Sunday, September 24, 2017

Priorities

Here are three events which have made news recently:
  1. Widespread incidents of police brutality and use of excessive --- sometimes lethal --- force toward Americans of color (no less disturbing is a similar pattern of police abuse of the disabled).
  2. The President publicly condemned Americans engaging in peaceful protest, saying that if an employer sees one of their employees exercises their First Amendment rights in this way, then they should fire the "son of a bitch".
  3. Multiple NFL players have chosen to kneel during the playing of the national anthem before games, in protest of the aforementioned widespread incidents of police brutality.
Now, no one will fault you for being upset about any of these things.  In fact, it's fair to say we all should be upset by all of them.

But if the thing that upsets you the most is item (3), then I respectfully suggest that you step back and take some time to seriously reconsider your priorities.

Especially considering that NFL players kneeling during the national anthem is hardly our nation's most pressing priority at the moment.  Police brutality is higher priority, as is the latest Republican attempt to set the individual health care market on fire (call you Senator: 202-224-3121).  Oh yes, and then there's the small detail that more than 3 million Americans are trying to rebuild their lives in 19th-century conditions in the aftermath of hurricane Maria.

For a good discussion about what matters and what doesn't when it comes to the NFL and the national anthem, see Martin Longman.

Saturday, September 23, 2017

We Need to Stop Republicans from Peeing on the Carpet

I'm a dog owner.  Your sympathy is appreciated.

Our younger dog (not that young; she's 4) pees on our downstairs carpet quite often.  We were told she was housebroken when we got her --- we were lied to --- but we crate-trained her, and eventually, over time, it seemed like she finally 'got it'.

Until, it turned out, she didn't.

So we've tried various things, and paid a dog trainer to help us out, and nevertheless, almost every night, while we're asleep upstairs, she pees on the downstairs carpet.  And it seems like no matter what we do to try to communicate her that we DON'T WANT her to pee on the carpet, she does it anyway.

I bring this up because Bill Cassidy (R-LA) and Lindsey Graham (R-SC), two theoretically 'moderate' Republican senators, have introduced yet another bill which would repeal Obamacare, take away health care from millions of underprivileged Americans, and throw the individual health care market into chaos:
The bill would usher a number of shocking cruelties into law, not least the possibility that as many as 32 million Americans could lose health coverage. That's 10 percent of the population. We don't know for sure because Republicans are trying to force the bill through the Senate before its effects can be assessed by the nonpartisan Congressional Budget Office. The bill is full of fun surprises, like the loophole it creates allowing insurers to deny people coverage for a series of basic medical treatments, including
  • Pregnancy and maternity care
  • Prescription drugs
  • Mental health services
  • Reproductive health services, including birth control
  • Substance abuse treatment 
This bill appears to have the approval only of Republicans in Congress.  Just about everyone else has announced their opposition to it, including the National Association of Medicaid Directors, more than 75 different medical groups, hospitals, doctors, and even the insurance industry:
America’s Health Insurance Plans was even more pointed. The legislation could hurt patients by “further destabilizing the individual market” and could potentially allow “government-controlled single payer health care to grow,” said Marilyn B. Tavenner, the president and chief executive of the association. Without controls, some states could simply eliminate private insurance, she warned.
Sounds pretty good, huh?  So you have to ask yourself, why are Republicans so insistent on trying to pass this awful legislation that could do so much damage?

Because they can't stop peeing on the carpet, that's why.  This is their third attempt to repeal Obamacare, each more horrendous than the last.  They failed to pass the AHCA in April, because it was a terrible bill that would have eliminated health insurance for 24 million Americans and no one outside of Congress wanted it to pass.  Then a month later, the House DID pass the AHCA and Trump brought all of the congressional Republicans to the White House to celebrate over beer (I'm not kidding).

But the AHCA bill that passed the House could never pass the Senate, so the Senate tried to pass its own Obamacare repeal bill, called 'skinny repeal', which was even worse than the AHCA.  This bill famously failed to pass when John McCain (R-AZ) interrupted his treatment for brain cancer to fly to D.C. and give it a thumbs-down.

Which leads us to today and Cassidy-Graham, the worst Republican health care bill yet.

The reason I started all of this by talking about my dog is because the Republicans remind me of her.  No one wants their dog to pee on the carpet, just like no one wants any of these horrific Republican health-care bills.  And just like my dog, Republicans cannot be taught, coming back to pee on the carpet again and again, now matter how often or how forcefully the American people tell them to knock it off.

And I think it's fair to say that we've now come to the point where the only solution is to keep the Republicans off the carpet entirely.  Which is another way of saying, we need to keep these people out of Congress and away from the levers of power until they learn to stop peeing on the carpet.

