Paul J. Richards / AFP/Getty Images

A Google street view mapping and camera car cruises the streets of Washington, D.C.

Google has agreed to pay $7 million to settle a lawsuit filed by 37 states and the District of Columbia over the firm’s vacuuming of data from home Wi-Fi networks around the world. The settlement ends a long chain of U.S. government legal actions against Google in what has become known as the "Wi-Spy" scandal, but Google still faces numerous legal challenges in Europe and elsewhere.

Follow @RedTapeChron

Between 2008 and 2010, Google's Street View cars, designed to take detailed block-by-block pictures, had an added feature -- they collected data broadcast out of users' homes from unsecured Wi-Fi networks.  At the time, most home routers didn't come equipped with encryption by default, so the data haul was enormous, and raised numerous privacy issues.

Google has admitted its mistake, but maintained that the collection wasn't illegal because the data was collected from public locations and broadcast by the victims in plain text. Still, the episode has been embarrassing for the company, and it has repeatedly said it has implemented new procedures to prevent a similar episode.

The most disturbing part of the Wi-Spy scandal is that Google blames it on a rogue engineer, though according to an investigation conducted by the Federal Communications Commission, the engineer told others at the company about the data collection.  It's alarming to think about the privacy disasters that could be created by a rogue employee or group of employees who work inside a company with massive data collection power, like Google. The FCC fined Google $25,000 for allegedly obstructing its investigation, but took no further action against the company.

“Consumers have a right to protect their vital personal and financial information from improper and unwanted use by corporations like Google,” said New York Attorney General Schneiderman in a statement about the attorneys general settlement. “This settlement addresses privacy issues and protects the rights of people whose information was collected without their permission. My office will continue to hold corporations accountable for violating the rights of New Yorkers.” 

Google agreed to destroy the data as part of the settlement and to launch an employee privacy training program that it must continue for 10 years. 

"We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue," Google said in a statement to NBC News. "The project leaders never wanted this data, and didn't use it or even look at it. We're pleased to have worked with Connecticut Attorney General George Jepsen and the other state attorneys general to reach this agreement."

The Electronic Privacy Information Center maintains a detailed list of legal actions in the Wi-Spy scandal, including links to details on ongoing investigations around the globe.

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

• Why consumer agency must go, and why it should be saved
• Study: Facebook users want more privacy, but are nudged toward less
• Stock market gains? Not if you sold everything during the recession

If the Consumer Financial Protection Bureau disappeared tomorrow, would anyone notice?

What is expected to be a contentious Senate Banking Committee confirmation hearing Tuesday for Rich Cordray, who has been temporarily leading the bureau, offers an opportunity to examine the need for a federal agency designed to protect consumers in their financial dealings. If confirmed, Cordray gets a five-year term, but he’s certain to face a major fight from Republicans, who say the bureau is ill-conceived. We spoke to one of the agency's biggest supporters and perhaps its fiercest opponent to get some perspective. But first, a little background:

Follow @RedTapeChron

Born out of the financial crisis, the first new federal consumer protection agency since the Depression, the CFPB has had a rocky start. Republicans railed against the idea but couldn't stop Democrats from passing the financial reform legislation that created it, so instead they blocked appointment of Cordray in 2011, effectively putting the bureau into limbo. President Barack Obama then used a recess appointment to seat Cordray, setting off a battle that is still going on.

The political dispute didn't stop the bureau from shooting out the gate, however. It its 15 months of existence, it has written a host of new rules for lenders, set up a huge public database of consumer complaints and generally irritated most of the financial industry.

Many in the banking industry are still hopeful they can dismantle the CFPB, unseat Cordray and potentially undo everything the bureau has accomplished with a single court victory.

A federal court ruling in January found that another recess appointment by Obama was improper, creating the possibility that it might agree with Republicans who argue Cordray’s recess appointment was illegitimate, too. Some opponents argue that would make everything the bureau has done since his appointment void.

Expect bickering

That legal battle is still in the future, but Tuesday's confirmation hearing serves as a proxy for the fight and another chance for political posturing by both sides. There will be plenty of "Your regulations are killing jobs" vs. "Do you want a repeat of the 2008 recession?" bickering.

The discussion has potential to be a little more elevated, however, as this time the CFPB has a track record to examine.  As far as federal agencies go, it's just  a baby. But as long as we're fighting about it, it’s worth asking what the CFPB has done to prove its worth. 

In one corner ...

Todd J. Zywicki, a law professor at George Mason University with expertise in bankruptcy and contracts, says the CFPB has become exactly the monster he predicted three years ago when Congress debated its creation.

"It's turned out to be an extremely political agency,” he said. “... It's turned out to be really aggressive and arrogant in the way it behaves.”

When one of Obama’s recess appointments was invalidated, the agency response was "typical,” he said.

