This is default featured slide 1 title
This is default featured slide 2 title

Monthly Archives: May 2017

Top of Technology When You Write

The one technology constant in my career as a journalist seems to be Microsoft Word. I take notes for all of my stories in it on a MacBook Pro. I’ve tried Google Docs and OneNote, but can’t stick with them for reasons I can’t explain. I have a feeling I might be cremated with a copy of Microsoft Word.

Like most people, I buy a lot of stuff on Amazon, and I’ve tried most of their gadgets. I used an Echo for a while. My family mainly used it to turn on a lamp through a WeMo light switch with our voices. My kids enjoyed asking Alexa to play scatological sound effects. I enjoyed that too, if I’m being honest.

What do or don’t you like about their tech products that you use?

I find some of the things you can do on the Echo pretty silly and much easier on a smartphone app. I’ll give you an example. A while back I was installing a sprinkler system in my garden that was connected to a wireless control unit. I found out I could use the control unit with Alexa to turn on the sprinklers with my voice.

When I told Alexa to turn the sprinklers on, a geyser of water shot up six feet in the air from a pipe I hadn’t properly secured. I yelled every Alexa command I could think of to turn it off, but apparently she didn’t like my syntax, and the water kept gushing. I finally just opened the app for the sprinkler unit and turned it off. Also, most people have their sprinklers on timers so they don’t need voice control.

What are your favorite websites, apps or other tech tools for keeping on top of technology news?

I get so much of my news diet, technology or otherwise, through Twitter and, to a lesser extent, Facebook. I have configured my phone to send me a text message every time Jeff Bezos, the chief executive of Amazon, tweets because he’ll occasionally make news that way.

Another reason I’m not the most avid Echo user is that I like the sound from my Sonos speaker system better. Roughly 70 percent of the time I’m using Sonos to stream KCRW’s Eclectic24 music mix. The rest of the time, it’s Spotify and KUOW, my local NPR station. I pay for a Spotify family plan, which keeps my daughter’s playlists from contaminating my own and vice versa.

I am a contrarian on the Apple Watch, which I believe has been unfairly maligned by tech pundits. I love mine, and I get pretty frustrated by a lot of Apple products. I’m a runner and cyclist and track all of my workouts with it. I use Siri on the watch to respond to text messages.

Apple somehow managed to create a wearable device versatile enough that you can wear it on a run and with a suit. That’s impressive.

Are there technologies that you’re not crazy about?

I’ve never cared for reading books on screens, even though I almost exclusively read newspapers and magazines on my phone and computer.

I’m also skeptical of most kitchen gadgetry. I bought an Anova sous vide wand, which cooks meat and other proteins at precise, low temperatures in water baths. In most cases, I feel the results aren’t worth the effort. A cast iron pan is much cheaper

Consumers, but Not Executives

Equifax investors are also shouldering the burden associated with the company’s apparently lax security practices. Since disclosing the breach, Equifax’s stock has fallen more than 20 percent, losing its shareholders nearly $4 billion in market capitalization.

It remains unclear, though, whether the company’s executives will take a financial hit for the failures that allowed thieves to steal Social Security numbers, driver’s license numbers and other sensitive data. Indeed, Equifax’s top managers may not feel any financial ill effects, given the company’s past compensation practices.

Over the last three years, when Equifax determined its top executives’ incentive compensation, it has used a performance measure that excluded the costs of legal settlements made by the company. If it follows this practice after dealing with the costs of settling legal claims arising from the security breach, Equifax’s top managers will essentially escape financial accountability for the blunder.

This troubles Charles M. Elson, a professor of finance at the University of Delaware and the director of its John L. Weinberg Center for Corporate Governance. “To the investors in the company, the legal settlement does impact earnings and stock price,” Mr. Elson said in an interview. “If the shareholders suffer because of this breach, why should management be excluded? These folks take home all of the upside and want none of the down.”

I asked Equifax whether its board would stop excluding legal settlement costs from executive compensation calculations so that management would be required to absorb some of the pain.

An Equifax spokeswoman supplied this statement: The board is actively engaged in a comprehensive review of every aspect of this cybersecurity incident.”

Equifax is not alone in excluding certain costs of doing business from the financial factors it uses to determine executive pay. Such practices have become prevalent among large United States companies.

Equifax uses two main performance measures to decide incentive pay. One, called corporate adjusted earnings per share from continuing operations, is not calculated using generally accepted accounting principles, or GAAP. It is figured by excluding certain costs — such as those related to acquisitions — that normally flow through a company’s profit-and-loss statement. This has the effect of making Equifax’s earnings per share look better in this measure than they actually do under accounting rules.

