Taking a Break

Dear readers,

First I'd like to thank you for your readership. We've covered plenty of important topics together. The good news: there has been plenty to cover. The bad news: there remains plenty to cover. Lately, the important news seems to come non-stop and daily.

Second, after writing this blog for the last 12+ years, frankly I need a break... some time to rest and recharge myself. So, I am going on a hiatus. Posts will resume on Tuesday, November 26, 2019.

No worries. Nothing serious. Just taking a break. Thanks again for your readership and comments. Posts will resume near the end of November!

George Jenkins
Editor


The Obscure Charges That Utility Companies Add to Your Bills

[Editor's note: today's guest post by reporters at ProPublica explores billing practices within the utility industry. Everyone uses electricity, so these new billing practices can negatively impact all consumers. The post is reprinted with permission.]

By Talia Buford, ProPublica

New Jersey was reeling from the Great Recession, and Gov. Jon S. Corzine had a plan. Infrastructure projects, he decided, would help the state shake off the country’s worst economic downturn in generations. In April 2009, the state utility regulator approved nearly $1 billion in projects to install energy-efficient streetlights and replace aging gas lines, and in the process create thousands of jobs across the state.

Utilities wouldn’t have to worry about the cost. Instead of tapping their annual budgets, they were given the green light to impose a surcharge on the gas and electric bills of every customer in the state.

Up till then, such surcharges had been rare, used, for example, in the 1970s when Arab oil-producing countries placed restrictions on exports to countries such as the United States that supported Israel, driving the price of oil to quadruple. Surcharges were used to provide utilities some relief from the volatile oil price swings. But instead of being a one-off, the surcharge championed by the Corzine administration a decade ago helped usher in a new era in the economics of energy.

Across the nation, local and state governments have turned to utilities to address acute and pervasive infrastructure needs, while utility companies have looked to surcharges as a way to finance those projects — and ensure steady profits. Sometimes, utilities have used revenue from surcharges to pay for things other than infrastructure, many of which customers might expect are already included in their rates: tree trimming (Kansas), smart meters (Colorado) and pension costs (Massachusetts).

In New Jersey, gas and electric bills are packed with add-ons that pay for everything from installing solar panels to putting substations on platforms above flood levels. For residential customers, a single charge, added to bills in increments as tiny as a thousandth of a cent per kilowatt hour, can add $35 to $45 a year to costs; for industrial and commercial customers, the charges can add up to tens of thousands of dollars annually. And it’s all on top of the price that regulators have agreed customers should pay for their electricity service.

The use of surcharges has proliferated over the last decade as the energy landscape has changed substantially. The price of oil and gas has dropped as domestic supplies have increased, and residential energy use has plummeted as appliances and lighting have become more efficient. Still, the national average price of electricity has increased slightly over the last decade, with additional surcharges counteracting any potential savings. That means at the end of the day, many customers have likely noticed little, if any change in their final bills.

That remains true in New Jersey, where residential bills last year averaged about $106.28 per month, according to the federal Energy Information Administration. Garden State residents consume less energy than residents of almost all other states, but they have the 12th highest price per kilowatt hour in the nation, at about 15 cents in 2018. Some critics say surcharges have made energy costs more opaque and made it harder for customers to know enough about what they’re paying for to push back.

“Some of these costs might be for important projects and initiatives,” said Evelyn Liebman, advocacy director for AARP New Jersey. “But the question is: How do you evaluate whether or not the price that you’re asking people to pay is fair and that the benefits outweigh the costs?”

To see how surcharges have affected electricity bills, ProPublica examined the charges assessed over the last decade by PSE&G, the utility arm of New Jersey’s largest energy company, PSEG. For PSE&G, adding surcharges has proved to be easier for financing projects than raising rates on its 2.2 million electric customers. The state Board of Public Utilities, which approves rate increases, has to approve surcharges, too, but the waiting period between when the utility spends the money and when it recovers it from customer bills is shorter.

PSE&G went eight years before seeking its most recent rate increase — a lengthy, rigorous process intended to ensure that utilities are reasonable in their charges and prudent in their spending. By October 2018, when its most recent “rate case” was completed, the number of surcharges on PSE&G customer bills had grown to 14, from five in 2009. (Of those, three charges are included in the “societal benefits” charge paid by every utility customer in the state and were created by legislation.)

This year, PSE&G has added two more surcharges to customer bills, bringing the current total to 16. Most notably, one surcharge, the Zero Emissions Certificate Recovery Charge, raises $300 million to prop up PSE&G’s three nuclear power plants. That charge applies to all New Jersey customers, regardless of who supplies their power.

