The Market Ticker
Commentary on The Capital Markets

There's been zero major media coverage of this, but it has shown up on the web:

Steven I. Weissman, sent President-elect Donald Trump a petition to end predatory pricing in the healthcare industry. The petition, signed by more than 104,000 Americans, was delivered Wednesday evening to Trump Tower in New York City. It is the first petition of its kind, and the first one the president-elect has received regarding healthcare.

Weissman became the president of a Miami hospital when a friend, who founded the hospital, passed away. During his tenure as president, Weissman was able to get an inside look at how healthcare operates in the U.S., and, in his own words, it was “sickening.”

“The biggest problem in healthcare is that there is no pricing at all,” Weissman tells The Daily Caller News Foundation. “It is not a coincidence that the only product or service permitted to be sold in the U.S. without legitimate pricing, is the one which has imposed tremendous financial hardship.”

All of this is already illegal.

It is illegal in the State of Florida under 501.001 - 501.213 to engage in any sort of deceptive practice when it comes to any good or service offered to consumers.  There are additional particular provisions related to seniors, but the general framework is valid for everyone.  There is no exception in that law, nor in similar laws in other states, for any part of health care.

Not actually having a price or varying same based on method of payment without prior disclosure is a per-se and blatantly deceptive act.  Try it when offering oil changes to the public for their cars and see how long you stay out of jail.

Further, these practices are illegal under the entire body of 15 USC Chapter 1.  It is not possible for such an industry to maintain these practices without collusion and yet collision in fixing prices is per-se illegal under 15 United States Code.

It is further illegal to discriminate in pricing of commodities (that is, physical goods) sold, manufactured or used in interstate commerce between buyers of like kind and quantity.  This means drugs, medical supplies and hardware of various sorts, all of which are manufactured and shipped in interstate (and international) commerce cannot lawfully be priced differently between consumers of like kind and quantity of same.  That, once again, is long-standing law (Robinson-Patman) and part of 15 United States Code!  For what it's worth I shoved a several hundred thousand dollar purchase order up a major vendors ******* on exactly that basis when I discovered they were engaged in discriminatory pricing during my years in running MCSNet.  They folded and gave me the same price they had charged others for like kind and quantity.  I had to cut a purchase order with a committed delivery schedule that was rather larger in quantity than I would have preferred, but it was very worth it.

In point of fact this "petition" is amusing but in a non-funny sort of way on several levels.  First, it's hardly new; you can read my Ticker on this point, which in fact was the first that was put in the "Health Reform" category on the Ticker immediately after it was created in 2009.  Or, if you prefer, click here and start reading backwards on the timeline among those articles that remain available.

Second, you can read the voluminous set of articles I've written on this point both before and since in which I have clearly delineated that these practices certainly appear to be in rank violation of both state and federal law and yet nobody goes to jail nor does the government at any level give a damn about you being raped blind by these firms. In fact they not only cheer it on they allow their court systems to be used in your pursuit if you don't knuckle under!  This is not small-ball either -- it constitutes almost one dollar in five spent in the economy today, or somewhere north of $3 trillion a year that is extracted with roughly 80% of it happening due to these practices.  If it's not worth prosecuting at a state or federal level when at least $2 trillion is stolen from you every year exactly how much has to be taken before it will be?

Third, you can contemplate whether passing another law will do a damn thing when nobody will insist on the enforcement of existing law that speaks to the same issue, the same point, and contains not only monstrous civil but felony criminal penalties as well.  This is a body of law that has been on the books in many cases (15 USC) for over 100 years and yet exactly zero hospital administrators have been charged nor have any of the so-called "networks", despite it being clear to anyone who has read said law that these practices are already illegal.

Finally, if you think Trump is going to do one damned thing about any of this you need to get your mouth off his Johnson because he not only won't he will actively make it worse.  We know this to be fact because his HHS appointee is one of the architects in Congress of the existing system and has attempted, in the past, to shove balance-billing, which is an artifact of said system, down the throats of those on Medicare -- that is, Seniors.

