Wednesday, September 22, 2010

Emergent fraud: Anthem and automatic payment denials

Anthem, so someone wrote, puts the Hell in Health Care. Today's particular slice of Hades is a lovely example of how fraud evolves when natural selection meets entropy. Nobody has to plan this kind of scam, it just happens when you add incentives to markets.

I uncovered this example when I phoned to double/triple/quadruple check that a costly (age sucks) preventive medicine procedure was covered by my consumer driven health care plan.

Indeed, I was told, it is. I didn't hang up though. I'm too paranoid experienced. I pressed a bit more. The pleasant representative let slip that there was one catch.

When she said this, I swear I heard her pray that the call recording would go unheard, lest her children go unfed. Imagination, I'm sure.

The catch is that the claim will always be initially denied. It will, however, be promptly paid after a customer calls to "Appeal". If a customer doesn't appeal, however, they will have to pay the claim themselves.

I am pretty sure I know how this scam came to be.

The plan I'm in was, I believe, once part of a small consumer-driven healthcare plan startup that was acquired by a larger company. The two companies would have had different IT systems. The larger company probably outsourced IT integration, but, as often happens, I expect that didn't go well.

If I'm right then Anthem still doesn't have the right software to manage our kind of plan. When Anthem receives a claim, the software must choose between paying for claims that should be denied, or denying claims that should be paid.

You can imagine how long it took to make that decision, and how different the outcome would be with different incentives.

Since they really aren't crooks, just regular people in a hard job, they wrote Appeals process documentation so their agents would pay on Appeal. Probably 95% of their customers do appeal.

Five percent or so, however, probably don't appeal. They pay, or go bankrupt, or whatever. That five percent is pure margin. That margin probably made someone a VP.

Fixing the problem would unmake a VP. There's no money for IT anyway.

And so it goes.

It's a scam, but there's no intelligent designer. Just evolution in action. Health insurance companies can't help but be evil. It's in their incentives.

related stuff from me:
--
My Google Reader Shared items (feed)

Visiting hotels in the bedbug era

I've been wondering what bedbug experts do when they travel. This NYT article gave some hints ....
Step Right Up for Pest Control at Bedbug Meeting - NYTimes.com
.... Nearly everyone said they had done as much when they arrived at the host hotel, and the maids may find more than a few headboards askew from their search. Many people said they started out by putting luggage on the bathroom floor, the better to see any scurrying, before investigating hiding spots in the rest of the room. One man put his luggage inside a bedbug-proof bag and kept all his clothes on a non-fabric chair throughout his stay, though his initial survey found nothing...
Sounds like the process is:
  1. Put luggage in a relatively safe place -- the bathroom (because it's easy to search).
  2. Carry a bedbug luggage bag?
  3. Search room esp. behind the headboard. If you see bedbugs, leave for the front desk and request a new room? (And if they have none? Sleep in the street? Do you want to know?)
  4. If you don't see bedbugs avoid fabric and drawers (hang in bathroom rail?)
Maybe furniture and car seats will return to being wood, vinyl and plastic?

Tuesday, September 21, 2010

How I know Google's Blogger is dying

Nobody but me screams about how bad the new text editor is.

Try this experiment with Safari/Mac and the editor:
  1. Write a post in the rich text editor with paragraphs.
  2. Copy from the HTML view.
  3. Paste into a different post HTML view.
  4. View in Compose (rich text). Note the absence of paragraphs.
That's just the tip of the iceberg.

So what do I do with this blog?

If I were rational, I'd vote GOP

I consider myself relatively rational.

I believe the GOP is the anti-civilization party. A vote for the GOP is a vote for the collapse of our technocentric science-dependent society.

I also believe the greatest threat to human survival is artificial sentience, and I think it will happen with 100 years. It might happen within the lifespan of my children.

Unless civilization collapses.

How rational am I?

Dentistry

What's the chance that our dentistry practices are optimal?

Think about it.

Many of the practices of 1980 medicine have been found ineffective or even misguided.

Remember estrogen therapy?  If you're a physician of a certain age, that question should make you shudder.

But we still brush and floss much as we did in 1980?

Do you really think we got it right the first time?

Or is that we really don't do dental prevention research?

Imagine the cost if we've got it wrong.

Monday, September 20, 2010

Google's two factor authentication and why you need four OpenID accounts

My Google account was hacked two weeks ago, so today Google is deploying two factor authentication to (paid) Google Apps.

What, you think that's coincidental? You underestimate my power (cue mad laughter).

This is a good thing, but it won't prevent a keystroke logger from pinching your password if you use an insecure (ex: XP) machine. On the other hand, maybe I'll switch to a trivial password and just rely on the more robust 2nd factor.

