Why Sexual Harassment Continues to Be A Problem in Silicon Valley and the Startup World

posted Jul 10, 2017, 10:34 AM by Resty Manapat

Silicon Valley has had a problem with sexual harassment in the workplace for a long time, but only now does it seem that the tech industry is coming to terms with the issue.  

One indicator: When venture capital firm Binary Capital decided to oust its cofounder Justin Caldbeck after a pair of investigations from The Information and The New York Times revealed that six women had accused him of sexual harassment. The Times report also included numerous stories from female startup founders and entrepreneurs who recounted cases where they had either been harassed or made to feel uncomfortable by men in the industry, many of whom were investors. Among them, the women named high-profile venture capitalists including Chris Sacca, entrepreneur-turned investor Marc Canter and 500 Startups CEO Dave McClure, who resigned from his role earlier this week.  

That's on top of the string of controversies at Uber Technologies Inc., which involved two investigations into the ride-hailing startup's company culture, including sexual harassment claims from a former engineer, Susan Fowler. The controversies ensnared Uber for several months, ultimately leading to the resignation of CEO Travis Kalanick and the departures of numerous high-profile executives, including business chief Emil Michael and senior vice president of engineering Amit Singhal.  

The allegations have kicked off something of a reckoning among Silicon Valley investors, executives, entrepreneurs and other observers. The New England Venture Capital Association, a trade group, encouraged its members to sign a pledge against discrimination and gender bias. Prominent VCs such as Bain Capital Ventures have since signed on.  

LinkedIn co-founder and Greylock Partners venture capitalist Reid Hoffman wrote a post laying out some of the steps Silicon Valley should take to resolve what he considers "entirely immoral and outrageous behavior." Part of that, Hoffman wrote, is getting people to adopt a "#DecencyPledge" to signify their support of harassment victims. Another, perhaps more influential, suggestion is to build an industry-wide HR function to oversee what happens between venture capitalists and entrepreneurs.  

But in order for real change to take place, Gina Bianchini, CEO of Mighty Networks, a software company that creates niche social networks, said high-profile VCs need to come out in support of the issue.  

"I don't think there should be an expectation that women are going to solve this issue," Bianchini explained. "We didn't create this."  

The revelations about Caldbeck and other venture capitalists have shed light on an area that has largely been overlooked so far -- the relationship between investors and female startup founders. Female entrepreneurs are placed into an especially vulnerable position when they seek funding from venture capitalists. The VC world is a male-dominated environment, where fewer than 6% of all decision-makers at U.S. VC firms are women, according to Fortune. Lisa Wang, co-founder of SheWorx, a community of female entrepreneurs, said she's experienced first-hand how challenging this relationship can be.  

"I had poured my blood, sweat and tears into this company and all I needed was capital to build and sustain my team," Wang explained. "You go into this meeting and the person sitting across from you holds the future of your company."  

"So when a woman gets a meeting with an investor and they say 'Hey, just meet me here for a drink,' you leap," Wang added. "Next thing you know, he's not interested in your company and you're like 'I thought this was business.'"  

This kind of dynamic isn't just restricted to pitch meetings. At this year's Consumer Electronics Show in Las Vegas, Wang said a high-profile investor tried to grab her face and kiss her. In another instance, an investor bypassed her, thinking that her male colleague was the founder of her food startup, Fooze. And during a serious fundraising conversation, an investor called her cute, she said.  

"It's those things that made me realize how difficult it is for female founders," Wang explained.  

Wang is trying to make it easier for female founders to report harassment, which SheWorx describes as anything from "egregious stories to the small paper cuts experienced every day," through an anonymous form on the company's website. Wang and SheWorx hope to form a committee of influential lead partners and general partners from investment firms that, using the data, can take action on individuals who were flagged for repeated harassment. In effect, the committee could serve as a pseudo HR body or watchdog that monitors interactions between startups and investors.  

Investors, too, need to stop perpetuating the culture that involves inappropriate behavior, like asking female founders "signaling questions" about their marriage status and other details, said Drew Koven, managing director of investment firm LDR Ventures. "You wouldn't ask a man those questions," Koven noted.  

 

Source: TheStreet

Tips for Using Public Wi-Fi Networks

posted Jul 8, 2017, 5:19 PM by Resty Manapat

Wi-Fi hotspots in coffee shops, libraries, airports, hotels, universities, and other public places are convenient, but often they’re not secure. If you connect to a Wi-Fi network, and send information through websites or mobile apps, it might be accessed by someone else.  

To protect your information when using wireless hotspots, send information only to sites that are fully encrypted, and avoid using mobile apps that require personal or financial information.  

How Encryption Works

Encryption is the key to keeping your personal information secure online. Encryption scrambles the information you send over the internet into a code so it’s not accessible to others. When you’re using wireless networks, it’s best to send personal information only if it’s encrypted — either by an encrypted website or a secure Wi-Fi network. An encrypted website protects only the information you send to and from that site. A secure wireless network encrypts all the information you send using that network.  

How to Tell If a Website is Encrypted

If you send email, share digital photos and videos, use social networks, or bank online, you’re sending personal information over the internet. The information you share is stored on a server — a powerful computer that collects and delivers content. Many websites, like banking sites, use encryption to protect your information as it travels from your computer to their server.  

To determine if a website is encrypted, look for https at the start of the web address (the “s” is for secure). Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, your entire account could be vulnerable. Look for https on every page you visit, not just when you sign in.  

What About Mobile Apps?

Unlike websites, mobile apps don’t have a visible indicator like https. Researchers have found that many mobile apps don’t encrypt information properly, so it’s a bad idea to use certain types of mobile apps on unsecured Wi-Fi. If you plan to use a mobile app to conduct sensitive transactions — like filing your taxes, shopping with a credit card, or accessing your bank account ­— use a secure wireless network or your phone’s data network (often referred to as 3G or 4G).  

