Welcome to the LSIS Investigative Journal

Welcome to the LSIS Investigative Journal

Thursday, May 20, 2021

We Found Joe Biden’s Secret Venmo. Here’s Why That’s A Privacy Nightmare For Everyone.

 We Found Joe Biden’s Secret Venmo. Here’s Why That’s A Privacy Nightmare For Everyone.
The peer-to-peer payments app leaves everyone from ordinary people to the most powerful person in the world exposed.


Buzz Feed News
Ryan Mac
Posted on May 14, 2021

BuzzFeed News found President Joe Biden’s Venmo account after less than 10 minutes of looking for it, revealing a network of his private social connections, a national security issue for the United States, and a major privacy concern for everyone who uses the popular peer-to-peer payments app.

On Friday, following a passing mention in the New York Times that the president had sent his grandchildren money on Venmo, BuzzFeed News searched for the president’s account using only a combination of the app’s built-in search tool and public friends feature. In the process, BuzzFeed News found nearly a dozen Biden family members and mapped out a social web that encompasses not only the first family, but a wide network of people around them, including the president's children, grandchildren, senior White House officials, and all of their contacts on Venmo.

The president’s transactions are not public, and BuzzFeed News is not identifying the usernames for the accounts mentioned in this story due to national security concerns.

After BuzzFeed News reached out to the White House for this story, all the friends on the president’s Venmo account were removed. A White House spokesperson did not have an immediate comment.

After this story was published, a Venmo spokesperson told BuzzFeed News: “The safety and privacy of all Venmo users and their information is always a top priority, and we take this responsibility very seriously. Customers always have the ability to make their transactions private and determine their own privacy settings in the app. We’re consistently evolving and strengthening the privacy measures for all Venmo users to continue to provide a safe, secure place to send and spend money.”

By late Friday night, the Venmo accounts tied to the president and first lady Jill Biden were no longer online.

Privacy advocates and journalists have warned about Venmo’s privacy problems for years, yet the PayPal-owned app has persisted with features that can place people — including the president of the United States — at risk.

While many critics have focused on how the app makes all transactions public by default, Venmo’s friend lists are arguably a larger privacy issue. Even if a Venmo account is set to make payments private, its friend list remains exposed. There is no setting to make this information private, which means it can provide a window into someone’s personal life that could be exploited by anyone — including trolls, stalkers, police, and spies.

No other major social network or service has contact-based friend lists that are publicly accessible by default to anyone — and that cannot be made private. People use Venmo to get paid, often using their real names. They often also import their phone contact lists or Facebook friend lists — which the app highly encourages when you sign up — creating networks where people automatically “friend” dozens if not hundreds of other Venmo users to allow them to find people they want to pay more easily.

Venmo makes it impossible for users to hide their list of friends. To remove someone as a friend, a user has to unfriend the person manually.

Several former Venmo employees told BuzzFeed News that Venmo’s public transaction feed and friend lists were integral to the app’s early design. Launched in 2009 as a simple and free way to transfer money between friends, it relied heavily on the social dynamics pioneered on Facebook. People were unafraid to publicly share that they had paid their friends for pizza after a night out or were splitting a gas bill among their roommates.

The idea, according to one former engineer, is that building off someone’s social network was a much easier way for someone to trust who they were paying or receiving money from. Since then, the app has become one of PayPal’s main drivers of growth, clearing $51 billion in payments during the first three months of 2021.

At first glance, disclosing connections among people may seem trivial: Who cares if you know whom someone is connected to? But these public connections can be used to expose very private information. Using the public friend list, for example, a motivated fan was able to figure out who won a season of The Bachelor.

Some examples are much more serious. US government agencies like the Drug Enforcement Administration have used this feature in criminal cases, such as in the overdose death of rapper Mac Miller.

Using public friend lists and transaction feeds, BuzzFeed News found two members of Congress who were roommates in Washington, DC, as well as reporters who were on friend lists with Trump administration officials, potentially exposing their sources. BuzzFeed News has also spoken with survivors of domestic violence and abuse who suspected that former partners used Venmo to track them and therapists who use Venmo to receive payment from clients and were unaware their friend lists showed who they were working with.

