I've Been Mugged Blog

On Tuesday, the U.S. House of Representatives approved legislation to revoke new online privacy rules the U.S. Federal Communications Commission (FCC) adopted in 2016 to protect consumers by govern the data collection and sharing of consumers' personal information by Internet Service providers (ISPs). Several cable, telecommunications, and advertising lobbies sent a letter in January asking Congress to remove the new broadband privacy rules, which they viewed as burdensome.

Congress quickly complied. The new legislation consisted of two companion bills: Senate Joint Resolution 34 (S.J. Res. 34) and House Joint Resolution 86 (H.J. Res. 86). The House vote was close: 210 to 205 with 215 Republican representatives voting for S.J. Res. 34. 190 Democratic and 15 Republican representatives voted against it. Consumers can view H.J. Res. 86 votes by their elected officials.

Representative Marsha Blackburn (R-Tenn.) introduced the legislation in the House. Blackburn said plenty in an interview published on Breitbart News:

"What we are doing is recalling a privacy rule that the FCC issued right at the end of the Obama administration, and the reason we are doing this is because it is additional and duplicative regulation... What the FCC did was clearly overreach. It gives you two sets of regulators that you’re trying to comply with, not one. So we are recalling the FCC’s rule, and that authority will go back to the FTC...”

"What the Obama administration did... they reclassified your Internet service as Title II, which is a common carrier classification. It is the rule that governs telephone usage... Those rules were put on the books in the thirties. So what the Democrats did... they reclassified Internet, which is an information service, as a telephone service, and then put those 1930s-era rules on top of your Internet service... They did that so they could tax it, so they could begin to regulate it..."

"You don’t need another layer of regulation. It’s like flashing alerts: We don’t need net neutrality. We don’t need Title II. We don’t need additional regulations heaped on the Internet under Title II. The Internet is not broken. It has done just fine without the government controlling it."

Not broken? Really? The founder of the internet, Tim Berners-Lee gave three solid reasons why the internet is broken. His number one reason on his list: consumers have lost control over their personal information.

Plus, Representative Blackburn either doesn't know history or has chosen to ignore it. Several problems have plagued the industry: a lack of ISP competition in key markets, consumers in the United States pay more for broadband and get slower speeds compared to other countries, and numerous privacy violations and lawsuits:

• 13,000 Complaints Submitted By Consumers About Comcast's Usage Based Internet Pricing
• Verizon WIreless Settles With the FCC Regarding 'Supercookies' And Online Tracking
• Attorney General Invites New York State Residents To Check Their Internet Speed
• Customers Sue Internet Service Provider For Failing To Provide Promised Broadband Speeds
• Filing Supports Claims That ISPs Already Throttle And Violate Net Neutrality Rules
• 4 Reasons Why Your Internet Access Is Expensive And Slow... And Could Get A Lot Worse
• Several Internet Service Providers Hijack And Replace Consumers' Search Results
• SIMON Says... DON'T SPY!
• ISPs Begin To Spy And Abuse Consumer Privacy
• Under Pressure From Congress, ISP Admits To Secret Snooping In Kansas

Clearly, the FCC had to act; and it did. Congress held hearings, too.

The Senate passed S.J. Res. 34 about a week before the House vote Tuesday. The Senate vote was also close: 50 to 48. Senator Jeff Flake (R-Arizona) introduced the legislation in the Senate, and he repeated the same over-reach claims:

"The FCC’s midnight regulation has the potential to limit consumer choice, stifle innovation, and jeopardize data security by destabilizing the internet ecosystem. Passing my resolution is the first step toward restoring a consumer-friendly approach to internet privacy regulation that empowers consumers to make informed choices on if and how their data can be shared. It will not change or lessen existing consumer privacy protections.”

Consumers can view S.J. Res 34 votes by their elected officials. The press release by Senator Flake's office also stated:

"Flake’s resolution, S.J.Res. 34, would not change or lessen existing consumer privacy regulations. It is designed to block an attempt by the Federal Communications Commission (FCC) to expand its regulatory jurisdiction and impose prescriptive data restrictions on internet service providers. These restrictions have the potential to negatively impact consumers and the future of internet innovation."

Flake's spin of "midnight regulation" is unfair and inaccurate. The new FCC privacy rules were proposed in April 2016, and enacted in October. That provided plenty of time for discussion and input from consumers, experts, and companies. In March 2016, the FCC released a broadband privacy Fact Sheet, which explained the need for the new privacy rules:

"Telephone networks have had clear, enforceable privacy rules for decades, but broadband networks currently do not... An ISP handles all of its customers’ network traffic, which means it has an unobstructed view of all of their unencrypted online activity – the websites they visit, the applications they use. If customers have a mobile device, their provider can track their physical and online activities throughout the day in real time. Even when data is encrypted, broadband providers can still see the websites that a customer visits, how often they visit them, and the amount of time they spend on each website. Using this information, ISPs can piece together enormous amounts of information about their customers – including private information such as a chronic medical condition or financial problems. A consumer’s relationship with her ISP is very different than the one she has with a website or app. Consumers can move instantaneously to a different website, search engine or application. But once they sign up for broadband service, consumers can scarcely avoid the network for which they are paying a monthly fee."

To distinguish spin from facts, it is critical to read the FCC announcement of its new broadband privacy rules from last year:

"Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.

Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out.” All other individually identifiable customer information – for example, email address or service tier information – would be considered non-sensitive and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations.

Exceptions to consent requirements: Customer consent is inferred for certain purposes specified in the statute, including the provision of broadband service or billing and collection. For the use of this information, no additional customer consent is required beyond the creation of the customer-ISP relationship.

Transparency requirements that require ISPs to provide customers with clear, conspicuous and persistent notice about the information they collect, how it may be used and with whom it may be shared, as well as how customers can change their privacy preferences;

A requirement that broadband providers engage in reasonable data security practices and guidelines on steps ISPs should consider taking, such as implementing relevant industry best practices, providing appropriate oversight of security practices, implementing robust customer authentication tools, and proper disposal of data consistent with FTC best practices and the Consumer Privacy Bill of Rights.

Common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information."

Sounds clear, reasonable, and appropriate. Not perfect, but an improvement of what was before. Addressed transparency concerns, too. To summarize, the new FCC broadband privacy rules kept consumers in control of their sensitive personal information. By revoking those rules, Congress is effectively telling consumers they shouldn't be in control of their own information and ISPs should be in control.

Do you want to be in control of your personal information online? I do, and I suspect you do, too.

Think about the consequences. Once the legislation is signed by President Trump, ISPs will be free to collect, use, and share information describing your online activities. Your ISP is in a unique position because it can scan all un-encrypted data flowing through your internet connection. That typically includes: a) the websites you visit and apps you use; b) which items in "a" you use repeatedly, when and how long; c) the searches you perform online at search engine sites, and via personal assistants, d) activity generated by appliances, televisions, thermostats, security systems, and other devices connected to your home WiFi; and d) the geo-location or where in the physical world your perform online activities. (Besides your smartphone, several devices including your car, fitness bands, smart watches, and wearables collect and share your geo-location data.) Perhaps most importantly, your ISP won't need your consent and probably won't tell you what it is sharing and with whom.

Think about the consequences.

It's not just porn. Your online activities reveal plenty: 1) appointment confirmation emails from your doctor reveal the type of doctor and imply certain medical conditions or procedures; 2) online visits to your bank(s) reveal the types of money and the location of your bank accounts; 3) online activities by your CHILDREN reveal much, including the types of toys and devices they use; 4) work-from-home can reveal proprietary information your employer does not want disclosed; and 5) simple curiosity becomes dangerous. Example: a rash appears on your skin, so you surf over to WebMD to read about symptoms and what it might be. Or, maybe you're reading about a condition of an elderly parentor family member. Problem is: your ISP can infer from your online activities conditions and diseases relate to you, even though they may not. Another example: health care organizations have to comply with HIPPA regulations to protect patients' privacy. Many patients use online healthcare portals by their hospital to coordinate care by several doctors and surgeons. Will your ISP honor HIPPA regulations? They probably won't.

Think about the consequences.

All of that information collected about your online activities could be used against you someday... when you apply for a job, when you sign up for insurance, when you apply for a loan, when you try to adopt a baby or child. Remember, two huge industries exist to help companies buy, sell, and trade information (data brokers); the second (data mining) to help companies merge, manipulate, and analyze the data they've collected and bought.

Think about the consequences. Your ISP may not allow you to decline (e.g., opt out of) the data collection, tracking, usage, and sharing. Or your ISP may charge more fees for online privacy. Don't think that can't happen. Comcast and industry lobbyists have already stated that they want "pay-for-privacy" schemes. So, with Congress' latest action, consumers may soon see price increases and higher monthly internet and wireless bills.

Some consumers are worried, and are exploring technical solutions to thwart ISPs that snoop. The problem: there is no cure-all solution. Some people are angry. To show lawmakers how terrible their decision was, a crowd-funding campaign was started to raise money to buy (and then publish publicly) the internet histories of leading Republicans (e.g., Senate Majority Leader Mitch McConnell, House Speaker Paul Ryan, House Representative Marsh Blackburn) and FCC members who voted for and support the privacy-busting legislation. So, we may then learn which members of Congress watch the most porn.

