Month: June 2015

Categories
Law

Justice Scalia’s dissent in marriage ruling. Really?

The Supreme Court’s ruling legalizing same-sex marriage elicited a colorful dissent from Justice Antonin Scalia, who accused the majority of making policy from the bench.

Scalia charged his fellow justices with overstepping their roles as jurists to wade into a matter of social policy that ought to have been resolved by voters and their elected representatives. According to Scalia,

“This is a naked judicial claim to legislative—indeed, super-legislative—power; a claim fundamentally at odds with our system of government. Except as limited by a constitutional prohibition agreed to by the People, the States are free to adopt whatever laws they like, even those that offend the esteemed Justices’ ‘reasoned judgment.’ A system of government that makes the People subordinate to a committee of nine unelected lawyers does not deserve to be called a democracy.”

To allow the question of marriage to be resolved “by a select, patrician, highly unrepresentative panel of nine is to violate a principle even more fundamental than no taxation without representation: no social transformation without representation,” Scalia added.

He later quoted from the majority’s opinion, followed by his inserting a rhetorical “Really?” that evokes a recurring sketch by Seth Myers and Amy Poehler on the “Weekend Update” segment of “Saturday Night Live.”

The lament is one that Scalia returns to from time to time. “The core of Justice Scalia’s judicial philosophy is that judges deciding constitutional cases should discover the answers in external sources: judges must not make value choices,” Erwin Chemerinsky a professor of constitutional law and dean at the University of California Irvine, wrote in a law review article in 2000.

Of course, Justice Scalia is entitled to his philosophy. But that doesn’t make it any easier to reconcile his charges in the marriage decision with the occasions on which Justice Scalia has seemed quite willing, from the bench, to interfere in the “democratic process”—his words—from the dissent in the marriage ruling.

I’m thinking here of Bush v. Gore, the 5 to 4 decision by a majority of the Court in 2000 that ended the counting of votes in a hotly contested presidential election and thereby awarded the White House to George W. Bush.

In that case, the majority—of which Scalia was a member (the opinion was signed “by the Court”)—stopped tries to tally votes in Florida after finding that the recount—with its attempt by officials in the Sunshine State to discern the intent of voters from ballots that voting machines had failed to mark clearly—violated the constitutional right of voters not to be treated arbitrarily in a way that could “value one person’s vote over that of another.”

But what the majority in that case refused to do was to allow the recount to continue, despite efforts by the state, under the supervision of its highest court, to do exactly that. As the majority explained:

“Upon due consideration of the difficulties identified to this point, it is obvious that the recount cannot be conducted in compliance with the requirements of equal protection and due process without substantial additional work.”

Scalia and his fellow members of the majority were unwilling to give the state time to do that additional work, despite it’s potential to determine the outcome of an election, which, you might say, is the incarnation of the democratic process that Scalia otherwise venerates.

Writing in The New Yorker on the tenth anniversary of Bush v. Gore, Jeffrey Toobin addressed this contradiction:

“Bush v. Gore would resonate, in any case, because the Court prevented Florida from determining, as best it could, whether Gore or Bush really won. (Recounts of the ballots by media organizations produced ambiguous results; they suggest that Gore would have won a full statewide recount and Bush would have won the limited recount initially sought by the Gore forces.) But the case also represents a revealing prologue to what the Supreme Court has since become. As in Bush v. Gore, nominally conservative Justices no longer operate by the rules of traditional judicial conservatism.”

For his part, Justice Scalia has told those who take issue with the majority’s ruling in Bush v. Gore to “Get over it.”

That’s what came back to me while reading Justice Scalia’s dissent in Friday’s marriage ruling. Sure, Scalia’s rejoinders can be a delight to read. But his charge that his colleagues in the marriage majority, which, after all, upheld its responsibility to say what the law is, overstepped, might be more credible if Scalia himself were to have followed his own admonition to give the people their say.

Or as Justice Scalia might say: Really?

Categories
Law

The Supreme Court’s ruling on marriage equality

Marriage equality is the law of the land.

By a vote of 5 to 4, the Supreme Court ruled Friday that guarantees of due process and equal protection of law enshrined in the 14th Amendment to the Constitution require states to license marriages between two people of the same sex. “No longer may this liberty be denied to them,” Justice Anthony Kennedy wrote for the majority.

One can imagine the concluding paragraph of the majority’s opinion being read aloud at weddings henceforth. In it, Justice Kennedy writes:

“No union is more profound than marriage, for it embodies the highest ideals of love, fidelity, devotion, sacrifice, and family. In forming a marital union, two people become something greater than once they were. As some of the petitioners in these cases demonstrate, marriage embodies a love that may endure even past death. It would misunderstand these men and women to say they disrespect the idea of marriage. Their plea is that they do respect it, respect it so deeply that they seek to find its fulfillment for themselves. Their hope is not to be condemned to live in loneliness, excluded from one of civilization’s oldest institutions. They ask for equal dignity in the eyes of the law. The Constitution grants them that right.

The judgment of the Court of Appeals for the Sixth Circuit is reversed.

It is so ordered.”

Categories
Law

The Obamacare ruling shows that context matters

The Supreme Court on Thursday ruled that subsidies for health insurance should be available to Americans wherever they reside.

At issue was a section of the Affordable Care Act (ACA) that authorizes tax credits for those who purchase coverage in marketplaces “established by the state.” Four policyholders from Virginia sued, charging that those four words meant the law did not authorize credits for taxpayers in states, like theirs, that rely on the federal health-insurance marketplace. Without subsidies, the petitioners charged, they could neither afford health insurance nor be required by law to purchase it.

That ambiguity presented the Court with the need to interpret the ACA and marked the second time since the law was enacted in 2010 that its fate fell to the justices.

A trial court dismissed the suit after finding that the ACA provided subsidies for plans purchased through either the state or federal exchanges. The 4th U.S. Circuit Court of Appeals affirmed but the Court of Appeals for the D.C. Circuit ruled, in a separate case, that the ACA limited tax credits to state exchanges only.

