Privacy & Identity Theft

SAN DIEGO - Attorney General Kamala D. Harris today announced that California has reached a $252,000 settlement with two privatized military housing contractors over the companies’ unlawful evictions of 18 military servicemembers and their families from private military housing complexes in San Diego and Orange Counties. 

Attorney General Harris argued that these evictions violated the California Military and Veterans Code, the Servicemembers Civil Relief Act, and other state debt collection laws which protect servicemembers who are sued while serving on active military duty and are therefore unable to appear and defend themselves in court.  These laws prevent the entry of a default judgment unless a lawyer has been appointed to represent the interests of the absent servicemember, and they prohibit the use of false statements to collect a debt.  In addition, the contractors allegedly violated California privacy laws by filing court documents that included unredacted Social Security numbers, birth dates, or other personal information of nearly 100 servicemembers and military family members.

The defendants, Lincoln Military Property Management LP and San Diego Family Housing LLC and their eviction law firm, Kimball, Tirey & St. John LLP, are required to pay $200,000 in civil penalties, as well as provide $52,000 in debt relief for the servicemembers harmed by their conduct and assist victims with restoring and repairing credit history.  The settlement also requires the defendants to provide privacy protections to victims, including identity theft repair and mitigation services for one year following notification.  In addition, any default judgment evicting a servicemember and his or her family that was unlawfully obtained will be dismissed.

“It is unconscionable that companies would prey upon and illegally evict servicemembers and their families from their homes,” said Attorney General Harris. “This agreement holds these contractors accountable for their unlawful conduct – including illegal evictions and privacy violations – and ensures that veterans’ rights under the law are protected.  I want to thank the Navy Region Legal Service Office (RLSO) Southwest of San Diego for helping us secure justice for the servicemembers harmed by these companies.”

The complaint, filed today in San Diego Superior Court, alleges that Lincoln routinely evicted tenants from its private military housing complexes while failing to file affidavits that accurately reflected the military status of the servicemembers.  The defendants also violated California privacy laws by disclosing the personal information of servicemembers, exposing at least 100 victims to a risk of identity theft.  

The United States Department of Justice is filing a parallel complaint in the U.S. District Court for the Southern District of California alleging violations of federal law.

This is Attorney General Harris’s second action against a company that violated the Servicemembers Civil Relief Act.  The first was against JP Morgan Chase, which violated the Act in obtaining default judgments against servicemembers on credit card debt.  The Attorney General also obtained a $1.1 billion judgment against Corinthian Colleges, which illegally used the official seals of the military services in advertisements to entice servicemembers and veterans to enroll in its programs. 

The Attorney General’s office has provided training and technical support to JAG legal assistance attorneys at military installations throughout California.  The Attorney General has also issued multiple consumer alerts to help members of the military protect themselves from fraud and scams.  Her most recent alert for servicemembers and veterans, issued in honor of Memorial Day, provides tips on how to avoid common scams including rental scams, pension scams, predatory auto sales and financing, and education rip-offs.

A copy of the complaint is attached to the online version of this news release at www.oag.ca.gov/news.

LOS ANGELES – On Saturday, April 30, Attorney General Kamala D. Harris, AARP CA, and the District Office of Councilman Curren Price will hold Shred Fest 2016, a Los Angeles event where consumers can learn about how to prevent identity theft by shredding personal documents and other sensitive records for free. 

Saturday’s event is part of an ongoing partnership between AARP and Attorney General Harris’s office to protect consumers from identity theft and fraud and is one of several Shred Fest 2016 events scheduled for communities nationwide.  Shred Fest is also part of Money Smart Week®, supported by AARP’s Fraud Watch Network and the AARP Foundation.

“We must be vigilant in prosecuting those who take advantage of seniors and work to educate all Californians on how to avoid the increasing risks of identity theft, fraud and scams,” said Attorney General Harris. “‘Shred Fest 2016’ will help seniors safely dispose of sensitive documents and learn key strategies to protect themselves against identity theft.”

Information about Los Angeles Shred Fest 2016:

Saturday, April 30, 2016
4301 S. Central Avenue, Los Angeles, CA  90011
Shredding service begins at 10 a.m. and will continue until 2 p.m.

“Financial fraud causes millions of dollars in losses each year,” said Councilman Curren Price. “With the tax-filing season behind us, we’re encouraging taxpayers to do a spring cleaning of their old financial documents and other records.” 

“Identity thieves routinely search through dumpsters and trash cans, looking to find confidential information.  Our Shred Fest 2016 event will allow consumers to discard this paperwork in a safe and secure manner,” said Nancy McPherson, AARP CA State Director.