View this entry with comments (registration required to post)
 

2017-01-03 07:40 by Karl Denninger
in Editorial , 420 references
[Comments enabled]  

Since the New Year on my desktop the number of ads, and the sheer stupidity of what's being advertised on Facebook has gone exponential.  I now am "treated" to an ad every single time on the first page of the timeline, typically in the second slot and then another on every single page, instead of just on the right hand sidebar and sometimes in the timeline here and there.  Marking one inappropriate, offensive or irrelevant simply guarantees another will be spun just below the page line to immediately appear.  In other words the density of ads has gone from "mildly annoying" to full-on, "****-you-in-the-face" offensive.

These ads are also now full of investment claims and health quackery -- ads such as "things that always happen before you get prostate cancer", scam-filled "dating sites" and "alternative investments" of various sorts.  Interspersed with this are a few ads for something useful -- like a car -- although there is a zero possibility I will want to buy a new car during the next several years.

Perhaps one ad in ten is in that latter "useful" category, in that it is for an actual useful consumer product or service.  The other nine are spam -- and I do mean spam, in that in my email anything of that sort gets flagged and in nearly all cases my Bayes filter catches it before it gets to my inbox -- throwing it in the trash.  Why?  Because these are not ads for CocaCola or a Buick -- they're ads "selling" you some "herbal" nonsense, a subscription to some fairytale garbage site or a quackery-based health scam.

Twitter has gotten equally bad in its "mobile" app to the point of near-uselessness.  Tweetdeck on the desktop browser is, so far, mercifully free of this.

But it won't be for long, I suspect.

Why am I on Facesucker at all?  Only because some of my friends do things during the week that are published there, and thus I can find them easily.

Well, my friends, you're about to have to spend $5/month if you run some group or make 10 seconds worth of personal effort if you'd like to see me at some event you're interested in -- that is, you're about to have set up a web site or email list server using something like Digital Ocean (cost of $5/month or less) and keep a calendar that way.

Or you're going to have to resort to an old-fashioned phone call, text message, or Groupme message.

Why?

Because not long after I post this, if this doesn't almost-immediately stop (and I fully expect it not to) I'm going to either delete my Facesucker account entirely or just quit using it, and probably will also delete the mobile Twitter app.  If Tweetdeck gets invaded I'd stop using that too. I've already removed 2 years worth of my timeline posts on Zuckerpig's monstrosity; the rest will be gone in days.

There's a point of annoyance with spammers advertising "products" and "services" which I consider to be outright frauds and scams that reaches my limit of tolerance, and it's rather much lower than my tolerance level when Ford tries to sell me a truck.  There's also a density problem; yes, I understand sites run ads, but they cannot become the focus of the content or I'm done with you.

Your limit of tolerance may be in a different place than mine, but even if I never buy anything from these assclowns Facesucker claims I saw it, the advertiser pays for it, and thus my mere presence has value to that rat bastard pig in Palo Alto that deserves to have an asteroid fall on his house and leave a smoking hole where he, and everyone related to him, resides today.

Yeah, that's how I feel about Zuckerpig.  He's pushed it too far for me, and he's about be treated as if he doesn't exist -- along with everything he does.

I get it -- some people make money using his site (especially those scamvertisers, I suspect), some people "find friends" (who really aren't their friends; they're just ghosts in a digital machine) and some people -- most, in fact who are on there -- use it as a means to push their dopamine button.  That is, they're addicted and deriving pleasure from it and that is why the scamvertisers have an audience at all.

Those who are actually my friends know how to find me, and if they really want me to show up for some event or express some thought with or to me they can take the 10 seconds to send a text, make a phone call or in some other way make it known what's going on.

If not?  Well, I guess I've learned whether you're really a friend -- or just a ghost in a machine -- haven't I?

That 10 seconds of effort is too much for you?

That's a useful piece of information and I thank you for providing it to me.

View this entry with comments (registration required to post)
 

View this entry with comments (registration required to post)
 

Well now, it appears there is actually a story in here regarding malware tied to Russia:

BURLINGTON, Vt. –  Malware code linked to Russian hackers and found on a Vermont electric utility's computer is further evidence of "predatory" steps taken by that country against the U.S., a Vermont Democratic congressman said Saturday.