Lawmakers in some states are already responding to voters' online privacy concerns. In Illinois, lawmakers have introduced two items of legislation: the Geolocation Privacy Protection Act (GPPA) and the Right To Know Act (RTKA). Lawmakers in Nevada introduced geolocation privacy legislation. More states will likely follow.

With the FCC broadband privacy rules revoked, there are five creepy things your ISP could do. What are your opinions of Congress revoking FCC broadband privacy rules?

[Editor's note: this blog post was revised on Friday, March 31 with links to new legislation in Illinois and Nevada.]

Many consumers in the United States don't take the steps experts recommend to secure their mobile devices. Pew Research reported the findings of a recent survey:

"More than a quarter (28%) of smartphone owners say they do not use a screen lock or other security features to access their phone. And while a majority of smartphone users say they have updated their phone’s apps or operating system, about 40% say they only update when it’s convenient for them. Meanwhile, some users forgo updating their phones altogether: Around one-in-ten  smartphone owners report they never update their phone’s operating system (14%) or update the apps on their phone (10%)."

And, there are differences by the age of phone owners:

"owners ages 65 and older are much less likely than adults younger than 65 to use a screen lock and regularly update their phone’s apps and operating system (13% vs. 23%). Smartphone users 65 and older are also more than twice as likely as younger users to report that they do not take any of these actions to secure their phones (8% vs. 3%)..."

Other risky behaviors consumers perform:

"... 54% of internet users use public Wi-Fi networks, and many of these users are performing sensitive activities such online shopping (21%) or online banking (20%)."

Several executive changes are underway at Uber. The President of Uber's Ridesharing unit, Jeff Jones, resigned after only six months at the company. The Recode site posted a statement by Jones:

"Jones also confirmed the departure with a blistering assessment of the company. "It is now clear, however, that the beliefs and approach to leadership that have guided my career are inconsistent with what I saw and experienced at Uber, and I can no longer continue as president of the ride-sharing business," he said in a statement to Recode."

Prior to joining Uber, Jones had been the Chief Marketing Officer (CMO) at Target stores. Travis Kalanick, the Chief Executive Officer at Uber, disclosed that he met Jones at a Ted conference in Vancouver, British Columbia, Canada.

There have been more executive changes at Uber. The company announced on March 7 its search for a Chief Operating Officer (COO). It announced on March 14 the appointment of Zoubin Ghahramani as its new Chief Scientist based San Francisco. Ghahramani will lead Uber’s AI Labs, our recently created machine learning and artificial intelligence research unit and associated business strategy. Zoubin, a Professor of Information Engineering at the University of Cambridge, joined Uber when it acquired Geometric Intelligence.

In February 2017, CEO Travis Kalanick asked Amit Singhal to resign. Singhal, the company's senior vice president of engineering, had joined Uber a month after 15 years at Google. Reportedly, Singhal was let go for failing to disclose reasons for his departure from Google, including sexual harassment allegations.

Given these movements by executives, one might wonder what is happening at Uber. A brief review of the company's history found controversy accompanying its business practices. Earlier this month, an investigative report by The New York Times described a worldwide program by Uber executives to thwart code enforcement inspections by governments:

"The program, involving a tool called Greyball, uses data collected from the Uber app and other techniques to identify and circumvent officials who were trying to clamp down on the ride-hailing service. Uber used these methods to evade the authorities in cities like Boston, Paris and Las Vegas, and in countries like Australia, China and South Korea.

Greyball was part of a program called VTOS, short for “violation of terms of service,” which Uber created to root out people it thought were using or targeting its service improperly. The program, including Greyball, began as early as 2014 and remains in use, predominantly outside the United States. Greyball was approved by Uber’s legal team."

An example of how the program and Greyball work:

"Uber’s use of Greyball was recorded on video in late 2014, when Erich England, a code enforcement inspector in Portland, Ore., tried to hail an Uber car downtown in a sting operation against the company... officers like Mr. England posed as riders, opening the Uber app to hail a car and watching as miniature vehicles on the screen made their way toward the potential fares. But unknown to Mr. England and other authorities, some of the digital cars they saw in the app did not represent actual vehicles. And the Uber drivers they were able to hail also quickly canceled."

The City of Portland sued Uber in December 2014 and issued a Cease And Desist Order. Uber continued operations in the city, and a pilot program in Portland began in April, 2015. Later in 2015, the City of Portland authorized Uber''s operations. In March 2017, Oregon Live reported a pending investigation:

"An Uber spokesman said Friday that the company has not used the Greyball program in Portland since then. Portland Commissioner Dan Saltzman said Monday that the investigation will focus on whether Uber has used Greyball, or any form of it, to obstruct the city's enforcement of its regulations. The review would examine information the companies have already provided the city, and potentially seeking additional data from them... The investigation also will affect Uber's biggest competitor, Lyft, Saltzman said, though Lyft did not operate in Portland until after its business model was legalized, and there's no indication that it similarly screened regulators... Commissioner Nick Fish earlier called for a broader investigation and said the City Council should seek subpoena powers to determine the extent of Uber's "Greyball" usage..."

This raises questions about other locations Uber may have used its Greyball program. The San Francisco District Attorney's office is investigating, as are government officials in Sydney, Australia. Also this month, the Upstate Transportation Association (UTA), a trade group of taxi companies in New York State, asked government officials to investigate. The Albany Times Union reported:

"In a Tuesday letter to Governor Andrew Cuomo, Assembly Speaker Carl Heastie and Senate Majority Leader John Flanagan, UTA President John Tomassi wrote accused the company of possibly having used the Greyball technology in New York to evade authorities in areas where ride-hailing is not allowed. Uber and companies like it are authorized to operate only in New York City, where they are considered black cars. But UTA’s concerns about Greyball are spurred in part by reported pick-ups in some suburban areas."

A look at Uber's operations in Chicago sheds some light on how the company operates. NBC Channel 5 reported in 2014:

"... news that President Barack Obama's former adviser and campaign strategist David Plouffe has joined the company as senior VP of policy and strategy delivers a strong message to its enemies: Uber means business. How dare you disrupt our disruption? You're going down.

Here in the Land of Lincoln, Plouffe's hiring adds another layer of awkward personal politics to the Great Uber Debate. It's an increasingly tangled web: Plouffe worked in the White House alongside Rahm Emanuel when the Chicago mayor was Chief of Staff. Emanuel, trying to strike a balance between Uber-friendly and cabbie-considerate, recently passed a bill that restricts Uber drivers from picking up passengers at O'Hare, Midway and McCormick Place... Further complicating matters, Emanuel's brother, Hollywood super-agent Ari Emanuel, has invested in Uber..."

That debate also included the Illinois Governor, as politicians try to balance the competing needs of traditional taxi companies, ride-sharing companies, and consumers. The entire situation raises questions about why there aren't Greyball investigations by more cities. Is it due to local political interference?

That isn't all. In 2014, Uber's "God View" tool raised concerns about privacy, the company's tracking of its customers, and a questionable corporate culture. At that time, an Uber executive reportedly suggested that the company hire opposition researchers to dig up dirt about its critics in the news media.

Uber's claims in January 2015 of reduced drunk-driving accidents due to its service seemed dubious after scrutiny. ProPublica explained:

"Uber reported that cities using its ridesharing service have seen a reduction in drunk driving accidents, particularly among young people. But when ProPublica data reporter Ryann Grochowski Jones took a hard look at the numbers, she found the company's claim that it had "likely prevented" 1,800 crashes over the past 2.5 years to be lacking... the first red flag was that Uber didn't include a methodology with its report. A methodology is crucial to show how the statistician did the analysis... Uber eventually sent her a copy of the methodology separately, which showed that drunk-driving accidents involving drivers under 30 dropped in California after Uber's launch. The math itself is fine, Grochowski Jones says, but Uber offers no proof that those under 30 and Uber users are actually the same population.

This seems like one of those famous moments in intro statistics courses where we talk about correlation and causality, ProPublica Editor-in-Chief Steve Engelberg says. Grochowski Jones agrees, showcasing how drowning rates are higher in the summer as are ice cream sales but clearly one doesn't cause the other."

Similar claims by Uber about the benefits of "surge pricing" seemed to wilter under scrutiny. ProPublica reported in October, 2015:

"The company has always said the higher prices actually help passengers by encouraging more drivers to get on the road. But computer scientists from Northeastern University have found that higher prices don’t necessarily result in more drivers. Researchers Le Chen, Alan Mislove and Christo Wilson created 43 new Uber accounts and virtually hailed cars over four weeks from fixed points throughout San Francisco and Manhattan. They found that many drivers actually leave surge areas in anticipation of fewer people ordering rides. "What happens during a surge is, it just kills demand," Wilson told ProPublica."

Another surge-pricing study in 2016 concluded with a positive spin:

"... that consumers can benefit from surge pricing. They find this is the case when a market isn’t fully served by traditional taxis when demand is high. In short, if you can’t find a cab on New Year’s Eve, Daniels’ research says you’re better off with surge pricing... surge pricing allows service to expand during peak demand without creating idleness for drivers during normal demand. This means that more peak demand customers get rides, albeit at a higher price. This also means that the price during normal demand settings drops, allowing more customers service at these normal demand times."

In other words, "can benefit" doesn't ensure that riders will benefit. And "allows service to expand" doesn't ensure that service will expand during peak demand periods. "Surge pricing" does ensure higher prices. A better solution might be surge payments to drivers during peak hours to expand services. Uber will still make more money with more rides during peak periods.