By a vote of 6 to 3, the Court sided with the 4th Circuit. As Chief Justice John Roberts wrote for the majority:

“If the statutory language is plain, we must enforce it according to its terms. But oftentimes the ‘meaning—or ambiguity—of certain words or phrases may only become evident when placed in context.’ So when deciding whether the language is plain, we must read the words ‘in their context and with a view to their place in the overall statutory scheme.’ Our duty, after all, is to ‘construe statutes, not isolated provisions.'” [citations omitted]

The majority agreed with the petitioners that the language of the phrase at issue was ambiguous, in that one can read it as limited to state exchanges or as applicable to both state and federal exchanges.

The ambiguity prompted the majority to look to the broader structure of the law. Congress put in place subsidies as part of a push to maximize the pool of people who are insured, the majority noted. That lowers premiums by avoiding an alternative whereby only people who need health insurance—those who are less healthy and presumably consume more health care—buy it.

The alternative, which would have denied subsidies to roughly 6.4 million people in 34 states that use the federal exchange, could upend the market for health insurance irreparably. In that event, the Chief Justice wrote:

“One study predicts that premiums would increase by 47 percent and enrollment would decrease by 70 percent… It is implausible that Congress meant the Act to operate in this manner… Petitioners’ arguments about the plain meaning of [the law] are strong. But while the meaning of the phrase ‘an exchange established by the state’ may seem plain ‘when viewed in isolation,’ such a reading turns out to be ‘untenable in light of [the statute] as a whole.’ In this instance, the context and structure of the Act compel us to depart from what would otherwise be the most natural reading of the pertinent statutory phrase.” [citations omitted]

Congress passed the ACA “to improve health insurance markets, not destroy them,” wrote Roberts. “If at all possible, we must interpret the act in a way that is consistent with the former, and avoids the latter.

Categories
Law

Fate of Obamacare to turn on four words

The Supreme Court is expected to decide as soon as this week whether a main part of the Affordable Care Act (ACA) can survive.

Four residents of Virginia contend they were forced by the ACA to buy coverage because of subsidies they receive from the federal government. Their appeal rests on the words “established by the state,” a phrase in the law that the challengers say means that only people who buy coverage through marketplaces established by states—not through the federal health care marketplace—qualify for subsidies.

Virginia is among 34 states that use the federal marketplace. Absent the subsidy, the challengers charge they would be neither able nor required to buy health insurance. If the Court agrees, 6.4 million people could lose tax credits that help them afford coverage and, in most instances, keep them on the rolls.

The government calls the interpretation advanced by the challengers strained. Congress never intended to distinguish between federal and state exchanges in setting up subsidies, proponents of the law say.

Instead, the four words at issue constitute a vestige of an assumption—abandoned during the legislative process—that each state would establish an exchange. It later became apparent that some states would decline to set up exchanges, in which case the federal government made coverage available through HealthCare.gov.

More than 11 million Americans have signed up for health coverage since the ACA passed five years ago. In all, 48% of Americans say the law is working well or needs minor improvements, while 50% say it needs to be overhauled or eliminated, according to the latest NBC News/Wall Street Journal poll.  That’s down from December 2013, when 57% of adults said the law needed to be recast.

Not surprisingly, support for the ACA divides along party lines.  A survey last February by the Pew Research Center found that 87% of Republicans opposed the law while 78% of Democrats supported it.

According to the latest Gallup poll, people between the ages of 18 and 29, those who earn less than $24,000 a year, and black and Hispanic voters are most likely to say the law has helped them and their families.

Categories
Finance

Ruling in AIG case adds to the annals of the financial crisis

In September 2008, as the financial system was in free fall, the Federal Reserve Bank of New York loaned AIG $85 billion in return for 79.9% of the company.

Though the loan enabled AIG to avoid bankruptcy, the terms allowed the government to retain its ownership in the insurer even after the company repaid the money. That exceeded the government’s authority, a federal judge has ruled in a lawsuit brought by Maurice “Hank” Greenberg, the company’s former CEO and one of the largest holder’s of AIG’s stock before the takeover.

As Andrew Ross Sorkin noted in the Times, the ruling may leave policymakers less able to bail companies out in the future. At a minimum, the ruling seems likely to cause policymakers to rethink how they address crises to come. For now, the ruling adds to the list of literature about the crisis and constitutes a must-read for anyone who continues to ponder how the financial crisis came to be and who, like I do, remains fascinated by the ripples that reverberate through the economy nearly seven years later.

The problems that precipitated AIG’s inability to borrow money or raise capital in the private sector and culminated in a takeover of the company by the New York Fed had their roots in the combination of low interest rates and risky lending practices by mortgage lenders and banks that bought and securitized loans in the years that preceded the meltdown. As Judge Thomas Wheeler of the US Federal Court of Claims explained in a decision released June 15:

“There were five major causes of the September 2008 financial crisis: (1) the so-called ‘housing bubble’; (2) the floating interest rates of subprime mortgages; (3) the rating agencies misrepresentations of the riskiness of certain securities such as collateralized debt obligations (‘CDOs’); (4) the ‘originate-to-distribute’ business model; and (5) the collapse of the alternative banking system.”

Wheeler recounts how low interest rates led to a surge in the market for housing and spurred banks and others to lend money to borrowers for houses they could not afford. Thereafter, a combination of rising rates and falling home prices that began in 2006 led many borrowers to fall behind on their mortgages or default.

The practice of originating to distribute meant that lenders, rather than hold mortgages on their books as receivables, transferred or sold the loans to entities that would pool the loans and sell securities that entitled their owner to revenues to be paid form the mortgages that made up the pool.

That “increased the amount of money available for housing loans and resulted in a mortgage originator’s paying less attention to a borrower’s credit and making loans without ‘sufficient documentation or care in underwriting’ because the risk of non-payment had been transferred to others,” Wheeler noted.

Of course, these observations echo similar analyses elsewhere. “We conclude collapsing mortgage-lending standards and the mortgage securitization pipeline lit and spread the flame of contagion and crisis,” the Financial Crisis Inquiry Commission found in its report, which was published in 2011.