Nationally, the average price of electricity has slightly increased over the last decade, according to data from the Energy Information Administration. But PSE&G said that over the last decade, its customer bills have decreased even with the surcharges, which have financed investments in solar power, energy efficiency and infrastructure upgrades.

The company said the spending has helped keep electricity service reliable, created jobs and reduced emissions. “Programs have costs,” Scott S. Jennings, a PSEG senior vice president, said in an interview. “We totally recognize that. But customers are paying far less than was paid in the past.”

PSE&G said the median monthly bill for customers who only receive electricity was $102 in 2019, down slightly from 2008 when it was $105. The median bill for customers who receive electricity and gas dropped to $176 per month in 2019 from $249 in 2008. Some of those savings can be attributed to lower fuel costs.

“We see that as a win for customers, the economy and the environment,” PSE&G said in a statement.

No federal entity tracks utility surcharges nationwide, but they have been followed for years by consumer advocates and regulatory groups. The National Regulatory Research Institute, the research arm of the association for utility regulators, has cautioned states to consider the potential impacts of surcharges before approving them, with a 2009 paper recommending that the fees be approved “only in special situations.” A review of the fees conducted for the AARP in 2012 found that at least 30 states add surcharges to customer bills for an array of purposes.

In New Jersey, the BPU energy director, Stacy Peterson, said the infrastructure work financed through surcharges needs to be done. Surcharges allow work to be completed more quickly, she said, and the BPU ensures the surcharge revenue is spent properly.

“We always have the ability to step in,” she said. “We’re not just approving these blindly.”

But some critics say utility regulators have lost sight of their mission when it comes to approving surcharges, particularly for what amount to routine business costs.

Regulators “need to remember that the public interest does not mean serving the utilities,” said David Nickel, state consumer counsel in Kansas. “It means serving the public. And sometimes that means looking at the utility and telling them ‘no.’”

Chances are, you give little thought to how your electricity bill is calculated. Surcharges capitalize on that.

“I don’t half look,” said Michael Denning, a 66-year-old retiree from Kearny, New Jersey, who had come to a PSE&G customer service center in Newark on a recent Friday to pay his bill. “They’re on there, but you can’t do anything.”

Other customers said they had not seen the charges and, when approached by a reporter, spent a few minutes shuffling through their bills to decipher what was what.

Each cycle, electricity bills are broken up into two buckets: supply and delivery. Supply charges cover the cost of producing power at a plant or buying it from another producer. Delivery charges cover the cost of bringing that power over transmission lines and ultimately to your light switch. Surcharges — also known in the industry as “trackers” or “clauses” — are included in the delivery bucket and are usually assessed as a fee per kilowatt hour of electricity used.

For a utility, how it seeks to recover expenses comes down to risk.

If a utility chooses to apply for a rate increase, regulators will weigh not only the costs the utility projects for the coming years but also any expenses the utility has made that were not part of its previous rate case. If regulators don’t think the expenses were necessary, they could reject the proposal, leaving the utility on the hook for those outlays.

Surcharges sidestep that risk. Where rate cases entail a fuller review of a utility’s operations, the analysis of a surcharge focuses on a single program. Before any money is spent, that single program is given the blessing of regulators, along with a means to collect the cost from customers up front.

In New Jersey, PSE&G has made surcharges a critical part of its business strategy. In investor materials from as early as 2009, the company notes that its regulatory strategy is to earn all authorized returns on investments and minimize regulatory lag — the time between when a change in costs for the utility is reflected in the customer’s rates.

PSE&G is allowed to earn a profit on some of its investments, and with each program announced came the promise of immediate payback. In a 2011 investor meeting presentation about future investments, the company touted its growth in the solar and energy efficiency arenas alongside receiving approval for immediate repayment through surcharges.

Fitch Ratings, one of the major credit rating agencies, raised the utility’s credit rating in 2012, increasing it one notch from BBB+ to A-, its current rating, citing New Jersey’s “constructive” regulatory environment. At the time, PSE&G had recently added a weather normalization surcharge to gas bills that helped guarantee cash flow even when customers saw a mild winter and used less energy. The BPU’s willingness to allow utilities to recover costs in a “timely manner” meant there was a predictable cash flow even in uncertain outside conditions, the credit agency said at the time.

In a 2014 presentation to industry executives and investors, the company said that it expected to use surcharges to recover 12% of the $11.3 billion invested in solar and energy efficiency programs and an infrastructure hardening program, dubbed “Energy Strong,” which targeted substations that flooded during Superstorm Sandy in 2012.