The surge-pricing concept is a reminder of basic economics when prices are raised by suppliers. Demand decreases. A lower price should follow, but the surge-price prevents that. As the prior study highlighted, drivers have learned from this: additional drivers don't enter the market to force down the higher surge-price.

And, there is more. In 2015, the State of California Labor Commission ruled that Uber drivers are employees and not independent contractors, as the company claimed. Concerns about safety and criminal background checks have been raised. Last year, BuzzFeed News analyzed ride data from Uber:

"... the company received five claims of rape and “fewer than” 170 claims of sexual assault directly related to an Uber ride as inbound tickets to its customer service database between December 2012 and August 2015. Uber provided these numbers as a rebuttal to screenshots obtained by BuzzFeed News. The images that were provided by a former Uber customer service representative (CSR) to BuzzFeed News, and subsequently confirmed by multiple other parties, show search queries conducted on Uber’s Zendesk customer support platform from December 2012 through August 2015... In one screenshot, a search query for “sexual assault” returns 6,160 Uber customer support tickets. A search for “rape” returns 5,827 individual tickets."

That news item is interesting since it includes several images of video screens from the company's customer support tool. Uber's response:

"The ride-hail giant repeatedly asserted that the high number of queries from the screenshots is overstated, however Uber declined BuzzFeed News’ request to grant direct access to the data, or view its data analysis procedures. When asked for any additional anonymous data on the five rape complaint tickets it claims to have received between December 2012 and August 2015, Uber declined to provide any information."

Context matters about ride safety and corporate culture. A former Uber employee shared a disturbing story with allegations of sexual harassment:

"I joined Uber as a site reliability engineer (SRE) back in November 2015, and it was a great time to join as an engineer... After the first couple of weeks of training, I chose to join the team that worked on my area of expertise, and this is where things started getting weird. On my first official day rotating on the team, my new manager sent me a string of messages over company chat. He was in an open relationship, he said, and his girlfriend was having an easy time finding new partners but he wasn't. He was trying to stay out of trouble at work, he said, but he couldn't help getting in trouble, because he was looking for women to have sex with... Uber was a pretty good-sized company at that time, and I had pretty standard expectations of how they would handle situations like this. I expected that I would report him to HR, they would handle the situation appropriately, and then life would go on - unfortunately, things played out quite a bit differently. When I reported the situation, I was told by both HR and upper management that even though this was clearly sexual harassment and he was propositioning me, it was this man's first offense, and that they wouldn't feel comfortable giving him anything other than a warning and a stern talking-to... I was then told that I had to make a choice: (i) I could either go and find another team and then never have to interact with this man again, or (ii) I could stay on the team, but I would have to understand that he would most likely give me a poor performance review when review time came around, and there was nothing they could do about that. I remarked that this didn't seem like much of a choice..."

Her story seems very credible. Based upon this and other events, some industry watchers question Uber's value should it seek more investors via an initial public offering (IPO):

"Uber has hired two outside law firms to conduct investigations related to the former employee's claims. One will investigate her claims specifically, the other is conducting a broader investigation into Uber's workplace practices...Taken together, the recent reports paint a picture of a company where sexual harassment is tolerated, laws are seen as inconveniences to be circumvented, and a showcase technology effort might be based on stolen secrets. That's all bad for obvious reasons... What will Uber's valuation look like the next time it has to raise money -- or when it attempts to go public?"

To understand the "might be based on stolen secrets" reference, the San Francisco Examiner newspaper explained on March 20:

"In the past few weeks, Uber’s touted self-driving technology has come under both legal and public scrutiny after Alphabet — Google’s parent company — sued Uber over how it obtained its technology. Alphabet alleges that the technology for Otto, a self-driving truck company acquired by Uber last year, was stolen from Alphabet’s own Waymo self-driving technology... Alphabet alleges Otto founder Anthony Levandowski downloaded proprietary data from Alphabet’s self-driving files. In December 2015, Levandowski download 14,000 design files onto a memory card reader and then wiped all the data from the laptop, according to the lawsuit.

The lawsuit also lays out a timeline where Levandowski and Uber were in cahoots with one another before the download operation. Alphabet alleges the two parties were in communications with each other since the summer of 2015, when Levandowski still worked for Waymo. Levandowski left Waymo in January 2016, started Otto the next month and joined Uber in August as vice president of Uber’s self-driving technology after Otto was purchased by Uber for $700 million... This may become the biggest copyright infringement case brought forth in Silicon Valley since Apple v. Microsoft in 1994, when Apple sued Microsoft over the alleged likeness in the latter’s graphic user interface."

And, just this past Saturday Uber suspended its driverless car program in Arizona after a crash. Reportedly, Uber's driverless car programs in Arizona, Pittsburgh and San Francisco are suspended pending the results of the crash investigation.

No doubt, there will be more news about the lawsuit, safety issues, sexual harassment, Greyball, and investigations by local cities. What are your opinions?

[Editor's Note: today's guest post, by the reporters at ProPublica, explores the problem of "fake news" and whether elected officials contribute to the problem while discussing health care legislation. The article was originally published yesterday, and is reprinted with permission. Interested persons wanting to help ProPublica's ongoing fact-checking efforts can share with ProPublica messages you have received from your elected officials.]

by Charles Ornstein, ProPublica

When Louisiana resident Andrea Mongler wrote to her senator, Bill Cassidy, in support of the Affordable Care Act, she wasn't surprised to get an email back detailing the law's faults. Cassidy, a Republican who is also a physician, has been a vocal critic.

"Obamacare" he wrote in January, "does not lower costs or improve quality, but rather it raises taxes and allows a presidentially handpicked 'Health Choices Commissioner' to determine what coverage and treatments are available to you."

There's one problem with Cassidy's ominous-sounding assertion: It's false.

The Affordable Care Act, commonly called Obamacare, includes no "Health Choices Commissioner." Another bill introduced in Congress in 2009 did include such a position, but the bill died 2014 and besides, the job as outlined in that legislation didn't have the powers Cassidy ascribed to it.

As the debate to repeal the law heats up in Congress, constituents are flooding their representatives with notes of support or concern, and the lawmakers are responding, sometimes with form letters that are misleading. A review of more than 200 such letters by ProPublica and its partners at Kaiser Health News, Stat and Vox, found dozens of errors and mis-characterizations about the ACA and its proposed replacement. The legislators have cited wrong statistics, conflated health care terms and made statements that don't stand up to verification.

It's not clear if this is intentional or if the lawmakers and their staffs don't understand the current law or the proposals to alter it. Either way, the issue of what is wrong -- and right -- about the current system has become critical as the House prepares to vote on the GOP's replacement bill today.

"If you get something like that in writing from your U.S. senator, you should be able to just believe that," said Mongler, 34, a freelance writer and editor who is pursuing a master's degree in public health. "I hate that people are being fed falsehoods, and a lot of people are buying it and not questioning it. It's far beyond politics as usual."

Cassidy's staff did not respond to questions about his letter.

Political debates about complex policy issues are prone to hyperbole and health care is no exception. And to be sure, many of the assertions in the lawmakers' letters are at least partially based in fact.

Democrats, for instance, have been emphasizing to their constituents that millions of previously uninsured people now have medical coverage thanks to the law. They say insurance companies can no longer discriminate against millions of patients with pre-existing conditions. And they credit the law with allowing adults under age 26 to stay on their parents' health plans. All true.

For their part, Republicans criticize the law for not living up to its promises. They say former President Obama pledged that people could keep their health plans and doctors and premiums would go down. Neither has happened. They also say that insurers are dropping out of the market and that monthly premiums and deductibles (the amount people must pay before their coverage kicks in) have gone up. All true.

But elected officials in both parties have incorrectly cited statistics and left out important context. We decided to take a closer look after finding misleading statements in an email Senator Roy Blunt (R-Missouri) sent to his constituents. We solicited letters from the public and found a wealth of misinformation, from statements that were simply misleading to whoppers. More Republicans fudged than Democrats, though both had their moments.

An aide to Rep. Dana Rohrabacher (R-California) defended his hyperbole as "within the range of respected interpretations."

"Do most people pay that much attention to what their congressman says? Probably not," said Sherry Glied, dean of New York University's Robert F. Wagner Graduate School of Public Service, who served as an assistant Health and Human Services secretary from 2010 to 2012. "But I think misinformation or inaccurate information is a bad thing and not knowing what you're voting on is a really bad thing."

We reviewed the emails and letters sent by 51 senators and 134 members of the House within the past few months. Here are some of the most glaring errors and omissions:

Rep. Pat Tiberi (R-Ohio) incorrectly cited the number of Ohio counties that had only one insurer on the Affordable Care Act insurance exchange.

What he wrote: "In Ohio, almost one third of counties will have only one insurer participating in the exchange."

What's misleading: In fact, only 23 percent (less than one quarter) had only one option, according to an analysis by the Kaiser Family Foundation.

His response: A Tiberi spokesperson defended the statement. "The letter says 'almost' because only 9 more counties in Ohio need to start offering only 1 plan on the exchanges to be one third."

Why his response is misleading: Ohio has 88 counties. A 10 percent difference is not "almost."

Representative Kevin Yoder (R-Kansas) said that the quality of health care in the country has declined because of the ACA, offering no proof.

