419 posts categorized "Government" Feed

4 Ways to Fix Facebook

[Editor's Note: today's guest post, by ProPublica reporters, explores solutions to the massive privacy and data security problems at Facebook.com. It is reprinted with permission.]

By Julia Angwin, ProPublica

Gathered in a Washington, D.C., ballroom last Thursday for their annual “tech prom,” hundreds of tech industry lobbyists and policy makers applauded politely as announcers read out the names of the event’s sponsors. But the room fell silent when “Facebook” was proclaimed — and the silence was punctuated by scattered boos and groans.

Facebook logo These days, it seems the only bipartisan agreement in Washington is to hate Facebook. Democrats blame the social network for costing them the presidential election. Republicans loathe Silicon Valley billionaires like Facebook founder and CEO Mark Zuckerberg for their liberal leanings. Even many tech executives, boosters and acolytes can’t hide their disappointment and recriminations.

The tipping point appears to have been the recent revelation that a voter-profiling outfit working with the Trump campaign, Cambridge Analytica, had obtained data on 87 million Facebook users without their knowledge or consent. News of the breach came after a difficult year in which, among other things, Facebook admitted that it allowed Russians to buy political ads, advertisers to discriminate by race and age, hate groups to spread vile epithets, and hucksters to promote fake news on its platform.

Over the years, Congress and federal regulators have largely left Facebook to police itself. Now, lawmakers around the world are calling for it to be regulated. Congress is gearing up to grill Zuckerberg. The Federal Trade Commission is investigating whether Facebook violated its 2011 settlement agreement with the agency. Zuckerberg himself suggested, in a CNN interview, that perhaps Facebook should be regulated by the government.

The regulatory fever is so strong that even Peter Swire, a privacy law professor at Georgia Institute of Technology who testified last year in an Irish court on behalf of Facebook, recently laid out the legal case for why Google and Facebook might be regulated as public utilities. Both companies, he argued, satisfy the traditional criteria for utility regulation: They have large market share, are natural monopolies, and are difficult for customers to do without.

While the political momentum may not be strong enough right now for something as drastic as that, many in Washington are trying to envision what regulating Facebook would look like. After all, the solutions are not obvious. The world has never tried to rein in a global network with 2 billion users that is built on fast-moving technology and evolving data practices.

I talked to numerous experts about the ideas bubbling up in Washington. They identified four concrete, practical reforms that could address some of Facebook’s main problems. None are specific to Facebook alone; potentially, they could be applied to all social media and the tech industry.

1. Impose Fines for Data Breaches

The Cambridge Analytica data loss was the result of a breach of contract, rather than a technical breach in which a company gets hacked. But either way, it’s far too common for institutions to lose customers’ data — and they rarely suffer significant financial consequences for the loss. In the United States, companies are only required to notify people if their data has been breached in certain states and under certain circumstances — and regulators rarely have the authority to penalize companies that lose personal data.

Consider the Federal Trade Commission, which is the primary agency that regulates internet companies these days. The FTC doesn’t have the authority to demand civil penalties for most data breaches. (There are exceptions for violations of children’s privacy and a few other offenses.) Typically, the FTC can only impose penalties if a company has violated a previous agreement with the agency.

That means Facebook may well face a fine for the Cambridge Analytica breach, assuming the FTC can show that the social network violated a 2011 settlement with the agency. In that settlement, the FTC charged Facebook with eight counts of unfair and deceptive behavior, including allowing outside apps to access data that they didn’t need — which is what Cambridge Analytica reportedly did years later. The settlement carried no financial penalties but included a clause stating that Facebook could face fines of $16,000 per violation per day.

David Vladeck, former FTC director of consumer protection, who crafted the 2011 settlement with Facebook, said he believes Facebook’s actions in the Cambridge Analytica episode violated the agreement on multiple counts. “I predict that if the FTC concludes that Facebook violated the consent decree, there will be a heavy civil penalty that could well be in the amount of $1 billion or more,” he said.

Facebook maintains it has abided by the agreement. “Facebook rejects any suggestion that it violated the consent decree,” spokesman Andy Stone said. “We respected the privacy settings that people had in place.”

If a fine had been levied at the time of the settlement, it might well have served as a stronger deterrent against any future breaches. Daniel J. Weitzner, who served in the White House as the deputy chief technology officer at the time of the Facebook settlement, says that technology should be policed by something similar to the Department of Justice’s environmental crimes unit. The unit has levied hundreds of millions of dollars in fines. Under previous administrations, it filed felony charges against people for such crimes as dumping raw sewage or killing a bald eagle. Some ended up sentenced to prison.

“We know how to do serious law enforcement when we think there’s a real priority and we haven’t gotten there yet when it comes to privacy,” Weitzner said.

2. Police Political Advertising

Last year, Facebook disclosed that it had inadvertently accepted thousands of advertisements that were placed by a Russian disinformation operation — in possible violation of laws that restrict foreign involvement in U.S. elections. FBI special prosecutor Robert Mueller has charged 13 Russians who worked for an internet disinformation organization with conspiring to defraud the United States, but it seems unlikely that Russia will compel them to face trial in the U.S.

Facebook has said it will introduce a new regime of advertising transparency later this year, which will require political advertisers to submit a government-issued ID and to have an authentic mailing address. It said political advertisers will also have to disclose which candidate or organization they represent and that all election ads will be displayed in a public archive.

But Ann Ravel, a former commissioner at the Federal Election Commission, says that more could be done. While she was at the commission, she urged it to consider what it could do to make internet advertising contain as much disclosure as broadcast and print ads. “Do we want Vladimir Putin or drug cartels to be influencing American elections?” she presciently asked at a 2015 commission meeting.

However, the election commission — which is often deadlocked between its evenly split Democratic and Republican commissioners — has not yet ruled on new disclosure rules for internet advertising. Even if it does pass such a rule, the commission’s definition of election advertising is so narrow that many of the ads placed by the Russians may not have qualified for scrutiny. It’s limited to ads that mention a federal candidate and appear within 60 days prior to a general election or 30 days prior to a primary.

This definition, Ravel said, is not going to catch new forms of election interference, such as ads placed months before an election, or the practice of paying individuals or bots to spread a message that doesn’t identify a candidate and looks like authentic communications rather than ads.

To combat this type of interference, Ravel said, the current definition of election advertising needs to be broadened. The FEC, she suggested, should establish “a multi-faceted test” to determine whether certain communications should count as election advertisements. For instance, communications could be examined for their intent, and whether they were paid for in a nontraditional way — such as through an automated bot network.

And to help the tech companies find suspect communications, she suggested setting up an enforcement arm similar to the Treasury Department’s Financial Crimes Enforcement Network, known as FinCEN. FinCEN combats money laundering by investigating suspicious account transactions reported by financial institutions. Ravel said that a similar enforcement arm that would work with tech companies would help the FEC.

“The platforms could turn over lots of communications and the investigative agency could then examine them to determine if they are from prohibited sources,” she said.

3. Make Tech Companies Liable for Objectionable Content

Last year, ProPublica found that Facebook was allowing advertisers to buy discriminatory ads, including ads targeting people who identified themselves as “Jew-haters,” and ads for housing and employment that excluded audiences based on race, age and other protected characteristics under civil rights laws.

Facebook has claimed that it has immunity against liability for such discrimination under section 230 of the 1996 federal Communications Decency Act, which protects online publishers from liability for third-party content.

“Advertisers, not Facebook, are responsible for both the content of their ads and what targeting criteria to use, if any,” Facebook stated in legal filings in a federal case in California challenging Facebook’s use of racial exclusions in ad targeting.

But sentiment is growing in Washington to interpret the law more narrowly. Last month, the House of Representatives passed a bill that carves out an exemption in the law, making websites liable if they aid and abet sex trafficking. Despite fierce opposition by many tech advocates, a version of the bill has already passed the Senate.

And many staunch defenders of the tech industry have started to suggest that more exceptions to section 230 may be needed. In November, Harvard Law professor Jonathan Zittrain wrote an article rethinking his previous support for the law and declared it has become, in effect, “a subsidy” for the tech giants, who don’t bear the costs of ensuring the content they publish is accurate and fair.

“Any honest account must acknowledge the collateral damage it has permitted to be visited upon real people whose reputations, privacy, and dignity have been hurt in ways that defy redress,” Zittrain wrote.

In a December 2017 paper titled “The Internet Will Not Break: Denying Bad Samaritans 230 Immunity,” University of Maryland law professors Danielle Citron and Benjamin Wittes argue that the law should be amended — either through legislation or judicial interpretation — to deny immunity to technology companies that enable and host illegal content.

“The time is now to go back and revise the words of the statute to make clear that it only provides shelter if you take reasonable steps to address illegal activity that you know about,” Citron said in an interview.

4. Install Ethics Review Boards

Cambridge Analytica obtained its data on Facebook users by paying a psychology professor to build a Facebook personality quiz. When 270,000 Facebook users took the quiz, the researcher was able to obtain data about them and all of their Facebook friends — or about 50 million people altogether. (Facebook later ended the ability for quizzes and other apps to pull data on users’ friends.)

Cambridge Analytica then used the data to build a model predicting the psychology of those people, on metrics such as “neuroticism,” political views and extroversion. It then offered that information to political consultants, including those working for the Trump campaign.

The company claimed that it had enough information about people’s psychological vulnerabilities that it could effectively target ads to them that would sway their political opinions. It is not clear whether the company actually achieved its desired effect.

But there is no question that people can be swayed by online content. In a controversial 2014 study, Facebook tested whether it could manipulate the emotions of its users by filling some users’ news feeds with only positive news and other users’ feeds with only negative news. The study found that Facebook could indeed manipulate feelings — and sparked outrage from Facebook users and others who claimed it was unethical to experiment on them without their consent.

Such studies, if conducted by a professor on a college campus, would require approval from an institutional review board, or IRB, overseeing experiments on human subjects. But there is no such standard online. The usual practice is that a company’s terms of service contain a blanket statement of consent that users never read or agree to.

James Grimmelman, a law professor and computer scientist, argued in a 2015 paper that the technology companies should stop burying consent forms in their fine print. Instead, he wrote, “they should seek enthusiastic consent from users, making them into valued partners who feel they have a stake in the research.”

Such a consent process could be overseen by an independent ethics review board, based on the university model, which would also review research proposals and ensure that people’s private information isn’t shared with brokers like Cambridge Analytica.

“I think if we are in the business of requiring IRBs for academics,” Grimmelman said in an interview, “we should ask for appropriate supervisions for companies doing research.”

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

 


Facebook Update: 87 Million Affected By Its Data Breach With Cambridge Analytica. Considerations For All Consumers

Facebook logo Facebook.com has dominated the news during the past three weeks. The news media have reported about many issues, but there are more -- whether or not you use Facebook. Things began about mid-March, when Bloomberg reported:

"Yes, Cambridge Analytica... violated rules when it obtained information from some 50 million Facebook profiles... the data came from someone who didn’t hack the system: a professor who originally told Facebook he wanted it for academic purposes. He set up a personality quiz using tools that let people log in with their Facebook accounts, then asked them to sign over access to their friend lists and likes before using the app. The 270,000 users of that app and their friend networks opened up private data on 50 million people... All of that was allowed under Facebook’s rules, until the professor handed the information off to a third party... "

So, an authorized user shared members' sensitive information with unauthorized users. Facebook confirmed these details on March 16:

"We are suspending Strategic Communication Laboratories (SCL), including their political data analytics firm, Cambridge Analytica (CA), from Facebook... In 2015, we learned that a psychology professor at the University of Cambridge named Dr. Aleksandr Kogan lied to us and violated our Platform Policies by passing data from an app that was using Facebook Login to SCL/CA, a firm that does political, government and military work around the globe. He also passed that data to Christopher Wylie of Eunoia Technologies, Inc.

Like all app developers, Kogan requested and gained access to information from people after they chose to download his app. His app, “thisisyourdigitallife,” offered a personality prediction, and billed itself on Facebook as “a research app used by psychologists.” Approximately 270,000 people downloaded the app. In so doing, they gave their consent for Kogan to access information such as the city they set on their profile, or content they had liked... When we learned of this violation in 2015, we removed his app from Facebook and demanded certifications from Kogan and all parties he had given data to that the information had been destroyed. CA, Kogan and Wylie all certified to us that they destroyed the data... Several days ago, we received reports that, contrary to the certifications we were given, not all data was deleted..."

So, data that should have been deleted wasn't. Then, Facebook relied upon certifications from entities that had lied previously. Not good. Then, Facebook posted this addendum on March 17:

"The claim that this is a data breach is completely false. Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked."