"They said that ruling doesn't apply to us,” Zywicki said. “What that shows is an agency that is very arrogant and out of control.”

The CFPB has unusual power among federal agencies. Unlike the Federal Trade Commission, the Federal Communications Commission and other agencies which are run by members of a commission with mixed political affiliations, the CFPB has a single agency head. It also does not have to submit its annual budget for congressional review the way other regulators must.

"They've created an unaccountable super-regulator that can and has acted as a highly political agency," Zywicki said. "If the CFPB were to go away tomorrow, it would be a boon for consumers and the economy."

Zywicki's most specific concern about the agency before its creation was that it would hurt lenders, and therefore hurt  consumers who were trying to borrow money. That has happened, he said.

"Our concern from the beginning was that it would act in a manner that would restrict credit and hurt the economy," he said. "Look at its rules on qualifying for mortgages (which impose stricter requirements on borrowers). ... It's stifling innovation (by banks) and restricting consumer choices."

He also said that the agency's new rules are disproportionately impacting the nation's smaller banks, which have smaller legal staffs to deal with them.  

"Because of the massive regulatory burden it is imposing on the economy, (the agency) is promoting a consolidation of the banking industry" by burdening small banks, Zywicki said. He could not point to a bank that closed or was sold because of CFPB rules but said that smaller community banks across the country are consistently complaining about the rules.  "It's the overall effect of regulations," he said. "It's not just the CFPB, but it is piling on."

And in the other ...

Taking the opposing view is Ed Mierzwinski, consumer program director for the consumer advocacy agency Public Interest Research Group and a vocal supporter of the CFPB creation and of Cordray. He gives the agency an "A-minus" for its work so far and has no trouble rattling off a list of accomplishments in its short life. Among them, he said, the bureau has:

• Successfully brought enforcement cases against three large credit card issuers for allegedly unfairly "upselling" products such as credit card insurance, and returned $400 million to 6 million U.S. consumers after a settlement.
• Created new mortgage disclosure documents, promoted awareness among college students about school loan debt and launched a separate effort to protect soldiers and veterans from predatory lenders, all through its “Know Before You Owe” program.
• Become the first federal agency to supervise so-called “non-bank banks” and begun to focus on products such as payday loans, title loans and other non-traditional borrowing products, as well as private student lenders.
• Worked to increase transparency, including creation of a public disclosure website that lists consumer complaints and, unlike similar databases at other agencies, allows anyone to browse the complaints, including information on the companies targeted.  Agencies such as the Federal Trade Commission do not make complaints pubic.

"The CFPB data allows (observers) to rank the companies involved. No one wants to be No. 1 on that list," Mierzwinski said. Public shaming is an effective regulatory tool, he argued, one that hasn't been used by other agencies.

When asked about the theoretical possibility that the agency could disappear, Mierzwinski said consumers would lose the benefit of actions he expects in the next 15 months, specifically related to the CFPB's recently acquired new power to regulate credit bureaus and debt collectors.

"The FTC never had the tools to go after them,” he said. “... Now for the first time, a federal agency can go into the credit bureaus and debt collectors and say, 'Show me your books.'"

Mierzwinski said the FTC has never held the credit bureaus financially accountable for credit report errors and predicted CFPB enforcement would lead to more accurate credit reports.

In a more general way, he says enforcement actions and additional regulatory oversight help all consumers, even if they haven't received a refund check based on a bureau lawsuit.

"I'm convinced that many banks eliminated those kinds of practices," such as selling credit card insurance, after a CFPB lawsuit,” he said.  "So going forward, you will see fewer unfair offers from banks. ... If you have a mortgage, going forward your servicing rules will be fairer."

Mierzwinski’s chief argument for preserving the CFPB: All other banking regulators are charged with simultaneously protecting the safety and soundness of banks on one hand, while mandating fairness to consumers on the other. That's why, for example, excessive overdraft fees were allowed for years -- when regulators weighed the interests of making banks profitable against treating consumers fairly, they often chose the former. 

"They had a conflict of interest ... and often sided with bank safety over consumer protection," Mierzwinski said.

Zywicki, the CFPB critic, said he isn't fundamentally opposed to a consumer protection agency focused on financial products, but he says he believes evidence shows that Cordray's agency is acting recklessly.

"They made a political decision that the entire financial crisis was a consumer protection problem, ignoring evidence that there were other causes," he said. "I see no indication to date that they have a serious understanding of economics or unintended consequences. Sure, there are concerns about these products. People misuse mortgages. But their behavior to date raises questions about how seriously they take economic evidence."

He disagreed that payday and other non-traditional lenders had slipped through regulatory cracks before creation of the CFPB -- they were regulated at the state level, he noted. And even in this area, he said he was concerned about the new agency's actions against high-interest lenders. 

