Sunday, January 15, 2017

Anonymous Written January 2008

Anonymous

Written January 2008

When YouTube pulled down a leaked Tom Cruise video hyping the Church of Scientology, it unleashed the wrath of the hacker collective Anonymous. The group attacked Scientology websites and rallied protests of the church via social media. Over the next several years, Anonymous became a potent political force. During 2011's Arab Spring, the group launched Operation Tunisia to fight against government surveillance. The next year, Anons claimed to have attacked 650 websites in Israel after the country’s latest actions in the Gaza Strip.

Power Grids and Fighter Jets are where we are now. 


Fast forward to April 2009.  

Current and former U.S. officials revealed to The Wall Street Journal that Chinese and Russian spies hacked our critical infrastructure, including power  grids. One official said that the intruders had not yet sought to destroy these systems, but had left behind software programs that would enable them to do so at the flick of a switch. “If we go to war with them,” he warned, “they will try to turn them on." Department of Homeland Security head Janet Napolitano said that “the vulnerability is something [we] have known about for years.” Reports also implicated China for hacking into the plans for the Pentagon's $300 billion Joint Strike Fighter project. The Chinese Embassy responded in a statement that China "opposes and forbids all forms of cybercrimes” and called the reports “a product of the Cold War mentality…fabricated to fan up China threat sensations."

North Korea

July 2009

After sanctions were imposed on North Korea following nuclear tests in late May, the U.S. and South Korea faced days of sustained cyberattacks. In the U.S., computers at agencies including the Defense Department, the Treasury Department, the Secret Service, the State Department, the Federal Trade Commission and the Federal Aviation Administration were subjected to denial-of-service attacks, along with tens of thousands of computers in South Korea, according to that country’s National Intelligence Service. Though North Korea was suspected of having orchestrated the attacks, the source remains unknown.

Operation Aurora

January 2010

Google was attacked by hackers in China. Dubbed Operation Aurora, after the type of application the hackers used, the massive case of cyberespionage was later attributed to the Chinese government, with U.S. companies including Adobe, Symantec, Northrop Grumman, Morgan Stanley and Yahoo falling victim. U.S. government officials later said that the hackers breached a secret database with what the Washington Post called “years’ worth of information about U.S. surveillance targets,” specifically Chinese spies being monitored in the United States.

Stuxnet

Summer 2010

Cyberwar entered a dangerous new era with Stuxnet, a computer worm said to have been created by the U.S. and Israel that attacked a uranium-enrichment plant in Iran. By compromising the industrial systems-operation software, Stuxnet was capable of spying on and controlling the computers, as well as destroying centrifuges. Stuxnet, which could be installed on infected thumb drives, spread out of control to at least five other countries, including the U.S. Defense Secretary Leon Panetta warned of a possible “cyber Pearl Harbor.”

Operation Shady RAT

August 2011

McAfee, the security-research firm, uncovered a massive five-year wave of hacker attacks against governments, nonprofits and corporations around the world. Called Shady RAT, for the remote-access tool used by the infiltrators, the breaches hit over 70 organizations including government agencies in the U.S., Taiwan, Canada, and India, as well as the International Olympic Committee and several defense contractors. McAfee attributed the attacks to a single state actor, though didn’t name the country, which some sources believe to be China. "This is the biggest transfer of wealth in terms of intellectual property in history,” a McAfee exec said at the time. “The scale at which this is occurring is really, really frightening.”

U.S. Weapons Plans Hacked

May 2013

In a report prepared for the Pentagon, the Defense Science Board found that hackers from China had accessed plans for more than two dozen of the U.S.’s most advance weapons systems. The targets included the Patriot missile system, Aegis ballistic-missile-defense system, Black Hawk choppers and the $1.4 trillion F-35 Joint Strike Fighter, the costliest fighter jet ever made. “When I look at the theft of intellectual property to the tune of $1 trillion,” said Texas Rep. Michael McCaul, “that’s a serious economic issue for the United States.” A Chinese Foreign Ministry spokesman responded by saying that “China pays high attention to the cybersecurity issue and is firmly opposed to all forms of hacker attacks.”

Iran Hacks U.S. Energy Companies

May 2013

Hackers, with the support of the Iranian government, were exposed for targeting oil and gas companies in the U.S. "This is representative of stepped-up cyberactivity by the Iranian regime. The more they do this, the more our concerns grow," one U.S. official said. "What they have done so far has certainly been noticed, and they should be cautious."

U.S. Goes on the Cyberoffensive

June 2013

An unpublished presidential directive from Obama leaked, showing that the U.S. is going on the cyber offense. “Offensive Cyber Effects Operations,” the report stated, “can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.” Among other things, the report authorized cyberwar attacks when “U.S. national interests and equities” were at stake, but also left room for “anticipatory action” just in case. Adding fuel to the fire, National Security Agency leaker Edward Snowden claimed that the U.S. has already hacked thousands of targets, including computers in China.