....

"This attack shows how rampant Russian hacking is. It's systemic, relentless, predatory," Rep. Peter Welch said in a statement. "They will hack everywhere, even Vermont, in pursuit of opportunities to disrupt our country."

Welch said the breach also underscores that sanctions President Barack Obama took against Russia this week were warranted. Russia, which has denied hacking U.S. systems, has been accused of interference in the U.S. presidential election by hacking American political sites and email accounts.

In other news the person who used that laptop was known to prefer pornographic video of sex with goats (sarc).

First off, said laptop was apparently owned by said utility but, the utility claims at least, it was not in any way connected to any part of their network, especially the parts that actually control its operations.  This leads one to wonder exactly what purpose said laptop had -- perhaps it was part of a meter-reading system in a company vehicle, for example.

"Vermonters and all Americans should be both alarmed and outraged that one of the world's leading thugs, (Russian President) Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety," the governor said in a statement.

Meh.  There's zero evidence to support that allegation.  First, we don't know how the malware got in there.  The most-common means by which it "gets in there" is the installation of a program that someone thought would do something else -- like, for example, play videos of people having sex with goats.

This is the dirty little secret when it comes to "rootkits" and other forms of persistent malware -- it has to get into the machine somehow, and the "somehow" on modern computers requires that you give it permission to install.

Installation on most modern machines is inherently an act that requires elevated privileges to some degree.  These privileges are (sadly) not usually very granular, so when you get the permission to do the installation if the installer has evil code in it that installer can put the evil code into the computer and protect it from being seen through normal means (and removed through normal means!)  This frequently includes corrupting one or more of the system's internal files so that absent a complete reload of the device in question it is virtually impossible to cleanly remove the evildoer's work.

Yes, there occasionally are vulnerabilities discovered that allow "unsanctioned" installations of this sort.  They're called "privilege escalation" attacks and the really ugly part of them is not only how many of them are discovered but that the places they're discovered are in pieces of code that execute with system privileges and thus can modify other, unrelated parts of the system and its software.  Most, but not all, of these pieces of software should not be written to require that sort of privilege but software vendors do it because they're lazy while government, commercial and individual users repeatedly give the vendors a pass instead of bending them over the table and destroying them.

Incidentally, this sort of malware is literally everywhere.  It's used by the people who "cryptolock" files and demand ransom, it is used by those who corrupt machines for the purpose of using them for "denial of service" attacks and as a means of relaying further data without being detected as the source and, sometimes, it is also used to directly target someone for data theft or corruption.

We don't know which was the case here, but it's a fairly good bet that this wasn't exactly a "targeted" attack as if it was it was rather poorly-executed.

Let me remind you that there certainly have been targeted and effective attacks in recent memory allegedly traced to actual state actors.  The OPM data heist is an example of a series of not only massive acts of stupidity inside our government it also illustrated active and intentional covering up of the breach once detected, including lying under oath -- which is a crime.  Yet the number of people prosecuted for said lying under oath and intentionally covering up said breach, which I remind you included fingerprints of millions of individuals along with detailed background check information related to virtually everyone who has held a security clearance in the last 20 years numbers zero.

There has also been no formal claim of "blame" laid on any foreign actor in this regard, although there certainly is more evidence pointing to who was responsible for that breach than either the DNC's hack or this laptop incident in Vermont.

This, I remind you, is despite the fact that China claims to have arrested people involved in same.

Yeah.

Folks, we have a major security problem throughout government and private-sector systems ranging down to the mundane such as your car, TV and cellphone.  We have agencies of our governmental units along with other critical private sector parties (like power companies) that intentionally and willfully ignore known protocols that are highly effective in preventing such attacks.  Among these acts of willful and intentional ignorance include using public email provider accounts or "private" (and poorly constructed) servers (a.k.a. Hillary), allowing corporate and government machines to have installed on them software that has not been vetted, allowing the attachment of external devices without authorization and vetting (e.g. USB drives, etc), continuing to allow the of software that has known security exploits in the field and more.  In the OPM case there were multiple critical breaches of security protocol any one of which would have likely been effective in preventing the attack from succeeding.  Taken together they would have almost-certainly not only prevented the attack but detected the attempts.