As Wheeler recounts, an alternative banking system—consisting mainly of investment banks and broker dealers that extended credit similar to that extended by traditional banks but in a less regulated setting—emerged to provide short-term loans to companies such as AIG. Compared with traditional banks, which profit from the difference between the cost of funds they borrow and the rate of interest on money they lend—the alternative banking system depended on deals for its profits.

In particular, so-called repurchase agreement or “repo” financing—a major form of lending during the run-up to the crisis—was susceptible to shocks because it had to be renewed daily. According to Wheeler, in the six months that preceded AIG’s collapse, the size of the repo market tumbled 20%, to $3.5 trillion.

By August 2008, AIG faced downgrades to its credit rating that stemmed from volatility in the company’s earnings and a deterioration of its portfolio, which consisted primarily of so-called credit default swaps that became riskier as home loans that backed the securities became more susceptible to default. Even Greenberg and his fellow plaintiffs “concluded that a significant portion of AIG’s 2008 liquidity problems was the result of its failures in risk management,” wrote Wheeler.

Though the rescue of AIG by the New York Fed may have avoided “mass panic on a global scale,” as former Treasury Secretary Timothy Geithner testified at trial, the remedy constituted an illegal exaction, Wheeler ruled. “An illegal exaction occurs when the government requires a citizen to surrender property the government is not authorized to demand as consideration for action the government is authorized to take,” he explained.

For his part, Greenberg vows to appeal the ruling, which awarded the plaintiffs none of the $40 billion in damages they seek. “The inescapable conclusion is that AIG would have filed for bankruptcy, most likely during the week of September 15-19, 2008,” wrote Wheeler. “In that event, the value of the shareholders’ common stock would have been zero.”

In short, the shareholders lose either way. An epitaph, perhaps, for an economy in peril.

Categories
Law

Supreme Court backs ban on Confederate license plates, strikes down Arizona sign law

Two rulings last week by the Supreme Court highlight differences in the protection of speech depending in part on who is speaking and reveal some of the ways the justices assess First Amendment claims.

By a vote of 5 to 4, the Court affirmed, in an appeal by the Texas Division of the Sons of Confederate Veterans, that speech by the government may not be challenged as violating the Constitution. Separately, by a unanimous judgment that stretched across four concurring opinions, the Court invalidated a code adopted by the town of Gilbert, Arizona that governed the display of billboards and outdoor signs.

The rulings “are likely to be analyzed together from here on, to determine how—and whether—they fit into the strong pattern that the modern Court had followed in more or less steadily expanding free-speech rights,” Lyle Denniston observed at Scotusblog. “Indeed, in some ways the outcomes seemed contradictory, and the splintering of the Court added to that appearance.”

In the case from the Lone Star State, the Court reviewed the veterans group’s challenge of a decision about five years ago by the Texas Department of Motor Vehicles Board, which rejected the group’s proposal for a license plate featuring a Confederate battle flag. Comments filed by the public as part of the review process showed that many people considered the design offensive, the board said. (The proposal preceded the massacre at Emanuel African Methodist Episcopal Church in Charleston that, among other things, has renewed calls to remove the Confederate flag from the state capitol.)

Though the trial court backed the board, the 5th Circuit U.S. Court of Appeals reversed, concluding that the board, in declining to approve the design, discriminated against the veterans’ viewpoint in violation of the First Amendment.

The Court disagreed. “When government speaks, it is not barred by the Free Speech Clause from determining the content of what it says,” Justice Breyer wrote for a majority joined by Justices Thomas, Ginsburg, Kagan and Sotomayor. “That freedom in part reflects the fact that it is the democratic electoral process that first and foremost provides a check on government speech.”

A review of the program by which Texas considers proposals for specialty license plates shows that “Texas explicitly associates itself with the speech on its plates” and that someone who displays a message on a license plate issued by the state “likely intends to convey to the public that the state has endorsed that message,” explained Justice Breyer. “If not, the individual could simply display the message in question in larger letters on a bumper sticker right next to the plate.”

The First Amendment applies to government regulation of speech by members of the public, not to speech by the government, the majority noted. Members of the public who disagree with speech by the government have both the freedom to criticize the government’s views and to vote elected officials out of office, the Court explained. Democracy itself “provides a check on government speech,” Justice Breyer noted.

The alternative—subjecting speech by the government to the strictures of the First Amendment—would not work, Justice Breyer noted, adding:

“How could a city government create a successful recycling program if officials, when writing householders asking them to recycle cans and bottles, had to include in the letter a long plea from the local trash disposal enterprise demanding the contrary? How could a state government effectively develop programs designed to encourage and provide vaccinations, if officials had to provide the prospective of those who oppose this type of immunization?”

But specialty license plates do not constitute government speech, countered the dissenters, who likened the plates to a so-called limited public forum, which allows state property to be used by private speakers, such as when a city turns over its municipal auditorium for a candidates’ debate. In those cases, the dissenters noted, the First Amendment prevents the government from discriminating on the basis of viewpoints. As Justice Alito explained:

“The Confederate battle flag is a controversial symbol. To the Texas Sons of Confederate Veterans, it is said to evoke the memory of their ancestors and other soldiers who fought for the South in the Civil War. To others, it symbolizes slavery, segregation, and hatred. Whatever it means to motorists who display that symbol and to those who see it, the flag expresses a viewpoint. The Board rejected the plate design because it concluded that many Texas would find the flag symbol offensive. That was pure viewpoint discrimination.”

The State of Texas has authorized more than 350 specialty license plates, including plates bearing the names of high schools, fraternities or sororities, the Daughters of the American Revolution, a favorite soft drink and a favorite NASCAR driver, Justice Alito observed. Would someone sitting at the side of a highway in Texas, watching the vehicles pass by, “really think that the sentiments reflected in these specialty plates are the views of the State of Texas and not those of the owners of the cars?” he asked. “If a car with a plate that says ‘Rather Be Golfing’ passed by at 8:30 am on a Monday morning, would you think: ‘This is the official policy of the State—better to golf than to work?’”