If you must use an unsecured wireless network for transactions, use the company’s mobile website — where you can check for the https at the start of the web address — rather than the company’s mobile app.  

Don’t Assume a Wi-Fi Hotspot is Secure 

Most Wi-Fi hotspots don’t encrypt the information you send over the internet and aren’t secure. In fact, if a network doesn’t require a WPA or WPA2 password, it’s probably not secure.  

If you use an unsecured network to log in to an unencrypted site — or a site that uses encryption only on the sign-in page — other users on the network can see what you see and what you send. They could hijack your session and log in as you. New hacking tools — available for free online — make this easy, even for users with limited technical know-how. Your personal information, private documents, contacts, family photos, and even your login credentials could be up for grabs.  

An imposter could use your account to impersonate you and scam people in your contact lists. In addition, a hacker could test your username and password to try to gain access to other websites – including sites that store your financial information.  

Protect Your Information When Using Public Wi-Fi

Here’s how you can protect your information when using Wi-Fi:  

  • When using a hotspot, log in or send personal information only to websites you know are fully encrypted. To be secure, your entire visit to each site should be encrypted – from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
  • Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.
  • Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
  • Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
  • Consider changing the settings on your mobile device so it doesn’t automatically connect to nearby Wi-Fi. That way, you have more control over when and how your device uses public Wi-Fi.
  • If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees. What’s more, VPN options are available for mobile devices; they can encrypt information you send through mobile apps.
  • Some Wi-Fi networks use encryption: WEP and WPA are common, but they might not protect you against all hacking programs. WPA2 is the strongest.
  • Installing browser add-ons or plug-ins can help. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren't encrypted. They don’t protect you on all websites — look for https in the URL to know a site is secure.
  • Take steps to secure your home wireless network.  

 

Source: Federal Trade Commission

When Should Encouraging Suicide Be a Crime?

posted Jul 8, 2017, 4:37 PM by Resty Manapat

Michelle Carter was recently convicted by a Massachusetts judge of involuntary manslaughter in connection with the death of her boyfriend, Conrad Roy III, by suicide. Carter played a role in the suicide by repeatedly texting her boyfriend urging him to kill himself, expressing frustration with his delaying it, and assuring him that she would take care of his family’s well-being in the aftermath of his death, a worry that he voiced in hesitating to take his own life. In this column, I will discuss some of the issues that a conviction like this raises for free speech doctrine, the right to die, and traditional conceptions of causation and responsibility in the criminal law.  

Free Speech  

The Massachusetts branch of the American Civil Liberties Union (ACLU) has taken the position that Carter’s conviction violates her freedom of speech. At first glance, this might seem like a powerful argument. After all, Carter was expressing her point of view, that her boyfriend should commit suicide and that he should do it sooner rather than later. If she had written an essay or a book arguing either that suicide in general or her boyfriend’s suicide in particular was warranted, that writing would be protected by the First Amendment, and she could not be criminally punished for producing it. Indeed, under the 1992 Supreme Court ruling in Simon & Schuster, Inc. v. Members of N.Y. State Crime Victims Bd., the law could not even direct that the money she made from the writing be placed in a fund for victims, because even that would excessively burden her freedom of speech. So how is what she did different? Does a text message receive less free speech protection than a book or an essay?  

In principle no, but in context, the immediacy of the text makes a difference. As a speaker or writer, Carter was protected by the First Amendment in expressing her abstract viewpoints on a particular matter (including whether her boyfriend should commit suicide). Such expression, if objectionable, calls for more free expression arguing the other side of the debate, rather than censorship. That is the hallmark of free speech doctrine. But incitement to imminent lawlessness or violence is not protected by the First Amendment, under the Supreme Court’s landmark decision in Brandenburg v. Ohio. This is in part because there is no opportunity to counter the violent message with a contrary idea, precisely because of the immediacy of what the speech urges. Carter’s texts to her boyfriend seem logically to fall within the category of incitement. She was repeatedly pressing him, through her words, to take his life immediately. This sort of speech is not protected by the First Amendment.  

To appreciate why the distinction between advocacy of a position and incitement is a real one that makes sense, consider a different scenario from the actual one involving Carter and Roy. Imagine that in addition to Carter and Roy, there is a third person, John Doe, in the picture. Now imagine that instead of urging Roy to kill himself, Carter urges Doe to kill Roy. Assume that Doe voices various reasons for hesitation about killing Roy, suggesting at various points that he wants to put off the act until later and that he is worried about the consequences for Roy’s family of losing their son to murder. In response to Doe’s reluctance, assume that Carter tells him that she will make sure Roy’s family will get through the loss of Roy and that Carter very strongly urges him to go ahead and kill Roy right now. After repeated urgings in which she responds to any hesitation on Doe’s part by insisting that he kill Roy immediately, Doe finally kills Roy.  

In the hypothetical scenario, it seems much more straightforward to say that Carter’s urgings to homicide cannot possibly be protected speech under the First Amendment. By pushing Doe to kill Roy, Carter implicates herself in the homicide. Under a standard definition of complicity in the criminal law, an accomplice aids or encourages the direct perpetrator with the intention (or knowledge) of helping bring about the criminal outcome. Words can be used to encourage a third party to carry out a crime, and accomplices are often considered as culpable and are subject to the same penalties as the principal perpetrator. Indeed, in our hypothetical example, one might even call Carter the primary actor, given Doe’s hesitation and reluctance to commit the crime without the pressure he felt from Carter. Saying “shoot him now; it’s the best thing” is not protected by the First Amendment, even though an essay on the benefits of murder would be protected.  

Right to Die  

Another argument against holding Carter accountable for homicide for urging her boyfriend to kill himself is that suicide ought to be a protected right on the part of every competent individual. The law, on this approach, should not be dictating to people that they live if they deem their suffering to outweigh whatever benefits or pleasure that they derive from their lives. If our law recognized a right to suicide, it might seem potentially misguided to hold a third party criminally responsible for a suicide when the suicidal person was simply exercising a right to take their life.  