Folks, this stuff really isn't all that hard but it does mean that a certain amount of "convenience" has to be foregone.

That's the real problem, you see.  It's convenient to not lock your front door but if you do that the odds of a robber stealing your television go way up because now he can just walk in and take it!  Likewise, an email system that cannot have its storage accessed except via a VPN connection that requires a certificate to connect is extremely secure.  It now is not a matter of simply having someone's password now you have to steal a device and break into itand if you do your access is only good until the person realizes the device was stolen and the key is revoked.  If you configure a machine that is supposed to do a business or government-related thing (e.g. obtain usage data from electric meters and then transfer that to a central site for billing) so that no other connections than the authorized ones work then it becomes very hard to get the malware on the computer in the first place that would then be used to circumvent those controls.  Of course if you do that then the meter reader can't access Amazon, some news site or blog, or the gay sex with goats site using said business computer in the electric company vehicle.

Yeah.

In other words security when it comes to data access is a process, not a product.  You have a bunch of companies running around these days claiming to provide "security solutions" that are in fact nothing more than vendors of software that can easily be put together for free, who package it up and call it a "solution."  It is not.  These same firms then use break-ins as advertising; in other words they are very interested in seeing actual compromises happen because that "increases demand" for their products and services!

An example: Several years ago I raised hell about the so-called "advanced keyless entry" systems on automobiles, which by the way, are now the rule rather than the exception.  It was blatantly obvious to me with only a few minutes of thought that a pair of no-licence-required radios and a relatively small amount of effort (an effort I could trivially make myself) would allow a thief to repeat the signals from your key and car to each other over distances that would make theft trivial.  The key to making such thefts possible is the convenience factor of you not having to press a button on the keyfob -- that is, the car senses the key is near it and acts without a positive action being taken on your part. These systems normally only work within a couple of feet of one another and use a "rolling" code that leads people to "think" they're reasonably secure -- but if I can pick up the signal from one and repeat to the other end and do likewise for the response then I can pretend you are sitting in or standing next to the car when you're actually in the shopping mall!  It now becomes not only trivial to steal the car there is exactly no evidence of how I did it after the fact.

The stupidity of such a design is that if you have to push a button then it goes from trivial to very hard to exploit because now I have to capture you actually using the keyfob and then figure out the encryption so I can determine what the next code is because as a thief I cannot cause the fob to emit the next code by myself.  That's hard.  But if you don't have to push a button then I can simply ask the key for the next code and send it as if the key was sitting next to the car, and....... your nice new car is GONE!

In short we took what was a reasonably-secure system and made it insanely insecure just for the pleasure of your "convenience" in not having to push a button to unlock the damn door!  We took two-factor authentication to open the door (you must have the fob and you must perform the act of pushing the unlock button) and turned it into one-factor and then on top of that made the one factor something you both have and that can be queried without your direct knowledge.

I don't -- and won't -- own a vehicle equipped with such a "convenience" feature -- and that's why.  And what did we see this year? A demonstration.  Oops.

How many of the people reading this are stupid enough to have something like Alexa in their house?  Or a smart TV that responds to voice commands?

Oh, you say, it only records when you say "Heh Alexa" first?  How do you know that to be true, how do you know that the code in that device is secure and has neither a back door or a security problem that has allowed some malignant third party to turn the damn microphone on all the time?

You do know that the cops are testing the claim that Alexa (and Amazon) doesn't have that data, right?  Wanna bet on that?

What the hell is wrong with you?

The same thing that was and is wrong with the government, with the utility in Vermont and elsewhere -- you wish to have so much convenience that you simply don't give a good damn about the fact that you are leaving your front door unlocked and a big "steal my TV" sign in the window.

I've raised a ton of Hell about this over the years, going back to my days writing code for others as a wage slave.

It's a fight that's almost not worth writing about anymore -- except to post great big "Told You So" signs when your car is stolen or your fingerprints (which you can't change like a password, incidentally) are ripped off from the government.