  • I

Cyberwar, like any war, never rests. Neither does the simulated one taking place at HackMiami, where co-founder Rod Soto, a 38-year-old computer-security specialist from the area, is running a cyberwar game. Though the consequences of their hacking are fake, the technology they’re breaking is real. They actually are hacking Fedora, an operating system used by computers in China, infiltrating Zeus, a malicious “botnet” army of computers, and commandeering North Korean industrial controls for power-plant systems. It’s just that everything’s simulated and run on a closed network, so as not to inadvertently start World War III. The purpose of this event, besides the recruiting going on, is to teach the hackers how to find vulnerabilities in other nation’s machines. “It gives you the blueprint and the knowledge if you ever want to attack them,” Soto says.

So far, the truth about the extent of the U.S.’s offensive attacks against other countries has been shadowy at best. There’s Stuxnet, which has yet to be officially attributed to the U.S. (or Israel), and NSA leaker Edward Snowden’s recent claim the U.S. has launched widespread cyberattacks against China. Beyond that, the closest we’ve come was Hillary Clinton’s admission last year of a State Department attack on an Al Qaeda propaganda site in Yemen.

Related: Julian Assange Opens Up About Wikileaks Battle, House Arrest and the Future of Journalism

The tensions around this topic are partly because the laws governing cyberwar are still being determined. As Rear Adm. Margaret Klein, chief of staff of Cyber Command, the Ft. Meade-based defense center for U.S. military networks, put it last year, “Attorneys and scholars face a variety of complex legal issues arising around the use of this new technology.” But experts are pushing for more offensive measures regardless. The Commission on the Theft of American Intellectual Property concluded that “new options need to be considered.” It seems our government is already heeding the call.

A June leak of a presidential directive from Obama, which had been issued in October, reveals that the U.S. is, at the very least, getting its cyberwarriors in line. In addition to calling for a list of international targets, the directive argued that “Offensive Cyber Effects Operations... can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.”

But while the government remains quiet about the existence or extent of their offensive measures, hackers and contractors I spoke with are, albeit cautiously, more forthcoming. HackMiami organizers James Ball and Alex Heid, security specialists for a major financial company they prefer not to name so as not to anger their bosses, say they have based this weekend’s cyberwar simulation on real-life hacks they conducted on their own of terrorist networks and organized-crime groups. Ball infiltrated an Al Qaeda forum online and posted the archives on his site, TerroristMedia.com. Heid became notorious for hacking the stealthy Zeus botnet in Russia.

But the government hires private contractors to do such attacks on its behalf as well. The cyberwar underworld is rife with contractors who fashion themselves to be “the Blackwater of the Internet,” as Heid puts it, “information mercenaries…private sector guys who are going on the offensive, but you don’t hear about it.” At least not usually.

Companies like Accuvant are capable of creating custom software that can enter outside systems and gather intelligence or even shut down a server, for which they get can paid up to $1 million. For example, Humperdink says, they would be able to unleash an attack to take a country like China completely offline. “We could stop their cyberwarfare program,” he says. “Five years ago, I remember the North Koreans were doing missile testing, right? If [the U.S. government] came to a company like us and said, ‘Here’s $15 million,’ we could turn a North Korean missile into a brick. If you came to us with $20 million and said, ‘We wanna disable every computer there in Iran, and they’d have to replace them’ – not a problem.” For added flair, each program Accuvant sells gets its own cyberpunk handle – like Purple Mantis – and is delivered on a jet-black thumb drive inside a custom case with the name laser-etched on a plaque.

“So how many offensive plays are going on now?” I ask.

“A lot,” Bonvillain says.

“More than people would realize?”

“Yes,” he replies.

Then Bonvillain falls silent. He puffs his e-cigarette, considering a more diplomatic response. “The U.S. government,” he says, “is great at hiding everything they do.”

To see what the front line of cyberwar really looks like, I visit the National Cybersecurity and Communications Integration Center in Arlington, Virginia, the Department of Homeland Security’s mission control. It’s one of our most important hubs in digital warfare, alongside the FBI and NSA. A wall of video screens show online the attacks on the IRS and NASA – both agencies were compromised by a Distributed Denial of Service Attack, a technique that floods a site with access requests, slowing or downing it completely.

The four-year-old NCCIC – employees pronounce it “enkick” – is the country’s nerve center for online threats. Twenty-four hours a day, teams drawn from a pool of 500 DHS cyberpersonnel sit at the ready in this sprawling, windowless command cave. Flickering diagrams on the front wall track the dangers in real time: traffic anomalies at federal agencies, cyberalert levels for each state’s website, a map of our country’s telecommunications system (“There’s no cyber without fiber!” a steely engineer tells me).

Fortunately, at the moment, the threat against the IRS and NASA proves to be relatively harmless. However, the number of cyberincidents is on the rise. Fiscal year 2012 saw 190,000; this year’s number is already over 214,000.

Overhauling the feds’ image to lure young tech talent has become a major priority. In a way, it’s akin to the shift in Silicon Valley – away from the business suits of IBM to the Adidas sandals of today. The National Science Foundation now offers a CyberCorps Scholarship for Service program that places winning students in government agencies. The DHS is among the sponsors of the invite-only “Cyber Camps,” which hold hacking contests for prospective employees. Aside from the “sense of duty” and high-level security clearance that NCCIC director Larry Zelvin tells me lures his team away from fat paydays elsewhere, the power of being inside the government system is the greatest perk. “You just don’t get that in a corporation,” he says.

