390 posts categorized "Government" Feed

EU Privacy Watchdogs Ask Microsoft For Explanations About Data Collection About Users

A privacy watchdog group in the European Union (EU) are concerned about privacy and data collection practices by Microsoft. The group, comprising 28 agencies and referred to as the Article 29 Working Party, sent a letter to Microsoft asking for explanations about privacy concerns with the software company's Windows 10 operating system software.

The February 2017 letter to Brendon Lynch, Chief Privacy Officer, and to Satya Nadella, Chief Executive Officer, was a follow-up to a prior letter sent in January. The February letter explained:

"Following the launch of Windows 10, a new version of the Windows operating system, a number of concerns have been raised, in the media and in signals from concerned citizens to the data protection authorities, regarding protection of your users’ personal data... the Working Party expressed significant concerns about the default installation settings and an apparent lack of control for a user to prevent collection or further processing of data, as well as concerns about the scope of data that are being collected and further processed... "

Microsoft logo While Microsoft has been cooperative so far, the group's specific privacy concerns:

"... user consent can only be valid if fully informed, freely given and specific. Whilst it is clear that the proposed new express installation screen will present users with five options to limit or switch off certain kinds of data processing it is not clear to what extent both new and existing users will be informed about the specific data that are being collected and processed under each of the functionalities. The proposed new explanation when, for example, a user switches the level of telemetry data from 'full' to 'basic' that Microsoft will collect 'less data' is insufficient without further explanation. Such information currently is also not available in the current version of the privacy policy.

Additionally, the purposes for which Microsoft collects personal data have to be specified, explicit and legitimate, and the data may not be further processed in a way incompatible with those purposes. Microsoft processes data collected through Windows 10 for different purposes, including personalised advertising. Microsoft should clearly explain what kinds of personal data are processed for what purposes. Without such information, consent cannot be informed, and therefore, not valid..."

Visit this EU link for more information about the Article 29 Working Party, or download the Article 29 Working Party letter to Microsoft (Adobe PDF).


GOP Legislation In Congress To Revoke Consumer Privacy And Protections

Logo for Republican Party, also known as the GOP The MediaPost Policy Blog reported:

"Republican Senator Jeff Flake, who opposes the Federal Communications Commission's broadband privacy rules, says he's readying a resolution to rescind them, Politico reports. Flake's confirmation to Politico comes days after Rep. Marsha Blackburn (R-Tennessee), the head of the House Communications Subcommittee, said she intends to work with the Senate to revoke the privacy regulations."

Blackburn's name is familiar. She was a key part of the GOP effort in 2014 to keep state laws in place to limit broadband competition by preventing citizens from forming local broadband providers. To get both higher speeds and lower prices compared to offerings by corporate internet service providers (ISPs), many people want to form local broadband providers. They can't because 20 states have laws preventing broadband competition. A worldwide study in 2014 found the consumers in the United States get poor broadband value: pay more and get slower speeds. Plus, the only consumers getting good value were community broadband customers. In June 2014, the FCC announced plans to challenge these restrictive state laws that limit competition, and keep your Internet prices high. That FCC effort failed. To encourage competition and lower prices, several Democratic representatives introduced the Community Broadband Act in 2015.That legislation went nowhere in a GOP-controlled Congress.

Pause for a moment and let that sink in. Blackburn and other GOP representatives have pursued policies where we consumers all pay more for broadband due to the lack of competition. The GOP, a party that supposedly dislikes regulation and prefers free-market competition, is happy to do the opposite to help their corporate donors. The GOP, a party that historically has promoted states' rights, now uses state laws to restrict the freedoms of constituents at the city, town, and local levels. And, that includes rural constituents.

Too many GOP voters seem oblivious to this. Why Democrats failed to capitalize on this broadband issue, especially during the Presidential campaign last year, is puzzling. Everyone needs broadband: work, play, school, travel, entertainment.

Now, back to the effort to revoke the FCC's broadband privacy rules. Several cable, telecommunications, and advertising lobbies sent a letter in January asking Congress to remove the broadband privacy rules. That letter said in part:

"... in adopting new broadband privacy rules late last year, the Federal Communications Commission (“FCC”) took action that jeopardizes the vibrancy and success of the internet and the innovations the internet has and should continue to offer. While the FCC’s Order applies only to Internet Service Providers (“ISPs”), the onerous and unnecessary rules it adopted establish a very harmful precedent for the entire internet ecosystem. We therefore urge Congress to enact a resolution of disapproval pursuant to the Congressional Review Act (“CRA”) vitiating the Order."

The new privacy rules by the FCC require broadband providers (a/k/a ISPs) to obtain affirmative “opt-in” consent from consumers before using and sharing consumers' sensitive information; specify the types of information that are sensitive (e.g., geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications); stop using and sharing information about consumers that have opted out of information sharing; meet transparency requirements to clearly notify customers about the information collection sharing and how to change their opt-in or opt-out preferences, prohibit "take-it-or-leave-it" offers where ISPs can refuse to serve customers who don't consent to the information collection and sharing; and comply with "reasonable data security practices and guidelines" to protect the sensitive information collected and shared.

The new FCC privacy rules are common sense stuff, but clearly these companies view common-sense methods as a burden. They want to use consumers' information however they please without limits, and without consideration for consumers' desire to control their own personal information. And, GOP representatives in Congress are happy to oblige these companies in this abuse.

Alarmingly, there is more. Lots more.

The GOP-led Congress also seeks to roll back consumer protections in banking and financial services. According to Consumer Reports, the issue arose earlier this month in:

"... a memo by House Financial Services Committee Chairman Rep. Jeb Hensarling (R-Tex), which was leaked to the press yesterday... The fate of the database was first mentioned [February 9th] when Bloomberg reported on a memo by Hensarling, an outspoken critic of the CFPB. The memo outlined a new version of the Financial CHOICE Act (Creating Hope and Opportunity for Investors, Consumers and Entrepreneurs), a bill originally advanced by the House Financial Services Committee in September. The new bill would lead to the repeal of the Consumer Complaint Database. It would also eliminate the CFPB's authority to punish unfair, deceptive or abusive practices among banks and other lenders, and it would allow the President to handpick—and fire—the bureau's director at will."

Banks have paid billions in fines to resolve a variety of allegations and complaints about wrongdoing. Consumers have often been abused by banks. You may remember the massive $185 million fine for the phony accounts scandal at Wells Fargo. Or, you may remember consumers forced to use prison-release cards. Or, maybe you experienced debt collection scams. And, this blog has covered extensively much of the great work by the CFPB which has helped consumers.

Does these two legislation items bother you? I sincerely hope that they do bother you. Contact your elected officials today and demand that they support the FCC privacy rules.


Travelers Face Privacy Issues When Crossing Borders

If you travel for business, pleasure, or both then today's blog post will probably interest you. Wired Magazine reported:

"In the weeks since President Trump’s executive order ratcheted up the vetting of travelers from majority Muslim countries, or even people with Muslim-sounding names, passengers have experienced what appears from limited data to be a “spike” in cases of their devices being seized by customs officials. American Civil Liberties Union attorney Nathan Wessler says the group has heard scattered reports of customs agents demanding passwords to those devices, and even social media accounts."

Devices include smartphones, laptops, and tablets. Many consumers realize that relinquishing passwords to social networking sites (e.g., Facebook, Instagram, etc.) discloses sensitive information not just about themselves, but also all of their friends, family, classmates, neighbors, and coworkers -- anyone they are connected with online. The "Bring Your Own Device" policies by many companies and employers means that employees (and contractors) can use their personal devices in the workplace and/or connected remotely to company networks. Those connected devices can easily divulge company trade secrets and other sensitive information when seized by Customs and Border Patrol (CBP) agents for analysis and data collection.

Plus, professionals such as attorneys and consultants are required to protect their clients' sensitive information. These professionals, who also must travel, require data security and privacy for business.

Wired also reported:

"In fact, US Customs and Border Protection has long considered US borders and airports a kind of loophole in the Constitution’s Fourth Amendment protections, one that allows them wide latitude to detain travelers and search their devices. For years, they’ve used that opportunity to hold border-crossers on the slightest suspicion, and demand access to their computers and phones with little formal cause or oversight.

Even citizens are far from immune. CBP detainees from journalists to filmmakers to security researchers have all had their devices taken out of their hands by agents."

For travelers wanting privacy, what are the options? Remain at home? This may not be an option for workers who must travel for business. Leave your devices at home? Again, impractical for many. The Wired article provided several suggestions, including:

"If customs officials do take your devices, don’t make their intrusion easy. Encrypt your hard drive with tools like BitLocker, TrueCrypt, or Apple’s Filevault, and choose a strong passphrase. On your phone—preferably an iPhone, given Apple’s track record of foiling federal cracking—set a strong PIN and disable Siri from the lockscreen by switching off “Access When Locked” under the Siri menu in Settings.

Remember also to turn your devices off before entering customs: Hard drive encryption tools only offer full protection when a computer is fully powered down. If you use TouchID, your iPhone is safest when it’s turned off, too..."

What are the consequences when travelers refuse to disclose passwords and encrpt devices? Ars Technica also explored the issues:

"... Ars spoke with several legal experts, and contacted CBP itself (which did not provide anything beyond previously-published policies). The short answer is: your device probably will be seized (or "detained" in CBP parlance), and you might be kept in physical detention—although no one seems to be sure exactly for how long.

An unnamed CBP spokesman told The New York Times on Tuesday that such electronic searches are extremely rare: he said that 4,444 cellphones and 320 other electronic devices were inspected in 2015, or 0.0012 percent of the 383 million arrivals (presuming that all those people had one device)... The most recent public document to date on this topic appears to be an August 2009 Department of Homeland Security paper entitled "Privacy Impact Assessment for the Border Searches of Electronic Devices." That document states that "For CBP, the detention of devices ordinarily should not exceed five (5) days, unless extenuating circumstances exist." The policy also states that CBP or Immigration and Customs Enforcement "may demand technical assistance, including translation or decryption," citing a federal law, 19 US Code Section 507."

The Electronic Frontier Foundation (EFF) collects stories from travelers who've been detained and had their devices seized. Clearly, we will hear a lot more in the future about these privacy issues. What are your opinions of this?


Town Hall With Congressman Stephen Lynch About Security And Rights

Official photo of Congressman Stephen F. Lynch. Click to view larger version Congressman Stephen F. Lynch (Democrat, 8th District of Massachusetts) held a town hall meeting on Friday February 3, 2017 titled, “Keeping America Safe While Preserving Our Constitutional Rights.” The 7:00 pm event at the Milton High School auditorium was heavily attended (see photos below) with an estimated attendance of about 500 to 700 persons. The website and e-mail invitation from Congressman Lynch’s office described the meeting agenda:

"The Town Hall will be an opportunity for constituents to come together to discuss the legal implications of President Trump’s executive actions, to discuss what can be done to resist any infringements of Constitutional rights and discuss existing and ongoing efforts to ensure safety in our homeland, and to provide resources for those who may need assistance."