During another presentation, PSE&G said consumers ultimately wouldn’t feel the surcharge for solar and energy efficiency programs because it would replace a surcharge that was expiring of an equal amount. The move, the company noted, would “fully offset the impact to customer bills,” which wouldn’t go up. Of course, bills wouldn’t go down, either, despite lower fuel costs.

“We can debate the merits of what we should and shouldn’t do,” said Jennings of PSEG. “And different people will have different perspectives. It comes down to affordability and where you draw the line.”

Critics of the charges, however, say projects billed as protecting infrastructure from climate change or increasing reliability are less about improving service and more about ensuring profits.

“If you’re a utility and demand is flat, and you get a return on capital, how can you make a capital investment if no one is buying more electricity,” said David Dismukes, executive director of the Center for Energy Studies at Louisiana State University, who testified against PSE&G’s Energy Strong program. “You say that we need to build in ‘resiliency,’ that’s how you do it.”

PSEG projected roughly $1.6 billion in earnings for 2019. The company has also paid shareholders increasing dividends every year over the past decade.

In New Jersey, surcharges appear to have found a welcoming regulatory environment, especially as the state seeks to ensure its progressive climate policies don’t alienate businesses. It’s a balancing act the state has struggled to pull off. New Jersey has been on the cutting edge of environmental protection legislation, but such efforts were spurred in part by lax enforcement that allowed industrial pollution to do lasting harm to the state’s waterways.

For the most part, utility surcharges and the projects they finance attract only fleeting attention — an article in which residents called PSE&G’s utility pole mounted solar panels an “eyesore,” or others describing work done to help the utility recover after Superstorm Sandy.

“I don’t even pay attention,” Anthony Boone, a 48-year-old artist, said as he ran errands in Newark. “I just pay it. I guess I should be more in tune, but that’s pretty low on the totem pole.”

Some customers did start to pay attention this year after the utility’s parent company, PSEG, sought to impose the surcharge to subsidize its three aging nuclear plants. Without the subsidy, the company said it would have to close the plants, costing the state hundreds of jobs and a key source of clean energy.

Suddenly, surcharges were big news, as officials, executives and legislators sparred over PSEG’s demands and the $300 million price tag.

State experts said the plants were still relatively efficient and not in danger of closing. But a law enacted in May 2018 to compensate nuclear plants for being a cleaner energy source seemed to tie the hands of the BPU. In April, the board voted to impose the surcharge, even as some of the commissioners expressed misgivings, with one likening PSEG’s threats to extortion. The New Jersey rate counsel, Stefanie Brand, whose office advocates on behalf of customers, recently challenged the subsidy in court. In a brief filed this month, Brand said that if PSEG’s threat was all it took to secure the subsidy, then “the ratepayers of this state truly are being held captive.”

As a part of any surcharge agreement, the utility must come back to regulators at a specified point in the project and provide an accounting showing that the money is being spent as stipulated, the BPU said.

Regulators say they also review surcharges as part of a utility’s next application for a rate increase. But until a change made last year, utilities could go as long as they wanted without seeking a rate increase and undergoing the requisite review. A new rule, established by the BPU in January 2018, requires any utility with an infrastructure-related surcharge to submit to a full rate review within five years of the surcharge’s approval. (PSE&G is scheduled to file its next rate case by the end of 2023.)

“Any expense in a rate case has to be prudent,” said Paul Flanagan, executive director of the BPU. “When they’re spending money on building things, one of the issues is: ‘Is it prudent? Is it gold plated? Are they just spending money to earn money?’”

The agency can step in if it believes a charge is being misused, but it almost never does. The BPU doesn’t track such interventions, but of the roughly 1,500 matters that come before the agency annually, Flanagan said interventions have been “fairly rare.”

At core, utilities and regulators see surcharges differently.

Jennings, the PSEG executive, said surcharges help the company invest wisely, ensuring regulators support a project before any money is spent.

“We want to make sure that the other stakeholders, like BPU staff and ultimately the BPU, rate counsel and other key parties agree that it is worthwhile doing,” he said. “They will, through that process, agree that the type of work and basic program is prudent.”

However, the BPU’s Flanagan said surcharges are only a way to make sure that necessary upgrades are made quickly, and he rejected the idea that they are a tacit way for regulators to weigh in on how a company makes investments.

“The utilities run their companies,” he said. “The board doesn’t run the companies. If the utility feels the need to upgrade the system, they’re capable of doing that.”

