• Categories

  • Pages

  • Archives

Clintonemail.com: How It Is Routed. The Fallout Gets Serious.

UPDATE: 17 MARCH 2015   Dvorak.org

Not often do we break news on Dvorak News but today we do. Hillary Clinton used a spam filtering service MxLogic to filter her spam and viruses. What this means is – employees at MxLogic, now owned byMcAfee – had full access to all her classified state department email in unencrypted form.

Here’s the MX records for clintonemail.com.

clintonemail.com. 7200 IN MX 10 clintonemail.com.inbound10.mxlogicmx.net.
clintonemail.com. 7200 IN MX 10 clintonemail.com.inbound10.mxlogic.net.

I’m Marc Perkel – I’m an email expert and I run a competing spam filtering service Junk Email Filter. (yes – I’m jealous) So I know how email system work. Email from the Internet is routed by DNS records called MX records what are used to look up where to deliver email destined for a recipient. When someone uses a Spam Filtering service they point their MX records to that service and all email for that domain goes to the spam filtering service first – they clean it – and forward the good email on to the recipient server which is secret to the world.

Internet —–> MxLogic ——> Hillary’s Server

What this means is that when Obama or anyone in the State Department emailed Hillary, the email went to MxLogic. It was then decrypted, checked for spam and viruses, and then reencrypted and sent over the open internet to Hillary’s server. While it was at MxLogic it could be read, tapped, archived, or forwarded to anyone in the world without anyone knowing.

This system has serious security implications. Email to McAfee’s servers might be encrypted and email out of McAfee might be encrypted, but while it’s at McAfee any employee who has access to the filtering system can tap and read any email going to that domain. So – for example – if I’m a Russian spy, ISIS, North Korea, or Fox News, or a 14 year old hacker, all I have to do is bribe someone at McAfee or hack their work login,  and they get to read all the email of the Secretary of State. WooHoo!

And – this is one of many reasons they have a rule at the State Department that you have to use their servers.

For what it’s worth I was imagining that I was the email security tech at the State Department and I’m aware that Hillary isn’t playing by the rules. What do I do? If I confront her about it do I get fired? Or does the State Department even have email security? How does this get past the tech guys.

So if I’m in the job I’m thinking that I would require VPN tunnels with SSL down the tunnel. Might even wrap the SSL inside an SSH tunnel creating 3 layers. Might even require PGP keys on top of that. I mean – I have the ability to do that – so why not the State Department?

But – maybe she’s super stealth? While the Russians are trying to hack her state department account, which doesn’t exists, no one would ever think she’s stupid enough to have her email on a private server in her home. Security through obscurity. And that is assuming that she’s telling the truth about that.

Although we don’t know what IP address Clinton’s real email is on. It’s interesting to note IP addresses in the DNS for the clintonemail.com domain. Most host names like http://www.clintonemail.com all map to some holding page of no importance. However that host mail.clintonemail.com maps to a different IP address 64.94.172.146, which is in a data center in the New York area, Internap.com. Interesting that her “home server” resolves to a data center. Seems worth investigating to me. mail.presidentclinton.com resolves to the same IP address and also uses MxLogic.

So I thought, what if she has web mail? And sure enough – I GOT A LOGIN PROMPT! https://mail.clintonemail.com And I have verified by the SSL certificate that this is indeed the clintonemail.com server – still online! Click here and type in mail.clintonemail.com

I already tried hillary2016 for the password and that didn’t work. But I’m looking at this and thinking WTF!

Is Hillary’s server secure? It get’s a B rating here. Only supports weak protocols. Uses only SHA1. TLS 1.0.

Another SSL testing site. https://www.whynopadlock.com/check.php – type in mail.clintonemail.com.  In contrast type in mail.junkemailfilter.com. My server passes – Hillary’s doesn’t.

Shouldn’t the Secretary of State of the United States of America use a server that isn’t weak?

What email went through this system that could have been tapped? Emails about Libya, Syria, Egypt, Israel, Putin, ISIS, the Bin Laded raid, and Chelsea’s wedding guest list!  OMG!

I have been a Clinton supporter. Here’s a pic with me and Hillary in 1992.

If she’s the candidate I would still vote for her in the general election over any Republican. But in the primary – I still dream of Elizabeth Warren, but I’ll settle for Biden. And isn’t that just a little sad.

And – for those of you who make this argument, “Republicans did it too! (Therefore Hillary should get away with it.)” My response – “Are you F…ing kidding me!”

The bottom line - none of this would have happened if she had just played by the rules.

The ICE-man cometh… Gaming the SSA.

 The situation U.S. employers now face regarding hiring is bearing the legal onus to the question, “Is this person allowed to legally work in the United States?”

The United States  Citizenship and Immigration Services (USCIS) has now fully implemented (commenced in 2011) an online services program in which one can immediately check his/her immigration work status, such site under the law enforcement jurisdiction of U.S. Immigration and Customs Enforcement (ICE).   The program Self-Check allows an individual to review his information and research the  information that federal agencies such as the SSA, Homeland Security, USCIS

Self-Check comes on the heels of regulation being pushed by legislators that requires  all employers to verify the immigration status of employees via an online program, Verify.  (We have major reservations [still] about E-Verify in that there are so  many ways to get around its confirmation process [as has been reported lately on the use of the SSNs of dead folks by illegal immigrants] and on a more serious note, makes employers a de facto arm of law enforcement is an abhorrent concept.)