Last year, Nick Cadena, then a student at Louisiana State University, told BuzzFeed News he had been the victim of an impersonation scam on Venmo. A scammer took his photo and profile details and created a similar account, and then used it to request money from Cadena’s friends. Some people completed the transactions, believing that they were paying the real Cadena.

“Venmo’s privacy failures are already a big problem for everyday folks who use Venmo, and that's been the case for years,” Gennie Gebhart, the acting activism director at the Electronic Frontier Foundation, a digital rights organization, told BuzzFeed News. “All of those problems are magnified when we’re talking about a major public figure.”

Ever since 1998, when Bill Clinton sent an email to then-senator John Glenn, presidents have struggled to use new technology while safeguarding national security and complying with public records laws. After months of wrangling, Barack Obama was allowed to use a personal BlackBerry while in office, Donald Trump’s Twitter account was reportedly hacked by correctly guessing his password — maga2020! — and candidate Hillary Clinton faced her own controversy after she set up a private email server at her home while she was secretary of state.

Venmo poses a new challenge, though this is not the first time a government official’s Venmo account has been easily discovered through publicly available information. In early 2017, people found White House press secretary Sean Spicer’s Venmo account and spammed it. The account of Trump's daughter Tiffany was also found. This year, transactions between Rep. Matt Gaetz and alleged sex trafficker Joel Greenberg appeared to pay three young women for “tuition” and “school.” (In an op-ed, Gaetz claimed he had “never, ever paid for sex.” Greenberg pleaded guilty to federal charges.)

Accounts belonging to celebrities have also been found, and in 2017, privacy researcher Hang Do Thi Duc created the Public by Default project, which scraped public Venmo transactions for terms and emojis commonly associated with drugs. The project revealed how much people don’t pay attention to their privacy settings, even when doing personal transactions.

Venmo’s parent company PayPal settled an FTC suit in 2018 over how it allegedly failed to properly explain its privacy settings. “We are pleased to conclude this process with the FTC in a cooperative way,” a PayPal spokesperson said at the time, and while Venmo streamlined its settings, crucially, transactions were still left public by default for new users.

President Biden’s transactions were not public, and he had fewer than 10 friends on Venmo. But he was easily verifiable by the people he was connected to, including an account that appeared to be for his wife, first lady Jill Biden. Jill Biden’s account, in turn, was linked to various aides, senior Biden staffers, and family members, including an account that appeared to be for the president's son Hunter Biden.

“For one of the most heavily guarded individuals in the world, a publicly available Venmo account and friend list is a massive security hole. Even a small friend list is still enough to paint a pretty reliable picture of someone's habits, routines, and social circles,” Gebhart said.

On Friday, the Times wrote that a Biden adviser said the president “had sent the grandchildren money using Venmo.” Some of those grandchildren are locatable on Venmo, posing an avenue for possible harassment. On the accounts for at least two extended family members, BuzzFeed News saw that the same stranger had spammed them with requests, asking them to get President Biden to give him money.

“If somebody wanted to map out the activities of the first family, they could just look at their activities on the social network and figure out what the family is up to by looking at what their associates are doing,” Vahid Behzadan, the director of the Secure and Assured Intellect Learning Lab at the University of New Haven, told BuzzFeed News. “I assume that the extended associates, like friends, grandchildren, don’t enjoy the same level of security as the first family, and so it may be easier to monitor them passively through their network.”

By finding these accounts, a person could physically stalk the president, his aides, or members of his family, creating a physical risk for the White House. There are also espionage risks. A spy or political opponent could also use this information to find out personal information about those close to the president, or to pose as a member of Biden's inner circle and communicate with the president or others under false pretenses. There are other possible consequences. A connection between a White House official and a journalist, for example, could potentially expose a whistleblower.