Garden State residents pay among the highest prices per kilowatt hour in the nation for their electricity. Brand, the state-appointed advocate for customers, said she is concerned about the proliferation of surcharges.

“That kind of surcharge really should be left for extraordinary circumstances and the run-of-the-mill work the utilities should be doing through rates,” Brand said. “If they’re not making enough money to do the work, they always have the ability to come in for a rate case.”

While energy costs may not drive decisions about where to live, for big businesses, energy costs can be a significant factor in locating — or relocating — a facility.

Major commercial customers, such as chemical plants and large retailers, can buy energy from a third party or generate electricity itself, but the power still has to go through a utility’s distribution and transmission lines, which is where the surcharges are applied. That leaves them with no way to avoid the not-so-small impact of the surcharges.

“We have gotten to the point that more money is probably collected at this point through these mechanisms than through base rates,” said Steve Goldenberg, a lawyer for the New Jersey Large Energy Users Coalition, which represents retailers, manufacturers, food chains and pharmaceutical companies. “And that’s the problem.”

For the Kuehne Company, which uses electricity to manufacture industrial grade bleach at plants in New Jersey, Delaware and Connecticut, surcharges have a significant impact on the company’s bottom line.

“We live and die by energy,” said Bill Paulin, the company’s co-president, noting that electricity makes up 40% of the company’s production costs.

“Our energy costs are in the millions,” he said. “We spend more on electricity than we do on medical insurance for our employees.”

The company, which employs 150 people across its three locations, has been in New Jersey since 1919, and it recently built a new manufacturing facility in Kearny, on the industrial peninsula between Newark and Jersey City. Paulin said the company made the decision to stay because of New Jersey’s access to the Northeast markets, and because of the employees who live in the state.

“We decided to take a chance and do what we needed to do to stay,” Paulin said. Still, the new facility, which was built on the site of the company’s older plant, can be dismantled and moved if costs — such as utility bills — continue to rise, he said.

“It wouldn’t be easy or cheap, but we can do it if things get out of whack.”

For now, the bills are holding steady, and not by accident.

A surcharge, imposed five years ago to cover improvements to the utility’s resilience after Hurricane Irene and Superstorm Sandy, was expiring. The program, which collected on average about $4 a month from residential customers and substantially more from commercial customers, would soon be history.

But PSE&G had already asked to impose a new surcharge, which would raise $1.5 billion to elevate or close old substations in flood zones. It would be part of Energy Strong II — an extension of the Sandy recovery program.

During discussions with the BPU and rate counsel this summer, PSE&G scaled back its proposal, and in September, the BPU approved the next phase of the program. The cost to residential customers will be about $3 each month — almost the same amount as the expiring surcharge for the previous round of the recovery program.

For more coverage, read ProPublica’s previous reporting on the environment.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.


Report: Auto Emergency Braking With Pedestrian Detection Systems Fail When Needed Most

Image from AAA report on Emergency braking and pedestrian detection. October 2019. Click to view larger version The American Automobile Association (AAA) reported new research results from tests of automatic emergency braking with pedestrian detection systems in automobiles. The AAA found that these systems work inconsistently and failed when most needed: at night. Chief findings from the report:

"... automatic emergency braking systems with pedestrian detection perform inconsistently, and proved to be completely ineffective at night. An alarming result, considering 75% of pedestrian fatalities occur after dark. The systems were also challenged by real-world situations, like a vehicle turning right into the path of an adult. AAA’s testing found that in this simulated scenario, the systems did not react at all, colliding with the adult pedestrian target every time..."

The testing was performed jointly with the Automotive Club of Southern California’s Automotive Research Center in Los Angeles, California. Track testing was conducted on closed surface streets on the grounds of the Auto Club Speedway in Fontana, California. Four test vehicles were used: 2019 Chevy Malibu, 2019 Honda Accord, 2019 Tesla Model 3 and 2019 Toyota Camry. The testing included four scenarios:

  1. "An adult crossing in front of a vehicle traveling at 20 mph and 30 mph during the day and at 25 mph at night;
  2. A child darting out from between two parked cars in front of a vehicle traveling at 20 mph and 30 mph;
  3. A vehicle turning right onto an adjacent road with an adult crossing at the same time; and
  4. Two adults standing along the side of the road with their backs to traffic, with a vehicle approaching at 20 mph and 30 mph."