Why the rush to deny a breach? It seems wise to complete a thorough investigation before making such a claim. In the 11+ years I've written this blog, whenever unauthorized persons access data they shouldn't have, it's a breach. You can read about plenty of similar incidents where credit reporting agencies sold sensitive consumer data to ID-theft services and/or data brokers, who then re-sold that information to criminals and fraudsters. Seems like a breach to me.

Cambridge Analytica logo Facebook announced on March 19th that it had hired a digital forensics firm:

"... Stroz Friedberg, to conduct a comprehensive audit of Cambridge Analytica (CA). CA has agreed to comply and afford the firm complete access to their servers and systems. We have approached the other parties involved — Christopher Wylie and Aleksandr Kogan — and asked them to submit to an audit as well. Mr. Kogan has given his verbal agreement to do so. Mr. Wylie thus far has declined. This is part of a comprehensive internal and external review that we are conducting to determine the accuracy of the claims that the Facebook data in question still exists... Independent forensic auditors from Stroz Friedberg were on site at CA’s London office this evening. At the request of the UK Information Commissioner’s Office, which has announced it is pursuing a warrant to conduct its own on-site investigation, the Stroz Friedberg auditors stood down."

That's a good start. An audit would determine or not data which perpetrators said was destroyed, actually had been destroyed. However, Facebook seems to have built a leaky system which allows data harvesting:

"Hundreds of millions of Facebook users are likely to have had their private information harvested by companies that exploited the same terms as the firm that collected data and passed it on to CA, according to a new whistleblower. Sandy Parakilas, the platform operations manager at Facebook responsible for policing data breaches by third-party software developers between 2011 and 2012, told the Guardian he warned senior executives at the company that its lax approach to data protection risked a major breach..."

Reportedly, Parakilas added that Facebook, "did not use its enforcement mechanisms, including audits of external developers, to ensure data was not being misused." Not good. The incident makes one wonder what other developers, corporate, and academic users have violated Facebook's rules: shared sensitive Facebook members' data they shouldn't have.

Facebook announced on March 21st that it will, 1) investigate all apps that had access to large amounts of information and conduct full audits of any apps with suspicious activity; 2) inform users affected by apps that have misused their data; 3) disable an app's access to a member's information if that member hasn't used the app within the last three months; 4) change Login to "reduce the data that an app can request without app review to include only name, profile photo and email address;" 5) encourage members to manage the apps they use; and reward users who find vulnerabilities.

Those actions seem good, but too little too late. Facebook needs to do more... perhaps, revise its Terms Of Use to include large fines for violators of its data security rules. Meanwhile, there has been plenty of news about CA. The Guardian UK reported on March 19:

"The company at the centre of the Facebook data breach boasted of using honey traps, fake news campaigns and operations with ex-spies to swing election campaigns around the world, a new investigation reveals. Executives from Cambridge Analytica spoke to undercover reporters from Channel 4 News about the dark arts used by the company to help clients, which included entrapping rival candidates in fake bribery stings and hiring prostitutes to seduce them."

Geez. After these news reports surfaced, CA's board suspended Alexander Nix, its CEO, pending an internal investigation. So, besides Facebook's failure to secure sensitive members' information, another key issue seems to be the misuse of social media data by a company that openly brags about unethical, and perhaps illegal, behavior.

What else might be happening? The Intercept explained on March 30th that CA:

"... has marketed itself as classifying voters using five personality traits known as OCEAN — Openness, Conscientiousness, Extroversion, Agreeableness, and Neuroticism — the same model used by University of Cambridge researchers for in-house, non-commercial research. The question of whether OCEAN made a difference in the presidential election remains unanswered. Some have argued that big data analytics is a magic bullet for drilling into the psychology of individual voters; others are more skeptical. The predictive power of Facebook likes is not in dispute. A 2013 study by three of Kogan’s former colleagues at the University of Cambridge showed that likes alone could predict race with 95 percent accuracy and political party with 85 percent accuracy. Less clear is their power as a tool for targeted persuasion; CA has claimed that OCEAN scores can be used to drive voter and consumer behavior through “microtargeting,” meaning narrowly tailored messages..."

So, while experts disagree about the effectiveness of data analytics with political campaigns, it seems wise to assume that the practice will continue with improvements. Data analytics fueled by social media input means political campaigns can bypass traditional news media outlets to distribute information and disinformation. That highlights the need for Facebook (and other social media) to improve their data security and compliance audits.

While the UK Information Commissioner's Office aggressively investigates CA, things seem to move at a much slower pace in the USA. TechCrunch reported on April 4th:

"... Facebook’s founder Mark Zuckerberg believes North America users of his platform deserve a lower data protection standard than people everywhere else in the world. In a phone interview with Reuters yesterday Mark Zuckerberg declined to commit to universally implementing changes to the platform that are necessary to comply with the European Union’s incoming General Data Protection Regulation (GDPR). Rather, he said the company was working on a version of the law that would bring some European privacy guarantees worldwide — declining to specify to the reporter which parts of the law would not extend worldwide... Facebook’s leadership has previously implied the product changes it’s making to comply with GDPR’s incoming data protection standard would be extended globally..."

Do users in the USA want weaker data protections than users in other countries? I think not. I don't. Read for yourself the April 4th announcement by Facebook about changes to its terms of service and data policy. It didn't mention specific countries or regions; who gets what and where. Not good.

Mark Zuckerberg apologized and defended his company in a March 21st post:

"I want to share an update on the Cambridge Analytica situation -- including the steps we've already taken and our next steps to address this important issue. We have a responsibility to protect your data, and if we can't then we don't deserve to serve you. I've been working to understand exactly what happened and how to make sure this doesn't happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there's more to do, and we need to step up and do it... This was a breach of trust between Kogan, Cambridge Analytica and Facebook. But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that... at the end of the day I'm responsible for what happens on our platform. I'm serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn't change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone going forward."

Nice sounding words, but actions speak louder. Wired magazine said:

"Zuckerberg didn't mention in his Facebook post why it took him five days to respond to the scandal... The groundswell of outrage and attention following these revelations has been greater than anything Facebook predicted—or has experienced in its long history of data privacy scandals. By Monday, its stock price nosedived. On Tuesday, Facebook shareholders filed a lawsuit against the company in San Francisco, alleging that Facebook made "materially false and misleading statements" that led to significant losses this week. Meanwhile, in Washington, a bipartisan group of senators called on Zuckerberg to testify before the Senate Judiciary Committee. And the Federal Trade Commission also opened an investigation into whether Facebook had violated a 2011 consent decree, which required the company to notify users when their data was obtained by unauthorized sources."

Frankly, Zuckerberg has lost credibility with me. Why? Facebook's history suggests it can't (or won't) protect users' data it collects. Some of its privacy snafus: settlement of a lawsuit resulting from alleged privacy abuses by its Beacon advertising program, changed members' ad settings without notice nor consent, an advertising platform which allegedly facilitates abuses of older workers, health and privacy concerns about a new service for children ages 6 to 13, transparency concerns about political ads, and new lawsuits about the company's advertising platform. Plus, Zuckerberg made promises in January to clean up the service's advertising. Now, we have yet another apology.

In a press release this afternoon, Facebook revised upward the number affected by the Facebook/CA breach from 50 to 87 million persons. Most, about 70.6 million, are in the United States. The breakdown by country:

Number of affected persons by country in the Facebook - Cambridge Analytica breach. Click to view larger version

So, what should consumers do?

You have options. If you use Facebook, see these instructions by Consumer Reports to deactivate or delete your account. Some people I know simply stopped using Facebook, but left their accounts active. That doesn't seem wise. A better approach is to adjust the privacy settings on your Facebook account to get as much privacy and protections as possible.

Facebook has a new tool for members to review and disable, in bulk, all of the apps with access to their data. Follow these handy step-by-step instructions by Mashable. And, users should also disable the Facebook API platform for their account. If you use the Firefox web browser, then install the new Facebook Container new add-on specifically designed to prevent Facebook from tracking you. Don't use Firefox? You might try the Privacy Badger add-on instead. I've used it happily for years.

Of course, you should submit feedback directly to Facebook demanding that it extend GDPR privacy protections to your country, too. And, wise online users always read the terms and conditions of all Facebook quizzes before taking them.

Don't use Facebook? There are considerations for you, too; especially if you use a different social networking site (or app). Reportedly, Mark Zuckerberg, the CEO of Facebook, will testify before the U.S. Congress on April 11th. His upcoming testimony will be worth monitoring for everyone. Why? The outcome may prod Congress to act by passing new laws giving consumers in the USA data security and privacy protections equal to what's available in the United Kingdom. And, there may be demands for Cambridge Analytica executives to testify before Congress, too.

Or, consumers may demand stronger, faster action by the U.S. Federal Trade Commission (FTC), which announced on March 26th:

"The FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers. Foremost among these tools is enforcement action against companies that fail to honor their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act. Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices."

An "open non-public investigation?" Either the investigation is public, or it isn't. Hopefully, an attorney will explain. And, that announcement read like weak tea. I expect more. Much more.

USA citizens may want stronger data security laws, especially if Facebook's solutions are less than satisfactory, it refuses to provide protections equal to those in the United Kingdom, or if it backtracks later on its promises. Thoughts? Comments?


The 'CLOUD Act' - What It Is And What You Need To Know

Chances are, you probably have not heard of the "CLOUD Act." I hadn't heard about it until recently. A draft of the legislation is available on the website for U.S. Senator Orrin Hatch (Republican - Utah).

Many people who already use cloud services to store and backup data might assume: if it has to do with the cloud, then it must be good.  Such an assumption would be foolish. The full name of the bill: "Clarifying Overseas Use Of Data." What problem does this bill solve? Senator Hatch stated last month why he thinks this bill is needed:

"... the Supreme Court will hear arguments in a case... United States v. Microsoft Corp., colloquially known as the Microsoft Ireland case... The case began back in 2013, when the US Department of Justice asked Microsoft to turn over emails stored in a data center in Ireland. Microsoft refused on the ground that US warrants traditionally have stopped at the water’s edge. Over the last few years, the legal battle has worked its way through the court system up to the Supreme Court... The issues the Microsoft Ireland case raises are complex and have created significant difficulties for both law enforcement and technology companies... law enforcement officials increasingly need access to data stored in other countries for investigations, yet no clear enforcement framework exists for them to obtain overseas data. Meanwhile, technology companies, who have an obligation to keep their customers’ information private, are increasingly caught between conflicting laws that prohibit disclosure to foreign law enforcement. Equally important, the ability of one nation to access data stored in another country implicates national sovereignty... The CLOUD Act bridges the divide that sometimes exists between law enforcement and the tech sector by giving law enforcement the tools it needs to access data throughout the world while at the same time creating a commonsense framework to encourage international cooperation to resolve conflicts of law. To help law enforcement, the bill creates incentives for bilateral agreements—like the pending agreement between the US and the UK—to enable investigators to seek data stored in other countries..."

Senators Coons, Graham, and Whitehouse, support the CLOUD Act, along with House Representatives Collins, Jeffries, and others. The American Civil Liberties Union (ACLU) opposes the bill and warned:

"Despite its fluffy sounding name, the recently introduced CLOUD Act is far from harmless. It threatens activists abroad, individuals here in the U.S., and would empower Attorney General Sessions in new disturbing ways... the CLOUD Act represents a dramatic change in our law, and its effects will be felt across the globe... The bill starts by giving the executive branch dramatically more power than it has today. It would allow Attorney General Sessions to enter into agreements with foreign governments that bypass current law, without any approval from Congress. Under these agreements, foreign governments would be able to get emails and other electronic information without any additional scrutiny by a U.S. judge or official. And, while the attorney general would need to consider a country’s human rights record, he is not prohibited from entering into an agreement with a country that has committed human rights abuses... the bill would for the first time allow these foreign governments to wiretap in the U.S. — even in cases where they do not meet Wiretap Act standards. Paradoxically, that would give foreign governments the power to engage in surveillance — which could sweep in the information of Americans communicating with foreigners — that the U.S. itself would not be able to engage in. The bill also provides broad discretion to funnel this information back to the U.S., circumventing the Fourth Amendment. This information could potentially be used by the U.S. to engage in a variety of law enforcement actions."

Given that warning, I read the draft legislation. One portion immediately struck me:

"A provider of electronic communication service or remote computing service shall comply with the obligations of this chapter to preserve, backup, or disclose the contents of a wire or electronic communication and any record or other information pertaining to a customer or subscriber within such provider’s possession, custody, or control, regardless of whether such communication, record, or other information is located within or outside of the United States."

