Sounds clear, reasonable, and appropriate. Not perfect, but an improvement of what was before. Addressed transparency concerns, too. To summarize, the new FCC broadband privacy rules kept consumers in control of their sensitive personal information. By revoking those rules, Congress is effectively telling consumers they shouldn't be in control of their own information and ISPs should be in control.

Do you want to be in control of your personal information online? I do, and I suspect you do, too.

Think about the consequences. Once the legislation is signed by President Trump, ISPs will be free to collect, use, and share information describing your online activities. Your ISP is in a unique position because it can scan all un-encrypted data flowing through your internet connection. That typically includes: a) the websites you visit and apps you use; b) which items in "a" you use repeatedly, when and how long; c) the searches you perform online at search engine sites, and via personal assistants, d) activity generated by appliances, televisions, thermostats, security systems, and other devices connected to your home WiFi; and d) the geo-location or where in the physical world your perform online activities. (Besides your smartphone, several devices including your car, fitness bands, smart watches, and wearables collect and share your geo-location data.) Perhaps most importantly, your ISP won't need your consent and probably won't tell you what it is sharing and with whom.

Think about the consequences.

It's not just porn. Your online activities reveal plenty: 1) appointment confirmation emails from your doctor reveal the type of doctor and imply certain medical conditions or procedures; 2) online visits to your bank(s) reveal the types of money and the location of your bank accounts; 3) online activities by your CHILDREN reveal much, including the types of toys and devices they use; 4) work-from-home can reveal proprietary information your employer does not want disclosed; and 5) simple curiosity becomes dangerous. Example: a rash appears on your skin, so you surf over to WebMD to read about symptoms and what it might be. Or, maybe you're reading about a condition of an elderly parentor family member. Problem is: your ISP can infer from your online activities conditions and diseases relate to you, even though they may not. Another example: health care organizations have to comply with HIPPA regulations to protect patients' privacy. Many patients use online healthcare portals by their hospital to coordinate care by several doctors and surgeons. Will your ISP honor HIPPA regulations? They probably won't.

Think about the consequences.

All of that information collected about your online activities could be used against you someday... when you apply for a job, when you sign up for insurance, when you apply for a loan, when you try to adopt a baby or child. Remember, two huge industries exist to help companies buy, sell, and trade information (data brokers); the second (data mining) to help companies merge, manipulate, and analyze the data they've collected and bought.

Comcast logo Think about the consequences. Your ISP may not allow you to decline (e.g., opt out of) the data collection, tracking, usage, and sharing. Or your ISP may charge more fees for online privacy. Don't think that can't happen. Comcast and industry lobbyists have already stated that they want "pay-for-privacy" schemes. So, with Congress' latest action, consumers may soon see price increases and higher monthly internet and wireless bills.

Some consumers are worried, and are exploring technical solutions to thwart ISPs that snoop. The problem: there is no cure-all solution. Some people are angry. To show lawmakers how terrible their decision was, a crowd-funding campaign was started to raise money to buy (and then publish publicly) the internet histories of leading Republicans (e.g., Senate Majority Leader Mitch McConnell, House Speaker Paul Ryan, House Representative Marsh Blackburn) and FCC members who voted for and support the privacy-busting legislation. So, we may then learn which members of Congress watch the most porn.

Lawmakers in some states are already responding to voters' online privacy concerns. In Illinois, lawmakers have introduced two items of legislation: the Geolocation Privacy Protection Act (GPPA) and the Right To Know Act (RTKA). Lawmakers in Nevada introduced geolocation privacy legislation. More states will likely follow.

With the FCC broadband privacy rules revoked, there are five creepy things your ISP could do. What are your opinions of Congress revoking FCC broadband privacy rules?

[Editor's note: this blog post was revised on Friday, March 31 with links to new legislation in Illinois and Nevada.]