FTC Wraps up Major Phone Cramming Case as Remaining Defendants Settle Charges

posted by Resty Manapat

Defendants behind American eVoice are banned from all landline or mobile telephone billing 

The remaining defendants behind a massive landline cramming operation agreed to settle Federal Trade Commission charges that they placed more than $70 million in unauthorized charges on consumers’ phone bills. 

The settlements with defendants Steven Sann, Terry Lane, and the corporate defendants who operated the scheme, resolve the remaining charges the FTC brought against American eVoice, Ltd., eight other companies, and four individual defendants. 

In its complaint, the FTC alleged that the operation placed charges ranging from $9.95 to $24.95 per month on consumers’ landline phone bills for voicemail services they never signed up for and never even knew they had. 

The lead defendant, Sann, his wife Lane, and the corporate defendants have now agreed to settle the FTC’s charges. Robert Braach, an accountant who provided financial and management services for the scheme, settled similar charges in November 2016. 

Under the terms of the settlements, the defendants are permanently banned from all telephone billing, landline or mobile. The orders also ban all defendants from unauthorized billing in general. 

The settlements with Sann, Lane, and the corporate defendants impose judgments of $41.9 million that are either partially or entirely suspended based on an inability to pay.  Under the terms of the settlements, Sann will have to forfeit more than $500,000 in ill-gotten funds that he used to fund his IRAs, and he will also surrender an Infiniti Q56 and a Nissan 350Z.  Most of Sann’s other assets have already been transferred to the Chapter 7 Trustee administering his bankruptcy estate.  In a parallel criminal case brought by the United States Attorney for the District of Montana, Sann pleaded guilty to criminal charges of money laundering and wire fraud and was sentenced to two years in prison. 

The settlement with Braach imposes a judgment of $71 million that was suspended after Braach transferred $75,000 to the Commission.  In the future, if any of the defendants are found to have misrepresented their financial condition, the entire amount of the respective judgment will become due as to those defendants. 

The Commission vote approving the proposed stipulated final orders against Sann, Lane, and the corporate defendants was 2-0. It was filed in the U.S. District Court for the District of Montana, Missoula Division. 

The Commission voted 3-0 to approve the stipulated final order against Braach, and the District Court judge approved and signed it in January 2017. 

NOTE:  Stipulated court orders have the force of law when approved and signed by the District Court judge. 

The FTC appreciates the assistance provided in these cases by the Better Business Bureau Northwest; the Montana Department of Justice; and the Federal Communications Commission.


Source: FEDERAL TRADE COMMISSION

Are You There God? I’d Like to Sue You

posted Jun 21, 2017, 4:38 PM by Resty Manapat

Yes, people do file lawsuits against the Almighty. But the devil, so to speak, is in the details. 

BACK IN 2007, NEBRASKA STATE Senator Ernie Chambers filed a lawsuit against God. 

Chambers, the plaintiff, was seeking a permanent injunction against the defendant, God, whom Chambers blamed in the suit for causing various natural disasters. The lawsuit further accused God of the crime of failing to stop “terroristic threats.” In the complaint, filed in Douglas County District Court, Chambers also stated that he had tried to contact God about these matters on multiple occasions, but without success. 

Of course, as even Fox News pointed out at the time, the state senator was direct about the fact that he had no real expectation of a victory over the Almighty. Instead, he’d filed to try to make a broader point about the value of frivolous lawsuits. In the end, though, Chambers’ suit was thrown out of court not because it was frivolous per se, but because God had no fixed address at which he could be served notice. 

Chambers’ lawsuit may have gone nowhere, but it did serve as a reminder that if you want to, anyone can try to sue God—even if winning might take a miracle. 

“There’s nothing about the basic requirements of a complaint that suggest that you can’t sue God,” says the Georgetown University legal scholar Naomi Mezey. In the U.S. legal system, Mezey says, it’s relatively easy to bring a legitimate complaint against anyone, so long as you can meet the basic standards. While the exact rules vary from court to court, typically those standards include a named defendant, a relevant jurisdiction, details of the alleged wrongdoing, and proof of notice to the defendant of the lawsuit. 

“Notice is in some ways the most banal of these requirements, [but] that is in fact an important part of our Constitutional right to due process,” says Mezey. “It feels minor and technical, but on the other hand it is a very important Constitutional guarantee that things do not get litigated against you without your being notified of them.” 

It turns out it’s this inability to be served notice of a lawsuit that ultimately prevents most courts, like the one in the Chambers case, from allowing legal claims against God to proceed. Still, as Mezey notes, if you believe that God is everywhere, then questions of jurisdiction are at least up for debate—the deity, one could argue, has at least minimum contact with every state and county in the nation. “This is called personal jurisdiction. So maybe that question of personal jurisdiction isn’t so hard if you accept that God is omnipresent.” 