Representative Lynch serves on the Oversight and Government Reform Committee and the Financial Services Committee. He is the lead Democrat on the National Security Subcommittee, responsible for overseeing the Departments of State, Defense and Homeland Security, and the United States Agency for International Development. He was sworn in to the United States Congress in October 2001, after the sudden passing of Congressman John Joseph Moakley.

Partial view of February 3, 2017 town hall session. Milton HS auditorium. Click to view larger version Representative Lynch opened the meeting with remarks about his experience in Congress, the heavier than usual volume of emails, phone calls, and visits to his office since the flurry of Executive Orders by President Trump, his 17 trips to the Middle East including Iraq and Turkey, his visits to refugee camps, and his familiarity with the vetting process for immigrants wanting to relocate to the United States.

Representative Lynch said regarding refugees and immigrants that the "facts on the ground" are often very different than what is reported in the news media or by the current White House. He explained that many Syrians spend several years in refugee camps, since many want to return to their homes and not immigrate to other countries. And, the United States is probably number 10 in a list of desired locations of refugees wanting to relocate to another country.

He also described an overview of the vetting process, which includes interviews, biometrics, retina scans, and follow-up sessions with about 18 steps lasting 14 to 18 months. Several U.S. Federal government agencies are involved in the vetting process. Congressman Lynch described President Trump's Executive Order banning immigrants from seven Middle East countries as "wrong and unnecessary," and was conducted carelessly.

Congressman Lynch held an hour-long telephone town hall on January 24, 2017. He has co-sponsored H.R.852 in the 115th Congress (2017-2018) to:

"... amend the Immigration and Nationality Act to provide that an alien may not be denied admission or entry to the United States, or other immigration benefits, because of the alien's religion, and for other purposes."

H.R. 852 was sponsored by Representative Donald S. Beyer, Jr. (Democrat, Virginia) and introduced On February 3, 2017. It is in committee. View the list of bills sponsored or co-sponsored by Congressman Lynch.

The February 3 town hall session started at 7:00 pm. Carl Williams, a staff attorney with the American Civil Liberties Union (ACLU), also spoke and briefly discussed recent decisions by several federal court judges about President Trump's immigration ban, which applies to seven majority Muslim countries: Iraq, Syria, Iran, Libya, Somalia, Sudan, and Yemen. Late on Friday February 3, a federal court judge in Seattle decided to halt the immigration ban. This was the third major decision after one in New York and a second in Boston.

Partial view of February 3, 2017 town hall session. Milton HS auditorium. Click to view larger version The question-and-answer session started at about 7:55 pm and at least 20 constituents immediately lined up in the auditorium to ask questions. At the check-in table, Congressman Lynch's staff provided index cards for constituents to write and submit questions. During the session, constituents asked a variety of questions at the microphones, including (partial list):

  • How can we help refugees?
  • What will Congressman Lynch do to keep us safe?
  • How do we get our voices heard in other states?
  • Will Congressman Lynch fight for single payer healthcare plan as Republicans propose an alternative to the Affordable Care Act (a/k/a "Obamacare)?
  • How do we get Steve Bannon off the National Security Council?

Representative Lynch reminded constituents that due to the "Separation of Powers" built into our government, the legislative branch has no power to affect how the White House chooses to organize itself. He also reminded attendees of the 55-seat advantage the Republican party has in the House.

Besides several Executive Orders by President Trump, the House of Representatives has taken several actions and votes. I have found the E-Update Newsletter by Congressman Michael Capuano (Democrat, 7th District of Massachusetts) very informative with summaries about recent House activities in easy-to-understand language; plus a running list of activities. Representative Capuano's summaries also include the vote total by party. For example:

Excerpt from February 3, 2017 E-Update Newsletter by Representative Michael Capuano. Click to view larger version

Friday's town hall's agenda was scheduled to end at 9:00 pm. I left at that time, and hadn't heard any mention of security issues about the proposed wall between the United States and Mexico. The town hall was also Live on Facebook, but I found the audio quality poor at times. Always better to attend in person and ask questions directly of a Congressperson.

I did not see any reporters from local news media at the town hall session. If you attended the town hall session, what were your questions or comments? Below is a tweet by Representative Lynch about the town hall.


Boston Women's March And Local Law Enforcement

On Saturday, January 21, 2017 the Boston Police Department (BPD) posted on its Facebook page at 5:45 pm the following about the Women's March:

"To the tens of thousands who participated in today’s Women’s March on Boston Common earlier today, Saturday, January 21, 2017, the men and women of the Boston Police Department would like to thank you for the high levels of respectful and responsible behavior on display throughout the day. Said Commissioner Evans: "Really impressed with the amount of respect and courtesy shown to my officers by everybody attending today's Women’s March and I’d just like to personally thank everybody who demonstrated in a peaceful, polite and respectful manner."

The Boston Globe newspaper reported about the event:

"... the enormous crowd began streaming from Boston Common onto Charles Street, heading to Clarendon Street, where they turned around. So many people marched that it took more than an hour and a half to file out of the Common. City officials estimated that 175,000 attended the demonstration... The Boston event was one of more than 600 marches being held nationwide and globally, on the day after Trump took office... Speakers at the Boston kickoff included Warren, Mayor Martin J. Walsh of Boston, US Senator Edward J. Markey, and Attorney General Maura Healey... By about 1 p.m., marchers began to hit the streets, though the crowd was so big that many had to wait before they could get out of the Common. The gathering was almost evenly split between men and women, and a diverse range of agendas was represented: climate change, antiracism, and Trump’s ties to Russia. On Twitter, Boston police thanked protesters for remaining peaceful."

There more demonstrations in Massachusetts in Falmouth, Greenfield, Nantucket, Provincetown, Northampton, and Pittsfield. Social networking posts about the Boston event by the BPD on Twitter:

Tweet about Womens March by Boston Police Department. Click to view larger version

Tweets about Womens March by Boston Police Department. Click to view larger version

Respectful behavior all around: marchers and law enforcement. Congratulations and thanks to everyone involved, plus very respectful messages on social networking sites by the BPD. Hopefully, in the future more citizens and police departments around the country will follow Boston's lead. That is truly #BostonStrong.

Yes, I live and work in Boston. What happened in your city? How did your city's law enforcement respond. Share below.


FINRA Fined 12 Brokerage Firms $14.4 Million For Inadequate Data Security

Just before the long holiday break, the Financial Industry Regulatory Authority (FINRA) announced that it fined 12 banks and brokerage firms a total of $14.4 million for failing to adequately protect information in electronic broker-dealer and customer records. The FINRA announcement explained:

"... at various times, and in most cases for prolonged periods, the firms failed to maintain electronic records in “write once, read many,” or WORM, format, which prevents the alteration or destruction of records stored electronically... Federal securities laws and FINRA rules require that business-related electronic records be kept in WORM format to prevent alteration. The SEC has stated that these requirements are an essential part of the investor protection function... FINRA found that each of these 12 firms had WORM deficiencies that affected millions, and in some cases, hundreds of millions, of records pivotal to the firms’ brokerage businesses, spanning multiple systems and categories of records... each of the firms had related procedural and supervisory deficiencies affecting their ability to adequately retain and preserve broker-dealer records stored electronically. In addition, FINRA found that three of the firms failed to retain certain broker-dealer records the firms were required to keep under applicable record retention rules. In settling this matter, the firms neither admitted nor denied the charges, but consented to the entry of FINRA's findings."

The firms fined and the amounts for each:

"Wells Fargo Securities, LLC and Wells Fargo Prime Services, LLC were jointly fined $4 million. RBC Capital Markets LLC and RBC Capital Markets Arbitrage S.A. were jointly fined $3.5 million. RBS Securities, Inc. was fined $2 million. Wells Fargo Advisors, LLC, Wells Fargo Advisors Financial Network, LLC and First Clearing, LLC were jointly fined $1.5 million. SunTrust Robinson Humphrey, Inc. was fined $1.5 million. LPL Financial LLC was fined $750,000. Georgeson Securities Corporation was fined $650,000. PNC Capital Markets LLC was fined $500,000.

In September, Wells Fargo bank paid $185 million in fines to settle charges of alleged unlawful sales practices during the past five years. LPL Financial had several data breaches during 2007 to 2009.

For readers seeking more information, the FINRA announcement includes links to the settlement agreements.


The Boston Keep ACA Rally on January 15 And Senator Warren's Remarks

Crowd gathering an hour before Boston healthcare rally. January 15,, 2017. click to view larger version On Sunday January 15, 2017 I attended the healthcare rally in Boston at iconic Faneuil Hall. It was one of a dozen rallies around the United States. Several people spoke, including Boston Mayor Marty Walsh, U.S. Senator Elizabeth Warren, activist Sarah Grow, Carla Leviano, and U.S. Senator Edward Markey. The attendance was great and far exceeded the capacity for the auditorium inside Faneuil Hall, where it was originally planned.

The event continued outside with what I estimated at least five thousand people standing in the cold 27 degrees Fahrenheit temperature. This blog post contains several photographs I took. The photo on the right shows the crowd gather more than hour before the official 1:00 pm start of the rally.

Carla Lievano, a single-mother whose family is on MassHealth, is worried about losing her health benefits if the Affordable Care Act is repealed. She said:

"I could lose my health benefits... I’m very low income. I don’t know how I would take care of [my daughter]..."

Senator Warren speaking at January 15, 2017 healthcare rally in Boston. Click to view larger version Grow shared the story of her mother's battle against cancer, and how the Affordable Care Act (ACA and a//k/a Obamacare) saved her mother's life. Her mother was able to find a replacement plan under the ACA. Below is the transcript of Senator Elizabeth Warren's remarks (courtesy of the Boston Globe):

"For eight years, Republicans in Congress have complained about health care in America, heaping most of the blame on President Obama. Meanwhile, they’ve hung out on the sidelines making doomsday predictions and cheering every stumble, but refusing to lift a finger to actually improve our health care system.

The GOP is about to control the White House, Senate, and House. So what’s the first thing on their agenda? Are they working to bring down premiums and deductibles? Are they making fixes to expand the network of doctors and the number of plans people can choose from? Nope. The number one priority for congressional Republicans is repealing the Affordable Care Act and breaking up our health care system while offering zero solutions.

Their strategy? Repeal and run.

Many Massachusetts families are watching this play out, worried about what will happen — including thousands from across the Commonwealth that I joined at Faneuil Hall on Sunday to rally in support of the ACA. Hospitals and insurers are watching too, concerned that repealing the ACA will create chaos in the health insurance market and send costs spiraling out of control.

Health care reform in Massachusetts wasn’t partisan. Democrats, Republicans, business leaders, hospitals, insurers, doctors, and consumers all came together behind a commitment that every single person in our Commonwealth deserves access to affordable, high-quality care. When Republican Governor Mitt Romney signed Massachusetts health reform into law in 2006, our state took huge strides toward offering universal health care coverage and financial security to millions of Bay State residents.