To review,  prior to an employee with a potential “glitch” in his employment status applying for a job, (wherein the employer would have to validate his legal standing to work), he can check his own status online by himself.  Within that self-check, s/he can then determine the appropriate corrections necessary, if any. There are enough loop holes in this 2-tiered program to run a circus through.

Step One:  Check hirability.  The answers to the Self-Check questions are based primarily on the address history of the person applying.   Once someone has obtained a SSN or a TIN (taxpayer identification number), running a reverse address check is very easy and often free online.  (We’re not going to tell people how to do it but given our experience, take our word for it that acquiring address histories is a cake walk, especially for a determined person.)

Step Two: Establish an E-Verify’d account.  In this portion of the Self-Check process, once an applicant has been given clearance by USCIS as being hirable – via Step One above –  that individual then sets up an E-Verify account in which information will be stored for access by potential employers.   So anyone with an SSN or TIN and birth and address history can legitimize his/her identity.   How do future employers know then who is really showing up for work?  S/he won’t.

The major issue with Self-Check and  E-Verify then is of identity verification.  (Note:   E-Verify claims that in the future, it will  include a photo comparison – courtesy of Homeland Security – but they won’t release the collection data criteria.)  Will the Social Security Administration continue to issue the harder-to-track TINs? Will the IRS verify the jobs held and dates of employment assigned to each SSN? As we found out last week when millions of illegal aliens were discovered to be using the SSNs of dead people, not likely.)

Self-Check and E-Verify are good starts in the effort in removing the unwanted competition between legally hirable employees and undocumented immigrants for work but,  where employers part with these government plans is on the issue of liability.  If a person desires  to “get over” on the system, they will.  If an employer has complied with E-Verify and other hiring regulations (which obviously to date have not really turned out all that well), why should the employer be held responsible to a system in which she had no input in designing?  And the employer will face penalties for hiring errors regardless of compliance with E-Verify. The obvious work facility access requirement – a retinal scan , fingerprint, non-invasive DNA monitor, appears logical  but then we have to consider the “privacy” issues these suggestions will undoubtedly raise.

Trust, but E-Verify.  We’ve reached that point.

BNI Operatives: Situationally aware.

As always, stay safe.

Clintonemail.com; The Emails and The Private Server Controversy.

hillary email main

The optics aside, (those of former Secretary of State Hillary Clinton forming a de facto separate central office of a government agency in her Chappaqua, NY home or elsewhere),  how private email operates has come to the forefront of the nation’s awareness, especially as most of us use a form of personal email.  Most private email operates through a hosting service (e.g., GoDaddy, Gmail, Yahoo Mail, etc.) on host servers.  Many buisnesses, however, or those requiring an extra layer of security and discretion, purchase and disseminate email via their own servers.  As is the case with Hillary Clinton and clintonemail.com as it relates to official Department of State (and other governmental agencies with which she emailed), she owns her server and it is physically located… where exactly?  Initial AP reports on March 4, 2015, stated that the Clinton server was located in her private home in Chappaqua, NY, but – and the MSM seriously dropped the ball here – there has been no independent confirmation of such.   The possibilities are very limited but they are:

  • It was, in fact, located in the Clinton home in Chappaqua, though no evidence has been provided that it was.
  • It was located in a private office somewhere near Chappaqua, although again there is no evidence to that extent.
  • It was hosted by an external hosting firm — based on network records, first at ThePlanet.com and then at Confluence Networks. There are strong indications that the actual hardware would be in Texas.

By way of explaining how private email (Part I/II) and servers (Part II) work, we will deconstruct the recent/current Hillary Clinton use of private email from her own server for official electronic communications brouhaha.

The Situation:

Hillary Clinton (or someone presumably on her behalf and direction) purchased a private domain, clintonemail.com, from GoDaddy, the world’s largest domain registrar.  All domain purchases come with at least one email address. (Most often,  that one initial email address is the owner’s identification@ that domain, e.g., jim@jimdesserts.com or a general email, info@jimsdesserts.)  The domain buyer can also purchase bulk email@that domain.    The registration is then either maintained publicly or privately (a fee based add-on).  The registration is viewed through WHOis.   From the WHOis site:

