122 posts categorized "Reports & Studies" Feed

Oklahoma Closes 37 'Disposal Wells' After Quake. Report Listed Susceptible Areas In 6 States

During the holiday weekend, CNN reported:

"Five months before Saturday's 5.6 magnitude temblor in central Oklahoma, government scientists warned that oil and natural gas drilling had made a wide swath of the country more susceptible to earthquakes.

The U.S. Geological Survey (USGS), in a March report on "induced earthquakes," said as many as 7.9 million people in parts of Kansas, Colorado, New Mexico, Texas, Oklahoma and Arkansas now face the same earthquake risks as those in California. The report found that oil and gas drilling activity, particularly practices like hydraulic fracturing or fracking, is at issue... Saturday's earthquake spurred state regulators in Oklahoma to order 37 disposal wells, which are used by frackers, to shut down over a 725-square mile area... The quake that struck Saturday is at least the second of its size to affect central Oklahoma since 2011."

What are "disposal wells?" A variety of activities produce waste stored using "Class I Disposal Wells:" petroleum refining, metal production, chemical production, pharmaceutical production, commercial disposal, food production, and municipal wastewater treatment. According to the U.S. Environmental Protection Agency (EPA), these Class I wells are further categorized into four types: municipal, non-hazardous, hazardous, and radioactive. The EPA site also explains the other Classes of wells: II, III, IV, V, and VI.

So, a lot of industries besides fracking pump liquids into the ground -- deep into the ground; both to extract resources and to deposit waste.

Given the earthquake activity, the closed wells, and damage to business and residential properties, it seems wise to read the March 2016 report by the USGS, which discussed at the risks and potential for damage from both natural and induced earthquakes:

"The most significant hazards from induced seismicity are in six states, listed in order from highest to lowest potential hazard: Oklahoma, Kansas, Texas, Colorado, New Mexico and Arkansas. Oklahoma and Texas have the largest populations exposed to induced earthquakes."

So, that's a list you wouldn't want to see mention your state. Nor would you want to see your state at the top of the list. The USGS report included maps highlighting specific areas with risks ranging from less than one percent to a 12 percent probability. The report also stated:

“In the past five years, the USGS has documented high shaking and damage in areas of these six states, mostly from induced earthquakes... the USGS Did You Feel It? website has archived tens of thousands of reports from the public who experienced shaking in those states, including about 1,500 reports of strong shaking or damage.” In developing this new product, USGS scientists identified 21 areas with increased rates of induced seismicity. Induced earthquakes have occurred within small areas of Alabama and Ohio but a recent decrease in induced earthquake activity has resulted in a lower hazard forecast in these states for the next year. In other areas of Alabama and small parts of Mississippi, there has been an increase in activity, and scientists are still investigating whether those events were induced or natural."

Lets unpack this. First, risk varies based upon where you live. Second, risk varies with time. The USGS risk models include both one-year and 50-year outlooks. So, the risk in an area may be low during the coming year, but very different (e.g., higher) when considering what might happen during the next 50 years. That sounds a lot like floods. A huge, devastating flood may not happen often -- perhaps once every 50 or 100 years, but when it does... the damage and costs are considerable. Third, you don't need to live near or adjacent to a well to be affected.

Below is the USGS map with 21 susceptible areas:

USGS map with seismic activity during 1980 to 2015. Click to view larger version

Note the areas named: Alice, Ashtabula, Brewton, Cogdell, Dagger Draw, El Dorado, Fashbing, Greeley, Irving, North-Central Arkansas, North Texas, Oklahoma-Kansas, Paradox Valley, Perry, Raton Basio, Rangely, Rocky Mountain Arsenal, Sun City, Timpson, Venus, and Youngstown. The USGS advises persons living in areas with higher earthquake risks to learn how to prepare, and visit FEMA's Ready Campaign website.

A USGS report in 2015 titled, "6 Facts About Human-Caused Earthquakes" described the types of human activities:

"Injecting fluid underground can induce earthquakes, a fact that was established decades ago by USGS scientists. This process increases the fluid pressure within fault zones, essentially loosening the fault zones and making them more likely to fail in an earthquake... even faults that have not moved in historical times can be made to slip and cause an earthquake... There are several purposes for injecting fluid underground. The three main reasons are wastewater injection, hydraulic fracturing and enhanced oil recovery. Within the United States, each of these three activities has induced earthquakes to varying degrees in the past few years. All three types of wells used for these purposes are regulated under the Safe Drinking Water Act with minimum standards set by the U.S. Environmental Protection Agency. Additional regulations vary by state and municipality. Other purposes for injecting fluid underground include enhanced geothermal systems and geologic carbon sequestration."

That same report also mentioned this:

"Fact 5: Induced seismicity can occur at significant distances from injection wells and at different depths. Earthquakes can be induced at distances of 10 miles or more away from the injection point and at significantly greater depths than the injection point."

So, to be affected you don't have to live near or adjacent to a disposal well or injection point. Alert readers will notice that the EPA's classification system for wells and injection points largely mirrors the different types of human activities... which really seem to be mostly corporate activities.

Do you live in or near one of the 21 areas? What are your opinions?


Study Confirms Consumers Ignore Online Policies And Agree To Anything

Researchers have confirmed what privacy advocates and government regulators have suspected for a long time: Internet users often ignore online policies: privacy and terms of service. And those consumers who read policies, pay insufficient attention.

In a working paper titled, "The Biggest Lie On The Internet," researchers tested 543 college students (from a communications class) by having them sign up for NameDrop, a fictitious social networking site (SNS). 47 Percent of test participants were female, and the average age of all participants was 19. 62 percent identified as Caucasian, 15 percent as Asian, 6 percent as Black, 2 percent as Hispanic/Latin, and 3 percent as mixed race/ethnicity.

Authors of the working paper were Jonathann A. Obar, a Research Associate at the the Quello Center for Telecommunications Management and Law at Michigan State University, and Anne Oeldorf-Hirsch, at the University of Connecticut. The paper was submitted for peer review and to the U.S. Feral Communications Commission (FCC).

The study found that almost three of four test participants -- 74 percent -- skipped reading the privacy policy by clicking on a "Quick Join" button. Those that did read the privacy policy spent a little over a minute -- 73 seconds -- reading the 7,977-word policy. Test participants spent less time -- 51 seconds -- reading the 4,316-word TOS policy.

The researchers expected test participants to spend longer times reading the policies because persons with a 12-grade or college education read about 250 to 280 words per minute. So, the it should have taken 29 to 32 minutes to read the 7,977-word privacy policy. The range of actual reading times was 2.96 seconds to 37 minutes; with 80 percent of test participants spending less than one minute of reading time.

The paper did not mention if reading times varied by device (e.g., phone, tablet, laptop, desktop). The researchers identified three factors that predict policy reading times:

  1. Information Overload: if the persons perceived the policies to be too long andtoo much work,
  2. Nothing to Hide: persons view the policies as irrelevant because they do nothing wrong, and
  3. Difficult to Understand: persons believe that they can't understand the language in the policies.

The researchers inserted problematic clauses into the policies which test participants should have spotted and inquired about:

"Implications were revealed as 98 percent missed NameDrop TOS 'gotcha clauses' about data sharing with the National Security Agency (NSA) and employers, and about providing a first-born child as payment for SNS access."

Only 15 percent (83 persons) expressed concerns about NameDrop's policies. Of the 83 persons who expressed concerns, 11 mentioned the NSA clause, and nine mentioned the child-assignment clause. The rest mentioned concerns about the length of the policies and the trustworthiness of the SNS.

The study also asked test participants how long they spent reading policies. The findings supported the "privacy paradox" found by other researchers:

"The paradox suggests that when asked, individuals appear to value privacy, but when behaviors are examined, individual actions suggest that privacy is not a high priority... When participants were asked to self-report their engagement with privacy and TOS policies, results suggested average reading times of approximately five minutes..."

So, test participants said they spent about 5 minutes reading policies while their actual times were about a minute or less, if they read the policies at all.

With most consumers skipping online policies, they have given companies the power to insert any clauses desired into these policies. This has implications for consumers' ability to control their online reputation, privacy, and resolve conflicts (e.g., binding arbitration instead of courts).

