SCOTUS and Hobby Lobby: The Financial Facts

In light of the recent “Hobby Lobby” decision regarding healthcare, I thought I’d offer some facts. I’m trying to stick purely with the “fact” side of the situation; the “rightness” or “wrongness” of it is very much subject to your personal opinion on the matter. Both sides have arguments which they feel are legitimate.

The essence of the decision is that Hobby Lobby, a privately held corporation having a small number of owners, does not have to offer certain health coverage items that are mandated by the Affordable Healthcare Act (ACA, or popularly, “Obamacare”). Hobby Lobby’s owners specifically objected to coverage related to certain birth-control medications. The owners felt that being forced to pay for such coverage violated their First Amendment right to freedom of religion, in that they were being forced to pay for something that they objected to on religious grounds. The opposition’s primary argument was that the business, not the owners, had to pay for the coverage, and that businesses do not enjoy religious freedom. The Court held that, for closely held companies, the owners were indistinguishable from the business, and held in favor of Hobby Lobby. Other companies with similar lawsuits, including Conestoga Wood Specialties, were also covered by the decision.

There’s no question that “a business is indistinguishable from its owners” is a difficult piece of legal logic, because for the most part, the whole point of having a corporation is to separate it from oneself, usually for liability and tax reasons. The business is legally distinct in most ways, including paying taxes, owning property, and taking liability for its actions. Allowing some of the owners’ religious freedoms to convey to what is essentially a soulless entity strikes some observers as illogical. This is, in fact, what the entire case boiled down to.

One common comment has been that, “well, the employees can always opt out of the employer’s health plan, if it doesn’t cover things they want. They can buy their own plan.” Can they?

First, healthcare is expensive. The ACA defines “affordable” as any plan which consumes no more than 9.5% of someone’s annual income for self-only coverage (family coverage can cost more). For a full-time minimum wage employee, that means monthly health costs in excess of about $150 a month would be “unaffordable.” It is difficult to find plans, in most areas, that provide ACA-mandated coverage at that rate, especially once you factor in deductibles. For example, plans can be had at that rate, but they often feature cripplingly high deductibles of $5,000 or more. That’s not to say employer-provided plans are any better; it depends on the employer. And employers can, and often do, pass along some or all of the premium expense to employees, so the insurance isn’t necessarily “free.”

Second is the question of whether someone could qualify for subsidies to help with insurance costs. The rule here is different: someone earning up to 4x the Federal poverty level could qualify for a subsidy if the cost of insuring the entire family exceeds 9.5% of income. In some cases, then, employees would do better to strike out on their own for insurance. Taxpayers do not necessarily suffer on opt-out employee subsidies, as we shall see. The employer, in fact, usually pays at least a chunk of them.

Third is tax law. For the most part, employees who decline employer health plans cannot receive any additional compensation from the employer. That’s longstanding law; benefits are not “in lieu of wages,” and therefore you can’t pay someone money in lieu of benefits. So you can’t opt out of an employer plan and get any money to make up for it. However, there’s a trick:

Fourth is the ACA, and this is the tricky bit. Employers are required to automatically enroll employees, whether those employees want the coverage or not – but employees can opt-out of that coverage. But, if that employee then goes to their state marketplace and buys a subsidized policy, the employer is fined $2000-$3000. In essence, that fine pays for the subsidy. Employers are prohibited from discriminating against such employees, although we’ve yet to see how those prohibitions hold up.

So in some cases, particularly with low-wage workers, it may make more sense to opt out of the employer plan, go buy your own plan with a subsidy, and let your employer pay the fine to help pay the subsidy. You can get a plan that meets your needs, possibly pay lower (or zero) premiums (depending on your situation), and your employer is likely going to pay the same amount that they would have paid for your insurance – just paying it to the government in the form of a fine, which offsets the subsidy you received.