On the other hand, attempts by the government to regulate speech will be presumed unconstitutional whenever the regulation differentiates among private citizens based on the content of their message. The town of Gilbert, a city of roughly 209,000 people that sits about 22 miles southeast of Phoenix, established rules for the display of outdoor signs based on three categories: those that conveyed so-called ideological messages, those that aimed to influence the outcome of an election, and those that directed people to a gathering of a religious, charitable or nonprofit organization.

At issue was an appeal by the Good News Church, which the town fined for posting between 15 and 20 temporary signs that advertised upcoming services. The signs omitted a date for the assemblies and remained posted for longer than the 13 hour-period that concluded one hour after the services. The town cited the church, which sued.

A trial court sided with the town. The 9th U.S. Circuit Court of Appeals agreed, concluding that the code did not discriminate among displays based on the content of their message.

The Court reversed the ruling. “The restrictions in the Sign Code that apply to any given sign thus depend entirely on the communicative content of the sign,” Justice Thomas wrote in an opinion joined by Justices Roberts, Scalia, Kennedy and Sotomayor. “On its face, the Sign Code is a content-based regulation of speech. We thus have no need to consider the government’s justifications or purposes for enacting the Code to determine whether it is subject to strict scrutiny.”

According to Thomas, the appellate court’s determination that the code did not regulate speech based on the town’s disagreement with any particular message disregarded the need to determine initially whether the law as written avoided distinctions based on the message being conveyed.

In upholding the code, the 9th Circuit had determined that the town’s attempt to regulate signs had nothing to do with the content of their messages. But that overlooked “the crucial first step in the content-neutrality analysis: determining whether the law is content neutral on its face,” Justice Thomas wrote. “In other words, an innocuous justification cannot transform a facially content-based law into one that is content neutral. Thus, a speech regulation targeted at specific subject matter is content based even if it does not discriminate among viewpoints within that subject matter.”

That view went too far, according to Justices Breyer and Kagan, who wrote separately to covey their view. “Regulatory programs almost always require content discrimination,” Justice Breyer noted. “And to hold that such content discrimination triggers strict scrutiny is to write a recipe for judicial management of ordinary government regulatory activity.”

As Justice Breyer noted, the government requires that public companies include certain content in securities filings, that labels for prescription drugs bear the symbol ‘Rx only,” that rules requiring confidentiality of medical records allow a physician to disclosed that a patient has HIV to the patient’s spouse or sexual partner, and that commercial airplane pilots must ensure that each passenger has been advised to fasten his or her seatbelt. According to Justice Breyer:

“The better approach is to generally treat content discrimination as a strong reason weighing against the constitutionality of a rule where a traditional public forum, or where viewpoint discrimination, is threatened, but elsewhere treat it as a rule of thumb, finding it a helpful, but not determinative legal tool, in an appropriate case, to determine the strength of a justification.”

Despite the ruling, three of the four opinions gave little guidance to municipalities, which may be left to wonder how they might regulate the placement of billboards without contravening the Constitution. That fell to Justice Alito, who, in a concurrence joined by Justices Kennedy and Sotomayor, offered some examples of how to regulate outdoor signs other than by reference to the content of the billboards themselves:

“I will not attempt to provide anything like a comprehensive list, but here are some rules that would not be content based:

Rules regulating the size of signs. These rules may distinguish among signs based on any content-neutral criteria, including any relevant criteria listed below.

Rules regulating locations in which signs may be placed. These rules may distinguish between free-standing signs and those attached to buildings.

Rules distinguishing between lighted and unlighted signs.

Rules distinguishing between signs with fixed messages and electronic signs with messages that change.

Rules that distinguish between the placement of signs on private and public property.

Rules distinguishing between the placement of signs on commercial and residential property.

Rules distinguishing between on-premises and off-premises signs.

Rules restricting the total number of signs allowed per miles of roadway

Rules imposing time restrictions on signs advertising a one-time event. Rules of this nature do not discriminate based on topic or subject and are akin to rules restricting the times within which oral speech or music is allowed.”

That’s not to suggest that all regulation of speech that does not encompass content comports with the First Amendment. Rules that set the so-called time, place and manner of speech must be narrowly tailored to serve a legitimate government interest but, as Justice Alito, explained, “need not meet the high standard imposed” on regulations that regulate speech based on its content or the speaker’s viewpoint.

At least some municipalities welcomed the ruling, which impacts most local governments. “Gilbert looks forward to the opportunity to review its own regulations to make necessary changes consistent with the Supreme Court’s decision,” Michael Hamblin, the town’s attorney, said in a statement.

Categories
News Privacy

Sorting out the cyberattacks

This post has been updated as of Nov. 11.

The cyberattack announced in June on a system that stores information about millions of current and former federal workers and contractors highlights yet again the vulnerabilities of the computer networks that connect us.

The breaches resulted in raids on files containing names, Social Security numbers, fingerprints and other personal information for nearly 26 million people, according to the Office of Personnel Management (OPM), the agency that was hacked. Investigators say the attack came from China, which has denied responsibility.

The attack on OPM spurred me to sift through a series of cyberattacks on the government, companies and others since 2013. The list, which appears below, is almost certainly incomplete. It also doesn’t include breaches of unsecured protected health information that by law are reported to the U.S. Department of Health and Human Services, which has logged 34 such intrusions this summer alone.

Though the attacks summarized below have been reported widely, the roster suggests the sweep and frequency of intrusions, which are likely to increase according to a survey fielded last fall by the Pew Research Center. I will update this post periodically. Please tweet additions, corrections or comments to @bbrowdie.

2015 (attacks listed in reverse chronological order by date of disclosure)

Scottrade (Oct.)—Between late 2013 and early 2014, thieves stole the names and street addresses of roughly 4.6 million clients, according to the retail brokerage firm, which said it had no evidence that trading platforms or clients funds were compromised.

E-Trade (Oct.)—The financial firm notified 31,000 customers that hackers may have accessed their names, email addresses, and street addresses. The intrusion reportedly occurred in 2013, but at the time the company did not think that customer information had been compromised.