This also has implications for how governments enforce data protection for their citizens. Historically:

"... approaches to privacy and increasingly reputation protections by governments throughout the world often draw from a contentious model referred to as the 'notice and choice' privacy framework. Notice and choice evolved from the U.S. Federal Trade Commission's (FTC) Fair Information Practice Principles, developed in the 1970s to address growing information privacy concerns raised by digitization. In the early 1980s, the FIPPs were promoted by the OECD as part of an international set of privacy guidelines, contributing to the implementation of data protection laws and guidelines in the U.S., Canada, the EU, Australia, and elsewhere... The notice and choice privacy framework was designed to "put individuals in charge of the collection and use of their personal information" (Reidenberg et al, 2014: 3)..."

The researchers' focused upon the:

"... notice component, noted by the FTC as "the most fundamental principle" (FTC, 1998: 7) of personal information protection... As the FTC (1998) notes, choice and related principles attempting to offer data control "are only meaningful when a consumer has notice of an entity's policies, and his or her rights with respect thereto." Notice policies typically... appear on websites, applications, are sent in the mail, provided in-person, generally when an individual connects with the entity in question for the first time, and increasingly when policies change. Despite suggestions that notice policy in particular is deeply flawed, strategies for strengthening notice policy continue to be seen as central to address, for example, privacy concerns associated with corporate and government surveillance, and consumer protection concerns about Big Data..."

So, the biggest lie on the Internet is that consumers agree to policies, which they really can't because they haven't read them. Governments, privacy advocates, companies, and usability professionals need to find a better way, because the current approach clearly isn't working:

"The policy implications of these findings contribute to the community of critique suggesting that notice and choice policy is deeply flawed, if not an absolute failure. Transparency is a great place to start, as is notice and choice policy; however, all are terrible places to finish. They leave digital citizens with nothing more than an empty promise of protection, an impractical opportunity for data privacy self-management, and as Daniel Solove (2012) analogizes, too much homework. This doesn't even begin to address the challenges unique to children in the realm of digital reputation..."

Absolutely, since many sites allow children as young as 14 to sign up. Policy reading rates are probably worse among children ages 14 - 17.

Download the working paper: "The Biggest Lie on The Internet" (Adobe PDF). the paper is also available here. The study used students majoring in communications. I wonder if the results would have been different with business majors or law students. What do you think?


Coming Soon: Autonomous Freighters On The Oceans

Technology races forward in several industries. The military uses remote-controlled drones, vendors use drones to inspect buildings, companies test driver-less cars, automakers introduce cars with more automation, and retailers pursue delivery drones. Add shipping to the list of industries.

Experts predict that robotic ships will sail the oceans by 2020. The Infinity Leap site reported:

"The concept of robotic ships was revealed by Rolls Royce back in 2014. According to reports, the Advanced Autonomous Waterborne Applications (AAWA) project guided by Rolls-Royce recently came up with a white paper which provides comprehensive details about the robotic ships or the autonomous vessels and the problems associated with them as far as their operation is concerned... the AAWA whitepaper is developed by Rolls-Royce with the support of partners like ESL Shipping, Finferries, Brighthouse Intelligence and the Tampere University of Technology. The AAWA whitepaper talks extensively about autonomous applications, and the issues related to the safety and certainty of designing and running the distantly controlled ships."

So, there's some new terminology to learn. Obviously, manned ships include on-board human crews that operate all ship's functions. There are subtle but important differences between automated, remote-controlled, and autonomous ships. The Maritime Unmanned Navigation through Intelligent Networks (MUNIN) website provides some helpful definitions and diagrams:

"The remote ship is where the tasks of operating the ship are performed via a remote control mechanism (e.g. by a shore based human operator), and

The automated ship is where advanced decision support systems on board undertake all the operational decisions independently without intervention of a human operator."

I found this diagram helpful with understanding the different types of robotic ships:

MUNIN. Types of robotic ships. Click to view larger version

So, the remote human operator could be on land, on board another ship, or on board an airplane. And, remote-controlled ships will use augmented reality displays. Again, from Infinity Leap:

"According to reports, Rolls-Royce has developed a unique new bridge called ‘oX’ or the Future Operator Experience Concept in collaboration with Finland’s VTT Technical Research Centre and Aalto University. It is learned that the bridge’s windows serve as augmented reality displays, which help in displaying necessary information and improve the visibility around the ship with the support of high-end cameras and sensors. That means the augmented reality windows help in displaying navigation tracks and give necessary warnings and information about the ships sailing nearby, ice and a whole lot of other invisible things."

The MUNIN site also provides a view of how decisions might be made by autonomous ships:

MUNIN. Decision making by autonomous ships. Click to view larger version

All of this makes one wonder how much of this automation the passenger cruise ship industry will adopt. It is a reminder of the importance of applying similar distinctions in types of automation to land-based commercial vehicles: delivery vans, school buses, inter-city buses, tractor-trailers, buses and trains in mass-transit systems, and construction equipment.

Would you want your children riding in autonomous school buses? How do you feel about riding in autonomous mass-transit buses or subways? Commuter trains?


In The Modern Era, More Young Adults Live With Their Parents

As a parent of three children who are now adults, this news item caught my attention. The Pew Research Center reported:

"Broad demographic shifts in marital status, educational attainment and employment have transformed the way young adults in the U.S. are living, and an analysis of census data highlights the implications of these changes for the most basic element of their lives – where they call home. In 2014, for the first time in more than 130 years, adults ages 18 to 34 were slightly more likely to be living in their parents’ home than they were to be living with a spouse or partner in their own household."

The data:

  Percent of Adults
Ages 18 to 34
Living Arrangement 1880 1940 1960 2014
Living at home with parents 30 35 20 32.1
Married or co-habitation in own household 45 46 62 31.6
Living alone, single parents, and other head of household 3 3 5 14
Other living arrangement 22 16 13 22

Several factors contributed to this shift:

"The first is the postponement of, if not retreat from, marriage. The median age of first marriage has risen steadily for decades. In addition, a growing share of young adults may be eschewing marriage altogether. A previous Pew Research Center analysis projected that as many as one-in-four of today’s young adults may never marry. While cohabitation has been on the rise, the overall share of young adults either married or living with an unmarried partner has substantially fallen since 1990.

In addition... employed young men are much less likely to live at home than young men without a job, and employment among young men has fallen significantly in recent decades. The share of young men with jobs peaked around 1960 at 84%. In 2014, only 71% of 18- to 34-year-old men were employed. Similarly with earnings, young men’s wages (after adjusting for inflation) have been on a downward trajectory since 1970 and fell significantly from 2000 to 2010. As wages have fallen, the share of young men living in the home of their parent(s) has risen."

And there are differences by gender:

"For men ages 18 to 34, living at home with mom and/or dad has been the dominant living arrangement since 2009. 'In 2014, 28 percent of young men were living with a spouse or partner in their own home, while 35 percent were living in the home of their parent(s). For their part, young women are on the cusp of crossing over this threshold: They are still more likely to be living with a spouse or romantic partner (35%) than they are to be living with their parent(s) (29%). In 2014, more young women (16%) than young men (13%) were heading up a household without a spouse or partner. This is mainly because women are more likely than men to be single parents living with their children..."

Additional findings:

"In 2014, 40 percent of 18- to 34-year-olds who had not completed high school lived with parent(s), the highest rate observed since the 1940 Census when information on educational attainment was first collected.

Young adults in states in the South Atlantic, West South Central and Pacific United States have recently experienced the highest rates on record of living with parent(s).

With few exceptions, since 1880 young men across all races and ethnicities have been more likely than young women to live in the home of their parent(s)."

The methodology included decennial census data and large samples, typically 1 percent of young adults nationwide.


Social Networking Sites With The Largest Number of News Users

Recently, some friends and I were discussing the wisdom of getting your news from social networking websites (e.g., Facebook, Twitter, Snapchat, Youtube, LinkedIn, etc.) instead of directly from news media sites. Apparently, many consumers get their news from such sites.

The Pew Research Center reported that most adults in the United States, 62 percent, get their news from social networking sites. The corresponding statistic in 2012 was 49 percent. Fewer social media site users get their news from other platforms: local television (46 percent), cable TV (31 percent), nightly network TV (30 percent), news websites/apps (28 percent), radio (25 percent), and print newspapers (20 percent). 