That law was a major step forward. Today, more than 97 percent of Bay Staters are covered — the highest rate of any state in the country.

But Massachusetts still has a lot to lose if the ACA is repealed. One big reason for our state’s health care success is that we took advantage of the new opportunities offered under the ACA. In addition to making care more accessible and efficient, our state expanded Medicaid, using federal funds to help even more people. And we combined federal and state dollars to help reduce the cost of insurance on the Health Connector.

When the ACA passed, Massachusetts already had in place some of the best consumer protections in the nation. But the ACA still made a big difference. It strengthened protections for people in Massachusetts with pre-existing conditions, allowed for free preventive care visits, and — for the first time in our state — banned setting lifetime caps on benefits.

If the ACA is repealed, our health care system would hang in the balance. Half a million people in the Commonwealth would risk losing their coverage. People who now have an iron-clad guarantee that they can’t be turned away due to their pre-existing conditions or discriminated against because of their gender could lose that security. Preventive health care, community health centers, and rural hospitals could lose crucial support. In short, the Massachusetts health care law is a big achievement and a national model, but it also depends on the ACA and a strong partnership with the federal government.

If the cost-sharing subsidies provided by the ACA are slashed to zero, Massachusetts will have a tough time keeping down the cost of plans on the Health Connector. The state can’t make funds appear out of thin air to help families on the Medicaid expansion if Republicans yank away support. And our ability to address the opioid crisis will be severely hampered if people lose access to health insurance or if the federal funding provided through the Medicaid waiver disappears. Even in states with strong health care systems — states like Massachusetts — the ACA is critical.

The current system isn’t perfect — not by a long shot. There are important steps Congress could take to lower deductibles and premiums, to expand the network of doctors people can see on their plans, and to increase the stability and predictability of the market. We should be working together to make health care better all across the country, just like we’ve tried to do here in Massachusetts.

This doesn’t need to be a partisan fight. But if congressional Republicans continue to pursue repeal of the ACA with nothing more than vague assurances that they might — someday — think up a replacement plan, the millions of Americans who believe in guaranteeing people’s access to affordable health care will fight back every step of the way.

Repeal and run is for cowards."

Want to read more? Try these hashtags on social networking sites: #repealandrun #ourfirststand #savehealthcare #CareNotChaos. Below are more photos from Sunday's event in Boston.

Protester sign at Boston healthcare rally
Protester sign. Boston healthcare rally. 1/15/17

Protester sign at Boston healthcare rally
Protester sign at Boston healthcare rally. 1/15/17

Boston Mayor Marty Walsh speaking at healthcare rally January 15, 2017
Mayor Marty Walsh speaking at healthcare rally. 1/15/17

View of crowd at Boston healthcare rally January 15, 2017
View from crowd at Boston healthcare rally. 1/15/17


The State of Massachusetts Data Breach Archive Is Available Online

The Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) announced the public availability online of its data breach notification archive. To comply with Massachusetts state laws enacted in 2007, companies and entities must notify both the OCABR and the Attorney General's Office anytime personal information is accidentally or intentionally compromised.

Consumer Affairs Undersecretary John Chapman stated:

“The Data Breach Notification Archive is a public record that the public and media have every right to view... Making it easily accessible by putting it online is not only in keeping with the guidelines suggested in the new Public Records law, but also with Governor Baker’s commitment to greater transparency throughout the Executive Office.”

The OCABR breach archive includes a tabular listing of data breaches in Adobe PDF format. Each listing includes the following data elements: date the breach was reported, organization name, breach type, number of residents affected, types of sensitive personal data (e.g., Social Security Number, account number, driver's license identifier, credit card number) exposed or stolen, whether the organization offered free credit monitoring to affected residents, if the data was encrypted, and if the breach included mobile devices. The archive does not include the full text of the breach notification letters received. The breach archive also includes summary information:

Breaches and Residents Affected By Year
Year # Notifications # Affected Residents
2007 (Nov to Dec) 30 8,499
2008 413 700,918
2009 437 357,869
2010 473 1,015,693
2011 614 1,163,917
2012 1,139 326,411
2013 1,829 1,163,643
2014 1,603 354,130
2015 1,834 1,338,048
2016 1,866 188,809
Total 10,238 5,454,294

According to the Census Bureau, Massachusetts' population was just under 6.8 million in 2015. So, the total number of affected residents equals about 80 percent of the state's population.

Nebraska, Nevada, Rhode Island, and Tennessee recently strengthened their breach laws with expanded definitions, encryption, requirements to notify the state's attorney general, and requirements to notify affected persons within forty-five (45) days. While most states -- 46 have some type of breach laws, some (California, Indiana, Iowa, Maryland, Montana, New Hampshire, Oregon, Vermont, Washington, Wisconsin) post online breach notices they have received.

Some states' sites provide their breach archives using static Adobe PDF file formats. The better-designed sites make it easy for residents to search and view information about specific breach incidents. these sites feature interactive search mechanisms that allow users to enter the name of company or state agency, date range filters, and file download options compatible with spreadsheet software. Some states -- California, South Carolina, and Washington -- produce detailed breach reports explaining the breaches by industry, type, and cause.

Without the full text, interactive search, and filter mechanisms, the OCABR breach archive is a marginally helpful resource. Consumers can still use it to verify the breach notices they have received via postal mail, since identity thieves often send fake breach notices trying to trick consumers into revealing their sensitive personal information. Using the OCABR breach archive is slow and awkward, since users must download each PDF file and perform a text search for an organization with each file. Plus, the archive lacks both street address and company business unit information, making it impossible for users to distinguish between entries with the same organization name.

Basically, something is better than nothing.

What are your opinions of the breach archive by Massachusetts? If I missed any states that provide beach notices online, please share below.


Researchers Conclude Voting Systems In the USA Are Vulnerable To Hacking And Errors

McClatchyDC reported:

"Pennsylvania is one of 11 states where the majority of voters use antiquated machines that store votes electronically, without printed ballots or other paper-based backups that could be used to double-check the balloting. There's almost no way to know if they've accurately recorded individual votes — or if anyone tampered with the count... These paperless digital voting machines, used by roughly 1 in 5 U.S. voters last month, present one of the most glaring dangers to the security of the rickety, underfunded U.S. election system."

I strongly suggest that all voters read the entire McClatchyDC article. It is an eye-opener. Let's unpack the above paragraph. There's plenty to consider.

First, a significant number of voting districts across the nation use only paperless digital voting machines. A prior blog post confirmed this usage:

"... half of registered voters (47%) live in jurisdictions that use only optical-scan as their standard voting system, and about 28% live in DRE-only jurisdictions... Another 19% of registered voters live in jurisdictions where both optical-scan and DRE systems are in use... Around 5% of registered voters live in places that conduct elections entirely by mail – the states of Colorado, Oregon and Washington, more than half of the counties in North Dakota, 10 counties in Utah and two in California. And in more than 1,800 small counties, cities and towns – mostly in New England, the Midwest and the inter-mountain West – more than a million voters still use paper ballots that are counted by hand."

That prior blog post also included a map with voting technologies by district. Second, the paperless digital voting machines make recounts difficult to impossible. Why? They lack printed ballots or paper backups to re-scan and verify against the machines' recorded totals. Optical-scan voting machines are better since they use paper ballots. Those paper ballots can be re-scanned during a recount to verify the machines' totals. Reportedly, advanced countries including Germany, Britain, Japan and Singapore all require scannable paper ballots.

Third, all of this means paperless digital voting machines are a hacker's delight. Or a corrupt politician's delight. If one is going to hack voting systems with a low to zero chance of getting caught, then smart hackers would target machines without paper backups where tampering would be impossible to detect during recounts.

Fourth, the vulnerabilities aren't just theory, or what-ifs. The McClathcyDC article also reported:

"But a cadre of computer scientists from major universities backed Stein's recounts to underscore the vulnerability of U.S. elections. These researchers have been successfully hacking e-voting machines for more than a decade in tests commissioned by New York, California, Ohio and other states."

You can easily find reports online about the vulnerable machines, such as the Sequoia AVC Advantage used in Louisiana, New Jersey, Virginia, and Pennsylvania. Another example: last year, the State of Virginia de-certified using the AVS WINVote made by Advanced Voting Solutions, which had previously been used also in Pennsylvania and Mississippi. The security review by the Virginia Information Technologies Agency (Adobe PDF) is available online.

The Brennan Center for Justice (BCJ) produced a report in 2015: "America's Voting Machines At Risk" (Adobe PDF). The BCJ interviewed more than 30 state and 80 local election officials, plus dozens of election technology, administration and security experts. They also gathered input from "computer scientists, policy analysts, usability experts, election security experts, voting equipment vendors, and various innovators in the field of election technology." The BCJ's report summarized the problem:

"... an impending crisis... from the widespread wearing out of voting machines purchased a decade ago... Jurisdictions do not have the money to purchase new machines, and legal and market constraints prevent the development of machines they would want even if they had funds..."

The BCJ found:

"Unlike voting machines used in past eras, today’s systems were not designed to last for decades. In part this is due to the pace of technological change... although today’s machines debuted at the beginning of this century, many were designed and engineered in the 1990s... experts agree that for those purchased since 2000, the expected lifespan for the core components of electronic voting machines is between 10 and 20 years, and for most systems it is probably closer to 10 than 20... 43 states are using some machines that will be at least 10 years old in 2016. In most of these states, the majority of election districts are using machines that are at least 10 years old. In 14 states, machines will be 15 or more years old.

Nearly every state is using some machines that are no longer manufactured and many election officials struggle to find replacement parts. The longer we delay purchasing new equipment, the more problems we risk. The biggest risk is increased failures and crashes, which can lead to long lines and lost votes.

Older machines can also have serious security and reliability flaws that are unacceptable today. For example, Virginia recently decertified a voting system used in 24 percent of precincts after finding that an external party could access the machine’s wireless features to “record voting data or inject malicious data... Several election officials mentioned “flipped votes” on touch screen machines, where a voter touches the name of one candidate, but the machine registers it as a selection for another... Election jurisdictions in at least 31 states want to purchase new voting machines in the next five years. Officials from 22 of these states said they did not know where they would get the money to pay for them."

The USA can do better. It must do better. State and local elections officials must find the money. Elected politicians must help them find the money. Our democracy is at stake.

There is a glimmer of good news. Researchers at Rice University have developed a digital voting machine prototype that prints a paper trail. The paper trail provide verification of voters' selections, which would facilitate recounts and should replace the paperless DRE equipment. It is one of three publicly funded projects across the country. Bidding is open for manufacturers to produce the equipment.

While Stein's recount efforts ultimately failed, the vulnerabilities still exist. As McClatchyDC reported:

"The U.S. voting system — a loosely regulated, locally managed patchwork of more than 3,000 jurisdictions overseen by the states — employs more than two dozen types of machinery from 15 manufacturers.