What’s in the WHOIS?
The WHOIS database is a searchable list of every single domain currently registered in the world. To find out who owns a particular domain name, all you have to do is type it into the box above.The Internet Corporation of Assigned Names and Numbers (ICANN) requires accredited registrars like GoDaddy.com to publish the registrant’s contact information, domain creation and expiration dates and other information in the WHOIS listing as soon as a domain is registered.
So everyone can see my information?
The short answer is, yes. The name, address and phone number you submit when you register your domain is publicly accessible by anyone at any time. This may be good news if you have a domain name you’d like to sell. Or it may be bad news if your name and contact info is collected by a spammer, hacker or other cyber-criminal.
How can I protect my privacy?
To keep your personal data from falling into the wrong hands, GoDaddy.com offers Private Registration through our partner, Domains By Proxy®. Instead of displaying your personal information in the WHOIS database for all to see, Domains By Proxy® will replace it with their own. The domain will still belong to you – except now, you and Domains By Proxy® will be the only ones who know it.
The Email Registration for Clintonemail.com:
Prior to March 4, 2015:  The clintonemail.com was publicly registered to an IP address that returned to the Clinton Chappaqua, NY home.  NOTE: That is the registration, not a physical confirmation of the actual server location. (Nonetheless, as a matter of respect for privacy rights, we don’t publish home addresses.)
On and after March 4, 2015: (from the WHOis database):
Domain Name: CLINTONEMAIL.COM
Registry Domain ID: 1537310173_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2015-01-29T00:44:01Z
Creation Date: 2009-01-13T20:37:32Z
Registrar Registration Expiration Date: 2017-01-13T05:00:00Z
Registrar: NETWORK SOLUTIONS, LLC.
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
Reseller:
Domain Status:
Registry Registrant ID:
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 12808 Gran Bay Parkway West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.5707088780
Registrant Email: kr5a95v468n@networksolutionsprivateregistration.com
Registry Admin ID:
Admin Name: PERFECT PRIVACY, LLC
Admin Organization:
Admin Street: 12808 Gran Bay Parkway West
Admin City: Jacksonville
Admin State/Province: FL
Admin Postal Code: 32258
Admin Country: US
Admin Phone: +1.5707088780
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: kr5a95v468n@networksolutionsprivateregistration.comRegistrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Creation Date: 13-JAN-2009
Updated Date: 04-MAR-2015
Expiration Date: 13-JAN-2017

(Interesting note in the Clintonemail.com registration transfer after the matter became public, is that the domain is now registered privately with Network Solutions, LLC.  We believe this is an entirely cosmetic change as the association to GoDaddy is viewed as a less secure domain registrar when, in fact, GD domains are as secure as Network Solutions’ and so are the respective privacy settings.)

While some partisan-leaning people may try to state that HRC’s unusual private protocol is “no big deal”, well, yes it really is as we’ve seen how easily our Pentagon – and private-sector business, SONY – emails have been very successful hacked.

BNI Operatives: Situationally aware.
As always, stay safe.

How ISIS Recruits Jihadi Brides From Within The U.S.


surespot image

isis girls

The enemy is here and it is us.

I’m not sure if many people caught the news blip this week (our sources are: Fox News and Colorado Newsday) that clearly identified the primary recruiting  communication method used ISIS/ISIL terrorists.  Having learned from the Navy Seal-induced demise of their Satanic idol, OSL, that cell phones (when used for speaking) and couriers are ultimately trackable, this new terror blight on the planet channels contact through an open source app – SureSpot.

Potential jihadi recruits and brides are being groomed online using a phone app run by privacy and drug legislation campaigners in Boulder, Colorado by environmentalist, Cherie Berdovich and alleged hacker, Adam Patacchia. SureSpot is designed so messages are totally encrypted and cannot be intercepted by authorities.

When messages are deleted by the IS member, they automatically also erase from the phones used by the new recruitee so no trace of the incriminating conversation is left.  (SureSpot was used by jihadi recruiters and the recent three ISIS-bound British teen-aged schoolgirls.)

We tried SureSpot here at BNI (Julia and Ed) and it works as well, if not better than advertised.  We downloaded the app from Apple’s App Store and Google Play (to test ease of OS [operating system] cross-platform use) and easily employed not traceable communication in under a minute.  Scarily fast and vapor-like. It was just as easy to permanently delete our messages (which were in print, voice and via graphics) as they are not collected and maintained on any server.

The app is available for free on internet stores run by Apple and Google and known jihadists direct teenagers to download the software using public profiles on Twitter.

Yet none of the technology giants appear to have acted to crack down on people using the app to speak to jihadists.

Let’s begin by breaking down how their encryption works: (We’re using SureSpot’s explanation.)

Traditional IM , SMS, etc. communications send messages in “plain text”. This means that the information is sent without anything done to protect the information from being read by anyone else. It is akin to sending a postcard.

Imagine you are on vacation in Italy, Florence to be precise, and you send a postcard to your sister in London. As the postcard travels anyone that touches it can read it. Typically you do not send information like a credit card number or your pin number or an intimate thought using the postcard format. Today this is what sending an email or a text message or an instant message or a picture is like. The message is the postcard which travels along many hops until it reaches its destination. At every one of these “hops” the message could potentially be read.

