Chief Executive At Uber Resigns. Consultant Recommended Many Changes

Uber logo Travis Kalanick, the chief executive at Uber, resigned on Tuesday. Mr. Kalanick’s departure occurred after pressure from the ride-sharing company's investors. The New York Times reported:

"Earlier on Tuesday, five of Uber’s major investors demanded that the chief executive resign immediately. The investors included one of Uber’s biggest shareholders, the venture capital firm Benchmark, which has one of its partners, Bill Gurley, on Uber’s board. The investors made their demand for Mr. Kalanick to step down in a letter delivered to the chief executive while he was in Chicago, said the people with knowledge of the situation.

In the letter, titled “Moving Uber Forward” and obtained by The New York Times, the investors wrote to Mr. Kalanick that he must immediately leave and that the company needed a change in leadership. Mr. Kalanick, 40, consulted with at least one Uber board member, and after long discussions with some of the investors, he agreed to step down. He will remain on Uber’s board of directors."

Uber has been in the news recently for a variety of reasons. During February and March of this year, there were several executive changes, and an investigative report about "Greyball," a worldwide program to thwart code enforcement inspections by local governments. In April, a class-action lawsuit claimed that Uber manipulated its mobile app to simultaneously short-change drivers and over-charge riders.

After a February, 2017 blog post by a former engineer described her workplace experiences, the company engaged Eric Holder and Tammy Albarrán, partners at the law firm Covington & Burling LLP (Covington), to conduct a thorough and objective review of the workplace issues raised by Susan Fowler in her blog post. On March 1, 2017, Uber’s Board of Directors approved the establishment of a Special Committee of the Board to oversee that review, which included the evaluation of:

"... three issues: (1) Uber’s workplace environment as it related to the allegations of discrimination, harassment, and retaliation in Ms. Fowler’s post; (2) whether the company’s policies and practices were sufficient to prevent and properly address discrimination, harassment, and retaliation in the workplace; and (3) what steps Uber could take to ensure that its commitment to a diverse and inclusive workplace was reflected not only in the company’s policies but made real in the experiences of each of Uber’s employees."

These evaluation objectives and recommendations from Covington are available online in Uber's website. Uber's board adopted all of Covington's recommendations, which cover ten areas including senior management, internal controls, training, human resources, diversity, and more. Below is an outline from the detailed, 13 page recommendations document by Covington (Adobe PDF):

"1. Changes to Senior Leadership:
a) Review and Reallocate the Responsibilities of Travis Kalanick,
b) Use the Chief Operating Officer Search to Identify Candidates Who Can Help Address These Recommendations,
c) Use Performance Reviews to Hold Senior Leaders Accountable,
d) Increase the Profile of Uber’s Head of Diversity and the Efforts of His Organization,
e) Employment Actions

2. Enhance Board Oversight:
a) Enhance the Independence of the Board,
b) Install an Independent Chairperson of the Board,
c) Create an Oversight Committee,
d) Use Compensation to Hold Senior Leaders Accountable,
e) Nominate a Senior Executive Team Member to Oversee Implementation of any Recommendations

3. Internal Controls:
a) Implement Enhancements to the Audit Committee,
b) Implement Enhancements to Uber’s Internal Controls,
c) Human Resources Record-Keeping,
d) Track Agreements with Employees

4. Reformulate Uber’s 14 Cultural Values

5. Training:
a) Mandatory Leadership Training For Key Senior Management/Senior Executive Team Members,
b) Mandatory Human Resources Training,
c) Mandatory Manager Training,
d) Interview Training

6. Improvements to Human Resources and the Complaint Process:
a) An “Owner” of Resources-Related Policies Should be Identified or Hired,
b) Increase Management Support for Human Resources,
c) Provide a Robust and Effective Complaint Process,
d) Establish Protocols with Respect to Escalating Complaints,
e) Devote Adequate Staff and Resources to Human Resources

7. Diversity and Inclusion Enhancements:
a) Establish an Employee Diversity Advisory Board,
b) Regularly Publish Diversity Statistics,
c) Target Diverse Sources of Talent,
d) Utilize Blind Resume Review,
e) Adopt a Version of the “Rooney Rule,”
f) Adopt and Promote a Sponsorship Program,
g) Recognize and Support Employee Diversity Efforts,
h) Recognize Managers for their Diversity Efforts,
i) Review Benefits Offerings
j) Unconscious Bias Review,
k) Coordinate Efforts,
l) Solicit Feedback from Employees

8. Changes in Employee Policies and Practices:
a) EEO Policies,
b) Prohibit Romantic or Intimate Relationships Between Individuals in a Reporting Relationship,
c) Institute and Enforce Clear Guidelines on Alcohol Consumption and the Use of Controlled Substances,
d) Remove Transfer Barriers,
e) Modify Uber’s Performance Review Process,
f) Make Promotion Requirements Clearer,
g) Flexible Work,
h) Catered Dinner,
i) Even Application of Policies and Practices

9. Address Employee Retention

10. Review and Assess Uber’s Pay Practices"

The recommendations seem to cover all areas of the company and its operations. Uber and its board will be judged based upon how well they implement the recommendations. What are your opinions of Uber? The recommendations?


Massive Data Breach By RNC Contractor Exposed Information Of 198 Million Voters

GOP logo A massive data breach by a contractor hired by the Republican National Committee (RNC) has exposed the personal information of 198 million likely voters. The breach happened after a contractor, Deep Root Analytics, accidentally left the database files unprotected on an internet-connected computer server. The Hill reported:

"The databases were part of 25 terabytes of files contained in an Amazon cloud account that could be browsed without logging in. The account was discovered by researcher Chris Vickery of the security firm UpGuard. The files have since been secured."

Deep Root Analytics logo Deep Root Analytics helps a variety of clients, including political organizations, advertisers, and advocacy groups, identify custom audiences for television advertising -- in this instance, likely voters. Reportedly, the data elements exposed include full names, birth dates, residential addresses, and persons' positions on a variety of topics:

"... 46 different issues ranging from "how likely it is the individual voted for Obama in 2012, whether they agree with the Trump foreign policy of 'America First' and how likely they are to be concerned with auto manufacturing as an issue..."

The files exposed during the breach also identified another contractor hired by the RNC, Target Point, which experts conclude:

"... compiled and shared the data with Deep Root. Another folder appears to reference Data Trust, another contracted firm."

At press time, Target Point had not made any statements on its website. Deep Root issued this statement:

"Deep Root Analytics has become aware that a number of files within our online storage system were accessed without our knowledge. Deep Root Analytics builds voter models to help enhance advertiser understanding of TV viewership. The data accessed was not built for or used by any specific client. It is our proprietary analysis to help inform local television ad buying.

The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices. Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access. We take full responsibility for this situation.

Deep Root Analytics maintains industry standard security protocols. We built our systems in keeping with these protocols and had last evaluated and updated our security settings on June 1, 2017.

We are conducting an internal review and have retained cyber security firm Stroz Friedberg to conduct a thorough investigation. Through this process, which is currently underway, we have learned that access was gained through a recent change in access settings since June 1. We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked."

So, Deep Root wasn't aware of this breach until an outside security expert found it. Nor does the company seem certain about exactly what data elements were exposed/accessed by unauthorized persons. Not good. It makes one wonder what other undiscovered breaches may have happened.

Perhaps more troubling, the company's statement differs from news reports about the data elements exposed/accessed. The company's statement mentioned "publicly available" data, while news reports mentioned sensitive, non-public data. Hopefully, the results of Deep Root's internal breach investigation will clarify things. And, if sensitive information was truly exposed/stolen, hopefully Deep Root will do the right thing: notify breach victims and offer free credit monitoring services for at least two years.

This was not the first data breach of voter-related database data. A CouchDB breach in June 2016 exposed the sensitive information of 154 million voters. Both breaches seem to raise the question about whether political organizations, and the contractors they hire, adequately protect consumers' sensitive personal information.

Many consider this Deep Root data breach the largest voter breach ever. Yes, the data breach was undeniably massive. Why? Two measurement approaches highlight the fact.

First, the Quick Facts page at the U.S. Census Bureau site lists the population of the United States on July 1, 2015 at 321, 418,820 persons. Of those, 22.9 percent were under the age of 18. With a little "rough" math, one can calculate the population aged 18 or older at 247,813,910 persons. So, the Deep Root breach represented about 61.6 percent of the total population or 79.9 percent of the voting age population. That's almost 4 of every 5 adults aged 18 or older.

Second, the breach ranks near the largest when compared to notable data breaches during the past few years:

Regarding the AJLA portal breach earlier this year, the Privacy Rights Clearinghouse reported 1.7 million breach victims in Idaho and 430,000 in Oklahoma. Given this, the true number of breach victims is likely far higher.

What are your opinions about the Deep Root breach? Do political organizations, and the contractors they hire, adequately protect citizens' sensitive information? And, if not, what should be done?

When citizens vote, they expect privacy -- not just within voting booths. So, too, regarding the personal information and opinions data describing their voting. Arguably, voting data is different than other types of consumer information. And there is legal precedent for treating selected consumer information differently. Example: a set of privacy laws govern health care data. Perhaps, you have heard of the term: Protected Health Information (PHI). If data mining companies can't protect voters' data, then we just might need new laws to protect voting-related data: PVI = Protected Voting Information.

When data about voters is compromised (e.g., exposed and/or accessed), that is a strike at the heart of our democracy. Example: the bad guys could pressure voters using stolen information. Does the big-data/data-mining industry require oversight? Does Congress need to intervene to protect our democratic elections? What are your opinions about PVI?

[Correction: an earlier version of this blog post mentioned a database. Files were exposed, not a database nor an RNC database.]


Senator Warren Calls For the Firing Of All Wells Fargo Board Members

Wells Fargo logo In a letter sent Monday to the Federal Reserve Chair Janet Yellen, U.S. Senator Elizabeth Warren (D-Massachusetts) has called for the firing of all 12 board members at Wells Fargo bank for failing to adequately protect accountholders. CNBC reported first the Senator's letter, which read in part:

"The fake accounts scandal cost Wells Fargo customers millions of dollars in unauthorized fees and damaged many of their credit scores," the senator wrote. "The scandal also revealed severe problems with the bank's risk management practices — problems that justify the Federal Reserve's removal of all responsible Board members."

After implementing sales targets and an incentive program, many of the bank's employees secretly opened new accounts and transferred money from other accounts to fund the new accounts -- all without the customers' knowledge nor consent. In some cases, employees applied for credit cards, created PIN numbers, and operated fake e-mail accounts in customers' names.

The Consumer Financial Protection Bureau (CFPB) announced in September, 2016 the consent order with the bank. As a result of the fake-account scandal, the bank paid about $185 million in fines and fired 5,300 lower-level employees for setting up 2 million bogus accounts. Few or no senior executives have been punished.

Many Republicans and President Trump seek to defund and shut down the CFPB.

During October, 2016 Timothy J. Sloan was elected chief executive officer at Wells Fargo bank after the former CEO, John Stumpf, retired. Sloan also joined the board of directors as a member.

CNN Money reported:

"... Wells Fargo suffered from inadequate risk management systems that should have flagged the illegal activity earlier. Shareholder advisory firm Institutional Shareholder Services (ISS) agrees. ISS argued the Wells Fargo board made the scandal worse by failing to provide oversight that could have limited the damage..."

In her letter, Senator Warren urged the Federal Reserve to act:

"I urge you to use the tools Congress has given you to remove the responsible board members and protect the continued safety and soundness of one of the country's largest banks..."

Reportedly, the Senator's letter mentioned the following Wells Fargo board members: John D. Baker II, John S. Chen, Lloyd H. Dean, Elizabeth A. Duke, Enrique Hernandez, Donald M. James, Cynthia H. Milligan, Federico F. Pena, James H. Quigley, Stephen W. Sanger, Susan G. Swenson, and Suzanne M. Vautrinot.

Some banking experts see the demand as unprecedented and unlikely. All of the bank's board members were re-elected during the annual shareholder meeting in April , 2017. Also during April, the bank announced an expansion of its class-action settlement agreements for its retail sales practices. The expansion covered account holders affected as early as May, 2002 by the bogus new account scandal, and added $32 million to the settlement amount total.


Trump Administration Quietly Rolls Back Civil Rights Efforts Across Federal Government

[Editor's Note: today's guest blog post is by the reporters at ProPublica. Consent decrees are an important oversight tool to ensure corporate responsibility after wrongdoing. Today's post is reprinted with permission.]

By Jessica Huseman and Annie Waldman, ProPublica

Department of Justice logo For decades, the Department of Justice has used court-enforced agreements to protect civil rights, successfully desegregating school systems, reforming police departments, ensuring access for the disabled and defending the religious.

Now, under Attorney General Jeff Sessions, the DOJ appears to be turning away from this storied tool, called consent decrees. Top officials in the DOJ civil rights division have issued verbal instructions through the ranks to seek settlements without consent decrees -- which would result in no continuing court oversight.

The move is just one part of a move by the Trump administration to limit federal civil rights enforcement. Other departments have scaled back the power of their internal divisions that monitor such abuses. In a previously unreported development, the Education Department last week reversed an Obama-era reform that broadened the agency's approach to protecting rights of students. The Labor Department and the Environmental Protection Agency have also announced sweeping cuts to their enforcement.

"At best, this administration believes that civil rights enforcement is superfluous and can be easily cut. At worst, it really is part of a systematic agenda to roll back civil rights," said Vanita Gupta, the former acting head of the DOJ's civil rights division under President Barack Obama.