To avoid having your sensitive information compromised, security experts recommend shredding of the following types of materials:

• Old documents: Papers that carry your Social Security number, birth date, signature, account numbers, passwords or PIN numbers.
• Banking: Canceled or unused checks.  Shred deposit slips and ATM and credit card receipts, once you receive your monthly statements.
• Credit Cards: Preapproved credit card applications and incentive/gift checks from credit card companies.
• Medical: unneeded medical bills.
• Investments: Investment account statements.
• Obsolete ID cards: Expired driver’s licenses, medical insurance cards and passports.

Last year, Attorney General Harris partnered with AARP to protect seniors from fraud and abuse in a collaboration that includes tele-town halls and webinars to educate seniors, their families and the general public about legal protections designed for people age 50 and over. Together with the AARP Fraud Watch Network, Attorney General Harris’s office has created and disseminated consumer and educational resources to protect seniors against scams and schemes.

More resources to protect against identity theft are available on the Attorney General’s website at: http://oag.ca.gov/idtheft.

LOS ANGELES - Attorney General Kamala D. Harris and five district attorneys today announced a $8,500,000 settlement with Wells Fargo Bank over privacy violations that included recording consumers’ phone calls without timely telling consumers they were being recorded, as required by California law. The investigation into Wells Fargo and the subsequent settlement were the result of the work of the Attorney General’s Office and the office of Los Angeles County District Attorney Jackie Lacey, along with the Consumer Protection Divisions of Alameda County District Attorney Nancy E. O’Malley, Riverside County District Attorney Michael Hestrin, San Diego County District Attorney Bonnie M. Dumanis and Ventura County District Attorney Gregory D. Totten.

As part of the settlement, which is in the form of a stipulated judgment, Wells Fargo will pay civil penalties totaling $7,616,000 and will reimburse the prosecutors' investigative costs of $384,000. In addition, Wells Fargo will contribute $500,000 to two statewide organizations dedicated to advancing consumer protection and privacy rights.  

“Protecting the privacy of California consumers is increasingly crucial as technology rapidly develops and becomes a bigger part of our lives,” said Attorney General Harris. “This settlement holds Wells Fargo accountable for violating the privacy of its customers by recording calls without providing adequate notification, and ensures that the bank makes the changes necessary to protect the privacy of its customers.”

The civil complaint, filed in Los Angeles Superior Court, alleged that Wells Fargo violated sections 632 and 632.7 of the California Penal Code by failing to timely and adequately disclose its automatic recording of phone calls with members of the public. California has some of strongest privacy laws in the country.  In California, each party to a confidential conversation must be advised at the outset if a call is being recorded, so that the individual can object or terminate the call if he or she does not wish to be recorded.

In addition, the settlement agreement states that Wells Fargo must comply with California's standards for recording confidential communications between the bank and its customers by making clear, conspicuous, and accurate disclosures.  Wells Fargo has also agreed to implement an internal compliance program to ensure that the policy changes are made. This is a significant step that is aligned with Attorney General Harris’ ongoing efforts to preserve California businesses’ ability to innovate while ensuring that consumers’ right to privacy is protected.

“Wells Fargo failed to recognize that Californians place a high value on privacy,” said Los Angeles County District Attorney Jackie Lacey. “Today’s settlement takes another step toward ensuring that consumers’ rights are protected.”  

“The collaboration of the District Attorney’s Offices and the Attorney General resulted in today’s settlement,” said Alameda County District Attorney Nancy E. O’Malley. “As information technology reaches ever further into the lives of our citizens, strict compliance with California’s privacy laws becomes ever more imperative to protect the rights of those individuals.”

“Preserving an individual’s right to privacy is among the greatest challenges we face in the Digital Age,” said San Diego County District Attorney Bonnie M. Dumanis. “This settlement underscores our office’s commitment to protecting San Diego County consumers from intrusions and privacy violations in the marketplace.”

Once Wells Fargo was notified by investigators of the alleged deficiencies in their recording disclosures, the bank and its counsel worked cooperatively to implement changes in the company’s policies nationwide, without admitting liability.

In October 2015, Attorney General Harris reached a similar settlement with Houzz Inc., an online platform for home remodeling and design, to resolve allegations that the company violated California privacy laws by recording incoming and outgoing telephone calls without notifying all parties on the call that they were being recorded. The settlement required Houzz to appoint an individual to serve in a Chief Privacy Officer capacity to oversee Houzz’s compliance with privacy laws, marking the first time such a provision has been included in a California DOJ settlement.  . 