Applied specifically to Hobby Lobby, which has more than 50 employees and is therefore subject to the terms I’ve written about: The average employee makes $20,000 to $30,000 a year. Following the 9.5% rule, premiums could be in the $190/mo range and be “affordable.” For a household of three (assuming two adults and one child), the Federal poverty level is $19,790. If both parents works in a $25,000 job, their combined $50,000 income would fall well under the 4x poverty guideline, earning them some form of subsidy for their own policy – which would no longer be dependent on their employer’s decisions on coverage.

Under the subsidy rules, any premium in excess of $342/mo for family coverage would be eligible for coverage. Compare that with the $380/mo that the two parents would potentially have to pay for individual coverage apiece, and it’s a bargain – although the employer could choose to cover a larger portion of that premium, of course, making the employer plan cheaper. The calculator here was helpful in determining this. Of that ~$4,000 annual premium, the employer would be on the hook for $2000-$3000 of it, in the form of a government fine. So you could argue that Hobby Lobby would be buying (most of) the insurance regardless.

Note that ACA originally included a provision whereby lower-income workers could be goven a voucher from their employers, so that they could buy their own plan instead of being on the employer’s plan. Congress nixed that in 2011.

So the real question, “could a Hobby Lobby employee afford to opt out of their employer’s plan and buy one that offered coverages they wanted?” The answer: possibly. If Hobby Lobby is passing along the entire premium cost to employees, then definitely yes. If not, then it depends how much the company was covering. The company cannot offer additional compensation to employees who opt-out, so it’s kind of an all-or-nothing deal.

Again, whether you think the court decision was right or wrong is certainly your opinion – I’ve tried to lay out the financial details with as many specifics as possible.

Figures and law largely from




PowerShell DSC Camp… Coming in 2015

Yeah, I know it’s a ways, ways off, but these things take planning and prep, and I have to plan my life 12-18 months out. So…

The idea is to have a “DSC Camp.” It won’t be a literal camp, you’ll fly out to Vegas and stay in an off-Strip hotel right near my house. I’m thinking July 2015, right now – it fits with my schedule as it’s shaping up, and it’s not a bad time to be in Vegas. Yeah, it’s hot. I have a great swimming pool with lots of shade :).

You’ll get there, say, Thursday sometime (dates/days not yet decided). Thursday evening, we’ll have a little get-together at my house (we’ll get a shuttle bus or something to do the transit, so you won’t need a car).

Friday, Saturday, and Sunday morning we’ll do 4-5 hour classroom sessions at the hotel. Bring your own laptop, because we’ll be digging DEEP into DSC. Everything from composite configuration creation to custom resource design and authoring, including diagnostics, pull server planning, and even management tooling considerations. Everything.

We’ll adjourn midafternoon before the brains all fill up and die, but class won’t be over. Friday and Saturday, for example, we might head back to the house and enjoy the pool, where we can talk more informally about DSC strategy, digest some of the finer points, and enjoy a cooling beverage or three.

In the evenings, we’ll hit a local legendary restaurant, have pizza at the house (along with billiards or something), and hang. We might hit someplace fun, like the nearby Linq project on the Strip, or the local brewpub across the street.

You’ll take off Sunday afternoon or evening, unless you want to stay longer and enjoy some “me” time.

The idea is to combine some serious classroom learning with more informal discussion, group decision-making, and some fun.

This won’t be the cheapest weekend in the universe. I need to sort out costs and whatnot, but $1500-$2000 might be where it all settles out. That’ll include a lot of your meals, though, so you’ll just have to cover an off-Strip business-class hotel and your airfare, for the most part. All told, you might be looking at $3000-$3500, I’m guessing, for the entire trip.

And it’ll be limited to just 20 people. Oh, we’ll try and have some special celebrity guests, too, but you’ll be part of a very small, very select group. If it works out, we might make this an annual event and might even move it to other locations from time to time.

Anyway… it’s all kind of in “blue sky” thinking-about stage right now, so I’d love your comments, feedback, and ideas. We wouldn’t start selling this until the first half of 2015, so we’ve got some time to refine the concept.

So, whatcha think?

