[8 Jan 07-Corrected bad urls]Yesterday, Wisconsin Governor Jim Doyle vetoed legislation that would have exempted the predatory rent-to-own industry from that state's tough consumer laws (Wisconsin State Journal news story). From Governor Doyle's veto statement:)

"The Wisconsin Consumer Act has for decades provided strong protections for Wisconsin consumers, and is considered one of the best consumer protection laws in the country. As Attorney General, I successfully fought in the courts to assure that the Wisconsin Consumer Act applied to rent-to-own transactions. And while SB 268 includes some significant improvements over past legislative efforts, I am not satisfied that it provides adequate protection to consumers."

The misinformation and outright misrepresentations that have been circulated by the groups that opposed the legislation are, if left unaddressed, cancerous to the operation of a fair legislative process. Christopher Korst, Rent-A-Center General Counsel

The New Jersey Supreme Court on March 15, 2006 ruled that the rent to own contract of Rent-a-Center, as used in New Jersey in the case of Hilda Perez, was a Retail Installment Sales contract, and ruled that the maximum legal interest rate was the 30% limit of New Jersey's Criminal Usury Law. Therefore the 80% interest charged to Hilda Perez was illegal.

The predatory rent-to-own boys want the right to promise consumers the American dream of ownership of televisions, refrigerators and even car wheelsets, but don't want to disclose the cost of financing their products. They claim renting-to-own isn't buying a product over time. That's wrong. Even though 45 states or so have rolled over and agreed to allow them to deceive consumers, we're pleased that Wisconsin and New Jersey and a few others are still protecting their residents better. Here's our previous blog and a link to our archive on rent to own. We're watching their efforts to move a federal bill, S 603 (Landrieu-D-LA) or HR 996 (Jones-R-NC) to preempt the right of states to protect their residents better.

Here's a consumer letter (PIRG, Consumers Union, Consumer Federation of America) opposing S 2389, a bill marked up today in Senate Commerce that purports to protect consumer phone records from pretext calling and other privacy invasions. From the letter:

We remain deeply concerned that the bill neither requires carriers to implement meaningful safeguards to protect their customers’ private information nor addresses the problem of widespread sharing of CPNI data by carriers. Given the absence of stronger federal protections for consumers and the broad state preemption preventing states from adopting effective privacy measures, we are unable to support the bill in its current form.

CALPIRG has an IRS Action web page where you can join thousands of consumers telling the IRS No Sale of Tax Records. Register your opposition to an IRS proposal to make it easier for tax preparers to sell your tax information to the highest bidder. Here's the CALPIRG news release. Newspaper editorials are running 100% against. Previous blog with more details.

Here's our letter opposing HR 4127, the DATA bill, on preemption grounds. The DATA bill is the House Energy and Commerce Committee version of data security and breach notification legislation. On policy grounds, it is vastly superior to the worst bill ever, HR 3997, as passed by the Financial Services Committee. We commend the Energy and Commerce managers, Chairman Barton (R-TX) and Reps. Stearns (R-FL) and Dingell (D-MI) and Schakowsky (D-IL) for improving the subcommittee draft immensely. More:

On policy grounds, the full committee substitute is much improved from subcommittee. On policy grounds, we say:

In particular, the bill includes a very strong standard (but still weaker than many state standards) for determining whether notices of breaches will be required. We believe that the bill’s breach trigger will both deter breaches in the first place and require notices in many more circumstances than the weak “risk-based” triggers in most other Congressional proposals (see, for example, HR 3997 as approved by the Financial Services Committee). In addition, the bill imposes Fair Information Practice-based privacy duties on the class of virtually unregulated data brokers like Choicepoint. It also restricts the sordid practice of pretexting, literally not telling the truth, to obtain confidential consumer information.

Nevertheless, we cannot support rolling back the right of states to protect their citizens better. Here's why:

We believe that industry’s claims about the compliance cost of “50 different laws” are unsubstantiated. Indeed, if Congress passes a good enough law, the states will move onto other issues. But if Congress fails to do the job, then the states have demonstrated an ability to respond quickly to new problems. In addition, industry’s allegations about compliance costs are without foundation; a firm can comply nationally simply by ensuring that its practices meet the standards of the one strongest state law. (It should not be impossible to comply with both federal and state law. We do not, nor do other privacy or consumer groups, oppose any provision that would provide that a state law may not be inconsistent with the federal law, provided that it also says that a state law providing greater consumer protection is not inconsistent.) We are extremely troubled that on a wide range of issues from air pollution to food safety to predatory lending to product safety to privacy, the Congress and the administration generally accept industry demands to eliminate fifty laboratories of public policy as a condition of passing what often ends up to be a modest federal law.