Consent decrees have not been abandoned entirely by the DOJ, a person with knowledge of the instructions said. Instead, there is a presumption against their use -- attorneys should default to using settlements without court oversight unless there is an unavoidable reason for a consent decree. The instructions came from the civil rights division's office of acting Assistant Attorney General Tom Wheeler and Deputy Assistant Attorney General John Gore. There is no written policy guidance.

Devin O'Malley, a spokesperson for the DOJ, declined to comment for this story.

Consent decrees can be a powerful tool, and spell out specific steps that must be taken to remedy the harm. These are agreed to by both parties and signed off on by a judge, whom the parties can appear before again if the terms are not being met. Though critics say the DOJ sometimes does not enforce consent decrees well enough, they are more powerful than settlements that aren't overseen by a judge and have no built-in enforcement mechanism.

Such settlements have "far fewer teeth to ensure adequate enforcement," Gupta said.

Consent decrees often require agencies or municipalities to take expensive steps toward reform. Local leaders and agency heads then can point to the binding court authority when requesting budget increases to ensure reforms. Without consent decrees, many localities or government departments would simply never make such comprehensive changes, said William Yeomans, who spent 26 years at the DOJ, mostly in the civil rights division.

"They are key to civil rights enforcement," he said. "That's why Sessions and his ilk don't like them."

Some, however, believe the Obama administration relied on consent decrees too often and sometimes took advantage of vulnerable cities unable to effectively defend themselves against a well-resourced DOJ.

"I think a recalibration would be welcome," said Richard Epstein, a professor at New York University School of Law and a fellow at the Hoover Institution at Stanford, adding that consent decrees should be used in cases where clear, systemic issues of discrimination exist.

Though it's too early to see how widespread the effect of the changes will be, the Justice Department appears to be adhering to the directive already.

On May 30, the DOJ announced Bernards Township in New Jersey had agreed to pay $3.25 million to settle an accusation it denied zoning approval for a local Islamic group to build a mosque. Staff attorneys at the U.S. attorney's office in New Jersey initially sought to resolve the case with a consent decree, according to a spokesperson for Bernards Township. But because of the DOJ's new stance, the terms were changed after the township protested, according to a person familiar with the matter. A spokesperson for the New Jersey U.S. attorney's office declined comment.

Sessions has long been a public critic of consent decrees. As a senator, he wrote they "constitute an end run around the democratic process." He lambasted local agencies that seek them out as a way to inflate their budgets, a "particularly offensive" use of consent decrees that took decision-making power from legislatures.

On March 31, Sessions ordered a sweeping review of all consent decrees with troubled police departments nationwide to ensure they were in line with the Trump administration's law-and-order goals. Days before, the DOJ had asked a judge to postpone a hearing on a consent decree with the Baltimore Police Department that had been arranged during the last days of the Obama administration. The judge denied that request, and the consent decree has moved forward.

The DOJ has already come under fire from critics for altering its approach to voting rights cases. After nearly six years of litigation over Texas' voter ID law -- which Obama DOJ attorneys said was written to intentionally discriminate against minority voters and had such a discriminatory effect -- the Trump DOJ abruptly withdrew its intent claims in late February.

Attorneys who worked on the case for years were barely consulted about the change -- many weren't consulted at all, according to two former DOJ officials with knowledge of the matter. Gore wrote the filing changing the DOJ's position largely by himself and asked the attorneys who'd been involved in the case for years to sign it to show continuity. Not all of the attorneys fell in line. Avner Shapiro -- who has been a prosecutor in the civil rights division for more than 20 years -- left his name off the filings written by Gore. Shapiro was particularly involved in developing the DOJ's argument that Texas had intentionally discriminated against minorities in crafting its voter ID legislation.

"That's the ultimate act of rebellion," Yeomans, the former civil rights division prosecutor, said. A rare act, removing one's name from a legal filing is one of the few ways career attorneys can express public disagreement with an administration.

Gore has no history of bringing civil rights cases. A former partner at the law firm Jones Day, he has instead defended states against claims of racial gerrymandering and represented North Carolina when the state was sued over its controversial "bathroom bill," which requires transgender people to use the facility that matched their birth gender.

All of the internal changes at the DOJ have left attorneys and staff with "a great deal of fear and uncertainty," said Yeomans. While he says the lawyers there would like to stay at the department, they fear Sessions' priorities will have devastating impact on their work.

The DOJ's civil rights office is not alone in fearing rollbacks in enforcement. Across federal departments, the Trump administration has made moves to diminish the power of civil rights divisions.

U.S. Department of Education logo The Department of Education has laid out plans to loosen requirements on investigations into civil rights complaints, according to an internal memo sent to staff on June 8 and obtained by ProPublica.

Under the Obama administration, the department's office for civil rights applied an expansive approach to investigations. Individual complaints related to complex issues such as school discipline, sexual violence and harassment, equal access to educational resources, or racism at a single school might have prompted broader probes to determine whether the allegations were part of a pattern of discrimination or harassment.

The new memo, sent by Candice Jackson, the acting assistant secretary for civil rights, to regional directors at the department's civil rights office, trims this approach. Jackson was appointed deputy assistant secretary for the office in April and will remain as the acting head of the office until the Senate confirms a full-time assistant secretary. Trump has not publicly nominated anyone for the role yet.

The office will apply the broader approach "only" if the original allegations raise systemic concerns or the investigative team argues for it, Jackson wrote in the memo.

As part of the new approach, the Education Department will no longer require civil rights investigators to obtain three years of complaint data from a specific school or district to assess compliance with civil rights law.

Critics contend the Obama administration's probes were onerous. The office "did such a thorough review of everything that the investigations were demanding and very expensive" for schools, said Boston College American politics professor R. Shep Melnick, adding that the new approach could take some regulatory pressure off schools and districts.

But some civil rights leaders believe the change could undermine the office's mission. This narrowing of the department's investigations "is stunning to me and dangerous," said Catherine Lhamon, who led the Education Department's civil rights office from August 2013 until January 2017 and currently chairs the United States Commission on Civil Rights. "It's important to take an expansive view of the potential for harm because if you look only at the most recent year, you won't necessarily see the pattern," said Lhamon.

The department's new directive also gives more autonomy to regional offices, no longer requiring oversight or review of some cases by department headquarters, according to the memo.

The Education Department did not respond to ProPublica's request for comment.

Education Secretary Betsy DeVos has also proposed cutting over 40 positions from the civil rights office. With reduced staff, the office will have to "make difficult choices, including cutting back on initiating proactive investigations," according to the department's proposed budget.

Elsewhere, Trump administration appointees have launched similar initiatives. In its 2018 fiscal plan, the Labor Department has proposed dissolving the office that handles discrimination complaints. Similarly, new leadership at the Environmental Protection Agency has proposed entirely eliminating the environmental justice program, which addresses concerns that almost exclusively impact minority communities. The Washington Post reports the plan transfers all environmental justice work to the Office of Policy, which provides policy and regulatory guidance across the agency.

Mustafa Ali, a former EPA senior adviser and assistant associate administrator for environmental justice who served more than 20 years, quit the agency in protest days before the plan was announced. In his resignation letter, widely circulated in the media, Ali suggested the new leadership was abandoning "those who need our help most."

Ryan Gabrielson contributed to this report.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Russian Cyber Attacks Against US Voting Systems Wider Than First Thought

Cyber attacks upon electoral systems in the United States are wider than originally thought. The attacks occurred in at least 39 states. The Bloomberg report described online attacks in Illinois as an example:

"... investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016... In early July 2016, a contractor who works two or three days a week at the state board of elections detected unauthorized data leaving the network, according to Ken Menzel, general counsel for the Illinois board of elections. The hackers had gained access to the state’s voter database, which contained information such as names, dates of birth, genders, driver’s licenses and partial Social Security numbers on 15 million people, half of whom were active voters. As many as 90,000 records were ultimately compromised..."

Politicians have emphasized that the point of the disclosures isn't to embarrass any specific state, but to alert the public to past activities and to the ongoing threat. The Intercept reported:

"Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light."

Spear-fishing is the tactic criminals use by sending malware-laden e-mail messages to targeted individuals, whose names and demographic details may have been collected from social networking sites and other sources. The spam e-mail uses those details to pretend to be valid e-mail from a coworker, business associate, or friend. When the target opens the e-mail attachment, their computer and network are often infected with malware to collect and transmit log-in credentials to the criminals; or to remotely take over the targets' computers (e.g., ransomware) and demand ransom payments. Stolen log-in credentials are how criminals steal consumers' money by breaking into online bank accounts.

The Intercept report explained how the elections systems hackers adopted this tactic:

"... the Russian plan was simple: pose as an e-voting vendor and trick local government employees into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers. But in order to dupe the local officials, the hackers needed access to an election software vendor’s internal systems to put together a convincing disguise. So on August 24, 2016, the Russian hackers sent spoofed emails purporting to be from Google to employees of an unnamed U.S. election software company... The spear-phishing email contained a link directing the employees to a malicious, faux-Google website that would request their login credentials and then hand them over to the hackers. The NSA identified seven “potential victims” at the company. While malicious emails targeting three of the potential victims were rejected by an email server, at least one of the employee accounts was likely compromised, the agency concluded..."

Experts believe the voting equipment company targeted was VR Systems, based in Florida. Reportedly, it's electronic voting services and equipment are used in eight states. VR Systems posted online a Frequently Asked Questions document (adobe PDF) about the cyber attacks against elections systems:

"Recent reports indicate that cyber actors impersonated VR Systems and other elections companies. Cyber actors sent an email from a fake account to election officials in an unknown number of districts just days before the 2016 general election. The fraudulent email asked recipients to open an attachment, which would then infect their computer, providing a gateway for more mischief... Because the spear-phishing email did not originate from VR Systems, we do not know how many jurisdictions were potentially impacted. Many election offices report that they never received the email or it was caught by their spam filters before it could reach recipients. It is our understanding that all jurisdictions, including VR Systems customers, have been notified by law enforcement agencies if they were a target of this spear-phishing attack... In August, a small number of phishing emails were sent to VR Systems. These emails were captured by our security protocols and the threat was neutralized. No VR Systems employee’s email was compromised. This prevented the cyber actors from accessing a genuine VR Systems email account. As such, the cyber actors, as part of their late October spear-phishing attack, resorted to creating a fake account to use in that spear-phishing campaign."

It is good news that VR Systems protected its employees' e-mail accounts. Let's hope that those employees were equally diligent about protecting their personal e-mail accounts and home computers, networks, and phones. We all know employees that often work from home.

The Intercept report highlighted a fact about life on the internet, which all internet users should know: stolen log-in credentials are highly valued by criminals:

"Jake Williams, founder of computer security firm Rendition Infosec and formerly of the NSA’s Tailored Access Operations hacking team, said stolen logins can be even more dangerous than an infected computer. “I’ll take credentials most days over malware,” he said, since an employee’s login information can be used to penetrate “corporate VPNs, email, or cloud services,” allowing access to internal corporate data. The risk is particularly heightened given how common it is to use the same password for multiple services. Phishing, as the name implies, doesn’t require everyone to take the bait in order to be a success — though Williams stressed that hackers “never want just one” set of stolen credentials."

So, a word to the wise for all internet users: don't use the same log-in credentials at multiple site. Don't open e-mail attachments from strangers. If you weren't expecting an e-mail attachment from a coworker/friend/business associate, call them on the phone first and verify that they indeed sent an attachment to you. The internet has become a dangerous place.


Dozens Of Uber Employees Fired Or Investigated For Harassment. Uber And Lyft Drivers Unaware of Safety Recalls

Uber logo Ride-sharing companies are in the news again and probably not for the reasons their management executives would prefer. First, TechCrunch reported on Thursday:

"... at a staff meeting in San Francisco, Uber executives revealed to the company’s 12,000 employees that 20 of their colleagues had been fired and that 57 are still being probed over harassment, discrimination and inappropriate behavior, following a string of accusations that Uber had created a toxic workplace and allowed complaints to go unaddressed for years. Those complaints had pushed Uber into crisis mode earlier this year. But the calamity may be just beginning... Uber fired senior executive Eric Alexander after it was leaked to Recode that Alexander had obtained the medical records of an Uber passenger in India who was raped in 2014 by her driver."

"Recode also reported that Alexander had shared the woman’s file with Kalanick and his senior vice president, Emil Michael, and that the three men suspected the woman of working with Uber’s regional competitor in India, Ola, to hamper its chances of success there. Uber eventually settled a lawsuit brought by the woman against the company..."

News broke in March, 2017 about both the Recode article and the Grayball activity at Uber to thwart local government code inspections. In February, a former Uber employee shared a disturbing story with allegations of sexual harassment.

Lyft logo Second, the investigative team at WBZ-TV, the local CBS afiliate in Boston, reported that many Uber and Lyft drivers are unaware of safety recalls affecting their vehicles. This could make rides in these cars unsafe for passengers:

"Using an app from Carfax, we quickly checked the license plates of 167 Uber and Lyft cars picking up passengers at Logan Airport over a two day period. Twenty-seven of those had open safety recalls or about 16%. Recalls are issued when a manufacturer identifies a mechanical problem that needs to be fixed for safety reasons. A recent example is the millions of cars that were recalled when it was determined the airbags made by Takata could release shrapnel when deployed in a crash."