Saturday, September 9, 2017

Freezing Your Credit Reports

As a followup to my previous post, I wanted to report on my experience freezing my own credit reports with all three agencies.  It was somewhat frightening.
  • For Equifax, the process was quite easy.  Too easy, in fact.  The problem is, the only identifying information they asked me for was my name, birth date, address and SSN.  In other words, the exact information they lost to the hackers.  So there is a distinct possibility that a hacker could put a freeze on your Equifax report, and you would have no way of removing it.  Worse yet, the hacker will then possess the PIN necessary to temporarily lift the freeze, meaning that they could get credit in your name, but you couldn't.
  • My experience at TransUnion was somewhat better, in that they asked me a series of questions that the hacker likely doesn't have the answer to.  The problem there is that I must have answered one of the questions wrong, because the web site instructed me to call a number.  I expected I would need to talk to a human to prove my identity, but no.  Instead, I simply entered by phone a bunch of the same data the hacker already has.  So, like with Equifax, the hacker could have gotten in ahead of me to freeze my account and get my PIN.  I suppose it's possible that TransUnion was able to verify my identity by recognizing my phone number, but it was still a bit unsettling.
  • Finally, Experian gave me the warm fuzzies.  Like with TransUnion, they asked me a bunch of questions a hacker likely would not know the answer to, and this time, the freeze went into place without a hitch.
  • Update: Apparently there is a fourth, smaller credit agency called Innovis.  As with Equifax, the only information I had to provide is information that the hackers have already stolen.  On the plus side, they didn't charge me anything.  They also did not immediately provide me with a PIN to lift/remove the freeze, but are apparently sending it to me via snail mail.
  • Update: And there's another agency, called ChexSystems, which is similar to the credit agencies, but for banks.  Like Innovis, placing the security freeze was free, and my PIN will be sent to me via snail mail.
So now my credit reports are frozen with all five agencies, and only I can unfreeze them.  The three big agencies gave me a PIN I will need to provide to temporarily lift or completely remove the freeze, and PINs for the smaller two agencies are on their way.  According to the FTC, the freeze will remain in effect forever, until I temporarily lift or remove it.

As noted earlier, this is not a complete solution to potential identity theft, resulting either from Equifax's screwup or for other reasons.  But it does make me feel a bit better about things, and it only cost a total of $15 (price will vary by state).

Update: Well, hell.  Shortly after I posted this, it was pointed out to me that the PIN Equifax generates for lifting/removing a credit freeze is basically just a date stamp.  This is effectively as bad as setting your password to 'password' or --- and I'm not making this up --- setting up an account where the username and password are both 'admin'.

I happen to work in the tech industry, and doing something this stupid on a production system is definitely grounds for termination.  For a whole company to do something like this is grounds for something much stronger.

But that's not the point.  The point is if you set up a security freeze with Equifax before 9/12/2017, you may have a PIN which looks something like '0909171220' --- which corresponds to the timestamp '09/09/2017 at 12:20 PM'.  If that's the case, you need to go back to Equifax and request a new PIN to be generated and mailed to you via snail mail.  Unfortunately, it appears that this cannot be done online.  To request a replacement PIN, you must do the following:

  1. Call Equifax at 1-866-349-5191.
  2. Press '5' to talk to an actual human person.
  3. Wait on hold for a while.
  4. Answer a bunch of questions to confirm your identity, during which time you are likely to be placed on hold several more times.
Needless to say, this is a drag, but it's almost certainly worth the effort.  And it seems that Equifax has finally received the hint that they need to take this stuff seriously --- I had to answer several very specific questions which a crook is highly unlikely to be able to answer correctly.  Indeed, I recommend that you make the call sitting in front of your computer, so that you can look up things such as the credit limits and balances on various accounts that you hold.

After going through all that, you should receive your new, secure PIN from Equifax within 5-10 business days --- and hopefully THEN, your information will be at least somewhat secure.

The Equifax Hack

As a public service to those of you who have been living under a rock, yet somehow still manage to read this blog, an important update: Equifax, one of the three U.S. credit agencies, has allowed itself to be hacked.
The credit reporting agency announced Thursday that the personal information of as many as 143 million people was compromised in a data breach between May and July. The stolen data includes names, Social Security numbers, birth dates, addresses and driver's license numbers.
Most of the media I've seen about this incident is not nearly as alarmist as it ought to be.  The exact data stolen --- names, Social Security numbers, birth dates, addresses and driver's license numbers --- are everything a criminal needs to commit identity theft.  And since you've been living under a rock, I'll explain that the main issue with identity theft is that the thief can open credit cards and so forth under your name, running up huge debts that you then become responsible for.