We can say two things in response to this argument. First, our law does not anywhere recognize suicide per se as a protected liberty right. The U.S. Supreme Court, in Washington v. Glucksberg, specifically rejected a right to physician assistance in dying. In a narrow range of cases involving the terminally ill who have six months or less to live, a handful of states and the District of Columbia do allow for assistance in suicide. This allowance does not, however, extend to helping people like Roy, who are physically healthy and wish to die because they are suffering from unbearable mental illness.  

Thus, even if Carter had simply provided the means for Roy to kill himself, she could have been held criminally responsible for his death, because neither his suicide itself nor her role in it is considered protected by law. But she did much more than simply help Roy do what he wanted and intended to do on his own. She pressured him to do something about which he had reservations. One might believe that she should therefore have been held criminally responsible for his death even if the law recognized a right to assistance in dying in cases like his. She did not merely help, in other words; she bent his will to her agenda.  

In any event, because suicide of a person like Roy is frowned upon by the law (though he is not considered a criminal himself), helping or encouraging him to commit suicide does not fall within any legally protected right-to-die category.  

Causation  

The causation argument connects with how suicide is often seen by the law and by commentators. Suicide is something that one person does to himself or herself, independently choosing to carry out an act of self-destruction. If another person encourages the suicide or otherwise tries to persuade an individual that he should kill himself, those speech acts are arguably superseded by the decision of the individual to carry out his own suicide. Once we know that Roy killed himself, we do not need to look to Carter for a causal account of what he did. We can locate full responsibility in Roy.  

The definition of involuntary manslaughter in Massachusetts also may seem ill-suited to what Carter did in writing texts to her boyfriend encouraging him to kill himself. Under the Massachusetts common law, the crime of involuntary manslaughter (of which Carter was convicted) is “an unintentional, unlawful killing caused by wanton or reckless conduct.”  

In this context, “wanton or reckless conduct” is “intentional conduct that creates a high degree of likelihood that substantial harm will result to another person.”  

What comes to mind in reading these words is a person who drives while intoxicated or who shoots a gun out a window with his eyes closed and kills someone. The person is doing something reckless that is very likely to have direct and harmful consequences, and the risks that he takes come to pass. Someone dies because the person in question drives into them drunk or because he shoots at them with his eyes closed. There is no superseding causal act, as there is in the case of a suicide.  

The notion of a superseding causal event (i.e., the suicide) is the strongest argument against holding Carter responsible for her boyfriend’s death. She was not exercising her freedom of speech, and she was not helping him enjoy his protected liberty right to die. But he could have simply rejected her imploring rather than choosing to do what she urged. Isn’t he the causal agent in his suicide, and doesn’t convicting Carter of manslaughter improperly attach responsibility for his actions to her?  

Perhaps, but there is a better argument going the other way. A person who is feeling like committing suicide is suffering terrible emotional anguish and, if he is texting with a girlfriend, is likely looking for comfort or someone to help him feel less distress. Instead of trying to soothe her boyfriend, however, Carter took it upon herself to pressure him repeatedly to take his own life. She rejected any hesitation on his part and tried to allay his legitimate concerns about his family’s reaction to his death by pushing harder and by promising (without foundation) that she would somehow take care of his family.  

Putting aside the “unintentional” part (because Carter plainly intended for her boyfriend to die, which only makes her actions worse), Carter spoke in a manner that showed a reckless disregard for the grave risk of harmful consequences that her words posed, namely, the death of her boyfriend. Worse than that, she positively pursued the harmful consequences of her words by repeatedly telling Roy to commit suicide and by trying to make him feel bad that he was not already dead.  

However one feels about a right to die (and for the record, I believe it ought to be protected), the behavior of Roy’s girlfriend was reprehensible. She did not offer him solace or comfort at a time when he needed it most. She instead hectored him for hesitating to kill himself and pushed as hard as she could for him to finally do what he did, take his own life.  

At one point, Roy exited the truck (which was filled with carbon monoxide), and Carter told him to get back inside. This was the judge’s reaction to that conduct: “This court finds that instructing Mr. Roy to get back in the truck constituted wanton and reckless conduct by Ms. Carter, creating a situation where there is a high degree of likelihood that substantial harm would result to Mr. Roy.” Had Carter done otherwise, had she—as the judge so poignantly put it—simply told him to leave the truck where he was suffocating from carbon monoxide poisoning, he probably would not have died that day.  

Because she put Roy in harm’s way, Carter had a duty to try to help him escape that harm, and she failed in that duty. He is gone because of what she said to him and because of what she did not say to him, and she understood perfectly what the impact of her statements might be, because it was exactly what she had urged. She did more than take a grave risk with her boyfriend’s life; she strongly urged him to end it when he was obviously vulnerable to her urgings. 

If, as the prosecutor suggested, Carter did what she did so that she could have the attention that people give to grieving girlfriends, then that motive is outrageous and ought to be taken into account at her sentencing hearing. But whatever her motives, Carter’s conviction for having killed her boyfriend after what she did (and failed to do) is just.  

 

Source: Justia Verdict

Lottery rigging accomplice used Wisconsin payout for offshore tax scam

posted Jul 7, 2017, 9:48 AM by Resty Manapat

After Robert Rhodes collected a Wisconsin Lottery jackpot that had been rigged by his friend, he used the windfall for an investment scheme that produced another wave of undeserved government money, court records show.  

Rhodes, an accomplice in a scandal that has shaken state lotteries, recently explained under oath how he used the $783,000 payout to receive an additional $180,000 in bogus tax refunds. The Texas businessman sent his lottery winnings offshore to buy a phony insurance policy for a personal corporation that never did any business — except receive the lottery prize. He then claimed the policy as a tax-deductible “business expense.”  