For scenario #1: a vehicle moving at 20 mph a collision resulted 60% of the time (= the systems avoided a collision 40 percent of the time). For scenario #2: a collision occurred 89% of the time for vehicles moving at 20 mph For scenario #3, collisions resulted 100 percent of the time. For scenario #4, a collision resulted 80 percent of the time for vehicles moving at 20 mph. Additional test results:

"... the systems were ineffective in all scenarios where the vehicle was traveling at 30 mph. At night, none of the systems detected or reacted to the adult pedestrian."

The October 2019 "Automatic Emergency Braking With Pedestrian Detection" AAA report is available here (Adobe PDF).


Google Has Started Home Deliveries Of Packages By Drones

MediaPost reported:

"The first drone home deliveries of packages from Walgreens have started from Wing, the Alphabet subsidiary. Wing recently received an expanded Air Carrier Certificate from the Federal Aviation Administration allowing the first commercial air delivery service by drone directly to homes in the U.S. The FAA permissions are the first allowing multiple pilots to oversee multiple unmanned aircraft making commercial deliveries to the general public simultaneously. Collaborating with Federal Express and Virginia retailer Sugar Magnolia, Wing began delivering over-the-counter medication, gifts and snacks to residents of Christiansburg, Virginia. FedEx completed the first scheduled ecommerce drone delivery on Friday [October 18th]..."


UPS Announces Expansion Of Its Drone Delivery Program

UPS logo Last week, UPS announced an expansion of its B2B drone delivery program titled UPS Flight. The expansion included three items focused upon the healthcare industry. First, UPS began a:

"... new drone delivery service in support of the University of Utah Health hospital campuses, in partnership with Matternet. The University of Utah campus program will involve drone deliveries of samples and other cargo, similar to the program originally introduced at WakeMed Hospital in North Carolina."

The second item included and agreement with:

"... with CVS Health to develop a variety of drone delivery use cases for business-to consumer applications. The program will include evaluation of delivery of prescriptions and retail products to the homes of CVS customers."

The third item included a partnership:

"... with wholesale pharmaceutical distributor AmerisourceBergen... The collaboration will initially deploy the UPS Flight Forward drone airline to transport certain pharmaceuticals, supplies and records to qualifying medical campuses served by AmerisourceBergen across the United States, with plans to then expand its use to other sites of care."

UPS Chief Strategy and Transformation Officer Scott Price said:

“When we launched UPS Flight Forward, we said we would move quickly to scale this business – now the country’s first and only fully-certified drone airline... We started with a hospital campus environment and are now expanding scale and use-cases. UPS Flight Forward will work with new customers in other industries to design additional solutions for a wide array of last-mile and urgent delivery challenges.”


VPN Service Provider Announced A Data Breach Incident Which Occurred in 2018

Consumers in the United States lost both control and privacy protections when the U.S. Federal Communications Commission (FCC), led by President Trump appointee Ajit Pai, a former Verizon lawyer, repealed in 2017 both broadband privacy and net neutrality protections for consumers. Since then, many people have subscribed to Virtual Private Network (VPN) services to regain protections of their sensitive personal information and online activities.

NordVPN logo NordVPN, a provider of VPN services, announced on Monday a data breach:

"1) One server was affected in March 2018 in Finland. The rest of our service was not affected. No other servers of any type were put at risk. This was an attack on our server, not our entire service; 2) The breach was made possible by poor configuration on a third-party datacenter’s part that we were never notified of. Evidence suggests that when the datacenter became aware of the intrusion, they deleted the accounts that had caused the vulnerabilities rather than notify us of their mistake. As soon as we learned of the breach, the server and our contract with the provider were terminated and we began an extensive audit of our service; 3) No user credentials were affected; 4) There are no signs that the intruder attempted to monitor user traffic in any way. Even if they had, they would not have had access to those users’ credentials..."

In 2018, NordVPN operated about 3,000 servers. It now operates about 5,000 servers. The NordVPN announcement includes more information including technical details.

Earlier this month, C/Net and  PC Magazine published their lists of the best VPN services in 2019. PC Magazine's list, which was published before the breach announcement, included NordVPN. So, it is always wise for consumers to do their research before switching to a VPN service.

What to make of this breach? We don't know who performed the attack. My impression: the attack seemed targeted, since few people probably use the single server in Finland. And, this cyberattack seemed very different from the massive retail attacks where hackers seek to steal the payment information (e.g., credit/debit card numbers) of thousands of consumers.

This cyberattack may have targeted a specific person. Perhaps, the attacker was a competitor or the government agency of a country NordVPN has refused to do business with. (Or, maybe this.) Hopefully, investigative journalists with more resources than this solo blogger will probe deeper.

