The Daily Parker

Politics, Weather, Photography, and the Dog

Chicago is an Amazon HQ2 finalist

I can't tell if this is good news or neutral news. It's not bad news:

Chicago has been named a finalist in Amazon’s search for its second headquarters, known as H2Q.

Amazon announced the short list in an early morning tweet, but didn’t offer many other details other than the other cities that made the short list. The other finalists are Columbus, Ohio; Newark, N.J.; Toronto; Indianapolis; Denver; Nashville; Los Angeles; Dallas; Austin; Boston; New York City; Pittsburgh; Philadelphia; Washington, D.C.; Raleigh, N.C.; Montgomery County, Md.; Northern Virginia; Atlanta and Miami.

Illinois, Chicago and Cook County teamed up to offer more than $2 billion in incentives to Amazon, and offered 10 proposed sites. They are Lincoln Yards, a development along the Chicago River near Lincoln Park and Bucktown; the Downtown Gateway District, which includes space in Willis Tower and redevelopment of the old main post office and Union Station; City Center Campus, a proposed redevelopment of the state-owned Thompson Center in the Loop; the River District, a 37-acre development along the river and Halsted Street; the Burnham Lakefront, a Bronzeville development that includes the Michael Reese Hospital site; the 78, a development planned on 62 acres along the river between the South Loop and Chinatown; Fulton Market district properties controlled by multiple owners; Illinois Medical District redevelopment; the soon-to-be-vacated, 145-acre McDonald's campus in Oak Brook, which the company will leave for Fulton Market; and more than 260 acres available for development on the longtime Motorola Solutions campus in Schaumburg, where Zurich North America recently built a new headquarters.

Even if Amazon chooses a different city, it's still good for Chicago. I'm just not sure about the $2 bn giveaway.

Crap beer sales are going to pot

People watching the big-beer industry (think: Miller Lite and Coors Light) expect a 7.1% decline in mass-market beer sales—$2.1 billion annually—as more states legalize cannabis:

"There's a ton of overlap in marijuana and domestic beer consumption among younger college males," says Rick Maturo, co-founder of Cannabiz Consumer Group, an Inverness-based research company. "This is the group that drinks beer at a heavier volume and is most likely to cut back if cannabis is legally available."

He says 27 percent of beer drinkers say they've already substituted marijuana for beer or would do so if the drug were legalized in their state. Other research predicts an even worse dip: Alcoholic beverage sales fell 15 percent after the passage of medical marijuana laws in a number of states, according to researchers at the University of Connecticut and Georgia State University.

Sales of Coors Light and Miller Lite were down 3.6 percent and 1.6 percent, respectively, through the third quarter ​ from a year earlier, according to Nielsen data from Beer Marketer's Insights. In October, Molson Coors, MillerCoors' Denver-based parent, said its U.S. beer sales dropped nearly 3 percent in the previous quarter. And between 2010 and 2016, the light category as a whole saw volumes decline by 14 percent.

What's worse: The decline of Miller Lite and Coors Light is nearly impossible to offset through other sales—even as the brewer's Leinenkugel's and Blue Moon brands post robust results—because the two light beers represent more than half of MillerCoors' overall sales volume. They're "a major driver of our profitability," CEO Gavin Hattersley acknowledged on MillerCoors' third-quarter earnings call recently.

Two things: first, pot was criminalized in the wake of the 21st Amendment exactly for this reason. Second, I'm not sorry to see declines in the sales of horrible products.

Busy day link round-up

I have some free time coming up next Friday, but until then, there's a lot going on. So I have very little time to read, let alone write about, these stories from this week:

Back to project planning...

Eddie Lampert loses a limb

The Sears death watch continues. Eddie Lampert's combination of incompetence and narcissism has now officially destroyed Sears Canada:

Sears Canada plans to liquidate its remaining stores with the loss of about 12,000 jobs, unable to fend off the march to online shopping after operating in malls and towns across the country for 65 years.

The Toronto-based chain will seek court approval for the filing on Friday and begin liquidation sales at its remaining 150 stores on Oct. 19 at the earliest, according to a statement Tuesday. The move follows a last-minute attempt by Executive Chairman Brandon Stranzl, backed by Blackstone Group, to put together an offer to save the retailer.

But the company said it didn't receive a viable bid to keep the stores operating as a going concern. Sears Canada filed for creditor protection in June with liabilities of $880 million in U.S. currency and had been gradually closing its 225 stores.

