You are browsing the archive for Kamala Harris.

California Attorney General Takes the Lead In Cybersecurity

7:54 pm in Uncategorized by Consumer Watchdog

Kamala HarrisData breaches at major retailers Target and Neiman Marcus during last year’s holiday shopping season affected more than 100 million people and focused new attention on the need to protect person information stored online.

While it’s clear that tough data breach legislation must be enacted, California Attorney General Kamala Harris is taking action to improve cybersecurity in the state before new laws are passed. Today she released recommendations to California businesses to help protect against and respond to the increasing threat of malware, data breaches and other cyber risks.

In addition Harris is leading an investigation by state attorneys general into the Target and Neiman Marcus breaches, Don Thompson of the Associated Press reported:

Harris’ office also disclosed that California is leading a multistate investigation into the massive holiday season consumer data theft at discount retailer Target Corp. and luxury retailer Neiman Marcus, breaches that left tens of millions of customers at risk. More than 7 million Californians were affected by the Target breach alone, Special Assistant Attorney General for Law and Technology Jeff Rabkin said.

The U.S. Justice Department is taking the lead in trying to identify the culprits, who are suspected to be based overseas, while the multistate investigation focuses on whether the retailers share blame because they lacked the necessary precautions to prevent the thefts. The state investigation also will explore whether Target and Neiman Marcus acted properly as soon as they learned of the problem, Rabkin said in a telephone interview.

The guide, Cybersecurity in the Golden State, offers suggestions focused on small to mid-sized businesses, which are particularly vulnerable to cybercrime and often lack the resources to hire cybersecurity personnel. In 2012, 50 percent of all cyber attacks were aimed at businesses with fewer than 2,500 employees and 31 percent were aimed at those with less than 250 employees, Harris said.

Key recommendations for small business owners include:

  • Assume you are a target and develop an incident response plan now.
  • Review the data your business stores and shares with third parties including backup storage and cloud computing. Once you know what data you have and where it is, get rid of what is not necessary.
  • Encrypt the data you need to keep. Strong encryption technology is now commonly available for free, and it is easy to use.
  • Follow safe online practices such as regularly updating firewall and antivirus software on all devices, using strong passwords, avoiding downloading software from unknown sources and practicing safe online banking by only using a secure browser connection.

In 2003 California was the first state to pass a data breach notification. In 2012 the law was amended to require any breach that involved more than 500 Californians be reported to the attorney general.

The 170 breaches reported to the attorney general’s office in 2013 represent a 30 percent increase over the 131 identified the year before, according to figures provided to The Associated Press. Among entities reporting breaches in 2012 were American Express Travel Related Services Co., Kaiser Permanente and several state government agencies, including the departments of Public Health and Social Services.

Given the current data breach laws Harris is taking meaningful action. But, what’s ultimately needed is a law that would make her best practice recommendations legal mandates. We need a California Financial Information Privacy Act that would:

  • Change breach notification standards to be immediate.
  • Set limits on the time data can be retained. And limits on what information can be collected and retained.
  • Write minimum-security standards into the law so that they are no longer voluntary.
  • Most importantly: create a private right of action. Put a price tag on retailers’ mistreatment of our private financial information.

Until there is a real price to pay, Target, Neiman Marcus and other retailers will continue to make us targets.

Posted by John M. Simpson, Consumer Watchdog’s Privacy Project Director.

Google Ending Privacy Breach Consumer Watchdog Targeted in FTC Complaint

12:40 pm in Uncategorized by Consumer Watchdog

Google PlayGoogle apparently is ending an egregious privacy breach involving people who buy apps from its Google Play store using Google Wallet to pay. Consumer Watchdog filed a complaint to the Federal Trade Commission with a copy to California Attorney General Kamala Harris about what Google was doing. The complaint alleged that the Internet giant was violating its privacy policies and its “Buzz” consent agreement with the FTC.

Rep. Hank Johnson, D-GA, also questioned Google about what it was doing. Google was sending to apps developers the name, email address and address of people who bought apps on Google play. It tried to claim that the the information was necessary for the transaction, but that’s clearly not the case when talking about downloading an app from its app store. Neither Apple nor Microsoft provide such personal information about people who buy apps from their stores. Google’s response to Rep. Johnson, confirmed what Google was doing and actually showed it was unnecessary. Consumer Watchdog sent a second letter to the FTC with a copy to California Attorney General Harris when Google answered Rep. Johnson’s letter.

On Tuesday WebProNews and DroidLife reported Google was addressing the concerns on a new Wallet Merchant Center it is rolling out and no longer sending the personal information about apps buyers.