Consider another case from 1971. In that one, a man named Gerald Mayo attempted to sue Satan (and his staff) for placing obstacles in his path and causing him general misery. Mayo’s case was similarly dismissed because there was nowhere to serve the Devil. 

Clearly, serving notice against God (or the Devil) is tough, but there may be some ways around it. In Chambers’ case, he argued that since God is omniscient, he would of course have known about the lawsuit, thus fulfilling the notice requirement. And Mezey proposes an even more sweeping solution. “Maybe you say, God is not a person, therefore due process is not required for God.” 

Even if one were to convince a court to hear a case against God, there is one other problem, and that is the issue of how to enforce a ruling for the plaintiff. “You can win a lawsuit, but then you need to get that lawsuit enforced,” says Mezey. “So every remedy you seek, then needs to be enforced in some way. You know there’s no enforcement in this lawsuit [against God].” 

Complaints against God aren’t limited to U.S. courts. There are numerous examples of cases against God, or a god, from a variety of countries around the world. In 2007, a Romanian man serving time for murder tried to sue God for not protecting him from the Devil’s influence, which was turned down because God was not seen as a person in the eyes of Romanian law. In 2016, a case was brought to the courts in the Indian state of Bihar by a lawyer attempting to sue the Hindu god Rama. In that case, the court rejected the suit out of hand, noting that it wasn’t “practical.” 

In the end, lawsuits against God are almost uniformly dismissed by courts. But that doesn’t mean that those with enough faith, whether in the system or in the Almighty, won’t keep trying to find a way.

 

Source: Atlas Obscura

U.S. Supreme Court again limits where companies can be sued

posted Jun 21, 2017, 4:35 PM by Resty Manapat

The Supreme Court on Monday slapped limits on where injury lawsuits may be filed for the second time in three weeks, again siding with businesses that want to prevent plaintiffs from "shopping" for friendly courts for their cases. 

In an 8-1 ruling, the justices overturned a lower court's decision that had allowed hundreds of out-of-state patients who took Bristol-Myers Squibb Co's (BMY.N) blood-thinning medication Plavix to sue the company in California. 

State courts cannot hear claims against companies that are not based in the state when the alleged injuries did not occur there, the justices ruled. 

The ruling had an immediate impact, with a state court in St. Louis citing it in declaring a mistrial in a lawsuit filed by out-of-state plaintiffs against New Jersey-based Johnson & Johnson (JNJ.N) over its talc-related products, plaintiffs lawyer Ted Meadows said on Monday. 

Previous talc cases in the same court have produced jury awards of over $300 million against J&J. Meadows said he was disappointed, but thought there were still ways to establish jurisdiction in St. Louis. 

The Supreme Court on May 30 reached a similar conclusion in a separate case involving out-of-state injury claims against Texas-based BNSF Railway Co [BNISF.UL]. 

Companies typically can be sued in a state where they are headquartered or incorporated, as well as where they have important ties. Businesses want to limit the ability of plaintiffs to shop for courts in states with laws conducive to such injury lawsuits. 

Plaintiffs contend that corporations are seeking to squeeze their access to compensation for injuries by denying them their day in state courts. 

The underlying lawsuits filed in 2012 against Bristol-Myers and California-based drug distributor McKesson Corp (MCK.N) involved 86 California residents and 575 non-Californians, alleging Plavix increased their risk of stroke, heart attack and internal bleeding. 

Bristol-Myers argued it should not face claims in California by plaintiffs who do not live in the state. The company is incorporated in Delaware and headquartered in New York. 

The California Supreme Court ruled in August 2016 that it could preside over the case because Bristol-Myers conducted a national marketing campaign and sold nearly $1 billion of the drug in the state. 

Writing for the U.S. Supreme Court majority on Monday, Justice Samuel Alito said the California court was wrong to rule that it could hear the case "without identifying any adequate link between the state and the nonresidents' claim." 

In a dissenting opinion, Justice Sonia Sotomayor predicted that the Supreme Court's ruling will make it harder to consolidate lawsuits against corporations in state courts and lead to unfairness for individual injury plaintiffs.


Source: Reuters News

How to make your employees care about cybersecurity: 10 tips

posted Jun 20, 2017, 1:21 PM by Resty Manapat

People are the largest security vulnerability in any organization. Here's some expert advice on how to make cybersecurity training more effective and protect your business.  

Employees are a company's greatest asset, but also its greatest security risk. 

"If we look at security breaches over the last five to seven years, it's pretty clear that people, whether it's through accidental or intentional introduction of malware, represent the single most important point of failure in terms of security vulnerabilities," said Eddie Schwartz, chair of ISACA's Cyber Security Advisory Council. 