Pew analyzed which social networking sites were used the most for news, and whether consumers used multiple sites to obtain news. The Pew Research Center found:

"Two-thirds of Facebook users (66 percent) get news on the site, nearly six-in-ten Twitter users (59 percent) get news on Twitter, and seven-in-ten Reddit users get news on that platform. On Tumblr, the figure sits at 31 percent..."

The corresponding statistics are 23 percent for Instagram, 21 percent for Youtube, 19 percent for LinkedIn, and 17 percent at Snapchat. The implications:

"Facebook is by far the largest social networking site, reaching 67% of U.S. adults. The two-thirds of Facebook users who get news there, then, amount to 44% of the general population. YouTube has the next greatest reach in terms of general usage, at 48% of U.S. adults. But only about a fifth of its users get news there, which amounts to 10% of the adult population. That puts it on par with Twitter, which has a smaller user base (16% of U.S. adults) but a larger portion getting news there."

About audience overlap, Pew found that most people (64 percent) get their news from one social media site. 26 percent get their news from two social media sites, and 10 percent get their news from three social media sites. Pew also found that more users at Reddit, Twitter, and LinkedIn seek out news versus stumbling across it by accident:

  Percent of news users of each
site who mostly get news online
Social Networking Site While doing
other things
Because they're
looking for it
Instagram 63 37
Facebook 62 38
Youtube 58 41
LinkedIn 46 51
Twitter 45 54
Reddit 42 55

Who are the news users at the five largest social sites with news users? The users vary by site:

"... while there is some crossover, each site appeals to a somewhat different group. Instagram news consumers stand out from other groups as more likely to be non-white, young and, for all but Facebook, female. LinkedIn news consumers are more likely to have a college degree than news users of the other four platforms; Twitter news users are the second most likely."

The demographic data:

Pew-social-news-users

Some of you are probably wondering about Google+ and Pinterest. Pew removed three social media sites because:

"... Pinterest, which has been shown to have a small portion of users who use it for news; Myspace, which has largely transitioned to a music site; and Google+, which through its recent transformations is being phased out as a social networking site."

The survey was conducted from January 12 to February 8, 2016 and included 4,654 respondents (4,339 by web and 315 by mail). The methodology included a randomly-selected subset of U.S. adults (6,301 total web-based persons and 474 total mail persons.


Courts To Use Risk Scores More Frequently. Analysis Found Scores Unreliable And Racial Bias

ProPublica investigated the use of risk assessment scores by the courts and justice system in the United States:

"... risk assessments — are increasingly common in courtrooms across the nation. They are used to inform decisions about who can be set free at every stage of the criminal justice system, from assigning bond amounts... to even more fundamental decisions about defendants’ freedom. In Arizona, Colorado, Delaware, Kentucky, Louisiana, Oklahoma, Virginia, Washington and Wisconsin, the results of such assessments are given to judges during criminal sentencing. Rating a defendant’s risk of future crime is often done in conjunction with an evaluation of a defendant’s rehabilitation needs. The Justice Department’s National Institute of Corrections now encourages the use of such combined assessments at every stage of the criminal justice process. And a landmark sentencing reform bill currently pending in Congress would mandate the use of such assessments in federal prisons."

Some important background:

"In 2014, then U.S. Attorney General Eric Holder warned that the risk scores might be injecting bias into the courts. He called for the U.S. Sentencing Commission to study their use... The sentencing commission did not, however, launch a study of risk scores. So ProPublica did, as part of a larger examination of the powerful, largely hidden effect of algorithms in American life. [ProPublica] obtained the risk scores assigned to more than 7,000 people arrested in Broward County, Florida, in 2013 and 2014 and checked to see how many were charged with new crimes over the next two years, the same benchmark used by the creators of the algorithm."

ProPublica analyzed data for Broward County in the State of Florida, and found the risk assessment scores to be unreliable:

"... in forecasting violent crime: Only 20 percent of the people predicted to commit violent crimes actually went on to do so. When a full range of crimes were taken into account — including misdemeanors such as driving with an expired license — the algorithm was somewhat more accurate than a coin flip. Of those deemed likely to re-offend, 61 percent were arrested for any subsequent crimes within two years."

ProPublica also found biases based upon race:

"In forecasting who would re-offend, the algorithm made mistakes with black and white defendants at roughly the same rate but in very different ways. The formula was particularly likely to falsely flag black defendants as future criminals, wrongly labeling them this way at almost twice the rate as white defendants. White defendants were mislabeled as low risk more often than black defendants."

Northpointe logo ProPublica re-checked the analysis. Same results. Northpointe, the for-profit company that produced the Broward County, Florida risk scores disagreed:

"... it criticized ProPublica’s methodology and defended the accuracy of its test: “Northpointe does not agree that the results of your analysis, or the claims being made based upon that analysis, are correct or that they accurately reflect the outcomes from the application of the model.” Northpointe’s software is among the most widely used assessment tools in the country. The company does not publicly disclose the calculations used to arrive at defendants’ risk scores, so it is not possible for either defendants or the public to see what might be driving the disparity... Northpointe’s core product is a set of scores derived from 137 questions that are either answered by defendants or pulled from criminal records. Race is not one of the questions..."

Formed in 1989, Northpointe is a wholly owned subsidiary of the Volaris Group. Northpointe works with a variety ot federal, state, and local justice agencies in the United States and Canada. The company's website also states that it also works with policy makers.

Besides Northpointe, several companies provide risk assessment tools to courts and the judicial system. The National Center For State Courts (NCSC) provides a list of risk assessment tools (Adobe PDF).

All of this points to a larger problem suggesting risk scores still haven't been adequately studied nor techniques vetted:

"There have been few independent studies of these criminal risk assessments. In 2013, researchers Sarah Desmarais and Jay Singh examined 19 different risk methodologies used in the United States and found that “in most cases, validity had only been examined in one or two studies” and that “frequently, those investigations were completed by the same people who developed the instrument.” Their analysis of the research through 2012 found that the tools “were moderate at best in terms of predictive validity,”... there have been some attempts to explore racial disparities in risk scores. One 2016 study examined the validity of a risk assessment tool, not Northpointe’s, used to make probation decisions for about 35,000 federal convicts. The researchers, Jennifer Skeem at University of California, Berkeley, and Christopher T. Lowenkamp from the Administrative Office of the U.S. Courts, found that blacks did get a higher average score but concluded the differences were not attributable to bias."

I wonder if the biases found started in the data rather than in the algorithm. The algorithm may have been developed and tested using existing prison populations which are known to be skewed, plus overly aggressive policing via school-to-prison pipelines and for-profit prisons in many states. Both the State of Florida and Broward County have histories with school-to-prison pipelines.

Plus, It seems crazy to make decisions about persons' lives based upon scores without knowing how the scores were calculated, and without adequate research or vetting of techniques. Transparency matters.

Thoughts? Opinions?


Study: Many Sharing Economy Companies Not There Yet On Privacy And Transparency

Uber logo You've probably heard of the term, "sharing economy" (a/k/a digital economy). It refers to a variety of companies that link buyers and sellers online. These companies include taxi-like ride-sharing services (e.g., Uber, Lyft), home sharing services (e.g., Home Away, Airbnb, VRBO), delivery services (e.g., Postmates), and on-demand labor services (e.g., TaskRabbit).

The 2016 "Who Has Your Back?" report by the Electronic Frontier Foundation (EFF) focused upon companies in the sharing economy, and their policies and practices for inquiries by law enforcement. Prior annual reports included social networking websites, email providers, Internet service providers (ISPs), cloud storage providers, and other companies. The EFF observed that companies in the sharing economy:

"... also collect sensitive information about the habits of millions of people across the United States. Details about what consumers buy, where they sleep, and where they travel are really just scratching the surface of this data trove. These apps may also obtain detailed records of where your cell phone is at a given time, when you are logged on or active in an app, and with whom you communicate.

It’s not just the purchasers in the gig economy who have to trust their data to the startups developing these apps. Individuals offering services are users just like the buyers, and also leave behind a digital trail as (or more) detailed than that of the purchasers. From Lyft drivers to Airbnb hosts to Instacart shoppers, people providing services are entrusting enormous amounts of data to these apps... As with any rich trove of data, law enforcement is increasingly turning to the distributed workforce as part of their investigations. That’s not necessarily a bad thing, but we need to know how and when these companies actually stand up for user privacy..."