What he wrote: "Quality of care has decreased as doctors have been burdened with increased regulations on their profession."

Why it's misleading: Some data shows that health care has improved after the passage of the ACA. Patients are less likely to be readmitted to a hospital within 30 days after they have been discharged, for instance. Also, payments have been increasingly linked to patients' outcomes rather than just the quantity of services delivered. A 2016 report by the Commonwealth Fund, a health care nonprofit think tank, found that the quality care has improved in many communities following the ACA.

His response: None.

Representative Anna Eshoo (D-California) misstated the percentage of Medicaid spending that covers the cost of long-term care, such as nursing home stays.

What she wrote: "It's important to note that 60 percent of Medicaid goes to long-term care and with the evisceration of it in the bill, this critical coverage is severely compromised."

What's misleading: Medicaid does not spend 60 percent of its budget on long-term care. The figure is closer to a quarter, according to the Center on Budget and Policy Priorities, a liberal think tank. Medicaid does, however, cover more than 60 percent of all nursing home residents.

Her response: Eshoo's office said the statistic was based on a subset of enrollees who are dually enrolled in Medicaid and Medicare. For this smaller group, 62 percent of Medicaid expenditures were for long-term support services, according to the Kaiser Family Foundation.

What's misleading about the response: Eshoo's letter makes no reference to this population, but instead refers to the 75 million Americans on Medicaid.

Representative Chuck Fleischmann (R-Tennessee) pointed to the number of uninsured Americans as a failure of the ACA, without noting that the law had dramatically reduced the number of uninsured.

What he wrote: "According to the U.S. Census Bureau, approximately thirty-three million Americans are still living without health care coverage and many more have coverage that does not adequately meet their health care needs."

Why it's misleading: The actual number of uninsured in 2015 was about 29 million, a drop of 4 million from the prior year, the Census Bureau reported in September. Fleischmann's number was from the previous year.

Beyond that, reducing the number of uninsured by more than 12 million people from 2013 to 2015 has been seen as a success of Obamacare. And the Republican repeal-and-replace bill is projected to increase the number of uninsured.

His response: None.

Rep. Joseph P. Kennedy III (D-Massachusetts) overstated the number of young adults who were able to stay on their parents' health plan as a result of the law.

What he wrote: The ACA "allowed 6.1 million young adults to remain covered by their parents' insurance plans."

What's misleading: A 2016 report by the U.S. Department of Health and Human Services, released during the Obama administration, however, pegged the number at 2.3 million.

Kennedy may have gotten to 6.1 million by including 3.8 million young adults who gained health insurance coverage through insurance marketplaces from October 2013 through early 2016.

His response: A spokeswoman for Kennedy said the office had indeed added those two numbers together and would fix future letters.

Representative Blaine Luetkemeyer (R-Missouri.) said that 75 percent of health insurance marketplaces run by states have failed. They have not.

What he said: "Nearly 75 percent of state-run exchanges have already collapsed, forcing more than 800,000 Americans to find new coverage."

What's misleading: When the ACA first launched, 16 states and the District of Columbia opted to set up their own exchanges for residents to purchase insurance, instead of using the federal marketplace, known as Healthcare.gov.

Of the 16, four state exchanges, in Oregon, Hawaii, New Mexico and Nevada, failed, and Kentucky plans to close its exchange this year, according to a report by the House Energy and Commerce Committee. While the report casts doubt on the viability of other state exchanges, it is clear that 3/4 have not failed.

His response: None.

Representative Dana Rohrabacher (R-California) overstated that the ACA "distorted labor markets," prompting employers to shift workers from full-time jobs to part-time jobs.

What he said: "It has also, through the requirement that employees that work thirty hours or more be considered full time and thus be offered health insurance by their employer, distorted the labor market."

What's misleading: A number of studies have found little to back up that assertion. A 2016 study published by the journal Health Affairs examined data on hours worked, reason for working part time, age, education and health insurance status. "We found only limited evidence to support this speculation" that the law led to an increase in part-time employment, the authors wrote. Another study found much the same.

In addition, PolitiFact labeled as false a statement last June by President Donald Trump in which he said, "Because of Obamacare, you have so many part-time jobs."

His response: Rohrabacher spokesman Ken Grubbs said the congressman's statement was based on an article that said, "Are Republicans right that employers are capping workers' hours to avoid offering health insurance? The evidence suggests the answer is 'yes,' although the number of workers affected is fairly small."

We pointed out that "fairly small" was hardly akin to distorting the labor market. To which Grubbs replied, "The congressman's letter is well within the range of respected interpretations. That employers would react to Obamacare's impact in such way is so obvious, so nearly axiomatic, that it is pointless to get lost in the weeds," Grubbs said.

Representative Mike Bishop (R-Michigan) appears to have cited a speculative 2013 report by a GOP-led House committee as evidence of current and future premium increases under the ACA.

What he wrote: "Health insurance premiums are slated to increase significantly. Existing customers can expect an average increase of 73 percent, while the average change due to Obamacare for those purchasing a new plan will be a 96 percent increase in premiums. The average cost for a new customer in the individual market is expected to rise $1,812 per year."

What's misleading: The figures seem to have come from a report issued before the Obamacare insurance marketplaces launched and before 2014 premiums had been announced. The letter implies these figures are current. In fact, premium increases by and large have been moderate under Obamacare. The average monthly premium for a benchmark plan, upon which federal subsidies are calculated, increased about 2 percent from 2014 to 2015; 7 percent from 2015 to 2016; and 25 percent this year, for states that take part in the federal insurance marketplace.

His response: None

Representative Dan Newhouse (R-Washington) misstated the reasons why Medicaid costs per person were higher than expected in 2015.

What he wrote: "A Medicaid actuarial report from August 2016 found that the average cost per enrollee was 49 percent higher than estimated just a year prior 2014 in large part due to beneficiaries seeking care at more expensive hospital emergency rooms due to difficulty finding a doctor and long waits for appointments."

What's misleading: The report did not blame the higher costs on the difficulty patients had finding doctors. Among the reasons the report did cite: patients who were sicker than anticipated and required a raft of services after being previously uninsured. The report also noted that costs are expected to decrease in the future.

His response: None

Senator Dick Durbin (D-Ill.) wrongly stated that family premiums are declining under Obamacare.

What he wrote: "Families are seeing lower premiums on their insurance, seniors are saving money on prescription drug costs, and hospital readmission rates are dropping."

What's misleading: Durbin's second and third points are true. The first, however, is misleading. Family insurance premiums have increased in recent years, although with government subsidies, some low- and middle-income families may be paying less for their health coverage than they once did.

His response: Durbin's office said it based its statement on an analysis published in the journal Health Affairs that said that individual health insurance premiums dropped between 2013 and 2014, the year that Obamacare insurance marketplaces began. It also pointed to a Washington Post opinion piece that said that premiums under the law are lower than they would have been without the law.

Why his response is misleading: The Post piece his office cites states clearly, "Yes, insurance premiums are going up, both in the health care exchanges and in the employer-based insurance market."

Representative Susan Brooks (R-Ind.) told constituents that premiums nationwide were slated to jump from 2016 to 2017, but failed to mention that premiums for some plans in her home state actually decreased.

What she wrote: "Since the enactment of the ACA, deductibles are up, on average, 63 percent. To make matters worse, monthly premiums for the "bronze plan" rose 21 percent from 2016 to 2017. 2026 Families and individuals covered through their employer are forced to make the difficult choice: pay their premium each month or pay their bills."

What's misleading: Brooks accurately cited national data from the website HealthPocket, but her statement is misleading. Indiana was one of two states in which the premium for a benchmark health plan -- the plan used to calculate federal subsidies -- actually went down between 2016 and 2017. Moreover, more than 80 percent of marketplace consumers in Indiana receive subsidies that lowered their premium costs. The HealthPocket figures refer to people who do not qualify for those subsidies.

Her response: Brooks' office referred to a press release from Indiana's Department of Insurance, which took issue with an Indianapolis Star story about premiums going down. The release, from October, when Vice President Mike Pence was Indiana's governor, said that the average premiums would go up more than 18 percent over 2016 rates based on enrollment at that time. In addition, the release noted, 68,000 Indiana residents lost their health plans when their insurers withdrew from the market.

Why her response is misleading: For Indiana consumers who shopped around, which many did, there was an opportunity to find a cheaper plan.

Senator Ron Wyden (D-Ore.) incorrectly said that the Republican bill to repeal Obamacare would cut funding for seniors in nursing homes.

What he wrote: "It's terrible for seniors. Trumpcare forces older Americans to pay 5 times the amount younger Americans will -- an age tax -- and slashes Medicaid benefits for nursing home care that two out of three Americans in nursing homes rely on."

What's misleading: Wyden is correct that the GOP bill, known as the American Health Care Act, would allow insurance companies to charge older adults five times higher premiums than younger ones, compared to three times higher premiums under the existing law. However, it does not directly slash Medicaid benefits for nursing home residents. It proposes cutting Medicaid funding and giving states a greater say in setting their own priorities. States may, as a result, end up cutting services, jeopardizing nursing home care for poor seniors, advocates say, because it is one of the most expensive parts of the program.