“This is a great example of why apps with social features should not default to allowing strangers to see each others’ data,” said Stanford University professor and former Facebook chief security officer Alex Stamos. “As we’ve seen with other products such as exercise apps, national security–sensitive information can be easily gathered by intelligence services as well as from more prosaic adversaries, such as abusive spouses and stalkers.”



https://www.buzzfeednews.com/article/ryanmac/we-found-joe-bidens-secret-venmo

https://www.buzzfeednews.com/article/ryanmac/we-found-joe-bidens-secret-venmo
 

Thursday, May 6, 2021

Federal judge vacates CDC’s nationwide eviction moratorium

Federal judge vacates CDC’s nationwide eviction moratorium
Court rules agency lacks legal authority to impose it




The Washington Post
By Kyle Swenson
Staff Writer
May 5, 2021

A federal judge in Washington, D.C., on Wednesday ruled that the Centers for Disease Control and Prevention overstepped its legal authority by issuing a nationwide eviction moratorium, a ruling that could affect millions of struggling Americans.

In a 20-page order, U.S. District Judge Dabney Friedrich vacated the CDC order, first put in place during the coronavirus pandemic under the Trump administration and now set to expire June 30.

“It is the role of the political branches, and not the courts, to assess the merits of policy measures designed to combat the spread of disease, even during a global pandemic,” the order states. “The question for the Court is a narrow one: Does the Public Health Service Act grant the CDC the legal authority to impose a nationwide eviction moratorium? It does not.”

The Biden administration has indicated it will appeal the decision. The ruling does not affect state or local eviction moratoriums. In Washington, D.C., for example, the city government’s ban on all evictions remains in place.

Landlords and property owners have consistently challenged the CDC order, arguing the policy sets an undue financial burden on business owners.

“We’ve argued from the beginning that the CDC lacked statutory authority to impose this, and we’ve had multiple courts agree with us on that,” said Luke Wake, an attorney for the Pacific Legal Foundation who has represented landlords in similar cases. “Today’s decision again vindicates our argument.”

Housing advocates, however, argued the new ruling only throws more confusion into an already chaotic policy space. Despite the moratorium, evictions have continued because of loopholes and differing legal interpretations.

After Wednesday’s decision, tenants’ rights advocates called for the Biden administration not only to defend the policy but to step up legal protections that will keep people in their homes. According to the Census Bureau, 1 out of 7 renters recently reported they were behind on payments.

“While this latest ruling is written more starkly than previous ones, it likely has equally limited application impacting only the plaintiffs who brought the case or, at most, renters in the district court’s jurisdiction,” said Diane Yentel, president and chief executive of the National Low Income Housing Coalition. “The [Department of Justice] should immediately appeal and the Biden administration should continue to vigorously defend and enforce the moratorium, at least until emergency rental assistance provided by Congress reaches the renters who need it to remain stably housed.”

Within hours of the decision, the Justice Department indicated that in addition to an appeal, the government planned to ask for a stay of the decision, meaning the moratorium would remain in place while the appeal was argued.

“The Department of Justice respectfully disagrees with today’s decision of the district court,” Brian M. Boynton, acting assistant attorney general for the department’s civil division, said in a statement. “In the department’s view, that decision conflicts with the text of the statute, Congress’s ratification of the moratorium, and the rulings of other courts.”

Landlords and property owners cheered the decision Wednesday. For months, industry advocates have argued that the moratorium was too harsh, hurting legitimate business owners and leaving property managers without the tools to oust problem tenants.

“Eviction moratoriums are dangerous, detrimental policies that harm housing affordability, housing providers and our residents,” Robert Pinnegar, president and chief executive of the National Apartment Association, said Wednesday. “The government must end enforcement of the CDC order and begin communications now to stakeholders, including judges, to prepare them for its ending.”

Since the moratorium’s early days, both tenants and landlords have wondered whether the action was the right policy tool for the job.

As the pandemic spread across the country, leaving economic damage and job loss in its wake, an estimated 40 million Americans were facing eviction, according to an August 2020 report by the National Low Income Housing Coalition, the Aspen Institute Financial Security Program, and the COVID-19 Eviction Defense Project.