So, something needs to be done soon to increase the security of DRE or paperless digital voting machines. It's time for voters to demand better voting security and accountability from state and local elections officials (and their politicians) who selected paperless voting equipment for their districts. It seems foolish to tighten voter ID and registration procedures while both under-funding and ignoring the vulnerabilities with paperless digital voting machines.

What are your opinions?


Trump's Treasury Pick Excelled at Kicking Elderly People Out of Their Homes

[Editor's note: today's guest post is by reporters at ProPublica. This news story was originally published on December 27, 2016. It is reprinted with permission.]

by Paul Kiel and Jesse EisingerProPublica

In 2015, OneWest Bank moved to foreclose on John Yang, an 80-year-old Korean immigrant living in Orange Park, Florida, a small suburb of Jacksonville. The bank believed he wasn't living in his home, violating the terms of its loan. It dispatched an agent to give him legal notification of the foreclosure.

Where did the bank find him? At the same single-story home the bank had said in court papers he did not occupy.

Still OneWest pressed on, forcing Yang, a former Christian missionary, to seek help from legal aid attorneys. This year, during a deposition, an employee of OneWest's servicing division was asked the obvious question: Why would the bank pursue a foreclosure that seemed so clearly unjustified by the facts?

The employee's response was blunt: "You're trying to make logic out of an illogical situation."

Yang was lucky. The bank eventually dropped its efforts against him. But others were not so fortunate. In recent years, OneWest has foreclosed on at least 50,000 people, often in circumstances that consumer advocates say run counter to federal rules and, as in Yang's case, common sense.

President-elect Donald Trump's nomination of Steven Mnuchin as Treasury Secretary has prompted new scrutiny of OneWest's foreclosure practices. Mnuchin was the lead investor and chairman of the company during the years it ramped up its foreclosure efforts. Representatives from the company and the Trump transition team did not respond to requests for comment.

Records show the attempt to push Mr. Yang out of his home was not an unusual one for OneWest's Financial Freedom unit, which focused on controversial home loans known as reverse mortgages. Regulators and consumer advocates have long worried that these loans, popular during the height of the housing bubble, exploit elderly homeowners.

The loans allow people to benefit from the equity they have built up over many years without selling their houses. The money is paid in a variety of ways, from lump sums to a stream of monthly checks. Borrowers are allowed to stay in their homes for as long as they live.

The loans are guaranteed by the U.S. Department of Housing and Urban Development, meaning the agency pays lenders like Freedom Financial the difference between the ultimate sale price of the home and the size of the reverse mortgage.

But the fees are often high and the interest charges mount up quickly because the homeowner isn't paying down any of the principal on the loan. Homeowners remain on the hook for property taxes and insurance and can lose their homes if they miss those payments.

A 2012 report to Congress by the Consumer Financial Protection Bureau said that "vigorous enforcement is necessary to ensure that older homeowners are not defrauded of a lifetime of home equity."

ProPublica found numerous examples where Financial Freedom had foreclosed for legally questionable reasons. The company served several other homeowners at their homes to let them know they were being sued for not occupying their homes. In Florida, a shortfall of only $0.27 led to a foreclosure attempt. In Atlanta, the company sought to foreclose on a widow after her husband's death, but backed down when a legal aid attorney sued, citing federal law that allowed the surviving spouse to remain in the home.

"It appears their business approach is scorched earth, in a way that doesn't serve communities, homeowners or the taxpayer," said Alys Cohen, a staff attorney for the National Consumer Law Center in Washington D.C.

Since the financial crisis, OneWest, through Financial Freedom, has conducted a disproportionate number of the nation's reverse mortgage foreclosures. It was responsible for 16,200 foreclosures on government-backed reverse mortgages, or 39 percent of all foreclosures nationwide, from 2009 through late 2014, even though it only serviced about 17 percent of the loans, according to government data analyzed by the California Reinvestment Coalition, an advocacy group for low-income consumers. While some foreclosures were justified, legal aid attorneys say Financial Freedom has refused to work with borrowers in foreclosure to establish payment plans, in contrast with other servicers of reverse mortgages.

Experts say the companies are not entirely to blame for the wave of foreclosures. HUD oversees standards on most reverse mortgages. In the years after the housing crash, HUD's rules evolved, creating a miasma of confusion for mortgage servicers. Companies say the new federal rules required them to foreclose when borrowers fell far behind on property and insurance costs, rather than work out payment plans.

OneWest's rough treatment of homeowners extended to its behavior toward borrowers with standard mortgages in the aftermath of the housing crash. In 2009, the Obama administration launched a program to encourage mortgage servicers to work out affordable mortgage modifications with borrowers. OneWest, weighed down by several hundred thousand souring mortgages, signed up.

It didn't go well. About three-quarters of homeowners who sought a modification from OneWest through the program were denied, according to the latest figures from the Treasury Department. OneWest was among the worst performing large servicers in the program by that measure. In 2011, activists protested OneWest's indifference at Mnuchin's Bel Air mansion in Los Angeles.

"We're in a difficult economic environment and very sympathetic to the problems many homeowners face, but under the government's program there's not a solution in every case," Mnuchin told the Wall Street Journal in that year.

Despite the controversy, Mnuchin and the other investors in OneWest made a killing on their purchase. In 2009, Mnuchin's investment group bought the failed mortgage bank IndyMac, which had been taken over by the Federal Deposit Insurance Corporation after the financial crisis, changing the name to OneWest. They paid about $1.5 billion, with the FDIC sharing the ongoing mortgage losses. George Soros, a Clinton backer at whose hedge fund Mnuchin had worked, and John Paulson, a hedge fund manager who also supported Trump, invested alongside Mnuchin in IndyMac.

In 2015, CIT, a lender to small and medium-sized businesses, bought OneWest for $3.4 billion, more than doubling the Mnuchin group's initial investment. Mnuchin personally made about $380 million on the sale, according to Bloomberg estimates. He retains around a 1 percent stake in CIT, worth around $100 million, which he may have to divest if confirmed.

CIT has found the reverse mortgage business to be a headache. Recently, CIT took a $230 million pretax charge after it discovered that OneWest had mistakenly charged the government for payments that the company should have shouldered itself. An investigation of Financial Freedom's practices by HUD's inspector general is ongoing.

Yang's lawyers at Jacksonville Area Legal Aid fought his foreclosure for a year. Though Yang had run a dry cleaning business in Florida and roamed the world as a missionary, working in North Korea, China, and Afghanistan, the bank's torrent of paperwork had overwhelmed him. Yang didn't speak English well. OneWest claimed it had sent him forms to verify he was living at his home, but that he never sent them back.

Under HUD rules, OneWest was required to verify that each borrower continued to use the property as a principal residence. It is a condition of all the HUD-backed loans in order to help ensure the government subsidy goes to those who need it.

But Yang can be forgiven for thinking that OneWest could not have doubted that he was still in his home. During the same period that OneWest was moving to foreclose on Yang for not living in his home, another arm of the bank regularly spoke and corresponded with him at his home about a delinquent insurance payment, according to court documents.

A Financial Freedom employee testified in the case that the department that handled delinquent insurance payments and the department that handled occupancy did not communicate with each other in those circumstances.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Driver's Licenses For 9 States Won't Be Valid ID For Domestic Flights In 2018

Residents in nine states wanting to travel domestically via commercial airlines may need to obtain alternative identification documents. Why? While new identification requirements will become effective in 2018, starting in 2017 federal agencies may no longer accept driver's licenses from these nine states.

On December 12, the Department of Homeland Security (DHS) announcement explained:

"The Transportation Security Administration (TSA) will begin posting signs at airports this week notifying travelers that beginning January 2018 it will start enforcing REAL ID requirements at airport security checkpoints, meaning that travelers seeking to use their state-issued driver’s license or identification card for boarding commercial aircraft may only use such documents if they are issued by a REAL ID compliant state or a non-compliant state with an extension."

The U.S. Congress passed the REAL ID Act in 2005 to establish minimum security standards for state-issued driver’s licenses and identification cards. The Act prohibits federal agencies, including the TSA, from accepting licenses and identification cards for certain official purposes (e.g., boarding federally regulated commercial aircraft) from states that do not meet these minimum standards and have not received an extension for compliance from DHS.

If the nine states change their procedures, then the government may grant each state an extension or approval, as warranted. The nine states which did not receive extensions for 2016 or 2017 are Kentucky, Maine, Minnesota, Missouri, Montana, Oklahoma, Pennsylvania, South Carolina, and Washington. So, starting January 30, 2017 federal agencies and nuclear power plants may not accept driver's licenses and state IDs from these nine states for identification. Federal officials may continue to accept Enhanced Driver’s Licenses from Minnesota and Washington.

See the DHS site for the compliance status for all states and territories. See the TSAa.gov site for a complete list of identification documents accepted at TSA checkpoints. Below are the notices you may see while traveling through airports.

Generic TSA notice about changing ID requirements

TSA notice for noncompliant states about changing ID requirements


Ashley Madison Operators Agree to Settlement With FTC And States

Ashley Madison home page image

The operators of the AshleyMadison.com dating site have agreed to settlement with the U.S. Federal Trade Commission (FTC) for security lapses in a massive 2015 data breach. 37 million subscribers were affected and site's poor handling of its password-reset mechanism made accounts discover-able while the site had promised otherwise. The site was know for helping married persons find extra-marital affairs.

The FTC complaint against Avid Life Media Inc. sought relief and refunds for subscribers. The complaint alleged that the dating site:

"... Defendants collect, maintain, and transmit a host of personal information including: full name; username; gender; address, including zip codes; relationship status; date of birth; ethnicity; height; weight; email address; sexual preferences and desired encounters; desired activities; photographs; payment card numbers; hashed passwords; answers to security questions; and travel locations and dates. Defendants also collect and maintain consumers’ communications with each other, such as messages and chats... Until August 2014, Defendants engaged in a practice of using “engager profiles” — that is, fake profiles created by Defendants’ staff who communicate with consumers in the same way that consumers would communicate with each other—as a way to engage or attract additional consumers to AshleyMadison.com. In 2014, there were 28,417 engager profiles on the website. All but 3 of the engager profiles were female. Defendants created these profiles using profile information, including photographs, from existing members who had not had any account activity within the preceding one or more years... Because these engager profiles contained the same type of information as someone who was actually using the website, there was no way for a consumer to determine whether an engager profile was fake or real. To consumers using AshleyMadison.com, the communications generated by engager profiles were indistinguishable from communications generated by actual members... When consumers signed up for AshleyMadison.com, Defendants explained that their system is “100% secure” because consumers can delete their “digital trail”.

More importantly, the complaint alleged that the operators of the site failed to protect subscribers' information in several key ways:

"a. failed to have a written organizational information security policy;
b. failed to implement reasonable access controls. For example, they: i) failed to regularly monitor unsuccessful login attempts; ii) failed to secure remote access; iii) failed to revoke passwords for ex-employees of their service providers; iv) failed to restrict access to systems based on employees’ job functions; v) failed to deploy reasonable controls to identify, detect, and prevent the retention of passwords and encryption keys in clear text files on Defendants’ network; and vi) allowed their employees to reuse passwords to access multiple servers and services;
c. failed to adequately train Defendants’ personnel to perform their data security- related duties and responsibilities;
d. failed to ascertain that third-party service providers implemented reasonable security measures to protect personal information. For example, Defendants failed to contractually require service providers to implement reasonable security; and
e. failed to use readily available security measures to monitor their system and assets at discrete intervals to identify data security events and verify the effectiveness of protective measures."