The upshot: Rhodes received roughly $150,000 from the U.S. government and $36,200 from Wisconsin in tax refunds on the lottery payout. But in an ironic twist, the St. Lucia-based insurer where Rhodes sent his cash would later be accused of duping investors and, in Rhodes’ words, “abscond” with a chunk of the loot.  

Rhodes and Eddie Tipton, former security director for the Multi-State Lottery Association, recently pleaded guilty to rigging the Dec. 29, 2007, Megabucks drawing advertised at $2 million. They agreed to refund Wisconsin the $783,000 payout and an additional $18,100 apiece to cover the state tax refund.  

Investigators say Tipton installed computer code that allowed him to predict winning numbers on three days of the year, and that he worked with Rhodes, his brother Tommy and other associates to buy winning tickets and claim prizes worth millions in multiple states. Tipton and his brother pleaded guilty last week in Iowa, where the lottery association is based.  

Rhodes, a 49-year-old father, pleaded guilty and cooperated with investigators in exchange for probation. He disclosed the offshore scheme in a deposition under questioning from Tipton’s lawyer, Dean Stowers, who called it money laundering and tax fraud.  

Rhodes, who did not return a message seeking comment on his testimony, employed Tipton at a Houston tech company in the 1990s and they became friends. Tipton supplied him with notecards listing dozens of potential winning combinations before the Wisconsin drawing, and Rhodes bought them, including the winning ticket.  

With Tipton’s encouragement, Rhodes formed a limited liability corporation, called Delta S Holdings, to claim the prize. Rhodes had previously visited the lottery association’s office and both worried their ties would be discovered if Rhodes was listed as the winner. The LLC filed a lawsuit to obtain the prize after Wisconsin lottery officials said they couldn’t pay the corporation without a court order.  

Rhodes said he then turned to experts for tax planning advice on his windfall, buying a plan that “allowed me to get a tax refund.”  

Under the arrangement, Rhodes sent $450,000 to Bancroft Life & Casualty ICC Limited in St. Lucia to buy an “insurance policy” for Delta S Holdings. His tax returns claimed the purchase as a business expense, producing refunds when the governments determined they withheld too much of the prize.  

Bancroft recruited tax-weary, wealthy individuals to invest in its insurance. Customers would buy expensive policies that their businesses didn’t need but could write off. Bancroft would loan back up to 70 percent of their premium payments.  

Rhodes received a $250,000 loan from Bancroft after buying his policy. He also received an insurance claim for $75,000 for “regulatory changes” that he said harmed Delta S Holdings, even though it never did any other business. Asked what regulations had changed, Rhodes testified, “I don’t remember.” He said its prospects in “real estate” and “consulting” never materialized.  

Rhodes said Tipton wasn’t told about the offshore deal until later and received none of the refunds. He said the deal went sour in 2012, when Bancroft became insolvent and the company “absconded” with $150,000 his LLC had left.  

“I started getting insurance account records that say all of the money that Delta S Holdings had put there through paying the premium was gone,” he said. “Some expletives followed on my part, you know, what … happened to whatever money was there to pay insurance claims? Well, there is none.”  

 

Source: Wisconsin State Journal

How a Security-Only Network Can Limit Risks from Data Breaches

posted Jul 6, 2017, 11:09 AM by Resty Manapat

A security-only network delivers a higher level of protection while not impacting business critical systems 

Cyber attacks are one of the greatest threats facing global businesses today. Hardly a day goes by that there is not a report of another company suffering at the hands of hackers breaching their networks and stealing sensitive customer or proprietary business data. According to the Identify Theft Resource Center (ITRC), there were 781 known data breaches in 2015. This is the second-highest number on record since tracking began in 2005. 

Although data breaches and cyber attacks are real risks for all type of public and private organizations, retailers are particularly vulnerable to these crimes. In this competitive industry, these crimes can have devastating effects on consumers and potentially damage the retailer’s brand and corporate reputation beyond repair. 

Furthermore, cyber-crimes do not target one class of retailers. Over the past several years, retailers from superstores to supermarkets have reported data breaches, where potentially millions upon millions of consumer debit and credit card information were exposed or comprised. 

Emerging Trends

In response to the threats presented by cyber-criminals, many retailers are physically separating the IT infrastructure for their networks based on their primary usage to limit exposure. A prime example is creating a separate network to run physical security applications from the network used for POS data. A security-only network is typically used to host the company’s security devices such as intrusion detection, video, access control devices and related devices along with building automation systems such as HVAC. 

Benefits

The benefits of these networks are multi-faceted. Not only does the security-only network deliver a higher level of protection, but it also offers faster speeds, more bandwidth and easier access to the network for loss prevention teams while not impacting business-critical systems. 

Further benefits to a separate network include nearly unlimited access to applications such as remote monitoring of video or remote investigations, allowing investigators immediate access to video and supporting data. Many times, loss prevention teams are relegated to downloading video for investigative purposes in the overnight hours, when the primary network is not being used for POS data. Easy access to video can reduce travel time to specific locations and associated expenses, as well as the time it takes to conduct the investigations. 

When the security network is monitored by a certified third-party provider, added benefits include advanced alerts of potential system failure or attempted breach of the network. The monitoring company can also ensure that the network is adhering to the latest network security protocols and has updated anti-virus software at all times. 

Who Should Consider It?

Any type of retailer that is looking to provide a safer and more secure environment for its customers’ data while maintaining a higher level of security for its business critical operations is a candidate for a dedicated security-only network. 

Selecting a Third-Party Provider

When considering a third-party provider for security-only networks, traditional IT companies that design and implement standard networks may not be your best option. Selecting a company that has the proper certifications for designing networks as well as deep industry knowledge of security devices and how they need to work together will greatly enhance the overall end result. 