While I am not an attorney, this bill definitely sounds like an end-run around the Fourth Amendment. The review process is largely governed by the House of Representatives; a body not known for internet knowledge nor savvy. The bill also smells like an attack on internet services consumers regularly use for privacy, such as search engines that don't collect nor archive search data and Virtual Private Networks (VPNs).

Today, for online privacy many consumers in the United States use VPN software and services provided by vendors located offshore. Why? Despite a national poll in 2017 which found the the Republican rollback of FCC broadband privacy rules very unpopular among consumers, the Republican-led Congress proceeded with that rollback, and President Trump signed the privacy-rollback legislation on April 3, 2017. Hopefully, skilled and experienced privacy attorneys will continue to review and monitor the draft legislation.

The ACLU emphasized in its warning:

"Today, the information of global activists — such as those that fight for LGBTQ rights, defend religious freedom, or advocate for gender equality are protected from being disclosed by U.S. companies to governments who may seek to do them harm. The CLOUD Act eliminates many of these protections and replaces them with vague assurances, weak standards, and largely unenforceable restrictions... The CLOUD Act represents a major change in the law — and a major threat to our freedoms. Congress should not try to sneak it by the American people by hiding it inside of a giant spending bill. There has not been even one minute devoted to considering amendments to this proposal. Congress should robustly debate this bill and take steps to fix its many flaws, instead of trying to pull a fast one on the American people."

I agree. Seems like this bill creates far more problems than it solves. Plus, something this important should be openly and thoroughly discussed; not be buried in a spending bill. What do you think?


Report: Little Progress Since 2016 To Replace Old, Vulnerable Voting Machines In United States

We've know for some time that a sizeable portion of voting machines in the United States are vulnerable to hacking and errors. Too many states, cities, and town use antiquated equipment or equipment without paper backups. The latter makes re-counts impossible.

Has any progress been made to fix the vulnerabilities? The Brennan Center For Justice (BCJ) reported:

"... despite manifold warnings about election hacking for the past two years, the country has made remarkably little progress since the 2016 election in replacing antiquated, vulnerable voting machines — and has done even less to ensure that our country can recover from a successful cyberattack against those machines."

It is important to remember this warning in January 2017 from the Director of National Intelligence (DNI):

"Russian effortsto influence the 2016 US presidential election represent the most recent expression of Moscow’s longstanding desire to undermine the US-led liberal democratic order, but these activities demonstrated a significant escalation in directness, level of activity, and scope of effort compared to previous operations. We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russia’s goals were to undermine public faith in the US democratic process... Russian intelligence accessed elements of multiple state or local electoral boards. Since early 2014, Russian intelligence has researched US electoral processes and related technology and equipment. DHS assesses that the types of systems we observed Russian actors targeting or compromising are not involved in vote tallying... We assess Moscow will apply lessons learned from its Putin-ordered campaign aimed at the US presidential election to future influence efforts worldwide, including against US allies and their election processes... "

Detailed findings in the BCJ report about the lack of progress:

  1. "This year, most states will use computerized voting machines that are at least 10 years old, and which election officials say must be replaced before 2020.
    While the lifespan of any electronic voting machine varies, systems over a decade old are far more likely to need to be replaced, for both security and reliability reasons... older machines are more likely to use outdated software like Windows 2000. Using obsolete software poses serious security risks: vendors may no longer write security patches for it; jurisdictions cannot replace critical hardware that is failing because it is incompatible with their new, more secure hardware... In 2016, jurisdictions in 44 states used voting machines that were at least a decade old. Election officials in 31 of those states said they needed to replace that equipment by 2020... This year, 41 states will be using systems that are at least a decade old, and officials in 33 say they must replace their machines by 2020. In most cases, elections officials do not yet have adequate funds to do so..."
  2. "Since 2016, only one state has replaced its paperless electronic voting machines statewide.
    Security experts have long warned about the dangers of continuing to use paperless electronic voting machines. These machines do not produce a paper record that can be reviewed by the voter, and they do not allow election officials and the public to confirm electronic vote totals. Therefore, votes cast on them could be lost or changed without notice... In 2016, 14 states (Arkansas, Delaware, Georgia, Indiana, Kansas, Kentucky, Louisiana, Mississippi, New Jersey, Pennsylvania, South Carolina, Tennessee, Texas, and Virginia) used paperless electronic machines as the primary polling place equipment in at least some counties and towns. Five of these states used paperless machines statewide. By 2018 these numbers have barely changed: 13 states will still use paperless voting machines, and 5 will continue to use such systems statewide. Only Virginia decertified and replaced all of its paperless systems..."
  3. "Only three states mandate post-election audits to provide a high-level of confidence in the accuracy of the final vote tally.
    Paper records of votes have limited value against a cyberattack if they are not used to check the accuracy of the software-generated total to confirm that the veracity of election results. In the last few years, statisticians, cybersecurity professionals, and election experts have made substantial advances in developing techniques to use post-election audits of voter verified paper records to identify a computer error or fraud that could change the outcome of a contest... Specifically, “risk limiting audits” — a process that employs statistical models to consistently provide a high level of confidence in the accuracy of the final vote tally – are now considered the “gold standard” of post-election audits by experts... Despite this fact, risk limiting audits are required in only three states: Colorado, New Mexico, and Rhode Island. While 13 state legislatures are currently considering new post-election audit bills, since the 2016 election, only one — Rhode Island — has enacted a new risk limiting audit requirement."
  4. "43 states are using machines that are no longer manufactured.
    The problem of maintaining secure and reliable voting machines is particularly challenging in the many jurisdictions that use machines models that are no longer produced. In 2015... the Brennan Center estimated that 43 states and the District of Columbia were using machines that are no longer manufactured. In 2018, that number has not changed. A primary challenge of using machines no longer manufactured is finding replacement parts and the technicians who can repair them. These difficulties make systems less reliable and secure... In a recent interview with the Brennan Center, Neal Kelley, registrar of voters for Orange County, California, explained that after years of cannibalizing old machines and hoarding spare parts, he is now forced to take systems out of service when they fail..."

That is embarrassing for a country that prides itself on having an effective democracy. According to BCJ, the solution would be for Congress to fund via grants the replacement of paperless and antiquated equipment; plus fund post-election audits.

Rather than protect the integrity of our democracy, the government passed a massive tax cut which will increase federal deficits during the coming years while pursuing both a costly military parade and an unfunded border wall. Seems like questionable priorities to me. What do you think?


Legislation Moving Through Congress To Loosen Regulations On Banks

Legislation is moving through Congress which will loosen regulations on banks. Is this an improvement? Is it risky? Is it a good deal for consumers? Before answering those questions, a summary of the Economic Growth, Regulatory Relief, and Consumer Protection Act (Senate Bill 2155):

"This bill amends the Truth in Lending Act to allow institutions with less than $10 billion in assets to waive ability-to-repay requirements for certain residential-mortgage loans... The bill amends the Bank Holding Company Act of 1956 to exempt banks with assets valued at less than $10 billion from the "Volcker Rule," which prohibits banking agencies from engaging in proprietary trading or entering into certain relationships with hedge funds and private-equity funds... The bill amends the United States Housing Act of 1937 to reduce inspection requirements and environmental-review requirements for certain smaller, rural public-housing agencies.

Provisions relating to enhanced prudential regulation for financial institutions are modified, including those related to stress testing, leverage requirements, and the use of municipal bonds for purposes of meeting liquidity requirements. The bill requires credit reporting agencies to provide credit-freeze alerts and includes consumer-credit provisions related to senior citizens, minors, and veterans."

Well, that definitely sounds like relief for banks. Fewer regulations means it's easier to do business... and make more money. Next questions: is it good for consumers? Is it risky? Keep reading.

The non-partisan Congressional Budget Office (CBO) analyzed the proposed legislation in the Senate, and concluded (bold emphasis added):

"S. 2155 would modify provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd Frank Act) and other laws governing regulation of the financial industry. The bill would change the regulatory framework for small depository institutions with assets under $10 billion (community banks) and for large banks with assets over $50 billion. The bill also would make changes to consumer mortgage and credit-reporting regulations and to the authorities of the agencies that regulate the financial industry. CBO estimates that enacting the bill would increase federal deficits by $671 million over the 2018-2027 period... CBO’s estimate of the bill’s budgetary effect is subject to considerable uncertainty, in part because it depends on the probability in any year that a systemically important financial institution (SIFI) will fail or that there will be a financial crisis. CBO estimates that the probability is small under current law and would be slightly greater under the legislation..."

So, the propose legislation means there is a greater risk of banks either failing or needing government assistance (e.g., bailout funds). Are there risks to consumers? To taxpayers? CNN interviewed U.S. Senator Elizabeth Warren (Dem- Mass.), who said:

"Frankly, I just don't see how any senator can vote to weaken the regulations on Wall Street banks.. [weakened regulations] puts us at greater risk that there will be another taxpayer bailout, that there will be another crash and another taxpayer bailout..."

So, there are risks for consumers/taxpayers. How? Why? Let's count the ways.

First, the proposed legislation increases federal deficits. Somebody has to pay for that: with either higher taxes, less services, more debt, or a combination of all three. That doesn't sound good. Does it sound good to you?

Second, looser regulations mean some banks may lend money to more people they shouldn't have = persons who default on loan. To compensate, those banks would raise prices (e.g., more fees, higher fees, higher interest rates) to borrowers to cover their losses. If those banks can't cover their losses, then they will fail. If enough banks fail at about the same time, then bingo... another financial crisis.

If key banks fail, then the government will bail out (again) banks to keep the financial system running. (Remember too big to fail banks?) Somebody has to pay for bailouts... with either higher taxes, less services, more debt, or a combination of all three. Does that sound good to you? It doesn't sound good to me. If it doesn't sound good, I encourage you to contact your elected officials.

It's critical to remember banking history in the United States. Nobody wants a repeat of the 2008 melt-down. There are always consequences when government... Congress decides to help bankers by loosening regulations. What do you think?


Facebook’s Experiment in Ad Transparency Is Like Playing Hide And Seek

[Editor's note: today's guest post, by the reporters at ProPublica, explores a new global program Facebook introduced in Canada. It is reprinted with permission.]

Facebook logo By Jennifer Valentino-DeVries, ProPublica

Shortly before a Toronto City Council vote in December on whether to tighten regulation of short-term rental companies, an entity called Airbnb Citizen ran an ad on the Facebook news feeds of a selected audience, including Toronto residents over the age of 26 who listen to Canadian public radio. The ad featured a photo of a laughing couple from downtown Toronto, with the caption, “Airbnb hosts from the many wards of Toronto raise their voices in support of home sharing. Will you?”

Placed by an interested party to influence a political debate, this is exactly the sort of ad on Facebook that has attracted intense scrutiny. Facebook has acknowledged that a group with ties to the Russian government placed more than 3,000 such ads to influence voters during the 2016 U.S. presidential campaign.

Facebook has also said it plans to avoid a repeat of the Russia fiasco by improving transparency. An approach it’s rolling out in Canada now, and plans to expand to other countries this summer, enables Facebook users outside an advertiser’s targeted audience to see ads. The hope is that enhanced scrutiny will keep advertisers honest and make it easier to detect foreign interference in politics. So we used a remote connection, called a virtual private network, to log into Facebook from Canada and see how this experiment is working.

The answer: It’s an improvement, but nowhere near the openness sought by critics who say online political advertising is a Wild West compared with the tightly regulated worlds of print and broadcast.

The new strategy — which Facebook announced in October, just days before a U.S. Senate hearing on the Russian online manipulation efforts — requires every advertiser to have a Facebook page. Whenever the advertiser is running an ad, the post is automatically placed in a new “Ads” section of the Facebook page, where any users in Canada can view it even if they aren’t part of the intended audience.

Facebook has said that the Canada experiment, which has been running since late October, is the first step toward a more robust setup that will let users know which group or company placed an ad and what other ads it’s running. “Transparency helps everyone, especially political watchdog groups and reporters, keep advertisers accountable for who they say they are and what they say to different groups,” Rob Goldman, Facebook’s vice president of ads, wrote before the launch.

While the new approach makes ads more accessible, they’re only available temporarily, can be hard to find, and can still mislead users about the advertiser’s identity, according to ProPublica’s review. The Airbnb Citizen ad — which we discovered via a ProPublica tool called the Political Ad Collector — is a case in point. Airbnb Citizen professed on its Facebook page to be a “community of hosts, guests and other believers in the power of home sharing to help tackle economic, environmental and social challenges around the world.” Its Facebook page didn’t mention that it is actually a marketing and public policy arm of Airbnb, a for-profit company.