Dow Jones (Oct.)—The publisher of The Wall Street Journal said in a statement that intruders who gained access to its systems may have swiped payment card and contact information for roughly 3,500 customers.

Experian (Oct.)—Hackers stole personal information for roughly 15 million Americans, the consumer data company said in a statement. The data included names, dates of birth and Social Security numbers for people who applied for service with T-Mobile over a period of two years starting in September 2013. In a statement, T-Mobile CEO John Legere said he is “incredibly angry about this data breach” and pledged to “institute a thorough review” of the company’s relationship with Experian.

CVS (Sept.)—The pharmacy chain, which in July revealed a possible breach of its online photo service, confirmed that personal information may have been swiped by hackers. The data included names, credit card numbers, phone numbers, email addresses, usernames and passwords. The company declined to say how many customers were affected.

Business Wire/PR Newswire Association (Aug.)—Federal officials charged a group of hackers and inside traders with stealing nonpublic information from servers belonging to two of the largest services that companies use to distribute news releases and using the information to profit illegally over a period of roughly five years.

Carphone Warehouse (Aug.)—The UK-based mobile phone retailer said that a “sophisticated cyberattack” resulted in the theft of names, addresses, dates of birth and bank details for as many as 2.4 million customers. The intrusion also may have resulted in the theft of encrypted payment card information for as many as 90,000 customers, the company said.

Sabre/American Airlines (Aug.)—Sabre, a company processes reservations for hundreds of airlines and thousands of hotels, “recently learned of a cybersecurity incident” but could not say what data was stolen or who might be responsible, Bloomberg reported. American Airlines reportedly was investigating whether the intruders moved to its computers from Sabre’s systrems.

U.S. Dept. of Defense (Aug.)—A unclassified system that supports email for about 4,000 military and civilian personnel who work for the Joint Chiefs of Staff returned to operation roughly two weeks after an intrusion by hackers thought to be from Russia. Officials said that no classified information was swiped or compromised during the attack.

United Airlines (July)—Hackers based in China allegedly stole manifests in May or early June that detail passengers and their travel origins and destinations, Bloomberg reported. Investigators reportedly have linked the hackers to the group that stole information from both Anthem Inc. and the Office of Personnel Management. The intrusion reportedly occurred in May or early June.

Fiat Chrysler (July)—The automaker updated software that tethers its vehicles to a series of information and navigation services after two security researchers demonstrated they could take control of a Jeep Cherokee remotely and force it into a ditch.

Ashley Madison (July)— The online service that offers casual sexual encounters for married people said that hackers obtained information about some of its 37 million users, as well as financial information and other data that belongs to Avid Life Media, Ashley Madison’s company. The hackers, who go by the name “Impact Team,” threatened to release all of the company’s information, including nude photos and members’ private postings, if management did not take Ashley Madison’s sites offline. A month later Impact Team made good on that threat. On Aug. 18, the group released postal and email addresses, descriptions of users (including height and weight), encrypted passwords, partial payment card numbers and details of transactions. Two days later, the hackers leaked a trove of data twice as large that appeared to include additional files from the company.

Hershey Resorts (July)—The theme park operator is investigating a series of fraudulent charges that appeared in payment card accounts of customers who visited its attractions in Pennsylvania between mid-March and late May.

Hacking Team (July)—Emails and records that hackers stole from the Italian maker of software that itself allows governments to hack into computers showed that the company counts Russia, Saudi Arabia, and other nations with questionable human-rights records as clients.

Trump Hotel Collection (July)—The chain of 12 luxury hotels owned by Donald Trump said in a statement it was investigating “suspicious credit card activity” stemming from a breach that may date to February.

Houston Astros (June)—Federal law enforcement officials reportedly are investigating whether the St. Louis Cardinals stole scouting reports and information about players and prospects from a database belonging to the Astros. If true, the intrusion represents the first known example of a professional sports team breaking into the network of another team.

LastPass (June)—The service, which lets customers store their passwords online and access them with master log ins, disclosed that an intruder or intruders swiped email addresses, password reminders, authentication codes and more. The breach did not include customer accounts, LastPass said.

Negotiations with Iran (June)—An unnamed state—thought to be Israel—used malware to spy on negotiations between Iran and a group of nations that aim to prevent Iran from obtaining a nuclear weapon. According to Kaspersky Lab, whoever sought the information unleashed the malware, known as Duqu 2.0, on computers at hotels where the negotiations took place.

U.S. Army (June)—The U.S. Army’s website went offline following what appears to have been a distributed denial of service attack. The Syrian Electronic Army, a group of hackers who back President Bashar al-Assad, claimed credit.

Eataly (June)—The marketplace in Manhattan for foods from Italy warned that “unauthorized individuals” set up malware designed to harvest information from credit and debit cards in the company’s payment-processing system. The intruders may have obtained names and account numbers, as well as expiration dates and security codes for cards that customers swiped at Eataly in the first three months of this year.

Office of Personnel Management (June)—The attacks, which OPM discovered in April, resulted in the theft of personal information belonging to 4.2 million current and former federal workers, as well as another 21.5 million applicants for security clearances and their spouses or partners. In a letter dated June 11, the president of the American Federation of Government Employees—the largest federal employees’ union—charged that hackers stole information for every federal worker and retiree, and that the Social Security numbers the hackers obtained were unencrypted. The union has filed a class action lawsuit that charges OPM’s director and chief information officer with negligence in failing to protect information entrusted to them. On Sept. 23, OPM increased its count of the number of people whose fingerprints were stolen to roughly 5.6 million, from approximately 1.1 million previously. Though OPM termed the potential for misusing the fingerprint data “limited,” the agency noted “this probably could change over time as technology evolves.”

CareFirst BlueCross BlueShield (May)—Hackers suspected of operating from China obtained access to names, email addresses and dates of birth for roughly 1.1 million customers of this health insurer based in Maryland and D.C.

Tesla (April)—Hackers took over the automaker’s Twitter feed and defaced the company’s website.

