[Plura-list] Your mom is a tech ninja; The impossible scam of US drug plans

Cory Doctorow doctorow at craphound.com
Thu May 19 12:12:44 EDT 2022

Read today's issue online at: https://pluralistic.net/2022/05/19/the-weakest-link/


Next Weds (May 25), I'm giving a virtual keynote at the ABC Copyright Conference (University of Western Ontario/London):



Today's links

* Your mom is a tech ninja: Your boss? Not so much.

* The impossible scam of US drug plans: Even the guy who invented them can't figure them out.

* Hey look at this: Delights to delectate.

* This day in history: 2002, 2007, 2012, 2017, 2021

* Colophon: Recent publications, upcoming/recent appearances, current writing projects, current reading


🐈‍⬛ Your mom is a tech ninja

What makes someone "good at technology?" In part, it's an understanding of the underlying technical principles and industry conventions - what a "power on" icon looks like, say. I have a lot of that. But there's another component, one that's often invisible to people like me: the extent to which your technology was designed to suit your needs.

I have a lot of that, too. I'm a 50 year old, middle-class, tech-industry adjacent professional man with an honorary PhD in computer science. Not only do tech designers think like and about me when they create new products - they often *ask* me what I think I need.

Several times per year, I'll get on a call with product managers and researchers at both big and small tech companies to discuss some planned product. I am good at tech, but tech is also good at me. It doesn't just meet me halfway - it bends over backwards to meet my needs.

Some years ago, I joined the advisory board for Simply Secure, a nonprofit that helps tech designers build strong security tools that are intended to be usable by non-technical people.


In my first call with the org's founder, Meredith Whittaker, I suggested a slogan for the products we helped with: "So easy, even your boss can use them." You see, I've been an IT manager, and in that rule, I've had to institute security policies, like minimum standards for passwords, mandatory VPN usage, and other important (but often cumbersome) measures.

In these circumstances, I always did my best to explain to my co-workers that these measures were not me being high-handed or sadistic, loading them up with pointless busywork. I tried really hard - with pretty good success - to convey the rationale behind these measures and the risk I was trying to mitigate.

This isn't just a matter of being respectful to the people I was working to protect, it was also key to that protection - when people don't accept security measures, they circumvent them. As this amazing ethnography of security-bypassing medical professionals puts it, "You Want My Password or a Dead Patient?"


It's really important to get rank-and-file workers to understand why you're asking them to endure the inconvenience of a security measure, but it's far more important to get your *boss* to understand this. After all, even if your co-workers don't buy in, you have some authority to mandate their cooperation, whereas your boss gets to override you.

Everyone who's worked in security has had experience with this: you get a call from the CEO like, "Look, Poindexter, I don't give a monkey's asshole about the VPN or whatever. I need to download a presentation to raise the capital to pay your salary, and as soon as the kid in the lobby of this Comfort Inn is done Reddit shitposting on the shared lobby iMac, I need to download that file to this USB stick I found in the parking lot of an Arby's and transfer it to my laptop. Make it happen!"

This is why I suggested "So easy your boss can use it," as a replacement for the odious "So easy your mom can use it." Bosses have the social clout to force the universe to rearrange itself to your comfort.

Moms, not so much.

Tech designers are notoriously indifferent to the needs of moms - and other marginalized users - when they plan their products. The emblem of this was the Honeywell Kitchen Computer, a $10,600 recipe-organzing database system the size of a kitchen counter, offered for sale in the 1969 Nieman-Marcus Christmas catalog:


The men who designed this computer didn't ask their wives - whose nightly dinner-cooking duties they set out to automate - whether they needed a $10,000, 100lb recipe organizer that you queried by punched paper tape. Not one unit sold.

Everything your mom does with a computer is twice as hard as the things that I do with a computer. Even if your mom gets more consideration from product designers today than she did in 1969, I'm getting more consideration. When I use a computer, I'm playing the game of life on the lowest difficulty setting:


But as easy as things are for me, they're even easier for your boss, who doesn't just play on the lowest setting - your boss gets to play in God Mode. They get highest-level access to company systems *and* they get to ignore the security policies their underlings must obey.

Hence IFL Science's study of CEO passwords for Nordpass, which found that the median CEO uses a password that is "startlingly dumb," in the phraseology of the headline for *PC Gamer*'s article on the study, by Katie Wickens:


The study analyzed 290 million data-breaches and clustered the leaked passwords by job title, finding that the most popular passwords for the highest-ranking employees were typical of the worst password choices: "123456," "picture1," "password," and names like "Tiffany," as well as mythological animals like "Dragon."