For example you, are reading an email at Starbucks. To read this email the information travels from the server (gmail) through their (Google’s) ISP, to Starbuck’s ISP, to the Starbucks location you are at. At any one of these points the email can be read. To illustrate this we can run the traceroute command which shows the hops your data is taking to reach its destination.

for example the traceroute from my house to mail.google.com looks like this:

  • [adam@monkey ~]$ traceroute mail.google.com
  • traceroute to mail.google.com (74.125.225.213), 30 hops max, 60 byte packets
  • 1 DD-WRT.mugello (192.168.10.1) 0.506 ms 0.598 ms 0.794 ms
  • 2 24.9.100.1 (24.9.100.1) 16.723 ms 17.837 ms 32.677 ms
  • 3 ge-1-39-sr01.summit.co.denver.comcast.net (68.85.220.81) 17.710 ms 17.711 ms 17.828 ms
  • 4 te-0-3-0-5-ar02.denver.co.denver.comcast.net (68.86.179.13) 21.140 ms 22.087 ms 22.145 ms
  • 5 pos-0-7-0-0-ar02.aurora.co.denver.comcast.net (68.86.128.246) 25.333 ms 25.334 ms 25.448 ms
  • 6 he-3-4-0-0-cr01.denver.co.ibone.comcast.net (68.86.90.149) 24.116 ms 20.657 ms 20.689 ms
  • 7 * * *
  • 8 173.167.57.206 (173.167.57.206) 17.512 ms 18.328 ms 18.402 ms
  • 9 72.14.234.57 (72.14.234.57) 16.190 ms 16.218 ms 16.160 ms
  • 10 209.85.251.111 (209.85.251.111) 16.674 ms 20.817 ms 21.715 ms
  • 11 den03s06-in-f21.1e100.net (74.125.225.213) 17.238 ms 18.200 ms 18.152 ms

We can see that to get to Google’s server at mail.google.com, the data is being routed through at least 11 hops, anyone of which could have a chance to intercept the information. Now if you controlled the routing and could make the data on your network always pass through a certain one of these hops, you could monitor all of the “plain text” data being sent on your network. Not exactly “secure”.

enter surespot…

Surespot solves these problems by using end to end encryption so that only the end users can decipher it. No one along the network route the message takes from one client to another, not any of the hops, not even the surespot server, can view the contents of the data. (Only Julia and Ed can see their messages.) 

how does this work?

Encryption is an electronic lock and key system. You take a plain text message and encrypt it using a key (secret). You can then decrypt the message using the same key. Pretty simple. You encrypt data at one end using the key, send it over all the network’s hops and servers, and at the other end it can be read because the key is known. None of the hops and servers in-between can read it because they don’t know the key.

So Julia encrypts a message for Ed with a key, then Ed decrypts it using the same key. Simple right, except for the fact that Ed needs to know the key! Somehow we need to get the key to Ed but how can we send it over the network? We can’t encrypt it because we need a key to encrypt so we have a catch 22. Or a chicken and egg situation. The answer is we don’t send the key over the network.

public key encryption

When a user is created in surespot an associated key pair is generated. A key pair consists of a public key and a private key. These keys allow us to do magical things. So now Julia has a key pair and Ed has a key pair. The private key is stored on the device, the surespot server does not need and never will have access to it. The public key is given to the user that you wish to exchange messages with. So surespot ensures that Julia gives Ed her public key and vice versa.  Now the brilliance of shared key derivation can shine. The key pair algorithm that surespot is using allows the following mathematics to happen: Julia can now take Ed’s public key and with his private key can derive a secret. Ed takes Julia’s public key and with his private key derives the same secret! Re-read that part a few times. This shared secret is unique to Julia and Ed, only they know, and assuming their private keys remain private, only they will ever know. This shared secret has never been and never will be exposed to the surespot server or any other hops along the network route that the message takes. This shared secret can now be used to exchange information securely. This is the crux of what makes surespot work.

 

In that SureSpot does not maintain information on a server anywhere, there are no records.  

So, why haven’t our federal intelligence and law enforcement agencies shut down SureSpot?? Surespot’s owners insist that they are protecting an ‘essential liberty’ and have no responsibility to block IS.  Is this app not directly providing material aid to the enemy?  While I am a strong supporter of capitalism, today, technological advances need to also be balanced with security needs. Someone is dropping the ball in a very dangerous way but not addressing this perverted use of an otherwise great communication technology.

BNI Operatives: Street smart; info savvy.

As always, stay safe.

GPS Tracking; Legal?

gps

Recently a judge in New Jersey ruled that use of a GPS device to track a cheating spouse is not an invasion of privacy.  The premise for the ruling is that both parties shared the family vehicle and therefore, either could place the monitoring device on said vehicle. In an attempt to clarify the states’ position on GPS tracking, we held an informal study amongst our peers and researched existing legislation (including that also connected to wiretapping and privacy laws).

As best we can ascertain, there appears to be no definitive list of  state by state rulings on GPS devices and their placement on personal vehicles. Many states require the consent of the vehicle’s registered owner. Although the Supreme Court of the United States has ruled that law enforcement agencies’ use of a GPS monitoring device constitutes an “illegal search” and that the potential surveillance subject is therefore protected against this type of monitoring under the Fourth Amendment, that clarity of use as of GPS tracking has not yet been legally defined for private sector use.

According to our knowledgeable friends at Brick House Security (NYC), it is  generally considered to be fair and legal usage of a GPS tracking device if:

  • You or your company own the vehicle.
  • You or your company do not own the vehicle, but you place the GPS device on the outside of the car — (e.g., under the rear bumper).
  • The vehicle is visible to the public — (e.g., in a parking lot or on a public street).
  • You could obtain the same information by physically trailing the vehicle.
  • The vehicle is not situated on someone else’s private property.