In the past, companies could train employees once a year on best practices for security, said Wesley Simpson, COO of (ISC)2. "Most organizations roll out an annual training and think it's one and done," Simpson said. "That's not enough." 

Instead, Simpson said organizations must do people patching: Similar to updating hardware or operating systems, you need to consistently update employees with the latest security vulnerabilities and train them on how to recognize and avoid them. 

"Your people are your assets, and you need to invest in them continually," Simpson said. "If you don't get your people patched continually, you're always going to have vulnerabilities." Even in a company with hundreds of employees, it's worth training them as opposed to taking on the risk of a breach, he added. 

However, it's important to empathize with your employees as well, said Forrester analyst Jeff Pollard. "People represent a large potential attack surface for every organization," Pollard said. "The reason I don't like to think of people as a security vulnerability is that it encourages a blame the victim mentality. Security teams exist to protect information, people, and the business." 

When a user makes a mistake and clicks on an email that causes an infection, we often think that was the cause, Pollard said. But that's not actually the case—the organization was already under attack when the attacker sent the email, before it was opened. It also means every other security control in the path of that attack failed, he added. 

Here are 10 tips for helping all employees understand cyber risk and best practices. 

1. Perform "live fire" training exercises 

The best training today is "live fire" training, in which the users undergo a simulated attack specific to their job, Schwartz said. 

"Maybe they become a victim to an attack that's actually orchestrated by a security department or an outside vendor, and then they're asked to understand the lessons they've learned from that attack, and the implications on the business, on their personal lives and how they could have prevented it," Schwartz said. "And then they're asked to share that experience with their peer group." 

ISC(2) performs regular phishing tests, in which the IT team sends out a fake phishing email to all employees across the organization, and gauge how many people click on it, Simpson said. Then, they can break that data down by departments and types of messages, to tailor training to problem areas. It also allows the company to show progression. 

2. Get buy in from the top 

The CISO needs to make the rest of the C-suite aware of the ramifications of a potential breach, Simpson said. "Typically, to have a good cyber plan, you have to have line items in the budget for people, hardware, or software, year over year," he said. "That means getting the CFO, CIO, and CEO on board." 

3. Start cyber awareness during the onboarding process 

"The first time employees come through the door, start building the mindset as all new hires go through security training from day one," Simpson said. "That way they hear from the time they start that cyber is important, and that they are going to get continuous training." 

4. Conduct evaluations 

Don't be afraid to perform evaluations of both employees and systems to find out how vulnerable your organization is to attack, Simpson said. "Until you do that, you won't know how bad or good your security posture may be," he added. 

5. Communicate 

Create a plan for how best to communicate cybersecurity information to all employees, Simpson said, to get all departments on board with training and learning best practices. "It will help break down siloes—it creates alignment, and people working on it together," Simpson said. 

6. Create a formal plan 

IT teams should develop a formal, documented plan for cybersecurity training that is reviewed and updated often with the latest information on attack vectors and other risks, Simpson said. 

7. Appoint cybersecurity culture advocates 

Tech leaders should appoint a cybersecurity culture advocate in every department at their organization, Simpson said. These advocates can act as an extension of the CISO and keep employees trained and motivated. "That's something that's often overlooked—use the resources you already have in the company beyond the IT team," he added. 

8. Offer continuous training  

Cybersecurity training should continue throughout the year, at all levels of the organization, specific to each employee's job, Schwartz said. "If you're an end user, there has to be training associated with the types of attacks you might receive—for example, attacks on your email or attacks that are oriented on the type of job you hold," Schwartz said. "If you're in IT, the attacks may be more technical in nature in terms of the attacks you might be seeing.

"It really is a case of understanding how the threat landscape continues to evolve relative to these attacks, and keeping technical security training current," Schwartz said.  

9. Stress the importance of security at work and at home  

Tech leaders should help employees understand the importance of cyber hygiene not just in the workplace, but also at home, Pollard said. "Teach users about privacy, security, and how the lessons learned at work can apply at home and in their personal lives to give them a 'what's in it for me' they can apply all the time, not just at work," he added.  

10. Reward employees

Reward users that find malicious emails, and share stories about how users helped thwart security issues, Pollard said. IT leaders should also empathize with employees who make mistakes, Pollard said: Many employees send or receive hundreds of emails per day, so asking them to avoid one of those can be difficult.  

While these training tips can help, education is not a perfect solution, Schwartz said. "Even in the most advanced and most current education scenarios, there still are a percentage of attacks that will get through, and even in the most enlightening and useful educational programs, there still is anywhere from a 4-6 percent success rate, even after all of the training is done," he said. "So, training is just one aspect of defending the environment from advanced attacks." 

 

Source: TechRepublic

Spoofing and Caller ID

posted Jun 13, 2017, 12:35 PM by Resty Manapat

"Spoofing" occurs when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Spoofing is often used as part of an attempt to trick someone into giving away valuable personal information so it can be used in fraudulent activity or sold illegally. U.S. law and FCC rules prohibit most types of spoofing.  