Copies of the complaint and stipulated judgment are attached to the online version of this release at www.oag.ca.gov.

SAN FRANCISCO – Attorney General Kamala D. Harris today addressed the Stanford Cyber Initiative to release a comprehensive report detailing the nature of data breaches reported to her office over the past four years.  The report found that between 2012 and 2015, there were 657 data breaches, which compromised over 49 million records of Californians’ personal information.   The report is accompanied by recommendations from the Attorney General for organizations, businesses and lawmakers on how to protect against data breaches, and points to a specific set of actions that companies and organizations should start with to meet the state and federal mandates of reasonable security. Last year, 178 breaches placed 24 million records of Californians at risk.  This means that as many as three in five Californians may have been victims of a data breach in 2015 alone. “Government and the private sector have a shared responsibility to safeguard consumers from threats to their privacy, finances, and personal security,” said Attorney General Harris.  “California is leading the nation with measures to prevent data breaches, but we can do better.  This report clearly articulates basic steps that businesses and organizations must take to comply with the law, reduce data breaches, and better protect the public and our national security.” The report includes information on the most common types of data breached, explains what types of breaches different industry sectors were most susceptible to, and provides recommendations to reduce the frequency and impact of future breaches.

Types of Data Breached 

• Social Security numbers, payment card data, and medical information were the top three types of data breached over the past four years.

Industry Sectors 

• The retail sector has been the most vulnerable industry, accounting for 24% of breaches and 42% of records breached in the past four years.
• The financial sector accounts for the second largest share of breaches at 18%, and 26% of records breached. Social Security numbers are the most common data breached in this sector.
• The healthcare industry accounts for 16% of breaches, and continues to be particularly vulnerable to physical breaches.
• Small businesses represent 15% of all reported breaches.

Recommendations for Organizations

• Adopt the Center for Internet Security’s Critical Security Controls as the start of a comprehensive information security program, since not doing so would be indicative of a failure to provide reasonable security.
• Make multi-factor authentication available on consumer-facing online accounts that contain sensitive personal information.  This procedure provides greater protection than the username-and-password combination typically used for online shopping accounts, health care websites and patient portals, and web-based email accounts.
• Consistently use strong encryption to protect personal information on laptops and other portable devices, and consider using it for desktop computers.  This is particularly important for health care, which appears to be lagging behind other sectors in this area.
• Encourage individuals affected by a breach of Social Security numbers or driver’s license numbers to place a fraud alert on their credit files.  This measure is free, fast, and effective in preventing identity thieves from opening new credit accounts.

Recommendations for State Policy Makers

• Collaborate to harmonize state breach laws on key dimensions.  Such an effort could reduce the compliance burden for companies, while preserving innovation, maintaining consumer protections, and retaining jurisdictional expertise.

As data threats evolve, California must remain at the forefront of identifying and implementing creative and effective ways to fend off attackers.  In 2004, California passed its information security statute (AB 1950, Wiggins), which requires businesses that collect personal information to use “reasonable security practices and procedures.” In 2003, California became the first state to mandate data breach notification, requiring businesses and state agencies to inform consumers when a security breach compromises their personal information (AB 700, Simitian). As of 2012, any breach involving more than 500 Californians must be reported to the Attorney General’s Office (SB 24, Simitian).

Attorney General Harris has invested the best talent and resources of the California Department of Justice into the fight for cyber security.  In 2011, she created the eCrime Unit, which is tasked with investigating and prosecuting large-scale identity theft, technology crimes, and crimes that target electronic devices, networks, or intellectual property.  In 2012, Attorney General Harris established the Privacy Enforcement and Protection Unit to enforce and regulate state and federal laws regulating the collection, retention, disclosure, and destruction of personal information, as well as to educate organizations and consumers on privacy responsibilities and rights.

Furthermore, a number of recommendations from Attorney General Harris’s previous data breach reports have been enacted into law.  SB 46 (Corbett), which took effect in January 2014, added online account credentials to the list of personal data covered under SB 24 (Simitian).  In 2014, AB 1710 (Dickinson) was enacted, requiring the source of a breach of such data to offer identity theft prevention or mitigation services at no cost to the affected person and for no less than 12 months.  The law took effect in January 2015.  In 2015, SB 570 (Jackson) amended the breach law to require the use of a format for breach notices that makes them easier to understand. It took effect in January 2016.

View the full California Data Breach Report February 2016.