The above items read like a laundry list of everything not to do regarding information security. Several states also sued the site's operators. Toronto, Ontario-based Ruby Corporation (Formerly called Avid Life media), ADL Media Inc. (based in Delaware), and Ruby Life Inc. (d/b/a Ashley Madison) were named as defendants in the lawsuit. According to its website, Ruby Life operates several adult dating sites: Ashley Madison, Cougar Life, and Established Men.

The Ashley Madison site generated about $47 million in revenues in the United States during 2015. The site has members in 46 countries, and almost 19 million subscribers in the United States created profiles since 2002. About 16 million of those profiles were male.

Terms of the settlement agreement require the operators to pay $1.6 million to settle FTC and state actions, and to implement a comprehensive data-security program with third-party assessments. About $828,500 is payable directly to the FTC within seven days, with an equal amount divided among participating states. If the defendants fail to make that payment to the FTC, then the full judgment of $8.75 million becomes due.

The defendants must submit to the FTC a compliance report one year after the settlement agreement. The third-party assessment programs starts within 180 days of the settlement agreement and continues for 20 years with reports every two years. The terms prohibit the site's operators and defendants from misrepresenting to persons in the United States how their online site and mobile app operate. Clearly, the use of fake profiles is prohibited.

The JD Supra site discussed the fake profiles:

"AshleyMadison/Ruby’s use of chat-bot-based fake or “engager profiles” that lured users into upgrading/paying for full memberships was also addressed in the complaint. According to a report in Fortune Magazine, men who signed up for a free AshleyMadison account would be immediately contacted by a bot posing as an interested woman, but would have to buy credits from AshleyMadison to reply.

Gizmodo, among many other sites, has examined the allegations of fake female bots or “engager profiles” used to entice male users who were using Ashley Madison’s free services to convert to paid services: “Ashley Madison created more than 70,000 female bots to send male users millions of fake messages, hoping to create the illusion of a vast playland of available women.” "

13 states worked on this case with the FTC: Alaska, Arkansas, Hawaii, Louisiana, Maryland, Mississippi, Nebraska, New York, North Dakota, Oregon, Rhode Island, Tennessee, Vermont, and the District of Columbia. The State of Tennessee's share was about $57,000. Vermont Attorney General William H. Sorrell said:

“Creating fake profiles and selling services that are not delivered is unacceptable behavior for any dating website... I was pleased to see the FTC and the state attorneys general working together in such a productive and cooperative manner. Vermont has a long history of such cooperation, and it’s great to see that continuing.”

The Office of the Privacy Commissioner of Canada and the Office of the Australian Information Commissioner reached their own separate settlements with the company. Commissioner Daniel Therrien of the Office of the Privacy Commissioner of Canada said:

“In the digital age, privacy issues can impact millions of people around the world. It’s imperative that regulators work together across borders to ensure that the privacy rights of individuals are respected no matter where they live.”

Australian Privacy Commissioner Timothy Pilgrim stated:

"My office was pleased to work with the FTC and the Office of the Canadian Privacy Commissioner on this investigation through the APEC cross-border enforcement framework... Cross-border cooperation and enforcement is the future for privacy regulation in the global consumer age, and this cooperative approach provides an excellent model for enforcement of consumer privacy rights.”

Kudos to the FTC for holding a company's feet (and its officers' and executives' feet) to the fire to protect consumers' information.


How To Spot Fake News And Not Get Duped

You may have heard about the "pizzagate" conspiracy -- fake news about a supposed child-sex ring operating from a pizzeria in Washington, DC. A heavily armed citizen drove from North Carolina to the pizzeria to investigate to investigate the bogus child-sex ring supposedly run by Presidential candidate Hillary Clinton. The reality: no sex ring. That citizen had been duped by fake news. Shots were fired, and thankfully nobody was hurt.

CBS News reported that the pizzagate conspiracy had been promoted by Michael G. Flynn, son of retired General Michael T. Flynn, Donald Trump's pick for national security adviser. As a result, the younger Flynn resigned Tuesday from President-Elect Trump's transition team.

I use the phrase "fake news" for several types of misleading content: propaganda, unproven or fact-free conspiracy theories, disinformation, and clickbait. The pizzagate incident highlighted two issues: a) fake news has consequences, and b) many people don't know how to distinguish real news from fake news. So, while political operatives reportedly have used a combination of fake news, ads, and social media to both encourage supporters to vote and discourage opponents from voting, there clearly are other real-life consequences.

To help people spot fake news, NPR reported:

"Stopping the proliferation of fake news isn't just the responsibility of the platforms used to spread it. Those who consume news also need to find ways of determining if what they're reading is true. We offer several tips below. The idea is that people should have a fundamental sense of media literacy. And based on a study recently released by Stanford University researchers, many people don't."

The report is enlightening. In the "Evaluating Information: The Cornerstone of Civic Online Reasoning" report, researchers at Stanford University tested about 7,804 students in 12 states between January 2015 and June 2016. They found:

"... at each level—middle school, high school, and college—these variations paled in comparison to a stunning and dismaying consistency. Overall, young people’s ability to reason about the information on the Internet can be summed up in one word: bleak. Our “digital natives” may be able to flit between Facebook and Twitter while simultaneously uploading a selfie to Instagram and texting a friend. But when it comes to evaluating information that flows through social media channels, they are easily duped... We would hope that middle school students could distinguish an ad from a news story. By high school, we would hope that students reading about gun laws would notice that a chart came from a gun owners’ political action committee. And, in 2016, we would hope college students, who spend hours each day online, would look beyond a .org URL and ask who’s behind a site that presents only one side of a contentious issue. But in every case and at every level, we were taken aback by students’ lack of preparation... Many [people] assume that because young people are fluent in social media they are equally savvy about what they find there. Our work shows the opposite."

This is important for both individuals and the future of the nation because:

"For every challenge facing this nation, there are scores of websites pretending to be something they are not. Ordinary people once relied on publishers, editors, and subject matter experts to vet the information they consumed. But on the unregulated Internet, all bets are off... Never have we had so much information at our fingertips. Whether this bounty will make us smarter and better informed or more ignorant and narrow-minded will depend on our awareness of this problem and our educational response to it. At present, we worry that democracy is threatened by the ease at which disinformation about civic issues is allowed to spread and flourish."

While the study focused upon students, but older persons have been duped, too. The suspect in the pizzeria incident was 28 years old. The Stanford report focused upon what teachers and educators can do to better prepare students. According to the researchers, additional solutions are forthcoming.

What can you do to spot fake news? Don't wait for sites and/or social media to do it for you. Become a smarter consumer. The NPR report suggested:

  1. Pay attention to the domain and URL
  2. Read the "About Us" section of the site
  3. Look at the quotes in a story
  4. Look at who said the quotes

All of the suggestions require readers to take the time to understand the website, publication, and/or publisher. A little skepticism is healthy. Also verify the persons quoted and whether the persons quoted are who the article claims. And, verify that any images used actually relate to the event.

We all have to be smarter consumers of news in order to stay informed and meet our civic duties, which includes voting. Nobody wants to vote for politicians that don't represent their interests because they've been duped. To the above list, I would add:

  • Read news wires. These sites include the raw, unfiltered news about who, when, where, and what happened. Some suggested sources: : Associated Press (AP), Reuters, and United Press International (UPI)
  • Learn to recognize advertisements
  • Learn the differences between different types of content: news, opinion, analysis, satire/humor, and entertainment. Reputable sites will label them to help readers.

If you don't know the differences and can't spot each type, then you are likely to get duped.


High Tech Companies And A Muslim Registry

Since the Snowden disclosures in 2013, there have been plenty of news reports about how technology companies have assisted the U.S. government with surveillance programs. Some of these activities included surveillance programs by the U.S. National Security Agency (NSA) including innocent citizens, bulk phone calls metadata collection, warrantless searches by the NSA of citizen's phone calls and emails, facial image collection, identification of the best collaborator with NSA spying, fake cell phone towers (a/k/a 'stingrays') used by both federal government agencies and local police departments, and automated license plate readers to track drivers.

You may also remember, after Apple Computer's refusal to build a backdoor into its smartphones, the U.S. Federal Bureau of Investigation bought a hacking tool from a third party. Several tech companies built the reform government surveillance site, while others actively pursue "Surveillance Capitalism" business goals.

During the 2016 political campaign, candidate (and now President Elect) Donald Trump said he would require all Muslims in the United States to register. Mr. Trump's words matter greatly given his lack of government experience. His words are all voters had to rely upon.

So, The Intercept asked several technology companies a key question about the next logical step: whether or not they are willing to help build and implement a Muslim registry:

"Every American corporation, from the largest conglomerate to the smallest firm, should ask itself right now: Will we do business with the Trump administration to further its most extreme, draconian goals? Or will we resist? This question is perhaps most important for the country’s tech companies, which are particularly valuable partners for a budding authoritarian."

The companies queried included IBM, Microsoft, Google, Facebook, Twitter, and others. What's been the response? Well, IBM focused on other areas of collaboration:

"Shortly after the election, IBM CEO Ginni Rometty wrote a personal letter to President-elect Trump in which she offered her congratulations, and more importantly, the services of her company. The six different areas she identified as potential business opportunities between a Trump White House and IBM were all inoffensive and more or less mundane, but showed a disturbing willingness to sell technology to a man with open interest in the ways in which technology can be abused: Mosque surveillance, a “virtual wall” with Mexico, shutting down portions of the internet on command, and so forth."

The response from many other companies has mostly been crickets. So far, only executives at Twitter have flatly refused, and included with its reply a link to its blog post about developer policies:

"Recent reports about Twitter data being used for surveillance, however, have caused us great concern. As a company, our commitment to social justice is core to our mission and well established. And our policies in this area are long-standing. Using Twitter’s Public APIs or data products to track or profile protesters and activists is absolutely unacceptable and prohibited.

To be clear: We prohibit developers using the Public APIs and Gnip data products from allowing law enforcement — or any other entity — to use Twitter data for surveillance purposes. Period. The fact that our Public APIs and Gnip data products provide information that people choose to share publicly does not change our policies in this area. And if developers violate our policies, we will take appropriate action, which can include suspension and termination of access to Twitter’s Public APIs and data products.

We have an internal process to review use cases for Gnip data products when new developers are onboarded and, where appropriate, we may reject all or part of a requested use case..."