These passwords aren't *worse* than the median breached password, but they should be *better*. With great power comes great responsibility, after all. C-Suite Impersonations are extremely dangerous to companies - forged emails from top execs have led to millions of losses at a swoop, when the impersonator orders an underling to transfer millions to pay a bogus invoice.


It's a safe bet that the IT managers who work for these execs know about the risk of C-Suite account takeovers, and it's a sure bet that the execs who chose these bad passwords had heard advice about choosing strong passwords. But unlike your mom, your boss gets to overrule IT policies.

Passwords suck and they're hard to do well. You (and your mom, and your boss) should be using a password manager and using a different, strong, randomly generated password for every service.


You should also turn on two-factor authentication for every service, using either a hardware token or a standalone 2FA app (*not* SMS!):


Meanwhile, let's normalize saying, "So easy my boss can use it" and banish "so easy my mom can use it" to the scrapheap of history.


🐈‍⬛ The impossible scam of US drug plans

US health insurance is a dismal swamp of scams and opacity, a system whose patient outcomes are in freefall and whose patient costs are screaming upwards on a line that it asymptotic to infinity. As bad as the whole health insurance system is, drug plans are *worse*.

It is literally impossible to get a good deal on drug plans. Literally. How can I be sure that this is the case? Because Wendell Potter can't, and if he can't, you can't. Potter is the former top Cigna lobbyist who changed sides and became a tireless advocate for Medicare for All, dedicating himself to revealing the evil schemes behind your spiraling costs and declining health.


Potter was one of the architects of the 2003 Medicare Modernization Act (MMA), providing talking points to the Congressmonsters who voted for it. Under MMA, Medicare was prohibited from negotiating drug prices with pharma companies. Thus Americans pay US companies 200-400% more for their meds than Canadians pay to those same US companies:


Potter is now *on* Medicare, and so he's got a front-row seat to the MMA's effects, two decades on. He's got an Rx for a Symbicort inhaler for a chronic cough, and he pays $606 every three months for this. That's because Medicare Part D users are expected to have a drug plan, and these drug plans are all eye-glazingly complex scams:


Now, Potter is an industry insider, so he knows that there are often generic alternatives to name-brands like Symbicort. He asked his doc, and she prescribed a generic, fluticasone propionate-salmeterol. That's where Potter's tale gets interesting (and for interesting, read "terrible"):


It turns out that, thanks to MMA, Medicare often provides *zero* coverage for generics, as a condition of secret rebate deals drug plan insurers cut with "Pharmacy Benefit Managers" (PBMs). PBMs are also a scam, one of those boring, complex, useless elements of US health insurance that exists solely to produce billions for monopolists:


PBMs get special dispensation to create monopolies, in the name of cutting deals that are supposed to benefit the patients who rely on them. This special dispensation was originally coupled with a legal obligation to wield monopoly buying power on behalf of patients, but the PBMs successfully lobbied to do away with that obligation. They get the privilege, but no responsibilities to go with it.

Potter's drug plan comes from Wellcare. Sure enough, they provide zero coverage for the generic alternative to Symbicort. But Potter is a pro. He knows that services like GoodRx let you comparison shop and search for discounts to get a *better* deal on insurance-excluded generics than you'd get by going through your insurer.

GoodRx sent Potter to his local Rite-Aid, where a three month supply of fluticasone propionate-salmeterol costs $286.50. Now, fluticasone propionate-salmeterol isn't actually a generic for Symbicort - it's a generic for a *similar* med, from Mylan, called Wixela.

So Potter, being a pro, asked the Rite-Aid pharmacist if Wixela was covered by his drug plan, and it was - $141 for a three month supply, a $55.17/month savings over the generic.

So Potter sort-of got a happy ending. All he had to do to save $155/month was:

* Know that generics exist;

* Ask his doctor for a generic;

* Be told that a generic didn't exist for his med;

* Press on and get a scrip for a generic of a similar med;

* Use a search-engine to find a deal on his generic because his insurance doesn't cover it;

* Ask the pharmacist whether the name-brand alternative to the generic *is* covered


Of course, by this point, Potter had *already* been paying the higher price for some time, shoveling money into monopolists' gaping maws. There is arguably no one better equipped in America to do what Potter did, and even he lost hundreds of dollars before he managed it.

As Potter says, people with "cancer, MS, or other life-threatening conditions," often must spend thousands before their insurance even kicks in, and even then, their insurers likely don't cover many of their meds. That's why so many people *with* insurance end up in medical bankruptcy.

By design, the MMA made Medicare Part D drug coverage impossible to decipher, "because of the ever-changing list of medications insurance plans will or will not cover," and remember, it also *banned Medicare for bargaining on drug prices*.