SAN FRANCISCO – California Attorney General Kamala D. Harris is commemorating international Data Privacy Day by reminding consumers of three easy steps to take to protect against identity theft in 2016. Attorney General Harris is also partnering with Facebook to share privacy tips for Facebook users, as part of her commitment to incorporating technology into government. The Attorney General’s Facebook video message can be found here: http://on.fb.me/dataprivacydaycalifornia. January 28, Data Privacy Day, is observed in the U.S., Canada and Europe as an opportunity to promote privacy awareness.

Identity theft is a privacy crime that cost individuals and businesses $16 billion in 2014,the last year for which information is available.[1] There were 12.7 million victims of identity theft in the U.S. – that is one victim every 2.5 seconds. Over 1.5 million victims were in California.

The following three Data Privacy Day tips are a good starting point for consumers to begin to protect themselves from identify theft.

1.     Order your credit reports (free).  

Consumers are highly encouraged to regularly monitor their credit files. Proactive credit monitoring can help consumers catch errors and quickly identify potential identity theft issues. Consumers are entitled by law to get a credit report from each of the three major credit bureaus every year, at no cost.

FREE annual credit reports can be ordered online at www.annualcreditreport.com or through the toll-free phone number:  (877) 322-8228. After receiving the reports, make sure to review them thoroughly for information that is not recognized and take action on anything suspicious. For more information, please visit: How to Order Your Free Credit Reports: Tips for Consumers.  All consumers are entitled to one free credit report every 12 months, from each credit reporting company, and should not have to input or share credit card information for these reports.

2.     Protect your electronics with strong passwords (free).

Smartphones and tablets contain a lot of personal information, such as banking, shopping, and location information in apps and emails. Consumers should make a habit of locking their devices just as they lock their homes and vehicles. Additionally, rather than using a 4-digit passcode which can be cracked in minutes, consumers should use a strong password that contains at least 8 characters, including letters, numbers and symbols. Consider using a phrase and substituting numbers and symbols for letters. For example, “how much wood would a woodchuck chuck?” might be Hmww1wcc? (Don’t use that one!)  

Many smartphones, including both Apple and Android phones, provide lock or passcode tools in the “Settings” feature of their devices. Device manufacturers today offer advanced technologies like fingerprint sensors and “lock patterns” that can make it very difficult to access a stolen device.

General screen lock information:

• iPhones and iPads (iOS)

New Apple products protect devices with a thumbprint or a numeric passcode, or a combination of both.

From home screen, select SETTINGS, then TOUCH ID & PASSCODE. On older products, select SETTINGS, then GENERAL, then PASSCODE.  Follow instructions and remember to set how quickly you want the device to lock (one minute, five minutes, etc.)

More on Apple locks: www.support.apple.com/en-us/HT204060 

• Android devices

Depending on your type of device, Android allows you to use a pattern unlock, a personal identification number (PIN), or an alpha-numeric password. Though the language varies in different Android devices, you can generally follow this path:

Select MENU on the home screen. Select SETTINGS, then SECURITY, then CHANGE SCREEN LOCK.

Check the version of your Android device: www.support.google.com/nexus/answer/4457705

More on Android locks: www.support.google.com/nexus/answer/2819522?hl=en

For more information on strong passwords, please visit:  Safe Password Practices - Refresh Here!

3.     Freeze your credit files ($30) – or place a fraud alert (free).

Consumers who believe they may be victims of identity theft should consider freezing their credit files. A credit freeze is the strongest consumer protection against serious types of identity theft that involve Social Security numbers. It prevents the opening of new accounts but does not affect existing credit accounts. Credit freezes remain on accounts until the account holder temporarily or permanently lifts the freeze.

To activate a credit freeze, consumers must contact each of the three credit bureaus. Once the credit bureaus have frozen the requested credit records, a potential thief cannot open a credit account, get a loan, or do certain other things in the account holder’s name. Consumers who need to open a new credit account during the freeze can “lift” the freeze in advance for a limited period of time by contacting the credit bureau (sometimes for a small fee).

Credit freezes are free to victims of identity theft who have a corresponding police report.  Otherwise, freezes cost $10 per credit bureau.  For consumers 65 and older, each freeze is $5. For more information, please visit: How to “Freeze” Your Credit Files

An alternative to a freeze is a fraud alert. Consumers who are in the market for new credit, insurance, or employment may find a credit freeze cumbersome as the freeze must be lifted every time a request is made for new credit. Instead, consumers looking for new credit may want to consider placing a fraud alert on their accounts. Fraud alerts offer a free, fast, and effective way to protect against a potential identity thief opening new credit accounts under an account holder’s identity. A fraud alert signals to credit grantors that requests for new credit accounts or credit extensions may be coming from an identity thief and it requires merchants to take extra steps to verify the identity of the applicant. To place a fraud alert, consumers only need to contact one of the three credit bureaus, which will result in all three placing the alert. A fraud alert lasts 90 days and can be renewed.