Recently, a Trump-Pence supporter floated this trial balloon to justify such a registry:

"A prominent supporter of Donald J. Trump drew concern and condemnation from advocates for Muslims’ rights on Wednesday after he cited World War II-era Japanese-American internment camps as a “precedent” for an immigrant registry suggested by a member of the president-elect’s transition team. The supporter, Carl Higbie, a former spokesman for Great America PAC, an independent fund-raising committee, made the comments in an appearance on “The Kelly File” on Fox News...

“We’ve done it based on race, we’ve done it based on religion, we’ve done it based on region,” Mr. Higbie said. “We’ve done it with Iran back — back a while ago. We did it during World War II with Japanese.”

You can read the replies from nine technology companies at the Intercept site. Will other companies besides Twitter show that they have a spine? Whether or not such a registry ultimately violates the U.S. Constitution, we will definitely hear a lot more about this subject in the near future.


There's No Evidence Our Election Was Rigged

[Editor's note: Given recent allegations of voter fraud and hacks into voting systems, today's guest post is by reporters at ProPublica. This news story was originally published on November 28, 2016. It is reprinted with permission.]

by Jessica Huseman and Scott Klein, ProPublica

President-elect Donald Trump took to Twitter on Sunday to claim that he would have won the popular vote "if you deduct the millions of people who voted illegally."

There is no evidence that millions of people voted illegally. If there were, we'd have seen some sign of it.

ProPublica was an organizing partner in Electionland, a project run by a coalition of organizations including Google News Lab, Univision, WNYC, the CUNY Graduate School of Journalism and the USA Today Network. We monitored the vote with a team of more than 1,000 people, including about 600 journalism school students poring over social media reports and more than 400 local journalists who signed up to receive tips on what we found. We had access to a database of thousands of calls made to a nonpartisan legal hotline. We had four of the nation's leading voting experts in the room with us and election sources across the country. Thousands of people texted us to tell us about their voting experience.

We had an unprecedented real-time understanding of voting in the United States, and while we saw many types of problems, we did not see mass voter fraud of any kind 2014 especially of the sort Donald Trump alleges.

Trump's claim tracks closely with an Infowars piece published less than a week after the election, claiming that 3 million votes were cast by illegal aliens. The website, run by conservative radio host and noted conspiracy theorist Alex Jones, attributed the number to an unsubstantiated tweet by Gregg Phillips, the founder of VoteStand, a voter fraud app. While Infowars attributed the number to VoteFraud.org, there has been no report on the number by VoteFraud.org and Phillips told Politifact he was not affiliated with the organization. He would not provide Politifact with any information about how he arrived at the number, saying he was still verifying its accuracy. As Politifact points out, there is no evidence to support the number.

On a call Monday morning with reporters, Trump transition spokesman Jason Miller cited two studies to back up the president-elect's claim of illegal voting. The research, he said, spoke to "issues of both voter fraud and illegal immigrants voting."

Experts say the studies did not speak to these issues. The first study Miller cited was published in 2014 and has been widely debunked by a number of researchers. While the study claimed that 14 percent of non-citizens were registered to vote, that turned out to be an error in self-reporting. The question pertaining to citizenship was confusing, leading citizens to regularly mark themselves as non-citizens.

Miller also cited a 2012 Pew Study which found that there were thousands of people on the rolls who had moved or died. David Becker, now the executive director of the Center for Election Innovation & Research, was the primary author of the study, and told us there was "no link" between this study and voter fraud.

"The rolls are out of date because people are moving or dying in the normal course of things, not because people go and intentionally register in two states," he said, adding that his two decades of experience has shown him that out-of-date rolls are not used for fraud. He added that now that 20 states are participating in the Electronic Registration Information Center Inc. 2014 or ERIC 2014 which allows states to share registration information, the voting rolls in 2016 were "far more up to date" than the rolls in 2012.

Beyond the study, Becker said the warning signs of millions of ineligible voters casting ballots are simply not present, nor were they on Election Day, which Becker spent in the Electionland newsroom. In fact, he said, it's likely Electionland 2014 and many other election observers 2014 would have known about this long before the election actually took place.

"There would have been an unprecedented number of new registrants that would not have had matched social security or driver's license numbers," Becker said. "There was no exceptional registration, there were no crazy long lines, there were no language difficulties, and there wasn't an exceptionally high number of mail-in ballots."

Tammy Patrick, another Electionland expert and a fellow at the Bipartisan Policy Center, said that no elections officials have raised flags related to tampering. Jurisdictions do regular audits to ensure that the number of sign-ins equals the number of votes being cast, and none of those audits have found problems. In fact, with the fervor raised in advance by the president-elect himself, Patrick said this election was the best monitored in her memory.

"People were watching," she said. "We had more international observers than ever before. Thousands of political party observers at the polls. Campaign observers in the polling places."

Third-party candidate Jill Stein has raised less sweeping doubts about the validity of the vote. These came on the heels of a Nov. 22 piece in New York Magazine, claiming that researchers had found "persuasive evidence that results in Wisconsin, Michigan, and Pennsylvania may have been manipulated or hacked." The story went on to say that "in Wisconsin, Clinton received 7 percent fewer votes in counties that relied on electronic-voting machines compared with counties that used optical scanners and paper ballots."

Stein has now used this study in her recount petitions in both Wisconsin and Pennsylvania.

However, the story did not seem to hold up under scrutiny. One of those researchers, J. Alex Halderman, writing in a Medium post, disagreed with New York Magazine's characterization of his research, saying only that systems were vulnerable, pointing to the hacks on the Democratic National Committee and the voter registration systems in Illinois and Arizona. He did, however, call for manually checking paper ballots.

Nate Silver at 538 and others rebutted the New York Magazine claims via Twitter and later in a longer story. Silver pointed out, among other things, that in Wisconsin, the disparity between counties that use paper ballots and ones that use electronic voting systems disappears when controlling for race and education.

Charles Stewart, elections expert and professor at MIT, noted in his blog, "virtually all" ballots in Wisconsin and Michigan were cast on paper, so the "core empirical claim" of the New York Magazine story "cannot be true."

But Stein, citing "very troubling news about the possibility of security breaches in voting results," created a crowdsourcing campaign to fund a recount effort in Wisconsin, Michigan and Pennsylvania. She first set a fundraising goal of $2 million, which was very quickly met, and raised it ultimately to $7 million, where it currently stands as we write this.

The Clinton campaign is participating in the Wisconsin recount process. Marc Elias, general counsel to the Clinton campaign, expressed skepticism, saying that the campaign had "not uncovered any actionable evidence of hacking or outside attempts to alter the voting technology," but that they would participate in the recount "in order to ensure the process proceeds in a manner that is fair to all sides."

Both Becker and Patrick say the idea that a hack could meaningfully impact an election is far-fetched. In Wisconsin alone, there are 1,800 jurisdictions, none of which have machines connected to the internet, said Becker. "It would have taken thousands of people working in concert without being discovered to hack the result, just in Wisconsin," he said.

And while some have asserted that malware could have been built into the software used to run electronic voting machines and optical scanners for paper ballots, Patrick said this would either require a lot of foresight or time travel.

"This software is years old. The voting machines are not new. Someone would have had to years ago decide they were going to hack this election, without knowing who the candidates are," she said.

While it's important to investigate voting irregularities, claims made without evidence about fraudulent voting and hacking may have costs that go beyond the expense of a recount. Studies suggest that voters especially low-information voters 2014 who fear that their vote may be tampered with might not vote at all.

Members of the losing party often blame defeats on flaws in the voting system, Becker said. He said it's "particularly difficult" this year, when all of the polls seemed to be lined up against the ultimate winner, "but it doesn't change the facts about the process."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


You Gave President Elect Donald Trump a Whale Of A Holiday Gift

Just before the long holiday weekend, the Attorney General (AG) for New York State announced a settlement agreement with President Elect Donald J. Trump regarding his now defunct, educational business Trump University. Reportedly, the $25 million settlement agreement resolves two class-action lawsuits and an action by the New York State AG.

About 7,000 students paid up to $35,000 in tuition and allegedly received little to no education. Terms of the settlement require Mr. Trump to pay $21 million to settle the two class-action lawsuits and $4 million to New York State. The New York Times reported:

"Trump University, which operated from 2004 to 2010, included free introductory seminars across the country, focusing largely on real estate investing and learning Mr. Trump’s secrets... Documents made public through the litigation revealed that some former Trump University managers had given testimony about its unscrupulous and exploitative business practices. One sales executive testified that the operation was “a facade, a total lie.” Another manager called it a “fraudulent scheme.” Other records showed how Mr. Trump had overstated the depth of his involvement in the programs. Despite claims that Mr. Trump had handpicked instructors, he acknowledged in testimony that he had not... the conclusion of the Trump University cases brings vindication to former students, mostly ordinary people across the country who felt they had been robbed of their savings by Mr. Trump..."

The settlement terms did not require Mr. Trump to admit any wrongdoing:

"At a hearing on the case in San Diego on Friday, [Trump's attorney] Daniel Petrocelli said Mr. Trump had settled the case “without an acknowledgment of fault or liability.” "

Why settle now? The Los Angeles Times reported:

"The law firm Zeldes, Haeggquist & Eck, which helped represent the plaintiffs, said in a statement Friday that it was “incredibly painful” to end the legal battle now. “We stand behind their claims 100%,” the firm said, “but there is always risk in taking a case to trial and that was particularly so here, when the defendant was poised to be the next president of the United States.” The lawsuits dogged Trump on the campaign trail, and he denied the allegations many times and said he would not settle the cases."

Some might conclude that not having to admit wrongdoing is a whale of gift. Reportedly, attorneys for the students waived their fees so the students would receive more compensation. Students would received 55 to 100 percent of the money they spent. Some might also say that settling 3 lawsuits for pennies on the dollar is also a whale of a holiday gift. Sadly, there is more.

Much more. Forbes Magazine explained:

"Of course, the real cost to Mr. Trump is after tax, not before it. And most business settlements are fully tax deductible. The only part that arguably may not be here is the $1 million in penalties. But barring express non-deductibility commitments, many penalties can be deducted, too. In general, fines and penalties paid to the government are not deductible. Section 162(f) of the tax code prohibits deducting "any fine or similar penalty paid to a government for the violation of any law."

Despite punitive sounding names, though, some fines and penalties are considered remedial and deductible. That allows some flexibility. Companies often deduct ‘compensatory penalties,’ a maneuver affirmed in a recent Circuit Court ruling. Some defendants insist that their settlement agreement confirms that the payments are not penalties and are remedial. Conversely, some government entities insist on the reverse.  Explicit provisions about taxes in settlement agreements are becoming more common."

You may remember the fines and payments paid by JPMorgan bank in a 2013 settlement agreement. Frobes explained that only $2 billion of the $13 billion was not tax-deductible. So, taxpayers nationwide have given Mr. Trump a whale of a holiday gift similar to gifts given repeatedly to big banks: tax-deductible payments in settlement agreements that allow them to pay less taxes. You'd think that the tax-deductible benefit would come with a price: having to admit wrongdoing.