How does spoofing work?  

Caller ID lets consumers avoid unwanted phone calls by displaying caller names and phone numbers, but the caller ID feature is sometimes manipulated by spoofers who masquerade as representatives of banks, creditors, insurance companies, or even the government.  

What you can do if you think you're being spoofed.  

You may not be able to tell right away if an incoming call is spoofed. Be careful about responding to any request for personal identifying information.  

  • Never give out personal information such as account numbers, Social Security numbers, mother's maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
  • If you get an inquiry from someone who says they represent a company or a government agency seeking personal information, hang up and call the phone number on your account statement, in the phone book or on the company's or government agency's website to verify the authenticity of the request.
  • Use caution if you are being pressured for information immediately.
  • If you have a voice mail account with your phone service, be sure to set a password for it.  Some voicemail services are preset to allow access if you call in from your own phone number.  A hacker could spoof your home phone number and gain access to your voice mail if you do not set a password.  

Is spoofing illegal?  

Under the Truth in Caller ID Act, FCC rules prohibit any person or entity from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongly obtain anything of value.  If no harm is intended or caused, spoofing is not illegal.  Anyone who is illegally spoofing can face penalties of up to $10,000 for each violation.  In some cases, spoofing can be permitted by courts for people who have legitimate reasons to hide their information, such as law enforcement agencies working on cases, victims of domestic abuse or doctors who wish to discuss private medical matters.  

Is blocking a phone number the same thing as spoofing?  

Spoofing is not the same thing as blocking a phone number.  FCC rules require telephone companies to make phone number blocking available and free for all calls between states (each state makes its own rules about calls that stay within the state).  If you receive a phone call from an "unknown number," that phone number has been blocked, but not necessarily spoofed. Also, you can legally block the transmission of your phone number when you make calls, so your number will appear as "unknown."  

What are the FCC rules regarding caller ID for telemarketers?  

FCC rules specifically require that a telemarketer:  

  • Transmit or display its telephone number or the telephone number on whose behalf the call is being made, and, if possible, its name or the name of the company for which it is selling products or services.
  • Display a telephone number you can call during regular business hours to ask to no longer be called. This rule applies even to companies that already have an established business relationship with you.  

How do I report suspected spoofing?  

If you receive a call and you suspect caller ID information has been falsified, or you think the rules for protecting the privacy of your telephone number have been violated, you can file a complaint with the FCC.  

 

Source: Federal Communications Commission

New Study Outlines Top Cybersecurity Threat Vectors

posted Jun 12, 2017, 11:33 AM by Resty Manapat

Rarely a day goes by that a major cyber-attack against a business, hospital, school, or government agency doesn’t make global headlines. Dealing with data breaches, ransomware infections, distributed denial of service (DDoS) attacks, and a multitude of other cyber threats has become a part of doing business for most organizations. 

Despite the grim outlook, there’s also a great deal of research being done on various cyber crime trends to help keep cybersecurity professionals well-informed on the threat landscape. NTT Security’s recently published “2017 Global Threat Intelligence Report,” provides a wealth of data points on the aforementioned cyber threats and how hackers continue to vary their tactics. Some of the highlights of the report’s findings include:

  • Phishing attacks were responsible for as much as 73 percent of malware being delivered to organizations.
  • 77 percent of all detected ransomware was in four industries – business and professional services (28 percent), government (19 percent), healthcare (15 percent), and retail (15 percent).
  • 25 passwords accounted for nearly 33 percent of all authentication attempts against NTT Security Honeypots, which are systems built as lures to attract attackers and gather information on their methods.
  • Globally, DDoS attacks accounted for less than 6 percent of all attacks; however, they accounted for over 16 percent of all attacks from Asia and 23 percent of all attacks from Australia.  

The report also analyzed trends by specific geographic regions. Within the Americas, for example, after the United States (54 percent), China (17 percent) was responsible for more attacks against the company’s clients in the region than any other source country. The three industries most frequently targeted in the Americas were manufacturing (23 percent), education (20 percent), and finance (15 percent).  

Rob Kraus, director of security research and strategy for NTT Security, says that while many of the attack trends highlighted in this year’s report are similar to what they have found in past iterations, what has changed is the frequency in which they are employed.  

“As you can imagine, say four or five years ago, phishing and SQL injection were the hot topics with some of the tools reaching their maturity lifecycle. And then three or four years ago we started moving deeper into ransomware,” Kraus says.  