For more information on fraud alerts, visit: Breach Help: Consumer Tips from the Attorney General

ADDITIONAL INFORMATION

California Attorney General identity theft information:  www.oag.ca.gov/idtheft

California Attorney General privacy information:  www.oag.ca.gov/privacy

Data Privacy Day: https://www.staysafeonline.org/data-privacy-day/about.

[1] Javelin Strategy & Research, 2015 Identity Fraud Study, available at www.javelinstrategy.com.

SACRAMENTO - Attorney General Kamala D. Harris and Placer County District Attorney R. Scott Owens today announced the arraignment of Riley Bangerter, 36, of Roseville, on 11 charges of identity theft, in a case of cyber harassment. Bangerter pled not guilty when he was arraigned on January 11, 2016.

Bangerter was arrested on December 3, 2015, following an investigation by Attorney General Harris’ eCrime Unit, which found that he had superimposed images of his ex-wife onto pornographic images and posted them online, accompanied by her personal identifying information.

“Bangerter’s heinous actions sought to humiliate, belittle and destroy the personal and professional life of his victim,” said Attorney General Harris.  “This prosecution sends a clear message to all who dare to perpetrate the crimes of cyber harassment and cyber exploitation, that these cowardly acts will not be tolerated in California.  I thank the Placer County District Attorney’s office for their partnership and commitment to holding Bangerter accountable for these deplorable acts.”

Bangerter is charged with identity theft – violating Penal Code section 530.5, which prohibits the misuse of personal identifying information.  The case is being prosecuted by the Placer County District Attorney’s office.

During her tenure, Attorney General Harris has pioneered the prosecution of cyber exploitation cases, successfully securing criminal convictions and sentences for those who post intimate photos or videos online without the consent of the individual depicted. 

In 2011, Attorney General Harris created the eCrime Unit within the California Department of Justice to identify and prosecute identity theft crimes, cybercrimes and other crimes involving the use of technology.  In April 2015, Attorney General Harris announced that Kevin Bollaert was sentenced to eighteen years of incarceration (a sentence later revised to eight years in prison followed by ten years of mandatory supervision) for operating a cyber exploitation website, ugotposted.com.  The site allowed the anonymous, public posting of nude or explicit photographs without the subject’s permission and also included the subject’s full name, location, age and Facebook profile link.  Bollaert also extorted victims, charging them $250 to $350 to remove the content posted without their permission.

In June 2015, Attorney General Harris announced a three-year jail sentence for Casey Meyering, who operated a cyber exploitation website called WinByState.com and an associated site TakedownHammer, where he extorted victims seeking to have their images removed.  Charles Evens, who hacked into email accounts to steal intimate images and then sold the images to cyber exploitation website operator Hunter Moore, pleaded guilty to hacking in June 2015.

Attorney General Harris convened a Cyber Exploitation Task Force in February 2015, a public-private partnership comprised of 50 major technology companies (including Microsoft, Google, Facebook, Yahoo, and Twitter), victims’ advocates, and legislative and law enforcement leaders.  In October 2015, Attorney General Harris and the task force unveiled a  first-of-its-kind online resource hub with tools for victims, the technology industry, and law enforcement agencies.

In September 2015, Governor Jerry Brown signed into law two new measures Attorney General Harris sponsored to combat and prevent cyber exploitation.  Senate Bill 676 (Cannella, R-Ceres) enables law enforcement to destroy cyber exploitation images and AB 1310 (Gatto, D-Glendale) allows search warrants to be issued for crimes related to cyber exploitation and allows for the prosecution of cyber exploitation cases in the county where the victim resides or in the county where the images were posted.

SAN FRANCISCO - Attorney General Kamala D. Harris and Alameda County District Attorney Nancy E. O’Malley today announced a settlement with Comcast Cable Communications LLC (“Comcast”) to resolve allegations that Comcast both unlawfully disposed of hazardous waste and discarded records without first omitting or redacting private customer information. As part of the settlement, Comcast will pay a total of $25.95 million. 

“Comcast’s careless and unlawful hazardous waste disposal practices jeopardized the health and environmental well-being of California communities and exposed their customers to the threat of identity theft,” said Attorney General Harris. “This agreement holds Comcast accountable for breaking the law and puts strict measures in place to prevent them from putting Californians and our environment at risk in the future.”