Last year, the DHS assembled a cyberskills task force, which drew from hacker hubs including Facebook and DefCon, to recommend changes in their recruiting. To get the estimated 600 more hackers the DHS needs, the report concluded, the agency should “focus more attention and resources on…‘branding’ of cybersecurity positions,” including “cool jobs.”

Napolitano says that “the money and the culture” are the chief obstacles the Department of Homeland Security runs into when recruiting hackers to join. “We don’t require our folks to wear a coat and tie,” she says, “and I’m not interested in the precise hours they work as much as I’m interested in getting the work done” – but she stops short of saying hackers can work from home in Teenage Mutant Ninja Turtle pajamas.

But maybe if you’re young and brilliant and looking for online action, there’s something undeniable about working for the biggest, baddest government on the planet. Sitting here under the dormant red warning lights, there’s a sense of being at the center of the matrix – and this is plenty tantalizing for some, including th3_e5c@p15t, winner of the cyberwar contest back at HackMiami. With his skills, he can write his own ticket, which he hopes to cash in with the feds. He says he wants to be as close to the front line as he can get: “I see it as a righteous cause.”

Wednesday, January 4, 2017

The Gab Security Chronicles

Cross posted via: 

The Gab Fail Chronicles: LOL DDOS, EULA, and NAZIS

Club Pepe

The dishonesty of Andrew Torba knows no bounds in the latest postings. The reality of the mater, as I understand it, is most of the down time was related to fixing the major security issues I’ve raised over the past few days. I do not know how much of it was fixed, but I’m sure there still is major problems to be found. Mr. Torba was well schooled the past few days, the usage of CloudFlare isn’t a magical shield of protection against everything.

gabnazi

It is common knowledge trying to do any kind of DDoS attack on a ClouldFlare IP will be futile with little to no needed intervention to block such an attack. His screams of DDoS is fairly laughable as the vast majority know, I do not engage in such ineffective behaviors, and I have always been against it. He will continue to tell lies to rile his angry Neo Nazi Muppets for exposing how bad Gab really is as an alternative to Twitter. It would be really ironic, if he rallied them for the real reason, exposing Gab as a massive fraudulent security black hole. I’m just not intimidated by his Neo Nazi Muppets and there isn’t anything anyone can do to stop me from publishing write ups about Gab. My words, on a computer screen, are far more deadly to Gab’s platform than any silly illegal attack nonsense.

scavengerhunt

The greatest issue I see here is why was any of this never fixed to begin with, or even considered to be an issue? If it took me 10 minutes to see major issues all over the place, does Gab really take the security of it’s users seriously? It’s just no, they don’t take security seriously, if the most basic skiddiot Hack Forums (There has been some claims Torba is regular of Hack Forums for irony) style methods work unchecked. This further solidifies Gab as being another pump and dump scam by Torba when a lot of the basics are not covered at all. Gab doesn’t even have a logout button, but they have an account delete link, that’s curious indeed!

ron-gabtweets

gabsnitch

I don’t wish to keep this post longer than it has to be but it’s worth mentioning parts of the updated EULA were a result of us. It’s humbling that Torba spent the day at his lawyers thinking of us, as he pushed out a new EULA from his nether regions, that still didn’t impress Apple enough. Even the greatest eJournalist to ever live, Ron Brynaert, noticed this updated EULA with the “snitch” clause. I’m not going to spoil the rest of it but any users of Gab really do need to read the updated EULA as well as the Privacy Policy.



^ed 

Tuesday, January 3, 2017

Exposing Gab Vulnerabilities

Destroying Gab, with words, on a screen, but at least it’s not LiveJournal!

“build it yourself social media back end for blog comments”

Greetings Kids,

It’s been a while since I did a post exposing and pointing out major flaws while laughing hysterically. This might be the worse one yet, especially if the information about Gab’s founder, Andrew Torba, are correct. The reason he got kicked out of the big kid clubs was because he kept doing pump and dump schemes selling everyone’s data afterwards. I don’t know if his new social media platform will be the one project he isn’t going to abandon after raking in all his donations, we can hope this “Free Speech Warrior” will surprise everyone? 😉Tigers can change their stripes guys, you just gotta wish and believe really hard? Is Gab running off of a $49 build-it-yourself social media kit an indicator of possible doom? Did Gab stopped doing live notifications for some nefarious reason? Nah! Of course not!

Gimmie Info

A lot of people heard of this social media platform because of Twitter’s lack of sanity and political censorship, which gets worse every year as stock prices keeping going lower and lower. Gab’s marketing was literally just “Got banned on twitter? Come to Gab! We’re different!”. When I eventually got in, it was a pro-trump utopia, but I never saw anything I’d really say is that bad. It was the biggest self serving hugbox I’ve ever seen and puts any SJWs to shame. You’d get live notifications with a frog croak that sounds like a small animal dying, 300 char posts where you could write something meaningful, but it was lacking a lot of basic features. A major one was private messaging as well as a lack of an API, which becomes apparent why the further I dug into it.