The Rise of Business Email Compromise  

Kraus says they have really seen a sharp uptick recently in business email compromise (BEC) schemes, which essentially involve a bad actor setting up a phishing server and then sending out targeted and well-crafted emails – usually spoofed to look as if it came from a C-level executive – to those who work in accounting or finance roles within various organizations to trick them into sending them money or sensitive data. According to the report, BEC attacks were the second most common form of phishing attacks that NTT Security incident response engagement teams encountered in 2016, just behind ransomware.  

In some cases, Kraus says the attackers were able to get away with only a few thousand dollars, but in others they’re responded to, the amount was in excess of $100,000. In fact, the report found that the average BEC incident involves a loss of about $67,000 compared to the average cost of a ransomware incident which is only $700.  

And while the importance of having employees across the board take part in security awareness training is always emphasized, Kraus says a lack of training is not always to blame when it comes to these types of scams but rather good old fashioned checks and balances.  

“For years, we’ve been talking about the human as being the weak link and so on and so forth. It’s not just the end-user being the victim and the human being the weakest link, but the other part of the equation most organizations are missing is that if you have processes and procedures in place to validate these requests – even if someone falls victim to it – they can thwart the attack altogether.”  

Ransomware Awareness Increases  

Despite some of the widely publicized incidents involving ransomware infections in recent months, Kraus believes organizations are starting to do a better job of responding to these types of attacks. Prior to the recent surge in BEC attacks, for example, Kraus says NTT Security’s teams spent much of their time helping customers get out of ransomware situations, but that has started change more recently.  

“I think over time the security industry in general has done a little bit better job of saying, ‘hey, listen, you’ve got some choices when it comes to ransomware.’ You can either pay the bitcoin and get your data back – then you’re known as somebody who pays and you might get attacked again – or you don’t pay and hopefully you can recover from backups,” Kraus adds. “That being said, I certainly don’t believe that ransomware is dead but the attackers are going to be in the cycle now of how do they take another approach to this because it was fairly successful.”  

Trends to Watch  

Moving into the rest of 2017 and beyond, Kraus believes that hackers are going to begin targeting Internet of Things (IoT) devices even more than they do today as developers have only begun to scratch the surface of what’s capable with technology and the increasing number of devices that are being brought online daily. Not only will the IoT give attackers a broader base from which to work with, according to Kraus, but it can also be weaponized to carry out botnet assaults as was the case in last year’s DDoS attacks against Krebs on Security and Dyn.  

“On the horizon, I think we’re just on the cusp of getting deeper into things like drone cars and home automation-types of things. When you start looking at automobile hacking,  just on the market now there are a lot more books available specifically about that craft, and so I anticipate a lot of folks will start to pick up on that a little bit more,” he says. “With home automation and things like doorbells that have cameras built-in, can the bad guys use that technology to tell if someone is home? If I want to break into a house, can I tell it that someone is at home by hacking into the system?”  

 

Source: Security InfoWatch

FTC and DOJ Case Results in Historic Decision Awarding $280 Million in Civil Penalties against Dish Network and Strong Injunctive Relief for Do Not Call Violations

posted Jun 7, 2017, 10:08 AM by Resty Manapat

As the result of Do Not Call (DNC) litigation brought by the U.S. Department of Justice on behalf of the Federal Trade Commission, as well as the states of California, Illinois, North Carolina, and Ohio, a federal court in Illinois has ordered penalties totaling $280 million and strong injunctive relief against Englewood, Colorado-based satellite television provider Dish Network.  

The U.S. District Court for the Central District of Illinois found Dish liable for millions of calls that violated the FTC’s Telemarketing Sales Rule (TSR) -- including DNC, entity-specific, and abandoned-call violations -- the Telephone Consumer Protection Act (TCPA), and state law. The civil penalty award includes $168 million for the federal government, which is a record in a DNC case. The remainder of the civil penalty was awarded to the states.  

The $168 million judgment is the largest civil penalty ever obtained for a violation of the FTC Act.  

“The outcome of this case shows companies will pay a hefty price for violating consumers’ privacy with unwanted calls,” said Maureen K. Ohlhausen, Acting FTC Chairman. “This is a great result for consumers, and I am grateful to FTC staff for their years of tenacious work investigating and developing this case. We and our DOJ and state partners will continue to bring enforcement actions against Do Not Call violators.”  

“The National Do Not Call Registry is a popular federal program for the public to reduce the number of unwanted sales calls,” said Acting Assistant Attorney General Chad A. Readler of the Justice Department’s Civil Division. “This case demonstrates the Department of Justice’s commitment to smart enforcement of consumer protection laws, and sends a clear message to businesses that they must comply with the Do Not Call rules.”  

The complaint counts relating to the TSR alleged that Dish initiated, or caused a telemarketer to initiate, outbound telephone calls to phone numbers on the DNC Registry, in violation of the TSR, violated the TSR’s prohibition on abandoned calls, and assisted and facilitated telemarketers when it knew, or consciously avoided knowing, that the telemarketer was engaged in violations of the law.  