Is this fair? Is it right? A 2014 survey by the U.S. Public Interest Research Group Education Fund found that most Americans disapprove of tax-deductible payments in settlement agreements, and want more transparency and disclosures about the contents of settlement agreements.

It is infuriating to this taxpayer. Hopefully it infuriates you, too. It seems that often payments and fines to resolve and penalize a defendant for wrongdoing are anything but. What are your opinions?


Adobe Settles With 15 States Regarding 2013 Data Breach

The Indiana Attorney General announced a multi-state $1.0 million settlement agreement with Adobe Systems, Inc. after a data breach in 2013 where the information about 2.9 million customers nationwide was stolen. The data elements stolen included names, addresses, telephone numbers, e-mail addresses, usernames, encrypted payment card numbers and expiration dates.

14 states which joined Indiana in the settlement agreement: Arkansas, Connecticut, Illinois, Kentucky, Maryland, Massachusetts, Missouri, Minnesota, Mississippi, North Carolina, Ohio, Oregon, Pennsylvania, and Vermont. The states alleged in a lawsuit that Adobe failed to use reasonable security measures to protect its computing systems from hacks or had proper intrusion detection methods installed. The multi-state settlement agreement covers about 552,000 residents from the 15 states.

Indiana's share of the settlement was $53,718.36 for 24,049 Indiana residents affected by the breach. Indiana AG Greg Zoeller said:

"This case is yet another example of the importance of protecting your personal and financial information... I continue to be an advocate for Indiana’s credit freeze protections and encourage all Hoosiers to place credit freezes with the major credit bureaus.”

Connecticut's share was $135,095.71. Connecticut AT George Jepsen  said:

"Consumers should have a reasonable expectation that their personal and financial information is properly safeguarded from unauthorized access... Adobe worked in good faith with my office and the states affected by this incident to better protect consumer information going forward, and for that it deserves some credit. My office will continue to be diligent in protecting Connecticut consumers by strictly enforcing our privacy laws."

46,465 Maryland residents were affected by the breach. Maryland AG Brian E. Frosh said:

“Reasonable security measures must be implemented to maintain the safety and security of consumers’ personal information... As a result of this agreement, Adobe has agreed to bolster its security to prevent another similar occurrence.”

More settlement agreements may be forthcoming.


Voting Technologies By County Across The United States

State and local governments across the United States use a variety of voting technologies. Chances are, you voted on Tuesday using one of two dominant technologies: optical-scan ballots or direct-recording electronic (DRE) devices. Optical-scan ballots are paper ballots where voters fill in bubbles or other machine-readable marks. DRE devices include touch-screen devices that store votes in computer memory.

The Pew Research Center analyzed data from the Verified Voting Foundation, a nongovernmental organization, and found that almost:

"... half of registered voters (47%) live in jurisdictions that use only optical-scan as their standard voting system, and about 28% live in DRE-only jurisdictions... Another 19% of registered voters live in jurisdictions where both optical-scan and DRE systems are in use... Around 5% of registered voters live in places that conduct elections entirely by mail – the states of Colorado, Oregon and Washington, more than half of the counties in North Dakota, 10 counties in Utah and two in California. And in more than 1,800 small counties, cities and towns – mostly in New England, the Midwest and the inter-mountain West – more than a million voters still use paper ballots that are counted by hand."

Previously, voting systems nationwide used punch-card devices and "lever machines" which were slowly replaced since 1980 by optical-scan and DRE devices. You may remember voting with one of the old-style lever machines, a self-contained voting booth where voters flips switches for candidates and then pulled a large lever to record their votes:

"Punch cards hung on throughout the 1990s but gradually lost ground to optical-scan and electronic systems – a decline that accelerated sharply after the 2000 Florida election recount debacle that brought the term “hanging chad” to brief prominence. But as punch cards faded away (the last two jurisdictions to use them, Franklin and Shoshone counties in Idaho, abandoned them after the 2014 elections), some voters became concerned that fully electronic voting would not generate any “paper trail” for future recounts. According to Verified Voting, of the 53,608 jurisdictions that use DRE equipment as their major voting method, almost three-quarters use systems that don’t create paper receipts or other hard-copy records of voters’ choices."

In August of this year, Wired reported about the state of security of the DRE devices:

"What people may not remember is the resulting Help America Vote Act (HAVA), passed in 2002, which among other objectives worked to phase out the use of the punchcard voting systems that had caused millions of ballots to be tossed. In many cases, those dated machines were replaced with electronic voting systems. The intentions were pure. The consequences were a technological train wreck.

“People weren’t thinking about voting system security or all the additional challenges that come with electronic voting systems,” says the Brennan Center’s Lawrence Norden. “Moving to electronic voting systems solved a lot of problems, but created a lot of new ones.”

The list of those problems is what you’d expect from any computer or, more specifically, any computer that’s a decade or older. Most of these machines are running Windows XP, for which Microsoft hasn’t released a security patch since April 2014. Though there’s no evidence of direct voting machine interference to date, researchers have demonstrated that many of them are susceptible to malware or, equally if not more alarming, a well-timed denial of service attack."

Experts have said that, besides better built and more secure DREs, post-election auditing -- checking vote totals against paper ballots -- is the best way to ensure accurate vote totals. Reportedly, more than half of states perform post-election audits.

So, it seems appropriate for citizens living in counties that use antiquated DREs, or that don't perform post-election audits, to contact their elected representatives and demand improvements. Good entities to contact are the elections departments in your city, or the Secretary in your state. Find your state in this list. Below is an image of voting technologies by county:

Pew Research Voting technologies by county in the United States. Click to view larger version


Facebook Provides Members With Elections Ballot Previews

The Facebook social networking site introduced on October 28, 2016 a new feature where provides its voting-age users with previews of candidates and questions. The site presented users with the following ad:

Facebook Elections Ballot ad. Click to view larger version

Like other ads in the site, users can disable the ad. Users that select the "Preview Your Ballot" link will see next three pop-up pages which explain the new feature:

Facebook Elections Ballot popup window. Click to view larger version

Then,, users can preview their ballot based upon where they live, which includes national candidates running for office and ballot questions. To view local candidates running for office and local ballot questions, users must provide Facebook with their complete street address:

Facebook Elections Ballot landing page. Click to view larger version

Within the new feature, users can preview information about each candidates: Issue Positions, Endorsements, Recent Posts, and Website. "Issue Positions" links to content within the candidate's Facebook page. The "Endorsements" and "Recent Posts" selections link similar. "Website" links to the candidate's external website. Issue Positions includes the topics you might expect: budget, civil rights, economy, education, energy, environment, foreign policy, guns, health, immigration, infrastructure, military, Social Security, taxes, terrorism, and more.

Why did Facebook introduce this new feature? According to a popup within the feature:

"You're seeing this because you may be in a state that has a voter registration deadline or election coming up. We want to help people have their voice heard in the elections this year, so we're showing this message to people who are old enough to vote - no matter who they support.

We send reminders about voting every now and then. If you'd rather not see these in the future, click or tap the in the top right corner of the reminder and select Hide Reminder, then Hide all voting reminders."

The official Facebook announcement on October 28 said:

"Voting is important... we’re encouraging civic participation. We want to make it easier for people who want to participate to do so, and to have a voice in the political process... Today, we’re introducing a new feature that shows you what’s on the ballot — from candidates to ballot initiatives. We also show you where the candidates stand on the issues...Not all states in America mail out sample ballots ahead of an election. This can make it challenging to find comprehensive information about the questions you’ll be expected to consider when you walk into the voting booth. Thanks to data gathered from election officials by the nonpartisan Center for Technology and Civic Life (CTCL), we can present you with a preview of the ballot you’ll receive on November 8. If you notice an issue with the CTCL data, we’ve built in a way for you to provide feedback and help correct the dataset.

Challenging to find information? What a load of bull. The Internet makes it easy to visit websites for candidates and ballot questions. Plus, information is available at every state. Example: ballot information in Massachusetts is available at websites by the Secretary of the Commonwealth and the City of Boston. Sample ballots were available during the primaries, too. Every state in the Union has a Secretary of State whose website you should visit anyway for elections and other information. Find your state in this list.

I first saw Facebook's new Elections Ballot feature on November 2, 2016 -- five days after the announcement, and less than 6 days before the November 8 Elections Day. You'd think that Facebook would have introduced this feature sooner; ideally, as soon as the main parties had nominated their candidates. Facebook didn't. Not good. And, the feature's availability may be too late for early voters.

What else is happening with this new feature? Several items are worth mentioning. First, executives at Facebook are probably well aware that two-thirds of the site's users get their news at the site. This new feature is clearly an attempt to keep users within the Facebook bubble: increase the amount of time on site and the number of pages viewed within the site.

Second, the accuracy of the new feature is suspect. I have never shared my residential address with Facebook, so the elections feature displayed 4 questions when there are actually 5 where I live. The fifth question is a local ballot iniative. Users like me, who haven't provided street address information, may get a wrong impression of what's on their ballot -- if they fail to read the fine print. And, we know that too many consumers never read the fine print.

Third, the local candidates and ballot questions are a slick way for Facebook to force users to share their residential street address information. Fourth, the new feature is an opportunity to capture users' voting information. Of course, not the official ballots, but the next closest thing. Users can select which candidates are their Favorites and share it with their Friends: people, coworkers, classmates, family, neighbors, and others they are connected to at the site. Favoriting a candidate within this new feature seems like a pretty explicit and accurate proxy instead of an official ballot:

Facebook Elections Ballot. Links to learn about or favorite a candidate. Click to view larger version

Fifth, armed with this ballot information about its users, Facebook can probably charge more to advertisers (e.g., political campaigns, political action committees, pollsters, data brokers) interested in purchasing information about voting populations and/or buying targeted ads at the site. Consider this report by BuzzFeed from November 2014:

"At some point in the next two years, the pollsters and ad makers who steer American presidential campaigns will be stumped: The nightly tracking polls are showing a dramatic swing in the opinions of the electorate, but neither of two typical factors — huge news or a major advertising buy — can explain it. They will, eventually, realize that the viral, mass conversation about politics on Facebook and other platforms has finally emerged as a third force in the core business of politics, mass persuasion.

Facebook is on the cusp — and I suspect 2016 will be the year this becomes clear — of replacing television advertising as the place where American elections are fought and won. The vast new network of some 185 million Americans opens the possibility, for instance, of a congressional candidate gaining traction without the expense of television, and of an inexpensive new viral populism. The way people share will shape the outcome of the presidential election."

It seems that day has arrived. Shape the conversation and outcome, indeed. It's all driven by data -- big data -- data mining.

Sixth, the new feature raises questions and issues for users. Should Facebook know your voting decisions? Does Facebook have a right to know your voting decisions? Has Facebook earned the right to know your voting decisions? Facebook is a money-making enterprise, so it will sell your information to as many other companies as possible. According to the October 28 announcement:

"How you vote is a personal matter, and we’ve taken steps to make sure that you have utmost control over your plan. After you make a selection, you have to choose who you want to be able to see it (“Only me” or “Friends”). For example, you may want to be private about your choice for president, but share with friends your pick for a congressional race or a ballot initiative."