Pusher Gab APIPusher Gab API

External Images Loading

When I first started looking into the back end with my favorite debugging proxy fiddler, I noticed literally everything is written in JavaScript (can I emphasize literally?), and all the interactions between between gab’s server and the browser was all JSON. The biggest issue I saw was the Cross Site Scripting potential of this setup, as gab was actually pinging every single website, then having a client’s browser do direct requests to the website in order to having a fancy display summary images and such. This effectively has the potential to harvest any user’s IP address, and since it’s all in JavaScript, high potential of Cross Site Scripting drive by deanonymizing. After announcing a bit of this in public, some people have in private confirmed this not just likely but they can do Cross Site Scripting attacks on Gab. Say what you want about Twitter, but at least they have CDN caching to prevent leaking their own user’s information. But Gab DOES have a CDN from Microsoft Azure for static assets, so why are they not protecting their user’s information? The conclusion I’ve come to is Gab is made to be as cheap as possible but still somehow work dangling off a cliff. The reason why they have no API is because the API is pusher.

No Infrastructure

This isn’t suspicious at all!

The next surprise was looking at the home page on Gab, and seeing there was some kind of stats collector. I initially overlooked it, but I didn’t realize the significance until I did a second glance. This was some kind of build it yourself social media rapid deployment kit for dummies that handled all the back end work done. I browsed over to the pricing plans they had, did some collection as to current Gab’s usage of approximately 30k posts per day they seem to just fall into the $49 Startup plan at present. I suspect live notifications stopped working for a bit sometimes, because it might be a way to save from having to upgrade to the next paid plan, or it could just be incompetence, it’s honestly hard to tell.

Pusher Pricing

I do know someone is going to say the what if they did the custom solution consultation but pusher is for stuff like live chats and blog comments, not a knock off improved twitter, which is really 300 char blog comments. The amount of money spent doing that kind of consultation is way above making a deal with a single developer (or many) to help build it at a fraction of the price, or in this case a single developer rigging pusher. I think they use pusher as a means to not spend money on proper hosting and a better solution, like GNU Social, which would require a back end with their own servers, or at least Amazon Cloud.

What can you do in minutes?

This is a very significant discovery, as it explains the lack of coming out with features that are trivial for even a single developer to do, because there just isn’t any support for their build it yourself social media back end for blog comments. Gab has been doing donation drives and giving people check marks to help support it but there really isn’t much cost to run it as biggest parts of it are cheaply outsourced like pusher. The “beta testing” of uploading images before it becomes available to everyone is likely related to Microsoft Azure’s CDN prices per GB.

I’m not going to claim this is some kind of scam like the rest of Andrew’s projects but if I was doing an exit scam, this is how I’d do it! Low overhead! He’ll get that sweet user data and PayPal logins via password reuse, that is in my opinion!

Disclaimer: !LOL! Hacking is illegal !LOL!

Last Minute Update:

The notorious hacker, known as 4chin, has contacted me to include a list of things you really shouldn’t do on Gab. There is no input validation and issues with authentication so don’t use wget or curl, passing the cookies + UA + appropriate POST data anywhere, that is just naughty. The Grand 4chin also informed me that their data was already being sold by Gab and they have no hashing on their passwords. LOL! This might be in relation to the current PayPal donations and those silly people who reuse their passwords donating (Just a theory). I’m not saying anything but I think those people are going to have a bad time. There goes the neighborhood, oh well, epic sad face emoji that😦can’t express

This Is Libel

JOIN https://sealion.club/FOR A SAFE SECURE ALTERNATIVE TODAY! I GOT PAID OVER $9,000 DOLLARS TO PUT THIS HERE, SO PLEASE GO THERE, OK?!!>##>@!

I accept legal documents, requests, inquiries, and other related legal stuff I can post and publicly ridicule via email at LOLUMAD @ OCCULTUSTERRA DOT COM. You can optionally rage like a Muppet at 1-860-263-9252.

Friday, December 16, 2016

Targeted Abuse on Twitter: Protected Classes Under New TOS Agreement

As per my previous discussion regarding how I became the target of racial and antisemitic abuse has generated a lot of buzz, concern and needs further discussion. 


I have been spending a lot of time on twitter and have made more than a few enemies. 


Let's be clear. Calling me a "Jewess" doesn't insult me because I've always been proud of my faith. 


I was added into a number of "groups" with neo-Nazis who legit want to kill all Jews. 


After several months of tolerating this kind of ignorance, abuse and harassment I decided I had enough. I left the groups and blocked or unfollowed the offensive individuals because I wanted nothing to do with them. 


This only made more problems as I came to learn that these individuals spend their days and nights stalking my timeline and posting comments on every aspect and minute detail of my life. I had to change my telephone number after one of them called and texted threats to my cell phone because they couldn't get the desired response from me on twitter or Facebook. 


I set boundaries by responding with "Cease and Desist" and my boundaries and wishes for no further contact with these individuals have not been respected or honored. 


There is a difference in responding to individual threats to you and your family and people who spend their days and nights researching and posting about your life rather than focusing on their own. 


I'm sorry if my life is more interesting than theirs. 


The first tweets that came to my attention were ones that said, "Gas all the Jews,"  "Get in the oven you stupid cunt bitch," "it's always the Jews" and hundreds of similar messages. 


This further escalated as the accounts began getting suspended and even my own account was suspended multiple times when I addressed these vile and disgusting tweets. 


Things have yet to calm down and now the insults have taken a new turn. Several people (the same ones who are stalking and harassing me) have started to call me "schizophrenic" as an insult in order to discredit and insult me. 