Dish markets its programming directly, through telemarketing vendors it contracts with to engage in telemarketing, and through authorized dealers or retailers. The court opinion ruled in favor of the federal government on all of the TSR counts in the complaint, and found more than 66 million TSR violations.  

In awarding the civil penalty amount, the court found that Dish’s culpability for the violations was significant. In particular, the court stated that, “Dish has some level of culpability for its direct marketing and a significantly higher level of culpability for the illegal calls made through its Order Entry program.”  

The court also stated that, “Dish initially hired Order Entry Retailers based on one factor, the ability to generate activations. Dish cared about very little else. As a result, Dish created a situation in which unscrupulous sales persons used illegal practices to sell Dish Network programming any way they could.”  

According to court filings, Dish authorized Order Entry Retailers to market Dish Network programming nationally Dish would then complete the sale provide for the delivery and installation of the satellite dish and related equipment, and provide the programming.  

The court also awarded injunctive relief, and all of the provisions in the permanent injunction are important to protect consumers from future harm. Below is an overview of the injunction’s first four provisions:  

  • Provision I requires Dish to demonstrate that Dish and its Primary Retailers (those with greater than 600 activations or who use an Automatic Telephone Dialing System) are fully complying with the Safe Harbor Provisions of the TSR and have made no pre-recorded calls at any time during the five years immediately preceding the effective date of the order. If Dish fails to prove that it meets this requirement, it will be barred from conducting any outbound telemarketing for two years, and if Dish fails to prove that the Primary Retailers meet this requirement, Dish shall be barred from accepting orders from such Primary Retailer for two years.  
  • Provision II requires Dish to hire a telemarketing-compliance expert to prepare a plan to ensure that Primary Retailers and Dish shall continue to comply with the telemarketing laws and the injunction.  
  • Provision III allows the plaintiffs to make ex parte application for court approval of unannounced inspections of any Dish or Primary Retailer facility or records. It also requires Dish to retain and transmit to the plaintiffs on a semi-annual basis telemarketing compliance materials, including all outbound telemarketing call records.  
  • Provision IV prohibits Dish, whether acting directly or indirectly through Authorized Telemarketers or Retailers, from violating the TSR.  

The FTC recognizes and thanks the Department of Justice for its tireless litigation of this case on behalf of the Commission, and also recognizes and thanks all of the state co-plaintiffs for their litigation and support during the case.

 

Source: Federal Trade Commission 

Study reveals shortcomings in background check due diligence

posted Jun 6, 2017, 8:45 AM by Resty Manapat

Conducting background checks on job candidates prior to their employment is a standard operating procedure for most organizations today. After all, not only do employers want to ensure they’re making a quality hire but they need to shield themselves against any liability they could incur by bringing on someone who poses a known risk to their current workforce or customer base. But while there are numerous resources available to companies to help them weed out potentially problematic workers, many still have significant gaps in their background screening programs.  

Last month, background screening services provider HireRight released its 10th annual “Employment Screening Benchmark Report,” which highlighted several areas where employers are still falling short. One of the most noteworthy findings of the report, which included responses from nearly 4,000 human resource professionals at organizations of all sizes worldwide, was an alarming lack of organizations that rescreen employees post-hire.  

Despite the risk of insider threats and the ability of rogue workers to walk out of the door with a treasure trove of proprietary data, the study found that only about half of employers today (48 percent) are actually doing this, a mere five percent improvement from just five years ago. Only 10 percent of respondents said they rescreen contingent and/or contract workers, which was down from 31 percent in 2013. Of those organizations that did rescreen workers, they majority only did so when employees were promoted or changed roles.  

According to Mary O’Loughlin, vice president of global customer experience at HireRight, failing to rescreen employees, especially those who have access to sensitive information, introduces an “enormous amount” of risk into a company.  

“Many things could have changed since that time of hire: professional license status, different criminal misconduct may have taken place and there are all sorts of things that could have changed in that person’s status,” O’Loughlin explains. “If you’re not rescreening that employee to find out what may have changed… you’re really putting your company at risk for potential legal and brand exposure.”  

Resume Fabrications  

Although people embellishing their resumes is nothing new, 85 percent of respondents to this year’s benchmark report said they had uncovered a lie or misrepresentation on a resume or job application, which is up from 66 percent five years ago. O’Loughlin says the spike could be attributed to the fact that baby boomers, who generally possess greater skills and experience than the rest of the labor force, are retiring in greater numbers and people are trying to puff up their credentials in order to land those jobs. Additionally, there are those folks who may have been out of work for an extended period of time during the Great Recession and don’t want those years missing on their resume.  

“In reality, most employers are going to be more upset about the lying than someone not having a job for a period of time. Employers understand that there were a number of people who were unemployed during that period or at some point during their career and most won’t hold it against you,” she says.  