His response: Taylor Harvey, a spokesman for Wyden, defended the statement, noting that the GOP health bill cuts Medicaid funding by $880 billion over 10 years and places a cap on spending. "Cuts to Medicaid would force states to nickel and dime nursing homes, restricting access to care for older Americans and making it a benefit in name only," he wrote.

Why his response is misleading: The GOP bill does not spell out how states make such cuts.

Representative Derek Kilmer (D-Washington) misleadingly said premiums would rise under the Obamacare replacement bill now being considered by the House.

What he wrote: "It's about the 24 million Americans expected to lose their insurance under the Trumpcare plan and for every person who will see their insurance premiums rise 2014 on average 10-15 percent."

Why it's misleading: First, the Congressional Budget Office did estimate that the GOP legislation would cover 24 million fewer Americans by 2026. But not all of those people would "lose their insurance." Some would choose to drop coverage because the bill would no longer make it mandatory to have health insurance, as is the case now.

Second, the budget office did say that in 2018 and 2019, premiums under the GOP bill would be 15-20 percent higher than they would have been under Obamacare because the share of unhealthy patients would increase as some of those who are healthy drop out. But it noted that after that, premiums would be lower than under the ACA.

His response: None.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

A Minnesota court judge has signed what appears to be a stunningly broad search warrant to compel Google to provide search information to local law enforcement. The request for search data is part of an identity theft and fraud case.

The search warrant requests information about anyone searching for variations of the name "Douglas" between December 1, 2016 and January 7, 2017. Using a fake passport with the victim's photo and name, identified only as "Douglas" in the warrant, a fraudster fraudulently obtained $28,000 via a wire transfer from a credit union bank account. The credit union relied upon the passport as identification.

During their investigation, the Edina Police Department searched for images with the victim's name using several search engines (e.g., Yahoo, Bing, Google), and found images on all, but only Google's search results included an image of the photo used on the fake passport. Based upon these facts, Hennepin County Judge Gary Larson signed the warrant requiring Google to turn over information about anyone who searched for variations of Douglas's full name. The warrant requests the following information about search engine users: names, addresses, e-mail addresses, phone numbers, Social Security numbers, birth dates, IP (Internet protoccol) addresses, MAC addresses, and dates/times the searches were performed.

The search warrant also requests, "Information related to the content the user is viewing/using." What exactly is that? Does that refer to other information collected by Google in each user's Google account (e.g., passwords, Google Drive documents, Gmail messages, calendar appointments, Google Chat sessions, etc.)?

The Minneapolis Star-Tribune newspaper reported:

"Privacy law experts say that the warrant is based on an unusually broad definition of probable cause that could set a troubling precedent. "This kind of warrant is cause for concern because it’s closer to these dragnet searches that the Fourth Amendment is designed to prevent," said William McGeveran, a law professor at the University of Minnesota... McGeveran said it’s unusual for a judge to sign off on a warrant that bases probable cause on so few facts. "It’s much more usual for a search warrant to be used to gather evidence for a suspect that’s already identified, instead of using evidence to find a suspect... If the standards for getting a broad warrant like this are not strong, you can have a lot of police fishing expeditions." "

Judge Larson signed the warrant on February 1, 2017. Reportedly, Google will fight in court against the demands in the search warrant.

This warrant seems stunningly broad since it does not contain the name of a specific suspect, suspects, and/or criminal organization. There are many legitimate reasons for persons to search using the victim's name. Chiefly, many other people have the same name.

Other questions remain. The warrant did not state whether or not law enforcement searched social networking accounts for the victim's image. Many social networking accounts include profile photos of users. How certain are lawn enforcement officials that the fraudster didn't obtain the photo from a social networking account? Plus, many social networking users don't utilize the privacy controls available for their online accounts and photos.

What are your opinions?

Today's smart homes contain a variety of internet-connected appliances -- televisions, utility meters, hot water heaters, thermostats, refrigerators, security systems-- and devices you might not expect to have WiFi connections:  mouse traps, wine bottles, crock pots, toy dolls, and trash/recycle bins. Add smart vibrators to the list.

We-Vibe, a maker of vibrators for better sex, will pay U.S. $3.75 million to settle a class action lawsuit involving allegations that the company tracked users without their knowledge nor consent. The Guardian reported:

"Following a class-action lawsuit in an Illinois federal court, We-Vibe’s parent company Standard Innovation has been ordered to pay a total of C$4m to owners, with those who used the vibrators associated app entitled to the full amount each. Those who simply bought the vibrator can claim up to $199... the app came with a number of security and privacy vulnerabilities... The app that controls the vibrator is barely secured, allowing anyone within bluetooth range to seize control of the device. In addition, data is collected and sent back to Standard Innovation, letting the company know about the temperature of the device and the vibration intensity – which, combined, reveal intimate information about the user’s sexual habits..."

We-Vibe's products are available online at the Canadian company's online store and at Amazon. This Youtube video (warning: not safe for work) promotes the company's devices. Consumers can use the smart vibrator with or without the mobile app on their smartphones. The app is available at both the Apple iTunes and Google Play online stores.

Like any other digital device, security matters. C/Net reported last summer:

"... two security researchers who go by the names followr and g0ldfisk found flaws in the software that controls the [We-Vibe 4Plus] device. It could potentially let a hacker take over the vibrator while it's in use. But that's -- at this point -- only theoretical. What the researchers found more concerning was the device's use of personal data. Standard Innovation collects information on the temperature of the device and the intensity at which it's vibrating, in real time, the researchers found..."

In the September 2016 complaint (Adobe PDF; 601 K bytes), the plaintiffs sought to stop Standard Innovation from "monitoring, collecting, and transmitting consumers’ usage information," collect damages due to the alleged unauthorized data collection and privacy violations, and reimburse users from their purchase of their We-Vibe devices (because a personal vibrator with this alleged data collection is worth less than a personal vibrator without data collection). That complaint alleged:

"Unbeknownst to its customers, however, Defendant designed We-Connect to (i) collect and record highly intimate and sensitive data regarding consumers’ personal We-Vibe use, including the date and time of each use and the selected vibration settings, and (ii) transmit such usage data — along with the user’s personal email address — to its servers in Canada... By design, the defining feature of the We-Vibe device is the ability to remotely control it through We-Connect. Defendant requires customers to use We-Connect to fully access the We-Vibe’s features and functions. Yet, Defendant fails to notify or warn customers that We-Connect monitors and records, in real time, how they use the device. Nor does Defendant disclose that it transmits the collected private usage information to its servers in Canada... Defendant programmed We-Connect to secretly collect intimate details about its customers’ use of the We-Vibe, including the date and time of each use, the vibration intensity level selected by the user, the vibration mode or patterns selected by the user, and incredibly, the email address of We-Vibe customers who had registered with the App, allowing Defendant to link the usage information to specific customer accounts... In addition, Defendant designed We-Connect to surreptitiously route information from the “connect lover” feature to its servers. For instance, when partners use the “connect lover” feature and one takes remote control of the We-Vibe device or sends a [text or video chat] communication, We-Connect causes all of the information to be routed to its servers, and then collects, at a minimum, certain information about the We-Vibe, including its temperature and battery life. That is, despite promising to create “a secure connection between your smartphones,” Defendant causes all communications to be routed through its servers..."

The We-Vibe Nova product page lists ten different vibration modes (e.g., Crest, Pulse, Wave, Echo, Cha-cha-cha, etc.), or users can create their own custom modes. The settlement agreement defined two groups of affected consumers:

"... the proposed Purchaser Class, consisting of: all individuals in the United States who purchased a Bluetooth-enabled We-Vibe Brand Product before September 26, 2016. As provided in the Settlement Agreement, “We-Vibe Brand Product” means the “We-Vibe® Classic; We-Vibe® 4 Plus; We-Vibe® 4 Plus App Only; Rave by We-Vibe^TM and Nova by We-Vibe^TM... the proposed App Class, consisting of: all individuals in the United States who downloaded the We-Connect application and used it to control a We-Vibe Brand Product before September 26, 2016."

According to the settlement agreement, affected users will be notified by e-mail addresses, with notices in the We-Connect mobile app, a settlement website (to be created), a "one-time half of a page summary publication notice in People Magazine and Sports Illustrated," and by online advertisements in several websites such as Google, YouTube, Facebook, Instagram, Twitter, and Pinterest. The settlement site will likely specify additional information including any deadlines and additional notices.

We-Vibe announced in its blog on October 3, 2016 several security improvements:

"... we updated the We-Connect^TM app and our app privacy notice. That update includes: a) Enhanced communication regarding our privacy practices and data collection – in both the onboarding process and in the app settings; b) No registration or account creation. Customers do not provide their name, email or phone number or other identifying information to use We-Connect; c) An option for customers to opt-out of sharing anonymous app usage data is available in the We-Connect settings; d) A new plain language Privacy Notice outlines how we collect and use data for the app to function and to improve We-Vibe products."

I briefly reviewed the We-Connect App Privacy Policy (dated September 26, 2016) linked from the Google Play store. When buying digital products online, often the privacy policy for the mobile app is different than the privacy policy for the website. (Informed shoppers read both.) Some key sections from the app privacy policy:

"Collection And Use of Information: You can use We-Vibe products without the We-Connect app. No information related to your use of We-Vibe products is collected from you if you don’t install and use the app."