"The concern is the same, that they will blunder based on their belief in what's going on, rather than use sound economic science,” he said. “By over-regulating those products, they could drive them out of business and could end up hurting consumers. ... Before we had alternative lending products ... we had loan sharking. We could end up there again."

It works, or it doesn't

While Zywicki wouldn't mind a dismantling of the agency, his preference would be a radical restructuring, with Corday replaced by a slate of mixed-party commissioners with less power.

"The optimal solution is a more accountable, more reasonably constructed agency along the lines of the FTC," he said. "We've been doing independent regulatory agencies for a century, and we know what works."

But Mierzwinski said the housing bubble and the recession show that the system that was in place didn't work, and says he fears that a diluted CFPB wouldn’t be able to take firm action against the powerful financial services industry.

"We would lose … the one regulator that has protecting consumers as its only job," he said. "Payday lenders could run roughshod over American consumers again without the CFPB, and credit bureaus wouldn't be brought into line."

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

Facebook, real world data brokers team up to pick online ads for you

One latte away from millions? Don't bank on it, author says

ID theft on the rise again: 12.6 million victims in 2012, study shows

What impact will Facebook's new redesign have on users' privacy? It's far too soon to tell, but a study published this week by Carnegie-Mellon University suggests that prior design changes to the social media site have nudged users into sharing more information than they want to. 

The long-term study, which followed thousands of Facebook users and their privacy choices over seven years, found that users steadily shared less information with strangers over time. But it also found that they shared more with friends, which ultimately means they shared more with Facebook and third parties like app developers, which the researchers call "silent listeners."

Follow @RedTapeChron

"People are trying to reveal less publicly ... but in fact are disclosing more to these silent listeners," report author Alessandro Acquisti told NBC News, adding that the research is the first so-called “longitudinal study” to examine Facebook user behavior.

There was one sudden reversal in the trend toward more privacy-centric choices in 2009-10, during which users who had been sharing less suddenly began sharing more, the study found. The reversal corresponded to major changes in Facebook's design.

"These findings highlight the tension between privacy choices as expressions of individual subjective preferences, and the role of the environment in shaping those choices," the report says.

Facebook had an entirely different interpretation of the data produced by the researchers.

"Independent research has verified that the vast majority of the people on Facebook are engaging with and using our straightforward and powerful privacy tools, allowing them to control what they're sharing, and with whom they're sharing,” the firm said in a statement. It would not answer additional questions about the study on the record.

Acquisti, along with fellow authors Ralph Gross and Fred Stuzman, examined the public sharing habits of 5,000 Carnegie Mellon students between 2005-2011, focusing on how frequently they posted information that any stranger could see, such as birthday, high school, political affiliation, phone, address and interests. The trend lines on open sharing of personal information like birthday and political affiliation fell steadily over the course of the study. For example, those sharing birthday information sank from 86 percent to 13 percent. 

But for other items, public sharing ticked up in 2010. The percentage of those telling the world their hometown, for example, shrank steadily until 2010, when the percentage nearly tripled, from 13 percent to 33 percent.  Those sharing their high school, address, or the favorite music and movies jumped similarly.

The authors argue that Facebook's introduction of additional privacy controls during this time actually led to consumers oversharing. Facebook also introduced pages that could be “liked,” which were linked to users’ interests, schools and other information. Links to these pages were public, by default, increasing the amount of information users shared.

"Through the addition of highly granular privacy controls, Facebook argued that individuals would be better able to share information with audiences of their choice. However, Facebook's new privacy interface proved to be confusing to users, resulting in public retractions and updates by the company," the report said. “Changes implemented by Facebook … countered privacy-seeking behavior by arresting and in some cases inverting the trend.”

Carnegie Mellon University

Charts of user information disclosure.

The report’s main finding, however, is that there are two equal but opposite trends on Facebook – users trying to share less with strangers, but also sharing more with friends and, as a result, more with Facebook and its partners.

Information shared on Facebook with friends, but not with the general public, is also shared with Facebook, which may choose to release the information to law enforcement or other entities in the future, the authors argue. Such data is also shared with third-party app creators when they obtain a one-time consent from users.

“Users aren’t reminded every time they share something with friends that they might be sharing it with an app, too,” Acquisti said.

The data is also indirectly shared with advertisers. Firms that advertise on Facebook through programs such as its new “custom audiences” platform do not receive personally identifiable information about users, but can target groups of users with particular characteristics, such as new young mothers in California.

“The fact that advertisers don't get direct access to the data is some protection, but it does not change the reality that advertisers can indirectly get at you through the data you are revealing about yourself on Facebook,” Acquisti said. “Is your privacy violated only when someone gets your name and birthdate, or if they know you are pregnant and try to send you advertisements that use this information?”