Which brings me to OpenID and OAuth. In my latest post-hack "what am I doing" post I warned against OpenID. The only thing worse than losing a critical password to keystroke logging is losing a critical OpenID password.

Since then I've been thinking about where we're going, and I think there's a place for OpenID/OAuth and two factor authentication.  More specifically, there's a role for multiple OAuth (I'll drop the /OpenID for now) accounts - one for each of the five credential classes.

What's a credential class? Think  in terms of how you'd feel about someone taking your credentials ...
I: You want it? Take it.
II: I'd rather you didn't.
III: Help!! Help!! 
IV: I'll fight you for it.
V: Kreegah bundolo! Kill!! 
We need a master account with Category V security. The One Ring account has two factor authentication and a robust reset procedure that might involving banks and other identity authentication services. It may be tied to a strong identity as well, but that's another post. You only enter these Category V credentials on a secure machine and an encrypted connection. The Master Account can be used to override and change the passwords on lesser accounts.

From the master account we have four other credentials (un/pw combinations), each with OpenID/OAuth services.

The Class IV credential service is what we use with Gmail and a range of high-end OpenID/OAuth services like banks. We enter these credentials only on a secure machine - but there's a degree of comfort from having a Class V account that can change passwords. On less secure machines maybe we use two factor authentication.

The Class III credentials are what we use anywhere that has credit card capabilities. Use these for Amazon and iTunes.

Class II credentials are for your spam only Yahoo email and the New York Times.

Class I credentials are for the Minneapolis Star Tribune.

In a world of widespread OAuth/OpenID type services and this type of master account we really need to know five passwords, and only three of them have to be decent passwords. We can manage that.

This is where we will go.

We can do it now of course, by setting up five Google accounts. It will probably get a lot easier when Google Apps start providing full Google account services for each user, with optional two factor authentication.

In fact, this is so simple I'm surprised MyOpenID doesn't do it already.

Maybe in two weeks.

Bayes theorem - in a nutshell

xkcd: Conditional Risk. Beautiful. Should be the first graphic in any lecture on Bayesian statistics.

Sunday, September 19, 2010

Yes, you're living at the end time - emulating the 6502 chip

jwz - Visual Transistor-level Simulation of the 6502 - in Javascript. This team use photographs of the 6502 chip to create a model of the circuits and their interactions, allowing the physical chip to be modeled ...
Visual 6502 FAQ
.... There are many excellent emulators available, but emulation is approximation. It can be extremely difficult to create an accurate emulator, because the typical approach to writing an emulator is to glean information from chip specification documents or more rarely from any chip schematics that happen to be available. This information is always incomplete and even the original chip logic schematics (also Verilog and VHDL code) can differ from what was actually built in silicon (see ECO). A disciplined emulator will capture and use traces of actual chip behavior, but it's near impossible to capture the billions of sequences of bits that a real chip gives rise to. Instead, we build a virtual chip by modeling and simulating the actual microscopic parts of a physical chip. We're interested in accurately preserving historic designs. It's archaeology for microchips.
While a multitude of people understand the instruction set for the 6502, almost no one, apart from the original designers, understands how the physical chip achieves this instruction set. The design is as elegant and sophisticated as any program written for the 6502. As digital archaeologists, we invite the current generation of hardware and software engineers to appreciate the work of the small number of designers who created the basis of everything we do today...

GV Mobile is back. What's next?

This pusilanimous Apple web site document justifies a reasonable amount of Apple hatred. It was written after Apple declared war on Google in July of 2009 ...
Apple Answers the FCC’s Questions 
Contrary to published reports, Apple has not rejected the Google Voice application, and continues to study it....
The following applications also fall into this category.

  • Name: GVDialer / GVDialer Lite... 
    Name: VoiceCentral.. 
    Name: GV Mobile / GV Mobile Free...
One of the most wretched things about this press release is that none of the complaints Apple had with Google's application (some legitimate) actually applied to GV Mobile and its competitors. Banning them, along with Google Apps like Latitude, was proof that Apple wasn't protecting the user experience, they were in a commerce war with Google.

Since then the FTC has been squeezing Apple, and GV Mobile is back (bit of a botched debut though). I wonder if they pointed out that while Apple might get away with blocking Google Voice, they had gone too far when they blocked GV Mobile. If that's true, I wonder if we'll see other Google related apps appear, like a Google Latitude client that actually works (sorry Latitudie).


PS. Yes, I know the formatting of this post is a mess. Google has outsourced their Blogger rich text editor to Microsoft Adobe. You have a better explanation? (I wrote Microsoft, but, really, this stuff they do well.)