Propublica-airbnb-citizen-adThe ad was part of an effort by the company to drum up support as it fought rental restrictions in Toronto. “These ads were one of the many ways that we engaged in the process before the vote,” Airbnb said. However, anyone who looked on Airbnb’s own Facebook page wouldn’t have found it.

Airbnb told ProPublica that it is clear about its connection to Airbnb Citizen. Airbnb’s webpage links to Airbnb Citizen’s webpage, and Airbnb Citizen’s webpage is copyrighted by Airbnb and uses part of the Airbnb logo. Airbnb said Airbnb Citizen provides information on local home-sharing rules to people who rent out their homes through Airbnb. “Airbnb has always been transparent about our advertising and public engagement efforts,” the statement said.

Political parties in Canada are already benefiting from the test to investigate ads from rival groups, said Nader Mohamed, digital director of Canada’s New Democratic Party, which has the third largest representation in Canada’s Parliament. “You’re going to be more careful with what you put out now, because you could get called on it at any time,” he said. Mohamed said he still expects heavy spending on digital advertising in upcoming campaigns.

After launching the test, Facebook demonstrated its new process to Elections Canada, the independent agency responsible for conducting federal elections there. Elections Canada recommended adding an archive function, so that ads no longer running could still be viewed, said Melanie Wise, the agency’s assistant director for media relations and issues management. The initiative is “helpful” but should go further, Wise said.

Some experts were more critical. Facebook’s new test is “useless,” said Ben Scott, a senior advisor at the think tank New America and a fellow at the Brookfield Institute for Innovation + Entrepreneurship in Toronto who specializes in technology policy. “If an advertiser is inclined to do something unethical, this level of disclosure is not going to stop them. You would have to have an army of people checking pages constantly.”

More effective ways of policing ads, several experts said, might involve making more information about advertisers and their targeting strategies readily available to users from links on ads and in permanent archives. But such tactics could alienate advertisers reluctant to share information with competitors, cutting into Facebook’s revenue. Instead, in Canada, Facebook automatically puts ads up on the advertiser’s Facebook page, and doesn’t indicate the target audience there.

Facebook’s test represents the least the company can do and still avoid stricter regulation on political ads, particularly in the U.S., said Mark Surman, a Toronto resident and executive director of Mozilla, a nonprofit Internet advocacy group that makes the Firefox web browser. “There are lots of people in the company who are trying to do good work. But it’s obvious if you’re Facebook that you’re trying not to get into a long conversation with Congress,” Surman said.

Facebook said it’s listening to its critics. “We’re talking to advertisers, industry folks and watchdog groups and are taking this kind of feedback seriously,” Rob Leathern, Facebook director of product management for ads, said in an email. “We look forward to continue working with lawmakers on the right solution, but we also aren’t waiting for legislation to start getting solutions in place,” he added. The company declined to provide data on how many people in Canada were using the test tools.

Facebook is not the only internet company facing questions about transparency in advertising. Twitter also pledged in October before the Senate hearing that “in the coming weeks” it would build a platform that would “offer everyone visibility into who is advertising on Twitter, details behind those ads, and tools to share your feedback.” So far, nothing has been launched.

Facebook has more than 23 million monthly users in Canada, according to the company. That’s more than 60 percent of Canada’s population but only about 1 percent of Facebook’s user base. The company has said it is launching its new ad-transparency plan in Canada because it already has a program there called the Canadian Election Integrity Initiative. That initiative was in response to a Canadian federal government report, “Cyber Threats to Canada’s Democratic Process,” which warned that “multiple hacktivist groups will very likely deploy cyber capabilities in an attempt to influence the democratic process during the 2019 federal election.” The election integrity plan promotes news literacy and offers a guide for politicians and political parties to avoid getting hacked.

Compared to the U.S., Canada’s laws allow for much stricter government regulation of political advertising, said Michael Pal, a law professor at the University of Ottawa. He said Facebook’s transparency initiative was a good first step but that he saw the extension of strong campaign rules into internet advertising as inevitable in Canada. “This is the sort of question that, in Canada, is going to be handled by regulation,” Pal said.

Several Canadian technology policy experts who spoke with ProPublica said Facebook’s new system was too inconvenient for the average user. There’s no central place where people can search the millions of ads on Facebook to see what ads are running about a certain subject, so unless users are part of the target audience, they wouldn’t necessarily know that a group is even running an ad. If users somehow hear about an ad or simply want to check whether a company or group is running one, they must first navigate to the group’s Facebook page and then click a small tab on the side labeled “Ads” that runs alongside other tabs such as “Videos” and “Community.” Once the user clicks the “Ads” tab, a page opens showing every ad that the page owner is running at that time, one after another.

The group’s Facebook page isn’t always linked from the text of the ad. If it isn’t, users can still find the Facebook page by navigating to the “Why am I seeing this?” link in a drop-down menu at the top right of each ad in their news feed.

As soon as a marketing campaign is over, an ad can no longer be found on the “Ads” page at all. When ProPublica checked the Airbnb Citizen Facebook page a week after collecting the ad, it was no longer there.

Because the “Ads” page also doesn’t disclose the demographics of the advertiser’s target audience, people can only see that data on ads that were aimed at them and were on their own Facebook news feed. Without this information, people outside an ad’s selected audience can’t see to whom companies or politicians are tailoring their messages. ProPublica reported last year that dozens of major companies directed recruitment ads on Facebook only to younger people — information that would likely interest older workers, but would still be concealed from them under the new policy. One recent ad by Prime Minister Justin Trudeau was directed at “people who may be similar to” his supporters, according to the Political Ad Collector data. Under the new system, people who don’t support Trudeau could see the ad on his Facebook page, but wouldn’t know why it was excluded from their news feeds.

Facebook has promised new measures to make political ads more accessible. When it expands the initiative to the U.S., it will start building a searchable electronic archive of ads related to U.S. federal elections. This archive will include details on the amount of money spent and demographic information about the people the ads reached. Facebook will initially limit its definition of political ads to those that “refer to or discuss a political figure” in a federal election, the company said.

The company hasn’t said what, if any, archive will be created for ads for state and local contests, or for political ads in other countries. It has said it will eventually require political advertisers in other countries, and in state elections in the U.S., to provide more documentation, but it’s not clear when that will happen.

Ads that aren’t political will be available under the same system being tested in Canada now.

Even an archive of the sort Facebook envisions wouldn’t solve the problems of misleading advertising on Facebook, Surman said. “It would be interesting to journalists and researchers trying to track this issue. But it won’t help users make informed choices about what ads they see,” he said. That’s because users need more information alongside the ads they are seeing on their news feeds, not in a separate location, he said.

The Airbnb Citizen ad wasn’t the only tactic that Airbnb adopted in an apparent attempt to sway the Toronto City Council. It also packed the council galleries with supporters on the morning of the vote, according to The Globe and Mail. Still, its efforts appear to have been unsuccessful.

On Dec. 6, two days after a reader sent us the ad, the City Council voted to keep people from renting a space that wasn’t their primary residence and stop homeowners from listing units such as basement apartments.

Filed under: Technology

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Advertising Agency Paid $2 Million To Settle Deceptive Advertising Charges

Marketing Architects inc. The U.S. Federal Trade Commission (FTC) announced that Minneapolis-based Marketing Architects, Inc. (MAI):

"... an advertising agency that created and disseminated allegedly deceptive radio ads for weight-loss products marketed by its client, Direct Alternatives, has agreed to pay $2 million to the Federal Trade Commission and State of Maine Attorney General’s Office to settle their complaint..."

First, some background. According to the FTC, MAI created advertising for several products (e.g., Puranol, Pur-Hoodia Plus, Acai Fresh, AF Plus, and Final Trim) by Direct Alternatives from 2006 through February 2015. Then, in 2016 the FTC and the State of Maine settled allegations against Direct Alternatives, which required the company to halt deceptive advertising and illegal billing practices.

Additional background according to the FTC: MAI previously created weight-loss ads for Sensa Products, LLC between March 2009 and May 2011. The FTC filed a complaint against Sensa in 2014, and subsequently Sensa agreed to refund $26.5 million to defrauded consumers. So, there's important, relevant history.

In the latest action, the joint complaint alleged that MAI created and disseminated radio ads with false or unsubstantiated weight-loss claims for AF Plus and Final Trim. Besides:

"... receiving FTC’s Sensa order, MAI was previously made aware of the need to have competent and reliable scientific evidence to back up health claims. Among other things, the complaint alleges that Direct Alternatives provided MAI with documents indicating that some of the weight-loss claims later challenged by the FTC needed to be supported by scientific evidence.

The complaint further charges that MAI developed and disseminated fictitious weight-loss testimonials and created radio ads for weight-loss products falsely disguised as news stories. Finally, the complaint charges MAI with creating inbound call scripts that failed to adequately disclose that consumers would be automatically enrolled in negative-option (auto-ship) continuity plans."

The latest action includes a proposed court order to ban MAI from making weight-loss claims about products the FTC has already advised as false, and:

"... requires MAI to have competent and reliable scientific evidence to support any other claims about the health benefits or efficacy of weight-loss products, and prohibits it from misrepresenting the existence or outcome of tests or studies. In addition, the order prohibits MAI from misrepresenting the experience of consumer testimonialists or that paid commercial advertising is independent programming."

This action is a reminder to advertising and digital agency executives everywhere: ensure that claims are supported by competent, reliable scientific evidence.

Good. Kudos to the FTC for these enforcement actions and for protecting consumers.


New Data Breach Legislation Proposed In North Carolina

After a surge in data breaches in North Carolina during 2017, state legislators have proposed stronger data breach laws. The National Law Review explained what prompted the legislative action:

"On January 8, 2018, the State of North Carolina released its Security Breach Report 2017, which highlights a 15 percent increase in breaches since 2016... Health care, financial services and insurance businesses accounted for 38 percent, with general businesses making up for just more than half of these data breaches. Almost 75 percent of all breaches resulted from phishing, hacking and unauthorized access, reflecting an overall increase of more than 3,500 percent in reported hacking incidents alone since 2006. Since 2015, phishing incidents increased over 2,300 percent. These numbers emphasize the warning to beware of emails or texts requesting personal information..."

So, fraudsters have tricked many North Carolina residents and employees into both opening fraudulent e-mail and text messages, and then responding by disclosing sensitive personal information. Not good.

Details about the proposed legislation:

"... named the Act to Strengthen Identity Theft Practices (ASITP), announced by Representative Jason Saine and Attorney General Josh Stein, attempts to combat the data breach epidemic by expanding North Carolina’s breach notification obligations, while reducing the time businesses have to comply with notification to the affected population and to the North Carolina Attorney General’s Office. If enacted, this new legislation will be one of the most aggressive U.S. breach notification statutes... The Fact Sheet concerning the ASITP as published by the North Carolina Attorney General proposes that the AG take a more direct role in the investigation of data breaches closer to their time of discovery...  To accomplish this goal, the ASITP proposes a significantly shorter period of time for an entity to provide notification to the affected population and to the North Carolina Attorney General. Currently, North Carolina’s statute mandates that notification be made to affected individuals and the Attorney General without “unreasonable delay.” Under the ASITP, the new deadline for all notifications would be 15 days following discovery of the data security incident. In addition to being the shortest deadline in the nation, it is important to note that notification vendors typically require 5 business days to process, print and mail notification letters... The proposed legislation also seeks to (1) expand the definition of “protected information” to include medical information and insurance account numbers, and (2) penalize those who fail to maintain reasonable security procedures by charging them with a violation under the Unfair and Deceptive Trade Practices Act for each person whose information is breached..."

Good. The National Law Review article also compared the breach notification deadlines across all 50 states and territories. It is worth a look to see how your state compares. A comparison of selected states:

Time After Discovery of Breach Selected States/Territories
10 calendar days Puerto Rico (Dept. of Consumer Affairs)
15 calendar days North Carolina (Proposed)
15 business California (Protected Health Information)
30 calendar days Florida
45 calendar days Ohio, Maryland
90 calendar days Connecticut
Most expedient time & without
unreasonable delay
California (other), Massachusetts, New York, North Carolina, Pennsylvania, Puerto Rico (other)
As soon as possible Texas

To learn more, download the North Carolina Security Breach Report 2017 (Adobe PDF), and the ASITP Fact Sheet (Adobe PDF).