Jules Polonetsky, director of the Future of Privacy Forum, a privacy-related think tank that is supported by corporations, said he saw more positive than negative in the Carnegie-Mellon report.

“I think the most interesting thing about the report is that it shows that Facebook started out as a very public place, and over time it evolved into a place where you primarily share things with your friends, and that's a good thing,” he said. 

He disagreed with the description of third-party app developers as “silent listeners,” noting that users give permissions to apps so they can automate tasks that they could do manually, such as finding out if a friend is playing “Worlds with Friends.” He also said that Facebook is doing a good job at keeping advertisers at arm’s length from the data it has on users, and the firm has learned that it doesn’t need to nudge users into oversharing to make them useful to advertisers.

“Ironically, the success of their advertising model may be dependent on more people doing more and more, and sharing more, but doing it privately,” he said. “The sweet spot Facebook has started finding is users don’t need to share things publicly for it to be able to monetize them in an advertising-supported network.”

The crux of the debate lies along this razor’s edge: Just how private is information shared privately with Facebook? And are users being induced to share more than they want to?

In previous studies, Acquisti’s research has shown that more granular privacy controls actually encourage users to share more information about themselves, and they can also distract users from noticing important privacy choices. He calls this the “paradox of control.”  

“I don’t want to say it’s a seduction, but you could call it a nudge,” he said. “…The consequence of providing granular control settings is that users become more comfortable with revealing more and more sensitive data. People focus when they are about to put up a new post on whether they want to share that with friends or friends of friends. But you don’t get the option to say, ‘I don’t want Facebook to see this, or I don’t want a third-party app to see this.’”

*Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

 Facebook, real world data brokers team up to pick online ads for you

One latte away from millions? Don't bank on it, author says

ID theft on the rise again: 12.6 million victims in 2012, study shows

Plenty of investors are celebrating as the Dow Industrial Average set a record on Tuesday … but some Americans aren’t invited to the party.

Families who were forced to raid their retirement savings during the recession because of unemployment lost more than the money they withdrew.

The Dow has more than doubled since the low point of the 2008 recession. But families like Jacquelyn and Chris Goss, both in their mid-40s, have missed out on all of that.

The Gosses, who live in Point Pleasant, N.J., aren't doing badly. But they aren't doing well, either. 

The couple has three children and a mortgage, and despite Chris's new job, the family still seems to run out of money before the end of every month.

"Compared to many couples our age we are very fortunate, but I am always kind of surprised that we are not further ahead or even remotely where we thought we would be by now," Jacquelyn said recently, writing to the Red Tape Chronicles to ask for help with her family's finances. 

Adding to their financial anxiety -- Chris was out of work last year, and they raided their retirement accounts to survive.

Staring at three potential college students and still paying off Jacquelyn's student loans, they have no idea how they can even start saving for their retirement.

"I can never understand why no matter how much you make … every raise, promotion … never seems to make a difference," she wrote. "As you can see, we could use some guidance."

Click play above to see their story, and discover some of the ways we discussed putting their family on more solid financial footing.

*Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

• Facebook, real world data brokers team up to pick online ads for you
• One latte away from millions? Don't bank on it, author says
• ID theft on the rise again: 12.6 million victims in 2012, study shows

Desperate consumers who are out of borrowing options are using their automobiles as collateral and paying $3.5 billion a year in interest for the so-called "title loans," the Center for Responsible Lending said in a report issued this week.  The average loan is $950, and borrowers take on average 10 months to repay the loans, meaning they'll spend $2,140 to borrow the money, the report said.

The size of the title loan market is roughly equal to the size of the payday loan market, which has received far more attention from regulators, according to the report. Title loans are only allowed in roughly half of U.S. states, making the size of the market even more surprising, said report author Uriah King.

"The market size is comparable because of the sheer size of the title loans," said King, adding that title loans are, on average, roughly three times larger than payday loans: Some 7,730 lenders make $1.6 billion in title loans annually, the group estimates.

The consumer group estimated the size of the market, and drew other conclusions about title loans, based on loan-level data from a lender made public as the result a lawsuit filed against the industry.

Aggressive late-night television ads pitch title loans as a solution for consumers who find themselves needing short-term loans but can't use standard options, such as credit cards. Generally, consumers can borrow up to 26 percent of the assessed value of their car, which they must own free and clear. Loans are often issued at 25 percent interest per month: In other words, it costs $250 to borrow $1,000 for a month.  The risk, of course, is that borrowers can lose their cars to repossession if they default. Borrowers must often leave a copy of their car key with the lender to make repossession easy.

Another unique and concerning characteristic of title loans: Issuers often don't make any assessment of a borrower's ability to repay the loan.  In fact, some brag in advertisements that they don't run credit checks, and borrowers don't need to prove employment to obtain the loans. 

