The penalties associated with white collar crime are not effective deterrents. If you have billions of dollars and the worst that can happen is that you pay a couple million in fines, then you are effectively above the law. This was evident in the subprime mortgage crisis. Vast communities were destroyed with limited consequences for the perpetrators.
I would personally like to see white collar crime lead to incarceration more often as that seems like a stronger deterrent. Having said that, I am not deeply knowledgeable about the facts of this particular case.
I'd accept a minimum statuatory fine of 100% of the profits from your criminal activities. White collar crime, when discovered, should always be a net loss for the plaintiff's balance sheet.
It's not perfect, but if you make ten billion dollars from fraud, I feel like first you should lose the whole ten billion dollars as a matter of course, after which we can start discussing what if any punishment is appropriate.
"It's not perfect, but if you make ten billion dollars from fraud,"
I don't see how this applies to this matter. From what I read in the article, Uber was being sued and investigating a crime that occurred through the application of their service. In other words, if they did something wrong, it wasn't in the pursuit of profit, it was in defense of another lawsuit or the ultimate private settlement thereof.
Yes, however they still profit from winning such lawsuits, if this was typical behavior, then theoretically they should be on the hook for any money they avoided paying by using such methods. For example if they were invading the privacy of the people in the drivers lawsuit (where they ended up paying 100 million) and used it to win instead, then that would be the amount they should be on the hook for. The point is that any illegal behavior in corporate governance means the corporation and the people who stand to benefit from it automatically loose entirely on the related matters. Which is guaranteed to be effective at stopping illegal behavior.
Of course this is in the case of criminal fraud, which hasn't been brought up in this news case you are correct.
White collar crime is currently more akin to investing in the stock market or mutual funds than it is to playing the lottery, and a lot more people invest a lot more money because you're likely to have a positive return. You can still loose, but it's probably a good investment.
A fine proportional to the resulting profits and the risk of discovery would change the profile from the former to the latter, and would hopefully result in fewer people playing the game.
What would you do about PHI leakers, computer operators at hospitals/clinics, who leak celebrity information. Sometimes it's not for profit and one can't just block access as access is necessary to process the patient, for example. These are often low paying jobs to boot.
I'm not saying that should be the only punishment. I don't even think it should technically count as part of the punishment. I'm just saying that if the prosecution can demonstrate that you (or your employer) profited from a crime, then you should always lose those profits in addition to whatever punishment the court deems appropriate.
> 100% of the profits from your criminal activities
No it should be higher than that.
Expected ROI = profits - P*fine.
P is probability of getting caught and is strictly less than one. If fine is equal to profits ROI is positive and engaging in illegal activity is a rational, if immoral, thing to do.
I see what you're saying, the consequences don't outway the benefit of breaking the law; Congress can solve that through tougher penalties. That said, I feel confident the answer is not putting MORE people in Prison, especially for civil cases. The US already incarcerates far too many people. It's out of control as it is. [1] [2]
[2] "Comparing some countries with similar percentages of immigrants, Germany has an incarceration rate of 76 per 100,000 population (as of 2014),[25] Italy is 85 per 100,000 (as of 2015),[26] and Saudi Arabia is 161 per 100,000 (as of 2013).[27] Comparing other countries with a zero tolerance policy for illegal drugs, the rate of Russia is 455 per 100,000 (as of 2015),[28] Kazakhstan is 275 per 100,000 (as of 2015),[29] Singapore is 220 per 100,000 (as of 2014),[30] and Sweden is 60 per 100,000 (as of 2014).[31]"
We could focus on putting DIFFERENT people in prison, though. We could prioritize crimes that treats human beings as chattel for personal gain, or by the number of people an action harmed.
If we applied the same laws around not profiting off of violent crimes to white collar crime AND extended that to company stakeholders as well, investors would make executives knock off that sort of behavior real quick.
Are you suggesting that invasion of privacy become a criminal offense? Effectively, that's what happened here, and even though its Uber, its individuals who did it. Your neighbor could do it to you as well. This seems like a slippery slope of criminalizing far too much.
For example, maybe Nick Denton should have gone to jail for invasion of privacy against Hulk Hogan? I don't agree with that either.
Except in this case we're talking about private medical records. There is no way for them to have gotten those legally. They had to have bribed someone or coerced someone to get them, and that certainly is a crime.
HIPAA's civil and criminal penalties already apply to individuals.
OTOH, Uber and it's employees are not HIPAA covered entities, nor, generally, are doctors in India. So I don't see how anyone could have violated HIPAA here.