Potter closes with a note of hope: there's an activist called "Lower Out of Pockets NOW" that is attracting bipartisan Congressional support, with talk of forming a caucus to address pharma ripoffs:


In the meantime, there's the all-American tactic of "have you tried not being sick?" coupled with "do a search on GoodRx" and "remember to ask your pharmacist about generics *and* name-brands."


🐈‍⬛ Hey look at this

* Big sale on Rudy Rucker's oil paintings https://www.rudyrucker.com/paintings

* The Freezine of Fantasy and Science Fiction https://freezineoffantasyandsciencefiction.blogspot.com/2022/05/the-mind-gives-chaos-nudge.html (h/t John Shirley)


🐈‍⬛ This day in history

#20yrsago The annotated ETCON http://www.aaronsw.com/2002/etcon/notes

#15yrsago Fair(y) Use Tale: AMAZING video cuts up Disney to explain copyright https://cyberlaw.stanford.edu/blog/2007/03/fairy-use-tale

#15yrsago How the right to attach can keep spectrum free https://web.archive.org/web/20070531165646/http://www.timwu.org/log/archives/134

#10yrsago TSA frisks actual (but likely harmless) mass murdering serial bomber http://www.loweringthebar.net/2012/05/tsa-gropes-kissinger.html

#10yrsago Swedish telcoms giant Teliasonera complicit in mass surveillance in the world’s worst dictatorships https://www.eff.org/deeplinks/2012/05/swedish-telcom-giant-teliasonera-caught-helping-authoritarian-regimes-spy-its

#5yrsago Feds admit they used secret anti-terror mass surveillance tool to catch an undocumented waiter https://theintercept.com/2017/05/19/feds-used-secretive-phone-tracking-tool-to-hunt-down-undocumented-immigrant/

#5yrsago An IoT botnet is trying to nuke Wcry’s killswitch https://www.wired.com/2017/05/wannacry-ransomware-ddos-attack/

#5yrsago Disney’s Hall of Presidents show reportedly rolled back so Trumpbot won’t get a speaking role https://historynewsnetwork.org/article/165980

#1yrago Dead, broke: What it's like to inherit nothing but debt https://pluralistic.net/2021/05/19/zombie-debt/#damnation


🐈‍⬛ Colophon

Today's top sources: Naked Capitalism (https://www.nakedcapitalism.com/, Slashdot (https://slashdot.org/).

Currently writing:

* Some Men Rob You With a Fountain Pen, a Martin Hench noir thriller novel about the prison-tech industry. Friday's progress: 539 words (4937 words total)

* The Internet Con: How to Seize the Means of Computation, a nonfiction book about interoperability for Verso 1038 words (1644 words total)

* Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. Yesterday's progress: 508 words (92849 words total) - ON PAUSE

* A Little Brother short story about DIY insulin PLANNING

* Vigilant, Little Brother short story about remote invigilation. FIRST DRAFT COMPLETE, WAITING FOR EXPERT REVIEW

* Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION

* Spill, a Little Brother short story about pipeline protests. FINAL DRAFT COMPLETE

* A post-GND utopian novel, "The Lost Cause."  FINISHED

* A cyberpunk noir thriller novel, "Red Team Blues."  FINISHED

Currently reading: Analogia by George Dyson.

Latest podcast: Revenge Of The Chickenized Reverse Centaurs

Upcoming appearances:

* ABC Copyright Conference keynote (University of Western Ontario/London), May 25

* OpenJSWorld Keynote (Austin), Jun 8

* UK Competition and Markets Authority Data Technology and Analytics conference (London), Jun 15-16

* A New HOPE (NYC), Jul 24

Recent appearances:

* Revolutionizing Activism — The Power of Utopia (Center for Artistic Activism)

* A Little Patience and a Lot of Tape (This Week in Tech)

* Blockchain, Crypto & Web3 (Life Itself podcast)

Latest book:

* "Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The *Washington Post* called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html

* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59 (print edition: https://bookshop.org/books/how-to-destroy-surveillance-capitalism/9781736205907) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)

* "Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html

* "Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.

Upcoming books:

* Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin, nonfiction/business/politics, Beacon Press, September 2022

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.


Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


🐈‍⬛ How to get Pluralistic:

Blog (no ads, tracking, or data-collection):


Newsletter (no ads, tracking, or data-collection):


Mastodon (no ads, tracking, or data-collection):


Medium (no ads, paywalled):


(Latest Medium column: "The Fatfinger Economy" https://doctorow.medium.com/the-fatfinger-economy-7c7b3b54925c)

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):


Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):


"*When life gives you SARS, you make sarsaparilla*" -Joey "Accordion Guy" DeVilla

More information about the Plura-list mailing list