The language in the announcement seems to confusingly refer to the Facebook feature as voting, when it isn't. Do all of your friends need to know your voting preferences? What about friends with Facebook profiles that are open to the general public? In the latter case, anybody wandering in can view your voting information. Is that what you really want?

Not me. What happens in the voting booth stays in the voting booth. I may express concerns on Facebook, but my final vote is private. No doubt, some consumers will share their voting preferences without considering the implications.

I visited the CTCL website and found it underwhelming and lacking key information to uderstand what this organization really is and does. Not good.

What are your opinions of Facebook's new elections and ballot feature?


Disenfranchised By Bad Design

[Editor's Note: Today's guest post was originally published by ProPublica on October 20, 2016. It is reprinted with permission. Some towns, municipalities, and cities -- such as Boston -- use paper ballots that are scanned. (This facilitates recounts, when needed.) The city provides AutoMARK machines at polling locations to help voters requiring assistance. The machines use audio cues, magnification, and several languages to mark ballots correctly, especially for low-vision and disabled voters. Inquire about this automation or other assistance when you vote.]

by Lena Groeger, ProPublica

This November 8, even if you manage to be registered in time and have the right identification, there is something else that could stop you from exercising your right to vote.

The ballot. Specifically, the ballot's design.

Bad ballot design gained national attention almost 16 years ago when Americans became unwilling experts in butterflies and chads. The now-infamous Palm Beach County butterfly ballot, which interlaced candidate names along a central column of punch holes, was so confusing that many voters accidentally voted for Patrick Buchanan instead of Al Gore.

Pal Beach Country butterfly ballot
Palm Beach county’s infamous butterfly ballot. (Wikimedia Commons)

We've made some progress since then, but we still likely lose hundreds of thousands of votes every election year due to poor ballot design and instructions. In 2008 and 2010 alone, almost half a million people did not have their votes counted due to mistakes filling out the ballot. Bad ballot design also contributes to long lines on election day. And the effects are not the same for all people: the disenfranchised are disproportionately poor, minority, elderly and disabled.

In the predominantly African American city of East St. Louis, the race for United States senator in 2008 was missing a header that specified the type or level of government (Federal, Congressional, Legislative, etc). Almost 10 percent of East St. Louis voters did not have their vote counted for U.S. Senate, compared to the state average of 4.4 percent. Merely adding a header could have solved the problem. Below you can see the original ballot and the Brennan Center redesign.

Brennan Center ballot redesign
Before: no header for the Senate race, after: consistent headers for all contests. (Brennan Center, Better Design Better Elections)

"When we design things in a way that doesn't work for all voters, we degrade the quality of democracy," said Whitney Quesenbery, a ballot expert and co-director of the Center for Civic Design, an organization that uses design to ensure voters vote the way they want to on Election Day.

Many mistakes can be avoided with tiny tweaks
Designer Marcia Lausen, who directs the School of Design at the University of Illinois at Chicago, wrote a whole book about how democracy can be improved with design. She even tackles the infamous butterfly ballot. The 2000 Chicago Cook County judicial retention ballot crammed 73 candidates into 10 pages of a butterfly layout punch card ballot, with punch holes packed much more tightly together than in previous elections. As in Palm Beach, Yes/No votes for the candidates on the left page were confusingly interlaced with Yes/No votes for the right page.

Lausen's proposed redesign eliminates the interlaced Yes/No votes, introduces a more legible typeface, uses shading and outlines to connect names and Yes/No's with the appropriate punch holes, and removes redundant language.

Democracy For Action butterfly ballot image

Democracy For Action butterfly ballot after redesign image
Before and after butterfly ballots. (Design for Democracy)

In the 2002 midterm election in Illinois' Hamilton County, each column of candidate names was next to a series of incomplete arrows. Voters were supposed to indicate their choice of candidate by completing the arrow on the left of the candidate name. But because we read left to right and the candidate names in two races lined up perfectly, many voters marked the arrow to the right. As presented in a Brennan Center analysis, setting the columns a bit further apart and adding borders would have cleared up this confusion:

Suggested redesign of Illinois' Hamilton County ballot
  Illinois’ Hamilton county confusing ballot, and suggested redesign. (Brennan Center)

In Minnesota in 2008, Al Franken beat Norm Coleman for the U.S. Senate seat by a sliver, less than 300 votes. In that race, almost 4,000 absentee ballots were not counted because the envelope was not signed. The Minnesota Secretary of State's office decided to redesign the mailing envelope. After a series of usability tests, they added a big X to mark where people should sign. In the following election in 2010, the rate of missing signatures dropped to 837.

Minnesota's mailing envelope is a good example of how designers can solve design problems well before any election actually happens 2014 by testing those ballots beforehand.

"Test and test and test," recommends Don Norman, a designer and cognitive scientist who wrote the the book on designing objects for everyday life. The most important aspect of ballot design, he says, is considering the needs of the voters. He suggests doing extensive testing of ballots on a sample of people, which should include those who are "blind, deaf, or people with physical disabilities as well as people with language difficulties."

Bad instructions are a design problem, too
Beyond layout and ordering, the unanimous winner for worst part of ballot design? Instructions.

"The instructions are uniformly horrible!" said usability expert Dana Chisnell, who co-directs the Center for Civic Design with Quesenbery. Confusing jargon, run-on sentences, old-fashioned language left over from 100 years ago: all of these plague ballots across the country. Here are a few example instructions (the first from Kansas, the second from Ohio) along with the Brennan Center's redesign:

Brennan Center suggested redesign of Kansas ballot instructions
(Brennan Center, Better Ballots)

Brennan Center suggested redesign of Ohio ballot instructions
(Brennan Center, Better Ballots)

Even if the instructions are clear, placement of instructions has a huge effect on whether people understand them. In usability tests conducted in Florida's Sarasota and Duval counties in 2008, the majority of participants got to the end of the ballot and stopped. Which was a problem, because the ballot continued on the other side. Despite instructions specifically telling people to vote both sides of the ballot, they didn't.

Designers have already put together guidelines for making better ballots
Luckily, there are resources for how to help avoid these predictable problems. In addition to Lausen's book, the Design for Democracy initiative has worked for years at applying design principles to improve elections. A few years ago the design association AIGA combined forces with Whitney Quesenbery and Dana Chisnell to condense their best practices into a set of handy field guides.

The ballot-specific guide, Designing Usable Ballots, has this advice:

  1. Use lowercase letters.
  2. Avoid centered type.
  3. Use big enough type.
  4. Pick one sans-serif font.
  5. Support process and navigation.
  6. Use clear, simple language.
  7. Use accurate instructional illustrations.
  8. Use informational icons (only).
  9. Use contrast and color to support meaning.
  10. Show what’s most important.

For the designers, these recommendations may seem obvious. But election officials 2014 the ones responsible for laying out a ballot 2014 are not designers.

Sometimes, reality thwarts good design
Even if officials wanted to follow every design best practice, they probably wouldn't be able to.

That's because ballots are as complicated as the elections they represent. Elections in the U.S. are determined at the local level, and so each ballot must be uniquely crafted to its own jurisdiction. Ballots must combine federal, state, and local contests, display measures and propositions, and sometime require voters to express their choices in various formats 2014 for example ranking their choices versus selecting one candidate for the job.

"There will always be special circumstances that present new problems for ballot design," said David Kimball, a political science professor at the University of Missouri-St. Louis who has written extensively on voting behavior and ballot design.

Take what happened this summer in California's Senate race primary. A record number of 34 candidates were running to replace incumbent Democrat Barbara Boxer, and the ballot needed to fit them all. In many counties, elections officials simply couldn't follow the good design recommendation of "Put all candidate names in one column."

To make matters worse, bad design is written right into the law
Election officials are often constricted in what they can and can't do by specific language in their local election code. More often than not, the law is to blame for bad design.

For example, numerous jurisdictions require that candidate names and titles be written in capital letters. This goes against huge amounts of evidence that lowercase letters are easier to read. Other requirements like setting a specific font size, making sections bold or center-aligning headers make it next to impossible to follow all the design best practices.

Image of Illinois Election Code
Illinois Election Code used to require candidate names to be printed in capital letters. (Statutes of the State of Illinois)

Some election code requirements just seem to invite clutter. In Kansas, a candidate's hometown must be listed under their name. In California, the candidate's occupation. Designers argue that this additional text complicates the ballot with needless information, but they can't get rid of it without breaking the law.

"It's amazing how many design prescriptions are written into law by non-designers," said designer Drew Davies, who has worked with numerous jurisdictions to improve their ballots and voting materials and is design director of AIGA's Design for Democracy.

Some of those prescriptions border on the comical. In New York, election law requires that each candidate name must be preceded by "the image of a closed fist with index finger extended pointing to the party or independent row." Here's how that actually looks on real New York ballots:

[insert ny closed fist image]

In design, everything matters 2014 even the order of the candidate names
Some design problems are not as obvious as a pointing finger. Take something as simple as the order of the candidates' names. There is a well known advantage for being listed first on the ballot. The "primacy effect" can significantly sway elections, especially in smaller races not widely covered in the media where there is no incumbent. One study of the 1998 Democratic primary in New York found that in seven races the advantage from being listed first was bigger than the margin of victory. In other words, if the runner-up candidates in those races had been listed first on the ballot, they likely would have won.

As one report puts it, "a non-negligible portion of local governmental policies are likely being set by individuals elected only because of their ballot position." To combat this unconscious bias, some states have already mandated that names are randomly ordered on the ballot. Still, many states and jurisdictions do not have a standard system for organizing these names.

The future will bring new design challenges --but also new ways to make voting more accessible
As more and more states adopt absentee and vote-by-mail systems, they make voting more accessible and convenient 2014 but they also introduce new ways of making mistakes. And those errors are only caught after the ballot has been mailed in, too late to change. A polling place acts as a fail-safe, giving you the opportunity to ask a poll worker for help or letting you fill out a new ballot if yours gets rejected by the voting machine. But on an absentee ballot, if you made a mistake and your vote isn't counted, you'll never know.

There are several current efforts to overhaul the ballot entirely. Los Angeles County, for example, has teamed up with the design company IDEO to create an easier and more accessible way to vote. Their customizable device would let people fill out a sample ballot on their own time from a computer or mobile device, and then scan a code at the polling place to automatically transfer their choices to a real ballot.

The Anywhere Ballot is another open-source project that's designed to create a better voting experience for everyone 2014 including voters with low literacy or mild cognitive issues. Their digital ballot template, which came out of extensive user testing and follows all the current ballot design best practices, lets anyone use their own electronic device to mark a ballot.

But of course, the design problems that plague ballots affect all aspects of the voting process.

Voter registration materials, mailed voter guides and education booklets, election department websites and online instructions, poll worker materials 2014 all of these have problems that can be improved with better design.

"Ballots are where all the drama happens," said designer Lausen, "but there is much more to election design."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.