I’m glad the change is coming, but I’ve got questions.

What role did the Federal Trade Commission or the California Attorney General’s office play in this change? Why did Google only act when formal complaints were filed? Will there be fines?

John M. SimpsonGoogle has become a serial privacy violator. You’ll remember that new sooner was the ink dry on the “Buzz” consent agreement than it was caught hacking around the privacy settings on the Safari browser used on iPhones, iPads and other Apple devices. It ultimately cost Google a fine of $22.5 million, which is pocket change to a company that has annual revenue of around $50 billion. It’s like giving a $25 parking ticket to a person who makes $50,000 a year.

Google is simply figuring that fines are a cost — and a minor one at that — of doing business. In case you missed it, on Monday Germany hit Google with a $189,225 for the Wi-Spy incident where its Street View Cars sucked up emails, URLs, passwords, account numbers as they snapped photos around the world.

In describing the fine The New York Times‘ Claire Cain Miller wrote:

Regulators in Germany, one of the most privacy-sensitive countries in the world, unleashed their wrath on Google on Monday for scooping up sensitive personal information in the Street View mapping project, and imposed the largest fine ever assessed by European regulators over a privacy violation.

The penalty? $189,225.

Put another way, that’s how much Google made every two minutes last year, or roughly 0.002 percent of its $10.7 billion in net profit.
It is the latest example of regulators’ meager arsenal of fines and punishments for corporations in the wrong. Academics, activists and even regulators themselves say fines that are pocket change for companies do little to deter them from misbehaving again, and are merely baked into the cost of doing business.

The fact Google is changing Google Wallet’s practices makes it clear Google violated the Buzz Agreement. Google claims that it is taking privacy seriously now that it is operating for 20 years under the Buzz Agreement. It isn’t and the regulators aren’t holding Google’s feet to the fire.

The company’s executives need to be held to account in a meaningful way. I’ve always argued the way to get corporate executives’ attention is to hit them with jail time when they flout the law. It’s not going to happen here, but a meaningful fine for the second Buzz violation sure would be nice.

Posted by John M. Simpson, Director of Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog online on Facebook and on Twitter.

Consumer Watchdog Files 2nd Request Asking FTC To Act Against Google For Apps Privacy Violations

8:15 pm in Uncategorized by Consumer Watchdog

FTC Building

Consumer Watchdog has filed a second complaint asking that the Federal Trade Commission act immediately against Google’s most recent privacy violation – sharing users’ personal information with apps developers — after new information became available in a letter from Google to Rep. Hank Johnson, (D-GA).

We’ve also expressed our concerns again to California Attorney General Kamala Harris.

When we filed our first complaint, we estimated that Google — which has effectively become a serial privacy violator — in ignoring the terms of its so-called “Buzz Consent Order” with the FTC should face penalties that reach into the billions of dollars.

Here is what Google has been doing: They have been sending to app developers personal information about each user who purchased an app from Google, without obtaining the user’s permission. The personal information sent by Google includes the users’ names, certain physical address information and email addresses. Neither Apple nor Microsoft engage in similar conduct when they sell apps through their stores.

Google’s activities caught the eye of Rep. Johnson who wrote the Internet giant a letter asking that Google to explain what was going on. Susan Molinari, chief of Google’s Washington DC lobbying shop, responded.

Rather than justifying its conduct, Google’s argument demonstrated that the company lacks any satisfactory explanation for its practices. Here is part of what I wrote in our second letter to Charles Harwood, Acting Director of the FTC’s Bureau of Consumer Protection:

In its response to Congressman Johnson, Google did not challenge the accuracy of widespread reports that the company routinely discloses confidential information to applicant developers regarding all users who purchase applications from Google. For purposes of evaluating Google’s conduct under the Buzz Consent Order, then, it can be taken as fact that Google engages in this behavior.

Certainly, Google implied in its response that users know or should have assumed that the company would share confidential user identification information with application developers. But that suggestion directly contradicts the privacy representations made by Google to users that users should feel secure because Google will not willy nilly share their information but will only disclose confidential information when “necessary” to process the user’s transaction. More specifically, Google responded to Congressman Johnson as follows:

“Information such as name and email address is necessary for developers to issue refunds, reversals, payment adjustments — all of which developers are responsible for under the Seller Terms of Service — and investigate chargebacks.”

“Refunds, reversals, payment adjustments” are not the transactions at issue in this matter. Rather, Google’s privacy policy misrepresentation goes to the initial user purchase transactions for device applications. As I noted in my earlier letter, developers do not need users’ private information for the initial purchase transactions. They have routinely processed such transactions without using confidential user information. Google never contests this fact in its response to the congressman.