I don't have access to the prior version of the privacy policy. That last sentence seems clear and should be a huge warning to prospective users about the data collection. More from the policy:

"We collect and use information for the purposes identified below... To access and use certain We-Vibe product features, the We-Connect app must be installed on an iOS or Android enabled device and paired with a We-Vibe product. We do not ask you to provide your name, address or other personally identifying information as part of the We-Connect app installation process or otherwise... The first time you launch the We-Connect app, our servers will provide you with an anonymous token. The We-Connect app will use this anonymous token to facilitate connections and share control of your We-Vibe with your partner using the Connect Lover feature... certain limited data is required for the We-Connect app to function on your device. This data is collected in a way that does not personally identify individual We-Connect app users. This data includes the type of device hardware and operating system, unique device identifier, IP address, language settings, and the date and time the We-Connect app accesses our servers. We also collect certain information to facilitate the exchange of messages between you and your partner, and to enable you to adjust vibration controls. This data is also collected in a way that does not personally identify individual We-Connect app users."

In a way that does not personally identify individuals? What way? Is that the "anonymous token" or something else? More clarity seems necessary.

Consumers should read the app privacy policy and judge for themselves. Me? I am skeptical. Why? The "unique device identifier" can be used exactly for that... to identify a specific phone. The IP address associated with each mobile device can also be used to identify specific persons. Match either number to the user's 10-digit phone number (readily available on phones), and it seems that one can easily re-assemble anonymously collected data afterwards to make it user-specific.

And since partner(s) can remotely control a user's We-Vibe device, their information is collected, too. Persons with multiple partners (and/or multiple We-Vibe devices) should thoroughly consider the implications.

The About Us page in the We-Vibe site contains this company description:

"We-Vibe designs and manufactures world-leading couples and solo vibrators. Our world-class engineers and industrial designers work closely with sexual wellness experts, doctors and consumers to design and develop intimate products that work in sync with the human body. We use state-of-the-art techniques and tools to make sure our products set new industry standards for ergonomic design and high performance while remaining eco‑friendly and body-safe."

Hmmmm. No mentions of privacy nor security. Hopefully, a future About Us page revision will mention privacy and security. Hopefully, no government officials use these or other branded smart sex toys. This is exactly the type of data collection spies will use to embarrass and/or blackmail targets.

The settlement is a reminder that companies are willing, eager, and happy to exploit consumers' failure to read privacy policies. A study last year found that 74 percent of consumers surveyed never read privacy policies.

All of this should be a reminder to consumers that companies highly value the information they collect about their users, and generate additional revenue streams by selling information collected to corporate affiliates, advertisers, marketing partners, and/or data brokers. Consumers' smartphones are central to that data collection.

What are your opinions of the We-Vibe settlement? Of its products and security?

The U.S. Department of Justice (DOJ) announced yesterday that a grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses related to the massive hack of millions of Yahoo webmail accounts. The charges were announced by Attorney General Jeff Sessions of the U.S. Department of Justice, Director James Comey of the Federal Bureau of Investigation (FBI), Acting Assistant Attorney General Mary McCord of the National Security Division, U.S. Attorney Brian Stretch for the Northern District of California and Executive Assistant Director Paul Abbate of the FBI’s Criminal, Cyber, Response and Services Branch.

The announcement described how the defendants, beginning in January 2014:

"... unauthorized access to Yahoo’s systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies. One of the defendants also exploited his access to Yahoo’s network for his personal financial gain, by searching Yahoo user communications for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions and enabling the theft of the contacts of at least 30 million Yahoo accounts to facilitate a spam campaign."

The four defendants are:

1. Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident
2. Igor Anatolyevich Sushchin, 43, a Russian national and resident,
3. Alexsey Alexseyevich Belan, aka “Magg,” 29, a Russian national and resident, and
4. Karim Baratov (a/k/a "Kay," "Karim Taloverov," and "Karim Akehmet Tokbergenov") 22, a Canadian and Kazakh national and a resident of Canada.

Several lawsuits have resulted from the Yahoo breach including a shareholder lawsuit alleging a breach of fiduciary duty by the directors of the tech company, and a class-action regarding stolen credit card payment information.

Attorney General Sessions said about the charges against four defendants:

"Cyber crime poses a significant threat to our nation’s security and prosperity, and this is one of the largest data breaches in history... But thanks to the tireless efforts of U.S. prosecutors and investigators, as well as our Canadian partners, today we have identified four individuals, including two Russian FSB officers, responsible for unauthorized access to millions of users’ accounts. The United States will vigorously investigate and prosecute the people behind such attacks..."

FBI Director said:

"... we continue to pierce the veil of anonymity surrounding cyber crimes... We are shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests."

Acting Assistant Attorney General McCord said:

"The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale... hackers around the world can and will be exposed and held accountable. State actors may be using common criminals to access the data they want..."

[Editor's note: today's guest post is by the reporters at ProPublica. Past actions by CBP, including the search of a domestic flight, have raised privacy concerns among many citizens. Informed consumers know their privacy rights before traveling. This news article first appeared on March 13 and is reprinted with permission.]

by Patrick G. Lee, ProPublica

A NASA scientist heading home to the U.S. said he was detained in January at a Houston airport, where Customs and Border Protection officers pressured him for access to his work phone and its potentially sensitive contents.

Last month, CBP agents checked the identification of passengers leaving a domestic flight at New York's John F. Kennedy Airport during a search for an immigrant with a deportation order.

And in October, border agents seized phones and other work-related material from a Canadian photojournalist. They blocked him from entering the U.S. after he refused to unlock the phones, citing his obligation to protect his sources.

These and other recent incidents have revived confusion and alarm over what powers border officials actually have and, perhaps more importantly, how to know when they are overstepping their authority.

The unsettling fact is that border officials have long had broad powers -- many people just don't know about them. Border officials, for instance, have search powers that extend 100 air miles inland from any external boundary of the U.S. That means border agents can stop and question people at fixed checkpoints dozens of miles from U.S. borders. They can also pull over motorists whom they suspect of a crime as part of "roving" border patrol operations.

Sowing even more uneasiness, ambiguity around the agency's search powers -- especially over electronic devices -- has persisted for years as courts nationwide address legal challenges raised by travelers, privacy advocates and civil-rights groups.

We've dug out answers about the current state-of-play when it comes to border searches, along with links to more detailed resources.

Doesn't the Fourth Amendment protect us from "unreasonable searches and seizures"?

Yes. The Fourth Amendment to the Constitution articulates the "right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures." However, those protections are lessened when entering the country at international terminals at airports, other ports of entry and subsequently any location that falls within 100 air miles of an external U.S. boundary.

How broad is Customs and Border Protection's search authority?

According to federal statutes, regulations and court decisions, CBP officers have the authority to inspect, without a warrant, any person trying to gain entry into the country and their belongings. CBP can also question individuals about their citizenship or immigration status and ask for documents that prove admissibility into the country.

This blanket authority for warrantless, routine searches at a port of entry ends when CBP decides to undertake a more invasive procedure, such as a body cavity search. For these kinds of actions, the CBP official needs to have some level of suspicion that a particular person is engaged in illicit activity, not simply that the individual is trying to enter the U.S.

Does CBP's search authority cover electronic devices like smartphones and laptops?

Yes. CBP refers to several statutes and regulations in justifying its authority to examine "computers, disks, drives, tapes, mobile phones and other communication devices, cameras, music and other media players, and any other electronic or digital devices."

According to current CBP policy, officials should search electronic devices with a supervisor in the room, when feasible, and also in front of the person being questioned "unless there are national security, law enforcement, or other operational considerations" that take priority. For instance, if allowing a traveler to witness the search would reveal sensitive law enforcement techniques or compromise an investigation, "it may not be appropriate to allow the individual to be aware of or participate in a border search," according to a 2009 privacy impact assessment by the Department of Homeland Security.

CBP says it can conduct these searches "with or without" specific suspicion that the person who possesses the items is involved in a crime.

With a supervisor's sign-off, CBP officers can also seize an electronic device -- or a copy of the information on the device -- "for a brief, reasonable period of time to perform a thorough border search." Such seizures typically shouldn't exceed five days, although officers can apply for extensions in up to one-week increments, according to CBP policy. If a review of the device and its contents does not turn up probable cause for seizing it, CBP says it will destroy the copied information and return the device to its owner.

Can CBP really search my electronic devices without any specific suspicion that I might have committed a crime?

The Supreme Court has not directly ruled on this issue. However, a 2013 decision from the U.S. Court of Appeals for the Ninth Circuit -- one level below the Supreme Court -- provides some guidance on potential limits to CBP's search authority.

In a majority decision, the court affirmed that cursory searches of laptops -- such as having travelers turn their devices on and then examining their contents -- does not require any specific suspicions about the travelers to justify them.

The court, however, raised the bar for a "forensic examination" of the devices, such as using "computer software to analyze a hard drive." For these more powerful, intrusive and comprehensive searches, which could provide access to deleted files and search histories, password-protected information and other private details, border officials must have a "reasonable suspicion" of criminal activity -- not just a hunch.

As it stands, the 2013 appeals court decision legally applies only to the nine Western states in the Ninth Circuit, including California, Arizona, Nevada, Oregon and Washington. It's not clear whether CBP has taken the 2013 decision into account more broadly: The last time the agency publicly updated its policy for searching electronic devices was in 2009. CBP is currently reviewing that policy and there is "no specific timeline" for when an updated version might be announced, according to the agency.