Certifications such as Cisco Cloud and Managed Services Partner Certification, Meraki Certified, Sonicwall Certified, and security product-specific certifications will ensure successful system integration. Cisco Cloud and Managed Services Partner certification recognizes companies who have attained the expertise in the planning, designing, implementing and supporting of cloud or managed services based on Cisco platforms. 

Steps to Consider

One of the first steps is to identify the circuit requirements for the security-only network. Understanding what types of applications are going to be running on the network and how much bandwidth and speed is necessary to support the applications is key. Security-only networks are often based on commodity broadband, so it is important to ensure that the carrier can deliver reliable service and speed at any given location. 

Once the network parameters of adequate circuit bandwidth are determined, additional considerations that must be designed into the system include remote (VPN) access and appropriate security measure and rules. At a minimum, there should be a strict password update rule both for duration of password life as well as re-use of passwords used in the past. Ideally, a consolidated security identification system should be established to ensure continuous monitoring of access with biometric or other proven security solutions as part of any access to the network. 

If any part of the network is wireless enabled, appropriate security for network access and ongoing traffic monitoring are essential. If they are not part of the system, monitoring to make sure that no additional devices with wireless capability are installed on the system. 

Firewall protection design is essential. With the advent of IPv6 and its inclusion in networks, there is a potential for security breach when tools designed for IPv4 are faced with IPv6 calls. 

Continuous monitoring for abnormal network traffic, behavior or attempted unauthorized access are discovered, rules for appropriate notification and/or lockout must be determined and enforced. 

Data Breaches: One Less Thing to Worry About

The growing threat of data breaches, cyber crime, and the high cost associated with remediating the aftermath of an attack, both in terms of hard dollars and the damage to brand reputation and customer trust, can be devastating to a retailer. 

Cyber-crime rates are escalating at exponential levels and cyber criminals will continue to grow more sophisticated in their approach. Now is the time to ensure your business is protected. 

The vice president of loss prevention for a leading international retailer summed it up by saying, “Deploying a separate network for security and having an independent team monitor it is one less thing that I need to worry about.” 

 

Source: LPM Insider

Your Credit Score May Soon Look Better

posted Jun 29, 2017, 1:58 PM by Resty Manapat

About 12 million people will get a lift in their credit scores next month as the national credit reporting agencies wipe from their records two major sources of negative information about borrowers: tax liens and civil judgments.  

The change stems from a lengthy crusade by consumer advocates and government officials to force the credit bureaus to improve the accuracy of their reports, which are often speckled with errors and outdated information. Those mistakes can limit borrowers’ access to credit cards, auto loans and mortgages, or saddle them with higher borrowing costs.  

Starting July 1, the three major credit reporting companies — Equifax, Experian and TransUnion — will enforce stricter rules on the public records they collect, requiring each citation to include the subject’s name, address and either their Social Security number or date of birth. Nearly all civil judgments and at least half of the nation’s tax lien records do not meet the new standards, and will be eliminated from consumer credit reports.  

The change will benefit borrowers with negative public records, but it will also help thousands of people who have battled, often in vain, to have incorrect information removed from their files.  

“We’ve filed hundreds of lawsuits over this,” said Leonard Bennett, a consumer lawyer in Alexandria, Va. “Comprehensively fixing it hasn’t been something the industry has prioritized.”  

That began to change two years ago, when a coalition of 31 state attorneys general cracked down on the credit bureaus and negotiated a deal that required sweeping changes to their practices. (New York’s attorney general had previously reached a separate settlement with similar terms.) The credit bureaus have already made some adjustments, like removing traffic tickets and court fines from their files, but next month’s changes will have the broadest effects yet.  

Around 7 percent of the 220 million people in the United States with credit reports will have a judgment or lien stripped from their file, according to an analysis by Fair Isaac, the company that supplies the formula that generates the credit scores known as FICO.  

Those people will see their scores rise, modestly. The typical increase will be 20 points or less, according to Fair Isaac’s analysis. (FICO scores range from 300 to 850. Higher is better; lenders generally prefer people with scores of 640 and above.)  

The biggest beneficiaries, consumer advocates say, will be those who are spared the frustration of trying to fix errors. False matches have been a common problem. Without the kind of additional identifying information that will now be required, a court record showing a judgment against Joe Smith can easily wind up on the wrong Joe Smith’s credit report. (Last week, a California jury awarded $60 million to a group of consumers who said TransUnion falsely flagged some of them as terrorists and drug traffickers because it had mistaken them for others with similar names.)  

Starting next month, the credit bureaus will also be required to update their public records information at least once every 90 days.  

That change pleases Brenda Walker, a Virginia resident with a pending lawsuit against TransUnion over the company’s monthslong delay in amending her report to show that a tax lien had been satisfied.  

Ms. Walker said she had been turned down for credit cards, a car loan and a student loan she tried to take out for her daughter’s education. “It wreaked havoc,” she said. “My credit score was so damaged from something that had already been paid and released.”  

The flip side of the change, lenders warn, is that some borrowers may now appear more creditworthy than they actually are.  

“This removes information from the picture that our customers get about what a borrower has done in the past,” said Francis Creighton, the chief executive of the Consumer Data Industry Association, which represents credit reporting companies. “If someone has a big bill that they owe, that’s something that should be part of the conversation.”  

But when the two largest credit scoring companies, Fair Isaac and VantageScore, tested what happens when tax liens and civil judgments are removed, both found that it did not meaningfully change the snapshot provided to lenders on most borrowers.  

More than 90 percent of people with a negative public record have other negative information on their credit file, like late payments, according to FICO’s analysis. VantageScore experimentally tweaked its model to focus on other data points, like the number of credit cards a borrower has with high balances, and found that the predictive value was almost identical.  

“Not surprisingly, those with civil judgments and tax liens are likely to have lots of other credit blemishes,” said Ethan Dornhelm, Fair Isaac’s principal scientist. “These changes aren’t going to bring those people into the tiers where they’re going to qualify for prime credit.”  