“Today’s settlement represents a victory in California’s ongoing efforts to ensure that hazardous waste is disposed of in a safe, legal and environmentally sustainable manner,” states Alameda County DA Nancy E. O’Malley. “Not only will my office pursue all necessary legal action against entities that pollute our environment, but we will also use all legal means to ensure California’s consumers’ private information is protected.  My office will continue to work together with state and local agencies to investigate and prosecute violations against our environment.”

The civil enforcement action and proposed settlement against Comcast were filed today in Alameda County Superior Court by Attorney General Harris and District Attorney O’Malley. The settlement requires court approval before it becomes final.

Today’s announcement stems from a robust investigation by the offices of Attorney General Harris and District Attorney O’Malley, assisted by the Department of Toxic Substances Control and the California Highway Patrol. According to the investigation, since 2005, Comcast warehouse and dispatch facilities and customer service centers throughout the state unlawfully handled and disposed of various hazardous waste products, routinely and systematically sending these materials to local landfills that were not permitted to receive these items. The majority of the hazardous waste was electronic equipment such as remote controls, splitters, routers, modems, amplifiers, and power adapters. The investigation also uncovered that Comcast discarded documents containing sensitive customer information, including names, addresses and phone numbers, into the trash without shredding them or making them unreadable, potentially exposing the information to identity thieves.

If approved by the court, under the final judgment, Comcast must pay $19.85 million in civil penalties and costs. An additional $3 million will fund projects furthering environmental and consumer protection and enforcement in California. Comcast will also be providing CalRecycle with $2.25 million in airtime over a four-year period and $150,000 to develop and produce public service announcements that educate the public on the proper handling and disposal of hazardous waste they might generate, including electronics. Finally, Comcast will spend a minimum of $700,000 to enhance its environmental compliance and will be prohibited from violating these laws in the future, under the terms of a permanent injunction.

Upon notice of the investigation, Comcast agreed to cooperate and, at the request of the Attorney General and the Alameda County DA, took interim steps to improve its hazardous and universal waste management compliance programs. As part of the settlement, Comcast has committed to fund multiple measures over the next five years to enhance its environmental compliance. Comcast will also be required to hire an independent auditor to conduct three audits of its environmental and customer privacy compliance over the next five years. There are ten Comcast facilities in Alameda County and all ten facilities are subject to the terms of the settlement.

Last year, Attorney General Harris and District Attorney O’Malley reached a $23.8 million settlement with AT&T over similar hazardous waste disposal violations.

Copies of the civil enforcement action and proposed settlement are attached to the online version of this release at oag.ca.gov/news.

SAN FRANCISCO - Attorney General Kamala D. Harris today released guidance on location privacy on smartphones, tablets, and email as part of National Cyber Security Awareness Month, a campaign to promote a safer, more secure, and more trusted Internet.

The Attorney General’s new information sheet, Location, Location, Location: Tips on Controlling Mobile Tracking, comes at a time when nearly two-thirds of Americans own a smartphone. In fact, it’s been reported that the average consumer is never more than three feet away from his or her phone.[1]

Connected devices are convenient, but they also pose unique privacy challenges. Our smartphones and tablets are “always on” and “always on us,” broadcasting where we are, where we have been, and even where we are going. This is a concern for many of us, and for domestic violence and stalking victims, it can be dangerous.

Location, Location, Location explains how to use system settings on Android and iOS devices to manage GPS and other location tracking functions.  The new information sheet also explains how email location tracking works and offers step-by–step instructions for stopping it in Gmail, Outlook, and Yahoo Mail.

Location, Location, Location can be found with Getting Smart About Smartphones, Breach Help, and a library of easy-to-read privacy materials on the Attorney General’s website at www.oag.ca.gov/privacy/info-sheets. 

Resources

Location, Location, Location: Tips on Controlling Mobile Tracking: https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/cis-18.pdf?

Getting Smart About Smartphones: Tips for Consumers 

English: www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/smartphones_consumers.pdf

Spanish: www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/CIS_15a_smartphonesConsumer_sp.pdf

Getting Smart About Smartphones: Tips for Parents

English: www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/smartphones_parents.pdf

Spanish: www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/CIS_15b_smartphonesParents_sp.pdf

National Cyber Security Awareness Month: www.staysafeonline.org/ncsam/

[1] www.getelastic.com/the-end-of-bricks-and-mortar-retail-as-we-know-it/

LOS ANGELES - Today, Attorney General Kamala D. Harris announced the launch of a new, first-of-its-kind online resource hub with tools for victims, technology companies and law enforcement agencies to combat cyber exploitation, the criminal act of posting intimate photos or videos online without the consent of the individual.  Today’s announcement is a culmination of nine months of work by the Attorney General’s Cyber Exploitation Task Force, a collaboration between the Department of Justice, major technology companies, law enforcement, and victims’ advocates. 