And this article from USA Today goes on to point out that the potential problem extends beyond simple identity theft:
Some examples of non-credit related illegal uses of victims' personal data, Bearak says, include:
*Medical ID theft. With the cost of health care rising, a new trend is for identity thieves to go into hospital emergency rooms with IDs created from stolen data to pay for surgeries and other procedures. This creates all sorts of problems for the identity theft victim, who can get stuck with the balance of the bill, see their insurance deductible used up as well as be stuck with flawed medical records.
*Tax fraud. Fraudsters armed with names, addresses and Social Security numbers are increasingly filing fraudulent tax returns in an effort to profit illegally from refunds. This creates a major headache for the victimized taxpayer, who must resolve the theft with the IRS, wait for a delayed tax return they might desperately need and often pay an accountant to help resolve the issue.
*Synthetic ID theft. In this scam, the fraudster takes different pieces of personal data from numerous victims and blends them all together to "create a new ID," says Bearak. For example, the hacker may use one victim's name, another's Social Security number, another's address, and another's birth date to create a fake identity.
Fun!

What's more, these articles contain precious little in the way of helpful advice we can use to protect ourselves from being victimized in this manner because, well, there's precious little we can do.  The data is out there, and unlike cancelling a stolen credit card, we can't just cancel our Social Security number (The Social Security administration does issue new numbers to people, but only under extraordinary circumstances.  For example, it will issue a new number to a victim of identity theft, and thanks to Equifax, it just became much more likely that we'll meet this qualification!).

You can't change your birthdate or your address history, and in most states you probably can't change your drivers' license ID.  You can change your name, obviously, but that probably causes more problems than it solves, since you would need to do the work to get all institutions to recognize your new name, but your old name would still be on your credit record.

I suppose we could all just go into the federal witness protection program, and start rebuilding our credit histories from scratch.

HOWEVER, while I can't offer bulletproof recommendations to protect yourself, there's one very easy course of action we all can take right away, and that's to put a security freeze on our credit reports.  Since there are three credit agencies in the U.S. (Experian, TransUnion, and the one who ruined it for everybody, Equifax), you need to place the freeze with all three of them.

What is a security freeze?  TransUnion describes it this way:
Placing a freeze on your credit report will prevent lenders and others from accessing your TransUnion credit report in response to a new credit application. With a security freeze in place, even you will need to take special steps when you wish to apply for any type of credit.
You will need to place a security freeze separately with each of the three major credit reporting companies if you want the freeze on all of your credit files. There may be a fee for this service based on state law; see our chart below for further details. A security freeze remains on your credit file until you remove it or choose to lift it temporarily when applying for credit or credit-dependent services.
You can place these freezes with each of the credit agencies online:
  1. At Experian
  2. At TransUnion
  3. And the bastard Equifax
  4. New! Now there's a fourth, Innovis
  5. New! And another, just for bank accounts, ChexSystems
There will likely be a nominal fee for placing these freezes --- around $5 or so.  The amount varies from state to state.  But this is money well spent if it heads off identity theft (though, sadly, it will not eliminate other threats, like the ones referenced in the USA Today article).  And in most states, once a freeze goes into effect, it stays in effect permanently, unless you choose to remove it or temporarily lift it.  So there's a one-time fee to start the freeze, and then there will likely be an additional small fee each time you need it lifted so you can open a new bank account or credit card for yourself.

Another option is to pay for credit monitoring.  In this scenario, crooks can still obtain credit in your name, but you'll be alerted to it when they do.  Personally, I would rather lock the door than have an alarm go off after the crook is in the house.

You should also know that in the tradition of true corporate sleazebags, Equifax was briefly offering free credit monitoring to affected customers, but the fine print stated that by accepting the credit monitoring, you gave up your right to sue Equifax and agreed to settle any dispute via arbitration.  Apparently Equifax has been shamed off of this, but in any case, I think it's worth the $5 to protect myself without giving up the right to sue.

Finally, most places are recommending that you check your credit report on a regular basis to catch any fraudulent activity early.  This is good advice, but it may be costly.  I believe that by law U.S. consumers are only entitled to one free credit report per year, so checking monthly (say) will start to add up.  And the worst part is, the money we pay for these credit checks will go straight into the pockets of Equifax or the other two, all because Equifax screwed us in the first place.

Nice work if you can get it.

Update: I have now bought credit freezes for myself from all three credit agencies.  The process was quick and inexpensive, though perhaps unsettlingly easy.

Update (2/6/2018): Despite this being the largest data breach in U.S. history, exposing roughly half of the population to the risk of identity theft, Donald Trump's director of the Consumer Finance Protection Bureau has decided there's no reason to investigate Equifax over this tiny little mistake.

Making America great!