As public records disappear from the big bureaus’ reports, other data providers are eager to step in and fill the gap. LexisNexis Risk Solutions has for years gathered public records information from about 3,000 jurisdictions around the country and sold it to the credit bureaus. Now, with that business drying up, the company is marketing its own Liens and Judgments Report to lenders.  

Because LexisNexis is not a party to the credit bureaus’ settlement, it is still free to sell that information, said Ankush Tewari, a senior director with LexisNexis Risk Solutions. The company can accurately link people to their public records, even without identifying information like a Social Security number, with an error rate of less than 1 percent, he said.  

As the credit bureaus continue to work through the settlement terms, further changes are coming. Starting in September, their reports will eliminate medical debt collection accounts that are less than six months old, a change intended to reflect the sometimes-lengthy process of sorting out health insurance reimbursements.  

Also that month, all data furnishers — the companies that provide information about consumers to the credit bureaus — will be required to include each individual’s full name, address, birth date and Social Security number in their reports.  

 

Source: The New York Times

Mishandle a Fraud Search, and All That Fine Evidence Could Be for Nothing

posted Jun 27, 2017, 10:50 AM by Resty Manapat

A search conducted at a home or business can feel like a terrible violation of privacy. When a score of agents tramp through the premises taking just about everything that isn’t nailed down, the question is whether that comports with the Fourth Amendment’s protection “against unreasonable searches and seizures.”  

Judge Alison J. Nathan of the Federal District Court in Manhattan delivered a stern warning to prosecutors when she granted a motion by Benjamin Wey, a New York City financier, to suppress everything seized during searches of his office and home in 2012. The New York Times reported that the ruling, if upheld, could deal a significant blow to proving charges filed in 2015 accusing him of stock manipulation and laundering the proceeds from selling shares, because it is unclear what other documentary evidence the government has. 

Because the objects of the search are not easily identifiable like guns or drugs, the challenge in white-collar-crime investigations is to draft a warrant that is not so broad that it empowers agents to seize virtually any document or search every computer file because it might be related to nebulous misconduct. 

The Fourth Amendment requires that a warrant “particularly” describe the place to be searched and things seized. This requirement was a response to the aversion of the framers of the Constitution to so-called general warrants, used by the British before the American Revolution to conduct broad searches for goods imported without payment of the proper duties. 

When an investigation involves potential fraud, almost any document or record could be related to it. Prosecutors often need to show that transactions that appear to be legal were misleading or deceptive, which might not be apparent on the face of the documents. So the description in the warrant of what the government can seize in a white-collar case is usually quite broad, covering general categories of records and computer files created over a substantial period of time, but cannot be so vague that almost anything could be seized.  

The government obtained warrants to search Mr. Wey’s company, New York Global Group, and his New York City apartment for evidence that he used other companies and investors as part of a plan to manipulate the shares of companies used for mergers with China-based businesses. The warrants listed 12 categories of documents that related to transactions with 220 individuals and companies, including the seizure of computers and other electronic devices that might contain records related to them.  

The key to any warrant that covers so much material is to properly identify the specific crimes that were committed so that there is some limitation on what types of records can be seized. It was on this point that Judge Nathan found the warrant in Mr. Wey’s case had failed.  

The primary flaw was that while the affidavit submitted by an F.B.I. agent to a magistrate judge gave a reasonable description of the crimes under investigation, that document was not incorporated in the warrant, or even attached to it, to establish the parameters for the search.  

Because there were no apparent limits to what could be seized, the agents executing the warrants seemed to take just about everything they could get their hands on. In particular, Judge Nathan was troubled that agents took personal items with no apparent connection to the investigation, like X-rays of family members, children’s sports schedules, divorce papers, passports and family photographs.  

In finding that the search violated the Fourth Amendment, the judge pointed out that “failure to reference the suspected crimes would alone be enough to render the warrants insufficiently particularized.”  

The importance of including the crimes under investigation was highlighted in another recent case, involving the appeal of Ross W. Ulbricht, who once operated under the moniker “Dread Pirate Roberts.” He was sentenced to life in prison for helping set up and operate Silk Road, an anonymous online marketplace used to sell drugs and broker other illegal services. Crucial evidence came from his laptop, which was searched shortly after his arrest in a public library in San Francisco in 2013.  

The warrant allowed agents to open every file to view the first few pages of a document, and search terms could be used to scan the laptop’s entire memory. In upholding the search, the United States Court of Appeals for the Second Circuit in Manhattan pointed out that “files and documents can easily be given misleading or coded names, and words that might be expected to occur in pertinent documents can be encrypted; even very simple codes can defeat a preplanned word search.”  

While the description of what could be searched on Mr. Ulbricht’s laptop was broad, it was permissible under the particularity requirement of the Fourth Amendment because the affidavit outlining the crimes under investigation was incorporated into the warrant, providing the necessary limitations on what could be viewed. Although that meant a very intrusive search that could include many personal documents, the appeals court found that “such an invasion of a criminal defendant’s privacy is inevitable, however, in almost any warranted search.”  

Why did the government fail to meet this seemingly simple requirement of incorporating the description of the crimes under investigation in the warrant to search Mr. Wey’s office and apartment? There is no good explanation for that mistake, which led Judge Nathan to conclude that “the warrants are — in function if not in form — general warrants,” the death knell for any search.  

One way the government could have seized virtually everything from Mr. Wey’s business and home would have been to offer evidence in the warrant application that his operation was completely fraudulent. Courts recognize that if a company is thoroughly permeated by fraud, such as a boiler-room operation or a bogus prescription drug dispensary, then any records connected to it would constitute evidence.  

Although prosecutors made this argument to defend the seizure from Mr. Wey, they could not overcome two hurdles. First, this type of warrant is usually limited to a business rather than a home, at least unless there is substantial evidence that the home was really just an extension of the illegal operation. There was nothing in the warrant application involving Mr. Wey’s apartment that would indicate its primary use for that purpose, even though his wife assisted his advisory business from there.  