It’s generally illegal to use a GPS tracking device if:

  • You need to break into the vehicle to situate the device.
  • You need to physically hardwire the device inside the vehicle.
  • The vehicle is in a place where its owner has a reasonable expectation of privacy — in a private garage.

My suggestion for those wishing to engage in GPS surveillance of a subject, is to contact local police in the desired area of surveillance and ask within.

For additional GPS tracking related information, please read one of our  earlier articles on the subject, below linked.

Our Operatives: Street smart: info savvy.

As always, stay safe.

Honoring Our Presidents, Fun Facts and Trivia Quiz.

president's day

 

An appropriate, interesting and thankfully, brief, written piece for today: The Five Strangest US Presidential Elections.  (In one election, the President received 100% of the electoral vote and in another, the opponent was a corpse.)

Also, a very unique presidential trivia quiz, What did they do before becoming presidents. (Not as easy as one might think.) : Before They Were Presidents.

As we commemorate our Presidents today, let’s be very careful in this record-setting brutal cold and winter weather.

(We’ll return to our regular weekly post on Wednesday, Feb 18, 2015.)

BNI Operative; Street smart, info savvy.

As always, stay safe.

 

When Is It “A Bit” of Sexual Harassment in the Workplace??

Breaking: Verdict In Alexandra Marchuk v. Faruqi & Faruqi

We’ve been eagerly awaiting the verdict in Marchuk v. Faruqi, the high-profile sexual harassment lawsuit filed by Alexandra Marchuk against her former firm and one of its most prominent partners, Juan Monteverde. Trial started on January 12. The jury got the case on Tuesday and deliberated for about eight hours over three days.

And now the jury has spoken. Here’s a report from Law360 (sub. req.):

A New York federal jury on Thursday found Faruqi & Faruqi LLP and partner Juan Monteverde partially liable for creating a hostile work environment in a closely watched sexual assault case that has cast a harsh spotlight on the securities boutique.

An eight-member jury found Faruqi and Monteverde liable on former associate Alexandra Marchuk’s New York City law hostile work environment claims and partially granted her request for damages. She sought $2 million in damages. She was awarded $90,000 plus punitive damages to be determined later.

The economic damages — back pay, front pay, compensatory damages — are probably disappointing for Marchuk. But who knows what the punitive-damages award might bring?

On the bright side for the defendants, Monteverde and Faruqi were cleared of federal and state law claims of creating a hostile work environment. Recall also that Judge Alvin Hellerstein narrowed the case by dismissing various other claims, including Marchuk’s defamation and retaliation claims.

As of now, until we get the punitives, the outcome can’t be called as a huge win (or loss) for either side. This makes some sense given that both sides had their strengths and weaknesses at trial. But if the punitives turn out to be modest, then chalk this up as a defense victory — big headlines, small damages.

UPDATE (4:35 p.m.): Per Max Stendahl of Law360, who has been doing a great job covering the trial, the jury has reached a verdict on punitive damages. We’ll update as soon as it’s announced.

UPDATE (4:45 p.m.): From Max Stendahl: “Jury awards $45,000 against partner Juan Monteverde, $5,000 against Faruqi [as a firm].”

UPDATE (4:55 p.m.): Said one observer to me just now, “So all of that, and she ends up with $140k?

****************
And now, the EEOC regs:

The U.S. Equal Employment Opportunity Commission


Questions and Answers on Employer Liability for Harassment by Supervisors

Title VII of the Civil Rights Act (Title VII) prohibits harassment of an employee based on race, color, sex, religion, or national origin. The Age Discrimination in Employment Act (ADEA) prohibits harassment of employees who are 40 or older on the basis of age, the Americans with Disabilities Act (ADA) prohibits harassment based on disability, and the Genetic Information Nondiscrimination Act of 2008 (GINA) prohibits harassment of an employee based on genetic information. All of the anti-discrimination statutes enforced by the EEOC prohibit retaliation for complaining of discrimination or participating in complaint proceedings.
The Supreme Court issued two major decisions in June of 1998 that explained when employers will be held legally responsible for unlawful harassment by supervisors. The EEOC‘s Guidance on Employer Liability for Harassment by Supervisors examines those decisions and provides practical guidance regarding the duty of employers to prevent and correct harassment and the duty of employees to avoid harassment by using their employers’ complaint procedures.

1. When does harassment violate federal law?

  • Harassment violates federal law if it involves discriminatory treatment based on race, color, sex (with or without sexual conduct), religion, national origin, age, disability, genetic information, or because the employee opposed job discrimination or participated in an investigation or complaint proceeding under the EEO statutes. Federal law does not prohibit simple teasing, offhand comments, or isolated incidents that are not extremely serious. The conduct must be sufficiently frequent or severe to create a hostile work environment or result in a “tangible employment action,” such as hiring, firing, promotion, or demotion.

2. Does the guidance apply only to sexual harassment?

  • No, it applies to all types of unlawful harassment.