Several things seem clear: a) cybercriminals have added VPN services to their list of high-value targets, b) hackers have identified the outsourcing vendors used by VPN service providers, and c) cyber attacks like this will probably continue. You might say this breach was a warning shot across the bow of the entire VPN industry. Seems like there is lots more news to come.


Court Says Biometric Privacy Lawsuit Against Facebook Can Proceed

Facebook logo MediaPost reported:

"A federal appellate court has rejected Facebook's request for a new hearing over an Illinois biometric privacy law. Unless the Supreme Court steps in, Illinois Facebook users can now proceed with a class-action alleging that Facebook violated Illinois residents' rights by compiling a database of their faceprints... The legal battle, which dates to 2015, when several Illinois residents alleged that Facebook violated the Illinois Biometric Privacy Information Act, which requires companies to obtain written releases from people before collecting “face geometry” and other biometric data, including retinal scans and voiceprints... The fight centers on Facebook's photo-tagging function, which draws on a vast trove of photos to recognize users' faces and suggest their names when they appear in photos uploaded by their friends..."


The National Auto Surveillance Database You Haven't Heard About Has Plenty Of Privacy Issues

Some consumers have heard of Automated License Plate Recognition (ALPR) cameras, the high-speed, computer-controlled technology that automatically reads and records vehicle license plates. Local governments have installed ALPR cameras on stationary objects such as street-light poles, traffic lights, overpasses, highway exit ramps, and electronic toll collection (ETC).

Mobile ALPR cameras have been installed on police cars and/or police surveillance vans. The Houston Police Department explained in this 2016 video how it uses the technology. Last year, a blog post discussed ALPR usage in San Diego and its data-sharing with Vigilant Solutions.

What you probably don't know: the auto repossession industry also uses the technology. Many "repo men" have ALPR cameras installed on their vehicles. The data they collect is fed into a massive, nationwide, and privately-owned database which archives license-plate images. Reporters at Motherboard obtained a private demo of the database tool to understand its capabilities.

Digital Recognition Network logo The demo included tracking a license plate with the vehicle owner's consent. Vice reported:

"This tool, called Digital Recognition Network (DRN), is not run by a government, although law enforcement can also access it. Instead, DRN is a private surveillance system crowdsourced by hundreds of repo men who have installed cameras that passively scan, capture, and upload the license plates of every car they drive by to DRN's database. DRN stretches coast to coast and is available to private individuals and companies focused on tracking and locating people or vehicles. The tool is made by a company that is also called Digital Recognition Network... DRN has more than 600 of these "affiliates" collecting data, according to the contract. These affiliates are paid a monthly bonus for gathering the data..."

ALPR financing image from DRN site on September 20, 2019. Click to view larger version Affiliates are rep men and others, who both use the database tool and upload images to it. DRN even offers financing to help affiliates buy ALPR cameras. The image on the right was taken from the site on September 20, 2019.

When consumers fail to pay their bills, lenders and insurance companies have valid needs to retrieve ( or repossess) their unpaid assets. Lenders hire repo men, who then use the DRN database to find vehicles they've been hired to repossess. Those applications are valid, but there are plenty of privacy issues and opportunity for abuse.

Plenty.

First, the data collection is indiscriminate and broad. As repo men (and women) drive through cities and towns to retrieve wanted vehicles, the ALPR cameras mounted on their cars scan all nearby vehicles: both moving and parked vehicles. Scans are not limited solely to vehicles they've been hired to repossess, nor to vehicles of known/suspected criminals. So, innocent consumers are caught in the massive data collection. According to Vice:

"... in fact, the vast majority of vehicles captured are connected to innocent people. DRN claims to have more than 9 billion license plate scans, according to a DRN contract obtained by Motherboard..."

Second, the data is archived forever. That can provide a very detailed history of a vehicle's (or a person's) movements:

"The results popped up: dozens of sightings, spanning years. The system could see photos of the car parked outside the owner's house; the car in another state as its driver went to visit family; and the car parked in other spots in the owner's city... Some showed the car's location as recently as a few weeks before."

Third, to facilitate searches metadata is automatically attached to the images: GPS or geolocation, date, time, day of week, and more. The metadata helps provide a pretty detailed history of each vehicle's -- or person's -- movements: where and when a vehicle ( or person) travels, patterns such as which days of the week certain locations are visited, and how long the vehicle (or person) parked at specific locations. Vice explained:

"The data is easy to query, according to a DRN training video obtained by Motherboard. The system adds a "tag" to each result, categorising what sort of location the vehicle was likely spotted at, such as "workplace" or "home."