To lenders, there is almost no risk in the loans, because they are "completely collateralized," King said.  Borrowers are highly motivated to repay the loan because their automobiles are usually their most valuable piece of property – most borrowers are renters -- and cars are needed for transportation to work. 

Repossession, which costs an additional $300 to $400 in fees, means outstanding loans nearly always are repaid.

"This is a loan of virtually no risk," King said. "I heard one branch manager say these are 'all blue sky' loans, because as soon as one interest payment is made, the rest is all (profit)."

Title loans, like payday loans, have long fallen into a gray area for regulators because they are non-traditional, short-term lending products. Until the creation of the Consumer Financial Protection Bureau (CFPB), lenders did not have to answer to federal lending regulators and were governed only by state laws. When the CFPB was created, its regulatory powers were extended to such short-term loan instruments.

Payday lenders argue that annual percentage rates and other standard loan measures are unfairly applied to their product because consumers often borrow money for only a few weeks.  So expressing a $20 fee for a two-week $200 loan as having a 2000 percent APR, for example, doesn't fairly represent the true cost of the lending product, they say.

However, the Pew Center for the States reported recently that the average payday borrower takes five months to repay a loan, arguing that annual percentage interest rates are indeed relevant to assessing those loans. 

There is no such debate in title loans, however, King argues, because of the size of the loans.

"There's no way this loan is getting repaid in a month, it's just not going to happen," he said. "A lot of middle-class families would struggle to pay off a $1,200 loan (average interest plus principal) in a month." Instead, the loans typically are renewed each month for an average of 10 months, he said.

Calls and e-mails to the two top title loan issuers, Title Max and Loan Max, went unanswered. On its website, Title Max says it has more than 1,000 title lending stores across 12 states and provides car title loans to more than 2,000 people daily,

A chat operator for TitleMax said she would pass on NBC News' inquiry to officials at the company.

"I have done all that I can do. This is the sales chat, like I have stated before. Your best option would be to contact customer care all I can do is pass this information to them," said the operator, who identified herself as "Tiffany."  Calls to customer service went unanswered.

The title loan industry set up a trade group and political action committee, the American Association of Responsible Auto Lenders, several years ago to champion its product. The group's website is no longer functional, and calls to former board members went unanswered.  It did submit a public comment in 2011 to the Consumer Financial Protection Bureau, arguing against that agency's intentions to regulate the industry. A copy of the comment letter was provided to NBC News by the Center for Responsible Lending.

In the letter, the group argues that title loans are a good alternative for consumers who can't borrow money from other sources.

"Our customers prefer auto title loans to alternatives such as overdraft fees, bounced check fees or late fees that may also have negative credit consequences," said the association.

The letter claimed that 1 million consumers obtain title loans worth $6 billion annually, but also said the industry was substantially smaller than the payday loan business, which it pegged at $38 billion annually. The size of the payday loan industry is disputed because of how consumer groups and industry groups count recurring loans.

The association said the average title loan was under $1,000, and was typically repaid in six months. 

"Auto title loans are often the only legitimate option that individual and small business owners have, since in many cases their low credit scores would exclude  them from doing business with commercial banks and credit unions even if these institutions were willing to lend in the amounts typically sought by auto title borrowers," the association wrote.

It also argued that only 6 to 8 percent of cars used as title loan collateral are repossessed. The Center for Responsible Lending reported that nearly 17 percent of title loan customers face repossession fees. King said it has no way of knowing how many of those cars are ultimately repossessed.

"I'm actually surprised that repossessions aren't higher," King said.

The Center for Responsible Lending argues that title loan firms should be required to assess borrowers’ ability to repay before issuing loans, and that interest rates be capped at 36 percent.

 *Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

• Facebook, real world data brokers team up to pick online ads for you
• One latte away from millions? Don't bank on it, author says
• ID theft on the rise again: 12.6 million victims in 2012, study shows

Kevin Mandia has "kicked the hornet's nest." Now, he's waiting to see what the consequences might be.

Mandia's computer security firm, Mandiant Corp., issued a blockbuster report nine days ago accusing the Chinese military of supporting hacker attacks into perhaps thousands of U.S. businesses.

Accusations of nation-state-sponsored hacking are nothing new, but Mandiant provided the most specific and detailed account of computer espionage that the security world has seen to this point. In it, the firm chronicled 141 attacks and even produced a short video allowing observers to watch an attack unfold in real time.

Mandia said his researchers have spent years observing hackers operating from inside an office building in Shanghai as they repeatedly raided his U.S. clients' computer systems, stealing intellectual property.  Now, his small company of 300 awaits the consequences. He expects cyber-retribution. Already, he said Thursday in an exclusive interview with NBC News, someone has tried to "spear phish" his employees, sending booby-trapped emails designed to give the attacker control of Mandiant computer systems.  Also, within hours of the report, Mandia said, Chinese officials scrambled to hide their tracks, changing registration information for websites listed in the report and taking computers allegedly used in the attacks offline.