Both ride-sharing companies treat drivers as independent contractors. WBZ-TV reported:

"Uber told the [WBZ-TV investigative] Team that drivers are contractors and not employees of the company. A spokesperson said they provide resources to drivers and encourage them to check for recalls and to perform routine maintenance. Drivers are also reminded quarterly to check with NHTSA for recall information."

According to the president of the Massachusetts Bar Association Jeffrey Catalano, the responsibility to make sure the car is safe for passengers lies mainly with the driver. But because Uber and Lyft both advertise their commitment to safety on their websites, they too could be held responsible."


Trump Is Not the Only One Blocking Constituents on Twitter

[Editor's note: today's guest blog post, by the reporters at ProPublica, explores the emerging debate about whether the appropriate, perhaps ethical, use of social media by publicly elected officials and persons campaigning for office. Should they be able to block constituents posting views they dislike or disagree with? Is it really public speech on a privately-run social networking sites? Would you vote for person who blocks constituents? Do companies operating social networking site have a responsibility in this? Today's post is reprinted with permission.]

by Charles Ornstein, ProPublica

As President Donald Trump faces criticism for blocking users on his Twitter account, people across the country say they, too, have been cut off by elected officials at all levels of government after voicing dissent on social media.

In Arizona, a disabled Army veteran grew so angry when her congressman blocked her and others from posting dissenting views on his Facebook page that she began delivering actual blocks to his office.

A central Texas congressman has barred so many constituents on Twitter that a local activist group has begun selling T-shirts complaining about it.

And in Kentucky, the Democratic Party is using a hashtag, #BevinBlocked, to track those who've been blocked on social media by Republican Gov. Matt Bevin. (Most of the officials blocking constituents appear to be Republican.)

The growing combat over social media is igniting a new-age legal debate over whether losing this form of access to public officials violates constituents' First Amendment rights to free speech and to petition the government for a redress of grievances. Those who've been blocked say it's akin to being thrown out of a town hall meeting for holding up a protest sign.

On Tuesday, the Knight First Amendment Institute at Columbia University called upon Trump to unblock people who've disagreed with him or directed criticism at him or his family via the @realdonaldtrump account, which he used prior to becoming president and continues to use as his principal Twitter outlet.

Trump blocked me after this tweet.Let's all hope the courts continue to protect us. Never stop resisting. pic.twitter.com/TlR4zgHCoU

-- Nick Jack Pappas (@Pappiness) June 5, 2017

"Though the architects of the Constitution surely didn't contemplate presidential Twitter accounts, they understood that the president must not be allowed to banish views from public discourse simply because he finds them objectionable," Jameel Jaffer, the Knight Institute's executive director, said in a statement.

The White House did not respond to a request for comment, but press secretary Sean Spicer said earlier Tuesday that statements the president makes on Twitter should be regarded as official statements.

Similar flare-ups have been playing out in state after state.

Earlier this year, the American Civil Liberties Union of Maryland called on Governor Larry Hogan, a Republican, to stop deleting critical comments and barring people from commenting on his Facebook page. (The Washington Post reported that the governor had blocked 450 people as of February.)

Deborah Jeon, the ACLU's legal director, said Hogan and other elected officials are increasingly foregoing town hall meetings and instead relying on social media as their primary means of communication with constituents. "That's why it's so problematic," she said. "If people are silenced in that medium," they can't effectively interact with their elected representative.

The governor's office did not respond to a request for comment this week. After the letter, however, it reinstated six of the seven people specifically identified by the ACLU (it said it couldn't find the seventh). "While the ACLU should be focusing on much more important activities than monitoring the governor's Facebook page, we appreciated them identifying a handful of individuals -- out of the over 1 million weekly viewers of the page -- that may have been inadvertently denied access," a spokeswoman for the governor told the Post.

Practically speaking, being blocked cuts off constituents from many forms of interacting with public officials. On Facebook, it means no posts, no likes and no questions or comments during live events on the page of the blocker. Even older posts that may not be offensive are taken down. On Twitter, being blocked prevents a user from seeing the other person's tweets on his or her timeline.

Moreover, while Twitter and Facebook themselves usually suspend account holders only temporarily for breaking rules, many elected officials don't have established policies for constituents who want to be reinstated. Sometimes a call is enough to reverse it, other times it's not.

Eugene Volokh, a constitutional law professor at the UCLA School of Law, said that for municipalities and public agencies, such as police departments, social media accounts would generally be considered "limited public forums" and therefore, should be open to all.

"Once they open it up to public comments, they can't then impose viewpoint-based restrictions on it," he said, for instance allowing only supportive comments while deleting critical ones.

But legislators are different because they are people. Elected officials can have personal accounts, campaign accounts and officeholder accounts that may appear quite similar. On their personal and campaign accounts, there's little disagreement that officials can engage with -- or block -- whoever they want. Last month, for instance, ProPublica reported how Rep. Peter King (Republican, New York) blocked users on his campaign account after they criticized his positions on health reform and other issues.

But what about their officeholder social media accounts?

The ACLU's Jeon says that they should be public if they use government resources, including staff time and office equipment to maintain the page. "Where that's the situation and taxpayer resources are going to it, then the full power of the First Amendment applies," she said. "It doesn't matter if they're members of Congress or the governor or a local councilperson."

Volokh of UCLA disagreed. He said that members of Congress are entitled to their own private speech, even on official pages. That's because each is one voice among many, as opposed to a governor or mayor. "It's clear that whatever my senator is, she's not the government. She is one person who is part of a legislative body," he said. "She was elected because she has her own views and it makes sense that if she has a Twitter feed or a Facebook page, that may well be seen as not government speech but the voice of somebody who may be a government official."

Volokh said he's inclined to see Trump's @realdonaldtrump account as a personal one, though other legal experts disagree.

"You could imagine actually some other president running this kind of account in a way that's very public minded -- 'I'm just going to express the views of the executive branch,'" he said. "The @realdonaldtrump account is very much, 'I'm Donald Trump. I'm going to be expressing my views, and if you don't like it, too bad for you.' That sounds like private speech, even done by a government official on government property."

It's possible the fight over the president's Twitter account will end up in court, as such disputes have across the country. Generally, in these situations, the people contesting the government's social media policies have reached settlements ending the questionable practices.

After being sued by the ACLU, three cities in Indiana agreed last year to change their policies by no longer blocking users or deleting comments.

In 2014, a federal judge ordered the City and County of Honolulu to pay $31,000 in attorney's fees to people who sued, contending that the Honolulu Police Department violated their constitutional rights by deleting their critical Facebook posts.

And San Diego County agreed to pay the attorney's fees of a gun parts dealer who sued after its Sheriff's Department deleted two Facebook posts that were critical of the sheriff and banned the dealer from commenting. The department took down its Facebook page after being sued and paid the dealer $20 as part of the settlement.

Angela Greben, a California paralegal, has spent the past two years gathering information about agencies and politicians that have blocked people on social media -- Democrats and Republican alike -- filing ethics complaints and even a lawsuit against the city of San Mateo, California, its mayor and police department. (They settled with her, giving her some of what she wanted.)

Greben has filed numerous public-records requests to agencies as varied as the Transportation Security Administration, the Seattle Police Department and the Connecticut Lottery seeking lists of people they block. She's posted the results online.

"It shouldn't be up to the elected official to decide who can tweet them and who can't," she said. "Everybody deserves to be treated equally and fairly under the law."

Even though she lives in California, Greben recently filed an ethics complaint against Atlanta Mayor Kasim Reed, a Democrat, who has been criticized for blocking not only constituents but also journalists who cover him. Reed has blocked Greben since 2015 when she tweeted about him... well, blocking people on Twitter. "He's notorious for blocking and muting people," she said, meaning he can't see their tweets but they can still see his.

@LizLemeryJoy @KasimReed Mr. Mayor you are violating the #civilrights of all you have #blocked! @Georgia_AG @FOX5Atlanta @11AliveNews

-- Angela Greben (@AngelaGreben) March 7, 2015

In a statement, a city spokeswoman defended the mayor, saying he's now among the top five most-followed mayors in the country. "Mayor Reed uses social media as a personal platform to engage directly with constituents and some journalists. 2026 Like all Twitter users, Mayor Reed has the right to stop engaging in conversations when he determines they are unproductive, intentionally inflammatory, dishonest and/or misleading."

Asked how many people he has blocked, she replied that the office doesn't keep such a list.

J'aime Morgaine, the Arizona veteran who delivered blocks to the office of Rep. Paul Gosar, a Republican, said being blocked on Facebook matters because her representative no longer hosts in-person town hall meetings and has started to answer questions on Facebook Live. Now she can't ask questions or leave comments.

"I have lost and other people who have been blocked have lost our right to participate in the democratic process," said Morgaine, leader of Indivisible Kingman, a group that opposes the president's agenda. "I am outraged that my congressman is blocking my voice and trampling upon my constitutional rights."

@RepGosar ..You weren't home when I delivered this message to your office, but no worries...there WILL be more!Stop BLOCKING Constituents! pic.twitter.com/JTWGQwhxKt

-- Indivisible Kingman (@IndivisibleCD4) May 13, 2017

Morgaine said the rules are not being applied equally. "They're not blocking everybody who's angry," she said. "They're blocking the voices of dissent, and there's no process for getting unblocked. There's no appeals process. There's no accountability."

A spokeswoman for Gosar defended his decision to block constituents but did not answer a question about how many have been blocked.

"Congressman Gosar's policy has been consistent since taking office in January 2010," spokeswoman Kelly Roberson said in an email. "In short: 2018Users whose comments or posts consist of profanity, hate speech, personal attacks, homophobia or Islamophobia may be banned.'"

On his Facebook page, Gosar posts the policy that guides his actions. It says in part, "Users are banned to promote healthy, civil dialogue on this page but are welcome to contact Congressman Gosar using other methods," including phone calls, emails and letters.

Sometimes, users are blocked repeatedly.

Community volunteer Gayle Lacy was named 2015 Wacoan of the Year for her effort to have the site of mammoth fossils in Waco, Texas, designated a national monument. Lacy's latest fight has been with her congressman, Bill Flores, who was with her in the Oval Office when Obama designated the site a national monument in 2015. She has been blocked three times by Flores' congressional Twitter account and once by his campaign account. One of those blocks happened after she tweeted at him: "My father died in service for this country, but you are not representative of that country and neither is your dear leader."

Lacy said she was able to get unblocked each time from Flores' congressional account by calling his office but remains blocked on the campaign one. "I don't know where to call," she said. "I asked in his D.C. office who I needed to call and I was told that they don't have that information."

Lacy and others said Flores blocks those who question him. Austin lawyer Matt Miller said he was blocked for asking when Flores would hold a town hall meeting. "It's totally inappropriate to block somebody, especially for asking a legitimate question of my elected representative," Miller said.

In a statement, Flores spokesman Andre Castro said Flores makes his policies clear on Twitter and on Facebook. "We reserve the right to block users whose comments include profanity, name-calling, threats, personal attacks, constant harping, inappropriate or false accusations, or other inappropriate comments or material. As the Congressman likes to say 2014 2018If you would not say it to your grandmother, we will not allow it here.'"

Ricardo Guerrero, an Austin marketer who is one of the leaders of a local group opposed to Trump's agenda, said he has gotten unblocked by Flores twice but then was blocked again and "just kind of gave up."

"He's creating an echo chamber of only the people that agree with him," Guerrero said of Flores. "He's purposefully removing any semblance of debate or alternative ideas or ideas that challenge his own -- and that seems completely undemocratic. That's the bigger issue in my mind."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Study: Police Officers Talk More Respectfully To White Residents Than Non-White Residents

Researchers analyzed the language recorded by body cameras during police stops, and concluded that police officers talk more respectfully to White residents than non-White residents. The study, published Monday in the Proceedings of the National Academy of Sciences, included 183 hours of body camera footage taken during 981 routine traffic stops in April 2014 by 245 different officers in the Oakland Police Department.

The researchers found:

"Police officers speak significantly less respectfully to black than to white community members in everyday traffic stops, even after controlling for officer race, infraction severity, stop location, and stop outcome. This paper presents a systematic analysis of officer body-worn camera footage, using computational linguistic techniques to automatically measure the respect level that officers display to community members. This work demonstrates that body camera footage can be used as a rich source of data rather than merely archival evidence, and paves the way for developing powerful language-based tools for studying and potentially improving police–community relations. "

The study included random selections of 312 utterances spoken to black residents and 102 utterances spoken to white residents. Next, 10 volunteers rated each interaction without knowing the names, races, or identifying information of the police officers. Then, the researchers used a computer model to analyze the ratings based upon scientific literature about respect.

Why this study is important:

"Despite the rapid proliferation of body-worn cameras, no law enforcement agency has systematically analyzed the massive amounts of footage these cameras produce. Instead, the public and agencies alike tend to focus on the fraction of videos involving high-profile incidents, using footage as evidence of innocence or guilt in individual encounters... Previous research on police–community interactions has relied on citizens’ recollection of past interactions or researcher observation of officer behavior to assess procedural fairness. Although these methods are invaluable, they offer an indirect view of officer behavior and are limited to a small number of interactions...

Key findings from the full report:

"... white community members are 57% more likely to hear an officer say one of the most respectful utterances in our dataset, whereas black community members are 61% more likely to hear an officer say one of the least respectful utterances in our dataset. (Here we define the top 10% of utterances to be most respectful and the bottom 10% to be least respectful.) This work demonstrates the power of body camera footage as an important source of data, not just as evidence, addressing limitations with methodologies that rely on citizens’ recollection of past interactions..."