Declan McCullagh of CNET News has posted a nice interview with me, with a picture, called Newsmaker: The politics of data security. It's a good summary of why PIRG believes no federal breach notice legislation, especially legislation that preempts stronger state laws, is necessary.

In The Nation, Jeff Chester of the Center for Digital Democracy describes how powerful interests, including Google and Earthlink and others, hope to win a self-serving contract with San Francisco (and other cities) to provide muni wi-fi services. The web product they offer will be slow and clunky, but wait, there's more: the firms hope to capture and track information on users for corporate marketing. As Chester explains:

Consumers and public officials should have no illusions that what is being touted as a public benefit is also designed to spur the growth of a mobile marketing ecosystem, an emerging field of electronic commerce that is expected to generate huge revenues for Google, Microsoft, AT&T and many others.

"subjected to intensive data-mining of their web searches, e-mail messages and other online activities are tracked, profiled and targeted. The inevitable consequences are an erosion of online privacy, potential new threats of surveillance by law enforcement agencies and private parties, and the growing commercialization of culture."

This week, in a speech accepting a lifetime consumer hero award at the Consumer Federation of America's annual conference, U.S. Senator Paul Sarbanes (D-MD) strongly defended the PIRG-backed Sarbanes-Oxley Act passed in the wake of the Enron and Worldcom scandals. More.

Various powerful special interests, who still don't get it, have launched well-funded efforts to rollback the law by regulation, by lawsuit and by new law. For example, HR 1641 (by Rep. Jeff Flake (R-AZ) would make it voluntary, not mandatory, that a CEO attest to, or approve, corporate statements made to shareholders and the SEC. Rep. Ron Paul(R-TX) has a similar bill, HR 1657, gutting the act's critical Section 404, which simply says that companies must have a system of internal controls and CEOS must sign off on corporate statements. While these bills are going nowhere fast, the U.S. Chamber of Commerce (here's a Washington Post piece) and others keep pounding their chests against the law. The Chamber says, without foundation, that:

The unintended expansion of corporate governance rules and excessive compliance demands will cost the nation's 17,000 public companies billions of dollars this year.

The PCAOB's structure was reviewed by the American Law Division of the Congressional Research Service of the Library of Congress and several distinguished professors of constitutional law, and all approved of the structure under relevant constitutional provisions.

We'll miss Senator Sarbanes when he retires at the end of the term (MaryPIRG and U.S. PIRG have also recognized him with achievement awards), but until then, we expect that he'll do his best to block rollbacks of Sarbanes-Oxley and to prevent weakening of state privacy, identity theft and predatory lending laws.

Several attendees have posted detailed blogs on last week's Politics and Idealogy of Intellectual Property Conference in Brussels. More.

I participated (see immediate previous blog) in the event sponsored by the PIRG-backed TACD. Here's Ian Brown's post over at Blogzilla, where he comments on participant Bruce Lehman's revelation that the TRIPs (Trade Related Aspects of Intellectual property) agreement he'd negotiated as a senior Clinton official was a "mistake" for the U.S. Meanwhile, Johanna Gibson, JD, PhD, who runs the Patenting Lives Project of the Queen Mary Intellectual Property Research Institute, University of London has posted her own summary where she says that the event

"demonstrated the ever increasing importance of civil society in international norm setting, and the undeniable importance of "consumers" (indeed, producers in their own right) as stakeholders in international intellectual property law debate."

I'm participating Monday and Tuesday at a conference on The Politics and Idealogy of Intellectual Property in Brussels, Belgium. The conference speakers and issues are worldwide in scope; it is sponsored by the PIRG-backed Trans Atlantic Consumer Dialogue (TACD): From the brochure:

In recent years, intellectual property policy issues have gained higher profiles in Europe and the United States, as debates over patenting of software and business methods, copyright term extensions, the public domain nature of the Human Genome Project, access to medicine, peer-to-peer file-sharing networks, and other hot button issues have attracted a wide public audience...In particular, the meeting will examine how the struggles over the control and ownership of the new knowledge economy relates to our concepts of ideology, in party political positions platforms and political rhetoric.