This comes just five days after Lampert invested $100m more of his own money in keeping Sears Holdings afloat. Good luck with that.

I think the only justifiable outcome here is for Lampert to become destitute, and then not die or become homeless because of government aid.

Who needs privacy?

Republican Illinois governor Bruce Rauner, the best governor we have right now, vetoed a bill that would have required companies to get affirmative consent from consumers before selling their geolocation data:

“The bill is not overreaching,” said Chris McCloud, a spokesman for the Digital Privacy Alliance, a Chicago-based nonprofit advocating for state-level privacy legislation. “It is merely saying, ‘If you’re going to sell my personal geolocation data, then just tell me upfront that’s what you are going to do so I can make a decision as to whether I want to download this app or not.’ ”

The Federal Trade Commission has issued general guidance, and there are a variety of industry self-regulatory codes of conduct, from automakers to online advertisers, but federal law does not provide clear geolocation privacy protection.

The online advertising industry increasingly depends on tracking consumers to serve up lucrative and effective targeted ads. Data collection enables advertisers to learn everything from your search habits and recent purchases to where you travel, often in real time.

Remember: you're the product, not the customer. And that's how Republicans like it.

The second-most disgusting thing you'll read today

While not quite as viscerally grotesque as a 140-tonne fatberg, new details about the failures at Equifax that led to its massive data breach are still pretty disgusting:

Equifax has confirmed that attackers entered its system in mid-May through a web-application vulnerability that had a patch available in March. In other words, the credit-reporting giant had more than two months to take precautions that would have defended the personal data of 143 million people from being exposed. It didn't.

As the security community processes the news and scrutinizes Equifax's cybersecurity posture, numerous doubts have surfaced about the organization's competence as a data steward. The company took six weeks to notify the public after finding out about the breach. Even then, the site that Equifax set up in response to address questions and offer free credit monitoring was itself riddled with vulnerabilities. And as security journalist Brian Krebs first reported, a web portal for handling credit-report disputes from customers in Argentina used the embarrassingly inadequate credentials of "admin/admin." Equifax took the platform down on Tuesday. But observers say the ongoing discoveries increasingly paint a picture of negligence—especially in Equifax's failure to protect itself against a known flaw with a ready fix.

(Emphasis mine.)

Whenever people conservatives say that private industry is better at solving problems than government, I just think about some of the companies I've worked for, stir in crap like this, and laugh out loud.

Change to Illinois small business insurance

With only a very small group to insure, Blue Cross/Blue Shield of Illinois is leaving the Obamacare exchange for small businesses:

Calling all small businesses with a Blue Cross & Blue Shield of Illinois plan through the Obamacare public health insurance exchange: Look out for an email this week informing you that the state's largest insurer is officially leaving the online marketplace.

That leaves small employers looking for an exchange plan for 2018 with one option: downstate Health Alliance. Chicago-based Blue Cross, which has a dominating market share in Illinois among consumers and small businesses alike, still plans to woo small employers with plans off the exchange.

To be sure, the so-called Small Business Health Options Program, or SHOP, where small businesses nationwide can buy coverage on the federally-run online marketplace HealthCare.gov, never gained steam for a host of reasons. For one, small employers prefer trusted brokers instead of using their time to navigate the incredibly complex world of health insurance.

Blue Cross disclosed in August that it planned to leave SHOP, while the insurer proposed rate hikes for individual plans sold on the exchange. The online marketplace wasn't the most effective way to offer employers choice, said Brian Cheney, Blue Cross vice president of the small business market. Besides, businesses can buy the same sets of Blue Cross plans and rates on and off the exchange.

BCBSIL has no plans to leave the individual Obamacare exchange.

Predictable and sad

Credit reporting agency Equifax reported last week that thieves had made off with 143 million customer records:

According to a person familiar with the breach investigation, Equifax appears to have been targeted initially because the company keeps on file millions of active cards, belonging to people who pay $19.95 or more per month to have Equifax monitor their credit reports and alert them to potential fraud. The hack, which the company says took place in late July, put as many as 143 million consumers -- or half the U.S. population -- at risk.

The person, who requested anonymity to discuss the ongoing investigation, said the web application the attackers used to breach Equifax’s corporate network granted access to both the credit card files and back-end systems storing the exhaustive data profiles on consumers. Those profiles include Social Security numbers, driver’s license numbers and other sensitive information, Equifax said Thursday in a statement.