Perhaps, most importantly (bold emphasis added):

"The racial disparities in officer respect are clear and consistent, yet the causes of these disparities are less clear. It is certainly possible that some of these disparities are prompted by the language and behavior of the community members themselves, particularly as historical tensions in Oakland and preexisting beliefs about the legitimacy of the police may induce fear, anger, or stereotype threat. However, community member speech cannot be the sole cause of these disparities... We observe racial disparities in officer respect even in police utterances from the initial 5% of an interaction, suggesting that officers speak differently to community members of different races even before the driver has had the opportunity to say much at all."

"Regardless of cause, we have found that police officers’ interactions with blacks tend to be more fraught, not only in terms of disproportionate outcomes (as previous work has shown) but also interpersonally, even when no arrest is made and no use of force occurs. These disparities could have adverse downstream effects, as experiences of respect or disrespect in personal interactions with police officers play a central role in community members’ judgments of how procedurally fair the police are as an institution, as well as the community’s willingness to support or cooperate with the police."

The findings indicate training opportunities for law enforcement, and apply only to the Oakland, California police department. Additional studies are needed to draw conclusions about other police departments. CNN interviewed Rob Voigt, the lead author of the study at Stanford University:

"We're also hoping it inspires police departments to consider cooperating with researchers more. And facilitating this kind of analysis of body camera footage will help police departments improve their relationship with the community, and it will give them techniques for better communication... When people feel they're respected by the police, they are more likely to trust the police, they are more likely to cooperate with the police, and so on and so forth. So we have reason to expect that these differences that we find have real-world effects."

I look forward to future studies. What are your opinions?


Verizon To Exit Its Copper Wire Telephone Business In Several States In 2018

Verizon logo If your home uses a copper wire telephone service, often called a "landline" or POTS (e.g., Plain Old Telephone Service), you may soon have to make a change. In Boston, Verizon will abandon its landline business in June 2018.

On Saturday, my wife received a letter via postal mail from Verizon. We live in Boston. The "Notice of Copper Retirement" stated:

"Currently, Verizon brings voice and/or data services to your home over copper cables. However, the company is updating to fiber-optic technology in your area, and will be retiring its copper facilities that currently serve you and your neighbors.

To continue to provide you service, Verizon will have to move your service to these fiber-optic facilities. If fiber is available to your home now, we will be contacting you individually soon to schedule an appointment to transition your services to fiber. Otherwise, we will be contacting you once fiber is available. In either case, we will need to move your service well before we retire the copper in your area which is scheduled for on or after June 1, 2018

We will transfer your voice services from copper to fiber at no cost to you. This transfer will not result in any change to the voice service that you currently receive from Verizon. You may continue to subscribe to the same voice service at the same price, terms, and conditions. In addition, any devices that rely upon your voice service, such as fax machines, medical devices, or security alarms connected to a central station, will continue to work in the same way as they currently do over copper. We will also provide you with a battery backup device at no charge. For almost all residential customers, that device uses standard D-cell batteries that can support up to 24 hours of standby voice service during a commercial power outage. In case of a prolonged power outage, you can simply replace the batteries and extend the backup power.

If you subscribe to our High Speed Internet service, the migration to fiber will require a change since that service is not available on our fiber facilities. The Internet access service that we offer on fiber is FiOS Internet. FiOS Internet is available at significantly faster speeds than High Speed Internet. We will offer the service at a special rate for customers who migrate from copper to fiber facilities as a result of the retirement of our copper facilities. In some cases, this price may be lower or higher than what you currently pay for internet access.

Please review the Frequently Asked Questions for additional information about the fiber update or visit us at verizon.com/fiberupgrade. If you still have questions, please call us Monday through Friday, 8 a.m. - 8 p.m., or Saturday 9 a.m. - 5 p.n. at 1-877-439-7442.

You may also contact the Federal Communications Commission or your State Commission if you have any questions. Thank you for continuing to be a loyal customer. We greatly appreciate your business.

Sincerely

Janet Gazlay Martin
Director, Network Transformation

I visited the website mentioned in the notice. That site pitches the FiOS Internet service, and doesn't explain the company's copper landline retirement activities. You have to do a little digging online to find the locations where Verizon announced its retirement of copper-wire telephone services. The locations include several states in the Northeast and Middle Atlantic regions. Earlier this month, Verizon announced the retirement of copper landlines next year in the following states, cities, and towns:

  • Delaware: Newark, Ocean View
  • Maryland: Bethesda, Columbia, Glen Burnie, Rockville, Towson
  • Massachusetts: Danvers, Dorchester, Framingham, Hanover, Lawrence, Leominster, Marblehead, Newton, North Chelmsford, Roxbury, Stoughton, West Roxbury
  • New Jersey: Bergen, Berlin, Cape May, Cranford, East Dover, East Orange, Ewing, Freehold, Hackensack, Haddonfield, Journal Square, Marlton, Medford, Merchantville, Morristown, New Brunswick, Red Bank, Somerville, Toms River, Union City, Wall Township, Woodbury
  • New York: Cayuga Williamsville, Cornwall, Mineola, Mount Vernon, Plainview Central, Skaneateles, White Plains, and multiple areas within all of the five boroughs of New York City
  • Pennsylvania: Allentown, Dormont, Glenolden, Jefferson, Jenkintown, Mayfair, Mechanicsburg, portions of Philadelphia, Pilgrim, Turtle Creek, Wilkinsburg
  • Rhode Island: portions of Providence
  • Virginia: Arlington, Falls Church, Reston, Springfield, Virginia Beach, and portions of Richmond

The telecommunications company made similar announcements during February, 2017 about other areas within the same states. Verizon is not alone. Telephone companies have planned for years to abandon their their copper landline services. In August 2015, the Institute of Electrical and Electronics Engineers (IEEE) reported that the U.S. Federal Communications Commission (FCC):

"... set new ground rules for carriers seeking to replace their old copper telephone networks. Approved by a 3-2 vote at an open meeting yesterday, the rules require carriers to notify customers in advance and to seek FCC approval before reducing services... FCC chairman Tom Wheeler and others have been pushing to shift telephone traffic to fiber optics and the Internet. Critics have charged that phone companies are allowing their old copper networks to decay to force customers to shift to fiber service. But some 37 million households —- many of them headed by elderly people —- remain on legacy copper, commissioner Mignon Clyburn noted at the hearing. Other holdouts live in rural areas that lack cellular and broadband service. Some prefer copper connections because they are independent of local power lines, and offer better 911 emergency service.

The FCC ruling requires that carriers notify retail customers at least three months before shutting down a copper network, and provide six-months notice to interconnecting carriers using the old lines. (Clyburn complained that that's much less time than the FCC gave before shutting down analog broadcast television, but voted for the measure anyway.) Carriers also must seek FCC approval if the telephone changeover would "discontinue, reduce or impair" service... In a separate vote, all five FCC commissioners agreed to require carriers to offer customers backup power supplies that maintain their phone service during prolonged power outages..."

You can read announcements by AT&T about copper landline retirements. CenturyLink notified the FCC last year about copper landline retirements in eight states: in Alabama, Florida, Michigan, Minnesota, Pennsylvania, Virginia, Washington, and Wisconsin.

Since the FCC set copper-retirement rules in 2015, technology adoption has climbed slightly. In January of this year, Pew Research reported that 77 percent of adults in the USA own a smartphone and 73 percent have broadband internet at home. However, while:

"... broadband adoption has increased to its highest level since the Center began tracking this topic in early 2000, not all Americans have shared in these gains. For instance, those who have not graduated from high school are nearly three times less likely than college graduates to have home broadband service (34 percent vs. 91 percent)... 12 percent of Americans say they are “smartphone dependent” when it comes to their online access – meaning they own a smartphone but lack traditional broadband service at home. The share of Americans who are smartphone dependent has increased 4 percentage points since 2013, and smartphone reliance is especially pronounced among young adults, nonwhites and those with relatively low household incomes."

While more people have smartphones and internet access at home, a sizeable number still have copper landlines. Phys.org reported in November 2016 the results of a recent survey:

"... 20 percent of the nation's households still view having a landline or fixed telephone as the most important of their telecommunications choices, according to a survey that queried consumers about their telephone and internet preferences... The study also found that for the average consumer, having mobile telephone service is about 3.5 times more important than a landline or fixed telephone service... Study findings suggest about 90 percent of American households have at least one mobile phone, 75 percent have fixed internet service, 58 percent have mobile internet service and 49 percent have fixed telephone service. Mobile telephone service was the most important service for the typical respondent, followed by fixed internet service, mobile internet service and fixed telephone service, although a portion rank fixed telephone first."

According to the 2012 United States Census, there are about 117 million households in the United States, and 2.59 persons on average per household. So, a substantial portion of the population will probably view negatively the termination of copper wire telephone services in their homes.

Verizon's copper termination notice was unnecessarily complicated, which could confuse many consumers. The portion of its notice which said "If fiber is available to your home..." was laughable. FiOS is already available in our neighborhood. Verizon notified me months ago, and I already migrated my antiquated DSL (Digital Subscriber Line) internet service on my phone line to FiOS. Verizon's landline business unit should know what its FiOS division is doing.The left hand should know what the right hand is doing.

So, Verizon's notice wasn't as customized nor as relevant as it could have been. It makes one wonder if, in its zeal to terminate its copper wire phone business, Verizon rushed the customer letters.

Readers of this blog remember the Boston City Council's hearings in 2015 about residents' requests for FiOS. In 2015, Verizon hadn't deployed FiOS even though it had been available in several suburban towns for many years. Example: a friend in Lexington has had FiOS since at least 2009. So, Verizon could have deployed FiOS far sooner, providing consumers more time to migrate their phone service without rushing.

What should consumers do? It depends upon your lifestyle. If you already have a smartphone, you may want to simply terminate your landline phone service and use your smartphone instead. If you don't have a smartphone, you can migrate your copper landline phone service to Verizon's FiOS fiber connection, to a smartphone, or to another telephone service provider. For example, many cable-TV providers, such as Comcast, provide phone service in residences.

Some consumers value security and privacy. If you perform phone-based banking or online banking with your desktop/laptop computer, then security is a concern. Since smartphones or wireless phones using home WiFi networks transmit using radio waves, you'll probably want to encrypt you wireless online banking transmissions to protect against theft by criminals or hackers. Several brands of Virtual Private Network (VPN) software and apps are available to encrypt your wireless transmissions. If you are unfamiliar with VPN software, this prior blog post contains links to online primers and tutorials.

If you received a copper termination letter from your phone company, what were your opinions of it? Did you switch to fiber landlines or to wireless?


3 Strategies To Defend GOP Health Bill: Euphemisms, False Statements and Deleted Comments

[Editor's Note: today's guest post is by the reporters as ProPublica. Affordable health care and coverage are important to many, if not most, Americans. It is reprinted with permission.]

by Charles Ornstein, ProPublica

Earlier this month, a day after the House of Representatives passed a bill to repeal and replace major parts of the Affordable Care Act, Ashleigh Morley visited her congressman's Facebook page to voice her dismay.

"Your vote yesterday was unthinkably irresponsible and does not begin to account for the thousands of constituents in your district who rely upon many of the services and provisions provided for them by the ACA," Morley wrote on the page affiliated with the campaign of Representative Peter King (Republican, New York). "You never had my vote and this confirms why."

The next day, Morley said, her comment was deleted and she was blocked from commenting on or reacting to King's posts. The same thing has happened to others critical of King's positions on health care and other matters. King has deleted negative feedback and blocked critics from his Facebook page, several of his constituents say, sharing screenshots of comments that are no longer there.

"Having my voice and opinions shut down by the person who represents me -- especially when my voice and opinion wasn't vulgar and obscene -- is frustrating, it's disheartening, and I think it points to perhaps a larger problem with our representatives and maybe their priorities," Morley said in an interview.

King's office did not respond to requests for comment.

As Republican members of Congress seek to roll back the Affordable Care Act, commonly called Obamacare, and replace it with the American Health Care Act, they have adopted various strategies to influence and cope with public opinion, which polls show mostly opposes their plan. ProPublica, with our partners at Kaiser Health News, Stat and Vox, has been fact-checking members of Congress in this debate and we've found misstatements on both sides, though more by Republicans than Democrats. The Washington Post's Fact Checker has similarly found misstatements by both sides.

Today, we're back with more examples of how legislators are interacting with constituents about repealing Obamacare, whether online or in traditional correspondence. Their more controversial tactics seem to fall into three main categories: providing incorrect information, using euphemisms for the impact of their actions, and deleting comments critical of them. (Share your correspondence with members of Congress with us.)

Incorrect Information

Representative Vicky Hartzler (Republican, Missouri) sent a note to constituents this month explaining her vote in favor of the Republican bill. First, she outlined why she believes the ACA is not sustainable -- namely, higher premiums and few choices. Then she said it was important to have a smooth transition from one system to another.

"This is why I supported the AHCA to follow through on our promise to have an immediate replacement ready to go should the ACA be repealed," she wrote. "The AHCA keeps the ACA for the next three years then phases in a new approach to give people, states, and insurance markets plenty of time to make adjustments."

Except that's not true.

"There are quite a number of changes in the AHCA that take effect within the next three years," wrote ACA expert Timothy Jost, an emeritus professor at Washington and Lee University School of Law, in an email to ProPublica.