Mandia agreed to be interviewed  after presenting at the RSA computer security conference in San Francisco, an annual gathering of more than 20,000 experts from around the world. Mandia's speech was a hot ticket; he spoke to a packed audience who applauded several times when he explained that it was time for a U.S. firm to publicly connect the dots and directly accuse the Chinese government of sponsoring attacks on U.S. firms.

So far, the Chinese government has publicly dismissed the report, saying it provides no evidence of state-sponsored attacks. And on Thursday, the Chinese Defense Ministry pushed back, saying that Chinese defense websites are routinely attacked -- 144,000 times monthly -- by computer intruders, many of them based in the U.S.

Long theorized and discussed in hushed, speculative terms, state-sponsored cyberwarfare is now openly discussed at security gatherings like RSA.  The 2009 Stuxnet attack on Iranian nuclear facilities, believed to have been orchestrated by U.S. and Israeli experts, was perhaps the first public blow in the increasingly cold cyberwar, but even that attack had its origins in research conducted years earlier. Researchers from Symantec Corp . released a paper this week at RSA saying they have found the first version of Stuxnet dates back to 2005, and that it was designed with even broader attack capabilities.

China's alleged hacking and stealing of U.S. corporate secrets will have serious impacts on the American economy, Mandia said, which is why he felt it was time to make public accusations and "kick the hornet's nest."

"The goal is for the Chinese to get somewhere faster economically. ... They may have shortcut 10 years out of their economic cycle," he said. "... We're going to see the impact emerging. ... It may cause job loss, it may cause loss of (intellectual property), it may cause trade tariffs, it may cause diplomatic headaches."

Watch the rest of the Kevin Mandia interview by clicking “play” above.

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

• Facebook, real world data brokers team up to pick online ads for you
• One latte away from millions? Don't bank on it, author says
• ID theft on the rise again: 12.6 million victims in 2012, study shows

The offline and online data collection worlds are about to collide as never before. Facebook will soon announce partnerships with Axciom, Epsilon and Datalogix, three real-world data marketing giants with access to billions of pieces of information about Americans’ shopping habits, according to a person familiar with the deal.

Follow @RedTapeChron

Facebook will not share its users' data with these firms, said the source, speaking on condition of anonymity. Instead, it will allow advertising clients to enlist the help of offline data to deliver targeted Facebook advertising, the source said.  A supermarket loyalty card user, for example, might see Facebook ads that reflect their grocery-buying habits.

Facebook will use added security features to make sure data doesn't flow between it and the database firms, and that matches will be made using a technique that makes individual consumers blind to the companies involved, the source said.  The source requested anonymity because she was not authorized to speak on the record about the deal.

Still, the marriage of real-world and virtual databases has some privacy advocates nervous.

“There needs to be limits on Facebook's growing use of outside data broker information so its users can be targeted by marketers," said Jeff Chester of the Center for Digital Democracy.  "Companies like Acxiom, etc., contain vast stores of details about us, including online and offline information."

Pam Erlichman, spokeswoman for Datalogix, confirmed in an e-mail that her firm “is participating” in a new advertising partnership with Facebook, but directed additional questions to Facebook. Axciom also referred all questions about the deal to Facebook. Epsilon did not immediately respond to requests for information about the deal, which was first reported in AdAge. A spokeswoman for Facebook said she would not comment on the report.

Data brokers Acxiom, Epsilon and Datalogix already use their vast records -- which include e-mail lists, grocery store shopping habits, and much more -- to send highly targeted junk mail and other kinds of advertisements to consumers. Increasingly, these firms have tried to sell their market intelligence online. In a recent brochure, Datalogix  makes its case for merging the two worlds:

"Why are offline transactions relevant online? Because they’re a more predictive indicator of intent rather than banner ad clicks. Too often, marketers view click-throughs as response data. But a click-through is not a sale," it says.

This isn't the first time Facebook has partnered with Datalogix; the social media firm announced last fall that it was conducting research with Datalogix to show that Facebook ads actually encouraged offline purchases.  Through that arrangement, Datalogix is tracking groups of Facebook users who were also in its database to see if those who saw certain kinds of Facebook ads were motivated to make later purchases at grocery stores. Facebook was unable to identify individual consumer purchases through the research , the firm said at the time, but was able to see if ads were, in aggregate, effective in getting shoppers to buy grocery items.

Here’s how the data sharing will work, according to the source: Epsilon, Datalogix and Axciom will upload lists of customers to Facebook, tagged through email addresses or phone numbers. Facebook will then find matches among its users, and create what it calls “custom audiences.” These can be narrowly focused –18- to 24-year-olds in California who drink cola, for example.  Then, these audiences can be targeted with precise softdrink ads.

