When you grant access to a $ 4 billion fund and give fund participants relative autonomy in how they use those funds, ne’er-do-wells will sniff their way to the honey pot. Keeping them out can be a challenge. So goes the story of the federally administered Schools and Libraries Program, better known as E-Rate.
Established by the Telecommunications Act of 1996, E-Rate is a federal subsidy that helps schools and libraries–particularly those in disadvantaged areas–pay for telecommunications services (e.g., Internet access). The program runs a $3.9 billion fund today.
Schools and libraries that want to take advantage of E-Rate simply need to follow the program’s bid and approval process. Participants oversee the bidding process and choose their service provider. While participants are required to choose the most cost effective provider, there isn’t much of a check on whether they actually do: they need only self-certify that they chose the most cost effective bid.
E-Rate participant autonomy has been a problem as the program regularly faces allegations of fraud and abuse. These concerns prompted a GAO study and senate hearings in the early 2000s. Former Rep. Jim Greenwood (R-PA) told the New York Times, “You couldn’t invent a way to throw money down the drain that would work any better than this.” After the GAO reported its findings (2004), U.S. Rep. Joe Barton (R-TX), Chairman of the Committee on Energy and Commerce, said, “Unscrupulous vendors … fleeced the program while underserved communities and telephone customers pay the price.” Over the past decade, there have been a number of investigations and enforcement actions, resulting in civil as well as criminal penalties, including jail time for a few program profiteers.
Some noteworthy fleecing includes:
- Puerto Rico wasted more than $100 million in program funds and its secretary of education was sentenced to three years in prison and fined $4 million.
- In the Chicago Public School system, some $8.5 million in equipment was stockpiled (better yet, the CPS and E-Rate were essentially paying twice for equipment that was never installed!).
- A company in the San Francisco Unified School District was required to pay $20.7 million in fines and restitution.
More recently, schools and libraries in the Chicago and New York City areas have been investigated for violating the competitive bidding process and taking E-Rate funds without actually providing E-Rate services. Those investigations are still underway, with dramatic raids last March.
Adding to the temptation for ne’er-do-wells are the millions of dollars left on the table in E-Rate funds each year. According to EducationDive, some $245 million in funds went unclaimed in 2014. It is almost hard to blame profiteers for seeking out what they perceive as free money, especially when they have so much control over the process.
There may be a lot of good intentions behind E-Rate. But in its current form and function, E-Rate is but one more example of a poorly administered federal funds that attract those able to game the system.
The post The E-Rate Honey Pot appeared first on Crime In The Suites.
What a difference two words can make. Just ask the Center for Competitive Politics (CCP) or Americans for Prosperity (AFP), two organizations that filed separate lawsuits against the same defendant, California Attorney General Kamala Harris, over the same issue: whether Harris’s office had the right to access the organizations’ donor information. (The cases are Center for Competitive Politics v. Harris and Americans for Prosperity v. Harris.)
The plaintiffs’ arguments in each case were basically the same: the state’s request to access donor information would violate the first and fourteenth amendments of the U.S. Constitution. But there the similarities stopped: the CCP never got to trial, whereas the AFP did—and won! Was the CCP the victim of a miscarriage of justice? Nah. It all came down to two words: “as applied.”
You know the saying “go big or go home?” Well, unfortunately the CCP did both: it tried to get the court to rule that Harris’s probe of donor information would be unconstitutional for all organizations. The AFP took a different approach: it asked the court to call the probe unconstitutional “as applied” to the AFP alone.
The AFP’s narrower approach enabled the court to provide relief without upsetting Harris’s authority and potentially affecting thousands of other organizations. Courts generally hesitate to invalidate a state’s actions when they can provide individual relief to the plaintiff instead. If the CCP had taken this course, it might have had a flying chance. But now it had the added burden of proving how the state’s actions would adversely affect all organizations subject to the same request.
Meanwhile, the AFP coasted without having to prove any such thing. All it had to show was how the state’s request had already affected the organization and could continue to do so. This was no fun task, though. Several individuals testified that they suffered reprisals, assaults, and even death threats due to their association with the AFP—a strongly conservative organization. Clearly, being publicly linked to the AFP could lead to serious fallout. For her part, Harris tried to argue that the state would keep donor information confidential, but the AFP was able to show how this had failed before, citing over one thousand instances of donor information being improperly disclosed on the AG’s own website!
The AFP showed that the risk of scaring, and therefore discouraging, would-be donors was real. The chilling effect on individuals’ freedom of association would be too steep a price to pay for a nominal benefit to the state.
It was a strong case—unlike the defendant’s. Harris claimed that accessing donor information was in the state’s best interest; reviewing the findings would help uncover potential irregularities tied to fraud, waste, or abuse. Maybe it would—but it doesn’t pass the “exacting scrutiny” test, which requires states to protect their interests by the least restrictive means in situations like this. More importantly, Harris could not produce any evidence or testimony to corroborate her argument that access to donor information was important to state law enforcement. Although several state-employed investigators and attorneys took the stand, none could claim that they needed, or even used, donor information to do their work—and if they did need it, they could generally get it elsewhere. This evidentiary failure undercut Harris’s arguments and called into question the state’s overall scheme.