Drug Screening Policies Fail to Evolve  

Despite the fact that 28 states and the District of Columbia now allow for the use of medical marijuana and that seven states and D.C. have even legalized its recreational use, the overwhelming majority of employers have not changed their drug screening policies in response. Five years ago, the study found that 79 percent of respondents did not have a policy or plans to create one recognizing medical use of marijuana. That number has not changed that much over the course of time as 78 percent of organizations responded similarly in this year’s survey.  

O’Loughlin says they were a bit surprised by this given everything that continues to change on the legal front with the drug. However, because marijuana is still illegal under federal law, many employers are still required to prohibit its use among their employees.  

“We highly recommend that employers should be taking note and working with their legal team on their drug policy and just making sure it’s in line with what their company’s risk goals are and the state and federal regulations they have to abide by as well,” she says.  

Screening of Contingent Labor  

On a positive note, O’Loughlin says that a majority of organizations now understand the importance of screening their contingent workforce. Whereas just five years ago only 41 percent of respondents were screening these workers, this year’s study found that 86 percent of companies are now screening their contingent and/or temporary employees.  

“There’s been this growing understanding of the risks associated with a contingent labor force. These are people that often have the same access to your customers, facilities and intellectual property and I think companies have become much more mature in their programs and understanding the risks associated with contingent workers,” O’Loughlin adds. “We’ve heard stories over the years of people who were perhaps not screening their contingent labor with the same diligence as their employees and when they would have someone go from contingent labor to full-time employee, they would screen them with their normal process and you would have things pop-up that showed that person shouldn’t have been hired or had the level of responsibility that they did previously.”

 

Source: Security InfoWatch 

Even The Justice Department Is Mishandling Sexual Harassment, Report Finds

posted Jun 5, 2017, 2:30 PM by Resty Manapat

Lawyers in the civil division who reportedly stalked and groped female colleagues got off pretty easy — even getting awards for their performance.  

Even the Justice Department is failing to enforce anti-sexual harassment policies, reveals a new report by the DOJ’s internal watchdog, which investigated the agency’s civil division.  

Despite having a so-called “zero tolerance” policy for sexual misconduct, the civil division failed to appropriately discipline lawyers for egregious behavior ― including a male lawyer who secretly watched his colleagues while they pumped breast milk, one who stalked a woman co-worker, and another senior lawyer who physically groped his colleagues at an office happy hour, the report finds.  

The department declined to suspend the man, who grabbed the breasts and buttocks of two female trial lawyers, because that “would unnecessarily deprive the government of [the senior official’s] litigating services,” the department official who made the decision told the Justice Department’s Inspector General.  

All of these men later received awards for their good performance in the division, the report notes.  

Problems with handling sexual misconduct, including lax enforcement and tracking, likely extend to the entire Justice Department, Inspector General Michael Horowitz wrote in a separate memo to Deputy Attorney General Rod Rosenstein. He recommends the DOJ come up with more consistent enforcement policies around sexual harassment ― at the very least prohibiting rewarding sexual harassers ― and is asking the department for a response within the next 60 days.  

The investigation of the civil division, released Thursday, examined about a dozen sexual harassment and misconduct claims reported between 2011 and the first half of 2016, at the department’s civil division, which employs 1,400 workers, mostly lawyers, who handle lawsuits filed against, and on behalf of, the federal government. During that period, the Justice Department was headed by former Attorney General Eric Holder and then later by Loretta Lynch.  

Though relatively few harassment cases were reported in the civil division ― the report looked at nine claims and found two more that went unreported ― they were handled badly and tracked poorly, the investigation reveals.  

A couple of years ago, the office of the Inspector General also turned up sexual misconduct at the Drug Enforcement Administration, another department under the DOJ’s umbrella. That report detailed drug-cartel funded sex-parties with prostitutes attended by DEA agents, none of whom were fired. Some were even promoted. After the conduct came to light, however, the head of the DEA ultimately resigned, facing bipartisan criticism ― the misconduct went back to the years of former President George W. Bush.  

Thursday’s report offers a rare detailed glimpse into how organizations can fail to properly deal with sexual harassment claims, an issue that’s gained increasing attention after well-publicized incidents inside Fox News, at the ride-hailing company Uber and, of course, involving President Donald Trump have come to light over the past few years.  

Trump was accused of harassing more than a dozen women, and he even was caught on tape bragging about sexual misconduct. He faced no consequences.  

The senior civil division lawyer also got off fairly easily. The lawyer, a supervisor, had been reprimanded before for sending sexually tinged emails to co-workers.  

After an internal investigation confirmed the harassment occurred, he was given a written reprimand, and his supervisory duties were stripped away. He was then transferred to another office, where no one was told about his track record. His pay didn’t change.  