The One PowerShell Book I Hope You’ll Buy

I hope you’ll consider buying PowerShell Deep Dives. Here’s why:

First, it’s got almost 30 chapters written by community enthusiasts and MVPs. This is content you won’t find elsewhere, and it’s super-interesting stuff. You can really ratchet your PowerShell skills up several notches.

Second, you get a free book when you buy the print book.

Third, and most importantly, everyone who contributed has agreed to forgo royalties, instead donating all the royalties to SAVE THE CHILDREN. So by buying this book, you’re literally helping to make kid’s lives a little better. A lot of work went into this book by a lot of people, and we’re all really appreciative of the support!

Fourth, IT’S A FREAKING AWESOME BOOK. And you can make a hobby out of collecting autographs from each author.

Fifth, that’s all. Go get it!

Anything Not Related to Your Core Business is an Outsourcing Candidate

These days, companies are under increased pressure to turn in a more solid bottom line. New technologies and new approaches give us in IT an amazing ability to help – but in most cases, companies’ heads are still stuck in 1990, thinking they have to do everything themselves. Often, IT teams are  part of the problem, fighting back hard at the thought of ceding any jobs or control to someone else.

Let’s discuss.

First, separate in your mind the concept of outsourcing services and jobs. They are not the same thing. For example, suppose you decide to retire your on-premises Exchange servers and switch to Office 365. You will still need headcount to manage that – mailboxes don’t create themselves, dist lists don’t populate themselves, etc. You might need less headcount, and if that headcount had strong PowerShell skills it could probably really reduce your headcount need for that particular service. But if the “extra” headcount has good IT skills, then you should be deploying them to gang up on business-specific services that can’t be outsourced to anyone, ever.

So we’re not talking about jobs. When I say “outsource” in this article, it doesn’t mean turning over all of your IT to IBM or someone, a pattern I’ve never seen work out well. No, I’m talking about outsourcing specific IT services, and in many cases merely outsourcing where those services are located.

My suggestion is to look at every IT service and ask yourself a simple question: is this a unique and critical part of our business that only we do? If so, it stays in-house, and needs the brightest minds you have working on it. If not, it is a candidate for outsourcing, and you need to look at it more closely.

I’m not saying “automatically outsource it,” because the decision isn’t that simple. This first question is just the starting point.

E-mail is a great example. If you have 5,000 mailboxes, you probably have a full-time Exchange administrator. That person might make $80k a year. Taking SharePoint and Office applications out of the picture, Office 365 (well, “Exchange Online”) would cost you $20k a year. Duh. But you’d still need that $80k person, right? Well… perhaps not. See, outsourcing is often interesting in that, while you still need administrative resources, they can be stupider or less skilled. They don’t need to troubleshoot the system, patch servers, or anything like that – they just need to create mailboxes. It’s likely a $40k office assistant could do that in addition to other duties. That $80k person can then be re-tasked to do stuff that’s unique to the business and that actually requires hardcore IT skills.

(Worried about your Internet connection going down? You should be. And these days, that should be a major IT investment, not buying more servers. Redundant lines from different carriers.)

Application hosting? Perhaps you outsource it. Both Microsoft and SAP support running SAP in Azure, for example.

Active Directory? Um, maybe outsource, with on-prem local backup.

File servers? Hmm. Azure does that. Maybe you outsource it.

Heck, you can run a direct line into an Azure data center and simply host your own VMs there, and have them “on your network.” You’ve outsourced the power, air conditioning, and square footage, which won’t reduce your headcount much, but it gives you fewer things to worry about back at the office.

Point is, it’s worth asking the question. Your business, and its IT people, should be dealing with things that nobody else can do for you. Everything else – power, phone lines, coffee service, janitorial services – it should be outsourced if possible, and if it makes sense. Not because it’s cheaper, although outsourcing often works out that way in a careful comparison. No, you do it because it removes distractions, so that everyone in the business can focus on what’s important to the business.