The New York Times had a story by Damon Darlin Saturday on the issues around the need for strong security freeze laws and the threat to strong state privacy protections posed by Congressional meddling. The piece quotes NJPIRG's Abigail Caplovitz, who helped champion the nation's strongest security freeze law to passage:

Consumer groups are upset that a federal law might supersede what has been done at the state level. "Is Congress going to go soft on crime?" asked Abigail Caplovitz, legislative advocate at the New Jersey Public Interest Research Group. Her group thinks that a law it pushed through the New Jersey Legislature last year cuts down on identity theft because it makes it relatively easy and inexpensive for consumers to lock and unlock their credit reports. "Unless a credit freeze is user-friendly, it is useless because it won't be used," Ms. Caplovitz said.

The Colorado House and Senate have passed a tough indoor air quality law that will essentially ban smoking in all places, except casinos. Here's COPIRG's release. Excerpt:

The bill took a long and bumpy road to get to this point. As originally introduced in the House, it would have required almost every enclosed work place and public place to be smoke-free, including restaurants, bars and casinos. The House exempted casinos and small employers that do not allow the public to enter before sending the bill to the Senate. The Senate then dramatically weakened the bill, adding exemptions for bars, private clubs, bingo and dog tracks. It took a conference committee composed of three members from each house to put the bill back into the form passed by the House of Representatives.

Take action at PENNPIRG to stop the IRS proposal that would allow tax preparers to share your confidential tax records with data marketers. At PennPIRG you can also watch PENNPIRG's Beth McConnell on a CNBC video clip criticizing the proposal. Read our comments and news release. (PDFs)

Today the House Financial Services Committee voted out HR 3997, a bill that threatens to destroy all the good work that the states have done to prevent identity theft, without preventing any itself. Here's a joint release from U.S. PIRG and Consumers Union, publisher of Consumer Reports. The bill establishes weak duties to protect confidential consumer DNA yet grants broad discretion to ignore telling us when banks or other companies lose it. The bill gives identity theft victims only, but not everyone, a clunky consumer-unfriendly right to place a security freeze on their credit report. It then preempts the 8 states that give every consumer the right to a security freeze. Among these is New Jersey's freeze, which is the most streamlined and consumer-friendly. The bill preempts all stronger state protections in a broad array of identity theft areas. Even though it amends the Fair Credit Reporting Act, a law that allows state attorneys general shared enforcement authority, HR 3997 expressly prohibits state Attorneys General from enforcing its provisions. During the debate, numerous supporters of the bill came up with an incredible new argument: "allowing state Attorneys General to enforce federal laws would upset the federal uniformity we seek." Fortunately, this bill is not yet law. For more information, see the previous 4 posts.

Here's the latest 10-group letter opposing HR 3997, easily the worst data breach bill ever. The House Financial Services Committee is scheduled to begin, but perhaps not finish, voting on the bill beginning today. Among the "highlights" of the bill, it would:
-- establish a trigger for data breach notification that experts believe would result in no notices to consumers, because the standard is too high. We only know about the 100 breaches that have occurred since Choicepoint because of the strong California trigger.
-- Establish a weak, but preemptive security freeze that only applies to victims. You've already been shot, so they give you but no one else a bulletproof vest.
-- Establish a process to begin to undercut the privacy protections of the federal Gramm Leach Bliley Act while simultaneously permanently preempting all state activities on financial privacy.
-- Fail to even lightly regulate the activities of data brokers like ChoicePoint, the unregulated company that sold 163,000 dossiers to identity thieves (other than to subject them to the same weak data security rules that shoe stores would be subject to under HR 3997).
-- Expressly disallow state Attorneys General from protecting their citizens from privacy invasions.
-- Fail to assist non-English speaking individuals who have difficulty gaining access to their credit report. The inability of Latinos and other immigrants to access their credit report in languages they can understand means that they will be unable to file complaints and fraud alerts, and monitor their credit report for identity theft purposes.

The latest draft of HR 3997 (See blog entry just below) includes a new section that preempts stronger state freeze laws and implements a weak "victims with police reports" only federal freeze. This makes a bad bill worse.