The current law's penalties on individuals who do not purchase insurance and on employers who do not offer it would be repealed retroactively to 2016, which could remove the incentive for some employers to offer coverage to their workers. Moreover, beginning in 2018, older people could be charged premiums up to five times more than younger people -- up from three times under current law. The way in which premium tax credits would be calculated would change as well, benefiting younger people at the expense of older ones, Jost said.

"It is certainly not correct to say that everything stays the same for the next three years," he wrote.

In an email, Hartzler spokesman Casey Harper replied, "I can see how this sentence in the letter could be misconstrued. It's very important to the Congresswoman that we give clear, accurate information to her constituents. Thanks for pointing that out."

Other lawmakers have similarly shared incorrect information after voting to repeal the ACA. Representative Diane Black (Republican, Tennessee) wrote in a May 19 email to a constituent that "in 16 of our counties, there are no plans available at all. This system is crumbling before our eyes and we cannot wait another year to act."

Black was referring to the possibility that, in 16 Tennessee counties around Knoxville, there might not have been any insurance options in the ACA marketplace next year. However, 10 days earlier, before she sent her email, BlueCross BlueShield of Tennessee announced that it was willing to provide coverage in those counties and would work with the state Department of Commerce and Insurance "to set the right conditions that would allow our return."

"We stand by our statement of the facts, and Congressman Black is working hard to repeal and replace Obamacare with a system that actually works for Tennessee families and individuals," her deputy chief of staff Dean Thompson said in an email.

On the Democratic side, the Washington Post Fact Checker has called out representatives for saying the AHCA would consider rape or sexual assault as pre-existing conditions. The bill would not do that, although critics counter that any resulting mental health issues or sexually transmitted diseases could be considered existing illnesses.

Euphemisms

A number of lawmakers have posted information taken from talking points put out by the House Republican Conference that try to frame the changes in the Republican bill as kinder and gentler than most experts expect them to be.

An answer to one frequently asked question pushes back against criticism that the Republican bill would gut Medicaid, the federal-state health insurance program for the poor, and appears on the websites of Representative Garret Graves (Republican, Louisiana) and others.

"Our plan responsibly unwinds Obamacare's Medicaid expansion," the answer says. "We freeze enrollment and allow natural turnover in the Medicaid program as beneficiaries see their life circumstances change. This strategy is both fiscally responsible and fair, ensuring we don't pull the rug out on anyone while also ending the Obamacare expansion that unfairly prioritizes able-bodied working adults over the most vulnerable."

That is highly misleading, experts say.

The Affordable Care Act allowed states to expand Medicaid eligibility to anyone who earned less than 138 percent of the federal poverty level, with the federal government picking up almost the entire tab. Thirty-one states and the District of Columbia opted to do so. As a result, the program now covers more than 74 million beneficiaries, nearly 17 million more than it did at the end of 2013.

The GOP health care bill would pare that back. Beginning in 2020, it would reduce the share the federal government pays for new enrollees in the Medicaid expansion to the rate it pays for other enrollees in the state, which is considerably less. Also in 2020, the legislation would cap the spending growth rate per Medicaid beneficiary. As a result, a Congressional Budget Office review released Wednesday estimates that millions of Americans would become uninsured.

Sara Rosenbaum, a professor of health law and policy at the Milken Institute School of Public Health at George Washington University, said the GOP's characterization of its Medicaid plan is wrong on many levels. People naturally cycle on and off Medicaid, she said, often because of temporary events, not changing life circumstances -- seasonal workers, for instance, may see their wages rise in summer months before falling back.

"A terrible blow to millions of poor people is recast as an easing off of benefits that really aren't all that important, in a humane way," she said.

Moreover, the GOP bill actually would speed up the "natural turnover" in the Medicaid program, said Diane Rowland, executive vice president of the Kaiser Family Foundation, a health care think tank. Under the ACA, states were only permitted to recheck enrollees' eligibility for Medicaid once a year because cumbersome paperwork requirements have been shown to cause people to lose their coverage. The American Health Care Act would require these checks every six months -- and even give states more money to conduct them.

Rowland also took issue with the GOP talking point that the expansion "unfairly prioritizes able-bodied working adults over the most vulnerable." At a House Energy and Commerce Committee hearing earlier this year, GOP representatives maintained that the Medicaid expansion may be creating longer waits for home- and community-based programs for sick and disabled Medicaid patients needing long-term care, "putting care for some of the most vulnerable Americans at risk."

Research from the Kaiser Family Foundation, however, showed that there was no relationship between waiting lists and states that expanded Medicaid. Such waiting lists pre-dated the expansion and they were worse in states that did not expand Medicaid than in states that did.

"This is a complete misrepresentation of the facts," Rosenbaum said.

Graves' office said the information on his site came from the House Republican Conference. Emails to the conference's press office were not returned.

The GOP talking points also play up a new Patient and State Stability Fund included in the AHCA, which is intended to defray the costs of covering people with expensive health conditions. "All told, $130 billion dollars would be made available to states to finance innovative programs to address their unique patient populations," the information says. "This new stability fund ensures these programs have the necessary funding to protect patients while also giving states the ability to design insurance markets that will lower costs and increase choice."

The fund was modeled after a program in Maine, called an invisible high-risk pool, which advocates say has kept premiums in check in the state. But Senator Susan Collins (Republican, Maine) says the House bill's stability fund wasn't allocated enough money to keep premiums stable.

"In order to do the Maine model 2014 which I've heard many House people say that is what they're aiming for -- it would take $15 billion in the first year and that is not in the House bill," Collins told Politico. "There is actually $3 billion specifically designated for high-risk pools in the first year."

Deleting Comments

Morley, 28, a branded content editor who lives in Seaford, New York, said she moved into Representative King's Long Island district shortly before the 2016 election. She said she did not vote for him and, like many others across the country, said the election results galvanized her into becoming more politically active.

Earlier this year, Morley found an online conversation among King's constituents who said their critical comments were being deleted from his Facebook page. Because she doesn't agree with King's stances, she said she wanted to reserve her comment for an issue she felt strongly about.

A day after the House voted to repeal the ACA, Morley posted her thoughts. "I kind of felt that that was when I wanted to use my one comment, my one strike as it would be," she said.

By noon the next day, it had been deleted and she had been blocked.

"I even wrote in my comment that you can block me but I'm still going to call your office," Morley said in an interview.

Some negative comments about King remain on his Facebook page. But King's critics say his deletions fit a broader pattern. He has declined to hold an in-person town hall meeting this year, saying, "to me all they do is just turn into a screaming session," according to CNN. He held a telephonic town hall meeting but only answered a small fraction of the questions submitted. And he met with Liuba Grechen Shirley, the founder of a local Democratic group in his district, but only after her group held a protest in front of his office that drew around 400 people.

"He's not losing his health care," Grechen Shirley said. "It doesn't affect him. It's a death sentence for many and he doesn't even care enough to meet with his constituents."

King's deleted comments even caught the eye of Andy Slavitt, who until January was the acting administrator of the Centers for Medicare and Medicaid Services. Slavitt has been traveling the country pushing back against attempts to gut the ACA.

.@RepPeteKing, are you silencing your constituents who send you questions? Assume ppl in district will respond if this is happening.

-- Andy Slavitt (@ASlavitt) May 12, 2017

Since the election, other activists across the country who oppose the president's agenda have posted online that they have been blocked from following their elected officials on Twitter or commenting on their Facebook pages because of critical statements they've made about the AHCA and other issues.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Coming Soon: A New HD Video Standard For TV. Will Over-The-Air Broadcasts Remain Free?

Federal communications Commission logo Soon, consumers will hear about improvements in over-the-air broadcast television. Free, broadcast television has been around since forever, and High Definition (HD) broadcast signals have been around since 2009. Many consumers have chosen free, over-the-air broadcast television to avoid expensive monthly cable-TV bills.

Consumer Reports explained:

"Technically called ATSC 3.0, the new broadcast standard is—thankfully—being more generally billed as "Next-Gen Broadcast TV." There are a few big differences between our current ATSC 1.0 broadcasts and the new ones we'll receive as part of ATSC 3.0. A key one is that the new standard is IP (internet protocol)-based, which means it can carry internet content alongside traditional TV broadcasts. The broadcasts can also include 4K video and high dynamic range (HDR) content—the two biggest selling points in TVs right now."

And, consumers will be able to receive the new HD broadcast signals on their smart phones. Reportedly, the coming ATSC 3.0 standard will use a more efficient video format, called HEVC or H.265, which streaming services already use.

Last year, WRAL-TV in Raleigh, North Carolina began to broadcast using the new standard with a documentary, "Take Me Out To the Bulls' Game." The U.S. Federal Communications Commission (FCC) announced in February a Notice of Proposed Rulemaking (NPRM) which sought comments from the public about the new HD broadcast standard. That FCC announcement stated, in part:

"ATSC 3.0 has the potential to greatly improve broadcast signal reception on mobile devices and television receivers without outdoor antennas.  It is also intended to enable broadcasters to offer enhanced and innovative new features to consumers, including Ultra High Definition picture and immersive audio, more localized programming content, an advanced emergency alert system capable of waking up sleeping devices to warn consumers of imminent emergencies, improved accessibility options, and interactive services.

A coalition of broadcast and consumer electronics industry representatives petitioned the Commission to allow the use of the new standard. The upgraded technology is intended to merge the capabilities of over-the-air broadcasting with the broadband viewing and information delivery methods of the Internet using the same 6 MHz channels presently allocated for digital television (DTV)."

Like most things in life, details matter. Consumer Reports warned:

"... Jonathan Schwantes, senior policy counsel at Consumers Union, the policy and mobilization arm of Consumer Reports, says that some consumers could lose the ability to get some ATSC 1.0 signals if the host station is located farther away than their current broadcaster.

"Our position is that next-gen TV can and will be beneficial to consumers if implemented by the FCC in a measured and conscientious manner," he says. That could include making sure the current coverage areas are preserved as much as possible, not allowing broadcasters to downgrade the quality of ATSC 1.0 broadcasts from high to standard definition, and providing consumers with education on issues such as the timing of the transition and what new equipment they may need."

So, some broadcasters might choose to cut corners while migrating to the new standard: reduce their existing HD over-the-air signal strength, degrade their existing HD signal quality, or both. Not good.

And, there's more bad news for consumers. The new HD broadcast standard may cost more. You're probably wondering how, since over-the-air broadcasts have been free since television was introduced. Consumer Reports explained:

"... broadcasters could encrypt at least part of their programming, and require users to create an account and pay for access to certain features. No details are available on how this would work from the consumer's point of view. Consumers Union and other groups say they will insist that consumers continue to have access to free over-the air high-definition TV reception."

The new HD broadcast standard should not include hidden costs or new fees for consumers. For many consumers, new televisions are expensive and out of reach. Many consumers have chosen to "cut the cord" to save money. For these consumers, free over-the-air broadcast television is vital.

Nor should broadcasters be able to cut corners and force consumers to the new HD standard by degrading their existing HD signal strength and/or quality. The new HD broadcast standard should be voluntary for consumers. Nor should consumers be forced to submit to broadcasters their personal, contact, and payment information. One of the benefits of over-the-air broadcasts is privacy.

The next-gen TV standard offers benefits to both consumers and broadcasters. The FCC must balance the needs of both, and not serve only one group. The industry uses the term "Multi-channel Video Programming Distributors" (MVPD) to describe companies that provide video content. These MVPD companies include video producers and distributors: legacy cable-TV providers, TV networks, and others that provide programming via cable, the Internet, and over-the-air broadcasts.

Some MVPDs do both: produce and distribute video content. These MVPDs have a financial bias to force consumers from free over-the-air broadcasts to their proprietary, higher cost distribution networks (e.g., cable, internet). Consumers must have the freedom to choose how they consumer video content, and not have a distribution network forced upon them via bundling, "retransmission consent system," or other MVPD tactics.

What are retransmission consent systems? This 16-142 filing by Consumer's Union, Public Knowledge, and New America's Open Technology Institute explained (Adobe PDF):

"It is increasingly axiomatic that, when MVPDs and broadcast groups engage in retransmission consent negotiations, consumers end up suffering, or footing the bill, or both. Increased broadcast retransmission consent fees are passed on to consumers by MVPDs who have little choice but to accept most broadcaster demands or face crippling blackouts.... Large MVPDs, and those which also own broadcast interests, also use the retransmission consent process to extract favorable terms, potentially limiting the growth or viability of competitive video services. Comcast, for example, is rumored to have fleshed out its fledgling over-the-top (OTT) service by exercising most-favored-nation clauses in many of its carriage contracts. Comcast can only demand such favorable contract terms due to its dominant position in the video delivery marketplace, and once again, consumers are left holding the bag..."

So, the FCC must not make things worse for consumers by allowing the new HD broadcast standard to reduce competition and raise prices. Higher prices may be good for MVPDs (and their stockholders) but not for consumers.

If you want to submit a comment or read comments already submitted about the new HD broadcast standard, search for the 16-142 Filing within the FCC's Electronic Filing & Comment System (ECFS). At press time, only 167 persons, companies, and entities had submitted filings and comments (compared to 2,869,632 comments via ECFS about Net Neutrality). Not good.

What are your opinions about the new HD video broadcast standard?


Attorneys General In Several States Announce Settlement Agreements With Target

Target Bullseye logo The Office of the Attorney General (AG) for the Commonwealth of Massachusetts announced on Wednesday that the state will receive $625,000 as part of the settlement agreement with Target Corporation. The settlement agreement, which includes 47 states plus the District of Colombia, resolves claims by states about the retailer's massive data breach in 2013.