I speak openly about my struggle with Depression, Anxiety and receive treatment for Bipolar Disorder. I have never been diagnosed with schizophrenia nor am I in need of any additional diagnoses. I have more than enough. 


A friend sent me a video of a video of what it feels like to have schizophrenia and I contacted a friend who lives with the disorder. The video left a huge impact on me as I can't imagine living with anything as awful as hearing and seeing things or having other delusional and psychotic episodes. 


Then I asked myself, would I be as forthcoming disclosing my experiences with mental health (both as a therapist and a case manager) if I had schizophrenia or whether my openness to discuss my illness was a reflection of being diagnosed with Bipolar II along with many other great artists and scholars. 


I'm not sure I could be as I have seen people use and call people schizophrenic as an insult and a way to hurt people seeking treatment. 


This is unacceptable to me and should be unacceptable to you. Of course I realize that none of these people have advanced degrees in psychology like myself or others who have come to dispel the rumors and stigma associated with bipolar, schizophrenia or other illnesses. 


By pointing out that it is NOT okay to use a disability like bipolar or schizophrenia as a weapon against them, more and more people became targets of harassment. 


The fact that these people spend more time worrying about my mental health than their own is a serious problem. 


Their Timelines show that they feel the need to comments on the most minute details of my life and that they have been searching the internet on several platforms solely to find information that suits their agenda. 


What is clear in the Terms of Service (TOS) on twitter is that targeted harassment towards any protected class is a violation since both religion and the disabled are considered to be "protected classes" 


Of course I could report individuals for posting such things and have them either suspended or forcefully removed. I have never requested that my information or sites using my identity to post disinformation be removed, I've taken the opposite approach since I feel that such ignorance and disturbing behavior be judged on it's own merits. It says more about them than it does about me. 


There are really only two scenarios here. 


Either yes; I'm certifiably insane and no one should give a second thought to anything I say or write; or I am clinically insane and they are stalking and harassing a vulnerable woman. 


Either way, they seem a little too concerned and demanding of my time and attention. Sorry folks. If you need to gain followers by posting intimate and minute details about my family and I because it's more interesting than your own, you need to spend more time worrying about your own life and less about mine. 


And that's all I have to say about that. 


Yours truly,


Chilly Penguin 



^ed 

Monday, October 24, 2016

Barack Obama | Elyssa Durant: Applying Federal Law to Support Mandatory Coverage

Benefits,Healthcare,Law

Applying Federal Law to Support Mandatory Coverage

by Elyssa Durantmy.barackobama.com
July 25th 2009 9:59 AM
 
Underwriting the Social Contract: Distributive Justice & Health Care Reform

The Problem Statement

As health care costs climbed exponentially in the 1980's, so did the cost of health insurance plans. As a result, employers began to enroll their employees in managed care organizations, and many Americans were forced to leave their traditional indemnity type plans. With the advent of the health maintenance organization, there is a financial incentive for the underutilization of care. (Blumstein, 1996; Davis & Shoen, 1996).

In order to reduce financial risk, health insurance companies have restricted enrollment to individuals in poor health. By covering the minimal standards of treatment and excluding high risk groups altogether, major US insurance companies have realized that the health insurance market can a be an extremely profitable industry. The public sector absorbs the cost of unreimbursed care for chronic care in America (Robert Wood Johnson Foundation, 1996). Based upon these findings, it seems clear that the money being removed from the health care marketplace is fattening the pockets of CEOs and majority stockholders.

Recent trend towards localized government leaves individuals without a financial safety net. This is the least efficient manner to handle health care costs, and evades the premise that medical care is a natural right in a civilized society. Few Americans feel secure within the current system. The rising costs of medical care contributed to the recent market changes in both the administration and delivery of health services. The financial incentive to cover only the healthiest individuals ignores the fact that medical care is a social good.

Health Insurance Portability Act of 1996

Two years after the Clinton Health Plan was defeated in Congress, Senator Ted Kennedy and Nancy Kassebaum introduced the Kennedy-Kassebaum Bill in response to growing concerns about selective enrollment procedures used by health insurance companies in the private sector. In the final version of the Bill, insurance companies must limit preexisting condition clauses to twelve months. It has been estimated that this provision of the Bill will help an estimated 150,000 Americans obtain health insurance coverage.

There are many levels of the underinsured, including those without any coverage; effective policy must address the needs of the total population without shifting costs from one disadvantaged person to another. Kennedy-Kassebaum fails to address the cost issue—the primary concern for those at risk for losing their health insurance. It does nothing to help the uninsured acquire a decent health policy, and then provides no solution to the critical issue at hand— cost

Since Kennedy-Kassebaum does nothing to control the cost of health insurance and medical care in America, the Bill fails to respond to the issue of greatest concern to the citizens of this country: the cost of medical care. The Bill looks towards the states to develop consumer protections and weakens the regulatory role of the federal government. The majority of the American public is unaware of the fancy footwork involved with this legislation, and the demographics of the population it is intended to protect. In order to assess the utility of this Bill, it is critical to identify the populations at risk for loosing health insurance coverage and the underinsured.