I have one client who took this to an interesting place by splitting the IT team. Team A handled only business-specific services, like line of business applications (some of which run on outsourced VMs, but they don’t handle the VM side, just the app). Team A was seriously engaged with business leaders and workers, and everyone, every day, focused on the business’ customers. That was all they had to do. Team B handled outsourced stuff – infrastructure. Some of Team B were pretty low-end folks, handling daily add/change/delete type work; some were higher-end and managed outsourced virtualization platforms and outsourced applications. They didn’t work directly with the business much, and they were a lot easier to find and hire, because their skills are more common.

It’s an interesting approach. I promise you, the only reason more companies haven’t started down this road is because most companies are pretty poorly managed, and so they all kind of level out against each other. But they’ll figure it out. So you’re going to need to start thinking about where you’ll fit in. Neither Team A nor B is a bad choice; they’re different. Team A might get paid more, but their skills are less transferable across the industry. Team B might get paid a bit less, but they’d have skills that would be usable anywhere. Whatever you decide, start lining up your skills and resume to point you in that direction.

Why I Think SCCM Will Probably Not Survive

At TechEd 2014, I had talks with several folks about DSC versus SCCM’s configuration auditing functionality. My feeling at the time was that SCCM could easily become the tooling we need atop the DSC technology, and that Microsoft could more or less transparently migrate the SCCM auditing capability to use DSC.

They still could, but I’ve changed my mind after thinking about the bigger picture. I’m presently thinking that, long-term, SCCM as it is today doesn’t have a distant future.

There are a lot of reasons why I feel this is true, but the most compelling is probably the simplest: Microsoft could never offer “SCCM Online,” because the SCCM architecture just wouldn’t do it. That said, Microsoft does have an “SCCM Online” called InTune, which works well for them. Granted, it’s missing some of the key pieces of SCCM, but those can be added – and in “cloud candence,” that wouldn’t necessarily take long. InTune already provides the Mobile Device Management capabilities attributed to SCCM. While it might need to be supplemented with on-premises elements to reach better SCCM parity, I don’t think SCCM per se is going to fit Microsoft’s current vision.

Another problem is that SCCM is a hulking, monotlithic architectured product that just doesn’t fit in well with what the rest of MS is doing, server-wise. That’s a fuzzy statement, but it reinforces my gut feeling that MS is looking elsewhere to solve the need.

And then I look at the foundational technologies MS is releasing. DSC obviously solves part of what SCCM does, although at the moment it lacks management tooling. OneGet, coming in Windows Management Framework 5, could enable DSC to be a much more powerful software deployment tool by taking some of the heavy infrastructure out of software deployment. InTune is already geared to do things like inventorying and app deployment, and it could well take on that role for laptops in large enterprises, too – perhaps supplemented by local package repositories, to manage bandwidth better, but without the overhead of a current Distribution Point.

One area, which I discussed a lot with a fellow in my class last week, is that InTune doesn’t do bupkis for OS deployment, which is a big deal. WDS is a more-or-less-purely PXE approach to OS deployment, which isn’t always what organizations need. But from a technological perspective, OS deployment is actually an easy beast to tackle – witness the number of times Microsoft has done so. What’s hard is to come up with the right feature and workflow mix. SCCM works really well for some folks (in terms of OSD); less so for others, so there may be room for change.

InTune technologies would obviously need more scale, too, to push large companies off SCCM, but I think right now that scale is more a Microsoft product decision and less a technical limitation. InTune doesn’t presently support servers, but again, I feel that’s a product decision more than a technical limitation. Product decisions can be changed literally over a weekend – I’m not sure there are a bunch of insurmountable technical hurdles to making InTune “the answer.” And it would certainly fit Microsoft’s direction of sticking everything in the cloud and renting it to you.