I don't think that HIPAA not applying outside of the United States is a loophole. Each country is a different environment, and the laws need to be tailored for the environment.
There seems to be an insatiable need for Americans or Westerners to project their laws/moralities to other countries, and then refuse the accept the reverse, except for certain cultural minorities logical inconsistencies.
How exactly do they do that? Do they extend the american laws outside our borders and let our police raid international sites without international knowledge/assistance?
Mainly because our laws are voted on by our own citizens and because the rest of the world doesn't accept our laws and doesn't have a say in creating them. Your statement seems nonsensical.
If there is an action that breaks the law of two countries there can be joint law enforcement activities. The US cannot punish actions that are legal in one country but illegal in the United States by acting in that foreign country.
Sure, and the point is that HIPAA is only applicable to the health organization. If you were to sue somebody under HIPAA, it would be the records organization, for exposing information it shouldn't have, or not logging the access to information properly.
However, in this case, HIPAA wouldn't apply to a purely Indian health organization, or the records of a foreign national in a foreign organization.
Note that in your situation (sex tourism) all prosecution/wrong doing is based on being a US citizen doing stuff and then returning to US soil. It does not apply to any sort of foreign national - you cannot be prosecuted for sex tourism under the US statute while on US soil if you are not a US national and the crime did not occur on US soil.
Why mention individuals? This wasn't something dudeface did for his own entertainment. It was done specifically because the rapist was an uber driver. This was a company mishandling HIPAA data in that they never should have had access to it in the first place, let alone been sharing it around the exec staff like a pulp comic.
I will say this clearly and I mean it: If you use uber, or you work for uber, you are morally wrong. You are choosing to enrich people and a company who have shown you multiple times that they are terrible human beings who lack even the concept of a moral compass.
I'll echo other replies and agree that we should put different people in prison, not more. I'd argue that white collar crime hurts more people than consensual and most violent crimes and it should be punished as such.
I'm confident that putting more white collar criminals in prison is a solution to both problems.
The percentage of white collar criminals would still be low (ie, won't change the incarceration numbers much), and it would connect more influential families to the problems with our prison system instead of having a classist divide on who it impacts.
I propose that we institute "murder" enhancements: any financial crime that causes more than $9mil in damages (the cost of a life [0]) must carry the same penalty as a murder (with the same level of intent, eg, planned versus unplanned); add multiplier for every additional $9mil in damages (ie, $9mil-17.9mil is 1x, $18-26.9mil is 2x, etc); leaders of organizations should be charged equivalently to leaders of other criminal enterprises -- if your organization committed $9bil in fraud, you should be charged as a leader of an organization which committed 1,000 murders.
You can't directly equate lives and dollars. This is an arbitrary thing you're attempting to define, and the flip side of the argument is that a wealthy person should be able to pay $9MM instead of being incarcerated for murder.
I would be more than happy to exchange many of the non-violent offenders who ended up doing not much harm on an absolute scale with these white collar criminals who end up harming many, many more people.
Amongst other things, the "War on Terror" diverted an enormous fraction of law enforcement resources away from this.
As I said in another comment, today, from my perspective, the average American faces much greater terror from being screwed over by "too big to punish (let alone fail)" corporations, than they do from actual terrorists -- manufactured fear aside.
Fines mostly don't hurt corporate members, individually, and often represent a fraction of the profit they've gained by breaking laws and regulations.
Pierce the corporate veil. Lock them up.
Assign law enforcement resources to relevant crime that weakens our society -- not in overwhelming numbers to another "War on..." fearscape.
The problem is white collar crime is often extremely amorphous. White collar crime is largely things that are perfectly legal to do unless you do them in certain ways or have certain knowledge or intent while doing them.
A great example is the HSBC money laundering case. Go actually read the DOJ statement of facts in that case. As a preliminary matter, every large bank is used for money laundering. And bank executives all know, in the abstract, that their banks are used for money laundering. That's not illegal--it'd be impossible to have a bank that wasn't used for money laundering. The gist of the case was that HSBC failed to classify Mexico as a higher risk country and implement appropriate controls despite warnings from non-binding authorities about the risk of money laundering in Mexico. Who should go to prison for that?
> Breuer admitted that drug dealers would sometimes come to HSBC's Mexican branches and "deposit hundreds of thousands of dollars in cash, in a single day, into a single account, using boxes designed to fit the precise dimensions of the teller windows."