Equifax says in regulatory filings that it uses the adjusted earnings figure because it best represents the company’s profit growth. Top managers at the company get a larger or smaller annual incentive award based on increases in this measure over the course of a year


Hackers broke into Equifax, accessing data for 143 million Americans. Here’s what happened, how it’s being handled and what you can do to protect your information:

  1. Equifax disclosed the breach nearly six weeks after discovering it.
  2. The breach was met with outrage,prompting multiple inquiries from lawmakers and regulators.
  3. It turns out that oversight for credit monitoring agencies is extremely lax.
  4. But experts said that consumers “don’t control the rules of engagement.” These people shared their stories of being hacking victims.
  5. Freezing your credit files might be a better bet. And be sure tostrengthen your PIN.

Acquisition expenses make up the bulk of the costs Equifax has excluded from its profit calculation in recent years. But Equifax has also excluded costs associated with impaired investments and legal settlements from the figure.

In regulatory filings, Equifax said its exclusion of legal charges from certain financial results “provides meaningful supplemental information regarding our financial results” and is consistent with the way management reviews and assesses the company’s historical performance.

When settlements are small, of course, excluding the legal costs associated with them is a nonevent. And in recent years that has been the case at Equifax, with settlements equaling around 1 percent of net income.

In the fourth quarter of 2016, for example, Equifax recorded a $6.5 million charge for a settlement with the Consumer Financial Protection Bureau. Under that settlement, which involved deceptive marketing of credit scores to consumers according to the bureau, Equifax paid $3.8 million in restitution to customers, a fine of $2.5 million and $200,000 in legal costs.

But the scope of Equifax’s recent security breach is so far-reaching that legal settlements arising from it will most likely be enormous. And this brings up another question: whether Equifax executives should return past pay because of the security failure. Certainly, last year’s proxy filings indicate that the pay received by the company’s top three executives was based in part on their accomplishments in keeping consumers’ data secure.

Consider Richard F. Smith, the chief executive and chairman of the Equifax board, who received $15 million in total compensation in 2016, up from $13 million in 2015. One rationale for his pay package, the proxy said, was Mr. Smith’s “distinguished” work in meeting his individual management objectives for 2016. Among those objectives was “employing advanced analytics and technology to help drive client growth, security, efficiency and profitability.”

Or take John Gamble, Equifax’s chief financial officer. He also received a rating of “distinguished” on his individual objectives, the proxy said, because he continued “to advance and execute global enterprise risk management processes, including directing increased investment in data security, disaster recovery and regulatory compliance capabilities.” Mr. Gamble received $3.1 million in 2016.

Drops Credit-Freeze Fees

It’s a logical reaction: You did not ask Equifax to vacuum up data about you, and then resell it to marketers and loan sellers. And it is not your fault that the company could not keep that data safe. So why should you pay for a freeze, which keeps new creditors from seeing your credit file and thus can keep thieves from applying for credit in your name?

Somehow, that question did not occur to Equifax on Thursday, when it first announced the breach. It apparently thought a year of free credit monitoring would be enough to placate consumers. When I asked Equifax on Sunday why it was not making freezes free, Wyatt Jefferies, a spokesman, did not respond to that particular question.

Here are just some of the other questions I’ve asked Equifax. I’m still waiting for replies.

1. Will temporarily lifting a freeze also be free until Nov. 21, or just placing a freeze?

2. Why not make freezes and the lifting of those freezes free permanently for everyone?

3. Failing that, why not make freezes and thaws free permanently for everyone whose data was stolen in this instance or, for that matter, anytime in the future?

4. Why not pay Experian and TransUnion, the two other large consumer-credit reporting agencies, to freeze the credit files connected to every victim of the most recent Equifax breach? After all, that breach makes people vulnerable to thieves who apply for credit in victims’ names with lenders who check applicants’ credit histories only with Experian or TransUnion.

Equifax would not address that last one with me, but a reader named Kimberly Casey forwarded me an email exchange between her and DannAdams, the president of Equifax’s global consumer solutions unit, where he apologized and said that a service to “lock” Equifax, Experian and TransUnion files simultaneously would be coming soon.


Hackers broke into Equifax, accessing data for 143 million Americans. Here’s what happened, how it’s being handled and what you can do to protect your information:

  1. Equifax disclosed the breach nearly six weeks after discovering it.
  2. The breach was met with outrage,prompting multiple inquiries from lawmakers and regulators.
  3. It turns out that oversight for credit monitoring agencies is extremely lax.
  4. But experts said that consumers “don’t control the rules of engagement.” These people shared their stories of being hacking victims.
  5. Freezing your credit files might be a better bet. And be sure tostrengthen your PIN.