Facebook will not know the identity of these consumers, however, because the data it receives from its partners will be scrambled, or “hashed,” preserving their privacy.  No data will change hands, said the source.

Rainey Reitman, a privacy expert with the Electronic Frontier Foundation, did a deep dive through the data that was shared between Datalogix and Facebook last fall.

Reitman said that on the surface, she saw no new privacy issues raised from extending the Facebook-Datalogix partnership, as long as Facebook continued to insure that user information wasn't flowing out of the company to its new partners.

"Facebook is holding onto its data quite carefully," she said. "It has a financial interest in doing so ... and that should help protect users' privacy."  She was concerned that loyalty card users might be surprised to find their information can find its way into a Facebook advertising formula, however.

Another privacy expert, Larry Ponemon of research firm The Ponemon Institute, said he didn't think privacy issues were inevitable in the deal -- "more-targeted ads could be a good thing for users," he said. But he cautioned that regulators and consumers should be very skeptical of any broad link-ups between online, and offline data, as they have in the past.

"This is what got DoubleClick in trouble with Abacus Direct," Ponemon said, pointing to the now-infamous advertising deal struck in 1999 that was eventually scuttled because regulators concerned about the ad network's ability to track users through cyberspace and in the real world through technology. "What's changed? Perhaps Facebook will never have custody of the data the way they are doing it, they are one or two steps removed, but how does that affect the privacy issue?" 

Ponemon says that consumer expectation is often the forgotten element in attacks on privacy, and he's concerned about that happening if Facebook has access -- however obscured -- to grocery store loyalty card records or similar data.

"When a person signs up at Giant so they can get milk at market price, they are not thinking that information is now going to be linked to their Facebook account," he said. "It seems like there's this trend to have mega-databases, and all these things working together in constant harmony, but the problem we have is we haven't thought through the potential privacy risks."

The main concern, he said, is that mega-data collectors like Facebook and Axciom could join forces and build "the ultimate dossier" on consumers.

"Could this lead to the disintegration of our privacy rights, or is it just another creative way of serving an ad?  We'll have to see in the details," he said. 

Chester, from the Center for Digital Democracy, said it was important for consumers to know their rights when such databases are shared, adding that is also is important for consumers to be given ample opportunity to opt out of the sharing.

“Companies like Facebook want to pool more information together to essentially enable it to know what its users are doing on their mobile phones, such as when shopping,” he said.  “(Privacy advocates) believe that Facebook users should have the power to decide what information can be used to profile and target them--especially when it comes from these powerful storehouses containing what we do, who we are.”

Users can opt out of Datalogix online digital advertising by visiting the firm’s privacy page and clicking under the section labeled “Choice.”

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

• 'Privacy tax' creator makes his case, says software is 'eating the world'
• Death of the price tag: Stolen from us too soon
• FTC: 5 percent of credit reports contain 'serious' errors that cost consumers

Helaine Olen has begun an important discussion in the world of money: Is anybody's advice worth paying for?

The author's new book, “Pound Foolish: Exposing the Dark Side of the Personal Finance Industry,” has rattled quite a few cages since it was published in January. It's also gotten a lot of attention, including glowing praise from The Economist. We sat down with Olen at our studio in 30 Rockefeller Plaza recently. (You can watch the interview by clicking “play” above.)

Follow @RedTapeChron

Olen points out the folly of simplistic mass-market advice, such as the notion that forgoing a latte every day will make one a millionaire by retirement. She's an equal-opportunity critic, poking fun at everyone from late-night TV stock pickers, to financial gurus who make millions writing books, to newspaper business reporters who have no credentials for doling out advice.

In fact, that's how Olen started her career -- writing "Money Makeover" columns for the Los Angeles Times, where she matched up eager consumers with even more eager finance wizards, and described the advice that was doled out. Ten years on, these stories still gnawed at Olen, as she wondered if the consumers were genuinely helped by the advice. Her book's most telling moments detail meetings with these sympathetic characters, who unsurprisingly have not fared better after hearing the normally high-priced money wisdom.

Olen gets some cheap laughs by going back in time and showing mistakes made by financial prognosticators -- citing Suze Orman's advice to her fans that real estate was the best investment. But something more nefarious is at play in American culture, Olen says, when the myth of the latte millionaire persists. The subtle message from many financial gurus is that consumers simply have to suck it up a little, ditch the extravagances and everything will be fine. That's just not true, she argues.

"We believe very deeply in this country in the myth of Horatio Alger, which is ... this idea that we can do it all by ourselves," she said. "And that's just not true." Harsh economic realities, such as skyrocketing housing and health care costs, play a bigger role in our financial future than our ability to skip pricey coffee, Olen says.