Uber's Ripley Program To Thwart Law Enforcement

Uber logo Uber is in the news again, and not in a good way. TechCrunch reported:

"Between spring 2015 until late 2016 the ride-hailing giant routinely used a system designed to thwart police raids in foreign countries, according to Bloomberg, citing three people with knowledge of the system. It reports that Uber’s San Francisco office used the protocol — which apparently came to be referred to internally as ‘Ripley’ — at least two dozen times. The system enabled staff to remotely change passwords and “otherwise lock up data on company-owned smartphones, laptops, and desktops as well as shut down the devices”, it reports. We’ve also been told — via our own sources — about multiple programs at Uber intended to prevent company data from being accessed by oversight authorities... according to Bloomberg Uber created the system in response to raids on its offices in Europe: Specifically following a March 2015 raid on its Brussel’s office in which police gained access to its payments system and financial documents as well as driver and employee information; and after a raid on its Paris office in the same week."

In November of last year, reports emerged that the popular ride-sharing service experienced a data breach affecting 57 million users. Regulators said then that Uber tried to cover it up.

In March of last year, reports surfaced about Greyball, a worldwide program within Uber to thwart code enforcement inspections by governments. TechCrunch also described uLocker:

"We’ve also heard of the existence of a program at Uber called uLocker, although one source with knowledge of the program told us that the intention was to utilize a ransomware cryptolocker exploit and randomize the tokens — with the idea being that if Uber got raided it would cryptolocker its own devices in order to render data inaccessible to oversight authorities. The source said uLocker was being written in-house by Uber’s eng-sec and Marketplace Analytics divisions..."

Geez. First Greyball. Then Reipley and uLocker. And these are the known programs. This raises the question: how many programs are there?

Earlier today, Wired reported:

"The engineer at the heart of the upcoming Waymo vs Uber trial is facing dramatic new allegations of commercial wrongdoing, this time from a former nanny. Erika Wong, who says she cared for Anthony Levandowski’s two children from December 2016 to June 2017, filed a lawsuit in California this month accusing him of breaking a long list of employment laws. The complaint alleges the failure to pay wages, labor and health code violations... In her complaint, Wong alleges that Levandowski was paying a Tesla engineer for updates on its electric truck program, selling microchips abroad, and creating new startups using stolen trade secrets. Her complaint also describes Levandowski reacting to the arrival of the Waymo lawsuit against Uber, strategizing with then-Uber CEO Travis Kalanick, and discussing fleeing to Canada to escape prosecution... Levandowski’s outside dealings while employed at Google and Uber have been central themes in Waymo’s trade secrets case. Waymo says that Levandowski took 14,000 technical files related to laser-ranging lidar and other self-driving technologies with him when he left Google to work at Uber..."

Is this a corporation or organized crime? It seems difficult to tell the difference. What do you think?


What We Discovered During a Year of Documenting Hate

[Editor's note: today's guest blog post, by the reporters at ProPublica, is second in a series about law enforcement and hate crimes in the United States. Today's post is reprinted with permission.]

By Rachel Glickhouse, ProPublica

The days after Election Day last year seemed to bring with them a rise in hate crimes and bias incidents. Reports filled social media and appeared in local news. There were the letters calling for the genocide of Muslims that were sent to Islamic centers from California to Ohio. And the swastikas that were scrawled on buildings around the country. In Florida, “colored” and “whites only” signs were posted over water fountains at a high school. A man assaulted a Hispanic woman in San Francisco, telling her “No Latinos here.”

But were these horrible events indicative of an increase in crimes and incidents themselves, or did the reports simply reflect an increased awareness and willingness to come forward on the part of victims and witnesses? As data journalists, we went looking for answers and were not prepared for what we found: Nobody knows for sure. Hate crimes are so poorly tracked in America, there’s no way to undertake the kind of national analysis that we do in other areas, from bank robberies to virus outbreaks.

There is a vast discrepancy between the hate crimes numbers gathered by the FBI from police jurisdictions around the country and the estimate of hate crime victims in annual surveys by the Bureau of Justice Statistics. The FBI counts 6,121 hate crimes in 2016, and the BJS estimates 250,000 hate crimes a year.

We were told early on that while the law required the Department of Justice to report hate crime statistics, local and state police departments aren’t bound to report their numbers to the FBI — and many don't. Complicating matters further is that hate crime laws vary by state, with some including sexual orientation as a protected class of victims and some not. Five states have no hate crime statute at all.

We decided to try collecting data ourselves, using a mix of social media news gathering and asking readers to send in their personal stories. We assembled a coalition of more than 130 newsrooms to help us report on hate incidents by gathering and verifying tips, and worked on several lines of investigation in our own newsroom.

Along the way, we’ve learned a lot about how hate crimes fall through the cracks:

We’ve received thousands of tips so far through our embeddable incident reporting form. We’ve also added tips sent to us by civil rights groups such as the Southern Poverty Law Center.

ProPublica and reporters in newsrooms around the country used those tips to tell the stories of people who’ve come forward as victims or witnesses. They’ve identified a number of patterns:

Impact

Our mission at ProPublica is to do journalism that has impact. We’ve seen significant impact from Documenting Hate.

  • The official Virginia state after-action report on the Charlottesville rally cited ProPublica’s reporting and made recommendations for better police practices based on our journalism.
  • Cloudflare changed their complaint policies following a ProPublica story on how the company helps support neo-Nazi sites. The company cited our reporting when they later shut down The Daily Stormer, a major neo-Nazi site.
  • After we asked for their records, the Jacksonville Sheriff’s Office, which had not sent a hate crime report to the state of Florida in years, began reporting hate crime data for the first time since 2013.
  • The Miami-Dade Police Department started an internal audit after we talked to them in October. Detective Carlos Rosario, a spokesman for the department, told us they found four hate crimes that they had failed to report to the state. Rosario also told us that they are in the process of creating a digital hate crime reporting process as a result of our reporting.
  • The Colorado Springs, Colorado, police department fixed a database problem that had caused the loss of at least 18 hate crime reports. The error was discovered after we asked them questions about their records.
  • The Madison, Wisconsin, police department changed how they categorize hate crimes before they send them to the FBI based on our records request.
  • A group of nine senators led by Sen. Patty Murray, D-Wash., sent a letter to Education Secretary Betsy DeVos asking what the administration will do in response to racist harassment in schools and universities, citing Buzzfeed’s reporting for the project.
  • The Daily Stormer in Spanish removed the name of a popular Spanish forum from its site after legal action was threatened following a Univision story.
  • The Matthew Shepard Foundation said it would increase resources dedicated to training police officers to identify and investigate hate crimes, citing our project.

Even after the 100 news stories produced by the Documenting Hate coalition, we’re by no means finished. ProPublica and our partners will spend next year collecting and telling more stories from victims and witnesses. And we still have a lot of questions that demand answers. You can help.

Filed under: Civil Rights

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

 


Hate Crime Training for Police Is Often Inadequate, Sometimes Nonexistent

[Editor's note: today's guest blog post, by the reporters at ProPublica, is first in a series which explores the approaches by law enforcement to hate crimes in the United States. Today's post is reprinted with permission.]

By A.C. Thompson, Rohan Naik and Ken Schwencke. ProPublica

To become a police officer in the U.S., one almost always has to enroll in an academy for some basic training. The typical academy session lasts 25 weeks, but state governments — which oversee police academies for local and state law enforcement officers — have wide latitude when it comes to choosing the subjects that will be taught in the classrooms.

How to properly identify and investigate hate crimes does not seem terribly high on the list of priorities, according to a ProPublica review.

Only 12 states, for example, have statutes requiring that academies provide instruction on hate crimes.

In at least seven others — Alaska, Georgia, Idaho, Nevada, Missouri, South Dakota and Texas — recruits aren’t required to learn about hate crimes at all, according to law enforcement officials.

Even states that provide new recruits with at least some education on hate crimes often provide training that is cursory at best.

Officials overseeing police training in three states — Wisconsin, North Carolina and Washington — told ProPublica that their recruits spent about 30 minutes of class time on the subject.

Hate crimes in America have made no shortage of headlines over the last year as the country has once more confronted its raw and often violent racial, religious and political divisions. Just how few hate crimes get formally reported and analyzed has shocked many. Fewer still get successfully prosecuted, a fact that has provoked frustration among some elected officials and law enforcement agencies.

But the widespread lack of training for frontline officers in how to handle potential hate crimes, if no great surprise, might actually be the criminal justice system’s most basic failing. There is, after all, little way to either accurately tabulate or aggressively prosecute hate crimes if the officers in the street don’t know how to identify and investigate them.

Hate crimes are not, by and large, simple to deal with. Different states identify different categories of people to be protected under their laws. And the authorities must prove not only guilt, but intent. It isn’t enough to find fingerprints on a weapon. The authorities must explore a suspect’s state of mind, and then find ways of corroborating it.

“Hate crimes are so nuanced and the laws can be so complex. You’re trying to deal with the motivation of a crime,” said Liebe Geft, director of the Museum of Tolerance in Los Angeles, which has for years provided training to officers as expert consultants.

“Thirty minutes in the academy is not enough,” Geft said.

Though each state operates its police academies differently, most of them rely on a training council or commission to oversee the institutions, shape the curriculum and set minimum standards for graduation.

ProPublica spent weeks trying to answer the question of how, if at all, police departments prepare their officers to respond to possible hate crimes, which are known as bias crimes in some jurisdictions. We interviewed key officials in 45 states and the District of Columbia about the lessons being taught to new recruits during their police academy classes. We reviewed thousands of pages of training material — curricula, detailed lesson plans, legal guidance, PowerPoint presentations and videos. We studied the statutes and regulations governing police training around the nation and interviewed experts who have spent years educating officers and federal agents. Several states declined to discuss their instructional practices, or provide ProPublica with any training materials.

Among our findings:

A key federal training program was scuttled during the early days of the Obama administration as police leaders concerned about violence colored by race, religion and politics shifted their focus toward Islamic extremists and terrorism. That program, which was run by an arm of the Department of Homeland Security, sent experts around the country to teach local and state police officers how to respond to hate crimes.

State leaders at times displayed a lack of even basic knowledge about hate crimes. In Alaska, the state Department of Public Safety told ProPublica that officers in that state don’t learn about hate crimes during their time in the academy because Alaska doesn’t have a hate crimes law. In fact, Alaska’s hate crimes statute has been on the books since 1996.

Training materials used in Kansas explain the history behind the federal hate crimes law, but make no mention of Kansas Statute 21-6815 — the state’s hate crimes code — which is likely to be of more use to a local officer in Topeka or Wichita.

Some states that require hate crimes training often combine the instruction with what has long been called cultural sensitivity training. Such instruction typically involves material on the subtleties of dealing with specific ethnic or religious communities. Our review, however, showed some of those materials to be either hopelessly out of date or downright inflammatory.

Law enforcement leaders point to several factors to explain, if not justify, the lack of emphasis on training for hate crimes. While the offenses can be dramatic and highly disturbing — like the incident earlier this year in which a white supremacist impaled an African-American man with an 18-inch sword in New York’s Times Square — they represent a very small percentage of the nation’s overall crime. Working with often limited budgets, police officials have to make difficult decisions about what to prioritize during training, and hate crimes can lose out.

That said, the events of the last 18 months, driven in great part by the racially charged presidential campaign of 2016, seem to suggest an adjustment of priorities might be in order.

The number of Americans reporting hate crimes to the authorities has grown in recent years, with FBI figures showing an increase of nearly 5 percent in 2016 alone, a tally that included more than 2,000 physical attacks and beatings. More recent data shows double-digit hate crime spikes in several major cities.

Melissa Garlick, the Northeast Area Civil Rights Counsel at the Anti-Defamation League, would like to see every state pass legislation requiring hate crimes training. “We want law enforcement to have the tools they need to properly investigate hate crimes,” she said.

Hate crimes laws are not new. The earliest legislation was adopted by a pair of states in the Pacific Northwest — Oregon and Washington — in 1981 and, since then, 43 states and the District of Columbia have passed their own hate crimes bills. In 2009, President Barack Obama signed into law a federal hate crimes bill named after murder victims James Byrd and Matthew Shepard. The FBI, for its part, has asked local and state law enforcement agencies to track hate crimes since 1990.

Yet today, nearly four decades after the first hate crimes law was passed, police officers in much of the country get little or no training on how the laws work, or what to look for when responding to a potential hate crime.

At the police academy in Huntsville, Alabama, instructors dedicate two weeks to educating recruits about the state’s penal code. Capt. Dewayne McCarver, who heads the academy, said he isn’t sure precisely how much time his staff spends discussing the Alabama hate crime law during those 10 days of legal instruction. In an interview, McCarver questioned whether the school needed to devote more than an hour, at most, to the subject.