Mandarin Oriental Hotel Group (March)—The upscale lodging chain said that intruders used malware to swipe payment-card information from some of the company’s hotels in the U.S. and Europe.

Anthem Blue Cross (Feb.)—Hackers said to be operating from China allegedly obtained names, dates of birth, Social Security numbers, and information about bank accounts and medical conditions for as many as 78 million people insured by this Indianapolis-based company, which does business in 14 states.

Internal Revenue Service (May)—Hackers thought to be operating from Russia stole tax forms containing Social Security numbers, dates of birth, home addresses and other information for as many as 334,000 people.

Sally Beauty Supply (May)—The Denton, Texas-based retailer of beauty supplies said that intruders had breached its payment system, though the company did not speculate on the scope of the breach. The cyberattack constituted the second on Sally Beauty in as many years.

US HealthWorks (April)—Hackers allegedly pilfered personal and health-related data for an unknown number of members of this California-based insurer. The thieves reportedly breached US HealthWorks’ systems via a laptop stolen from a vehicle belonging to one of the company’s employees.

Premera Blue Cross (March)—Hackers thought to be operating from China allegedly stole names, dates of birth, email addresses, Social Security numbers, information about bank accounts and more from as many as 11 million members of this health insurer based in Washington state.

Banks in Russia, Japan, Europe and the U.S. (Feb.)—A band of thieves that reportedly included Russians, Chinese and European hackers orchestrated an attack on more than 100 banks worldwide, making off with as much as $900 million.

Park ‘N Fly (Jan.)—The Atlanta-based airport parking service confirmed that intruders stole numbers, names and addresses, expiration dates and verification codes for credit cards stored in its reservations website. The company did not say how many cards might have been affected.

2014

Korea Hydro and Nuclear Power Co. Ltd. (Dec.)—A cyberattack reportedly erased some data at the state-owned company that runs the country’s 23 atomic reactors. South Korea later blamed North Korea for the intrusion.

Chik-fil-A (Dec.)—The fast-food chain said it was investigating reports of unauthorized activity concerning credit and debit cards used at some of its restaurants. Chik-fil-A later said the investigation revealed “no evidence” of its systems being hacked or payment cards stolen.

Bebe (Dec.)—The women’s clothing chain disclosed that hackers obtained names, account numbers, expiration dates and verification codes for payment cards swiped between Nov. 8 and Nov. 26 at its stores in the U.S., Puerto Rico, and the U.S. Virgin Islands.

Sony Pictures Entertainment (Nov.)—Cyber intruders obtained names, home addresses, and Social Security numbers, as well as information about bank accounts, payment cards, compensation and more for as many as 47,000 employees. According to the U.S. government, the hackers operated from North Korea, although some experts have doubted the charge. The thieves also swiped more than 173,000 emails and nearly 31,000 documents from the studio.

JPMorgan Chase (Oct.)—Hackers obtained names, home and email addresses, phone numbers and internal bank information about 83 million customers, including 76 million households.

Apple (Oct.)—Cyberattackers reportedly sought to intercept user IDs, passwords and other information from the company’s iCloud service in China. The Chinese government denied responsibility for the attack.

Staples (Oct.)—The office-supply chain confirmed it was investigating a potential theft of payment-card data. Two months later, Staples said that hackers swiped information for roughly 1.16 million credit and debit cards after installing malware at 115 of the company’s 1,400 stores in the U.S.

NATO, the Ukraine, Poland and the European Union (Oct.)—Hackers working on behalf of the Russian government allegedly used a flaw in Windows to swipe documents and other files from government and university offices, as well as energy and telecommunications companies.

Kmart (Oct.)—The retailer disclosed that someone had installed malware on payment systems at its stores but that no email addresses, PINs or Social Security numbers were swiped. Still, the information that thieves grabbed may have allowed them to counterfeit stolen cards.

Home Depot (Sept.)—Cyber thieves allegedly used an account belonging to a refrigeration contractor in Pennsylvania to steal 56 million credit and debit cards, as well as 53 million email addresses.

Jimmy John’s (Sept.)—An intruder or intruders used log-in credentials to pilfer numbers for credit and debit cards swiped at 216 of the sandwich chain’s more than 1,900 stores, along with cardholders’ names, verification codes and expiration dates.

Viator (Sept.)—The tour-booking unit of TripAdvisor notified customers that an intruder or intruders may have made off with payment information for as many as 880,000 customers, along with email addresses and encrypted passwords for another 560,000.

AB Acquisition (Aug.)—The parent of the Albertsons, ACME, Jewel-Osco, Shaw’s and Star Markets chains warned customers of a breach that may have resulted in the theft of credit and debit card information from some of its stores. About six weeks later, the company disclosed a second breach in which thieves used “different malware” than that used in the incident announced in August.

Community Health Systems (Aug.)—Hackers allegedly operating from China stole names, addresses, Social Security numbers, birth dates and telephone numbers belonging to 4.5 million patients of the chain, which operates 199 hospitals in 29 states. The attackers did not swipe payment data or clinical information, the company said.

AT&T (June)—The company said that three employees of one of its vendors accessed records—including Social Security numbers and information about calls—for some customers.

State of Montana Dept. of Public Health and Human Services (June)—Someone who broke into the state’s systems allegedly made off with addresses, birth dates, Social Security numbers and medical records for as many as 1.3 million people.

Domino’s Pizza (June)—The company disclosed that hackers swiped customers’ names, email addresses and even favorite pizza toppings for roughly 650,000 customers in France and Belgium.

P.F. Chang’s China Bistro (June)—Cyber thieves allegedly stole more than 7 million credit and debit cards, including numbers, cardholders’ names and expiration dates, from 33 of the chain’s restaurants.

Feedly (June)—Websites for this service, which delivers RSS feeds to roughly 15 million users, went down as the result of a distributed denial of service attack.

EBay (May)—Intruders allegedly stole customers’ names, encrypted passwords, email and home addresses, phone records and dates of birth for as many as 233 million users of the auction site. Three months earlier, the Syrian Electronic Army defaced websites belonging to both eBay and its PayPal subsidiary.