And although his conduct may have been criminal, the report notes, officials in the department did not refer the case to outside law enforcement.  

The case “demonstrates an inadequate appreciation by the civil division of the Department’s zero tolerance policy,” write the report’s authors.  

In an addendum to the investigation, the civil division acknowledged that it had a problem handling sexual misconduct and says that it has resolved its issues with handling sexual harassment by hiring someone who specializes in employee relations. It added it was improving the methods it uses for tracking sexual harassment claims and clarifying its policies and its disciplinary procedures to workers.  

The DOJ “strives to maintain a culture free of harassment and other misconduct for all of our 115,000 employees,” Deputy Attorney General Rosenstein said in a statement in response to the report.  

“It is fortunate that there are relatively few substantiated incidents of sexual harassment, but even one incident is too many,” he added. “We will review the Inspector General’s recommendations and consider whether additional guidance is required to ensure that all misconduct allegations are handled appropriately, in support of our goal of a workplace in which everyone is treated fairly.” 

 

Source: The Huffington Post 

For now, potential Supreme Court gun-rights case is in limbo

posted Jun 3, 2017, 6:19 PM by Resty Manapat

The Supreme Court yet again took no action on a potential landmark gun-rights case from California and the Ninth Circuit. But when it does act, there will surely be attention paid to how an acceptance or denial of the case with affect the Second Amendment's future.  

The case of Peruta v. California has been on the Court’s private conference list four times. At least four Justices must agree to accept an appeal, which in this instance is from a group of people from San Diego seeking to carry concealed weapons in public, in opposition to a decision from that county’s sheriff restricting that right.  

For now, the Court hasn’t accepted the appeal or rejected the Peruta case outright. The petitioners see a broader Second Amendment issue at stake, and they point to conflicting rulings around the country about the “constitutional right to bear arms outside the home for self-defense in some manner.”  

A divided Ninth Circuit Appeals Court, earlier meeting en banc in June 2016, upheld a decision by San Diego’s sheriff that the petitioners had to show “good cause” to carry concealed weapons in public places, citing the state’s gun laws.  

That decision, said the Peruta legal team (led by veteran Court litigator Paul Clement), only added to the national debate about the issue. “In reaching that conclusion, the Ninth Circuit added to the sharp division among the lower courts over whether the Second Amendment allows ordinary, law-abiding citizens to be deprived of all means of carrying a handgun for self-defense,” Clement’s team argued in its petition to the Court, filed in January 2017.  

The Peruta petitioners find fault with how the state law is defined and implemented. “Rather than defining ‘good cause,’ the State has delegated that task to each sheriff or police chief. Consistent with the concealed-carry regimes that govern in the vast majority of states, many sheriffs have reasonably (and constitutionally) concluded that an individual’s desire to carry a handgun for self-defense in case of confrontation qualifies as ‘good cause.’ And the State treats that policy judgment as a permissible interpretation of ‘good cause,’” they argue.  

San Diego requires that concealed-carry applicants “demonstrate the specific situation that places them in danger and submit evidence of current incidents which documents their claim.”  The result of that policy seemingly violates a broad Second Amendment right, the petitioners say. “The net effect of this restrictive interpretation of ‘good cause’ is that the typical law-abiding resident of San Diego County cannot obtain a concealed-carry license,” they conclude.  

The state of California doesn’t want the Supreme Court to hear the appeal and it argues that the question actually before the Court is about “a specific right to carry a concealed handgun in public spaces in cities and towns, based only on a general desire for self-defense.”  

While agreeing with the Ninth Circuit’s en banc decision, the state also argues that the same question has been presented to the Supreme Court before without success. “This Court has previously denied review in three cases assessing similar state regulations on public carry. There is no reason for a different result here, especially while other courts continue to consider comparable issues. In the continued absence of any conflict, review in this case would be at best premature,” the state argues.  

The Peruta case had been considered before three courts before the current appeal.  Initially, a district court said that San Diego’s rationale for its good cause requirement didn’t violate the Second Amendment. A three-judge Ninth Circuit panel overturned that decision in a divided ruling, citing the Supreme Court’s Heller and McDonald decisions as indicating a right to self-defense wasn’t confined to a home.  

The 7-4 Ninth Circuit majority en banc decision held that “that there is no Second Amendment right for members of the general public to carry concealed firearms in public.” The dissenting judges pointed to California’s law banning the opening carrying of firearms as an important factor. “The Sheriff’s refusal to issue concealed carry licenses to ordinary, law-abiding citizens was ‘tantamount to [a] complete ban on the Second Amendment right to bear arms outside the home for self-defense,’” they said.  

If the Supreme Court takes the Peruta case, it would be one of the biggest cases of the next term, which starts in October. 

 

Source: National Constitution Daily (National Constitution Center)

1-10 of 140