So, DRN can help users to associate specific addresses (work, home, school, doctors, etc.) with specific vehicles. How accurate might this be? While that might help repo men and insurance companies spot fraud via out-of-state registered vehicles whose owners are trying to avoid detection and/or higher premiums, it raises other concerns.

Fourth, consumers -- vehicle owners -- have no control over the data describing them. Vehicle owners cannot opt out of the data collection. Vehicle owners cannot review nor correct any errors in their DRN profiles.

That sounds out of control to me.

The persons which the archived data directly describes have no say. None. That's a huge concern.

Also, I wonder about single females -- victims of domestic violence -- who have protective orders for their safety. Some states, such as Massachusetts, have Address Confidentiality Programs (ACPs) to protect victims of domestic violence, sexual assault, and stalkers. Does DRN accommodate ACP programs? And if so, how? And if not, why not? How does DRN prevent perps from using its database tool? (Yes, DRN access is an issue. Keep reading.) The Vice report didn't say. Hopefully, future reporting will discuss this.

Fifth, DRN is robust. It can be used to track vehicles near or in real time:

"DRN charges $20 to look up a license plate, or $70 for a "live alert", according to the contract. With a live alert, a user can enter a license plate they wish to receive updates on; when the DRN system spots the vehicle, it'll send an email to the user with the newly discovered location."

That makes DRN highly appealing to both valid users (e.g., police, repo men, insurance companies, private investigators) and bad actors posing as valid users. Who might those bad actors be? The Electronic Frontier Foundation (EFF) warned:

"Taken in the aggregate, ALPR data can paint an intimate portrait of a driver’s life and even chill First Amendment protected activity. ALPR technology can be used to target drivers who visit sensitive places such as health centers, immigration clinics, gun shops, union halls, protests, or centers of religious worship."

Sixth, is the problem of access. Anybody can use DRN. According to Vice:

"... a private investigator, or a repo man, or an insurance company does not need a warrant to search for someone's movements over years; they just need to pay to access the DRN system, or find someone willing to share or leverage their access..."

Users simply need to comply with DRN's policies. The company says that, a) users can use its database tool only for certain applications, and b) its contract prohibits users from sharing search results with third parties. We consumers have only DRN's word and assurances that it enforces its policies; and that users comply. As we have seen with Facebook data breaches, it is easy for bad actors to pose as valid users in order to doo end runs around such policies.

What are your opinions of ALPR cameras and DRN?


Privacy Lawsuit Involving Google Street View Moves Forward

Google logo MediaPost reported:

"Google's $13 million settlement of a privacy lawsuit stemming from data collection by Street View cars moved forward [October 9th], when U.S. District Court Judge Charles Breyer in San Francisco granted the deal preliminary approval. The agreement calls for the company to pay around $10 million to nonprofits that promise to use the money to promote online privacy... The deal also requires Google to destroy some data collected by its Street View cars, and to refrain from using Street View cars to collect or store personal data for at least five years... If granted final approval by Breyer, the settlement will resolve a lawsuit dating to 2010 over revelations that Google's Street View cars collected a host of data -- including URLs, passwords and emails -- sent over unencrypted WiFi networks."

So, this lawsuit has been underway for almost 10 years. Gizmodo provided important historical details:

"... when Google started deploying its little Street View cars around our neighborhoods, the company also ended up collecting about 600 GB of emails, passwords, and other payload data from unencrypted wifi networks in over 30 countries. In a 2010 blog, Google said the data collection was a “mistake” after a German data protection group asked to audit the data collected by the cars... The basis for the class-action lawsuit was that Google was basically infringing on federal wiretapping laws. Google had argued in a separate case on the same issue, Joffe vs Google, that its “mistake” was legal, as unencrypted wifi are a form of radio communication and thereby, readily accessible by the general public. The courts did not agree, and in 2013 ruled Google’s defense was bunk."

Good historical detail. Regular readers of this blog may remember this Google apology to Australia in 2010.

Last, don't cry for Google. The proposed settlement amount is tiny compared to Google's $136.96 billion in sales during 2018.


Survey: Consumers Use Smart Home Devices Despite Finding Them 'Creepy'

Selligent Marketing Cloud logo Last month, Selligent Marketing Cloud announced the results of a global survey about how consumers view various brands. Some of the findings included smart speakers or voice assistants. Key findings:

"Sixty-nine percent of surveyed consumers find it “creepy” when they receive ads based on unprompted cues from voice assistants like Apple’s Siri, Amazon’s Alexa and Google Home. Fifty-one percent are worried that voice assistants are listening to conversations without their consent."