Sally Beauty Supply (March)—The beauty supply chain said that hackers accessed its network and stole information for roughly 25,000 credit and debit cards.

University of Maryland (Feb.)—An attacker or attackers infiltrated a database that contained names, Social Security numbers, dates of birth and university IDs for roughly 288,000 students, faculty and staff. The hack reflected the work of someone or some group of people who knew the university’s systems well, the university’s chief information officer told The Washington Post.

Neiman Marcus Group (Jan.)—Hackers used malware to steal roughly 1.1 million credit and debit cards from the Dallas-based retailer.

Michaels Stores (Jan.)—The retailer reported that it was looking into a potential security breach. Three months later the company said that thieves broke into its payment system and made off with credit and debit card information for 3 million customers.

Snapchat (Jan.)—Hackers said they published phone numbers and handles for roughly 4.6 million users of the video-message service that the hackers swiped in a New Year’s Eve raid.

2013

Target (Dec.)—Cyber thieves suspected of operating from Russia stole credit and debit card information for roughly 40 million customers along with names, mailing addresses, phone numbers or email addresses for as many as 70 million people.

Adobe Systems (Oct.)—A cyberattack on the software maker exposed names, IDs, passwords, and payment card information for nearly 3 million customers.

Experian (Oct.)—A subsidiary of the credit bureau sold personal and financial information about millions of Americans to a Vietnamese man who later pleaded guilty to running an identity theft service. The company said its credit files were not breached.

South Korean banks (March)—A cyberattack, alleged to have originated in North Korea, suspended online banking and paralyzed systems at Shinhan Bank, Nonghyup Bank and Cheju Bank.

LivingSocial (March)—The online marketplace asked customers to change their passwords after a cyberattack on the company’s systems exposed names, email addresses, passwords and dates of birth for more than 50 million people worldwide.

Evernote (March)—The note-taking service directed 50 million users to reset their passwords after hackers gained access to user IDs, email addresses and passwords tied to accounts.

U.S. financial institutions (March)—Distributed denial of service attacks slowed websites at a series of banks. A hacktivist group that called itself the al-Qassam Cyber Fighters claimed responsibility for some of the slowdowns.

Categories
Law

Supreme Court strikes down Jerusalem passport law

The Supreme Court on Monday ruled that the power to recognize foreign nations belongs to the president alone, resolving a dispute between the executive branch and Congress over the American position on the status of Jerusalem.

The decision came in connection with a passport issued to Menachem Binyamin Zivotofsky, who was born in 2002 to U.S. citizens living in the contested capital. Zivotofsky’s parents had asked the U.S. Department of State to list the place of birth on his passport as “Jerusalem, Israel.” The department declined, citing a longstanding policy of neutrality on the status of the city. Zivotofsky’s passport would list only “Jerusalem” as his place of birth, the department determined.

Zivotofsky’s parents sued, charging that a law passed in 2002 requires the Secretary of State to identify citizens born in Jerusalem who so request as being born in Israel, a position at odds with the policy of presidents dating to the Oslo Accords, which call for Jerusalem’s status to be resolved through negotiation. Though a trial judge declined to resolve the dispute, which the judge concluded presented a question committed to the legislative and executive branches of government, the D.C. Circuit Court of Appeals later sided with the executive branch, declaring the statute to be unconstitutional.

By a vote of 6 to 3, the Court agreed, holding that the Constitution gives the president the exclusive right to recognize foreign governments and nations. “The President’s exclusive recognition power encompasses the authority to acknowledge, in a formal sense, the legitimacy of other states and governments, including territorial bounds,” Justice Kennedy wrote for the majority. “Albeit limited, the exclusive recognition power is essential to the conduct of presidential duties.”

“The formal act of recognition is an executive power that Congress may not qualify,” he added.

In arriving at its determination, the majority looked to the framework for assessing exercises of executive power first articulated by the Court in 1952, when the justices invalidated a move by President Truman to seize the nation’s strike-bound steel mills during the Korean War. According to that analysis, when the president takes measures that are incompatible with a congressional mandate, the president’s power, as Kennedy explained, “must be both ‘exclusive’ and ‘conclusive’ on the issue.”

The majority traced debates over the power to recognize nations to 1793, when President Washington, without consulting Congress, authorized diplomatic relations with the revolutionary government of France. “Congress expressed no disagreement with this position, and [the French ambassador’s] reception marked the Nation’s first act of recognition—one made by the president alone,” wrote Kennedy.

According to the Court, Congress also honored a decision by President Monroe not to recognize Argentina and Chile initially as those republics cast off colonization by Spain, as well as a determination by President Jackson to recognize Texas when it ceded from Mexico and President Lincoln’s decision to recognize Liberia and Haiti.

Similarly, as the majority noted, Congress acceded to President McKinley’s opposition to recognizing Cuba when it separated from Spain in 1898 and to President Carter’s recognition of the People’s Republic of China instead of Taiwan as the government of China.

Though the recognition power belongs exclusively to the president, Congress has other ways to disagree with the executive branch in the conduct of foreign relations, the majority noted. As Kennedy observed, the Constitution authorizes the legislature to decline to confirm an ambassador, to put in place an embargo or to declare war.

“From the face of [the statute], from the legislative history, and from its reception, it is clear that Congress wanted to express its displeasure with the president’s policy by, among other things, commanding the executive to contradict his own, earlier stated position on Jerusalem,” Kennedy wrote. “This Congress may not do.”

For their part, the Court’s dissenters rejected the majority’s view of the separation of powers at issue. “I agree that the Constitution empowers the president to extend recognition on behalf of the United States, but I find it a much harder question whether it makes that power exclusive,” wrote Justice Scalia, who took the unusual step of reading his dissent from the bench.

Chief Justice Roberts, writing separately, called the ruling unprecedented. “Today’s decision is a first: Never before has this Court accepted a president’s direct defiance of an Act of Congress in the field of foreign affairs,” he wrote.