Card issuers had also sued the retailer. Target settled with Visa in August, 2015 to resolve claims in which 110 million consumers' records were stolen, including 40 million credit- and debit-card numbers. Also, debit card PIN numbers were stolen.

The announcement by Massachusetts AG Maura Healey explained:

"The investigation found that the stolen credentials were used to exploit weaknesses in Target’s system, which allowed the attackers to access a customer service database, install malware on the system and then capture data from credit or debit card transactions at Target stores (including stores in Massachusetts) from Nov. 27, 2013 to Dec. 15, 2013. The stolen data included consumers’ full names, telephone numbers, email addresses, mailing addresses, payment card numbers, expiration dates, security codes, and encrypted debit PINs... The breach affected more than 41 million customer payment card accounts and contact information for more than 60 million customers nationwide. In Massachusetts, the breach compromised information from approximately 947,000 customer payment card accounts and other personally-identifying information of about 1.5 million Massachusetts residents."

Terms of the settlement require Target:

"... to develop, implement and maintain a comprehensive information security program and to employ an executive or officer who is responsible for executing the plan. The company is required to hire an independent, qualified third-party to conduct a comprehensive security assessment... to maintain and support software on its network; to maintain appropriate encryption policies, particularly as pertains to cardholder and personal information data; to segment its cardholder data environment from the rest of its computer network; and to undertake steps to control access to its network, including implementing password rotation policies and two-factor authentication for certain accounts."

California will receive $1.4 million from the settlement. New York AG Eric T. Schneiderman said about the settlement agreement:

"New Yorkers need to know that when they shop, their data will be protected... This settlement marks an important win for New Yorkers – bringing over $635,000 into the state, in addition to the free credit monitoring services for those impacted by the data breach, and key security improvements to help protect Target consumers moving forward."

Yes, indeed. Shoppers everywhere need to know their data will be protected.

Besides Massachusetts, New York and California, the other states participating in this settlement include Alaska, Arizona, Arkansas, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, and the District of Columbia.

AL.com reported:

"Alabama won't be cashing in on the largest multi-state data breach settlement in history, however. The reason, according to the Alabama Attorney General's Office, is the absence of a state law that requires entities to notify customers whose information could have been exposed in a breach and then take steps to remediate any injuries.

"Alabama is one of the few states in the nation that is not a party to the recent Target settlement because our state does not have data breach notification law," said Mike Lewis, Communications Director for the Office of the Alabama Attorney General."

Connecticut and Illinois led the states' investigation. The participating states have not yet announced how the settlement money will be distributed.

[Editor's Note: a prior version of this blog post did not include the report by AL.com.]


Hacking Group Reported Security Issues With Samsung 8 Phone's Iris Recognition

Image of Samsung Galaxy S8 phones. Click to view larger version The Computer Chaos Club (CCC), a German hacking group founded in 1981, posted the following report on Monday:

"The iris recognition system of the new Samsung Galaxy S8 was successfully defeated by hackers... The Samsung Galaxy S8 is the first flagship smartphone with iris recognition. The manufacturer of the biometric solution is the company Princeton Identity Inc. The system promises secure individual user authentication by using the unique pattern of the human iris.

A new test conducted by CCC hackers shows that this promise cannot be kept: With a simple to make dummy-eye the phone can be fooled into believing that it sees the eye of the legitimate owner. A video shows the simplicity of the method."

The Samsung Galaxy S8 runs the Android operating system, claims a talk time of up to 30 hours, has a screen optimized for virtual reality (VR) apps, and features Bixby, an "... intelligent interface that is built into the Galaxy S8. With every interaction, Bixby can learn, evolve and adapt to you. Whether it's through touch, type or voice, Bixby will seamlessly help you get things done. (Voice coming soon)"

The CCC report also explained:

"Iris recognition may be barely sufficient to protect a phone against complete strangers unlocking it. But whoever has a photo of the legitimate owner can trivially unlock the phone. "If you value the data on your phone – and possibly want to even use it for payment – using the traditional PIN-protection is a safer approach than using body features for authentication," says Dirk Engling, spokesperson for the CCC."

Phys.org reported that Samsung executives are investigating the CCC report. Samsung views the Galaxy S8 as critical to the company's performance given the Note 7 battery issues and fires last year.

Some consumers might conclude from the CCC report that the best defense against against iris hacks would be to stop posting selfies. This would be wrong to conclude, and an insufficient defense:

"The easiest way for a thief to capture iris pictures is with a digital camera in night-shot mode or the infrared filter removed... Starbug was able to demonstrate that a good digital camera with 200mm-lens at a distance of up to five meters is sufficient to capture suitably good pictures to fool iris recognition systems."

So, more photos besides selfies could reveal your iris details. The CCC report also reminded consumers of the security issues with using fingerprints to protect their devices:

"CCC member and biometrics security researcher starbug has demonstrated time and again how easily biometrics can be defeated with his hacks on fingerprint authentication systems – most recently with his successful defeat of the fingerprint sensor "Touch ID" on Apple’s iPhone. "The security risk to the user from iris recognition is even bigger than with fingerprints as we expose our irises a lot. Under some circumstances, a high-resolution picture from the internet is sufficient to capture an iris," Dirk Engling remarked."

What are your opinions of the CCC report?


The Guardian Site Reviews Documents Used By Facebook Executives To Moderate Content

Facebook logo The Guardian news site in the United Kingdom (UK) published the findings of its review of "The Facebook Files" -- a collection of documents which comprise the rules used by executives at the social site to moderate (e.g., review, approve, and delete) content posted by the site's members. Reporters at The Guardian reviewed:

"... more than 100 internal training manuals, spreadsheets and flowcharts that give unprecedented insight into the blueprints Facebook has used to moderate issues such as violence, hate speech, terrorism, pornography, racism and self-harm. There are even guidelines on match-fixing and cannibalism.

The Facebook Files give the first view of the codes and rules formulated by the site, which is under huge political pressure in Europe and the US. They illustrate difficulties faced by executives scrabbling to react to new challenges such as “revenge porn” – and the challenges for moderators, who say they are overwhelmed by the volume of work, which means they often have “just 10 seconds” to make a decision..."

The Guardian summarized what it learned about Facebook's revenge porn rules for moderators:

Revenge porn content rules found by The Guardian's review of Facebook documents

Reportedly, Facebook moderators reviewed as many as 54,000 cases in a single month related to revenge porn and "sextortion." In January of 2017, the site disabled 14,000 accounts due to this form of sexual violence. Previously, these rules were not available publicly. Findings about other rules are available at The Guardian site.

Other key findings found by The Guardian during its document review:

"One document says Facebook reviews more than 6.5m reports a week relating to potentially fake accounts – known as FNRP (fake, not real person)... Many moderators are said to have concerns about the inconsistency and peculiar nature of some of the policies. Those on sexual content, for example, are said to be the most complex and confusing... Anyone with more than 100,000 followers on a social media platform is designated as a public figure – which denies them the full protections given to private individuals..."

The social site struggles with how to handle violent language:

"Facebook’s leaked policies on subjects including violent death, images of non-sexual physical child abuse and animal cruelty show how the site tries to navigate a minefield... In one of the leaked documents, Facebook acknowledges “people use violent language to express frustration online” and feel “safe to do so” on the site. It says: “They feel that the issue won’t come back to them and they feel indifferent towards the person they are making the threats about because of the lack of empathy created by communication via devices as opposed to face to face..."

Some industry watchers in Europe doubt that Facebook can do what it has set out to accomplish, lacks sufficient staff to effectively moderate content posted by almost 2 billion users, and Facebook management should be more transparent about its content moderation rules. Others believe that Facebook and other social sites should be heavily fined "for failing to remove extremist and hate-crime material."

To learn more, The Guardian site includes at least nine articles about its review of The Facebook Files:

Collection of articles by The Guardian which review Facebook's content policies. Click to view larger version


FCC Voted Yesterday To Start To Overturn Net Neutrality Rules

Federal communications Commission logo Yesterday, the Federal Communications Commission (FCC) voted to kill net neutrality rules it enacted a couple years ago. The FCC announcement:

"The Federal Communications Commission today took the first step toward restoring Internet freedom and promoting infrastructure investment, innovation, and choice by proposing to end utility-style regulation of broadband Internet access service. In a Notice of Proposed Rulemaking, the FCC proposes to return to the bipartisan framework that preserved a flourishing free and open Internet for almost 20 years.  First, the Notice proposes to reverse the FCC’s 2015 decision to impose heavy-handed Title II utility-style government regulation on Internet service providers (ISPs) and return to the longstanding, successful light-touch framework under Title I of the Communications Act.

Second, the Notice proposes to return to the Commission’s original classification of mobile broadband Internet access service as a private mobile service.  Given the historical innovation and success of the wireless marketplace prior to the Title II Order, this proposal is expected to substantially benefit consumers and the marketplace.

Third, the Notice proposes to eliminate the catch-all Internet conduct standard created by the Title II Order.  Because the Internet conduct standard is extremely vague and expansive, ISPs must guess at what they are permitted to do.  Eliminating the Internet conduct standard is therefore expected to promote innovation and network investment by eliminating regulatory uncertainty."

The vote happened on the scheduled date, despite the unavailability for several hours Sunday morning, May 7, of the FCC website for public comments. The FCC said its site crashed due to a DDoS attack. Before the vote, more than 2 million persons and organizations submitted feedback to the FCC.

The vote was expected since Republicans dominate the three-member committee. FCC Chairman Pai and Commissioner Michael O'Rielly, voted for the change. Commissioner Mignon Clyburn, the only Democrat on the three-member committee, voted against it. In January of this year, President Donald Trump appointed Ajit Pai, a former lawyer with Verizon, as the FCC Chairman.

In a statement about the vote, FCC Chairman Ajit Pai repeated prior claims about "heavy-handed" regulation, an internet that wasn't broken, and decreased infrastructure investment by internet service providers (ISPs). All of these claims were discussed and debunked previously after Chairman Pai's speech in April.

C/Net reported:

"Eliminating the Open Internet Order takes away the internet's level playing field and would allow a select few corporations to choose winners and losers, preventing consumers from accessing the content that they want, when they want it," said Jonathan Schwantes, senior policy counsel for Consumers Union. Democratic Senator Al Franken of Minnesota called it "a major step toward destroying the internet as we know it."

CNN reported:

"More than 1,000 startups and investors have now signed an open letter to Pai opposing the proposal. The Internet Association, a trade group representing bigger companies like Facebook, Google, and Amazon, has also condemned the plan. "The current FCC rules are working for consumers and the protections need to be kept in tact," Michael Beckerman, president and CEO of the Internet Association, said at a press conference Wednesday."

USA Today reported:

"Congress could eventually have a say on the issue. At about the same time the FCC was considering the issue, Sen. John Thune, R-S.D., called for Congress to pass legislation "to protect the internet." Thune, who is the chairman of the Senate Commerce Committee, urged colleagues "to begin bipartisan work on such legislation without any further delay. Innovation and job creation should no longer take a backseat to partisan point-scoring," he said..."

After re-reading the FCC announcement several times, I noticed that it failed to mention nor summarize the feedback received from the public. This makes one wonder if Chairman Pai and the committee took the time to review the comments submitted. During the last thirty (3) days, the public submitted 2,174,196 filings and comments. (See image below.) The feedback included a mix of comments for and against the latest changes.

Did Chairman Pai and the committee read this feedback, or were their minds already made up? And if so, did they simply ignore more than 2 million comments? Fortunately, the public can continue to submit feedback about Proceeding 17-108 until August for the subsequent final FCC vote.

Image of most active items in the FCC Electronic Comment Filing System as of May 19, 2017. Click to view larger version


Any Half-Decent Hacker Could Break Into Mar-a-Lago

[Editor's Note: Today's guest blog post is by the reporters at ProPublica. The article explores the security issues about key locations the President visits repeatedly and does business at. It was originally published yesterday, and is reprinted with permission.]

by Jeff Larson and Julia Angwin, ProPublica; and by Surya Mattu, Gizmodo

Two weeks ago, on a sparkling spring morning, we went trawling along Florida's coastal waterway. But not for fish.

We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained.

A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation.

We have also visited two of President Donald Trump's other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.

The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises.

"Those networks all have to be crawling with foreign intruders, not just ProPublica," said Dave Aitel, chief executive officer of Immunity, Inc., a digital security company, when we told him what we found.

Security lapses are not uncommon in the hospitality industry, which -- like most industries and government agencies -- is under increasing attack from hackers. But they are more worrisome in places where the president of the United States, heads of state and public officials regularly visit.

U.S. leaders can ill afford such vulnerabilities. As both the U.S. and French presidential campaigns showed, hackers increasingly exploit weaknesses in internet security systems in an effort to influence elections and policy. Last week, cyberattacks using software stolen from the National Security Agency paralyzed operations in at least a dozen countries, from Britain's National Health Service to Russia's Interior Ministry.

Since the election, Trump has hosted Chinese President Xi Jinping, Japanese Prime Minister Shinzo Abe and British politician Nigel Farage at his properties. The cybersecurity issues we discovered could have allowed those diplomatic discussions -- and other sensitive conversations at the properties -- to be monitored by hackers.

The Trump Organization follows "cybersecurity best practices," said spokeswoman Amanda Miller. "Like virtually every other company these days, we are routinely targeted by cyberterrorists whose only focus is to inflict harm on great American businesses. While we will not comment on specific security measures, we are confident in the steps we have taken to protect our business and safeguard our information. Our teams work diligently to deploy best-in-class firewall and anti-vulnerability platforms with constant 24/7 monitoring."