John Simpson
So, let’s assume everything Google says in its letter to Rep. Johnson is true. That means developers only need the users’ confidential information when a request for a refund, reversal or payment adjustment is made. The disclosure exception Google points to in its policy (“necessary to process your transaction”) might justify Google giving confidential information to developers for specific users who request refunds (and the like), but not for every single user who bought an app. It’s clear Google violated its pledge to protect the confidentiality of millions of users who bought applications in good faith reliance on Google’s public statements and who never sought a refund, reversal or payment adjustment.

For what it’s worth the FTC’s Harwood has told me that he referred both of Consumer Watchdog’s formal complaints to the Bureau of Consumer Protection’s Enforcement Division. Meanwhile, Adam Miller, Supervising Deputy Attorney General in the Privacy Enforcement and Protection Unit of the California Attorney General’s office also responded to my earlier letter. He wrote:

“Although our office cannot share any details of any investigation we may pursue, I can assure you that we will look into the concerns raised in your letter to us, as well as your letter to the Federal Trade Commission on the same matter. Should you have any further concerns please contact me at the above telephone number or address.”

Google’s most recent violation of the Buzz Consent Order is a matter of intense concern to Consumer Watchdog, to other privacy advocacy groups, to apps users across the country, and to the press. Although given the opportunity by Congressman Johnson, Google has yet to come up with a credible justification for its inappropriate conduct. In fact the letter to the Congressman simply makes Google’s violations clear. Both the FTC and the California Attorney General need to take strong action against Google.
______________________________________________________________________________________________________
Posted by John M. Simpson. John is a leading voice on technological privacy and stem cell research issues. His investigations this year of Google’s online privacy practices and book publishing agreements triggered intense media scrutiny and federal interest in the online giant’s business practices. His critique of patents on human embryonic stem cells has been key to expanding the ability of American scientists to conduct stem cell research. He has ensured that California’s taxpayer-funded stem cell research will lead to broadly accessible and affordable medicine and not just government-subsidized profiteering. Prior to joining Consumer Watchdog in 2005, he was executive editor of Tribune Media Services International, a syndication company. Before that, he was deputy editor of USA Today and editor of its international edition. Simpson taught journalism a Dublin City University in Ireland, and consulted for The Irish Times and The Gleaner in Jamaica. He served as president of the World Editors Forum. He holds a B.A. in philosophy from Harpur College of SUNY Binghamton and was a Gannett Fellow at the Center for Asian and Pacific Studies at the University of Hawaii. He has an M.A. in Communication Management from USC’s Annenberg School for Communication.

Senators Add Fire to Scandal Over Phony California Fuel Crisis

6:55 pm in Uncategorized by Consumer Watchdog

Photobucket

Today, senators from California, Washington and Oregon joined our call to investigate refineries, asking the Department of Justice to comb through California refineries one by one to see whether market manipulation or false reporting by oil refineries had something to do with record $5 a gallon prices at some California gas stations last month and near record prices earlier in the year.

Read our letter to California Attorney General Kamala Harris here.

“We are requesting a Department of Justice investigation of possible market manipulation and false reporting by oil refineries which may have created the perception of a supply shortage, when in fact refineries were still producing,” wrote six Senators, including California Senators Dianne Feinstein and Barbara Boxer.

The Senators cited the same report we did by McCullough Research concluding that price spikes in May and October happened while crude oil prices were declining, and inventories were increasing, possibly in conjunction with misleading market-making information.

The Senators called on Attorney General Eric Holder to use existing authority to prevent and prosecute fraud and collusion, and to draw upon the Federal Trade Commission to prohibit fraud or deceit in wholesale petroleum markets, and on the Securities and Exchange Commission, the Commodity Futures Trading Commission, and the Federal Energy Regulatory Commission to exercise their power to prevent the use of any “manipulative or deceptive device or contrivance.”

Read the Senators’ entire letter here.

Consumer Watchdog wrote California Attorney General Kamala Harris on November 15 calling for a criminal investigation of possible market manipulation or false reporting by refineries to drive up the price of gas to the highest in the nation, based on the McCullough report.

Between the Justice Department and its collaboration with other agencies in Washington and the California Attorney General on the West Coast, consumers should be getting some answers about why wild gyrations in the price of gas cost them $1 billion dollars extra in a short span of time in October, adding up to a 66-cent-per-gallon windfall for oil companies, or about $25 million a day, according to the McCullough report.