Security freezes give consumers real control over access to their credit report that no other identity theft prevention action provides them with. Your best defense is going to be a security freeze. A freeze prevents access to your credit report to new creditors. This closes a loophole that identity thieves have exploited, since most businesses will not issue new credit or loans to people without first reviewing their credit reports.

Why shouldn't all consumers have the right to a free or low-cost consumer-friendly (easy-to-use) freeze?? Don't we need "instant privacy" to counter the risk that "instant credit" poses? And don't we need real protection-- protection that the Fair Credit Reporting Act says the credit bureaus should provide us anyway?

Giving the right to a security freeze only to ID theft victims is locking the door after the horse has already left the barn. All consumers should have the right to sleep at night without worrying about identity theft, by placing a freeze on their accounts. It's the only proven way to stop identity theft before it starts.

This important right should not merely be provided after you've already become a victim. What good is that? In fact, granting the right to a freeze only to victims runs counter to industry's basic lobbying claim that existing fraud alert rights are already adequate protection to victims against repeat occurrences. (By the way, they're not: (1) fraud alerts are only available to some consumers and (2) don't absolutely stop credit granting. Presence of a fraud alert merely subjects the creditor to potential liability if it doesn't do certain things.)

On Wednesday, the House Financial Services Committee is scheduled to vote on HR 3997. The so-called Financial Data Protection Act is easily the most problematic, preemptive, loop-hole-ridden and industry friendly proposal that has a chance to move in the Congress. Here's a letter in opposition from PIRG and Consumer Union. Excerpt:

The bill would put in place a weak federal system and overturn many stronger state laws. We believe consumers today would be worse off under this bill than if nothing passed...Had H.R. 3997 been in place, we doubt we would have heard about any of the data breaches that came to light in 2005, which affected tens of millions of Americans.

{Update-corrected internal URL, Nov 2006] Professor Arthur Wilmarth of George Washington University School of Law, one of the nation's leading scholars on banking law and the relationship between state and national bank regulation, has a new scholarly article OCC v. Spitzer: An Erroneous Application of Chevron That Should Be Reversed in BNA's Banking Report. If Professor Wilmarth's view, which we share, is upheld on appeal, one of the chief building blocks behind the Office of the Comptroller of the Currency's massive power grab in 2004, when it issued wide-ranging rules eliminating state consumer protection enforcement authority over national banks and even their state-licensed operating subsidiaries, will begin to crumble. Professor Wilmarth argues that the reasoning of the District Court will wrongly allow the OCC "to expand its jurisdiction, and to alter the balance of federal-state authority, without any clear expression of supporting congressional intent." His article also discusses three similar wrongly-decided OCC cases. He has graciously granted permission for us to post the piece on our website. More:

In OCC v, Spitzer, the Office of the Comptroller of the Currency, an obscure but powerful federal bank regulator, as we note on a special website, OCCWatch, that tracks its activities, successfully challenged New York Attorney General Eliot Spitzer's authority to even investigate possible discriminatory practices by national banks. OCC, as it often does, acted in concert with a group of large financial institutions. In this case, OCC had the back of its patrons at the Clearinghouse, which had filed a parallel case.

The article's title reference to Chevron refers to an important Supreme Court standard from the 1984 case Chevron v. Natural Resources Defense Council describing when a court should rely on, and show deference to, an administrative agency's interpretation of the law. In the article, Professor Wilmarth raises significant Constitutional questions about the ruling. He argues that agencies aren't supposed to get deference for their purely political decisions, nor on matters of preemption, nor, more broadly, should they get deference when Congress has not clearly granted them authority:

The reasoning of the District Court--and of three other federal courts that recently upheld another OCC preemptive rule--suggests that the OCC can rely on Chevron deference as a sufficient basis to expand its jurisdiction, and to alter the balance of federal-state authority, without any clear expression of supporting congressional intent. The Supreme Court's recent decision in Gonzales v. Oregon, which rejected a similar, open-ended claim for deference by the United States Attorney General, makes clear that all four decisions are based on an erroneous understanding of Chevron.

the OCC's regulation should be rejected for the same reason that the Supreme Court struck down the United States Attorney General's interpretive rule in Gonzales v. Oregon--namely, that the regulation conflicts with the "ordinary meaning" and "commonsense" application of the governing statute.