Second, Judge Nathan found that the government “did not set forth any evidence, explicit or implicit, that the scheme either constituted just the ‘tip of iceberg’ with respect to fraudulent activity” at Mr. Wey’s operation, or that the claimed fraudulent activity infused the entire business.  

Perhaps the ultimate fallback in any case involving a flawed search warrant is the claim that the agents acted in good faith. The exclusionary rule is designed to deter governmental misconduct, and the Supreme Court noted in United States v. Peltier that “where the official action was pursued in complete good faith, however, the deterrence rationale loses much of its force.”  

That exception does not apply when a warrant is so clearly flawed that no reasonable agent would rely on it. Judge Nathan found that the warrants did not have “any meaningful linkage to the suspected criminal conduct and limited only, at the outer boundaries, to some relationship to the owner/occupant of the premises being searched.” Therefore, a claim of good faith to salvage the fruits of an otherwise unlawful search could not be supported, so the exclusionary rule required suppression of all the evidence seized.  

I expect that the Justice Department will challenge the decision because the suppressed evidence is at the heart of the case against Mr. Wey. Although a defendant cannot appeal a denial of a suppression motion until after a conviction, the Criminal Appeals Act authorizes prosecutors to seek review of a decision granting such a motion so long as the United States attorney certifies that the appeal is not for the purpose of delay and the material would be “substantial proof of a fact material in the proceeding.”  

Judge Nathan’s decision sends a clear message to agents and prosecutors in white-collar-crime investigations to tread carefully when using a search warrant to gather evidence. Although a treasure trove of materials can be obtained this way, failing to pay attention to the details of properly writing and executing a warrant can have devastating consequences for a case.  

 

Source: The New York Times

Justices, Shying from Second Amendment, Won't Touch California's Gun Restrictions

posted Jun 27, 2017, 10:43 AM by Resty Manapat

The U.S. Supreme Court, declining to step back into the contentious arena of gun regulation, refused on Monday to review the constitutionality of California’s restrictions on the concealed and open carry of guns.  

The justices’ refusal to take up Peruta v. California came on the heels of the June 14 shooting in Virginia that wounded five, including a congressman, at a baseball practice. The court last took up a major Second Amendment challenge seven years ago.  

In 2010 in McDonald v. City of Chicago, a 5-4 court applied the Second Amendment to the states. The McDonald decision followed the justices’ landmark, 5-4 decision in 2008—District of Columbia v. Heller—holding that the amendment guarantees an individual right to possess a handgun for self-defense in the home.  

The high court has turned away a number of Second Amendment cases, often over the dissenting voices of justices Clarence Thomas, Samuel Alito Jr. and the late Antonin Scalia. Thomas, in his dissents, has charged that the Second Amendment was becoming a nullity based on its treatment by lower courts. Trial and appellate judges generally have upheld local regulations.  

Thomas on Monday, joined by Justice Neil Gorsuch, had voted to hear the challenge to California’s gun laws. Thomas wrote:  

For those of us who work in marbled halls, guarded constantly by a vigilant and dedicated police force, the guarantees of the Second Amendment might seem antiquated and superfluous. But the Framers made a clear choice: They reserved to all Americans the right to bear arms for self-defense. I do not think we should stand by idly while a State denies its citizens that right, particularly when their very lives may depend on it. I respectfully dissent.  

Peruta was filed on behalf of Edward Peruta, four other individuals and the California Rifle and Pistol Association Foundation. The petition was brought on their behalf by former George W. Bush solicitor general Paul Clement of Kirkland & Ellis.  

The challenge asks the justices this question: “Whether the Second Amendment entitles ordinary, law-abiding citizens to carry handguns outside the home for self-defense in some manner, including concealed carry when open carry is forbidden by state law.”  

California regulates open carry and concealed carry of guns in public. Open carry is generally prohibited, with a few exceptions. Anyone applying for a concealed-carry license must show, among other requirements, that “good cause” exists for the license. The state’s counties may decide what constitutes “good cause.”  

Peruta, a San Diego resident, was refused a concealed-carry license. He and the other petitioners in the high court, sued San Diego County and the San Diego sheriff, claiming that the concealed-carry policy violated their Second Amendment rights.  

The en banc U.S. Court of Appeals for the Ninth Circuit narrowly examined: “whether the Second Amendment protects, in any degree, the ability to carry concealed firearms in public.” It did not reach the question whether the right to bear arms existed outside of the home.  

In a 7-4 opinion on June 9, 2016, the en banc court said the historical evidence shows that the Second Amendment does not protect concealed carry.  

The Peruta petition argued that the San Diego sheriff’s interpretation of “good cause” is so restrictive that the typical law-abiding resident on the county cannot get a concealed-carry license. “And because California law prohibits openly carrying a handgun outside the home, the result is that the typical law-abiding resident cannot bear a handgun for self-defense outside the home at all.”  

Clement argued there are “few unresolved constitutional questions of greater legal and practical significance than whether the Second Amendment entitles ordinary law-abiding citizens to bear handguns outside the home for self-defense.” Lower courts, he said, have split three ways, with some recognizing the right outside the home, some rejecting it, and some adopting a hybrid approach.  

California had countered that the Ninth Circuit decision was limited to whether the Second Amendment protects a specific right to carry concealed weapons in public and was correct “in light of the long history of restrictions on concealed carry.” It also accuses Peruta of presenting different and broader questions of whether the Second Amendment applies outside the home.  

The appellate court decision, the state said, “does not create or deepen any conflict among the lower courts, or impair the flexibility of states in deciding how to accommodate any public-carry right.”