Kassebaum-Kennedy focuses on a slim portion of the uninsured population, and those who would be eligible for COBRA continuation (Consolidated Omnibus Reconciliation Act of 1974). Of the 41 million uninsured Americans, only about 150,000 are expected to benefit from this legislation. The Health Insurance Portability and Accountability Act of 1996 is really nothing more than smoke and mirrors since it fails to address the true issue at hand—the simple fact that the cost of quality health care in America is becoming a privilege that only the wealthy can afford.

The Cost of Care for Pre-existing Conditions

An individual with high blood pressure may just require prescription medication. Cancer patients in remission may require chemotherapy, and a person suffering with a degenerative disease may be involved in treatment studies. Each condition requires individualized treatment that cannot be based upon the simple economic/cost-benefit analysis used in the utilization review process by large insurance companies. Clearly, the most effective treatment for one patient may not be the best for another. The time required for utilization review may present additional health risks and complications to a patient suffering from a chronic health condition.

Twelve months without insurance coverage may be financially devastating to some patients, and 63% of Americans have already forgone some type of medical treatment within the last year due to financial constraints. Publicity surrounding Kennedy-Kassebaum has hailed the bill as the "be all and end all in progressive legislation, however, in actuality it will only help about 150,000 people.

Recent studies have found that the majority of the uninsured population simply cannot afford to pay the premiums (Donelan et. al., 1996; Hoffman & Rice, 1996). According to their data, only 1% of the Uninsured population is due to current health status and exclusionary preexisting clauses, yet an overwhelming number of insured respondents reported an inability to receive medical care for chronic conditions. The majority of Americans with chronic illness are covered by some type of insurance, yet they are still subject to the utilization review process and access problems that deny or delay medically necessary treatment (Donelan, et. al., Hoffman & Rice, 1996).

Underwriting the Solidarity Principle

Traditional forms of insurance underwriting required that the contract explicitly state which illness or services are not covered by the policy, in advance. If the underwriter did not specifically state a certain condition in the contract, the insurer was held to the terms of the contract and required to pay for services utilized by the policyholder (Stone, 1994, as cited in Durant, 1996).

Increasing numbers of for-profit and non-profit insurance companies began to control costs by refusing to insure individuals who they felt would utilize more services. Insurers began to require health survey status questionnaires (refer to attachment A), and even began implementing AIDS and genetic testing to identify high-risk individuals (Brunetta, as cited in Gutmann & Thompson, 1996). In the 1980s, large insurance companies began including sexual orientation as a high-risk category, by using actuarial sound criteria. Such criteria concluded that gay men were a higher risk for contracting AIDS virus and refused to write policies for anyone believed to be homosexual, (Stone, 1994 as cited in Durant, 1996).

By limiting enrollment to the healthiest members of society, selective enrollment undermines the solidarity principle of health insurance (Davis & Shoen, 1996; Snow, 1996; Stone, 1994). By eliminating those who were suspect of using more services than their healthier counterparts use, insurance companies are able to offer rock bottom prices for young, healthy individuals. By excluding preexisting conditions and requiring certain individuals to purchase high-risk policies, the number of uninsured and underinsured Americans continues to grow exponentially (Durant, 1996).

More individuals are choosing not to purchase insurance simply because they cannot afford it. Even among those with employer based health coverage, the policies frequently exclude coverage for long-term illness or care of chronic conditions (MSNBC News Forum, 1996). Without a standard definition of preexisting conditions, these clauses serve as "wildcards" since they allow insurers to deny coverage for any illness that "manifested itself before the issuing date of the policy (Stone, 1994 as cited in Durant, 1996).

This statement allows insurers to deny treatment for benefits and services for the policyholder for undiagnosed illnesses or conditions of which they were unaware. As a result, the insurers began to demand medical histories of applicants and their families in order to identify high risk individuals (please refer to attachment A).


Legitimacy of Distributive Justice

While there is a legitimate role of government to distribute scarce resources among the nation's neediest individuals, sadly this is not the cause for the mismanagement of medical dollars in the United States today. There is a big distinction between an individual being denied prescription medication at their local pharmacy due to a cost-effective formulary developed by their Managed Care Organizations (MCOs), than an individual being denied a liver transplant because healthy livers are a scarce resource. While both may have equally devastating consequences, it is more difficult to rationalize a lost life based upon rigid cost benefit analysis and utilization decisions made according to formulas and cost-benefit analysis of treatment protocols.

"The political controversy over the distribution of health care in the United States is an instructive problem in distributive justice. Good health is care is necessary for pursuing most other things in life. Yet equal access to health care would require the government to not only redistribute resources from the rich, healthy to the poor, and infirm, but also restrict the freedom of doctors and other health care providers. Such redistributions may be warranted, but to what level, and to what extent?" Gutmann & Thompson (Page 178).

Blendon and his colleagues have reported similar findings in public opinion polls from 1992 and 1994 (Blendon et. al., 1992; Blendon et. al., 1994). A recent study by the American Medical Association found cost to be of paramount concern to an overwhelming number of Americans (Donelan et. aI., 1996). Of the 40 million uninsured Americans, only 1% attributes their failure to acquire health insurance coverage to their preexisting conditions. Among the uninsured, cost is cited as the primary obstacle in obtaining health insurance coverage. Only 1% of the uninsured attributes their lack of coverage to a preexisting condition.