The law, which dates to 1993, is similar to others across the country and focuses on individuals whose crimes are motivated by their victim’s “race, color, religion, national origin, ethnicity, or physical or mental disability.” It acts as a “sentence enhancement,” adding time behind bars in cases ranging from property destruction to murder.

In class, McCarver said, instructors caution students to be “very careful” in classifying offenses as possible hate crimes when writing up incident reports. He worries that logging incidents as potential hate crimes can cause trouble for officers when they testify in court: an aggressive defense attorney might challenge the officer’s decision to label the offense as a hate crime, particularly if prosecutors don’t wind up charging it as such.

He told ProPublica that officers in Huntsville “rarely, if ever” designate offenses as hate crimes.

“It’s really a box that I personally wish they didn’t put on a case report,” he said.

In fact, according to FBI records, the Huntsville Police Department has never reported a bias-motivated crime to the federal government.

Brian Levin, a former New York City police officer, takes issue with McCarver’s approach.

“We should always train law enforcement to tag it as a possible hate crime at the time of report, as long the evidence is there,” said Levin, director of the Center for the Study of Hate and Extremism at California State University, San Bernardino. “We need accurate data, so communities can be aware of the extent of the problem and the characteristics of the offenses.”

Last year, the entire state of Alabama reported only 14 hate crimes to the FBI, a figure criminologists believe is inaccurate and represents a small sliver of the true number of hate crimes.

Once on the force, McCarver said, Huntsville officers get 40 hours of additional training each year. That added instruction, however, does not include hate crimes, he said.

“We have a limited amount of time,” McCarver said. “We have not had a reason to put hate crimes into the curriculum other than what we learn in the basic class.”

Huntsville isn’t unique: Across the border in Florida, two of that state’s largest law enforcement agencies, the Jacksonville Sheriff’s Office and the Miami-Dade Police Department, also do not refresh cops on hate crimes after their initial instruction.

Boe Turner is chief of training for Nevada’s Commission on Peace Officer Standards and Training, the body that oversees academies in that state. Turner thinks officers shouldn’t go looking into the motivation of suspected offenders. That’s the job of prosecutors, he said. Victims, he added, tend to have little insight into the motivations of their assailants.

Experts disagree. Victims, they say, are critical sources of information, particularly in hate crime cases. Because the cases are difficult to prove — prosecutors must show conclusively that the offender was motivated by bigotry or bias — it’s crucial for police to gather as much evidence as possible, they argue, and victims often understand the circumstances surrounding a crime better than anyone.

“Training for law enforcement officials on identifying and investigating hate crimes is critical,” said Becky Monroe, a former federal prosecutor who now works for the Lawyers’ Committee for Civil Rights Under Law. Decent training, she added, can prepare officers for a pair of intertwined tasks: gathering the right evidence and calming the fears of community members who may feel frightened and vulnerable in the aftermath of an attack.

To better equip officers for such investigations, some state academies have developed thorough and detailed lessons on hate crimes. Instructors at the Iowa Law Enforcement Academy, for instance, work from a 61-page handbook, which ProPublica obtained. The manual profiles local white supremacist leaders and extremist groups, examines recent criminal cases and offers practical guidance for investigators.

But not all training guides are so impressive. A six-page handout used in Arizona lists a host of white supremacist groups that have completely disbanded or faded from relevancy, but fails to mention the Hammerskins or Vinlanders, two Nazi skinhead gangs that have murdered people in the state in recent years.

In Wisconsin, trainers fold hate crimes training into broader courses about cultural sensitivity and biased policing. The material includes some dubious racial generalizations.

“African Americans may distrust the motives or honesty of a speaker who is carefully neutral, objective, and unemotional,” one section of the guide states. “By contrast, European Americans may see someone who is speaking with a great deal of emotion as irrational.”

The federal government, for its part, has mounted several different training initiatives over the years, some more successful than others. Since the 1990s, the FBI’s Criminal Justice Information Services branch has run training programs aimed at teaching law enforcement agencies how to collect hate crimes statistics and submit that data to the FBI; today, however, around 12 percent of those agencies still don’t gather the information at all and many more fail to give the bureau reliable data.

After the federal Shepard-Byrd Act passed in 2009, Cynthia Deitle, while serving as head of the FBI’s Civil Rights unit, began organizing hate crimes conferences for state and local officers, educational events that explained the mechanics of the various state laws and laid out the ways the FBI could assist with local hate crime cases. She remembers stressing to local officers the importance of gathering every possible clue, no matter how insignificant it might seem. Unfortunately, many of the events weren’t well attended, pulling in maybe 20 to 50 police officers apiece.

“We could not force a police officer to come to our training,” said Deitle, who is now an executive at the Matthew Shepard Foundation, an advocacy group, adding that she understood the challenges faced by smaller agencies — many simply couldn’t take officers off the street for extra schooling.

While Deitle was trying to launch a new training effort, another federal program was coming to end.

For more than a decade, the Federal Law Enforcement Training Centers ran a program called “Train-the-Trainer” that routinely sent hate crimes specialists around the country to work with state and local cops. The idea was to educate police trainers and command staff about hate crimes so they could return to their departments and teach new recruits and frontline officers.

“It was a great program,” recalled Levin, the director of the extremism center in California who was one of the instructors. “I did stuff on everything from the hate groups to legal issues such as Supreme Court cases.” Levin said he volunteered his time out of a sense of mission and worked alongside experts from the Southern Poverty Law Center and the ADL, as well as law enforcement figures.

But interest in the issue eventually waned. Several people familiar with the effort say it came to a halt in the early days of the Obama administration, in 2009, at a time when police departments were shifting their attention toward combating acts of terrorism.

“Departments really wanted to focus on terrorism rather than hate crimes,” said Levin.

At FLETC, Communications Officer Christa Thompson wasn’t sure why the program shut down, but she did know what kind of courses the agency — which teaches local, state, federal and tribal law enforcement — is holding these days: internet investigations, active shooter response, marksmanship and more.

She said, “We do not currently offer hate crimes training” on a regular basis.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

 


Net Neutrality: Massachusetts Joins Multi-State Lawsuit Against FCC. What Next?

The Attorney General (AG) for the Commonwealth of Massachusetts is suing the U.S. Federal Communications Commission (FCC) after the FCC voted on December 14th to repeal existing net neutrality rules protecting consumers. Maura Healey, the Massachusetts AG, announced that her office has joined a multi-state lawsuit with the New York State AG:

"... joined New York Attorney General Eric T. Schneiderman in announcing that they will be filing a multi-state lawsuit against the Federal Communications Commission (FCC) over its vote to rollback net neutrality protections...The FCC recently issued a proposed final order rolling back net neutrality protections and on December 14th, voted 3-2 on party lines to implement the final order. On December 13th, AG Healey joined a coalition of 18 attorneys general in sending a letter to the FCC after reports emerged that nearly two million comments submitted in support of the agency were fake."

AG Healey said about the multi-state lawsuit:

"With the FCC vote, Americans will pay more for the internet and will have fewer options... The agency has completely failed to justify this decision and we will be suing to stand up for the free exchange of ideas and to keep the American people in control of internet access."

The December 13th letter to the FCC about fake comments was signed by AGs from California, District of Columbia, Delaware, Hawaii, Iowa, Illinois, Kentucky, Massachusetts, Maryland, Maine, Mississippi, North Carolina, Oregon, Pennsylvania, Rhode Island, Virginia, Vermont, and Washington. The AGs' letter stated, in part:

"One of the most important roles that we perform is to prosecute fraud. It is a role we take extremely seriously, and one that is essential to a fair marketplace... The ‘Restore Internet Freedom’ proposal, also known as net neutrality rollback (WC Docket No. 17- 108) has far-reaching implications for the everyday life of Americans... Recent attempts by New York Attorney General Schneiderman to investigate supposed comments received by the FCC have revealed a pattern of facts that should raise alarm bells for every American about the integrity of the democratic process. A careful review of the publicly available information revealed a pattern of fake submissions using the names of real people. In fact, there may be over one million fake submissions from across the country. This is akin to identity theft on a massive scale – and theft of someone’s voice in a democracy is particularly concerning.

As state Attorneys General, many of our offices have received complaints from consumers indicating their distress over their names being used in such a manner. While we will investigate these consumer complaints through our normal processes, we urge the Commission to take immediate action and to cooperate with law enforcement investigations. Woven throughout the Administrative Procedures Act is a duty for rulemakers to provide information to the public and to listen to the public. We know from advising our rulemakers at the state level that listening to the public provides insights from a diversity of viewpoints. But, if the well of public comment has been poisoned by falsified submissions, the Commission may be unable to rely on public comments that would help it reach a legitimate conclusion to the rulemaking process. Or, it must give less weight to the public comments submitted which also undermines the process..."

The FCC ignored the AGs' joint letter about fraud and proceeded with its net-neutrality vote on December 14. FCC Chairman Ajit Pai had blown off the identity theft and fraud charges as maneuvers by desperate net neutrality advocates.

California AG Xavier Becerra said:

"... the FCC failed to do what is right... The FCC decided that consumers do not deserve free, open, and equal access to the internet. It decided to ignore the millions of Americans who voiced their strong support for our existing net neutrality rules. Here in California – a state that is home to countless start-ups and technology giants alike – we know that a handful of powerful companies should not dictate the sources for the information we seek..."

Residents in some states can use special sites to notify their state's AG about the misuse of their identity data in fake comments submitted to the FCC: Pennsylvania, New York.

The FCC under Chairman Pai seems to listen and respond to the needs of corporate internet service providers (ISPs), and not to consumers. A November 21 - 25 poll found that 52 percent of registered voters support the current rules, including 55 percent of Democrats and 53 percent of Republicans.

While that is down from prior polls, a majority support net neutrality rules. A poll by Mozilla and Ipsos in June, 2017 found overwhelming support across party lines: 76% of Americans, 81% of Democrats, and 73% of Republicans favor keeping net neutrality rules. The poll included approximately 1,000 American adults across the U.S. with 354 Democrats, 344 Republicans, and 224 Independents.

Before the FCC affirmed net neutrality rules in 2015, a poll by the Center for Political Communication at the University of Delaware in 2014 found strong and widespread support:

"... About 81 percent of Americans oppose allowing Internet providers like Comcast and Verizon to charge Web sites and services more if they want to reach customers more quickly... Republicans were slightly more likely to support net neutrality than Democrats. 81 percent of Democrats and 85 percent of Republicans in the survey said they opposed fast lanes."

Experts have debated the various ways of moving forward after the December 14th FCC vote. Wired reported:

"Most immediately, the activity will move to the courts... The most likely argument: that the commission’s decision violates federal laws barring agencies from crafting “arbitrary and capricious” regulations. After all, the FCC’s net neutrality rules were just passed in 2015... as capricious as the current FCC's about-face may seem, legal experts say the challenges won’t be a slam-dunk case. Federal agencies are allowed to change their minds about previous regulations, so long as they adequately explain their reasoning... The FCC's main argument for revoking the 2015 rules is that the regulations hurt investment in broadband infrastructure. But, as WIRED recently detailed, many broadband providers actually increased their investments, while those that cut back on spending told shareholders that the net neutrality rules didn't affect their plans. University of Pennsylvania Law School professor Christopher Yoo says courts generally defer to an agency's expertise in interpreting evidence submitted into the record... net neutrality advocates could also argue that the agency's decision-making process was corrupted by the flood of fake comments left by bots. But FCC Chair AJit Pai will argue that the agency discarded low-quality and repeated comments and focused only on matters of substance... A long-term solution to net neutrality will require Congress to pass laws that won't change every time control of the White House passes to another party... Senator John Thune (R-South Dakota) recently called for Congress to pass bipartisan net neutrality legislation. In 2015, Thune and Representative Fred Upton (R-Michigan) introduced a bill that would have banned blocking or slowing legal content, but limited the FCC's authority over internet service providers. It never moved forward. Thune is clearly hoping that growing demand from the public for net neutrality protections will bring more Republicans to the table... Senator Ron Wyden (D-Oregon) told WIRED earlier this year that he won't support a bill with weaker protections than the 2015 rules..."

President Trump appointed Pai as FCC Chairman in January, giving the Republican commissioners at the FCC a voting majority. Neither the President nor the White House staff said anything in its daily e-mail blast or in their website about the FCC vote; and instead discussed tax reform, general remarks about reducing regulation, and infrastructure (e.g., roads, bridges, tunnels).

Seems to me the internet is a key component of our country's infrastructure. What are your opinions? If your state isn't in the above list, we'd like to hear from you, too.