A month later, the CDC rolled out a moratorium halting evictions for tenants who could not meet their monthly rent obligations because of the pandemic. The order applied only to individuals making $99,000 annually, or $198,000 for couples.

But both tenants and landlords quickly found fault with the order. The policy’s wording left room for legal interpretation, giving local judges latitude to apply the moratorium as they saw fit. New guidance issued in October did little to clarify the situation, triggering a series of legal challenges by landlords.

Since last year, six federal judges have weighed in on the ban, with three ruling it illegal and three supporting its legality.

Many of the recent challenges, including the case featured in Wednesday’s decision, have hinged on the CDC’s authority. Backers of the moratorium argue that although the action is outside the typical scope of the agency, Congress’s decision to extend the moratorium in December should have been taken as a sign legislators approved.

“Congress was trying to preserve the status quo by keeping the moratorium in effect through the presidential transition,” said Eric Dunn, director of litigation for the National Housing Law Project. “Well, that implies that Congress was approving that the CDC has the authority.”

Whether the recent decision will trigger a wave of evictions is unclear, advocates say. “There are now numerous conflicting court rulings at the district court level, with several judges ruling in favor of the moratorium and several ruling against,” Yentel said.

Dunn argued that the policy has become so confused by now that the moratorium’s impact has been weakened, particularly in jurisdictions without state or local protections.

“Practically, all these decisions have already made it so the CDC protection is basically a lottery ticket for tenants,” he said. “If you qualify you can sign the declaration and it may protect you or it may not. The judge may decide it applies to you or her or she may decide it does not.”

Wednesday’s ruling came as the Biden administration is in the midst of a massive project aimed at alleviating the economic stress pressing both landlords and tenants. As part of the American Rescue Plan enacted in March, the federal government is doling out $21.6 billion to local and state governments for rental and utility relief.

That money joins the $25 billion in aid set aside in December by Congress to help renters hit hard by the pandemic’s economic consequences. Eliminating the CDC protection would hurt families at the very moment they are beginning to repay pandemic debt, argued Emily Benfer, a Wake Forest University law professor and co-creator of the COVID-19 Housing Policy Scorecard with the Eviction Lab at Princeton University.

“Without this critical public health measure, the eviction floodgates would open, placing millions of families in jeopardy, thwarting efforts to control the pandemic, and impeding $46 billion in eviction prevention assistance,” Benfer said. “We know eviction spreads covid-19, we know it disrupts access to health care and we know it’s increasing health inequity among Black and Latinx people. The moratorium stops all of these harms.”

  https://lsisinvestigations.com/blog/f/federal-judge-vacates-cdc%E2%80%99s-nationwide-eviction-moratorium

 https://lsisinvestigations.com/blog/f/federal-judge-vacates-cdc%E2%80%99s-nationwide-eviction-moratorium

 

 

Woman loses nearly £113k in dating site romance fraud

Woman loses nearly £113k in dating site romance fraud



BBC News
05-05-2021

A woman says she is facing bankruptcy after losing just under £113,000 to a scammer she met on a dating site.

Rachel Elwell, from the West Midlands, said the man, who claimed he lived nearby, told her he had gone abroad for an engineering contract in Ukraine.

He convinced her with documents and pictures he needed money for issues that had cropped up and stated he had been taken captive by loan sharks.

Ms Elwell, 50, said there was no guarantee of any money coming back.

Asked why she had given money to a man she had never met, the export manager, of Brownhills, said: "When he said to me his life was in danger and I didn't hear from him, I thought he'd been murdered.

"Can you imagine feeling you're responsible for whether someone lives or dies?"

Ms Elwell said after he had contacted her on 1 January claiming to live in Cannock, his "picture looked nice", he "seemed to like the same things as me" and "seemed quite an open and genuine guy".
'All a lie'

The man told her they would have to wait weeks to meet as he would need to stay in Ukraine, but later phoned claiming laws in that country had changed due to Covid and he now had to pay tax before any of the engineering work began, Ms Elwell said.