The White House did not respond to repeated requests for comment.

Trump properties have been hacked before. Last year, the Trump hotel chain paid $50,000 to settle charges brought by the New York attorney general that it had not properly disclosed the loss of more than 70,000 credit card numbers and 302 Social Security numbers. Prosecutors alleged that hotel credit card systems were "the target of a cyber-attack" due to poor security. The company agreed to beef up its security; it's not clear if the vulnerabilities we found violate that agreement. A spokesman for the New York attorney general declined comment.

Our experience also indicates that it's easy to gain physical access to Trump properties, at least when the president is not there. As Politico has previously reported, Trump hotels and clubs are poorly guarded. We drove a car past the front of Mar-a-Lago and parked a boat near its lawn. We drove through the grounds of the Bedminster golf course and into the parking lot of the golf course in Sterling, Virginia. No one questioned us.

Both President Obama and President Bush often vacationed at the more traditional presidential retreat, the military-run Camp David. The computers and networks there and at the White House are run by the Defense Information Systems Agency.

In 2016, the military spent $64 million on maintaining the networks at the White House and Camp David, and more than $2 million on "defense solutions, personnel, techniques, and best practices to defend, detect, and mitigate cyber-based threats" from hacking those networks.

Even after spending millions of dollars on security, the White House admitted in 2015 that it was hacked by Russians. After the hack, the White House replaced all its computer systems, according to a person familiar with the matter. All staffers who work at the White House are told that "there are people who are actively watching what you are doing," said Mikey Dickerson, who ran the U.S. Digital Service in the Obama administration.

By comparison, Mar-a-Lago budgeted $442,931 for security in 2016 -- slightly more than double the $200,000 initiation fee for one new member. The Trump Organization declined to say how much Mar-a-Lago spends specifically on digital security. The club, last reported to have almost 500 members paying annual dues of $14,000 apiece, allotted $1,703,163 for all administration last year, according to documents filed in a lawsuit Trump brought against Palm Beach County in an effort to halt commercial flights from flying over Mar-a-Lago. The lawsuit was dropped, but the FAA now restricts flights over the club when the president is there.

It is not clear whether Trump connects to the insecure networks while at his family's properties. When he travels, the president is provided with portable secure communications equipment. Trump tracked the military strike on a Syrian air base last month from a closed-door situation room at Mar-a-Lago with secure video equipment.

However, Trump has held sensitive meetings in public spaces at his properties. Most famously, in February, he and the Japanese prime minister discussed a North Korean missile test on the Mar-a-Lago patio. Over the course of that weekend in February, the president's Twitter account posted 21 tweets from an Android phone. An analysis by an Android-focused website showed that Trump had used the same make of phone since 2015. That phone is an older model that isn't approved by the NSA for classified use.

Photos of Trump and Abe taken by diners on that occasion prompted four Democratic senators to ask the Government Accountability Office to investigate whether electronic communications were secure at Mar-a-Lago.

In March, the GAO agreed to open an investigation. Chuck Young, a spokesman for the office, said in an interview that the work was in "the early stages," and did not offer an estimate for when the report would be completed.

So, we decided to test the cybersecurity of Trump's favorite hangouts ourselves.

Our first stop was Mar-a-Lago, a Trump country club in Palm Beach, Florida, where the president has spent most weekends since taking office. Driving past the club, we picked up the signal for a Wi-Fi-enabled combination printer and scanner that has been accessible since at least February 2016, according to a public Wi-Fi database.

An open printer may sound innocuous, but it can be used by hackers for everything from capturing all the documents sent to the device to trying to infiltrate the entire network.

To prevent such attacks, the Defense Information Systems Agency, which secures the White House and other military networks, forbids installing printers that anyone can connect to from outside networks. It also warns against using printers that do more than printing, such as faxing. "If an attacker gains network access to one of these devices, a wide range of exploits may be possible," the agency warns in its security guide.

We also were able to detect a misconfigured and unencrypted router, which could potentially provide a gateway for hackers.

To get a better line of sight, we rented a boat and piloted it to within sight of the club. There, we picked up signals from the club's wireless networks, three of which were protected with a weak and outmoded form of encryption known as WEP. In 2005, an FBI agent publicly broke this type of encryption in minutes.

By comparison, the military limits the signal strength of networks at places such as Camp David and the White House so that they are not reachable from a car driving by. It also requires wireless networks to use the strongest available form of encryption.

From our desks in New York, we were also able to determine that the club's website hosts a database with an insecure login page that is not protected by standard internet encryption. Login forms like this are considered a severe security risk, according to the Defense Information Systems Agency.

Without encryption, spies could eavesdrop on the network until a club employee logs in, and then steal his or her username and password. They then could download a database that appears to include sensitive information on the club's members and their families, according to videos posted by the club's software provider.

This is "bad, very bad," said Jeremiah Grossman, chief of Security Strategy for cybersecurity firm SentinelOne, when we described Mar-a-Lago's systems. "I'd assume the data is already stolen and systems compromised."

A few days later, we took our equipment to another Trump club in Bedminster, New Jersey. During the transition, Trump had interviewed candidates for top administration positions there, including James Mattis, now secretary of defense.

We drove on a dirt access road through the middle of the golf course and spotted two open Wi-Fi networks, TrumpMembers and WelcomeToTrumpNationalGolfClub, that did not require a password to join.

Such open networks allow anyone within range to scoop up all unencrypted internet activity taking place there, which could, on insecure sites, include usernames, passwords and emails.

Robert Graham, an Atlanta, Georgia, cybersecurity expert, said that hackers could use the open Wi-Fi to remotely turn on the microphones and cameras of devices connected to the network. "What you're describing is typical hotel security," he said, but "it's pretty concerning" that an attacker could listen to sensitive national security conversations.

Two days after we visited the Bedminster club, Trump arrived for a weekend stay.

Then we visited the Trump International Hotel in Washington, D.C., where Trump often dines with his son-in-law and senior adviser Jared Kushner, whose responsibilities range from Middle East diplomacy to revamping the federal bureaucracy. We surveyed the networks from a Starbucks in the hotel basement.

From there, we could tell there were two Wi-Fi networks at the hotel protected with what's known as a captive portal. These login screens are often used at airports and hotels to ensure that only paying customers can access the network.

However, we gained access to both networks just by typing "457" into the room number field. Because we provided a room number, the system assumed we were guests. We looked up the hotel's public IP address before logging off.

From our desks in New York, we could also tell that the hotel is using a server that is accessible from the public internet. This server is running software that was released almost 13 years ago.

Finally, we visited the Trump National Golf Club in Sterling, Virginia, where the president sometimes plays golf. From the parking lot, we recognized three encrypted wireless networks, an encrypted wireless phone and two printers with open Wi-Fi access.

The Trump club websites are hosted by an Ohio-based company called Clubessential. It offers everything from back-office management and member communications to tee time and room reservations.

In a 2014 presentation, a company sales director warned that the club industry as a whole is "too lax" in managing and protecting passwords. There has been a "rising number of attacks on club websites over the last two years," according to the presentation. Clubessential "performed [an] audit of security in the club industry" and "found thousands of sensitive documents from clubs exposed on [the] Internet," such as "lists of members and staff, and their contact info; board minutes, financial statements, etc."

Still, the club software company has set up a backend server accessible on the internet, and configured its encryption incorrectly. Anyone who reaches the login page is greeted with a warning that the encryption is broken. In its documentation, the company advises club administrators to ignore these warnings and log in regardless. That means that anybody snooping on the unprotected connection could intercept the administrators' passwords and gain access to the entire system.

The company also publishes online, without a password, many of the default settings and usernames for its software 2014 essentially providing a roadmap for intruders.

Clubessential declined comment.

Aitel, the CEO of Immunity, said the problems at Trump properties would be difficult to fix: "Once you are at a low level of security it is hard to develop a secure network system. You basically have to start over."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


60 Minutes Re-Broadcast Its 2014 Interview With FBI Director Comey

60 Minutes logo Last night, the 60 Minutes television show re-broadcast its 2014 interview with former Federal Bureau of Investigation (FBI) Director James Comey. The interview is important for several reasons.

Politically liberal people have criticized Comey for mentioning to Congress just before the 2016 election the FBI investigation of former Secretary of State Hilary Clinton's private e-mail server. Many believe that Comey's comments helped candidate Donald Trump win the Presidential election. Politically conservative people criticized Comey for not recommending prosecution of former Secretary Clinton.

The interview is a reminder of history and that reality is often far more nuanced and complicated. Back in 2004, when the George W. Bush administration sought a re-authorization of warrant-less e-mail/phone searches, 60 Minutes explained:

"At the time, Comey was in charge at the Justice Department because Attorney General John Ashcroft was in intensive care with near fatal pancreatitis. When Comey refused to sign off, the president's Chief of Staff Andy Card headed to the hospital to get Ashcroft's OK."

In the 2014 interview, Comey described his concerns in 2004 about key events:

"... [the government] cannot read your emails or listen to your calls without going to a federal judge, making a showing of probable cause that you are a terrorist, an agent of a foreign power, or a serious criminal of some sort, and get permission for a limited period of time to intercept those communications. It is an extremely burdensome process. And I like it that way... I was the deputy attorney general of the United States. We were not going to authorize, reauthorize or participate in activities that did not have a lawful basis."

During the interview in 2014 by 60 Minutes, then FBI Director Comey warned all Americans:

"I believe that Americans should be deeply skeptical of government power. You cannot trust people in power. The founders knew that. That's why they divided power among three branches, to set interest against interest... The promise I've tried to honor my entire career, that the rule of law and the design of the founders, right, the oversight of courts and the oversight of Congress will be at the heart of what the FBI does. The way you'd want it to be..."

The interview highlighted the letter Comey kept on his desk as a cautionary reminder of the excesses of government. That letter was about former FBI Director Herbert Hoover's investigations and excessive surveillance of the late Dr. Martin Luther King, Jr. Is Comey the bad guy that people on both sides of the political spectrum claim? Yes, history is far more complicated and nuanced.

So, history is complex and nuanced... far more than a simplistic, self-serving tweet:

Many have paid close attention for years. After the Snowden disclosures in 2013 about broad, warrantless searches and data collection programs by government intelligence agencies, in 2014 Comey urged all USA citizens to participate in a national discussion about the balance between privacy and surveillance.

You can read the full transcript of the 60 Minutes interview in 2014, watch this preview on Youtube, or watch last night's re-broadcast by 60 Minutes of the 2014 interview.


FCC Says Denial-Of-Service Attacks Caused Its Site To Crash Sunday Morning

Federal communications Commission logo Last weekend, the U.S. Federal Communications Commission (FCC) website crashed during a key period when the public relied upon it to submit feedback about proposed changes to net neutrality rules. Dr. David Bray, the FCC Chief Information Officer, released a statement on Monday that the crash was due to a distributed denial-of-service (DDoS) attack:

"Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC. While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments. We have worked with our commercial partners to address this situation and will continue to monitor developments going forward."

The FCC’s , Electronic Comment Filing System (ECFS) is the site the public users to submit and review feedback about proposed changes. Bray's statement did not identify the "bad actors" responsible for the DDoS attack, did not state the countries or locations of the illegitimate site traffic, nor offer much in the way of any substantial details.

A DDoS attack is when hundreds or thousands of internet-connected devices, often coordinated by malware and/or criminals, overwhelm a targeted website by trying to access it simultaneously. This type of attack prevents legitimate users from accessing the targeted site to perform desired tasks (view/buy products, register for services, view videos, get help, contact representatives, etc.). This can easily disable the targeted website for hours, days, or weeks. It can also disrupt businesses, and cause financial losses.

This blog and its hosting service experienced a DDoS attack in 2014 when offshore advertisers retaliated after the hosting service implemented stronger measures to block illegitimate traffic. An October, 2016 DDoS attack against Dyn, a major DNS provider, interrupted many popular websites and services including Spotify, Reddit, and Twitter. Some DDoS attacks are about politics or censorship. A September, 2016 DDoS attack disabled the Krebs On Security blog.

Generally, security experts are concerned about botnets, collections of internet-connected devices used to perform DDoS attacks. These devices can include home WiFi routers, security cameras, and unprotected computers infected with malware. Often, home devices are used without consumers' knowledge nor consent.

Others were skeptical of the FCC's explanation. Some people attributed the crash to John Oliver, the host of the "This Week Tonight" show on HBO. In 2014, the show's viewers crashed the FCC site trying to submit feedback about net neutrality. Oliver published a similar video this past weekend in support of net neutrality.

Broadcasting & Cable reported:

"Fight for the Future is calling on the FCC to release logs on the attack to an independent third party—a security researcher or media outlet—to independently verify the attack. "The agency has a responsibility to maintain a functioning website to receive large numbers of comments and feedback from the public," said Evan Greer campaign director for Fight for the Future. "They can't blame DDoS attacks without proof, they need to fix this problem and ensure that comments on this important issue are not lost."

MediaPost reported that at least two U.S. Senators have demanded answers:

"Senators Ron Wyden (D-Oregon) and Brain Schatz (D-Hawaii) are also seeking answers from the FCC. "As you know, it is critical to the rulemaking and regulatory process that the public be able to take part without unnecessary technical or administrative burdens," the lawmakers write. "Any potentially hostile cyber activities that prevent Americans from being able to participate in a fair and transparent process must be treated as a serious issue."