In response, elected officials and leaders in the technology industry released the following statements of support:

Antigone Davis, Head of Global Safety Policy, Facebook:

"Sharing intimate images of someone without their consent can be both devastating and dangerous for the victim. Such activity is not allowed on Facebook and we are proud to support Attorney General Harris’ anti-cyber exploitation initiative to raise awareness of this abhorrent practice and promote tools to fight it.”

Jacqueline Beauchere, Chief Online Safety Officer, Microsoft:

"Non-consensual distribution of sexual content, commonly known as ‘revenge porn’, is a horrific violation of privacy that can damage nearly every aspect of a victim’s life. Microsoft commends Attorney General Harris' commitment to this issue and we are proud to support this effort to help ensure victims have easy access to the tools they need to regain control of their images and their privacy. We hope this new online hub, which includes reporting information for online services such as Microsoft’s new reporting site for Bing, OneDrive and Xbox Live, will prove to be a valuable resource for victims."

Danielle Keats Citron, Lois K. Macht Research Professor & Professor of Law, University of Maryland Carey School of Law:

“Attorney General Kamala Harris's Working Group has set a major milestone in the fight against cyber exploitation today.  In my research of hate crimes in cyberspace, I’ve interviewed more than 50 exploitation victims.  Victims had a hard time finding employment because their nude images and contact information appeared prominently in online searches. They were terrified that strangers would confront them in person. They moved; some changed their names; all were distraught. The fallout was devastating. AG Harris's work is groundbreaking, educating victims about their rights, providing training to law enforcement, securing essential legislation, and working with companies on best practices. The Working Group's efforts in California are a model for the rest of the country.” 

John Doherty, Vice President of State Policy & Politics and General Counsel, TechNet:

“TechNet applauds Attorney General Kamala Harris' efforts to crack down on cyber exploitation, which violates a victim on a deeply personal and private level.  We’re proud that the technology industry has come together in support of this important issue to provide victims an avenue of protection. Over the past 50 years, the Internet has revolutionized the way we communicate, engage in commerce, and collaborate with friends and colleagues around the world.  Overwhelmingly, these changes have been a force for good.  But, clearly there is a dark side, and we must remain vigilant in the effort to protect Internet users from this type of terrible and troubling cyber exploitation.” 

Bob Stresak, Executive Director, California Commission on Peace Officer Standards and Training (POST):

“The Commission on Peace Officer Standards and Training is honored to be a part of the Attorney General’s working group in a progressive effort to combat cyber exploitation.  As technology advances, criminal activity takes new forms.  This often presents challenges for law enforcement.  Law enforcement must advance in its ability to proactively address and effectively respond to those challenges.  To that end, the Commission on POST will continue in its commitment to provide the best training available to the law enforcement community.”

California Assemblymember Mike Gatto (D-Glendale):

“Cyber exploitation is a serious crime.  I was proud to partner with Attorney General Harris on legislation to eliminate jurisdictional loopholes and give additional tools to law enforcement to investigate and prosecute this type of crime. The Department of Justice’s resource hub will play an important role in the fight to end cyber exploitation in California.”

California Senator Anthony Cannella (R-Ceres):

“Cyber exploitation greatly disrupts the lives of victims.  I am glad that California remains in the forefront of fighting this horrendous crime. We need victims to be more aware that there are resources to protect them.  This is a valuable tool to help in ending cyber exploitation.”

LOS ANGELES - Attorney General Kamala D. Harris today announced the launch of a new, first-of-its-kind online resource hub with helpful tools for victims, the technology industry and law enforcement agencies to combat cyber exploitation, the criminal act of posting intimate photos or videos online without the consent of the individual.  Today’s announcement is a culmination of nine months of work by the Attorney General’s Cyber Exploitation Task Force, a collaboration between the Department of Justice, major technology companies, law enforcement, and victims’ advocates.   

“Posting intimate images online without consent is a cowardly crime that humiliates and belittles victims,” said Attorney General Harris. “These new tools will assist law enforcement in combating cyber exploitation and support victims in seeking justice. I would like to thank our partners from our task force, whose work will have a global impact in combatting this heinous crime.”