3. When is an employer legally responsible for harassment by a supervisor?

  • An employer is always responsible for harassment by a supervisor that culminated in a tangible employment action. If the harassment did not lead to a tangible employment action, the employer is liable unless it proves that: 1) it exercised reasonable care to prevent and promptly correct any harassment; and 2) the employee unreasonably failed to complain to management or to avoid harm otherwise

4. Who qualifies as a “supervisor” for purposes of employer liability?

  • An individual qualifies as an employee’s “supervisor” if the individual has the authority to recommend tangible employment decisions affecting the employee or if the individual has the authority to direct the employee’s daily work activities.

5. What is a “tangible employment action”?

  • A “tangible employment action” means a significant change in employment status. Examples include hiring, firing, promotion, demotion, undesirable reassignment, a decision causing a significant change in benefits, compensation decisions, and work assignment.

6. How might harassment culminate in a tangible employment action?

  • This might occur if a supervisor fires or demotes a subordinate because she rejects his sexual demands, or promotes her because she submits to his sexual demands.

Our opinion? (Not that anyone asked but if that’s the criteria, the Bulletin would be a weekly blank page.) Defense win.  Let’s face it – $140,000 for all of the effort that undoubtedly went into the case to arrive at this trial level?  No clear “message” was sent to employers in similar situations other than “Gentlemen, mind your manners”.  

I find it interesting that the partners fined were found “partially guilty” of creating a hostile work environment.   Were there other supervisors who were more culpable for allowing a sexually harassing environment to exist but had not been named? <tongue boring a hole through cheek> We’ll await the actual trial transcripts and report back.

For employers/supervisors:  Keep it in your pants/under your skirt and your hands (among other body parts) to yourself and mind your words.  Seems simple enough, doesn’t it?  Yes, a charged environment is highly competitive and there can be raging egos and through-the-roof biochemistry surges but check your bank account first and be mindful of the firm’s reputation.

BNI Operatives:  Street smart; info savvy.

As always, stay safe.

Top Ten Most Ridiculous Lawsuits of 2014

sue

We wanted to make sure all of the results were in and the winners (?) for…

The Top Ten Most Ridiculous Lawsuits of 2014 are:

  1. Plaintiff in Pending Disability Lawsuit Topples Huge, Historic Boulder  – A not-too-swift back injury claimant was videotaped pushing a boulder at a park. (Now had the unsecured boulder in a public park rolled over on top of him, he might have a lawsuit again.)
  2. Little League Coach Sues Player Over Celebratory Helmet Toss – A Little Leaguer tosses his helmet in the air in a celebratory move and is being sued by his coach for an alleged torn Achilles heel. (To boot, on a Fox News interview – he stated that his lawyer was suing for $20,000, when in actuality the suit is for $500,000.)
  3. NY Man Sues for More Money Than Exists on Planet Earth – A Manhattan man has sued the city, NYC Transit, Au Bon Pain Store, two local hospitals, Kmart” and a dog owner – for two undecillion dollars. FTR, an undecliion dollars is a 2 followed by 36 zeros. (No, he is not a GAO employee.)
  4. Rescuers Sued By Man They Pulled From Floodwaters –  A man trapped in his car in flood waters is suing his rescuers for $500,000 for not saving him quickly enough.  (You know, Mr., Ortiz, they did have an option to ignore you altogether…)
  5. CA Town Victimized by Plaintiffs’ Attorney Who Has Filed More Than 3,000 Lawsuits – Scott Johnson, the Carmichael lawyer behind the Manteca, CA ADA (American with Disabilities Act) lawsuits, has filed more than 3,000 such lawsuits.  (I doubt there are 3,000 people in Manteca, CA – and I hardly believe they are all disabled.)
  6. NYC Woman Spooked by “Dexter” Ad Sues MTA, Showtime for Subway Fall – A NYC woman is suing because a poster of TV’s “Dexter” – to clarify – a fictional tv series character – startled and menaced her, causing her to trip and fall.  (Imagine if she met a real-time murderer. Now there her estate would have a lawsuit!)
  7. Baseball Fan Caught Sleeping on Camera, Sues ESPN for $10 million – He was filmed at a public sporting event sleeping away. (The snore captured ’round the world. The Jumbo screen is apparently the Dumbo screen.)
  8. Minimum Wage for Court-Ordered Community Service? – Two criminals ordered to perform community service (via an ACD – Adjournment in Contemplation of Dismissal) rather than jail time believe they should be paid for their “work”.  (I suggest hard labor next time.)
  9. Jimmy John’s Lawsuit “Sprouts” Hefty Payday for Lawyers – Vouchers for Victims – California woman sues Jimmy John’s for not having alfalfa sprouts in their sandwiches as advertised.  (How many times did she order the same sandwich and not open up her mouth and ask for them??)
  10. Woman Sues Disney for $250M, Claims “Frozen” Stolen From Her Life’s Story – A woman is suing Disney for $250m for Frozen a story she alleges is taken from her novel, Yearnings of the Heart, the resemblance being a cold setting.  (That Frozen has more in common with Hans Christian Andersen, The Snow Queen, doesn’t interest her.)