They are asking the FCC to provide details about any malicious traffic, including how many devices sent malicious traffic to the agency. The lawmakers also have asked the FCC whether it requested investigatory assistance from other federal agencies, and whether it uses any commercial protection services."

A reasonable demand for the FCC to provide proof. If the DDoS attack was a new form of 21st-centry censorship to stop concerned citizens (e.g., voters) from submitting feedback in support of net neutrality, then we all need to know. And, we need to know what the FCC is doing to protect its systems.


America's Other Drug Problem

[Editor's Note: today's guest blog post, by reporters at ProPublica, explores the waste problem in the health care industry, and the accompanying pollution. It is reprinted with permission.]

by Marshall Allen, ProPublica

Every week in Des Moines, Iowa, the employees of a small nonprofit collect bins of unexpired prescription drugs tossed out by nursing homes after residents died, moved out or no longer needed them. The drugs are given to patients who couldn't otherwise afford them.

But travel 1,000 miles east to Long Island, New York, and you'll find nursing homes flushing similar leftover drugs down the toilet, alarming state environmental regulators worried they'll further contaminate the water supply.

In Baltimore, Maryland, a massive incinerator burns up tons of the drugs each year -- for a fee -- from nursing homes across the Eastern seaboard.

If you want to know why the nation's health care costs are among the highest in the world, a good place to start is with what we throw away. Across the country, nursing homes routinely toss large quantities of perfectly good prescription medication: tablets for diabetes, syringes of blood thinners, pricey pills for psychosis and seizures.

At a time when anger over soaring drug costs has perhaps never been more intense, redistributing discarded drugs seems like a no-brainer. Yet it's estimated that American taxpayers, through Medicare, spend hundreds of millions of dollars each year on drugs for nursing home patients -- much of which literally go down the tubes.

"It would not surprise me if as much as 20 percent of the medications we receive we end up having to destroy," said Mark Coggins, who oversees the pharmacy services for Diversicare, a chain of more than 70 nursing homes in 10 states. "It's very discouraging throwing away all those drugs when you know it can benefit somebody."

No one tracks this waste nationwide, but estimates show it's substantial. Colorado officials have said the state's 220 long-term care facilities throw away a whopping 17.5 tons of potentially reusable drugs every year, with a price tag of about $10 million. The Environmental Protection Agency estimated in 2015 that about 740 tons of drugs are wasted by nursing homes each year.

This is, of course, part of a bigger problem. The National Academy of Medicine estimated in 2012 that the United States squanders more than a quarter of what it spends on health care 2014 about $765 billion a year.

ProPublica is investigating the types of waste in health care that academics and politicians typically overlook. Our first installment examined the tens of millions worth of equipment and brand new supplies that hospitals jettison.

Today we look at the wasteful, and potentially harmful, ways nursing homes dispose of leftover meds -- and how some states, like Iowa, have found a solution.

On a recent Wednesday in Des Moines, Ami Bradwell, a certified pharmacy technician, popped open the lids of several 31-gallon bins full of prescription drugs. In each were hundreds of what are known as "bingo cards" filled with rows of pills in sealed bubbles.

"Metformin -- for diabetics," Bradwell said, holding up a card of large white pills. "It's not crazy expensive, but it's in high demand."

She held up an entire box of the anti-nausea drug Ondansetron. It goes for about $5 a pill, according to the website drugs.com. "Expensive."

Another card had three large pills stuffed in each chamber, a find Bradwell called "a 'jackpot' card. You can't live without it because it's a seizure medication."

Image from SafeNetRx Drug Donation Repository Bradwell works for the nonprofit SafeNetRx. Each week the group takes in dozens of bins full of such drugs, as well as boxes mailed in from across Iowa and several other states -- pharmaceutical trash that exists because, for convenience and cost, long-term care pharmacies often dispense nursing home patients' medications in bulk, a month's worth at a time.

Should a patient die, leave or stop taking the drug, what's left is typically tossed. The drugs have already been paid for, by Medicare in most cases, so there's little incentive to try to recycle them. In some states, such reuse is against the law.

Some of the cards Bradwell examined that day were missing only a few pills. One card had been thrown out even though it only lacked one of its 31 doses of oxybutynin, which reduces muscle spasms of the bladder. The remaining 30 are worth more than $13.

"There are literally millions of dollars of prescription medications thrown away every day in this country," said John Forbes, an Iowa pharmacist who dispenses SafeNetRx's recovered drugs to his low-income patients.

Although most states technically allow some leftover drugs to be recycled, Iowa is one of the few rescuing a significant percentage of the drugs from destruction. The state funds the program for about $600,000 a year, said SafeNetRx CEO Jon Rosmann, who calls it a "common sense" solution. In fiscal 2016 the program recovered and distributed drugs valued at about $3.4 million. This year it's on pace to top $5 million.

Forbes, who is also an Iowa state representative, said there are additional savings when low-income patients have access to the drugs they need. Patients who don't take their drugs "end up in the emergency room," he said, "which will wind up costing our health care system way more money."

At SafeNetRx, the drugs are sorted and organized in a 1,500-square-foot room lined with shelves stacked with bins of drugs. In the center, folding tables hold hundreds of bingo cards, sorted alphabetically by generic drug name, from the blood pressure drug acebutolol to the antipsychotic ziprasidone. None of the medications are controlled substances, though those may be included in the future.

Pharmacy officials say there may be a million dollars' worth of drugs in this small room. The 30 mg syringes of the blood thinner Enoxaparin are used by patients for weeks before and after heart surgery. They can go for $13 per dose.

One box contains scores of doses of Spiriva, inhalation capsules for chronic obstructive pulmonary disease that would sell for about $18 each. The antipsychotic Abilify runs about $46 per pill.

The biggest ticket items are the cancer drugs. They are typically donated directly from patients or their families. Those can run $8,000 or more per month.

The cancer drugs are passed on to people like Amber Judge, a patient advocate at Medical Oncology and Hematology Associates, a cancer clinic in Des Moines. Judge is accustomed to patients coming into her office in a panic. They've just learned they have cancer, only to find out they can't afford the drugs they need to battle the disease. That's when Judge opens one of the file drawers in her office, which are filled with tens of thousands of dollars' worth of the drugs recovered by SafeNetRx.

In one filing drawer she has about 30 boxes of Tasigna, which costs about $100 per pill. In another drawer she has a gallon-sized plastic bag with bottles of Stivarga, about $188 per pill.

The process is similar to patients receiving drug samples at a doctor's office. They leave her office with the drugs they need -- for free.

"I give them a month's supply if I have it," Judge said. "They're so thankful. They're incredulous."

In many places in the United States, however, these leftover drugs meet a very different end, one that is not only wasteful, but potentially harmful.

In recent years, scientists have detected something disturbing in the Long Island's aquifer: low levels of pharmaceuticals.

Though consumers have been warned not to flush their drugs down the toilet because sewer waste can contaminate groundwater, many still do it; more worrisome still, flushing remains a common practice at nursing homes in New York and across the country. The effects of such contamination on humans are unclear, but it has been shown to slow the metamorphosis of frogs and increase the feminization of fish.

Three years ago, New York's Department of Environmental Conservation started an annual program, funded by the state legislature, to scoop up unused medications before they were flushed. Even though the pickup service is free to facilities, only two dozen of 169 eligible Long Island nursing homes participated this February, turning over 660 pounds of drugs.

Those valuable medications didn't go into the water supply, but they didn't go to needy patients, either, though such recycling is now allowed in New York. Instead, they went to an incinerator company. Experts, including the EPA, have recommended incineration for getting rid of pharmaceuticals.

Destroying the unused drugs is always going to have environmental implications, said Carrie Meek Gallagher, region 1 director for the department. "It's always a trade-off of what's most harmful. For us, anything getting into the water is the worst solution."

The National Conference of State Legislatures said 39 states had passed laws that allowed the donation of drugs. But almost half of these states with laws lack programs to get the drugs safely from one appropriate user to another, and many of those that do have programs are focused on cancer drugs, the analysis showed.

There hasn't been a lot of public opposition to redistributing the drugs, even among drugmakers. Most concerns circle around logistics, although in Illinois trial attorneys have lobbied against a proposed program, saying it muddies liability issues.

Richard Cauchi, program director for health for the conference of state legislatures, said just passing laws doesn't guarantee success. A state agency or organization needs to oversee the program, encouraging participation and streamlining its administration so it's not a burden for pharmacies and nursing homes.

"It's a lot of work, and from a retail point of view, an expense," Cauchi said. "How do you accept these drugs? How do you confirm their safety? How do you know they meet the proper standards?"

Federal agencies are of little help, each pursuing their own, often contradictory, agendas.

The EPA discourages flushing drugs because they contaminate the water supply. But it doesn't have the authority to prohibit "sewering" the medications. Only local authorities can take that stance. It has, however, proposed reclassifying the unused drugs as hazardous waste, which would then prohibit flushing them.

The Food and Drug Administration says certain medications are so dangerous that they should be disposed of immediately, even if that means flushing them. It even provides a list of drugs recommended for flushing, mostly controlled substances like diazepam, better known as Valium, and the potent painkiller fentanyl.

The Drug Enforcement Administration wants to ensure controlled substances, like narcotic painkillers, aren't diverted to the illegal drug market. It has recommended that long-term pharmacies collect leftover drugs by placing boxes in nursing homes that must be emptied at least every three days, but that creates expense, hassle and potential liability.

Some advocates say the makers of the drugs should be responsible for disposing or recycling them. Scott Cassel, CEO of the Product Stewardship Institute, a nonprofit organization dedicated to reducing the environmental impact of consumer products, said the producers of batteries, electronics, paint and other products are required by law in some areas to pay for the safe disposal of their products. Similar laws require drug makers to pay for the destruction of leftover household drugs in two states and about a dozen counties, but no laws address nursing homes.

Coggins, who leads the pharmacy services for the Diversicare chain, said people in the nursing home industry would like to do something about the waste. But their options are dictated by laws and regulations, and there's been a lack of investment in cost-effective solutions like the one in Iowa.

About half the states where Diversicare operates allow the donation of unused drugs, but the programs required too much work sorting and inventorying the drugs without any reimbursement, he said. "It's like people have created legislation and it's a feel-good thing, but nobody's come back to see why it's not working."

Diversicare avoids flushing drugs whenever possible, Coggins said, but it still occurs sometimes. The organization has switched to a product called Rx Destroyer that chemically deactivates the medication so it can be put in the trash, he said, but even that is controversial because it goes into a landfill.

In many nursing homes, flushing is just part of the routine.

"Oh my goodness, it's so sad," said Jennifer Ramsey, a nurse who formerly worked as a house supervisor for a nursing home in South Haven, Mississippi. Once a month she and another nurse would gather all the unused blister packs of medication, she said, piles of them, probably worth tens of thousands of dollars. Then they would pop the pills one by one into the toilet.

"You would spend almost your whole eight-hour day doing it," Ramsey recalled.

Ramsey now works for the nonprofit Good Shepherd Pharmacy in Memphis. In Tennessee, the law requires nursing homes to destroy unused drugs on site. Good Shepherd's founder is pressing to change the law so the drugs can be saved and donated.

In March, state Rep. Cameron Sexton, a Republican whose wife is a pharmacist, introduced a bill that would allow unexpired medications to be donated in Tennessee. "Unfortunately, we don't have a process set up to do that so all these drugs have to be destroyed," he said.

Perhaps the most graphic way to see the waste firsthand is a visit to the Curtis Bay Medical Waste facility on the south side of Baltimore, home of the largest incinerator of its kind in the country.

Here Curtis Bay's fleet of trucks delivers load after load of unused, unexpired drugs from hundreds of nursing homes and other facilities and clinics up and down the East Coast. Drugs also come from medical waste companies like SteriCycle and Daniels Sharpsmart. In 2015, 204 tons of non-hazardous pharmaceutical waste came from the Daniels location in the Bronx, according to records filed in New York. Such waste includes not only drugs tossed by nursing homes, but also those from hospitals, doctors' offices and other facilities.

Inside Curtis Bay, the drugs are processed and destroyed in an area the size of several hockey rinks. A conveyor belt about 15 feet off the ground snakes through the facility loaded with hundreds of boxes of pharmaceutical and medical waste 2014 all leading to the two incineration chambers.

On a recent visit, the chamber was over 2,000 degrees, a heat that could be felt from 20 feet away.

From a platform above the incinerator's maw, you can watch as thousands of dollars of potentially lifesaving pills and medications tumble, box by box, into the steaming opening. Then they are shoveled into the blaze.

Experts say incineration is the least environmentally objectionable end-of-life option for unused drugs. But it's also the most expensive destruction method -- from 50 cents to a dollar per pound, paid for by the facilities themselves -- which is why many nursing homes resort to flushing.

Nursing homes save the disposal fees in Iowa, because they can donate them to SafeNetRx, where they benefit needy patients like Max Armstrong.

The 82-year-old suffers from multiple chronic conditions -- emphysema, congestive heart failure and more. The ailments were manageable until 2015, when he suffered blood clots in his leg and lung. Doctors put him on the generic blood thinner warfarin, but it "almost killed me," he said, so he switched to Xarelto, a newer brand name drug that costs about $700 a month.

The total tab for the Xarelto and the other 14 medications Armstrong must take each month would cost at least $1,200, according to his daughter. Armstrong, whose savings took a hit during the financial crisis, lives on $1,158 a month in Social Security.

It's "stupid" to throw away drugs that can keep so many other people healthy, Armstrong said. "There's a lot of people out there in this world who need help."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.