In the end, it was not a tough decision: with so strong a case by the plaintiff, and so weak one by the state, the court sided plainly with the plaintiff. It could have gone a step further and declared the state’s actions broadly unconstitutional, but instead it judged the state’s actions to be improper as applied to the AFP alone. This was a good idea, because Harris will have a harder time challenging the decision on appeal.
So the AFP trial didn’t set a huge precedent for everyone—but that’s kind of the point. If you’re going to file suit, and there’s a path of least resistance, take it. Those sweeping courtroom victories you see in the movies are rare. In real life, justice takes baby steps.
The post Keep It Short and Prosper appeared first on Crime In The Suites.
Data breaches are as common as the common cold—unfortunately, just as incurable. Run a news search on “data breaches” and you’ll find that all kinds of institutions—major retailers, tech companies, universities, even government agencies—have been vulnerable at some point. Now run a search on “data breaches,” but include the word “lawsuit.” You’ll find that many of these cases are going to court, but ultimately getting dismissed. What’s going on?
First, you should look at some of these lawsuits more closely: are they filed against the alleged perpetrators of the data breach? Many of them aren’t; those perpetrators are usually hackers who live outside the country or are unable to pay a money judgment. (In legal parlance, that’s known as being judgment proof.) Faced by those limitations, individual victims of data breaches frequently settle for the next best thing: going after the institutions that endured the breach.
Often, this isn’t fair—the institutions are victims too. The point here is that although going after the institutions looks like an easy win from “deep pockets,” that seldom turns out to be the case.
It’s with the third and final point—demonstrating injury—that plaintiffs have the most trouble. Why? Because courts view injury in fiscal terms; you need to show that you actually lost something, not simply that you might. So even if you were the victim of a data breach, as long your data hasn’t yet been compromised, it doesn’t really count as injury.
There have been exceptions, when the court greenlit cases based mainly on speculative injury, but these usually ended in a settlement before a legal precedent could be set. (See cases against Home Depot, Target, Adobe, and Sony.) For the most part, the fiscal view of injury has prevailed—reinforced in 2013, when the Supreme Court, weighing in on Clapper vs Amnesty Int’l, determined that a plaintiff cannot proceed with a data breach lawsuit unless he or she can demonstrate actual injury or at least imminent threat of injury, each one measurable in economic loss. Otherwise, mere perception of injury is too tenuous to establish legal standing, which a case requires to go forward, and the lawsuit will probably get tossed.
The challenge of establishing legal standing recently made its way to the Supreme Court in Spokeo v. Robins. In that case, a plaintiff filed suit against the “people search engine” Spokeo for publishing false information about him. The issue before the Court was this central question of how much injury must be shown for a case to go forward. Prospective plaintiffs were optimistic that the high court would affirm a lower court’s decision that speculative injury was indeed enough. Alas, the Supreme Court sidestepped the issue and punted it back to the lower court for further review. The Court nonetheless reinforced the general tenets that, for a plaintiff to have standing to bring a case, he must allege an “injury in fact” that is both “concrete and particularized.” There is still room for the lower court to broaden the approach to what constitutes an injury, but the Supreme Court’s ruling keeps the status quo in place.
For now, individuals whose data has been compromised generally must be satisfied with what the institutions offer them after a breach occurs: free credit checks and/or access to credit monitors. Do checks and monitoring seem inadequate? Not if you think about what type of harm people face after a data breach. Individuals can detect and report problems in the event someone actually misuses their data. If they keep on top of it, their credit scores will not be impacted. Moreover, credit card companies and other financial institutions will bear the cost of any unapproved charges. In the event of further problems, plaintiffs can then take their injury to the legal system and have their day in court. But at this point, the courts are right to keep this type of class action litigation at bay.
The post Data Breach Lawsuits: Challenges Persist After Spokeo v. Robins appeared first on Crime In The Suites.
Public schools and libraries in the U.S. can save a lot of money on Internet service by applying for the Schools and Libraries Program, a federal subsidy better known as E-Rate.
E-Rate funding, capped yearly at $3.9 billion, helps eligible institutions cover costs of Internet service. Participants can save anywhere from twenty to ninety percent of their Internet expenses—the precise amount being dictated by the economic standing of both the participating institution and the school district where it is located.
E-Rate and three other programs are part of the Universal Service Fund (USF), a system of subsidies born out of the Telecommunications Act of 1996 as a way to ensure affordable telecom rates across the country. Although the Federal Communications Commission (FCC) oversees the USF, the fund is managed by a nonprofit corporation called the Universal Service Administrative Company (USAC).