"Laptop computers, iPads and the like are simultaneously offices and personal diaries. They contain the most intimate details of our lives," the court's decision said. "It is little comfort to assume that the government -- for now -- does not have the time or resources to seize and search the millions of devices that accompany the millions of travelers who cross our borders. It is the potential unfettered dragnet effect that is troublesome."

During the 2016 fiscal year, CBP officials conducted 23,877 electronic media searches, a five-fold increase from the previous year. In both the 2015 and 2016 fiscal years, the agency processed more than 380 million arriving travelers.

Am I legally required to disclose the password for my electronic device or social media, if CBP asks for it?

That's still an unsettled question, according to Liza Goitein, co-director of the Liberty and National Security Program at the Brennan Center for Justice. "Until it becomes clear that it's illegal to do that, they're going to continue to ask," she said.

The Fifth Amendment says that no one shall be made to serve as "a witness against himself" in a criminal case. Lower courts, however, have produced differing decisions on how exactly the Fifth Amendment applies to the disclosure of passwords to electronic devices.

Customs officers have the statutory authority "to demand the assistance of any person in making any arrest, search, or seizure authorized by any law enforced or administered by customs officers, if such assistance may be necessary." That statute has traditionally been invoked by immigration agents to enlist the help of local, state and other federal law enforcement agencies, according to Nathan Wessler, a staff attorney with the ACLU's Speech, Privacy and Technology Project. Whether the statute also compels individuals being interrogated by border officials to divulge their passwords has not been directly addressed by a court, Wessler said.

Even with this legal uncertainty, CBP officials have broad leverage to induce travelers to share password information, especially when someone just wants to catch their flight, get home to family or be allowed to enter the country. "Failure to provide information to assist CBP may result in the detention and/or seizure of the electronic device," according to a statement provided by CBP.

Travelers who refuse to give up passwords could also be detained for longer periods and have their bags searched more intrusively. Foreign visitors could be turned away at the border, and green card holders could be questioned and challenged about their continued legal status.

"People need to think about their own risks when they are deciding what to do. US citizens may be comfortable doing things that non-citizens aren't, because of how CBP may react," Wessler said.

What is some practical advice for protecting my digital information?

Consider which devices you absolutely need to travel with, and which ones you can leave at home. Setting a strong password and encrypting your devices are helpful in protecting your data, but you may still lose access to your devices for undefined periods should border officials decide to seize and examine their contents.

Another option is to leave all of your devices behind and carry a travel-only phone free of most personal information. However, even this approach carries risks. "We also flag the reality that if you go to extreme measures to protect your data at the border, that itself may raise suspicion with border agents," according to Sophia Cope, a staff attorney at the Electronic Frontier Foundation. "It's so hard to tell what a single border agent is going to do."

The EFF has released an updated guide to data protection options here.

Does CBP recognize any exceptions to what it can examine on electronic devices?

If CBP officials want to search legal documents, attorney work product or information protected by attorney-client privilege, they may have to follow "special handling procedures," according to agency policy. If there's suspicion that the information includes evidence of a crime or otherwise relates to "the jurisdiction of CBP," the border official must consult the CBP associate/assistant chief counsel before undertaking the search.

As for medical records and journalists' notes, CBP says its officers will follow relevant federal laws and agency policies in handling them. When asked for more information on these procedures, an agency spokesperson said that CBP has "specific provisions" for dealing with this kind of information, but did not elaborate further. Questions that arise regarding these potentially sensitive materials can be handled by the CBP associate/assistant chief counsel, according to CBP policy. The agency also says that it will protect business or commercial information from "unauthorized disclosure."

Am I entitled to a lawyer if I'm detained for further questioning by CBP?

No. According to a statement provided by CBP, "All international travelers arriving to the U.S. are subject to CBP processing, and travelers bear the burden of proof to establish that they are clearly eligible to enter the United States. Travelers are not entitled to representation during CBP administrative processing, such as primary and secondary inspection."

Even so, some immigration lawyers recommend that travelers carry with them the number for a legal aid hotline or a specific lawyer who will be able to help them, should they get detained for further questioning at a port of entry.

"It is good practice to ask to speak to a lawyer," said Paromita Shah, associate director at the National Immigration Project of the National Lawyers Guild. "We always encourage people to have a number where their attorney can be reached, so they can explain what is happening and their attorney can try to intervene. It's definitely true that they may not be able to get into the actual space, but they can certainly intervene."

Lawyers who fill out this form on behalf of a traveler headed into the United States might be allowed to advocate for that individual, although local practices can vary, according to Shah.

Can I record my interaction with CBP officials?

Individuals on public land are allowed to record and photograph CBP operations so long as their actions do not hinder traffic, according to CBP. However, the agency prohibits recording and photography in locations with special security and privacy concerns, including some parts of international airports and other secure port areas.

Does CBP's power to stop and question people extend beyond the border and ports of entry?

Yes. Federal statutes and regulations empower CBP to conduct warrantless searches for people travelling illegally from another country in any "railway car, aircraft, conveyance, or vehicle" within 100 air miles from "any external boundary" of the country. About two-thirds of the U.S. population live in this zone, including the residents of New York City, Los Angeles, Chicago, Philadelphia and Houston, according to the ACLU.

As a result, CBP currently operates 35 checkpoints, where they can stop and question motorists traveling in the U.S. about their immigration status and make "quick observations of what is in plain view" in the vehicle without a warrant, according to the agency. Even at a checkpoint, however, border officials cannot search a vehicle's contents or its occupants unless they have probable cause of wrongdoing, the agency says. Failing that, CBP officials can ask motorists to allow them to conduct a search, but travelers are not obligated to give consent.

When asked how many people were stopped at CBP checkpoints in recent years, as well as the proportion of those individuals detained for further scrutiny, CBP said they didn't have the data "on hand" but that the number of people referred for secondary questioning was "minimum." At the same time, the agency says that checkpoints "have proven to be highly effective tools in halting the flow of illegal traffic into the United States."

Within 25 miles of any external boundary, CBP has the additional patrol power to enter onto private land, not including dwellings, without a warrant.

Where can CBP set up checkpoints?

CBP chooses checkpoint locations within the 100-mile zone that help "maximize border enforcement while minimizing effects on legitimate traffic," the agency says.

At airports that fall within the 100-mile zone, CBP can also set up checkpoints next to airport security to screen domestic passengers who are trying to board their flights, according to Chris Rickerd, a policy counsel at the ACLU's National Political Advocacy Department.

"When you fly out of an airport in the southwestern border, say McAllen, Brownsville or El Paso, you have Border Patrol standing beside TSA when they're doing the checks for security. They ask you the same questions as when you're at a checkpoint. 'Are you a US citizen?' They're essentially doing a brief immigration inquiry in the airport because it's part of the 100-mile zone," Rickerd said. "I haven't seen this at the northern border."

Can CBP do anything outside of the 100-mile zone?

Yes. Many of CBP's law enforcement and patrol activities, such as questioning individuals, collecting evidence and making arrests, are not subject to the 100-mile rule, the agency says. For instance, the geographical limit does not apply to stops in which border agents pull a vehicle over as part of a "roving patrol" and not a fixed checkpoint, according to Rickerd of the ACLU. In these scenarios, border agents need reasonable suspicion that an immigration violation or crime has occurred to justify the stop, Rickerd said. For stops outside the 100-mile zone, CBP agents must have probable cause of wrongdoing, the agency said.

The ACLU has sued the government multiple times for data on roving patrol and checkpoint stops. Based on an analysis of records released in response to one of those lawsuits, the ACLU found that CBP officials in Arizona failed "to record any stops that do not lead to an arrest, even when the stop results in a lengthy detention, search, and/or property damage."

The lack of detailed and easily accessible data poses a challenge to those seeking to hold CBP accountable to its duties.

"On the one hand, we fight so hard for reasonable suspicion to actually exist rather than just the whim of an officer to stop someone, but on the other hand, it's not a standard with a lot of teeth," Rickerd said. "The courts would scrutinize it to see if there's anything impermissible about what's going on. But if we don't have data, how do you figure that out?"

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

Most people love the Internet. It's a tool that has made life easier and more efficient in many ways. Even with all of those advances, the founder of the Internet listed three reasons why our favorite digital tool is in serious trouble:

1. Consumers have lost control of their personal information
2. It's too easy for anyone to publish misinformation online
3. Political advertising online lacks transparency

Tim Berners-Lee explained the first reason:

"The current business model for many websites offers free content in exchange for personal data. Many of us agree to this – albeit often by accepting long and confusing terms and conditions documents – but fundamentally we do not mind some information being collected in exchange for free services. But, we’re missing a trick. As our data is then held in proprietary silos, out of sight to us, we lose out on the benefits we could realise if we had direct control over this data and chose when and with whom to share it. What’s more, we often do not have any way of feeding back to companies what data we’d rather not share..."

Given appointees in the U.S. Federal Communications Commission (FCC) by President Trump, it will likely get worse as the FCC seeks to revoke online privacy and net neutrality protections for consumers in the United States. Berners-Lee explained the second reason:

"Today, most people find news and information on the web through just a handful of social media sites and search engines. These sites make more money when we click on the links they show us. And they choose what to show us based on algorithms that learn from our personal data that they are constantly harvesting. The net result is that these sites show us content they think we’ll click on – meaning that misinformation, or fake news, which is surprising, shocking, or designed to appeal to our biases, can spread like wildfire..."