Based upon these democratic principles of distributive justice, consistent opinion polls demonstrate the legitimate role and public desire for government regulation of the health care industry. It has become obvious that the federal government must intervene in order to protect natural law rights, the social contract, and the Constitution of the United States. Regulation is needed to protect the individual freedoms, liberty, and the pursuit of "health, happiness, and the American Dream."

If America is to be the "Land of Opportunity," then clearly individual health and wellness should be an ideal to reach for. Current models of distributive justice emphasize public consensus as a legitimate role for government intervention. According to a number of studies by Blendon and his colleagues, the public has reported an overwhelming general concern about health care in this country, (1992, 1993, 1994, 1995, 1996).

State civil courts are backed up with cases where HMOs have violated the First Amendment (gag orders), the Fourteenth Amendment (due process), and the rights of protected classes under the Americans with Disabilities Act. Countless examples of "anecdotal" evidence appear as headlines everyday across the country. (New York Times, 1996; The New York Daily News, 1996; Long Island Newsday, 1996; LA Times, 1996; Picayne Times, 1996; Columbia Spectator, 1996; Columbia University Record, 1996; US News & World Reports, 1996; Newsweek 1996; Healthline, 1996; The Tennessean, 1996; The Albany Times, 1996; The Nashville Scene, 1996). In their entirety, these case reports represent the human tragedy that lies beneath the web of the very worst of American capitalism: corporate greed.

Identifying Populations At-Risk

A study by The Lewison Group in 1996 reveals insight into the private individual health insurance market. Clearly, individuals choosing to purchase health insurance policies for several hundred dollars each month expect their health care needs and expenditures to exceed that amount Regardless of health status, a young healthy 25 year old who purchases an individual health insurance policy can expect to pay well over $300.00 monthly for a health insurance policy with Empire Blue Shield Blue Cross (based upon 1996 rates, current rates available from the New York State Insurance Department).

Since individual policies are not addressed in the Health Insurance Portability and Accountability Act of 1996 (HIPA), an individual policy with Blue Cross Blue Shield of Tennessee excludes preexisting conditions for 24 months (enrollment booklet available upon request). The critical markets in need of reform are the adversely selected individual insurance market, and the state's most vulnerable populations: children; the elderly; the chronically ill; the uninsured; and the underinsured.

For the millions of individuals who have lost their employer based coverage, the cost of private health insurance is prohibitively expensive. Many individuals opt out of the individual market and apply for public assistance when the need arises. Those who have retained their health insurance coverage through their employers are being moved into managed care despite their efforts to retain their indemnity style plans (Davis & Shoen, 1996; The Lewison Group, 1996).

Access to Medical Care

As routine practice, HMOs deny or delay care for all services that are not outright medically necessary. Growing numbers of individuals have suffered irreparable harm, and many have died awaiting approval from their HMO's (The New York Times, 1996; Long Island Newsday, 1996; The Tennessean, 1996; Healthline, 1996). It is hardly a secret that HMOs have fallen short of their promise to provide comprehensive health care for the "whole" individual by emphasizing preventative medicine, using medical management to coordinate care. There is substantial evidence that individuals with chronic conditions receive substandard care in HMOs.

A four-year longitudinal study of medical outcomes found that the elderly, the poor, and persons with chronic conditions were in better health when covered by fee-for-service plans compared with a control group covered in HMOs (Ware et. al., 1996). New statistics released in Washington, DC by the American Medical Association and the Robert Wood Johnson Foundation revealed the direct costs of individuals with chronic conditions account for 75% of direct medical expenditures in the United States (Hoffman & Rice, 1996; based upon the National Medical Expenditures Survey; raw data available on CD from the Department of Health and Human Services Washington, DC). 45% of the American population suffers from at least one chronic illness.

If managed healthcare has been found to deliver inadequate care to this population, then we are looking at 100 million individuals who are potentially facing personal and financial crisis as they are moved into managed care. The public already accounts for the largest payment of direct medical expenditures, which means the millions of dollars being made by for-profit insurance companies are not being circulated into the economy to assist in public health costs care. The industry made a 14.8% profit in the 3rd quarter of 1996, however these medical dollars were removed from health care and used to fatten the pockets of CEO's and majority stockholders (Healthline, 1996).

Based upon a new report from the Robert Wood Johnson Foundation, the direct costs for persons with chronic conditions represent 69.4% of national expenditures in personal health care (Robert Wood Johnson Foundation, 1996). Their direct medical costs are estimated at $4672.00 annually compared with $817.00 annually for individuals with acute illness (Hoffman & Rice, 1996; based upon National Medical Expenditures Survey 1987, not adjusted for inflation). This population is the most vulnerable to complications in their health and with their source of payment. Large insurance companies only provide adequate coverage for acute illness (Donelan et al., 1996; Hoffman et. al, 1996).

Medicaid Managed Care

Following Tennessee's lead, many states have enrolled their medically indigent populations in Medicaid Managed Care Organizations (MCOs). In Daniels v. Wadley, (926 F. Supp. 1305), the court held that TennCare violated the Due Process Clause of the Fourteenth Amendment since such procedures eliminate fair hearings and independent medical review of disputes. The court found the pattern of routine denials of care by MCOs participating in the states TennCare program to violate the Medicaid Act since it compounded the problem of institutionalized waiting periods for medical appeals pending independent review by the Medical Review Unit (MRU), (42 U.S.C. § 1396 (a)(8)).