Now, I think this is all pretty far off, and regardless what Microsoft does there are organizations with massive SCCM investments who will take forever to move to something else. Which is fine, if it suits their needs. But in a forward-looking way, I’m not entirely sure I’d make a massive new investment in SCCM. At the least, I’d certainly think hard about other ways Microsoft might be pointing. There’s certainly time to let the pieces on the board move around a bit more – InTune isn’t currently positioned to devastate SCCM, for example, and we’ll have a few of its product cycles to see if it does start moving that direction.

Microsoft has always had an awkward relationship with config management, so whatever happens, it’ll be interesting to see if they really nail it.

And of course I could be completely off-base :). As I said, it’ll be interesting to see. Right now MS is clearly at an odd crossroads with CM.

The Difficulty with Software Patents

There’s been a huge to-do in courts for the past several years, as numerous holders of software patents duke it out.

And software patents are, to say the least, problematic.

To really understand why, you need to understand a bit about why our patent system was originally invented. Back in the day, the citizenry was concerned that inventors would create crazy-useful inventions, but not disclose how they worked. If said inventor got hit by a bus runaway horse carriage, the country would lose out on their genius, and never be able to reproduce their invention. On the other hand, you couldn’t just demand that the inner secrets of an invention be publicly disclosed, because then everyone would rip it off. So the patent was invented (patents go back further than the US of course, but our story parallels others). The idea is, you tell the world how your doohicky works, and the government protects your right to exclusively produce it for a period of time. That way nobody can rip you off, but if you bite the big one, we still know how it works.

This entire system was predicated on a couple of things, primarily that idea that we don’t know how your patent works. We need you to tell us.

Fast-forward a couple hundred years, and we’re in a huge quagmire. At some point, the law stopped focusing patents exclusively on mechanical inventions, and starting allowing us to patent business processes. Now, I understand the reasoning: processes can take a crapload of research and development to perfect, and the inventors obviously want to protect that investment. To encourage American innovation, we agreed to protect those processes under patent law. Observing a business process makes it easy to duplicate, but the patent protects you. This was a major departure for patent law, because for the first time we weren’t worried about losing the invention. Once you’ve seen a process, you can duplicate it – unlike many mechanical inventions, which are far more intricate. So our idea of patent law changed to protecting the obvious, so that people would be encouraged to invent new things which, once invented, were obvious.

Software, as you may know, can be copyrighted, but that only protects the actual, exact source code – it doesn’t protect what the source code accomplishes, which is far more interesting. So we started allowing what the code does to be patented as a business process.

This has now become silly. Apple has a patent on their “slide to unlock” gesture. Yes, nobody had done it before. Yes, it probably took a lot of time to figure out, make elegant, and so on. Yes, we want to encourage that kind of innovation. It’s very easy to copy once you see it, so (in theory) to encourage that innovation, we have to protect it. I mean, once you’ve seen “slide to unlock,” you can implement it on your own knockoff phone in about ten seconds, negating (the argument goes) Apple’s competitive edge that they spend time and money developing.

But from a common sense perspective, it’s just silly. And the law already protects things like “trade dress,” which means you can’t make something that looks so much like a competitor’s product that consumers might be fooled into thinking you were the competitor. Trade dress lawsuits get incredibly sticky (Apple and Microsoft can attest to that, after spending a decade arguing about Mac’s and Windows’ visual similarities). But that doesn’t change the fact that software patents nearly always strike the layperson as ridiculous.

And you know what? Common sense makes sense. Software patents are ridiculous, no matter how well-intentioned, and their ridiculousness is what causes us to have courts full of nitpicky patent lawsuits all the time. Hardly a good use of our court system, really.

The ultimate problem is that we tried to take a concern – protecting software innovation – and jam it into a centuries-old “solution” that didn’t actually fit the concern. And now we’re screwed by it. We should have invented a new body of law, and we still should revisit that idea. Call it “feature protection,” and require it to be litigated by a simple jury decision. “Guys, look at these two features. If you think they’re remarkably similar, then whoever came first wins.” And that protection lasts only five years, because in software you’d better be innovating faster than that, anyway.

Never happen, of course. But it doesn’t stop the silliness of our current setup.