Detailed information on how to apply for E-Rate can be found in the Schools and Libraries Program overview. Basically it works as a bidding process. An applicant fills out FCC Form 470, requesting specific services, and submits it to the USAC. The USAC then issues an RFP for telecom providers who want to bid for the requested services. After 28 days, the applicant can study the bids. When it selects one, it requests E-Rate funding by filing FCC Form 471 within a deadline set by the FCC (for FY2016 it is May 26).
The discount rate is generally determined by the size of the population, in the applicant’s school district, that qualifies for the National School Lunch Program. The applicant must also file Form 486, listing services for which funds are requested and ensuring compliance with the Children’s Internet Protection Act.
There are limits to what E-Rate can cover. The applicant is solely responsible for end-user equipment, like hardware and software, and also for any non-discounted portions of Internet services.
While it is a great opportunity to save money, E-Rate isn’t a free-for-all. To discourage abuse and misuse of the program, the FCC requires applicants to comply with a series of rules, notably:
- Compliance with state and local law. It’s not enough to follow the FCC standards only.
- Applicants cannot seek discounts for services not requested. In other words, services listed on Form 471 must match (or not exceed) services requested on Form 470.
- Fair, competitive bidding. Applicants are responsible for ensuring an open, fair, and competitive bidding process to select the most cost-effective provider.
- Document retention. Applicants must save all competing bids for services to demonstrate they selected the most cost-effective bid, with price being the primary consideration. Records should be kept for at least ten years after the last date of service delivered.
- CIPA compliance. Applicants must confirm compliance with the Children’s Internet Protection Act, which requires schools and libraries that receive federal funding to employ Internet filters that protect children from harmful content.
In spite of these rules, the wealth of funds in the E-Rate program can attract abuse. In response, the FCC created the USF Strike Force in 2014 and tasked it with combatting waste, fraud, and abuse of the USF programs. Federal agents have shown that they are serious about investigating alleged abuses. One widely publicized case in Ramapo, NY, recently led to several raids. We will look at that case and others like it in upcoming posts.
The post Getting Started with E-Rate appeared first on Crime In The Suites.
Does the federal government have the right to seize a domain name without notice? With growing frequency, the feds have seized the domain names of thousands of websites for alleged criminal wrongdoing. The latest example is the seizure earlier this week of 67 website domain names for the alleged illegal sale and distribution of counterfeit and prescription drugs.
There still is little information publicly available on the recent seizure. The Justice Department issued a short new release with a statement from U.S. Attorney Bill Nettles, in which he noted,
It’s important for consumers to understand the significant risks involved in purchasing pharmaceutical drugs from these websites. The generic versions of these prescription drugs are not approved by the Food and Drug Administration and cannot be distributed in the United States legally. To be safe and effective, prescription drugs must be taken under the care and supervision of appropriate health care professionals; not purchased off the internet from unknown and unregulated foreign sources.
Whether or not the sites facilitated the alleged criminal behavior remains to be decided by a judicial proceeding (if the case ever gets to that point). Federal agents can obtain a seizure order based merely upon probable cause set forth in an affidavit. That’s a relatively low bar considering the consequences of domain name seizures.
The only recourse for the sites at this point is to file a petition with a federal court to contest the forfeiture. Contesting a forfeiture is an uphill—and oftentimes protracted—battle. In the meantime the businesses operating through those domain names are effectively shut down, if the seized websites were their main channel of business. Once the feds carry out a domain name seizure, the “offending” sites will show a seizure banner notifying any visitors that the domain name has been seized by federal authorities for violations of federal laws. No business can be done on the site and the chances of visitors returning are slim.
So how is it okay for a domain name to be seized based on the allegation of a crime, before proper notice and hearing? The feds are taking advantage of a process known as an in rem proceeding, whereby they can file suit against the offending property itself for its alleged role in facilitating criminal conduct. Typically in rem proceedings are filed against tangible assets like a car involved in a drug deal or a bank account used to funnel illegal funds. But in recent years, in rem proceedings have been used by both state and federal agencies against domain names in order to crack down on alleged criminal behavior carried out through the websites. Examples include (1) the Justice Department’s “In Our Sites” operation in which it seized the domain names of thousands of sites accused of violating U.S. copyright laws and (2) the state of Kentucky’s attempt to seize 141 domain names of online poker sites.
Despite the increasing use of pretrial domain name seizures, the legality is still hotly debated by civil liberties groups, free market advocates, and international organizations. These groups raise constitutional concerns, such as due process and restraint on free speech, as well as jurisdictional concerns, such as federal or state authority to reach domain names owned by foreign individuals or entities. The biggest issue is that an in rem proceeding is inappropriate against domain names because a domain name is not property – it is a contractual right that, as such, should not be subject to seizure. We will discuss these concerns in more detail in a coming post once we learn more about the Justice Department’s recent actions against the 67 pharmaceutical domain names.
The post Feds Open The Gates and Seize the Domain Names appeared first on Crime In The Suites.