Attorney General Harris’s effort is centered on a newly created online resource hub that will work to empower victims with information on how to have images posted without permission removed from popular websites and search engines, and provide clear guidance to local law enforcement about new and existing laws to investigate and prosecute cyber exploitation cases. The resource hub will include a Best Practice Guide for technology companies to help them develop policies that prevent the posting and sharing of cyber exploitation images. 

Designed to be a one-stop-shop for law enforcement, victims and technology companies, the site will include information graphics with steps individuals can take after being a victim of cyber exploitation, and the first-ever comprehensive collection of major technology platforms’ privacy policies and links to report improper use of intimate images and how to have them removed from social media sites and online search engines.

“Attorney General Kamala Harris's Working Group has set a major milestone in the fight against cyber exploitation today.  In my research of hate crimes in cyberspace, I’ve interviewed more than 50 exploitation victims.  Victims had a hard time finding employment because their nude images and contact information appeared prominently in online searches. They were terrified that strangers would confront them in person. They moved; some changed their names; all were distraught. The fallout was devastating,” said Danielle Keats Citron, Lois K. Macht Research Professor & Professor of Law at the University of Maryland Carey School of Law. “AG Harris's work is groundbreaking, educating victims about their rights, providing training to law enforcement, securing essential legislation, and working with companies on best practices. The Working Group's efforts in California are a model for the rest of the country.”

“TechNet applauds Attorney General Kamala Harris' efforts to crack down on cyber exploitation, which violates a victim on a deeply personal and private level.  We’re proud that the technology industry has come together in support of this important issue to provide victims an avenue of protection,” said John Doherty, Vice President of State Policy & Politics and General Counsel at TechNet. “Over the past 50 years, the Internet has revolutionized the way we communicate, engage in commerce, and collaborate with friends and colleagues around the world.  Overwhelmingly, these changes have been a force for good.  But, clearly there is a dark side, and we must remain vigilant in the effort to protect Internet users from this type of terrible and troubling cyber exploitation.”

In tandem with the launch of the anti-cyber exploitation initiative, Attorney General Harris issued a Law Enforcement Bulletin, with instructions for all California law enforcement agencies on how to use and enforce new and existing laws related to cyber exploitation crimes. This past legislative session, Attorney General Harris sponsored two bills to enable more effective prosecution of cyber exploitation crimes: AB 1310 and SB 676. Both laws were signed by Governor Jerry Brown and become effective January 1, 2016. 

AB 1310, sponsored by Assemblymember Mike Gatto (D-Glendale), expands the jurisdictional options for prosecuting cyber exploitation cases and allows law enforcement to use a search warrant to investigate cyber exploitation cases. SB 676, sponsored by Senator Anthony Cannella (R-Ceres), adds cyber exploitation to the list of computer crimes eligible for forfeiture and destruction of property as part of a judgment and provides law enforcement with a process for seizing and destroying cyber exploitation images.

The initiative will also include a digital campaign, lead by the Attorney General’s Cyber Exploitation Task Force, using the hashtag #EndCyberExploitation, to raise awareness of the crime and connect victims with resources.   

The Attorney General’s cyber exploitation website was launched in October to mark Domestic Violence Awareness Month and Cyber Security Awareness Month. According to the Cyber Civil Rights Initiative (CCRI), a partner in the working group, more than 90% of victims of cyber exploitation are women and girls. In CCRI’s survey of cyber exploitation victims, 51% reported having suicidal thoughts.

In January 2015, Attorney General Harris convened a task force of 50 major technology companies (including Microsoft, Google, Facebook, Yahoo, and Twitter), victims’ advocates, and legislative and law enforcement leaders to fight cyber exploitation. The Attorney General’s working group on cyber exploitation is focused on four key areas: (1) education and prevention, (2) law enforcement education and training , (3) technology leadership and (4) legislation. This initiative is the culmination of this group’s work over the last nine months. 

Attorney General Harris created the eCrime Unit in 2011 to identify and prosecute identity theft crimes, cybercrimes, and other crimes involving the use of technology. The California Department of Justice is leading the nation in prosecuting these crimes, having garnered the first successful prosecution of a cyber exploitation operator in the country.  Earlier this year, Kevin Bollaert was sentenced to eight years imprisonment followed by ten years of supervised release for his operation of a cyber exploitation website that allowed the anonymous, public posting of intimate photos accompanied by personal identifying information of individuals without their consent.

The new resource hub can be found at http://oag.ca.gov/cyberexploitation.