Regarding voice assistants, younger consumers are likely to believe they are being listened to without their knowledge. 58 percent of Gen-Z (ages 18-24) versus 36 percent for Baby Boomers (ages 55-75) held this view. Key findings about privacy and social media: 41 percent of respondents said they have reduced their use of social media due to privacy concerns, and 32 percent said they quit at least one social media platform within the last 12 months.

Selligent surveyed 5,000 consumers in North America and Western Europe. The company provides services to help B2C marketers. To learn more, see the Selligent "Global Connected Consumer Index."


Facebook To Pay $40 Million To Advertisers To Resolve Allegations of Inflated Advertising Metrics

Facebook logo According to court papers last week, Facebook has entered a proposed settlement agreement where it will pay $40 million to advertisers to resolve allegations in a class-action lawsuit that the social networking platform inflated video advertising engagement metrics. Forbes explained:

"The metrics in question are critical for advertisers on video-based content platforms such as YouTube and Facebook because they show the average amount of time users spend watching their content before clicking away. During the 18 months between February of 2015 and September of 2016, Facebook was incorrectly calculating — and consequently, inflating — two key metrics of this type. Members of the class action are alleging that the faulty metrics led them to spend more money on Facebook ads than they otherwise would have..."

Metrics help advertisers determine if the ads they paid for are delivering results. Reportedly, the lawsuit took three years and Facebook denied any wrongdoing. The proposed settlement must be approved by a court. About $12 million of the $40 million total will be used to pay plaintiffs' attorney fees.

A brief supporting the proposed settlement provided more details:

" One metric—“Average Duration of Video Viewed”—depicted the average number of seconds users watched the video; another—–“Average Percentage of Video Viewed”—depicted the average percentage of the video ad that users watched... Starting in February 2015, Facebook incorrectly calculated Average Duration of Video Viewed... The Average View Duration error, in turn, led to the Average Percentage Viewed metric also being inflated... Because of the error, the average watch times of video ads were exaggerated for about 18 months... Facebook acknowledges there was an error. But Facebook has argued strenuously that the error was an innocent mistake that Facebook corrected shortly after discovering it. Facebook has also pointed out that some advertisers likely never viewed the erroneous metrics and that because Facebook does not set prices based on the impacted metrics, the error did not lead to overcharges... The settlement provides a $40 million cash fund from Facebook, which constitutes as much as 40% of what Plaintiffs estimate they may realistically have been able to recover had the case made it to trial and had Plaintiffs prevailed. Facebook’s $40 million payment will... also cover the costs of settlement administration, class notice, service awards, and Plaintiffs’ litigation costs24 and attorneys’ fees."

It seems that besides a multitude of data breaches and privacy snafus, Facebook can't quite operate reliably its core advertising business. What do you think?


FTC To Distribute $31 Million In Refunds To Affected Lifelock Customers

U.S. Federal Trade Commission logo The U.S. Federal Trade Commission (FTC) announced on Tuesday the distribution of about $31 million worth of refunds to certain customers of Lifelock, an identity protection service. The refunds are part of a previously announced settlement agreement to resolve allegations that the identity-theft service violated a 2010 consent order.

Lifelock has featured notable spokespersons, including radio talk-show host Rush Limbaugh, television personality Montel Williams, actress Angie Harmon, and former New York City Mayor Rudy Giuliani, who is now the personal attorney for President Trump.

The FTC announcement explained:

"The refunds stem from a 2015 settlement LifeLock reached with the Commission, which alleged that from 2012 to 2014 LifeLock violated an FTC order that required the company to secure consumers’ personal information and prohibited it from deceptive advertising. The FTC alleged, among other things, that LifeLock failed to establish and maintain a comprehensive information security program to protect users’ sensitive personal information, falsely advertised that it protected consumers’ sensitive data with the same high-level safeguards used by financial institutions, and falsely claimed it provided 24/7/365 alerts “as soon as” it received any indication a consumer’s identity was being used."

Lifelock logo The 2015 settlement agreement with the FTC required LifeLock agreed to pay $100 million to affected customers. About $68 million has been paid to customers who were part of a class action lawsuit. The FTC is using the remaining money to provide refunds to consumers who were LifeLock members between 2012 and 2014, but did not receive a payment from the class action settlement.

The FTC expects to mail about one million refund checks worth about $29 each.

If you are a Lifelock customer and find this checkered history bothersome, Consumer Reports has some recommendations about what you can do instead. It might save you some money, too.