Telling the story to BBC Radio WM, Ms Elwell said she had been told work had stopped on site and matters "appeared very legitimate", but later she had "reluctantly" sent him money.

She stated at one point a supposed tax office had sent a letter to him, which she had a copy of, and added: "They said... 'you need to pay 160 thousand'. So he cashed his pension in, sold his car, borrowed money and I helped him.

"I mean at this point I think it was about £45k I'd sent him to help him with the tax bill."

According to Action Fraud, romance or dating fraud is where criminals dupe people into sending them money by gaining their trust and convincing them they are in a genuine relationship.

In order to stay safe from such scams, it advises people to:

    Be suspicious of any requests for money from someone they have never met in person, particularly if they have only recently met online
    Speak to family or friends to get advice
    Perform reverse image searches on profile pictures, as they may not be genuine. A reverse image search can find photos that have been taken from somewhere else

Anyone who believes they have been a victim of romance fraud, it said, should report it to their bank immediately and to Action Fraud.

Continuing the story, Ms Elwell said the man had claimed two "heavies" had turned up and he had been locked in a cellar. He sent her pictures purporting to show him there.

She added he claimed to have been released after money had been sent, but he had told her he would not have his passport, which had been taken from him, until interest had been paid.

On the day the man told Ms Elwell he was due to fly back, 16 March, she went to Heathrow airport and got an email from supposed airport officials saying he had been arrested.

    Romance fraud on rise in coronavirus lockdown
    Romance fraudsters 'preying on lonely' in lockdown
    Latest West Midlands news

She said she had then approached Border Force officials who said, "look, it's a scam".

She went to his supposed house in Coventry to meet his daughter and housekeeper/nanny, but "no such people lived at that house".

Ms Elwell said: "It was in that moment that I knew it was all a lie."

A spokesperson for West Midlands Police said: "Rachel's case is a prime example of romance fraud, her case highlights how much these scammers affect people's lives."



https://www.bbc.com/news/uk-england-birmingham-56984844

 

Wednesday, May 5, 2021

Woman hit by car must take responsibility for jaywalking across five-lane road, California court says

 
Woman hit by car must take responsibility for jaywalking across five-lane road, California court says

 


Legal Newsline
By Daniel Fisher
May 5, 2021

LOS ANGELES (Legal Newsline) - A California condominium complex that failed to provide enough parking spaces for visitors isn’t liable for the injuries of a woman who was hit by a car after she parked offsite and attempted to cross a busy five-lane thoroughfare, an appeals court ruled.

While landowners in some cases can be liable for accidents that occur off their property, the Second Appellate District held in an April 30 decision, plaintiff Anaeis Issakhani bears responsibility for jaywalking across the street instead of using a marked pedestrian crosswalk a short distance away.

“It was the visitor’s decision—rather than the landowner’s—to select an offsite parking space on the far side of a busy street,” the appeals court ruled.

Issakhani went to visit a friend at the Shadow Glen condominiums in Los Angeles in June 2014. She followed someone into the parking lot and drove around for two or three minutes without finding a parking spot, then drove off and parked on the other side of the five-lane street. A car hit her as she tried to cross, causing a traumatic brain injury and multiple skull fractures.

Issakhani sued in June 2016, claiming the complex owner failed to maintain the required number of parking spaces and that “created a foreseeable risk of harm” for guests. The trial court granted summary judgment, finding the condo complex didn’t owe Issakhani a duty under common law or city ordinance, and she couldn’t prove the complex caused her injuries.

The Second District upheld the dismissal. Shadow Glen was built in 1979 on land that had been rezoned from single- and two-family housing. As a condition of the change to multifamily zoning, the Los Angeles City Council passed an ordinance requiring guest parking of half a space per unit in addition to one space per unit for occupants. The project ultimately was built with 170 parking spots, 13 more than necessary, but only six were marked as “visitor” spaces.