Fake news has become so widespread that many public libraries, schools, and colleges teach students how to recognize fake news sites and content. The problem is more widespread and isn't limited to social networking sites like Facebook promoting certain news. It also includes search engines. Readers of this blog are familiar with the DuckDuckGo search engine for both online privacy online and to escape the filter bubble. According to its public traffic page, DuckDuckGo gets about 14 million searches daily.

Most other search engines collect information about their users and that to serve search results items related to what they've searched upon previously. That's called the "filter bubble." It's great for search engines' profitability as it encourages repeat usage, but is terrible for consumers wanting unbiased and unfiltered search results.

Berners-Lee warned that online political advertising:

"... has rapidly become a sophisticated industry. The fact that most people get their information from just a few platforms and the increasing sophistication of algorithms drawing upon rich pools of personal data mean that political campaigns are now building individual adverts targeted directly at users. One source suggests that in the 2016 U.S. election, as many as 50,000 variations of adverts were being served every single day on Facebook, a near-impossible situation to monitor. And there are suggestions that some political adverts – in the US and around the world – are being used in unethical ways – to point voters to fake news sites, for instance, or to keep others away from the polls. Targeted advertising allows a campaign to say completely different, possibly conflicting things to different groups. Is that democratic?"

What do you think of the assessment by Berners-Lee? Of his solutions? Any other issues?

The Boston Public Library (BPL) offers a wide variety of programs, events and workshops for the public. The Grove Hall branch is offering several sessions of the free workshop titled, "Recognizing Fake News."The workshop description:

"Join us for a workshop to learn how to critically watch the news on television and online in order to detect "fake news." Using the News Literacy Project's interactive Checkology^TM curriculum, leading journalists and other experts guide participants through real-life examples from the news industry."

What is fake news? The Public Libraries Association (PLA) offered this definition:

"Fake news is just as it sounds: news that is misleading and not based on fact or, simply put, fake. Unfortunately, the literal defi­nition of fake news is the least complicated aspect of this com­plex topic. Unlike satire news... fake news has the intention of disseminat­ing false information, not for comedy, but for consumption. And without the knowledge of appropriately identifying fake news, these websites can do an effective job of tricking the untrained eye into believing it’s a credible source. Indeed, its intention is deception.

To be sure, fake news is nothing new... The Internet, particularly social media, has completely manipulated the landscape of how information is born, consumed, and shared. No longer is content creation reserved for official publishing houses or media outlets. For better or for worse, anybody can form a platform on the Inter­net and gain a following. In truth, we all have the ability to create viral news—real or fake—with a simple tweet or Facebook post."

The News Literacy Project is a nonpartisan national nonprofit organization that works with educators and journalists to teach middle school and high school students how to distinguish fact from fiction.

The upcoming workshop sessions at the BPL Grove Hall branch are tomorrow, March 11 at 3:00 pm, and Wednesday, March 29 at 1:00 pm. Participants will learn about the four main types of content (e.g., news, opinion, entertainment, and advertising), and the decision processes journalists use to decide which news to publish. The workshop presents real examples enabling workshop participants to test their skills at recognizing the four types of content and "fake news."

While much of the workshop content is targeted at students, adults can also benefit. Nobody wants to be duped by fake or misleading news. Nobody wants to mistake advertising or opinion for news. The sessions include opportunities for participants to ask questions. The workshop lasts about an hour and registration is not required.

Many public libraries across the nation offer various workshops about how to spot "fake news," including Athens (Georgia), Austin (Texas), Bellingham (Washington), Chicago (Illinois), Clifton Park (New York), Davenport (Iowa), Elgin (Illinois), Oakland (California), San Jose (California), and Topeka (Kansas). Some colleges and universities offer similar workshops, including American University and Cornell University. Some workshops included panelists or speakers from local news organizations.

The BPL Grove Hall branch is located at 41 Geneva Avenue in the Roxbury section of Boston. The branch's phone is (617) 427-3337.

Have you attended a "fake news" workshop at a local public library in your town or city? If so, share your experience below.

A hacking division of the Central Intelligence Agency (CIA) has collected an arsenal of hundreds of tools to control a variety of smartphones and smart televisions, including devices made by Apple, Google, Microsoft, Samsung and others. The Tuesday, March 7 press release by WikiLeaks claimed this lost arsenal during its release of:

"... 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virginia... Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive."

WikiLeaks used the code name "Vault 7" to identify this release of its first set of documents, and claimed its source for the documents was a former government hacker or contractor. It also said that its source wanted to encourage a public debate about the CIA's capabilities, which allegedly overlap with the National Security Agency (NSA) causing waste.

The announcement also included statements allegedly describing the CIA's capabilities:

"CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA's DDI (Directorate for Digital Innovation)... By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware... The CIA's Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user's geolocation, audio and text communications as well as covertly activate the phone's camera and microphone. Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads."

CIA's capabilities reportedly include the "Weeping Angel" program:

"... developed by the CIA's Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization. The attack against Samsung smart TVs was developed in cooperation with the United Kingdom's MI5/BTSS. After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode, so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server."

Besides phones and smart televisions, WikiLeaks claimed the agency seeks to hack internet-connect autos and vehicles:

"As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations."

No doubt that during the coming weeks and months security experts will analyze the documents for veracity. The whole situation is reminiscent of the disclosures in 2013 about broad surveillance programs by the National Security Agency (NSA). You can read more about yesterday's disclosures by WikiLeaks at the Guardian UK, CBS News, the McClatchy DC news wire, and at Consumer Reports.

Rentokil, a pest control company, has introduced in the United Kingdom a new pest-control device for consumers wanting the latest WiFi technology. The company introduced ResiConnect, an Internet-connected mouse trap. A Rentokil representative explained to the Register UK newspaper:

“This is a trap that’s connected to the internet, essentially. Whereas there are other standard traps on the market that just catch and kill the mouse, that mouse can be caught in that trap for several weeks or several months. What this does is sends us a signal to notify us the trap has been activated, which allows us to respond... What this allows us to do is catch, kill and contain the mouse... and provide the best solution to the customer as well.”

Reportedly, the device sells for about £1,300, or about U.S. $1,300. Last summer, Rentokil Initial Plc announced a partnership with Google and PA Consulting Group (PA) to deploy globally the company's:

"... innovative digital pest control products and, in the future, to the development of ‘next generation’ services to offer customers new levels of proactive risk management against the threat of pest infestation... Rentokil has developed and begun to roll out its range of connected rodent control products particularly to customers in the tightly regulated food and pharmaceutical industries. In the field today, Rentokil has over 20,000 digital devices running in 12 countries which have now sent more than 3 million pieces of data.

The new digital pest control services use connected rodent devices with embedded sensors and mobile connectivity. The units communicate with Rentokil’s online ‘Command Centre’ and when they've caught a rodent, the technician is automatically alerted while customers are kept informed through myRentokil, the industry’s leading online portal... Built on Google’s Cloud Platform, and delivered by PA using Agile techniques, this technology is highly scalable and is now ready to be deployed more widely to existing and new customers from Q4 2016 and to other parts of the company..."

It seems that Rentokil is making available to consumers smart traps similar to those already deployed in the commercial market, such as fast food restaurants with multiple locations. Rentokil sells in the United States a device that uses radar to detect and capture mice. This raises the question: do consumers really need a smart mouse trap?

I have direct experience with mice. The building where I live is contains condominiums, and I have the responsibility to pay the condo association's monthly bills (e.g., water, insurance, and electricity), plus hire vendors and contractors, as needed, for repairs and maintenance. That includes pest control companies. Last week, our pest-control vendor deployed bait traps (e.g., poison and glue strips) in all units, plus the basement (with utilities and storage areas).

Obviously, owners of retail stores with multiple locations (e.g., fast food restaurants) would benefit from smart mouse traps. It seems cost-prohibitive to send (and pay for) technicians to visit each store and check multiple traps, while only selective traps would have caught rodents.

First, the benefit for residential customers sees marginal. Internet-connected mouse trap might appeal to squeamish consumers, who are afraid or unsure what to do, but it's hard to beat the convenience and low cost of a phone call. For our condo association, it was easy to know when a trap has caught a mouse. You heard the squeaking.

For us, the rodent removal process was easy. After a quick phone call the evening the mouse was caught, a pest-control technician arrived the next morning. The company sent a technician that was already in the area for nearby service calls. The technician removed the mouse stuck on a glue strip, checked, and re-baited several traps. That visit was included in the price we paid, and the phone call cost was negligible.

Second, the price seems expensive. The $1,600 price for a smart mouse trap equals about three years of what our condo association pays for pest control services.

Reliability and trust with smart devices are critical for consumers. A recent global study found that 44 percent of consumers are concerned about financial information theft via smart home devices, and 37 percent are concerned about identity theft.

Informed shoppers know that not all smart devices are built equally. Some have poor security features or lack software upgrades. These vulnerabilities create opportunities for bad guys to hack and infect consumers' home WiFi networks with malware to steal passwords and money, create spam, and use infected devices as part of DDoS attacks targeting businesses. (Yes, even the hosting service for this blog was targeted.) So, it is wise to understand any smart trap's software and security features before purchase.

What do you think? Are smart mouse traps worthwhile?