Tuesday, January 08, 2008

Sears faces class action for violating customer privacy on their site

A few days ago, I wrote about a post on the Truston blog concerning Sears being taken to task by a Harvard professor and the Washington Post (Brian Krebs) for violating customer privacy on their site.

Not only was information being data mined for marketing purposes, but the site allowed third parties (anyone) access to it.

Now it appears lawyers have gotten together a class action against Sears.

In an update, Brian Krebs is reporting:

In a complaint filed Friday in Cook County, Illinois -- where Sears is headquartered -- the plaintiffs allege that the lack of privacy protections at Sears's managemyhome.com site violated its own privacy promises to consumers, and in so doing ran afoul of the Illinois Consumer Fraud Act, which prohibits "unfair and deceptive practices."

The complaint seeks class-action status, and more than $5 million in damages, including attorneys' fees. A copy of the complaint is linked here (PDF).

The suit was filed by KamberEdelson, the same New York City based law firm that successfully pursued Sony BMG Music Entertainment after the media giant shipped millions of music CDs that included spyware.

The same law firm is also seeking plantiffs for a second class action against Sears for installing tracking software on customer's computers after they made a purchase on their site. This might set an interesting legal precedent given all the tracking sofware being used out there.

After all, there is a lot of customer espionage going on out there (my opinion).

So far as me personally, this story has made me extremely wary of shopping at Sears, whether in a mall or on the Internet.

Full story from Brian Krebs on the Security Fix blog, here.

Sunday, January 06, 2008

Democratic fundraiser Norman Hsu sentenced to three years

Norman Hsu, who used to be a major fundraiser for Hillary Clinton and the Democratic party has been sentenced to three years for fraud.

John Coté at SFGate reports:

Disgraced Democratic fundraiser Norman Hsu, who became a prolific political moneyman even as he was a fugitive from justice, was sentenced Friday to three years in state prison in a San Mateo County grand theft case that dates from the early 1990s.

Hsu was sentenced in Redwood City more than 15 years after he skipped out on his original court date and fled to Asia.
And this isn't the end of it:

He will now be transferred to federal custody to face new criminal charges in New York, where he is accused of bilking investors across the country out of at least $20million. Hsu allegedly funneled some of the money to political campaigns, including that of Sen. Hillary Rodham Clinton, while living a lavish lifestyle.
Now here is the kicker (his legal defense):

Hsu's attorneys had sought to have the 1990s case dismissed or to allow Hsu to withdraw his no contest plea, saying his right to a speedy trial had been violated because authorities made little attempt to locate him - even as he attended fundraising events and was photographed with political candidates.
His attorney is planning to appeal this conviction. Hopefully, a judge won't grant him bail again as I would guess he is probably a flight risk.

The good news is that we are starting to see a trend, where money isn't the primary factor dictating who will become the next leader.

SF Gate story by John Coté, here.

New IRS rules dictate stricter controls on how personal information is marketed by preparers!

Last year, a large amount of fraud cases were reported when people claimed refund anticipation loans using fraudulent information.

In many instances, these fraudulent returns were filed using the earned income tax credit. The earned income tax credit returns a portion, or all of the taxes people pay, who are below a certain income level when they file their yearly tax return.

While an honorable practice in principle, the credit is targeted by fraudsters, who submit fake W-2 information and claim large refunds that they were not entitled to.

W-2's can be purchased in just about any office supply store, or even over the Internet.

Another growing trend noted -- with all the stolen identities and counterfeit identification out there -- are fraudulent tax returns being filed using other people's information. RAL refunds can net several thousand dollars each, which make them prime targets for financial fraud.

Low income people are also often recruited to go in and get these loans using "made up" information.

Guess who ends up getting caught if the IRS discovers the fraud in most instances? I'll give you a hint, it probably won't be the person who talked them into doing it.

I'm not sure if all the tax refund fraud and reported identity theft last year inspired the recently announced IRS rules, but it's probably a good guess that it had something to do with it.

The IRS is now giving taxpayers more control over their personal and financial information. They are also examining whether certain restrictions should be placed on refund anticipation loans.

The IRS press release states:

Federal law already strictly prohibits the IRS from making disclosures of taxpayer return information within its control to third parties except with taxpayer consent or in circumstances set by Congress. The final rules have no effect on the strict protection of return information in the IRS’s hands and apply only to tax return information held by income tax return preparers.

Among the new rules:

Generally, preparers must obtain taxpayer consent, either by paper or electronically depending on how the return is being filed, before tax return information can be disclosed to any third party or used for any purpose other than filing the return.

If the taxpayer consents to the disclosure and use of his information, the consent must identify the intended purpose of the disclosure, identify the recipients and describe the particular authorized disclosure or use of the information.

Mandatory language informs individual taxpayers that they are not required to sign the consent; that if they sign the consent, federal law may not protect their information from further disclosure; and that if they sign the consent, they can set a time period for the duration of that consent. If taxpayers fail to set a time period, the consent is valid for a maximum of one year.

To prevent consent requests from individual taxpayers from bring buried in fine print, the rules require the paper consent documents to be in 12-point type on 81/2 by 11 inch paper and require electronic consent requests to be in the same type as the Web site’s standard text, all to prevent consent requests from being too difficult to read for individual taxpayers.

If a taxpayer declines to provide consent for an unrelated tax preparation disclosure or use request, the preparer cannot make a similar consent request. The intent is to protect taxpayers from being pressured with repeated consent requests regarding the same issue.

Mandatory consent from taxpayers also is required if the tax information is going to be disclosed to a tax preparer located outside the United States. This provision is intended to ensure taxpayers are informed if their tax information is being sent off-shore for return preparation. The individual taxpayer’s Social Security Number also must be redacted.
The press release also states:

One issue that was raised during the comment period was the use by tax return preparers of tax return information to market Refund Anticipation Loans (RALs) to taxpayers. The issue of marketing RALs and similar products, such as Refund Anticipation Checks and Audit Insurance, was not specifically addressed in the proposed regulations.

The Treasury Department and the IRS are concerned that RALs and similar products may provide preparers with a financial incentive to take improper tax return positions in order to inflate refund claims inappropriately. In order to give the public an opportunity to comment on this issue, the Treasury Department and the IRS are issuing an Advance Notice of Proposed Rulemaking (ANPRM) that announces they are considering a proposal that tax return preparers be prohibited from disclosing or using taxpayer return information for the purpose of selling products such as RALs and similar products.
Last year it came to light that a Jackson Hewitt franchise owner with a lot of branches was being charged by the federal government for enabling this type of fraud. The dollar amount of the fraud was calculated by the government at about $70 million.

Here is the post, I wrote about this particular incident:

Is tax fraud being enabled by too many dishonest preparers?

While the Jackson Hewitt allegations were major news, it probably only accounts for a small portion of the overall fraud committed with tax returns. In previous years, we've even seen prisoners file phony tax returns from behind bars.

Dishonest preparers also sometimes try to get their customers to claim questionable exemptions. This can lead to the customer ending up in a lot of trouble at a later date.

The IRS has a educational document to educate taxpayers about this problem, here.

If you happen to know of anyone committing any of these tax frauds, the IRS has a place where it can be reported, here.

Press release on the new rules and possible restrictions on RAL products, here.

There are articles circulating in the mainstream media with more information on how this might hurt the profitability of the tax preparation industry. I'll include the one from Reuters written by Jonathan Stempel, here.