So, it is sensible and appropriate to evaluate how well (or poorly) these companies protect consumers' privacy and communicate their activities. The EFF found overall:

"Many sharing economy companies have not yet stepped up to meet accepted tech industry best practices related to privacy and transparency, according to our analysis of their published policies. This analysis is specific to government access requests for user data, and within that context we see ample room for improvement by this budding industry... however, some gig economy companies leading the field on this issue...

Regarding ride-sharing companies, the EFF found:

"We analyzed 10 companies as part of this report. Of them, both Uber and Lyft earned credit in all of the categories we examined. We commend these two companies for their transparency around government access requests, commitments to protecting Fourth Amendment rights in relation to user communications and location data, advocacy on the federal level for user privacy, and commitment to providing users with notice about law enforcement requests. These two companies are setting a strong example for other distributed workforce companies... In contrast, another ride-sharing company, Getaround, received no stars in this year’s report."

TripAdvisor logo The EFF also found improvements by home-sharing companies (links added):

"... FlipKey (owned by TripAdvisor) has adopted several policies related to government access of user data. FlipKey requires a warrant for user content or location data and promises to inform users of law enforcement access requests. It is also a member of the Digital Due Process Coalition, fighting for reform to outdated communications privacy law. Of the home sharing companies we reviewed, FlipKey does the most to stand up for user privacy against government demands.

Only two other companies from our research set earned credit in any categories: Airbnb and Instacart, each earning credit in three categories. Both of these companies require a warrant for content, publish law enforcement guidelines, and are members of the Digital Due Process Coalition..."

Airbnb logo The Digital Due Process Coalition (DDPC) seeks reforms to the Electronic Communications Privacy Act (ECPA) because:

"Technology has advanced dramatically since 1986, and ECPA has been outpaced. The statute has not undergone a significant revision since it was enacted in 1986... As a result, ECPA is a patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for both service providers and law enforcement agencies. ECPA can no longer be applied in a clear and consistent way, and, consequently, the vast amount of personal information generated by today’s digital communication services may no longer be adequately protected. At the same time, ECPA must be flexible enough to allow law enforcement agencies and services providers to work effectively together..."

DDPC members include Adobe, Airbnb, Amazon.com, Apple, AT&T, Dell, Dropbox, eBay, Facebook, IBM, Intel, Lyft, Reddit, Snapchat, and many more well-known brands.

Postmates logo The EFF report also found (links added):

"... half of the companies we reviewed—Getaround, Postmates, TaskRabbit, Turo, and VRBO—received no credit in any of our categories. This finding is disappointing... most of the companies we analyzed were not yet publishing transparency reports. Only two companies in the field—Lyft and Uber—have published reports outlining how many law enforcement access requests they’ve received. As a result, the general public has little insight into how often the government is pressuring gig economy companies for access to user data. This concerns us, as one way to make surveillance without due process worse is to allow it to happen entirely in secret. Publicizing reports of law enforcement access requests can help illuminate patterns of overzealous policing, shine a light on efforts by companies to resist overly broad requests, and perhaps give pause to law enforcement officials who might otherwise seek to grab more user data than they need..."

Read the 2016 EFF "Who Has Your Back?" executive summary, or the full report (Adobe PDF). Kudos to the EFF for providing a very timely and valuable report. What are your opinions.


Report: Lawsuits Resulting From Corporate Data Breaches

Chart 1: Bryan Cave LLP: 2016 Breach Litigation Report. Click to view larger version

This week, the law firm of Bryan Cave LLP released its annual review of litigation related to data breaches. 83 cases were filed, representing a 25 percent decline compared to the prior year. Other Key findings from the 2016 report:

"Approximately 5% of publicly reported data breaches led to class action litigation. The conversion rate has remained relatively consistent as compared to prior years... When multiple filings against single defendants are removed, there were only 21 unique defendants during the Period. This indicates a continuation of the “lightning rod” effect noted in the 2015 Report, wherein plaintiffs’ attorneys are filing multiple cases against companies connected to the largest and most publicized breaches, and are not filing cases against the vast majority of other companies that experience data breaches..."

Slightly more than half (51 percent) of all cases were national. The most popular locations were lawsuits were filed included the Northern District of Georgia, the Central District of California, the Northern District of California, and the Northern District of Illinois. However:

"Choice of forum, however, continues to be primarily motivated by the states in which the company-victims of data breaches are based."

Charges of negligence were cited in 75 percent of lawsuits. Which industry were frequently sued and which weren't:

"... the medical industry was disproportionately targeted by the plaintiffs’ bar. While only 24% of publicly reported breaches related to the medical industry, nearly 33% of data breach class actions targeted medical or insurance providers. The overweighting of the medical industry was due, however, to multiple lawsuits filed in connection with two large scale breaches... There was a 76% decline in the percentage of class actions involving the breach of credit cards... The decline most likely reflects a reduction in the quantity of high profile credit card breaches, difficulties by plaintiffs’ attorneys to prove economic harm following such breaches, and relatively small awards and settlements.."

57 percent of cases included sensitive personal information (e.g., Social Security numbers), 23 percent of cases included debit/credit card information, and 18 percent of cases included credit reports. The law firm reviewed lawsuits occurring during a 15-month period ending in December, 2015. Data sources included Westlaw Pleadings, Westlaw Dockets, and PACER databases.

Historically, some lawsuits by consumers haven't succeeded when courts have dismissed cases because plaintiffs weren't able to prove injuries. According to the Financial Times:

"However, decisions from a number of high-profile cases are likely to make it easier for consumers to bring suits against companies in the event of a data breach... For example, in July 2015, the Seventh US Circuit Court of Appeals, overturning a previous judgment, ruled that customers of Neiman marcus could potentially sue the retailer because they were at substantial risk of identity theft or becoming victims of fraud..."

Learn more about the Neiman Marcus class-action. Criminals hack corporate databases specifically to reuse (or resell) victims' stolen sensitive personal and payment information to obtain fraudulent credit, drain bank accounts, and/or hack online accounts -- injuries which often don't happen immediately after the breach. That's what identity thieves do. Hopefully, courts will take a broader, more enlightened view.

I look forward to reading future reports which discuss drivers' licenses data and children's online privacy, and the Internet of Things (ioT). View the "2016 Data Breach Litigation Report" by Bryan Cave LLP. Below is another chart from the report.

Chart 2: Bryan Cave LLP: 2016 Breach Litigation Report. Click to view larger version


Report: Significant Security Risks With Healthcare And Financial Services Mobile Apps

Arxan Technologies logo Arxan Technologies recently released its fifth annual report about the state of application security. This latest report also highlighted some differences between how information technology (I.T.) professionals and consumers view the security of healthcare and financial services mobile apps. Overall, Arxan found critical vulnerabilities:

"84 percent of the US FDA-approved apps tested did not adequately address at least two of the Open Web Application Security Project (OWASP) Mobile Top 10 Risks. Similarly, 80 percent of the apps tested that were formerly approved by the UK National Health Service (NHS) did not adequately address at least two of the OWASP Mobile Top 10 Risks... 95 percent of the FDA-approved apps, and 100 percent of the apps formerly approved by the NHS, lacked binary protection, which could result in privacy violations, theft of personal health information, and tampering... 100 percent of the mobile finance apps tested, which are commonly used for mobile banking and for electronic payments, were shown to be susceptible to code tampering and reverse-engineering..."

Some background about the U.S. Food and Drug Administration (FDA). The FDA revised its guidelines for mobile medical apps in September, 2015. The top of that document clearly stated, "Contains Nonbinding Regulations." The document also explained which apps the FDA regulates (link added):

"Many mobile apps are not medical devices (meaning such mobile apps do not meet the definition of a device under section 201(h) of the Federal Food, Drug, and Cosmetic Act (FD&C Act)), and FDA does not regulate them. Some mobile apps may meet the definition of a medical device but because they pose a lower risk to the public, FDA intends to exercise enforcement discretion over these devices (meaning it will not enforce requirements under the FD&C Act). The majority of mobile apps on the market at this time fit into these two categories. Consistent with the FDA’s existing oversight approach that considers functionality rather than platform, the FDA intends to apply its regulatory oversight to only those mobile apps that are medical devices and whose functionality could pose a risk to a patient’s safety if the mobile app were to not function as intended. This subset of mobile apps the FDA refers to as mobile medical apps."