Saturday, September 18, 2010

Muslim world - I'm sorry too

Nicholas Kristof apologizes for his fellow Americans ...
Nicholas Kristof - Message to Muslims - I’m Sorry - NYTimes.com

Many Americans have suggested that more moderate Muslims should stand up to extremists, speak out for tolerance, and apologize for sins committed by their brethren.

That’s reasonable advice, and as a moderate myself, I’m going to take it. (Throat clearing.) I hereby apologize to Muslims for the wave of bigotry and simple nuttiness that has lately been directed at you. The venom on the airwaves, equating Muslims with terrorists, should embarrass us more than you. Muslims are one of the last minorities in the United States that it is still possible to demean openly, and I apologize for the slurs.
I don't agree that moderate Muslims should apologize for their brethren's sin. Otherwise, I liked the essay.

Even though I don't believe in the cultural or tribal inheritance of sin, I'm personally ok with apologizing for American whackos. Sorry everyone, we have more than our share of frightened people living in a world they can't understand. We also have Newt Gingrich, but he's just a psychopath.

Monday, September 13, 2010

Technological regressions: two examples

Two examples of technological regressions.
  1. Typing. I'm filling out hockey forms. By printing with a pen. Once upon a time I might have typed them. I was a fast typist.
  2. Reliable phone calls. Switched circuit calling was inefficient, but the quality was excellent. Now we have layers of VOIP everywhere -- and it's nowhere near as good as switched circuit. When you add mobile delays to VOIP home phones to VOIP teleconferencing systems you get voice quality from 1940s long distance.
I'm sure there are others ...

RIP Bloglines. So is the feed next?

Bloglines is closing - at last.

It was a mercy killing. I started out with NetNewsWire on OS X, but Bloglines is what I remember -- starting in 2004. They were good then. When Reader first appeared in October 2005 Bloglines was clearly superior.

In 2006 Bloglies was acquired by Ask.com, and they rolled out a nice constrained search feature.

That was the high water mark. After the acquisition Bloglines was put in the freezer, but Reader kept getting better. I started playing with Reader in late 2006, but I was still a Bloglines guy in July 2007. I did note, however, that the feeds were updating erratically.

That was a bad sign, but not as bad a sign as the failure to develop a mobile version of Bloglines. My iPhone made me switch to Reader for good in August of 2008. By September of 2008 there was no comparison - Google Reader was clearly better.

In retrospect Bloglines died in July 2007 -- more than three years ago. I assume Ask.com kept it around while they looked for a buyer who'd sell it into the corporate marketplace. (I tried to persuade Ask.com that this was a good idea). Maybe Bloglines had some secret revenue somehow.

Even though Bloglines was well past its due date, the formal expiration has produced the usual comments about the death of the Feed Reader. I am sure none of those commentators actually used Bloglines in the past year or two.

Even if we disregard the uninformed, however, it is true that Onfolio (Win), Omea Pro, and Newsgator Inbox all expired alongside Bloglines. They were done in by the combination of Outlook 2007 (abysmal reader - like OS X Mail.app, but workflow is good) and Google Reader. On the other hand, iOS and Android have produced a new crop of very useful clients (albeit all Reader clients!) and OS X has Safari (fair) and NetNewsWire (still!).

Between Outlook 2007, Google Reader, and OS X/iOS/Android readers we're probably neutral to positive across the Feed Reader landscape over the past four years. What about use of feeds then? Google has some numbers ...
Official Google Reader Blog: A welcome and a look back 
... Since Reader's fifth anniversary is also approaching (though it feels like yesterday, Reader was launched on October 7, 2005), we thought it might be a good time to reflect on how Reader has grown over the past few years.... Here's a graph of Reader users over time (where 'user' is defined as someone who has used Reader at least once a week)...
And as we found out this past April, Reader users sure do like to read lots of items. Here's another graph, this time of the number of items read per day...
The graphs would be more interesting if the y axis were (cough) labeled, but there's pretty respectable growth -- albeit with a 2010 plateau that's only now turned upwards again.

As a consumer of feeds I can report the quality remains excellent. Some of my favorite writers have slowed down, but many of them do return over time.  I particularly appreciate the combination of direct feeds and shared items from the Readers I follow. The Notes/Comments muckup makes my teeth ache, but Reader remains one of Google's best products.

Readers aren't for everyone (though they should be), but for infovores they are red hot data joy. It's a big world, and the infovore community is big enough, and geek-powerful enough, that feeds and readers have years to go.

After all, Google is clearly a fan.