Furthermore, the court ordered federal injunctive protection to participants and beneficiaries because no state law may preempt federal law by depriving individuals of their constitutional rights. The Department of Health and Human Services (HHS) was ordered to revise its utilization review procedures for TennCare recipients in keeping with the Medicaid Act (42 U.S.C. § 1396 (a) (8)) ensuring due process protections for all covered beneficiaries by requiring "services are provided with 'reasonable promptness,'" (926 F. Supp. 1305).

This case is one of 543 civil suits pending in the state courts for violations of the Medicaid Act (based upon a Lexis-Nexis search performed December 26, 1996). With the passing of H.R. 3507 into public law, (The Welfare Reform Bill) private citizens will find little reprieve in the federal courts, so any attempts to hold states accountable for violations of federal law will be feeble at best (Denkeret. al., 1996).

Managed care has shown itself to be a farce of "medical management" in light of all the condemning evidence to the contrary. Timothy Icenogle, a medical doctor in the state of Arizona commented in 1981, "We play sort of an advocacy role. I think the public demands something more from physicians than to just be a blob of bureaucrats, and I think we have to take a stand now and then. Our role essentially as patient advocate, is to tell them, well, just because the insurance company is not going to pay, that is not the end of all the resources," (Icenogle, as cited in Gutmann & Thompson, 1996). Never has this statement been needed more than it is today. Unfortunately, as more insurance companies refuse to pay for medical treatment, fewer resources become available for patients in desperate need of financial assistance. As Judge Kessler eloquently stated as she handed down her decision in Salazar v. District of Columbia, No. 93-452, December 11, 1996, "behind every fact found herein is a human face and the reality of being poor in the richest nation on earth, (936 F. Supp. Slip op. At 3).

Perhaps most distressing is the lack of accountability for mismanaged healthcare and improper denials of medically necessary treatment. HMOs claim immunity under ERISA, and leaving individuals without recourse in a sea contractual language and lengthy court calendars. It is evident that individuals protected under the Medicaid Act are not fundamentally different from other populations entrapped in the maze of managed care. They are simply those who have "had their day in court."

Due Process Protections

Since all Americans are theoretically entitled to due process protections under the constitution of the United States, it seems the federal courts are long overdue for making such a public statement. We are wasting precious time and losing millions in valuable human resources as we await decisions to be handed down from state courts. The Supreme Court of the United States has agreed to hear New York's request for an ERISA (Employee Retirement Income Security Act of 1985) waiver, making health maintenance organizations liable for medical malpractice in the state of New York.

When HMOs deny care from patients, it is ludicrous to hold individual physicians liable for the utilization decisions made by decentralized corporate review boards. It is time to take a serious look at tort reform, and demand action by the Supreme Court as they approach the date of New York's ERISA hearing. A blanket court ruling upholding Daniels v. Wadley, and Salazar v. District of Columbia is desperately needed to avoid an avalanche of liability suits filed in state courts. The court must uphold Daniels v. Wadley, and Salazar v. District of Columbia if further lives are to be saved in medicine rather than wasted away in the utilization review procedures. While we wait patiently for District of Columbia circuit court to order injunctive relief, the number of individuals suffering irreparable harm due to the systematic denial of medical care grows larger each day.

The history of Medicaid Managed Care does not provide a very optimistic look into the future of TennCare recipients and Medicaid beneficiaries in states around the country. Dating back to the implementation of the Arizona Health Care Cost Containment System (AHCCCS) in 1981, there are documented cases where "people reportedly died for lack of medical treatment before their eligibility was determined," (Varley, as cited in Gutman & Thompson, I 996). This leaves me to wonder why the states continue to enroll their most vulnerable populations into a system of managed care that has proven to be a disaster.

Perhaps worthy of comment is that Arizona is the only state to have voted Republican in every election since 1948—certainly provides insight into the conservative morale of the state. Although Arizona was the last state to accept the Medicaid cost sharing incentive proposed by the federal government in 1966, it was the first state to force its medically indigent population into managed care in 1981.

Violating Federal Law

Rigid pre-certification requirements and nonspecific utilization review procedures place strategic barriers to access medical treatment and services in Health Maintenance Organizations (HMOs). Pre-certification requirements are strategic barriers incorporated into the "black box" of utilization review that institutionalizes exclusionary waiting periods and routine denials of medically necessary treatment. According to federal law, "care and services are to be provided in a manner consistent with the simplicity of administration and the best interests of recipients," (42 U.S.C. § I 396a (a) (19)). Clearly, such rigid pre-certification requirements that complicate administrative processing and paperwork on the part of the enrolled beneficiaries is a violation of United States Code.

Furthermore, using primary care providers as a mechanism to limit access to specialists not only complicates administrative processing, but limits enrolled beneficiaries choice of health professionals beyond what is available to the general public in the geographic area (42 U.S.C. § 1 396a (a)(30)(A)). Certainly referral procedures do not "assure that recipients will have their choice of health professionals within the plan to the extent possible and appropriate," (42 U.S.C. § 434.29). Under this provision, it seems that any individual, especially those with chronic health conditions or disabilities should be allowed

Original Page: https://my.barackobama.com/page/community/post/elyssadurant/gGMP3Q

Shared from Read It Later



 אל