 

Source: Law.com

A Record FCRA Verdict Entered Against TransUnion

posted Jun 26, 2017, 12:00 PM by Resty Manapat

On June 20, a federal jury sitting in the Northern District of California Ramirez v. TransUnion LLC case awarded a class of 8,185 consumers the largest to date Fair Credit Reporting Act (FCRA) verdict, consisting of $8 million in statutory damages and $52 million in punitive damages. 

The lawsuit was based on TransUnion’s alleged failure to keep credit reports of ordinary consumers from being linked with similarly-named individuals listed on the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) watch list. The watch list is a part of OFAC’s enforcement effort and contains names of individuals and organizations linked to drug trafficking, terrorism and other criminal activities. 

The named plaintiff, Sergio L. Ramirez, filed his complaint in February 2012 alleging that he was not able to buy a car in 2011 because TransUnion reported to lenders that his name potentially matched entries on OFAC’s watch list. Ramirez further alleged that he attempted to have TransUnion correct the error on his report but received no assistance. 

At trial, the class argued that TransUnion was required by FCRA to assure the accuracy of its reports and failed to cross-check OFAC hits against other personal identifiers, such as birth dates. The class further argued that TransUnion also violated FCRA by disclosing OFAC match information only to lenders requesting credit reports, but not to consumers, depriving consumers of opportunities to challenge and correct the information. 

TransUnion countered these arguments at trial by blaming Ramirez’s experience on credit reports getting “garbled” in multiple transmissions before reaching the auto dealer. TransUnion also argued that no actual damage resulted from the erroneous links to OFCA watch lists, because Ramirez, for example, was able to purchase a car in the same timeframe and on the same terms as would have been the case had his name not triggered the OFAC list connection. 

The jury rejected these arguments and found that TransUnion: (1) willfully failed to follow reasonable procedures to assure the maximum possible accuracy of OFAC information it associated with class members, (2) willfully failed clearly and accurately to disclose OFAC information in written disclosures it sent to class members, and (3) willfully failed to provide class members a summary of their FCRA rights with each written disclosure actually made. 

This is not the first time TransUnion has been in hot water over its OFAC reporting. In 2009 a single consumer brought a case against TransUnion over a credit report also provided to an auto dealer that erroneously linked her name to the OFAC watch list. The auto dealer was ultimately able to confirm that the consumer was not in fact on the OFAC list and she suffered no negative effects from the erroneous report. The case went to trial and the jury awarded plaintiff $50,000 in compensatory damages and $750,000 in punitive damages, which the district court reduced to $100,000. On appeal, the Third Circuit Court of Appeals rejected TransUnion’ arguments that it could not have violated FCRA because: (1) the OFAC alert was not part of a “consumer report” as defined by the FCRA and (2) the OFAC alert was not a part of the consumer’s “file” as defined by the FCRA. The Third Circuit affirmed Trans Union’s liability and the jury’s award of compensatory and punitive damages, as remitted by the district court. 

The massive award in the Ramirez case is a warning to all credit reporting agencies and furnishers of data about proactively monitoring and cross-referencing information that may end up in a person’s credit report. This case also, however, raises questions whether: (1) a case similar to Ramirez would survive today’s Spokeo scrutiny in light of the admitted lack of “concrete” injuries flowing from the allegedly erroneous reports and (2) another court would allow for class treatment of similar claims when each consumers’ ability to demonstrate a concrete injury may differ significantly and require individualized scrutiny.

 

Source: Lexology

FTC Wraps up Major Phone Cramming Case as Remaining Defendants Settle Charges

posted Jun 23, 2017, 11:39 AM by Resty Manapat

Defendants behind American eVoice are banned from all landline or mobile telephone billing 

The remaining defendants behind a massive landline cramming operation agreed to settle Federal Trade Commission charges that they placed more than $70 million in unauthorized charges on consumers’ phone bills. 

The settlements with defendants Steven Sann, Terry Lane, and the corporate defendants who operated the scheme, resolve the remaining charges the FTC brought against American eVoice, Ltd., eight other companies, and four individual defendants. 

In its complaint, the FTC alleged that the operation placed charges ranging from $9.95 to $24.95 per month on consumers’ landline phone bills for voicemail services they never signed up for and never even knew they had. 

The lead defendant, Sann, his wife Lane, and the corporate defendants have now agreed to settle the FTC’s charges. Robert Braach, an accountant who provided financial and management services for the scheme, settled similar charges in November 2016. 

Under the terms of the settlements, the defendants are permanently banned from all telephone billing, landline or mobile. The orders also ban all defendants from unauthorized billing in general. 

The settlements with Sann, Lane, and the corporate defendants impose judgments of $41.9 million that are either partially or entirely suspended based on an inability to pay.  Under the terms of the settlements, Sann will have to forfeit more than $500,000 in ill-gotten funds that he used to fund his IRAs, and he will also surrender an Infiniti Q56 and a Nissan 350Z.  Most of Sann’s other assets have already been transferred to the Chapter 7 Trustee administering his bankruptcy estate.  In a parallel criminal case brought by the United States Attorney for the District of Montana, Sann pleaded guilty to criminal charges of money laundering and wire fraud and was sentenced to two years in prison. 

The settlement with Braach imposes a judgment of $71 million that was suspended after Braach transferred $75,000 to the Commission.  In the future, if any of the defendants are found to have misrepresented their financial condition, the entire amount of the respective judgment will become due as to those defendants. 

The Commission vote approving the proposed stipulated final orders against Sann, Lane, and the corporate defendants was 2-0. It was filed in the U.S. District Court for the District of Montana, Missoula Division. 

The Commission voted 3-0 to approve the stipulated final order against Braach, and the District Court judge approved and signed it in January 2017. 

NOTE:  Stipulated court orders have the force of law when approved and signed by the District Court judge. 

The FTC appreciates the assistance provided in these cases by the Better Business Bureau Northwest; the Montana Department of Justice; and the Federal Communications Commission.


Source: FEDERAL TRADE COMMISSION

1-10 of 149