The gist of the case is that HSBC were so brazenly negligent, that the only logical conclusion is that they were deliberately looking the other way in order to make more profit, and they paid $1.9B to make the problem go away. That's on $670 billion in wire transfers and $9.4 billion in cash transactions from its Mexico bank operations during the period under question [1].
What exactly does it prove that drug dealers had boxes designed to fit through teller windows? Particularly about executives that have probably never seen a teller window at a Mexico HSBC branch.
> The gist of the case is that HSBC were so brazenly negligent, that the only logical conclusion is that they were deliberately looking the other way in order to make more profit, and they paid $1.9B to make the problem go away.
Even if that's true, note how many steps removed it is from actual culpable conduct. You're not the drug dealer, you're not the guy employed by the drug dealer to launder his money, you're not the guy assisting in specific money laundering transactions you know about. You're the guy who doesn't bother to find out more about certain transactions to avoid learning that they may be illegal. There is, of course, no universal "due diligence" requirement to find out whether bad people are using your service for bad things. The only "due diligence" you have to do is what the government makes you do. Here, the allegation was that HSBC didn't do the diligence the government would have made it do had HSBC classified Mexico in a risk category that government did not make HSBC classify Mexico in.
I'd have thought that a deposit of "hundreds of thousands of dollars in cash, in a single day" should trigger some KYC / money laundering checks. You certainly can't do that in the US without getting a ping on your account.
You are repeating your previous assertion about how the case is actually about a technicality that HSBC shouldn't have been held to. Can you provide a citation for that?
From the CNN article I linked, "The DOJ said HSBC also helped process $660 million in prohibited transactions from Iran, Cuba, Sudan, Libya and Burma by deliberately hiding the identities of these countries."
That doesn't sound like "HSBC didn't do the diligence the government would have made it do", it sounds like more willful misdirection on their part.
Edited to add:
> The only "due diligence" you have to do is what the government makes you do.
I don't think this is true. Doing your "due diligence" doesn't protect you against activity that is otherwise criminal, it just protects you from being in breach of your regulatory requirements, and the penalties that are included in those regulatory frameworks. "Due diligence" doesn't protect you if you murder someone, and it doesn't protect you if you commit another crime, like (say) conspiracy to launder drug money.
Problem with top execs incarceration is that it's not good for economy and country in general (sometimes, not always). It's more beneficial to fine them and let them go working/breaking law further.
Yes, that's not fair, but it's logical.
Having lived for some time in another country, I've seen counter-examples too: when execs were incarcerated for minor things and mere accusations, effectively destroying the companies they've built, so hundreds of employees had to look for another job. Everyone's seen that fairness doesn't play well with pragmatics, and it's better to let them go even if they are guilty.
I have much doubt that criminal penalties would change anything. People would just put much more energy in avoiding them. I think that state a priori regulation is a more effective tool than state a posteriori punishment.
> "You put Lloyd Blankfein in pound-me-in-the-ass prison for one six-month term, and all this bullshit would stop, all over Wall Street," says a former congressional aide. "That's all it would take. Just once."
I don't see why we can't have both. But, for it to really work, you can't throw them in Country Club Resort prison. They have to go to Pound-Me-In-The-Ass prison. They need to be locked up with some really bad people. Because, let's face it, most of these white collar criminals are really bad people.
Wait, so wouldn't Country Club prison work then, since that's where all the existing imprisoned white collar criminals already are (and, per your description, they are “really bad people”.)
Not if they're all only around each other. I'm talking they need to be locked up with genpop at a medium or high security prison. With gang members and such.
It probably needs an innovation in articles of incorporation, something like the "benefit corporation" that would bind a certain criminal liability to the board and/or officers in a very explicitly way. Right now they don't see jail time except in pretty narrow cases, like say Enron, where it was violations of fiduciary duty. Enron, and its auditor, did basically get the corporate death penalty (they're gone). And the shareholders were destroyed.
Good. Maybe that will make them think twice about doing something illegal just because they can afford the fine.
For too long to meant companies and people in business have avoided the consequence of their actions, it's time we pulled them back into line.
The white-collar criminal who wrote the laws made it so they can deduct fines from their taxes. So unless they're fined more than they make in a year, they never pay a penny of it.
I think it should be based on a percentage of your income (with a set minimum, otherwise you're also just giving the poor a free pass), apparently Finland does this with speeding tickets.
I guess India doesn't have HIPPA style regulations (or if they do, they're just unenforced). I haven't been there in decades, but I remember having to take x-rays and blood test results between doctors. There was no real centralized health system at the time.
So the crime, sharing personal health records, occurred in India. But it was an American victim, American company and American employees allegedly getting and sharing her health information.
The existence of HIPAA has little to do with whether you have to take your records across doctors.
HIPAA requires that our medical data is secured when stored at a medical facility, but I still have to drive over with CDs and printed X rays if I have to go to different doctors and specialists. Doctor's referrals are still paper printouts, and you have to show up early to any doctor as a new patient, and fill out the same form about your medical history all over again. Things are still faxed, sometimes emailed.
This problem is still completely unsolved in the US. The closest thing is maybe if you're going across doctors in one hospital or hospital network, then your records are electronically "transferred"
EPIC (one of the, if not the biggest EMR providers in the US) had to be sued into not charging fees per export provider, per export, of medical records out of EPIC (on top of the 7+ digit licensing costs of EPIC itself).
> Well, actually HIPAA stands for "Health Insurance Portability and Accountability Act" - it's specifically about making health records portable.
No, it's about making health insurance portable. [0] (The Security and Privacy pieces—as well as the IT standards bits—are part of the one “accountability” piece of the title, and largely irrelevant to the “portability” piece.)
Health records, in terms of interoperability, weren't a big focus in the legislation (they became a bigger focus with meaningful use and related rules in the ACA.)
EDIT: to be fair, though, access to your own records is also part of the accountability part, which isn't exactly portability of records, but it's related.
There's mostly no centralized system in the US here either. I had to get an MRI on a burned CDR from my old doctor's office and walk it over to my new doctor's office three weeks ago here in NYC. None of my doctors share records with each other except when they're in the same hospital's network. And even then it can be iffy.
Unless I'm missing something, I don't see how HIPPA would have anything to do with this. It only applies to "covered entities", so had the initial disclosure happened in the US, the leaker most likely would have been implicated, but HIPPA would not apply to Uber people (unless, for some reason, Uber is a covered entity).
I think it must be true that HIPAA doesn't apply to the Indian records, because otherwise I'm sure there would be a HIPAA complaint. Usually that would start against the professionals in the medical field that mishandled the records. Instead, this suit is about invasion of privacy and defamation. Honestly I'm surprised that she can go after them for defamation after already accepting a settlement from them. Still, these guys are obviously first-class assholes and at this point I'm not surprised anymore. Uber seems destined for the textbooks, under "how to kill a unicorn."
just settling a rape case does not give Uber execs the freedom to pass the private health records within the company and defame that woman so she is still entitled to file the defamation case. I'm surprised that you're surprised.
There's nothing in the article - but had Uber said anything as to why they wanted the records? Or why on earth the CEO of the company needed to see them? Deeply repugnant.
>The complaint goes on to allege that Alexander shared the records with Kalanick and Emil Michael, an Uber executive who was fired earlier this week. According to the complaint, the men "discussed the records among themselves and with other staff at Uber, speculating that Plaintiff had made up the brutal rape in collusion with a rival of Uber in India to undermine Uber's business."
If I had to guess, they probably had it as part of the legal process for the first lawsuit, submitted as an affidavit or evidence to the court or something.
I doubt they would admit anything of that nature. And yeah, I don't understand why the CEO of the company would think this would help their PR. Even if it was a secret.
Trump's Law - any sufficiently long discussion thread will involve a shoehorned reference to our current President no matter how tenuous or even non-existent.
I never meant to imply that was the case. As a person that hasn't been harmed by this company, I see this problem as having gotten out of hand and in need of intervention. As someone who has been harmed by other people, I find it troubling that some folks still continue to utilize a product that is actively causing harm to others, and violating their rights.
The fact is that given the heap of problems seemingly continuously coming out of Uber, the company doesn't seem to be changing, and these problems aren't slowing down.
Uber needs to change practice, and we need to communicate to the market that this behavior isn't acceptable via our wallets; they don't really seem to understand any other message. If it means that this company ultimately folds under the weight of these problems, so be it. The message needs to be clear to others: this is NOT acceptable.
It seems like the lawsuit should be thrown out for two reasons:
* They already settled the lawsuit. At the very least, Doe should forfeit the money she already received before beginning this lawsuit regarding substantially the same matter. Otherwise, what's the point of settling if you can't forget about it?
* The onus for keeping medical records private is usually on the medical provider, not on the people interested in obtaining them.
I would personally like to see white collar crime lead to incarceration more often as that seems like a stronger deterrent. Having said that, I am not deeply knowledgeable about the facts of this particular case.