FCC Action To Kill Net Neutrality Will Likely Hurt Public Libraries, The Poor, And The Disabled

American Library Association logo Jim Neal, the president of the American Library Association, released a statement condemning the December 14th vote by the Republican-led U.S. Federal Communications Commission (FCC) to kill net neutrality protections for internet users:

"The majority of the FCC has just dealt a blow to equitable access to online information and services which puts libraries, our patrons, and America’s communities at risk... By rolling back essential and enforceable net neutrality protections, the FCC has enabled commercial interests at the expense of the public who depends on the internet as their primary means of information gathering, learning, and communication. We will continue to fight the FCC’s decision and advocate for strong, enforceable net neutrality protections."

New York Public Library logo The Verge interviewed New York Public Library (NYPL) president Tony Marx, and Greg Cam the NYPL director of information policy. During 2017, the NYPL provided 3.1 million computer sessions across all branches (using 4,700 computers), plus 3 million wireless sessions. Based upon that activity, Marx said:

"... the simple fact is that the poorest of New York rely on the library as the only place they can go and get free use of computers and free Wi-Fi. It’s one of the reasons why the library is the most visited civic institution in New York. We have also, in recent years, been lending people what we call hot spots, which are Wi-Fi boxes they can take home, typically for a year. That gives them digital access at home — broadband access — which something like 2 million New Yorkers can’t afford and don’t have..."

And, New York City is one of the more prosperous areas of the country. It makes one wonder how citizens in poor or rural areas; or in areas without any public libraries will manage. Disabled users will also be negatively affected by the FCC vote. Marx explained:

"... the New York Public Library runs the Andrew Heiskell Library for the visually impaired. I believe it is a three-state depository, so it plays a role in getting access in all the ways you described — not just in New York City but way beyond. A lot of that now happens online and it could simply stop working, which means they’re gonna cut people off completely."

Cram explained the wide range of tasks people use the internet for at public libraries:

"Our users depend on the library, and libraries in general, for things like completing homework assignments, locating e-government resources, e-government services, accessing oral histories and primary source materials. Things that are resource-intensive like video and audio and image collections are dependent on a free and open internet. Also things like applying and interviewing for jobs. More and more jobs involve a first round of interviews that are done over the internet. If we have to put things in the slow lane, we’re worried about those interview services being downgraded."

"Slow lanes" are one of about five possible consequences by the FCC decision to kill net neutrality. Marx summarized the concerns of many library managers:

"We live in a world where access to information is essential for opportunity, for learning, for success, for civic life, for checking facts. Anything that reduces that, particularly for people who can’t afford alternatives, is a body blow to the basic democratic principles that the library stands for. Whether people or the library are shoved to the slow lane, and/or forced to pay to be in the fast lane with resources that are already stretched thin, is really sort of shocking. To put it sort of bluntly, the FCC should be defending communications."

Basically, internet access is a utility like water or electricity; something corporate providers have long denied and fought. Everyone needs and uses broadband internet. What are your opinions?


More Year-End Considerations Given The Coming Likely Republican Tax Plan

A prior post discussed the questionable benefits and year-end considerations for middle-class taxpayers of the likely Republican tax reform plan making its way through Congress. The likely tax plan includes lower tax rates paired with many deductions eliminated.

The professional who prepares my taxes provided another warning:

"Dear clients:
It looks like almost a sure thing that, if you itemize deductions, beginning in 2018, you will no longer be able to take a deduction for the Excise Tax on your car or the income taxes that you pay to Massachusetts and other states. You will PROBABLY still be able to deduct your real estate property taxes up to $10,000 a year. If you currently pay the Alternative Minimum Tax (line 45 of your Form 1040), check with me before you follow these recommendations.

All others who itemize, I recommend that you consider the following actions this month (December):

  1. If your total property taxes (including those for a second home) are more than $10,000, pay your city or town as much as you possibly can in December.
  2. Be sure to pay... maybe even over-pay... as much of your State Income Tax as possible by December 31st. If you make estimated payments, your 4th quarter Massachusetts payment is due by January 15th. YOU SHOULD DEFINITELY PAY IT IN DECEMBER INSTEAD.
  3. Even if you don't usually make Estimate Payments to Massachusetts, you should consider making one in December... For example, if you made a payment of $1,000, you might save $150 or $250 or more on your 2017 federal tax return. You will save NOTHING on any state income taxes that you pay in 2018.

I will reach out again if and when the tax bill is finalized and signed into law if there are any other changes that might affect your plans in December."

Obviously, you should consult the professional that prepares your income taxes, since your situation and state may dictate different actions. And, I am not an income tax professional. New legislation always has consequences, and it seems wise to be aware. hence, this informational blog post.

Some additional thoughts. Capping the real estate property tax deduction at $10,000 might help pay for the increased deficits the Republican tax plan would generate, but it will also hurt persons living in high-cost areas (e.g., cities, states with high state taxes, areas with high real estate prices). Plus, the tax cuts are temporary for individuals but permanent for corporations. Slick, eh? Is it fair? Seems not.

My college friends and I are discussing via e-mail the considerations listed above and in my prior blog post. The proposed elimination of deductions for state and local taxes (SALT) is a hot topic. You can find online articles discussing the advantages and disadvantages of eliminating SALT deductions. Regardless, more to discuss with your accountant and/or income tax professional.


Doug Jones Wins In Alabama, Net Neutrality, And The FCC

[7:30 am EST] Congratulations to Doug Jones and his supporters for a stunning victory Tuesday in a special election in Alabama for the open U.S. Senate seat. His victory speech is available online. Late last month, Doug Jones tweeted this:

Later today, the commissioners at the U.S. Federal Communications Commission (FCC) will likely vote during their December 2017 Open Commission Meeting to kill net neutrality rules protecting consumers free and open internet access. The planned vote comes despite clear and mounting evidence of widespread identity theft by unknown persons to submit fake comments distorting and polluting FCC record and website soliciting feedback from the public.

Yesterday, FCC Commissioner Jessica Rosenworcel released the following press release:

"Upon receipt of a letter from New York Attorney General Eric Schneiderman stating that it now appears that two million Americans’ identities may have been misused in the FCC record and a separate letter from 18 State Attorneys General calling on the FCC to delay its net neutrality vote because of its “tainted” record, FCC Commissioner Jessica Rosenworcel released the following statement:

“This is crazy. Two million people have had their identities stolen in an effort to corrupt our public record. Nineteen State Attorneys General from across the country have asked us to delay this vote so they can investigate. And yet, in less than 24 hours we are scheduled to vote on wiping out our net neutrality protections. We should not vote on any item that is based on this corrupt record. I call on my colleagues to delay this vote so we can get to the bottom of this mess.” "

Despite the widespread identity theft and fraud, FCC Chairman Ajit Pai has maintained his position to proceed with a vote today to kill net neutrality protections for consumers. President Trump appointed Pai as FCC Chairman in January, giving the Republican commissioners a majority when voting. Pai has blown off the identity theft and fraud charges as maneuvers by desperate net neutrality advocates.

[Update at 2:20 pm EST: earlier today, the FCC commissioners voted along party lines to kill existing net neutrality rules protecting consumers.]


Was Your Identity Information Misused To Submit Fake Comments To The FCC About Net Neutrality?

After creating a webpage specifically to help New York State residents determine if their identifies were misued for net neutrality comments, Attorney General Schneiderman announced:

"In the last five days alone, over 3,200 people have reported misused identities to the Attorney General’s office, including nearly 350 New Yorkers from across the state. Attorney General Schneiderman urges New Yorkers to continue to check whether their identity was misused and report it to his office in order to inform the investigation."

The webpage automatically links to only net neutrality (Docket 17-108) comments with the U.S. Federal Communications Commission (FCC)  site. So, at least 3,200 persons have confirmed the misuse of their identity information by unknown persons (or bots) to pollute feedback by the public about net neutrality rules protecting consumers' broadband freedoms. You'd think that FCC Chairman Ajit Pai would be concerned about the pollution and fraud; and would delay the upcoming December 14th vote regarding net neutrality. But he's not and blew off the fake comments allegations, as explained in this earlier blog post.

You might think that Chairman Pai and the FCC would be concerned about pollution and fraud in feedback submitted to the FCC site, given the massive Equifax data breach in September which exposed the data elements (e.g., name, street addresses) criminals and fraudsters could easily use to submit fake comments.

This makes one wonder if the FCC can be trusted under Chairman Pai's leadership. Hopefully, Attorneys General in other states will provide similar webpages to help residents in their states... and not only for comments about net neutrality.

Being curious, I visited the webpage by AG Schneiderman. It instructed:

"The Office of the New York State Attorney General is investigating whether public comments regarding net neutrality rules wrongfully used New Yorkers’ identities without their consent. We encourage you to search the FCC’s public comment website and tell us if you see any comments that misuse your name and address.

First, search below to find any comments that may have misused your identity. If results appear, click on any comment that uses your name, and when the comment appears review the name, the address, and the comment text. (If no results appear, your identity most likely was not misused.)"

You don't need to be a New York State resident to use this online tool. My initial search produced 1,046, so I narrowed it by entering my name in quotations ("George Jenkins") for a more precise match. That second search produced 40 comments about net neutrality (e.g., Docket 17-108), a manageable number. I browsed the list which included my valid comment submitted during May, 2017.

I did not see any other comments using my name and address. That's good because I only submitted one comment. I noticed comments by persons with the same name in other states. That seems okay. It's reasonable to expect multiple persons with the same name in a country with a population of about 360 million people.

I did not check the addresses of the other persons with the same name. I realize that could easily hide synthetic ID-theft. In traditional synthetic ID-theft, criminals mix stolen (valid) Social Security numbers with other persons' names to avoid detection. In the ECFS comments system, one could enter valid names with fake addresses; or vice-versa. I hope that AG Schneiderman's fraud analysis also checks for both types of synthetic ID-theft: 1) fake names at real addresses, and 2) real names at fake addresses.

If I had found fraudulent entries, I would have notified AG Schneiderman, the Attorney General's office in the state where I live, and the FCC.

Did you check for misuse of your identity information? What did you find?


Governors and Federal Agencies Are Blocking Nearly 1,300 Accounts on Facebook and Twitter

[Editor's note: today's guest blog post, by the reporters at ProPublica, highlights a little-known practice by some elected officials to block their constituents on social networking sites. Today's post is reprinted with permission.]

By Leora Smith and Derek Kravitz - ProPublica

Amanda Farber still doesn’t know why Maryland Gov. Larry Hogan blocked her from his Facebook group. A resident of Bethesda and full-time parent and volunteer, Farber identifies as a Democrat but voted for the Republican Hogan in 2014. Farber says she doesn’t post on her representatives’ pages often. But earlier this year, she said she wrote on the governor’s Facebook page, asking him to oppose the Trump administration’s travel ban and health care proposal.

She never received a response. When she later returned to the page, she noticed her comment had been deleted. She also noticed she had been blocked from commenting. (She is still allowed to share the governor’s posts and messages.)

Farber has repeatedly emailed and called Hogan’s office, asking them to remove her from their blacklist. She remains blocked. According to documents ProPublica obtained through an open-records request this summer, hers is one of 494 accounts that Hogan blocks. Blocked accounts include a schoolteacher who criticized the governor’s education policies and a pastor who opposed the governor’s stance against accepting Syrian refugees. They even have their own Facebook group: Marylanders Blocked by Larry Hogan on Facebook.

Hogan’s office says they “diligently adhere” to their social media policy when deleting comments and blocking users.

In August, ProPublica filed public-records requests with every governor and 22 federal agencies, asking for lists of everyone blocked on their official Facebook and Twitter accounts. The responses we’ve received so far show that governors and agencies across the country are blocking at least 1,298 accounts. More than half of those — 652 accounts — are blocked by Kentucky Governor Matt Bevin, a Republican.

Four other Republican governors and four Democrats, as well as five federal agencies, block hundreds of others, according to their responses to our requests. Five Republican governors and three Democrats responded that they are not blocking any accounts at all. Many agencies and more than half of governors’ offices have not yet responded to our requests. Most of the blocked accounts appear to belong to humans but some could be “bots,” or automated accounts.

When the administrator of a public Facebook page or Twitter handle blocks an account, the blocked user can no longer comment on posts. That can create an inaccurate public image of support for government policies. (Here’s how you can dig into whether your elected officials are blocking constituents.)

ProPublica made the records requests and asked readers for their own examples after we detailed multiple instances of officials blocking constituents.