You Really Can’t Trust Mercury

2:13 pm in Uncategorized by Consumer Watchdog

The Mercury Insurance initiative’s lawsuit to stop the Attorney General and us opponents from telling the truth about Proposition 33 – how it will raise auto insurance rates – got tossed out of Sacramento Superior Court last Thursday. The Mercury campaign asked the court to rewrite the Official Ballot Pamphlet, which is sent to every voter’s home, so it would contain only Mercury’s false claim that everyone will get “discounts” if Proposition 33 passes. After an hour-long argument, the judge said no.

But the ink was hardly dry on Thursday’s court order when Mercury told yet another lie – this time about what we said in court.

In a press release issued Friday morning, Mercury said: “CONSUMER WATCHDOG ARGUES IN COURT THAT THE TRUTH IS ELASTIC.”

We never said that, of course. (The release also called us “corporate lawyers,” which the corporations we take on would no doubt find bewildering.)

I guess we shouldn’t be surprised that George Joseph, the multi-billionaire Chairman of Mercury Insurance who has contributed 99.1% of the $8.29 million received by Proposition 33, can’t stop lying about his proposition and the consumer, citizen, senior and patient’s organizations who vehemently oppose it. After all, according to the California Department of Insurance:

“Mercury [has a] lengthy history of serious misconduct, and its attitude – contempt towards and/or abuse of its customers, the Commissioner, its competition, and the Superior Court….Among Department staff, consumer attorneys, and consumer victims of its bad faith, Mercury has a deserved reputation for abusing its customers and intentionally violating the law with arrogance and indifference….”

Mercury’s dirty propaganda campaign didn’t work back in 2010, when the company mounted a nearly identical proposition to deregulate auto insurance, also sued the Attorney General and us, spent $16 million, and still lost. Joseph and the pigs at the Mercury trough (an assortment of PR hacks, phony non-profit groups, insurance agents and bought-and-paid-for politicians) think the voters are stupid. But they are wrong. California voters can smell a dirty, self-serving initiative a mile away.

The Mercury Insurance campaign might have gotten away with its Friday fabrication, except we were able to catch them red-handed.

Hours before Thursday’s hearing, I found out that Joseph’s lawyers had not requested a court reporter be there to take down everything that was said in court. (Thanks to severe budget cuts, state courts can no longer afford to pay for court reporters – the parties in a lawsuit have to pay.) It seemed odd that this mega-billionaire would not spring for someone to record the truth… and then I realized that the Mercury campaign might not want a transcript of what happened in court, so they could lie about it later.

So I pulled out my checkbook, went to a special window at the Sacramento Superior Court, and paid the $30 for the court reporter myself.

Good thing, as it turns out.

The court reporter’s transcript confirms that our lawyer, the highly respected James Harrison of Remcho, Johansen & Purcell, never uttered what Mercury quoted him as saying. Rather, citing the First Amendment and many legal decisions, he urged the court to reject Mercury’s attack on our conclusion that Proposition 33 will “deregulate” auto insurance premiums. Here are his words:

“Your Honor, as the Court noted, deregulation is an elastic and ideological concept. In the Huntington Beach case, for example, the Court refused to make a change to the argument that the measure requires AES, the electricity company, to pay its fair share. And the reason that the Court refused to intervene was that the term ‘fair share’ is a very elastic and ideological concept. What you understand to be a fair share might not be what I understand. The same is true of deregulation, your Honor. What I understand to be deregulation may have a very different meaning to someone else. It’s a very elastic concept.”

Mercury’s legal shenanigans wasted a lot of taxpayer money at a time when California courts are struggling to deliver justice fairly and efficiently despite a gaping hole that the Legislature has inflicted on the judicial branch budget. (Late Friday, Joseph’s lawyers filed an appeal, hoping to overturn the Superior Court’s decision. It was summarily denied.)

Forcing the Attorney General to defend in court her summary of Proposition 33, which she is required by law to prepare for the ballot, was also an unnecessary drain on that law enforcement agency’s scarce resources. (Joseph was also furthering a strategy recently adopted by Wall Street and other corporate interests: Attacking Attorney General Kamala Harris in an attempt to intimidate and undermine her.)

The Mercury campaign’s public relations minions don’t care about the cost to taxpayers. To them, filing a lawsuit in court is just another gambit in their greed-driven, deceptive campaign to get the voters to pass a law allowing companies like Mercury Insurance to raise your auto insurance rates and make more money.
________________________________
Posted by Harvey Rosenfield, Founder of Consumer Watchdog and Author of California Proposition 103, California’s landmark Auto Insurance Regulation law.