Sunday, September 12, 2010

After the hack: Why you REALLY shouldn't do personal business on a corporate machine

Corporations hate employees doing personal business on office machines.

I, of course, have never done this. I've certainly not checked my family calendar, or managed personal email, or browsed my Google Reader feeds on my corporate laptop, either at home or at the office.

Corporations hate this because employees should be working. Besides, it's an obvious security risk. Employees visiting off-color web sites are sure to bring viruses to work.

I agree. Sort of. Specifically I agree employees shouldn't use their Google credentials on corporate machines, and I agree there's a security risk -- for someone.

Mostly, though, the security risk is for the employee, not the corporation.

Let me explain why.

As best I can tell the average large publicly traded company admits to at least one major XP malware attack every 4-12 months. I expect the real number is twice that. That's a pretty high attack rate. A lot this of this malware, like Lemir.VA, incorporates a keylogger function. This malware captures usernames and passwords and sends them on.

If you check your family calendar at work, that would include your Google credentials. Your robust password is now meaningless; you will be hacked like I was.

That's at work. How about at home? Well, in our OS X/iOS household we haven't had a malware attack for over five ten years. My home is far more secure than my workplace.

It's safe to access Google from home. It's not safe to access Google from my office.

So you shouldn't use the office computer for personal work after all. It's in a very bad neighborhood, you really don't want to take your Google credentials there.

Saturday, September 11, 2010

The Religion Poverty correlation - cause?

Religiosity and national wealth are inversely correlated.

This is not a new finding, though the linked graph is novel. The US is an obvious outlier. Iran used to be an outlier too -- more religious than expected. I can't find it on the chart, but I believe Iran is much poorer than it used to be, and perhaps less religious too.

The usual assumption is that as a nation becomes wealthy, and better educated, it becomes less religious. Of course it could be the other way around. It might be that religiosity makes a nation poorer.

That would explain Iran. And the US too, I suppose.

Most likely, however, both wealth and religiosity are more directly related to national education levels.

We're crazy now. We were crazier forty years ago.

Limbaugh. Beck. Palin. Bachman. Pawlenty. Mosque madness. Burning Qu'rans. Marketarianism. Denialism. Birther. TrutherAmerican torture.

We're certifiable. It's not just 9/11 -- we elected Cheney and denied reason before that. It took 9/11 though, to really put us in asylum territory.

If you care about humanity, or your own family, it's a wee bit depressing. That's why I liked Graham Burnett's Orion article. It's ostensibly about dolphins, but it tells the story of a peculiar man in a peculiar time not so long ago...
A Mind in the Water | Orion Magazine

... who was Lilly? His early biography offers little hint of what would be his enduring obsession with the bottlenose. Taking a degree in physics from Caltech in 1938, Lilly headed off to study medicine at the University of Pennsylvania, joining the war effort as a researcher in avionics. An early photo shows him as a rakish young scientist, smoking a corncob pipe while tinkering with a device designed to monitor the blood pressure of American flyboys—a number of whom, in those days, were actually using surfacing cetaceans for strafing practice.

After the war, motivated in large part by contact with the pioneering brain surgeon Wilder Penfield, Lilly turned his hand to neuroscience, applying the era’s expanding array of solid-state electronic devices to the monitoring and mapping of the central nervous system. Eventually appointed to a research position at the National Institutes of Mental Health (NIMH), Lilly spent the better part of a decade conducting invasive cortical vivisection on a variety of animals, particularly macaques. In the spy-versus-spy world of the high Cold War, this kind of work had undeniably creepy dimensions. Manchurian Candidate anxieties about “forced indoctrination” and pharmacological manipulation of political loyalties peaked in the 1950s, and security establishment spooks (as well as a few actual thugs) hung around the edges of the laboratories where scientists were hammering electrodes into primate brains...
Calech alumni. Medical training in Pennsylvania. Went into the tech industry. That's way too close to my life.

There are other intersections. I loved dolphins as a child; I'm sure I read his 1960 Man and Dolphin -- or at least the derivative works. (I was born in 1959, but in those days books lasted a long time in public libraries.)

Lily was genuinely crazy, but, as  Burnett reveals, so was his time.

This may come as a surprise to some. My generation has been keeping the 1970s in the attic, pretending it never happened. We got rid of all the books and most of the movies (the early music  we kept). We had lots of help -- everyone from that time has something to hide. The 1960s made a good distraction.

It's been forty years though. There are curious adults alive today with nothing to hide. They're going to start poking around the attic.

They'l find that the 1970s were seriously crazy. Yeah, America's nuts now, but, the good news is, we were at least as crazy then.