That might be helpful, given the trouble that so many of you have had getting any of the company’s websites or phone systems to work in recent days. (Please, keep trying. It’s worth the protection.) But let’s hope they give this new service away for free, for life, to all individuals who had their data stolen in this instance and that the lock will work identically to a freeze and not involve giving up the right to sue the companies.

I’ve asked Equifax repeatedly in recent days what phone number people should call to request a new PIN for thawing their freezes. On Sunday, Mr. Jefferies told me the company would stop issuing PINs based on the date the freeze was initiated and would instead issue new PINs to anyone who wanted to replace the old ones.

It is not clear, however, exactly how consumers can do this. Another reader today told me that a phone representative for the company said that people were going to have to cancel old freezes, request new ones, go unprotected for days and wait for new PINs to show up in the mail. It should not be that complicated.

Several of you have asked via email (, please keep the questions coming) and Twitter (@ronlieber) about TransUnion’s free TrueIdentity product, which the company is pushing on consumers who are considering a freeze. The company sure seems to want people to sign up for that product instead of freezing their files.

It’s not clear whether the mechanism TransUnion says it uses to “lock” files with that product provides the same protection as a freeze, or whether it is a lesser form of protection meant to shield TransUnion from some regulatory or legal perspective. A giant hat tip, however, to the person on Twitter who pointed out the company’s draconian terms and conditions

It is also unclear whether consumers’ use of the TrueIdentity product would make it easier for TransUnion to continue selling those consumers’ data (in the same way that Equifax and Experian do) than if they froze their files outright. I have repeatedly asked a TransUnion spokesman, David Blumberg, for clarification, but I have not received it yet.

Antivirus Software Government Computers

The concerns surrounding Kaspersky, whose software is sold throughout the United States, are longstanding. The F.B.I., aided by American spies, has for years been trying to determine whether Kaspersky’s senior executives are working with Russian military and intelligence, according to current and former American officials. The F.B.I. has also been investigating whether Kaspersky software, including its well-regarded antivirus programs, contain back doors that could allow Russian intelligence access into computers on which it is running. The company denies the allegations.

The officials, all of whom spoke on the condition of anonymity because the inquiries are classified, would not provide details of the information they have collected on Kaspersky. But on Wednesday, Elaine C. Duke, the acting secretary of Homeland Security, ordered federal agencies to develop plans to remove Kaspersky software from government systems in the next 90 days.

Wednesday’s announcement is the latest instance of the apparent disconnect between the Trump White House, which has often downplayed the threat of Russian interference to the country’s infrastructure, and front-line American law enforcement and intelligence officials, who are engaged in a perpetual shadow war against Moscow-directed operatives.

Kaspersky’s business in the United States now appears to be the latest casualty in those spy wars. Best Buy, the electronics giant, announced last week that it was pulling Kaspersky Lab’s cybersecurity products from its shelves and website, and the Senate is voting this week on a defense-spending bill that would ban Kaspersky Lab products from being used by American government agencies, effectively codifying Wednesday’s directive into law.

Kaspersky is considered one of the foremost cybersecurity research firms in the world, and has considerable expertise in designing antivirus software and tools to uncover spyware used by Western intelligence services. The company was founded by Eugene V. Kaspersky, who attended a high school that trained Russian spies, and later wrote software for the Soviet Army before going on to found Kaspersky Lab in 1997. He has insisted that neither he nor his company have active ties to the Russian military or intelligence services.

Yet despite its prominence in the cybersecurity world, its origins in Russia have for years fueled suspicions about its possible ties to Russia’s intelligence agencies. Federal officials have warned private companies to avoid Kaspersky software, and earlier this year the firm was removed from two lists of approved vendors used by government agencies to purchase technology.

At a Senate hearing in May, a number of senior American security officials, including the chiefs of the F.B.I. and the C.I.A., were even more blunt when asked if they would be comfortable with Kaspersky software running on their agencies’ systems: “No,” they said.

Still, Kaspersky’s software is believed to be used in many federal agencies, especially its antivirus products, though there is no reliable estimate of its ubiquity — government computer systems tend be a jumbled-together collection of often-aging software and hardware, and no central authority keeps track of who uses what.

Kaspersky’s software is also widely used by state governments and ordinary Americans. The company says it has more than 400 million users around the world. It also has a robust business analyzing and investigating cyberthreats.