The plaintiff argued the complex was liable because it violated the ordinance requiring 34 guest spots, and it was foreseeable visitors would park offsite and attempt to jaywalk their way back to Shadow Glen. The appeals court said that was too much of a stretch.

“Whether a duty of care exists is not a matter of plucking some immutable truth from the ether,” the appeals court observed. The main question is whether “public policy” supports it. Landowners can be held liable for injuries that occur off their property, for example, such as when an onsite parking lot encourages drivers to make a dangerous left-hand turn on a public street. But the California Supreme Court foreclosed any such duty for failing to provide enough parking in a 2017 decision, Vasilenko v. Grace Family Church, stating categorically that landowners “are not required to provide parking for their invitees.”

The appeals court cited several earlier court decisions that refused to assign liability to companies for traffic injuries plaintiffs tried to blame on lack of parking. While it is foreseeable people will attempt dangerous street crossings if they can’t park their cars on-site, the appeals court concluded, the pedestrian is ultimately responsible for what happens. To rule otherwise, the court said, would require landowners to build expensive underground garages, bulldoze part of their properties, or maybe force employees and residents to park elsewhere to accommodate visitors.

The court also rejected arguments the complex was liable for violating the city ordinance that rezoned the property for development. While some laws and ordinances establish public policies that can give rise to negligence claims if they are violated, this property-specific ordinance doesn’t suffice, the court ruled. The plaintiff’s lawyers attempted to conflate a duty of care, which is between two parties, and a standard of care, which sometimes can be established by an ordinance.


https://legalnewsline.com/stories/594243695-woman-hit-by-car-must-take-responsibility-for-jaywalking-across-five-lane-road-california-court-says





Biden's Labor Department rescinds Trump-era rule affecting gig workers

 Biden's Labor Department rescinds Trump-era rule affecting gig workers


Reuters Business News
May 5, 2021
By Nandita Bose

WASHINGTON (Reuters) -President Joe Biden’s Labor Department on Wednesday rescinded a Trump-era rule that would have made it easier for U.S. businesses to classify workers as independent contractors instead of employees under the federal Fair Labor Standards Act.

“By withdrawing the independent contractor rule, we will help preserve essential worker rights and stop the erosion of worker protections that would have occurred had the rule gone into effect,” Labor Secretary Marty Walsh said in a statement.

“Too often, workers lose important wage and related protections when employers misclassify them as independent contractors,” he said.

Shares of companies that employ gig labor such as Uber, Lyft and DoorDash immediately pared gains in pre-market trade. Uber Shares traded down 0.02 percent, Lyft was down 0.75 percent and DoorDash fell 1.27 percent in early trade.

Walsh told Reuters in an interview last week that a lot of U.S. gig workers should be classified as “employees” who deserve work benefits. His comments signaled a shift in policy and hurt stocks of companies that employ gig labor.

Gig workers are independent contractors who perform on-demand services, including as drivers, delivering groceries or providing childcare - and are one-third more likely to be Black or Latino, according to an Edison Research poll.

Walsh said in the interview that his department would have conversations in coming months with companies that employ gig labor to make sure workers have access to consistent wages, sick time, healthcare and “all of the things that an average employee in America can access.”

The rule by former President Donald Trump’s administration, finalized in early January before he left office on Jan. 20, would have hampered workers’ ability to earn a minimum wage and overtime compensation - protections offered under the Fair Labor Standards Act (FLSA).

It was supposed to take effect in March, but did not because it was being reviewed by Biden’s Labor Department. The withdrawal will be effective on Thursday.

An Uber spokesman said last week that an overwhelming majority of app-based workers want to stay independent, because it allows them to work when, where and how they want with flexibility no traditional job can match.

The FLSA includes provisions that require covered employers to pay employees at least the federal minimum wage for every hour they work and overtime compensation at not less than 1-1/2 times their regular rate of pay for every hour they work over 40 in a workweek. FLSA protections do not apply to independent contractors.

“The independent contractor rule was in tension with the FLSA’s text and purpose,” the Labor Department said.