Criminals took advantage of a “U.S. website application vulnerability to gain access to certain files” from mid-May through July of this year, Atlanta-based Equifax said. The intruders also accessed dispute documents with personal identifying information for about 182,000 consumers. Credit card numbers for about 209,000 consumers were also accessed, the company said.

“You would expect these guys to have compartmentalized this data far enough away from a web server -- that there would not be any way to directly access it,” said Tim Crosby, senior consultant with security-assessment firm Spohn.

Knowing how large companies work, and knowing about the diffusion of responsibility principle, and having a healthy belief in the power of governments to correct for bad incentives, I can't say I'm surprised. Neither is the Atlantic's Ian Bogost:

There are reasons for the increased prevalence and severity of these breaches. More data is being collected and stored, for one, as more people use more connected services. Corporate cybersecurity policy is lax, for another, and sensitive data isn’t sufficiently protected. Websites and apps, which are demanded by consumers as much as they serve the interests of corporations, expose paths to data that should be better firewalled. Software development has become easy and popular, making security an afterthought, and software engineering has failed to adopt the attitude of civil service that might treat security as a first-order design problem. And hacking and data theft have risen in popularity and benefit, both as an illicit business affair and as a new kind of cold warfare.

Of course Equifax, as would be expected of a normally-functioning American corporation, bungled the response:

On Thursday night, I entered my last name and the last six digits of my Social Security number on the appropriate Equifax web page. (They had the gall to ask for this? Really? But I digress.) I received no “message indicating whether your personal information may have been impacted by this incident,” as the site promised. Instead, I was bounced to an offer for free credit monitoring, without a “yes,” “no” or “maybe” on the central question at hand.

By Friday morning, this had changed, and I got a “your personal information may have been impacted by this incident” notification. Progress. Except as my friend Justin Soffer pointed out on Twitter, you can enter a random name and number into the site and it will tell you the same thing. Indeed, I typed “Trump” and arbitrary numbers and got the same message.

So, yes, your worst suspicions are now confirmed. Equifax may actually make money on this breach. We would expect nothing less from the credit reporting industry, with which few of us would choose to do business but nearly everyone has to sooner or later.

The solution many people recommend is to freeze your credit reports—for a fee, multiplied by 4 to make sure you get all of the credit-reporting agencies. (Everyone has heard of Equifax, TransUnion, Experian...and Innovis. You've heard of Innovis, right? The one that doesn't offer a free annual report?)

Almost immediately, a team of lawyers including a former Georgia governor filed a class-action lawsuit. So have a group of plaintiffs in Oregon. We can also expect an action from the SEC relating to at least three Equifax managers selling their stock right before the announcement.

This situation is why we have government. The incentives for credit-reporting agencies run directly counter to the incentives of the hundreds of millions of people whose data they store. (You're not Equifax's customer; commercial enterprises are.) Without government regulation and higher liabilities for data breaches, this will just keep happening. But that's not "business-friendly," so the right-leaning American and British governments will dither for another few years until someone publishes the leaders' own data. Because their incentives are bad, too.

Amazon and Whole Foods

One week after Amazon's purchase of Whole Foods Market, what have we learned? Mainly that Amazon is great at marketing:

Amazon-owned Whole Foods wasted no time in reducing prices on certain food items across the store, including avocados, tomatoes, bananas, ground beef and eggs.

A few examples: At a Whole Foods in Evanston, a dozen white eggs went from $3.39 to $2.99; New York strip steak, from $18.99 a pound to $13.99; and organic bananas from 99 cents a pound to 69 cents.

But some analysts say the price cuts were mostly about creating buzz. Gordon Haskett Research Advisors, a New York-based market research firm, compared 114 items before and after the announced changes at a Whole Foods store in New Jersey and found an average price decline of only 1.2 percent, with 78 percent of the items unchanged from the previous week.

"As Amazon integrates Whole Foods' supply chain and distribution into its existing infrastructure, I think Prime members will become more willing to try Amazon's grocery platform, with the endgame being a higher Prime pricing tier. Still, I believe it will take some time before we can define the acquisition as a success," [said R.J. Hottovy, an analyst with Morningstar, a Chicago-based market research firm].

I went there Monday (see photo above), and saw some items marked down but otherwise not much changed. I'll be watching closely.