And with that I leave this for the utility in Vermont:

smiley

View this entry with comments (registration required to post)
 

This is the most-laughable pack of tripe I've read in a long time.

DISCLAIMER:
This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within.

How do you know you're about to read a propaganda piece?  That would be a good indication.

This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election,

No it doesn't.  Let me explain.

The next page has a nice diagram that doesn't mesh with what was described.  Specifically, what we know happened (because it was admitted to) was that a spearphishing email set was sent to a large number of people, including John Podesta.

Now here's the rub:

At least one targeted individual activated links to malware hosted on operational infrastructure of opened attachments containing malware. APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure.

Well, no.  There's no evidence for that.

In spring 2016, APT28 compromised the same political party, again via targeted spearphishing. This time, the spearphishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.

There is evidence for this.  In fact, this is what the DNC admitted to.

The rest of the document is boilerplate arm-waving.

Note what's not there: Anything specific that reaches the standard of not even evidence but probable cause.

For instance, spearphishing emails typically look like an "alert" from the targeted credential's site (e.g. gmail) with a link to click and 'reset your password.'  Said link doesn't, of course, actually go to Google -- it goes somewhere else.  Often those people use a "link shortener" (e.g. t.co) to "hide" where the link goes so casual examination doesn't show it.  However, that reference is traceable, it goes to a web address somewhere and the owner(s) of that address or at least who is controlling it can be determined.  If they have been hacked they will typically cooperate (duh!) and now you can find out where that "resource" actually connected to.  Through a relatively-simple process of iterating over that (if there are multiple "hops" involved) you will eventually land on infrastructure the "bad guys" control.

So where's the evidence?

I'm sorry, but "we know" without the evidence is propaganda, not information or even something that rises to the level of an "accusation."  Further, such emails are easily copied and re-used by various evildoers with a change only in the redirect URL -- a trivially easy thing do do and, not-surprisingly, very common.

Since it's not at all hard to figure out where such a redirect went and analyze it from there the fact that the FBI and DHS didn't present that information and since it has been widely disclosed to the entire group of email recipients it  could not be classified either because it's not secret in the first place one can reasonably conclude that the evidence doesn't point where the FBI and DHS claims it does.

But let's leave this propaganda piece and its claims aside -- because really, when you get down to it, it's a sideshow.

Let's instead focus on what was stolen and released irrespective of who did it.

What was stolen was in fact hard evidence, bordering on irrefutable proof, that a major political party in this country intentionally corrupted their own primary process to steal said primary election for one candidate and disenfranchise another.

That is the "damaging information" that was released.

The irony of accusing Russia of "tampering" with our election when the information released, and in fact the only information that had damaging value which was released, was hard evidence of actual tampering with our elections by the Democrat Party itself is not lost on me nor on anyone else with half a functional brain.

That the American people decided to "reward" such election tampering by our own political party, not Russia, with an unexpected loss at the polls is not "evil", it is not "corrupt", it is just desserts.

Had the Democrat Party not tampered with the primaries including, I remind you, multiple apparent proved instances of party insiders being fed debate questions ahead of timethere would have been nothing of value to disclose and no impact from same.

Next, I remind you that we have a Wikileaks insider, the man who claims to have been the actual courier, who has said on the record that a DNC insider, quite possibly Seth Rich, gave him the contents of said emails (other than John Podesta's.)

Leaving aside the outrageous idiocy and lack of care when it comes to security that the DNC exhibited, particularly high-level campaign insiders such as Podesta, in using public email providers (such as Google) the fact remains that there is not only little credible evidence that the DNC's email was "hacked" there is zero evidence provided in the FBI report that Russia had anything to do with it.

Put all that together and then view what Obama did with regard to "new sanctions" in that light -- and what do you get?

An infantile temper tantrum by a puny rat bastard who has watched his party burn itself to the ground under his personal direction and which got caught cheating in our primary elections.  In response he has gone on a wild, uncontrolled and unprincipled slash fest rather akin to Kylo Ren's.

View this entry with comments (registration required to post)
 

Main Navigation
MUST-READ Selection:
2016: What Was And a Preview of 2017

Full-Text Search & Archives
Archive Access

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.