The Arxan report found that consumers are concerned about app mobile security:

80 percent of mobile app users would change providers if they knew the apps they were using were not secure. 82 percent would change providers if they knew alternative apps offered by similar service providers were more secure."

Arxan commissioned a a third party which surveyed 1,083 persons in the United States, United Kingdom, Germany, and Japan during November, 2015. 268 survey participants were I.T. professionals and 815 participants were consumers. Also, Arxan hired Mi3 to test mobile apps during October and November, 2015. Those tests included 126 health and financial mobile apps covering both the Apple iOS and Android platforms, 19 mobile health apps approved by the FDA, and 15 mobile health apps approved3 by the UK NHS.

One difference in app security perceptions between the two groups: 82 percent of I.T. professionals believe "everything is being done to protect my apps" while only 57 percent of consumers hold that belief. To maintain privacy and protect sensitive personal information, Arxan advises consumers to:

  1. Buy apps only from reputable app stores,
  2. Don't "jail break" your mobile devices, and
  3. Demand that app developers disclose upfront the security methods and features in their apps.

The infographic below presents more results from the consolidated report. Three reports by Arxan Technologies are available: consolidated, healthcare, and financial services.

Arxan Technologies. 5th Annual State of App Security infographic
Infographic reprinted with permission.


Facts About Debt Collection Scams And Other Consumer Complaints

Logo for Consumer Financial Protection Bureau The Consumer Financial Protection Bureau (CFPB) recently released a report about debt collection scams. The report is based upon more than 834,00 complaints filed by consumers nationally with the CFPB about financial products and services: checking and savings accounts, mortgages, credit cards, prepaid cards, consumer loans, student loans, money transfers, payday loans, debt settlement, credit repair, and credit reports. Complaints about debt collection scams accounted for 26 percent of all complaints.

The most frequent scam are attempts to collect money from consumers for debts they don't owe. This accounted for 38 percent of all debt-collection-scam complaints submitted. This included harassment:

"Consumers complained about receiving multiple calls weekly and sometimes daily from debt collectors. Consumers often complained that the collector continued to call even after being repeatedly told that the alleged debtor could not be contacted at the dialed number. Consumers also complained about debt collectors calling their places of employment... Consumers complained that they were not given enough information to verify whether or not they owed the debt that someone was attempting to collect. "

The two companies with the most complaints:

"... were Encore Capital Group and Portfolio Recovery Associates, Inc. Both companies, which are among the largest debt buyers in the country, averaged over 100 complaints submitted to the Bureau each month between October and December 2015. In 2015, the CFPB took enforcement actions against these two large debt buyers for using deceptive tactics to collect bad debts."

Compared to a year ago, debt collection complaints increased the most in Indiana (38 percent), Arizona (27 percent), and New Hampshire (26 percent) during December 2015 through February 2016. Debt collection complaints decreased the most in Maine (-34 percent), Wyoming (-26 percent), and North Dakota (-23 percent). And:

"Of the five most populated states, California (10 percent) experienced the greatest percentage increase and Illinois (-4 percent) experienced the greatest percentage decrease in debt collection complaints..."

The report lists 20 companies with the most debt-collection complaints during October through December 2015. The top five companies with with average monthly complaints about debt collection are Encore Capital Group (139.3), Portfolio Recovery Associates, Inc. (112.3), Enhanced recovery Company, LLC (65.7), Transworld Systems Inc. (63.7), and Citibank (54.7). This top-20 list also includes several banks: Synchrony Bank, Capital One, JPMorgan Chase, Bank of America, and Wells Fargo.

While the March Monthly Complaint Report by the CFPB focused upon debt collection complaints, it also provides plenty of detailed information about all categories of complaints. From December 2015 through February 2016, the CFPB received on average every month about 6,856 debt collection complaints, 4,211 mortgage complaints, 3,556 credit reporting complaints, 2,021 complaints about bank accounts or services, and 1,995 complaints about credit cards. Most categories showed increased complaint volumes compared to the same period a year ago. Only two categories showed a decline in average monthly complaints: credit reporting and payday loans. Debt collection complaints were up 6 percent.

Compared to a year ago, average monthly complaint volume (all categories) increased in 40 states and decreased in 11 states. The top five states with the largest increases (all categories) included Connecticut (31 percent), Kansas (30 percent), Georgia (25 percent), Louisiana (25 percent), and Indiana (24 percent). The top five states with the largest decreases (all categories) included Hawaii (-25 percent), Maine (-19 percent), South Dakota (-14 percent), District of Columbia (-8 percent), and Idaho (-6 percent). Also:

"Of the five most populated states, New York (12 percent) experienced the greatest complaint volume percentage increase, and Texas (-8 percent) experienced the greatest complaint volume percentage decrease from December 2014 to February 2015 to December 2015 to February 2016."

The chart below lists the 10 companies with the most complaints (all categories) during October through December, 2015:

Companies with the most complaints. CFPB March 2016 Monthly Complaints Report. Click to view larger image

The "Other" category includes consumer loans, student loans, prepaid cards, payday loans, prepaid cards, money transfers, and more. During this three-month period, complaints about these companies totaled 46 percent of all complaints. Consumers submit complaints about the national big banks covering several categories. According to the CFPB March complaints report (links added):

"By average monthly complaint volume, Equifax (988), Experian (841), and TransUnion (810) were the most-complained-about companies for October - December 2015. Equifax experienced the greatest percentage increase in average monthly complaint volume (32 percent)... Ocwen experienced the greatest percentage decrease in average monthly complaint volume (-18 percent)... Empowerment Ventures (parent company of RushCard) debuted as the 10th most-complained-about company..."

To learn more about the CFPB, there are plenty of posts in this blog. Simply enter "CFPB" in the search box in the right column.


Survey: Bankers Expect Consumers To Use Wearable And Smart Home Devices For Banking

Pegasystems logo Would you use a smart watch, fitness band, or other wearable device for banking? How about your smart television or refrigerator? Many bankers think you will, and are racing to integrate a broader range of mobile devices and technologies into their banking services. A recent survey of financial executives found that:

"... 20 per cent expect it to be common for consumers to make financial transactions using wearables within one year, 59 per cent within two years and 91 per cent within five years... 87 per cent expect it to be common for consumers to make financial transactions using Smart TVs and 68 per cent via home appliances."

The survey included 500 executives globally in several financial areas: banking, financial advice, consumer finance, investment management, insurance, and payments. So, consumers are likely to see these changes not just at your bank, but in a variety of financial and insurance transactions. Here's why:

"... too many banks are out of touch with what customers really want: one survey found 62 per cent of retail banking executives believed their bank offered excellent service compared to just 35 per cent of customers.... Millennials will have annual spending power of US$1. trillion [in 2020] and represent 30 per cent of total retail sales... Millennials not only have an appetite for disruptive new technologies but also an affinity with brand-savvy digital leaders... The Millennial Disruption Index, a three-year study of industry disruption conducted by Viacom subsidiary Scratch, found that banking was most vulnerable to disruption..."

The report discussed the desire by executives to serve customers via a variety of methods:

"Today’s customers expect a flawless end-to-end experience across all channels, yet fewer than 4 per cent of our respondents say they have achieved full omni-channel integration... by 2020, 89 per cent of our respondents expect to achieve full omni-channel integration. This either suggests a massive surge of investment over the next five years – or an industry in denial about the scale of the task ahead... 70 per cent expect video chat to largely replace branch appointments. Indeed, six out of ten now believe a digital-only channel model is viable."

Bankers view the Internet-of-Things (IoT) as both a collection of endpoint devices to provide services through, and a rich source of data:

"...93 per cent agree that finding innovative ways to provide value-added services to customers based on data-driven insight will be crucial to long-term success... 86 per cent agree that once consumers recognize the data potential of the IoT they will increasingly seek to benchmark their own behavior against their peers..."

Banks will probably develop more non-human (e.g., self-service) interfaces:

"... 76 per cent agree the widespread use of virtual assistants such as Siri on the iPhone means customers are more willing to engage with automated assistance and advice... almost three quarters of our respondents agree that in the future customers will interact with a human-like avatar..."