U.S. and Palestinian officials welcomed the ruling, while the Israeli government declined to comment. “This is an important decision which accords with international resolutions and the resolutions of the U.N. Security Council and General Assembly,” a spokesman for Palestinian President Mahmoud Abbas told Reuters.

Categories
Law

Why the Supreme Court will uphold same-sex marriage (Part 2)

A friend whose prognostications about politics I respect and who happens to be married to someone of the same sex, told me recently that he predicts that the Supreme Court, in a decision expected before the end of this month, will refrain from enshrining same-sex marriage in law but command states to recognize such marriages from other states.

That would represent a middle ground—short of finding a constitutional right to marry someone of the same sex—which, in my friend’s view, would allow the Court to continue same-sex marriage on a course toward inevitability nationwide without having to get too far in front of states.

There’s precedent for incrementalism. Two years ago the Court ruled that gay couples married in states that have legalized same-sex marriage are eligible for Social Security and other federal benefits that opposite-sex couples receive. Yet the Court stopped short of declaring a fundamental right to marry.

Still, there are reasons to think the Court may act more sweepingly this time. One is that same-sex marriage itself has become the law in more states. Since the decision in 2013, nine states have legalized same-sex marriage, bringing the total nationwide to 37. Also, 60% of Americans think same-sex marriage should be recognized by law as valid, according to the latest Gallup poll, up from 53% two years ago.

Then there’s the appeal currently before the Court. The parties agree that if the couples who are challenging the bans on same-sex marriage in four states persuade the Court to declare a constitutional right to marry, the question whether states must recognize same-sex marriages performed in other states becomes moot.

So the court could rule as my friend suggests on the first question while ordering states to acknowledge same-sex marriages performed elsewhere, as they do valid heterosexual marriages from other states. But that, as Chief Justice Roberts observed at oral argument, presents an inconsistency that may be difficult for the Court to overlook. Consider the following exchange:

Chief Justice Roberts: I think your… argument is pretty much the exact opposite of the argument of the petitioners in the prior case. The argument that was presented against them is, you can’t do this, we’ve never done this before, recognized same-sex marriage. And now you’re saying, well, they can’t not recognize same-sex marriages because they’ve never not recognized marriages before that were lawfully performed in other states.

Douglas Hallward-Driemeier (on behalf of the petitioners): Well, what—

Chief Justice Roberts: “You’ve got to decide one or the other if you win… You can’t say that [the states] are not treating the marriage as a marriage when they don’t have to do that in the first place.”

In other words, if the couples challenging the law assert that the argument by states in opposition to same-sex marriage that they have never defined marriage to include a couple of the same sex is not a reason to deny same-sex marriage now, the couples cannot then argue that states must recognize same-sex marriages from other states because they’ve long recognized heterosexual marriages from other states.

By extension, the states cannot argue that they cannot be compelled to redefine marriage and then maintain they cannot depart from their longstanding practice of recognizing opposite-sex marriages entered into elsewhere. Either tradition matters or it doesn’t, according to the chief justice’s observation.

That reality may present an obstacle to a justice who may be tempted to decide the appeal as my friend suggests. This assumes, of course, that there already are four votes in favor of striking down state laws that ban same-sex marriage. The inconsistency that Chief Justice Roberts noted may matter most to the chief justice himself or to Justice Kennedy, who together represent the likeliest fifth or sixth votes for a majority.

Categories
Law

Supreme Court limits ability of struggling homeowners to cancel mortgage debts

The Supreme Court dealt financially ailing Americans a setback on Monday in a decision that narrows their ability to erase mortgage debts in bankruptcy.

The Court ruled unanimously that David Caulkett and Edelmiro Toledo-Cardona, who each had two mortgage liens on their respective houses, cannot void a mortgage held by Bank of America that is subordinate to the other mortgage, even though both borrowers owe more on their first mortgage than the property is worth.

Both debtors filed for Chapter 7 bankruptcy, which allows a trustee appointed by the court to sell off the debtor’s assets and discharge any remaining debts, in 2013.

At the debtors’ urging, the bankruptcy court, acting pursuant to a provision of the law that allows debtors to strip away rights to repayment held by creditors who would receive nothing if the house were sold, voided Bank of America’s liens. That rendered the bank unable to foreclose on the loans even if the houses’ values later rose. The 11th Circuit Court of Appeals affirmed the rulings.

The Court disagreed. A secured claim, as defined by the bankruptcy code, means “a claim supported by a security interest in property, regardless whether the value of that property would be sufficient to cover the claim,” wrote Justice Thomas, who added that the debtors had not asked the Court to overrule a decision from 1992 on which the Court based its ruling but instead “request that we limit that decision to partially—as opposed to wholly—underwater liens,” a characterization that Justices Kennedy, Breyer and Sotomayor did not endorse despite joining the ruling.

The decision means that Americans who find themselves in financial distress may remain liable for second mortgages notwithstanding bankruptcy. To cite one example, 23% of Florida’s roughly 1.3 million homes that are worth less than the debt they secure have more than one mortgage, according to the Times.

If a house is worth less than the amount a borrower owes on the first mortgage—a situation known as the home’s being underwater—the second mortgage is worth nothing in a foreclosure.

The debtors’ contention—that a wholly underwater mortgage can be voided but a partially underwater mortgage cannot—would lead to an “odd” result, according to Justice Thomas. Under their approach, he explained, “if a court valued the collateral at one dollar more than the amount of a senior lien, the debtor could not strip down a junior lien under [the relevant precedent], but if it valued the property at one dollar less, the debtor could strip off the entire junior lien.”

“Given the constantly shifting value of real property, this reading could lead to arbitrary results,” Thomas added.

Last year more than 700,000 individuals and couples filed for Chapter 7 bankruptcy. Lenders cheered the ruling, which they say will help to make second mortgages affordable.

Others termed the decision an erosion of rights for vulnerable consumers. “Since 1992, the financial industry has chipped away at [bankruptcy law] to give protections to property regardless of the value of the claim,” David Dayen wrote last March about the appeal in The New Republic. “Now they want to chip away some more.”