If anyone were going to sue in 2015, it should be for that bad call at the end of the SeaHawks/Patriots game yesterday.

BNI Operatives: Street smart, info savvy.

As always, stay safe.

 

When Partnerships Go Bad: Recognize the Signs & Take Proactive Steps

partnership break
(A compilation effort with the permission of businesshowto.com.) 

If you’re in a business partnership or a longstanding working relationship that isn’t working, ask yourself these questions. Then, if you need to change or end the partnership, we’ll provide you with a short to-do checklist towards that end. 

A client, we’ll call her Linda, had a business that was struggling financially and operationally. She was totally disgusted because her partner of  several years was no longer carrying his weight and didn’t seem to understand the gravity of the situation. She was stressed at the continued havoc that this partnership was causing in nearly every aspect of her life.

What to do? Her realized that her first commitment had to be to herself. Linda had to take command of this situation. She decided she wanted to give the business and her partner one last chance.

She created Job Roles for herself, her partner and each of her staff. Because of the longstanding relationship between her and her partner, we agreed it was best if a qualified consultant meet with the partner and her to present things up to this point.  NOTE: Using a third-party (like an attorney or mediator) can offer a different perspective to a known problem.

The partner was cordial and listened politely, as had been expected. But, of course, he didn’t really GET IT that things had to change. Linda gave it four months under the new plan. Unfortunately, she had to bite the bullet and make the decision to end the partnership.  Linda realized that with several changes to the business operating methods,  she didn’t actually need a partner. She had been carrying the business alone for several years anyway.

If you can answer yes to one or more of the following it may be time to take command of your business and make the necessary changes.
  • You’re feeling like you’re carrying more than your share of the work.
  • Your partner seems to have lost interest in the business.
  • You find more and more to disagree about.
  • There have been changes in your partner’s life that are interfering with his ability to function in the business.
  • Your interest in the direction of the business is different from that of your partner.

In Linda’s case, she had been performing nearly 100% of the work towards the end of the partnership, her partner had been unfocused for quite a while and he had allowed an enormous amount of drama occurring in his personal life (ex-wife divorce and child custody issues, an inexplicably rapidly formed new relationship, losing decades-long friendships with several close friends, etc.) to spill over into the business.   Although well-experienced with personality changes in people, the level of disconnect that the partner had to the business and the welfare it provided for Linda and other employees was shocking even to us.  Finally, he made the gross mistake of insisting on hiring his unqualified new girlfriend – in a position that required unimpeachable skills and confidentiality.  That’s when Linda finally realized that the partnership was truly over.   He’d simply lost his perspective on the type services that the company provided – those requiring absolute trust.

Here are the steps I suggest you take if you’re seriously considering making changes to your partnership arrangement:

1. Review your Partnership Agreement.

Your partnership may exist in the form of a Partnership or a Corporation. Either way, you have a legal entity that binds the two of you.

Have your attorney review your documents and tell you exactly where you stand from a legal perspective. This is important so you will know your limitations as you begin to plan.

If you have a written agreement about Roles and Responsibilities for each of you, assess whether it is still appropriate or needs to be updated.

2. Decide and document exactly what you want for your business and yourself.

Being in a state of dissatisfaction is the spur that will get you to take action. But you don’t want to take action until you’ve thought through exactly what you’re trying to achieve. Consider probable and possible outcomes for different scenarios to help you finalize a plan.

3. Create and write a plan to accomplish your goals.

The most positive thing you can do is create a plan for yourself and the business as you see it and be prepared to present that to your partner. If dissolving the business is in your plan, be prepared with both the reasons you want to leave…and what you plan to do in the future. You’re not just leaving the business; you’re going into something else.

4. Schedule a time to “talk business” with your partner.

A change of venue from your typical meeting might be helpful. Sitting down over lunch or coffee could be a good place to start.

Be prepared for whatever response comes back to you. It can be anywhere from thankful to downright hostile. It will likely require some time for your partner to think through the ramifications of your proposal. Be forewarned; it’s very difficult for people to make changes unless not making changes will jeopardize something of value to them. The bottom line is you don’t want to back down from what you want. Compromise only if you’re still OK with the terms.

If your partner is looking for an excuse to blame you for the ills of the business, you may hear about it when you bring up the subject. I know it’s tempting, but be careful not to get into a blaming match. The objective is to present what you want for the business and yourself, and your plan to make it happen. Outlining how you see their role in the business is totally appropriate. Then it’s up to them to agree or respond with another suitable option.

5. Be willing to walk away.

If you cannot come to terms, or if you do and the partner does not keep his agreement, you must be prepared for a change in business status. You may decide to close the doors, sell the business, sell your share to the partner, buy him out or any other option that will allow you to move forward with YOUR plan.

We all know it’s not easy to give up on something you’ve worked so long and hard to achieve. It’s a lot like a marriage that’s gone bad. At some point, however, you have to make the decision not to be the victim of circumstances any longer and make your move to position yourself for a better future.

On a final note: have a thorough assets search (personally and professionally) conducted. Linda found out that her now former partner had actually not followed through on many business aspects she’d thought performed and had also converted important assets to himself.