Another technology being considered:

"... 60 per cent [of survey respondents] believe that blockchain, a distributed public ledger which can securely record any information and the ownership of any asset, will prove to be the most significant technology development to affect financial services since the Internet and 45 per cent think the combination of blockchain wallets and peerto-peer (P2P) lending could herald the end of banking as we know it... 12 per cent expect the settlement of insurance claims using IoT data, blockchain and smart contracts to be mainstream practice within two years and 74 per cent expect it to be mainstream by 2025..."

Don't expect your bank to provide these new services next week or next month. It will take them time. New systems must be built, tested, debugged, and integrated with legacy computer systems and processes. All of this suggests that to fund their investments in innovation projects, banks probably won't lower their retail banking prices and fees (e.g., checking, savings, etc.) any time soon. While writing this blog the past 8+ years, I've found it wise to always keep an eye on the banks.

Download "The Future of Retail Financial Services" report by Cognizant, Marketforce, and Pegasystems.


New Federal Agency For Stronger Protections Of Background Investigations

Office of Personnel Management logo Fallout continues from the massive data breach at the Office of Personnel Management (OPM) in 2015. The U.S. Federal government announced a reorganization to provide stronger protections of sensitive information collected during background investigations for federal employees and contractors. The reorganization features several changes including a new agency, the National Background Investigations Bureau (NBIB). The WhiteHouse.gov site announced:

"... the establishment of the National Background Investigations Bureau (NBIB), which will absorb the U.S. Office of Personnel Management’s (OPM) existing Federal Investigative Services (FIS), and be headquartered in Washington, D.C.  This new government-wide service provider for background investigations will be housed within the OPM. Its mission will be to provide effective, efficient, and secure background investigations for the Federal Government. Unlike the previous structure, the Department of Defense will assume the responsibility for the design, development, security, and operation of the background investigations IT systems for the NBIB."

After the massive data breach at OPM, several federal agencies conducted a joint 90-Day Suitability and Security review. The agencies involved included the Performance Accountability Council (PAC), the Office of Management and Budget (OMB), the Director of National Intelligence (DNI), the Director of the U.S. OPM, the Departments of Defense (DOD), the Treasury, Homeland Security, State, Justice, Energy, the Federal Bureau of Investigation, and others.

According to its Fact Sheet, the OPM’s Federal Investigative Services (FIS) unit currently conducts investigations for more than 100 Federal agencies. The FIS conducts more than 600,000 security clearance investigations and 400,000 suitability investigations annually. An NBIB Transition Team will oversee the migration to the new information technology systems and procedures. Transition project goals include:

  1. Establish a five-year re-investigation requirement for all personnel with security clearances, regardless of the level of access,
  2. Reduce the number of personnel with active security clearances by 17 percent
  3. Introduce programs to continuously evaluate personnel with security clearances to determine whether ongoing security clearances are necessary, and
  4. Develop recommendations to enhance information sharing between State, local, and Federal Law Enforcement agencies regarding background investigations.

The changes were announced jointly on January 22, 2016 by James R. Clapper (the Director of National Intelligence), Beth Cobert (Acting Director of the OPM), Marcel Lettre (Under Secretary of Defense for Intelligence, Department of Defense), Tony Scott (U.S. Chief Information Officer), and J. Michael Daniel (Special Assistant to the President and Cybersecurity Coordinator, National Security Council, The White House).


Are You A Lab Rat, Social Addict, And Crash Test Dummy? Facebook Acted Like You Are

Facebook logo After unannounced tests in 2014 when Facebook manipulated its customers' news feeds without notice nor consent, users complained bitterly. Well, Facebook has done it again. Either executives at the social networking giant haven't learned from their 2014 experience, or don't care.

This time, the unannounced test included Android app users where Facebook intentionally crashed their apps. Forbes magazine reported:

"Facebook conducted secret tests to determine the magnitude of its Android users’ Facebook addiction, according to a new report published yesterday. Like a bunch of crash test dummies, users of the Facebook app for Android were (several years ago) subject to intentional Facebook for Android app crashes without being informed of the tests. These tests were reportedly conducted so Facebook could determine user resilience to app deprivation–that is, whether users would find ways to use Facebook on their Android devices without the Google Play store app..."

Similarly, the dating service OKCupid irritated its users in 2014 after secret tests. People don't like being treated like lab rats. Ethically-challenged executives don't seem to understand this.

Supposedly, Facebook wanted to know if those Android app users would get replacement apps from other sources, or use the browser interface. Reportedly, Facebook has one billion Android app users. The news article didn't say whether Facebook performed similar tests on Apple iPhone app users. It seems wise to assume so.

The news report didn't mention whether Facebook slowed or manipulated the browser interface to see if users would switch to one of its mobile apps. It seems wise to assume so.

What are your opinions of the secret tests? Is this an acceptable "cost" for a service that promises to remain free?


The Ethical Dilemmas Of Self-Driving Cars

There have been plenty of articles in the news media about self-driving cars. What hasn't been discussed so much are the ethical dilemmas. What are the ethical dilemmas? The M.I.T. Technology review explored the topic:

"Here is the nature of the dilemma. Imagine that in the not-too-distant future, you own a self-driving car. One day, while you are driving along, an unfortunate set of events causes the car to head toward a crowd of 10 people crossing the road. It cannot stop in time but it can avoid killing 10 people by steering into a wall. However, this collision would kill you, the owner and occupant. What should it do?”

If one programs self-driving cars to always minimize the loss of life, then in this scenario the owner is sacrificed. Will consumers buy self-driving cars knowing this? Would you?

Researchers posed this and similar ethical dilemmas to workers at Amazon Mechanical Turk, a crowd-sourcing marketplace for developing human intelligence in computers. The researchers found that while people wanted self-driving cars programmed to minimize the loss of life:

"This utilitarian approach is certainly laudable but the participants were willing to go only so far. [Participants] were not as confident that autonomous vehicles would be programmed that way in reality – and for good reason. They actually wished others to cruise in utilitarian autonomous vehicle more than they wanted to buy a utilitarian autonomous vehicle themselves”

So, few people want to sacrifice themselves. They want others to do it, but not themselves.

There are plenty of ethical dilemmas with self-driving cars:

"Is it acceptable for an autonomous vehicle to avoid a motorcycle by swerving into a wall, considering that the probability of survival is greater for the passenger of the card than for the rider of the motorcycle? Should different decisions be made when children are on board, since they both have a longer time ahead of them than adults, and had less agency in being in the car in the first place? If a manufacturer offers different versions of its moral algorithm, and a buyer knowingly chooses one of them, is the buyer to blame for the harmful consequences of the algorithm’s decisions?”

You can probably think of more dilemmas. I know I can. Should self-driving car manufacturers offer different algorithms so each driver can use the algorithm they want? Or should all cars have the same algorithm? If the approach is differing algorithms, how will this affect insurance rates? If you drive from one country to another, must drivers adjust their car's algorithm for each country?

Last, I prefer the term, "self-driving" to describe the new technology. While some technology sites and news organizations have used the term "driverless," the term "self-driving" is a more accurate description, and it places the responsibility where it should be. Something is driving the car, and not a person.

And, there may be hybrid applications in the future, where a driver operates the vehicle remotely, as drone operators do today. So, there will always be drivers: somebody or something.

Read the MIT Technology Review article titled, "Why Self-Driving Cars Must Be Programmed To Kill." Share below your opinions about how self-driving cars should be programmed.


American Adults Who Don't Use The Internet. Who They Are And Why

A few weeks ago, the Pew Research Center released the results of survey about adults in the United States that don't use the Internet. You're probably thinking: everyone uses the Internet. Right? Afterall, 64 percent of Americans have smartphones and 19 percent of them use their phones to go online.

Actually, a substantial chunk of the population doesn't go online. The Pew Research Center survey described American adults who don't use the Internet.

Overall, in 2015 about 15 percent of American adults don't use the Internet. Across the years, things have gotten better. The comparable figure in 2000 was 48 percent, and 24 percent in 2010. However, in 2015 equal portions of men (15 percent) and women (15 percent) don't use the Internet. The numbers vary more by race, age, income, and residence:

U.S. Adults% Don't Use The Internet
White
Black
Hispanic
Asian
14
20
18
5
Less than $30K
$30K - $49.9K
$50K - $74.9K
$75K or more
25
14
5
3
18 - 29
30 - 49
50 - 64
65 or older
3
6
19
39
Less than high school
High school
Some college
College graduates
33
23
9
4
Urban
Suburban
Rural
13
13
24

The 2015 findings are based upon three surveys of 5,005 adults in the United States. In 2013, Pew Research Center surveyed American adults who don't use the Internet:

Reason For Not Using The Internet% Adults
Not interested 21
Don't have a computer 13
Too difficult or frustrating 10
Don't know how / don't have the skills 8
Too old to learn 8
Don't have access 7
Too expensive 6
Don't need it / don't want it 6
Consider it a waste of time 4
Physically unable (e.g., poor eyesight, disabled) 4
Too busy / don't have the time 3
Worried about privacy / spam / spyware / hackers 3

Of these adults that don't use the Internet:

  • 44 percent have asked a friend or family member to look up something online for them,
  • 23 percent live in households were somebody else in that household uses the Internet, and
  • 14 percent used the Internet previously and stopped.

What to make of this? I look at the people who said Internet access is too expensive or they don't have access. While overall our country appears strong, there are areas of the country were citizens lack one or several services we all take for granted. There are Internet deserts, broadband deserts, banking deserts, public library deserts, and food deserts.


Study: American Adults Are Always Connected And Dependent Upon Their Mobile Devices

Bank of America logo Recently, Bank of America released the results of its second annual Trends in Mobility study.The report explored how several generations of adults -- millennials, Generation X, baby boomers, and seniors -- use their mobile devices, including banking. Key findings:

  • About three-quarters (71 percent) of respondents sleep with–or next to–their mobile phones. Younger millennials (ages 18-24) are most likely to sleep with their smartphone on the bed (34%)
  • The first thing people reach for when they wake up is their mobile device (35 percent) compared to coffee (17 percent), their toothbrush (13 percent), and their spouse (10 percent)
  • Similarly, at the end of the day almost one-quarter (23 percent) of survey respondents fall asleep with their smartphone in their hand. 44 percent of  younger millennials (ages 18-24) fall asleep with their devices
  • Throughout the day, 54 percent of younger millennials (and 36 percent of all survey respondents) constantly check and use their mobile devices. 36 percent of younger millennials and 21 percent of all survey respondents check their devices once per hour
  • Almost four in 10 (38 percent) of consumers say they never disconnect from their mobile phones. Only 7 percent unplug during vacation
  • Almost half (44 percent) of survey respondents said they couldn’t last a day without their mobile devices. Younger people are more dependent. 41 percent of older millennials (ages 25-34) and 37 percent of Generation X (ages 35-49) said they couldn't last a day without their devices
  • 46 percent of survey respondents said ages 13 - 15 is the best age for parents to buy smartphones for their children. 19 percent said ages 16 - 18. 14 percent said the best age is when children can buy their own phones
  • The constant online usage extends to online banking

Bank of America Trends in Consumer Mobility study

Mobile seems to be replacing visits to physical bank branches. 83 percent of respondents have visited a physical bank branch during the past 6 months. While half (51 percent) of all survey respondents use either mobile or online as their primary banking method, only 23 percent of respondents and 6 percent of younger millennials use physical bank branches for most transactions. That has implications for low-paid tellers and branch employees.

Earlier this year, Bank of America raised prices for its checking account customers. Last year, the bank paid $16.65 billion to settle investigations by the U.S. Justice Department (DOJ) and several states' attorney generals into the bank's former and current subsidiaries, including Countrywide Financial Corporation and Merrill Lynch, related to the packaging, marketing, sale, and issuance of residential mortgage-backed securities (RMBS).

The results align with other studies. The Pew Research Center studied mobile etiquette, and found that while 92 percent of American adults have cellphones, 31 percent never turn off their devices and 45 percent rarely turn off their devices. About etiquette, Pew found:

  • 77 percent of survey respondents thought it okay to use phones while walking down the street
  • 75 percent thought it okay to use phones on public transportation (e.g., buses, subways, commuter trains)
  • 38 percent thought it okay to use phones in restaurants
  • 5 percent thought it okay to use phones during meetings
  • 89 percent used their phone during their most recent social gathering

The survey by Pew included 3,217 adults in the U.S. from May 30 to June 30, 2014. Pew also found:

"As a general proposition, Americans view cell phones as distracting and annoying when used in social settings — but at the same time, many use their own devices during group encounters... 82% of adults say that when people use their phones in these settings it frequently or occasionally hurts the conversation. Meanwhile, 33% say that cell phone use in these situations frequently or occasionally contributes to the conversation and atmosphere of the group. Women are more likely than men to feel cell use at social gatherings hurts the group... those over age 50 (45%) are more likely than younger cell owners (29%) to feel that cellphone use frequently hurts group conversations... Young adults have higher tolerance for cellphone use in public and in social settings; they also are more likely to have used their phone during a recent social gathering..."

Why people use their mobile devices during social gatherings:

  • 45 percent: post a photo or video of the social gathering
  • 41 percent: to share something that happened in the group
  • 38 percent: get information that might be of interest to the group
  • 31 percent: connect with others the group knows
  • 16 percent: no longer interested in the group's activity
  • 10 percent: to avoid participating in the group's activity

The survey results are great news for banks, telecommunications companies, mobile device manufacturers, app developers, and data brokers that want to collect location data and serve location-based advertisements.

The Bank of America survey, conducted by Braun Research, Inc. from April 13 - 26, 2015, included 1,000 U.S. adults ages 18 or older. Download the 2015 Trends in Consumer Mobility report (Adobe PDF) by Bank of America.


Silent Phone Calls Indicate The Start Of Identity Theft And Fraud

At some point we all have received these "silent" phone calls. After answering the call, there's nobody on the line. The call is silent and then we hang up. The problem is over, right?

Security experts reported that these "silent" phone calls can be the start of identity theft and fraud. An NPR report explained the identity theft and fraud process.

Step one includes an Internet-based robocall (e.g., an automated phone call using computers) from anywhere in the world -- usually offshore -- by scammers to verify your 10-digit phone number. With the multitude of corporate data breaches, the criminals may have acquired your name and phone number from hackers. Step two is another robocall pretending to be your bank, computer company, collection agency, or tax agency to trick you into revealing sensitive personal information (e.g., e-mail, address, age, bank name, bank account numbers, card numbers, etc.) over the phone.

NPR reported:

"... these robocalls are on the rise because Internet-powered phones make it cheap and easy for scammers to make illegal calls from anywhere in the world... researchers estimate 1 in every 2,200 calls is a fraud attempt."

Experts advise consumers not to disclose any personal information over the phone. Verify the caller first. Demand their name, company name, e-mail, phone number, website address, and how they acquired your phone number. (Most phone scammers will refuse or make excuses.) If the do provide contact information, check to see if matches the contact information you can verify independently (e.g., the phone numbers on the back of your bank card). If it doesn't match, then the caller is probably a scammer.

I always tell callers two things: a) I don't give out personal information over the phone, and b) I need to verify the caller first. If the caller provides a website address, I will check it during the phone call. If the site doesn't exist or looks crappy, that's a huge clue the caller is probably a scammer.

When you disclose personal information over the phone, the criminals' proceed with step three of the identity theft and fraud process. They will contact your bank or credit card company pretending to be you to takeover your account by changing the address on your account. How? The scammers will use the personal information you provided.

What should consumers do when you receive these robocalls? Experts advise that you simply hang up. Don't ask to be taken off their phone lists. Don't access their voicemail system to be removed from their calls. All that does it help the scammers verify your existence.

Parents: now you know what to teach your children about phone calls, privacy, and safety.


Banks Pay Most of Their Tellers Less Than $15 Per Hour

Everyone knows that many low wage employees work in restaurants, fast food, and construction. Add banks to the list.

The National Employment Law Project (NELP) published an August 2015 report about the earnings of employees in banks. The report focused upon retail banks, where consumers and small businesses typically have checking accounts, savings accounts, and loans. NELP studied the pay at banks because:

"Bank tellers constitute the largest banking-related occupation in the United States, with almost half a million workers nationwide. Three in four (74.1 percent) earn less than $15 an hour, compared with 42.4 percent of the total U.S. workforce, according to NELP’s report. Tellers’ median hourly wage is just $12.44. The workforce is overwhelmingly female: more than five in six bank tellers are women."

The media hourly wage is the amount that divides any group in half. Half of the group earns less and half of the group earns more that the median hourly pay. The median hourly pay for several positions in retail banks:

  • Financial clerks: $18.52
  • Secretaries and administrative assistants: $18.22
  • Credit authorizers, checkers, and clerks: $17.65
  • Loan interviewers and clerks: $17.34
  • Bill and account collectors: $17.20
  • Bookkeeping, accounting, and auditing clerks: $17.04
  • New accounts clerks: $16.33
  • Customer service representatives: $15.94
  • Office clerks: $14.64
  • Receptionists and information clerks: $12.93
  • Janitors and cleaners: $10.65

Additional findings from the report (click any image to view a larger version):

Figure 1: Bank employees earning less than $15 per hour. NELP. Click to view larger image

Figure 2: Most bank tellers are women. NELP. Click to view larger image

Figure 3: Most bank tellers are white. Latinos are over-represented. NELP. Click to view larger image

Christine Owens, executive director of NELP said:

“Many people hear about bank profits and lavish CEO compensation and assume that all jobs in banking pay well. But the reality is far different for bank tellers: Though they handle other people’s money all day, many tellers struggle to survive on wages too low to sustain families... In New York, the families of nearly 4 in 10 bank tellers must rely on some form of public assistance to get by; nationally, almost one in three do so.”

The last sentence is worthy of emphasis: 4 in 10 bank tellers must rely on some form of public assistance. So, when companies pay extremely low wages, the rest of us -- taxpayers -- end up paying to support companies that have decided not to pay their employees what many call a "living wage." You can conclude: minimum wage jobs encourage bigger government via assistance programs.

Don't like big government? Then, support minimum wage increases in the state where you live.

Download the full report (Adobe PDF). What are your opinions of these wages?


Drones: Near Misses Over New York, Shoot Down In Kentucky, And DHS Bulletins

On Sunday, CNN reported two near misses between a drone and passenger airplanes in the skies over New York:

"Two airplanes flying near one of the nation's busiest airports each came within 100 feet of a drone on Friday, according to audio from each flight's radio calls. The first, JetBlue Flight 1843, reported spotting a drone at 2:24 p.m. while approaching John F. Kennedy International Airport, according to the Federal Aviation Administration. In the audio recording, the cockpit says that the drone passed just below the planes nose when the jet was flying at an altitude of about 800 to 900 feet."

Details about the second near miss:

"Then at about 5 p.m., Delta Flight 407 -- which had 154 people on board -- was preparing to land when the cockpit reported seeing a drone below its right wing. The Delta flight had its drone encounter near Floyd Bennett Field, located in Gateway National Recreation Area. A Gateway National Recreation Service park ranger told CNN that the field does not permit drone flying but many aviation enthusiasts can be found flying "radio-controlled propeller crafts and unmanned small jets." However, there is a space within Floyd Bennett field where people with a permit and members of an aviation club may fly their own small craft, the ranger said."

The Federal Aviation Administration (FAA) is responsible for maintaining the safety of our skies in the United States. The incident highlights the need for continued and stronger enforcement of aviation safety laws by drone operators:

Unmanned aircraft systems are neither supposed to fly within five miles of an airport without notifying the airport operator and control tower nor are they supposed to go above 400 feet."

On Friday, National Public Radio report a dispute between two Kentucky residents after one shot down a drone the other person was operating:

"William Meredith, 47, of Bullitt County, Ky., was arrested after he used his shotgun to bring down a drone that he said hovered above his property in Hillview, a suburb of Louisville..."

Meredith alleged shot down the drone when it flew over his property. NPR also reported:

"Police were called to the scene; Meredith now faces felony charges of wanton endangerment and criminal mischief, with a court date set for September. The drone's owner, David Boggs, says the drone wasn't hovering low over anyone's property, showing flight tracking data to local media that indicates an altitude of more than 250 feet. And he says he wasn't trying to invade anyone's privacy."

The FAA began investigations in November last year after reports of rogue drones outfitted with cameras at large, outdoor sporting events... college football stadiums.

Last Friday, the Department of Homeland Security (DHS) sent bulletins with intelligence assessments to police departments around the nation. CBS News reported that the bulletins:

"... warned that unmanned aircraft systems (UAS) or drones could be used in the U.S. to advance terrorist and criminal activities... According to federal officials, "The rising trend in UAS incidents within the National Airspace System will continue, as UAS gain wider appeal with recreational users and commercial applications." The bulletin goes on to say, "while many of these encounters are not malicious in nature, they underscore potential security vulnerabilities... that could be used by adversaries..."


Study: Companies Pay Their Senior Executives More Than They Pay In Federal Taxes

The Institute For Policy Studies released the results of a study of executive compensation and corporate taxes. Researchers analyzed the pay of Chief Executive Officers (CEOs) in the largest corporation and the highest paid CEOs. Key findings were:

"Of America’s 30 largest corporations, seven (23 percent) paid their CEOs more than they paid in federal income taxes last year... Of America’s 100 highest-paid CEOs, 29 received more in pay last year than their company paid in federal income taxes—up from 25 out of the top 100 in our 2010 and 2011 surveys."

The pay of those 29 CEOs averaged $32 million. The study also investigated tax shelters. The 29 corporations that paid more to their CEOs than federal income taxes also operated:

"... 237 subsidiaries in tax havens. The company with the most subsidiaries in tax havens was Abbott Laboratories, with 79. The pharmaceutical firm’s CEO paycheck was $4 million larger than its IRS bill in 2013. Of the 29 firms, only 12 reported U.S. losses in 2013. At these 12 unprofitable firms, CEO pay averaged $36.6 million—more than three times the $11.7 million national average for large company CEOs..."

The corporations are familiar brands and names:

"The company that received the largest tax refund was Citigroup, which owes its existence to taxpayer bailouts. In 2013, Citi paid its CEO $18 million while pocketing an IRS refund of $260 million. Three firms have made the list in all three years surveyed. Boeing, Chesapeake Energy, and Ford Motors paid their CEO more than Uncle Sam in 2010, 2011, and 2013."

It would seem that the shareholders at these 12 unprofitable firms either don't care or have allowed the boards of directors to authorize exorbitant pay packages in the face of unprofitable performances. If those seven largest, profitable corporations had paid the full statutory tax rate of 35 percent, they would have paid $25.9 billion in federal taxes, which could have been used instead for:

"... Restoring elementary and high school teaching jobs lost to recession and austerity budget cuts... Resurfacing 22,240 miles of four-lane roads... Running the U.S. Department of Veterans Affairs for two months... Making pre-K [educaton] universal..."

The authors, Scott Klinger and Sarah Anderson, concluded:

"For corporations to reward one individual, no matter how talented, more than they are contributing to the cost of all the public services needed for business success reflects the deep flaws in our corporate tax system. Rather than more tax breaks, Congress should focus on addressing these deep flaws by cracking down on the use of tax havens, eliminating wasteful corporate subsidies, and closing loopholes that encourage excessive executive compensation."

Some specific actions Congress could take (links added):

"... the CUT Loopholes Act would close a variety of loopholes that facilitate tax dodging through offshoring. This bill would treat the foreign subsidiaries of U.S. corporations, whose management and control occur primarily in the United States, as U.S. domestic corporations for income tax purposes. It would also force corporations to take the same expense for stock option grants on their tax returns as they report on their shareholder books... Passing this legislation would reduce the incentive to shift profits and jobs overseas and could raise an additional $189 billion over ten years without raising corporate tax rates... Corporate Tax Fairness Act (S. 250 and H.R. 694)... would eliminate the ability of corporations to defer tax payments on their offshore profits. Instead, all worldwide profits earned by U.S. corporations would be immediately taxable in the United States. Firms would receive a dollar-for-dollar tax credit for any taxes paid to foreign governments. Corporations earning their profits in places like the United Kingdom, Germany, or France, where effective corporate tax rates are similar to U.S. rates, would pay little if any additional tax to the U.S. government. But firms stashing their profits in offshore tax havens would be forced to pay up for their years of tax haven abuse. The bill would raise an estimated $590 billion over ten years."

Download the report, "Fleecing Uncle Sam" (Adobe PDF). A copy is also available here.