We heard from dozens of people. The governors’ offices in Alaska, Maine, Mississippi, Nebraska and New Jersey did not respond to our requests for records, but residents in each of those states reported being blocked. People were blocked after commenting on everything from marijuana legislation to Medicaid to a local green jobs bill.

For some, being blocked means losing one of few means to communicate with their elected representatives. Ann-Meredith McNeill, who lives in western rural Kentucky, told ProPublica that Bevin rarely visits anywhere near her. McNeill said she feels like “the internet is all I have” for interacting with the governor.

McNeill said she was blocked after criticizing Bevin’s position on abortion rights. (Last January, Bevin’s administration won a lawsuit that resulted in closing one of Kentucky’s two abortion clinics, the event that McNeill says inspired her comment.)

In response to questions about its social media blocking policies, Bevin’s office said in a statement that “a small number of users misuse [social media] outlets by posting obscene and abusive language or images, or repeated off-topic comments and spam. Constituents of all ages should be able to engage in civil discourse with Governor Bevin via his social media platforms without being subjected to vulgarity or abusive trolls.” McNeill told ProPublica, “I’m sure I got sassy” but she made “no threats or anything.”

Almost every federal agency that responded is blocking accounts. The Department of Veterans Affairs blocked 18 accounts as of July, but said most were originally blocked before 2014. The blocked accounts included a Michigan law firm specializing in auto accident cases and a Virginia real estate consultant who told ProPublica she had “no idea why” she was blocked. The Department of Energy blocked eight accounts as of October. The Department of Labor blocked seven accounts. And the Small Business Administration blocked two accounts, both of which were unverified and claimed to be affiliated with government loan programs.

Many governors and agencies gave us only partial lists or rejected our requests altogether. Outgoing Kansas Gov. Sam Brownback’s office told us they would not share their block lists due to “privacy concerns for those people whose names might appear on it.” Alabama declined to provide public records because our request did not come from an Alabama citizen.

Missouri Gov. Eric Greitens’ office declined to share records from his Facebook or Twitter accounts, arguing they are not “considered to be the ‘official’ social media accounts of the Governor of Missouri” because he created them before he took office.

Increased attention on the issue of blocking seems to be having an impact. In September, the California-based First Amendment Coalition revealed that California Governor Jerry Brown, a Democrat, had blocked more than 1,500 accounts until June, shortly before the organization submitted a request for his social media records.

At some point before fulfilling the coalition’s request, Brown’s office unblocked every account.

Vermont Gov. Phil Scott, a Republican, blocked the activist group Indivisible Vermont on Twitter on Aug. 25. On Aug. 28, Vermont reporter Taylor Dobbs submitted a request for the governor’s full blocked list, shortly after ProPublica’s similar request. Later that day, Scott unblocked the group and released a statement saying the account was “misconstrued as spam.”

Wisconsin Gov. Scott Walker’s office unblocked at least two Facebook users after receiving ProPublica’s request. Here are screenshots they sent us showing that the users have been unblocked:

In the last year, a series of legal claims have called into question the legality of government officials blocking constituents on social media.

At least one federal district court held that government officials who block constituents are violating their First Amendment rights.

Constituents have pending lawsuits against the governors of Kentucky, Maine, and Maryland, as well as Representative Paul Gosar, R-Ariz., and President Trump.

We asked the White House, which is not subject to open-records laws, to disclose the list of people Trump is blocking. Officials there have not responded.

Filed under:

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Photos: December 7 Demonstration In Boston To Keep Net Neutrality

Demonstrations occurred nationwide on December 7 to save net neutrality. Citizens took to the streets to keep our internet services open. About 200 persons attended the demonstration in Boston on Boylston Street. It was encouraging to meet several students from local universities participating in the event. They understand the issue and its seriousness. Several A.C.L.U. members also participated:

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4910

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4897

Boylston Street, Boston. December 7, 2017. Keep net neutrality. Image 4904

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4900

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4905

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4908

Boylston Street, Boston. December 7, 2017. Keep net neutrality demonstration. Image 4906

Browse photos from other demonstrations nationwide on December 7. Contact your elected officials in Congress, and learn about the next day of action on December 12, 2017. More resources:


Futurism: Your Life Without Net Neutrality Protections

Federal communications Commission logo You've probably heard that Ajit Pai, the Chairman of the U.S. Federal Communications Commission (FCC), is leading his agency towards a vote on December 14, 2017 to kill net neutrality. How will consumers' online lives change? Futurism described what your online life will be like without net neutrality:

"You’re at work and want to check Facebook on your lunch break to see how your sister is doing. This is not exactly a straightforward task, as your company uses Verizon. You’re not about to ask your boss if they’d consider putting up the extra cash every month so that you can access social media in the office, so you’ll have to wait until you get home.

That evening, you log in to pay your monthly internet bill — or rather, bills.

See, there’s the baseline internet cost, but without net neutrality, you also have to pay a separate monthly fee for social media, another for "leisure" pages like Reddit and Imgur, and another still for liberal-leaning news sites — because your provider’s CEO is politically conservative. Not only is your bill confusing, you’re not sure you can really afford to access all these websites that, at one point in time, you took for granted.

In addition to the sites you can access if you pay for them, there are also websites that have just become lost to you. Websites that you once frequented, but that now, you aren’t even sure how to access anymore. You can’t even pay to access them. You used to like reading strange Wikipedia articles late at night and cruising for odd documentaries — but now, all those interests that once entertained and educated you in your precious and minimal free time are either behind yet another separately provided paywall or blocked entirely. You’ve started to ask around, see if your friends or coworkers with other providers have better access... but the story is pretty much always the same."

Net neutrality meme highlighting blocked content. Click to view larger version In short, without net neutrality:

  1. You will lose the freedom to use the internet bandwidth you've purchased monthly as you desire;
  2. Corporate internet service providers (ISPs) increase their their revenues and profits by adding tolls to each package in a sliced-and-diced approach to internet content;
  3. Your internet bill will become just as confusing, frustrating, and expensive as your cable-TV bill, where ISPs force you to buy several expensive packages of sites in order to access your favorite sites;
  4. The new, expensive tolls allow ISPs to decide what internet content you see and don't see. Sites or content producers unwilling to pay fees to ISPs will find their content blocked or relegated to "slow" speed lanes; and
  5. Both middle-class and poor online users will bear the brunt of the price increases.

If you think this can't happen in the United States, consider:

"Some countries are already living this reality. In New Zealand, Vodafone offers mobile internet packages that are comprised of different types of services. You might have to pay a certain amount to access social apps like Snapchat and Instagram, and a separate fee to chat with friends via Facebook Messenger and iMessage. A similar framework is used by Portugal’s MEO, where messaging, social media, music streaming, video streaming, and email are also split into separate packages.

Long ago, FCC Chairman Pai made his position clear. Breitbart News reported on April 28, 2017:

"Federal Communications Commission (FCC) Chairman Ajit Pai told Breitbart News in an exclusive interview that an open and free internet is vital for America in the 21st century. During a speech at the Newseum on Wednesday, Pai said he plans to roll back the net-neutrality regulations and to restore the light-touch regulatory system established by President Bill Clinton and Congressional Republicans by the 1996 Telecommunications Act... Chairman Pai said during his speech that the internet prospered before net neutrality was enacted... Breitbart News asked the FCC chief why he thinks that net neutrality is a problem, and why we must eliminate the rule. He said: "Number one there was no problem to solve, the internet wasn’t broken in 2015. In that situation, it doesn’t seem me that preemptive market-wide regulation is necessary. Number two, even if there was a problem, this wasn’t the right solution to adopt. These Title II regulations were inspired during the Great Depression to regulate Ma Bell which was a telephone monopoly. And the broadband market we have is very different from the telephone market of 1934. So, it seems to me that if you have 4,462 internet service providers and if a few of them are behaving in a way that is anti-competitive or otherwise bad for consumer welfare then you take targeted action to deal with that. You don’t declare the entire market anti-competitive and treat everyone as if they are a monopolist. Going forward we are going to propose eliminating that Title II classification and figure out the right way forward. The bottom line is, everyone agrees on the principles of a free and open internet what we disagree with is how many regulations are needed to preserve the internet." "

Note the language. Pai uses "free and open internet" to refer to freedoms for ISPs to do what they want; a slick attempt to co-opt language net neutrality proponentsused for freedoms for consumers go online where they want without additional fees. Pai's "Light touch" means fewer regulations for ISPS regardless of the negative consequences upon consumers. Pai's comments in April attempted to spin existing net neutrality laws as antiquated ("the telephone market of 1934"), when, in fact, net neutrality was established recently... in 2010. Even the same Breitbart News article admitted this:

"Net neutrality passed under former Democrat Tom Wheeler’s FCC in 2010."

Pai's exaggerations and falsehoods are astounding. Plenty of bogus claims by Pai and net neutrality critics. In January of this year, President Donald Trump appointed Ajit Pai, a former lawyer with Verizon, as the FCC Chairman. Earlier this year, CNN reported:

"More than 1,000 startups and investors have now signed an open letter to Pai opposing the proposal. The Internet Association, a trade group representing bigger companies like Facebook, Google, and Amazon, has also condemned the plan. "The current FCC rules are working for consumers and the protections need to be kept in tact," Michael Beckerman, president and CEO of the Internet Association, said at a press conference Wednesday."

Regular readers of this blog are aware that more than "a few" ISPs committed abused consumers and content producers. (A prior blog post listed many historical problems and abuses of consumers by some ISPs.) Also, consider this: Pai made his net-neutrality position clear long before the public submitted comments to the FCC this past summer. Sounds like he never really intended to listen to comments from the public. Not very open minded.

As bad it all of this sounds, it's even worse. How? An FCC Commissioner, 28 U.S. senators, and the New York State Attorney General (AG) have lobbied FCC Chairman Pai to delay the net neutrality vote planned by the FCC on December 14, due to clear and convincing evidence of the massive fraud of comments submitted to the FCC's online commenting system.

In short, the FCC's online comments system is corrupted, hacked, and unreliable. The group (e.g., FCC commissioner, 28 Senators, and NY State AG) also objects to the elimination of net neutrality on the merits.

The fraud evidence is pretty damning, but Chairman Pai seems intent upon going ahead with a vote to kill net neutrality despite the comments fraud. Why? How? Ars Technica reported on December 4th:

"FCC Chairman Ajit Pai says that net neutrality rules aren't needed because the Federal Trade Commission can protect consumers from broadband providers... When contacted by Ars, Pai's office issued this statement in response to the [delay request] letter: "This is just evidence that supporters of heavy-handed Internet regulations are becoming more desperate by the day as their effort to defeat Chairman Pai's plan to restore Internet freedom has stalled. The vote will proceed as scheduled on December 14."

I find the whole process deeply disturbing. First, only 28 U.S. Senators seem concerned about the massive comments fraud. Why aren't all 100 concerned? Second, why aren't any House members concerned? Third, President Trump hasn't said anything about it. (This makes one wonder if POTUS45 either doesn't care consumers are hurt, or is asleep at the wheel.) Elected officials in positions of responsibility seem willing to ignore valid concerns.

Logo-verizon-protestsMany consumers are concerned, and protests to keep net neutrality are scheduled for later today outside Verizon stores nationwide. What do you think?


The Limitations And Issues With Facial Recognition Software

We've all seen television shows where police technicians use facial recognition software to swiftly and accurately identify suspects, or catch the bad guys. How accurate is that? An article in The Guardian newspaper discussed the promises, limitations, and issues with facial recognition software used by law enforcement:

"The software, which has taken an expanding role among law enforcement agencies in the US over the last several years, has been mired in controversy because of its effect on people of color. Experts fear that the new technology may actually be hurting the communities the police claims they are trying to protect... "It’s considered an imperfect biometric," said Clare Garvie, who in 2016 created a study on facial recognition software, published by the Center on Privacy and Technology at Georgetown Law, called The Perpetual Line-Up. "There’s no consensus in the scientific community that it provides a positive identification of somebody"... [Garvie's] report found that black individuals, as with so many aspects of the justice system, were the most likely to be scrutinized by facial recognition software in cases. It also suggested that software was most likely to be incorrect when used on black individuals – a finding corroborated by the FBI's own research. This combination, which is making Lynch’s and other black Americans’ lives excruciatingly difficult, is born from another race issue that has become a subject of national discourse: the lack of diversity in the technology sector... According to a 2011 study by the National Institute of Standards and Technologies (Nist), facial recognition software is actually more accurate on Asian faces when it’s created by firms in Asian countries, suggesting that who makes the software strongly affects how it works... Law enforcement agencies often don’t review their software to check for baked-in racial bias – and there aren’t laws or regulations forcing them to."