Good luck with your decisions and the outcome.

BNI Operatives: Street smart; info savvy.

As always, stay safe.

IDNYC – The Largest Municipal ID Program In The Nation; The Good, The Bad and the WTH??

idnyc v02

What is IDNYC?   As of January 15, 2015, New York City became the largest city in the nation to issue municipal IDs. IDNYC is a free, government-issued identification card that is available to all City residents age 14 and older. Immigration status is irrelevant and not factored into eligibility.

How Does One Obtain An IDNYC? From the IDNYC website:

To get an IDNYC card, you must meet the following criteria:

1) At least four (4) points of documents with:

– At least three (3) points of documents proving identity.
– At least one (1) point of documents proving residency.

2) At least one (1) of the documents submitted must have a photo of the applicant, unless the applicant is 21 years old or younger and is accompanied by a caretaker who can demonstrate proof of relationship.

3) At least one (1) of the documents submitted has the applicant’s date of birth.

What documents are acceptable to prove identity?  The usuals (US Passport, Driver’s License and U.S Visa) fulfill the 3-point identity requirement but so does any combination of the following:

  • Expired Foreign Passport – within three years (2 points)
  • NYS Benefits Card without photo (1)
  • Access-A-Ride ID Card (1)
  • NYC Department of Parks and Recreation Membership Card (1)
  • U.S. Individual Taxpayer Identification Number Authorization Letter (2)
  • Your child’s U.S. Birth Certificate – listing applicant as birth parent (1)
  • Certificate of marriage, domestic partnership, civil union, divorce or dissolution (1)

Seriously, NYC government?  Except for the first document (Expired Foreign Passport), none of the above prove identity and all are without photos.  How does having one’s name written on a birth certificate as the Baby Daddy prove jack?  (Unless the applicant’s name happens to be Jack, I suppose.)  And let’s not get cute about a US Individual Taxpayer Identification Number (TIN).  I’ve covered this subject in many Bulletins.  TINs, employed by the IRS since 1995,  are issued to employees without SSNs – sans verification.  You can bet your bottom dollar (and I’m sure they’ll take mine as well) that the IRS will not lose out on collecting taxes. 

So, to recap, with a TIN and a Baby Daddy certificate, one has now proven his identity sufficiently for a government-issued I.D.  With such security measures, what could possibly go wrong? Moving along…

What documents are acceptable to prove identity? Aside from again, the usual forms of I.D., these documents are acceptable as proof of residency:

  • Court Order issued by NYS or Federal Court (dated within 60 days)
  • “Care-of Letter” Issued by nonprofit organization or religious institution in NYC serving homeless individuals or survivors of domestic violence. Entity must currently receive City funding. Letter must indicate applicant has received services from the entity for past 60 days and may use entity’s address for mailing purposes (dated within 14 days). Address on card will be “Care Of” the organization.
  • Letter from City agency, nonprofit organization, or religious institution in NYC that provides services to individuals without a home address (dated within 30 days). No address to appear on card.
  • Letter Issued by a Hospital or Health Clinic in NYC (dated within 30 days). No address will appear on the card.

As to the first acceptable form of residency – you just know someone will walk in with an open bench warrant in his/her name, but remember no stop-n-frisk any more.   We’ve already covered the non-identity confirmation of a TIN filer.  If a tax return to a TINner can’t prove identity, how is it proof of residence??

The last three acceptable proof of residency documents are just too ludicrous for me not to have checked with The Onion first.  I’d hate to commit copyright infringement.  But, no, no.  This is the law in NYC.   A letter from Tommy at the Y will do as proof of residency even though the applicant does not live there.  

The combinations to secure an IDNYC are many and almost all can be perverted for whatever nefarious reasons people chose to pass themselves off as someone else or to remain below the radar.

Why an IDNYC card? Once again, per IDNYC:

Your IDNYC card is a broadly accepted, official form of identification. IDNYC is accepted:

  • By City agencies to access many services and programs;
  • By NYPD for the purposes of issuing summons or desk appearance tickets instead of arrest;
  • For entry into public buildings, like schools;
  • For taking the high school equivalency exam in New York City,
  • For opening up checking accounts.

So we’re going to give the unverified Baby Daddy access to services and programs (read: tax $$$), help him avoid arrest, allow him access to public buildings like schools, courthouses, libraries, etc and open up a checking account where money from anywhere can be laundered, I mean, deposited into. 

If anyone can provide a viable reason for the need for more I.D. cards, please let us know. Someone, with journo creds preferably, should test this system for loopholes (craters) and security soundness.

Not to feed into terror or xenophobia but seriously folks, if the system isn’t broken, must the government always stomp in and wreak hell?  Oh the good part of IDNYC  – 25% discount to see the big blue whale hanging in the main hall of the Museum of Natural History. (I can do that on any given warm day sitting on Jones Beach but that’s an unpublishable column for another day.)

BNI Operatives: Street smart; info savvy, face-palming on account of this article. 

As always, be safe.  

 

Follow

Get every new post delivered to your Inbox.

Join 214 other followers

%d bloggers like this: