Barely Legally

Confessions of a Moot Court Bailiff

Show Me The Data

Via Big Think, drug companies apparently illegally hide unfavorable results for their new drugs during clinical trials:

Shocking as it may seem, it is currently fairly standard practice for drugs companies to withhold clinical trials with negative results, allowing doctors to blindly prescribe drugs that don’t work or are even dangerous. In the United States, failing to publish clinical trials is punishable by a fine of $10,000 per day, but shockingly the fine has never actually been issued as Dr. Ben Goldacre explains in his editorial in PloS Medicine.

This is particularly unbelievable given that a recent study found that more than half of the clinical trials registered on clinicaltrials.gov within a given time period were never actually published (within the time period allowed by law). An earlier study, which found similar results, also demonstrated that even when the results are published, negative side effects and even serious adverse events are routinely missed out of the published version.

That’s pretty lousy. Also, if I’m a pharmaceutical company lawyer, I’m upping my medication if everyone else’s medication might be extra dangerous. That’s a lawsuit waiting to happen.

For an example of lawsuits that do happen when organizations don’t regulate and/or enforce misbehavior, look at my new favorite punching bag: police!

They get sued. A lot. They use fancy analytics to track and predict crime, and all the big data money can buy. But they apparently don’t turn their crystal ball inwards. Their own problems are a complete mystery to them:

For one study, Schwartz asked 140 law-enforcement agencies — including 70 of the biggest ones —  for information about police-misconduct cases. A common answer: We don’t know.

So, she asked the law departments, everybody. Which didn’t always help.

“Eighteen of the largest cities and counties,” she says, “and these are cities that include San Diego, New Orleans – counties like Harris County, Baltimore County – they reported that they had no records in any government agency or office reflecting how much they spent in lawsuits involving the police.”

Be sure to click through to the study for the explanation of how just a few cops get sued over and over but face no discipline despite costing taxpayers millions of dollars in civil lawsuit settlements. Thrilling!

Which in turn reminds me of the lack of institutional awareness around medical malpractice; the doctors who get repeatedly sued for malpractice completely misapprehend the reasons that they get sued.

The refrain in all three of those links is that you cannot manage what you cannot measure. The Food and Drug Administration is apparently not managing the mass abuse of clinical drug trials, which suggests they don’t keep track of companies. The police (and their attorneys) are not measuring how often they get sued, and so lawsuits about. Physicians aren’t managing their risks of malpractice because they don’t know why they get sued, which suggests a failure to … write it down and measure it.

Oh, and here’s a fourth one that deals with poor kids if you really want your heartstrings tugged upon.

Published in We Can't Have Nice Things on

Open The iPhone, Siri

Robert Graham of Errata Security on cracking iPhone PIN codes:

All the data (on the internal flash drive) is encrypted with a random AES key that nobody, not even the NSA, can crack. This random AES key is stored on the crypto-chip. Thus, if your phone is stolen, the robbers cannot steal the data from it – as long as your phone is locked properly. To unlock your phone, you type in a 4 digit passcode. This passcode gets sent to the crypto-chip, which verifies the code, then gives you the AES key needed to decrypt the flash drive. This is all invisible, of course, but that’s what’s going on underneath the scenes. Since the NSA can’t crack the AES key on the flash drive, they must instead get it from the crypto-chip.

Thus, unlocking the phone means guessing your 4 digit PIN. This seems easy. After all, it’s only 4 digits. However, offline cracking is impossible. The only way to unlock the phone is to send guesses to the crypto-chip (a form of online cracking). This can be done over the USB port, so they (the NSA) don’t need to sit there trying to type every possible combination – they can simply write a little script to send commands over USB.

To make this more difficult, the crypto-chip will slow things down. After 6 failed guesses, the iPhone temporarily disables itself for 1-minute. Thus, it’ll take the NSA a week (6.9 days), trying all 10,000 combinations, once per minute.

I really enjoy the Errata guys’ walkthroughs of these kinds of topics. This one is a little scarier than most, as the tools that the NSA and law enforcement use are readily available to the sufficiently motivated.

Published in Scimitar Golems Have 10 Hit Dice on

Imaginary Price Tags

The number one cause of bankruptcy in America is medical bills. It’s been this way for a while, although that may be changing slowly. Frankly, it’s a little ridiculous when the rest of the developed world has solved the problem. Progress is progress, though.

Here’s a really great example of how medical bills get to be so bad for so many Americans. Researchers at Johns Hopkins have named the fifty hospitals in America where uninsured folks pay ten times the list price for services.

Now, sure, you’re allowed to make a profit. That’s all well and good; but a 90% markup is something out of the Apple playbook. It’s one thing to markup a luxury cell phone for people who insist on buying one. It’s another thing to mark up the treatment of an inflamed appendix for people who couldn’t afford insurance.

From the article:

“They are price-gouging because they can,” said Gerard Anderson, a professor at Johns Hopkins Bloomberg School of Public Health, co-author of the study in Health Affairs. “They are marking up the prices because no one is telling them they can’t.”

He added: “These are the hospitals that have the highest markup of all 5,000 hospitals in the United States. This means, when it costs the hospital $100, they are going to charge you, on average, $1,000.”

Okay, that sounds bad. But come on. Everyone knows insurance is a good thing. With Obamacare, you actually pay extra in taxes if you don’t have insurance. So really, isn’t it just the corner-cutters who get screwed by this practice?

Well, no.

The researchers said other consumers who could face those high charges are patients whose hospitals are not in their insurance company’s preferred network of providers, patients using workers’ compensation and those covered by automobile insurance policies.

Carepoint Health-Bayonne Medical Center in Bayonne, N.J., for example, also charges rates 12.6 times the actual cost of patient care. […] By comparison, the researchers said, a typical U.S. hospital charges 3.4 times the cost of patient care.

As usual, the article gets a quote from hospital spokespersons, who say that yes, they have “set” prices for each procedure, but nobody actually pays the listed price. Insurance companies negotiate bulk discounts for their customers, and the uninsured get to bargain down to less-obscene prices. This isn’t price gouging, it’s just imaginary price gouging.

Look. In law school, we were taught how to bill our friends and family for legal work. Always make up a crazy hourly rate, put that on the invoice, but then discount it down to your actual rate that you can actually bill your friends with a straight face. It’s a little dishonest to make up a fake price and a fake discount to arrive at a “bargain” price you wanted to charge to begin with.

But, you know. Lawyers. Sociopathy is kind of expected.

In our case, the deception was to avoid putting strain on social relationships by haggling over the price of legal services. It’s a passive-aggressive power play to your friends and family.

In this case, the deception seems to be… to frighten the unwell and uninsured (and the out-of-network and the underinsured etc.) into submission, by showing them an imaginary price they can’t afford next to a smaller price that will probably be the reason they’re bankrupt.

Published in The News on

Frisky Business

Another day, another bleeding heart hippie in New York City pretending that Stopping and Frisking youths doesn’t prevent crime. Get real, man! It’s scientific fact. It’s us versus them, and cops need to be forced to stop and frisk hundreds of thousands of kids a year or we’ll slip into an age of lawlessness the likes of which you can’t imagine.

Let’s hear what the hippie of the week has to say:

“Let’s get over this issue of stop-question-and-frisk, how impactful it is, or isn’t,” Bratton said in a press conference at NYPD headquarters this morning. He pointed to 2011 as proof. That year, the city recorded 685,000 stop-and-frisks, the most ever. And, Bratton said, “In that year, rapes, robberies, assaults, burglaries, grand larcenies were all up—the year that we did the most stop-questions-and-frisks.”

Last year, Bratton said, police officers conducted approximately 48,000 stops, and “murders, rapes, robberies, assaults, burglaries, grand larcenies, were all down. So, the year we had the highest number of stop-question-and-frisks, which so many are clamoring to go back to, we actually had more crime and less of a reduction. Last year, when we had the lowest number of stop-question-and-frisks, we had much less crime.”

All right, this Bratton guy clearly has his head in the clouds. Who is he? Where does he get off making up nonsense like this? Why, I ought to-

New York Police Department commissioner Bill Bratton, responding to a call from some police union leaders to conduct more stop-and-frisks amid an uptick in violent incidents…

Oh. Well, then.

Seriously, though, Stop and Frisk is unrelated to the amount of crime in New York City, and it’s refreshing and A Good Thing that the police commissioner says things like this. What’s more interesting to me is police union leaders calling for more Stops and Frisks to combat crime. (Which they pretend is rising, but is still falling at roughly the same rate it has been for decades) I’m not sure how public and contentious that disagreement is going to get.

Published in You've Got Time on

Malpractice Imperfect

Aaron Carroll, writing for the New York Times’s Upshot Blog, on some interesting aspects of medical malpractice. Studies and surveys have shown for decades that there are certain specific things some doctors do which gets them sued for malpractice. Carroll runs through the literature and, in a departure for “old media,” actually links to the studies in question. Basically, doctors get sued for malpractice when they don’t spend enough time talking to their patients, not when they practice medicine poorly.

This isn’t new, we all learned that in law school, and I think we also learned that legal malpractice lawsuits happen the same way. Talk to your clients, make them feel like you’re listening to them, and you’ll do okay. No kidding, right?

Here’s the great part:

Physicians and patients don’t communicate well even about malpractice. A study published in 1989 surveyed patients who sued physicians as well as physicians who had or had not been sued. Almost all (97 percent) of the patients reported negligence as the reason for their malpractice action. Fewer, about half, of non-sued physicians thought negligence was the cause of malpractice suits in general.

Only 10 percent of sued physicians, however, thought negligence was the reason for claims against them. While only a fifth of patients reported financial compensation as their motive for suing, more than 80 percent of all physicians thought this was the reason patients filed suits.

Virtually every patient who files a malpractice suit thinks they’ve been neglected. Doctors who haven’t been sued think malpractice suits are caused by doctors’ negligence half the time. But 90% of the physicians who have been sued come up with some reason besides their own negligence. They think that medical malpractice suits are a shameless cash grab.

The fact that there’s some cognitive dissonance at play here isn’t surprising. It’s the depths to which this misunderstanding goes: we’re approaching questions of epistemological possibilities here. Is it possible for physicians and plaintiffs to understand one another? And, like, what if what I see when I’m looking at the color orange isn’t what you see at all, man? Whoa.

Actually, the one thing that most everyone agrees on, whether they be plaintiff or defendant, is that communication is key to preventing these kinds of problems in the first place. Why is why, in one recent study about people visiting emergency rooms for relatively harmless chest pains:

The median estimate of whether a patient might die at home of a heart attack was 80 percent in patients and 10 percent in physicians.

Whoops.

Published in We Can't Have Nice Things on

Low-Stakes Crime

Advertising Age is the home of this eyebrow-raising story of what viruses are doing these days:

…the bad guys have grown far more sophisticated. Malware was once primarily used for banking fraud, but two-factor authentication (for example, when a bank asks you for a code from your cellphone before you can sign in on a new computer, or asks whether you really meant to send money to Uruguay) severely reduced its profitability. Then, the hackers moved to credit-card fraud, but the security on that front is now so good that you can buy thousands of active credit-card records for a few dollars, because they’re essentially worthless. Next up was Bitcoin mining, where hacked machines were used to unearth the crypto currency.

But that too became less profitable, leaving ad fraud as the most lucrative endeavor a cybercriminal can undertake today. “We’re at a point now where malware is being used principally for ad fraud,” Mr. de Jager said. Scary words for an advertising industry only starting to grasp the problem.

A few things here.

Firstly, I didn’t realize I could buy thousands of credit card numbers for “a few dollars.” I’ve been guarding mine like some kind of moron from the 20th century. Secondly, even the criminals running botnets can’t make money on Bitcoin. That seems odd.

Thirdly, there’s actually an economy of hackers who’ve decided that the best way to make money is to infect computers, open invisible web browser windows, and get paid to surreptitiously click ads on sites.

Published in Eyeballs For Hire on