It's undeniable that much personal finance advice is overly simplistic. But it's also undeniable that Americans are terrible at math, and many don't want to take even the simplest steps at improving their financial futures. So it may not be fair to criticize those who give simple advice to consumers who seem to want it. And behavioral economists have produced research for years showing that financial education doesn't do much good anyway, because people tend to take the path of least resistance when making decisions on 401(k)s, mortgages and so on. They prefer nudges from companies and governments, such as automated enrollment in the most beneficial retirement plans. 

What's the harm if financial gurus provide that nudge of inspiration to pay down debt or build up savings for someone who otherwise might not act? Olen didn't have a good answer. Still, her critique is eye-opening, particularly when readers are confronted with tale after tale of advice gone bad. 

Taken as a whole, “Pound Foolish” is a good reminder that you are as qualified as anyone else to control your financial future. As the saying goes, if you want something done right, you should do it yourself. You'll be saving a lot of money in the process, too.

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

 ID theft on the rise again: 12.6 million victims in 2012, study shows

'Privacy tax' creator makes his case, says software is 'eating the world'

Death of the price tag: Stolen from us too soon

Identity theft is on the rise again, says a new industry-sponsored study, reversing a promising two-year trend. 

Follow @RedTapeChron

Some 12.6 million Americans were victimized by ID theft in 2012, the second-highest total since the Federal Trade Commission began counting victims in 2003  and roughly 1 million more than 2011, according to the survey by Javelin Strategy and Research. The record – 13.9 million victims – was set in 2009.  

The criminals made off with $3 billion more than in 2011, as well.  Overall, slightly more than 1 in 20 consumers -- 5.26 percent -- were victims last year, the survey found.

A large portion of the increase was driven by "dramatic jumps" in more-serious forms of ID theft, such as new account fraud, where a criminal uses a victim's personal information to open new credit cards or other kinds of loans. New account fraud jumped 50 percent last year, according to the report, with the total fraud loss doubling year over year to just under $10 billion

"I don't think (the data) shows that banks are losing control," said Jim Van Dyke, author of the study, when asked about the significance of the new data. "But it's really wise to look at where we haven't gotten anything under control, and that's new account fraud."

The news comes amid a cascade of hacker stories this week, giving the impression computer criminals are gaining the upper hand on many fronts.  Agents working on behalf of the Chinese army have successfully attacked dozens of U.S. companies, according to a report issued Tuesday by U.S. security firm Mandiant.  Large U.S. media companies have also fought off Chinese hackers, and not always successfully, according to several reports. Burger King and Jeep suffered embarrassing Twitter account takeovers. And both Twitter and Facebook have had to announce in recent weeks that they had been hacked.

Javelin's data is based on telephone surveys of U.S. adults, with consumers self-reporting details of their ID theft to survey takers and results extrapolated from their answers. The precision of such data can be questioned, but Javelin has used the same techniques for eight years, making year-to-year observations informative. The same technique was used by the FTC in 2003 when it initially reported the size of the identity theft problem as required by Congress.

The survey was sponsored by CitiGroup, Visa, and Intersections LLC, which provides identity theft prevention services to consumers.  Van Dyke says the sponsors were not involved in tabulation, analysis or reporting of the results.

Bank security analyst Avivah Litan of the security consultant firm Gartner, who has run her own ID theft victim surveys in the past, said the Javelin survey's results are consistent with what she's heard from bank security officials.

"Even in an age of cyberespionage and advanced targeted attacks, good old-fashioned consumer identity theft continues to escalate," Litan said. "It's highly unfortunate that even after all this time and effort by banks regulators high tech entrepreneurs and law enforcement that the bad guys are still coming out ahead. It's high time that we put more intelligent efforts into winning this cyberwar, whether it’s against amateur identity thieves or foreign infiltrators."

Other interesting findings from the Javelin report:

*Consumers who received "breach" notifications from companies indicating their personal data had been compromised were much more likely than others to be victims of ID theft.  And that trend is rising. In 2011, 1 in 5 recipients were victims; and last year, the likelihood increased to 1 in 4. 

*Fraud victims living below the poverty line were more than twice as likely to know their imposter personally -- so-called "familiar fraud" -- than wealthier consumers. The survey found that 29 percent of poor victims knew their imposter vs. 12 percent of those living above the poverty line.

*It's important to note that despite the rise in new account fraud, simple credit card fraud still accounts for about two-thirds of all ID theft. Those victims had a relatively easy time fixing the problem, reporting an average of 11 hours of disruption. On the other hand, 51 percent of victims of "account-takeover fraud," which allows criminals to withdraw funds from existing checking accounts and run similar schemes, said their lives were "severely impacted" and they spent an average of 37 hours resolving their frauds.

Van Dyke also pointed out there are hidden victims in ID theft, in addition to banks and consumers who lose money.  Among consumers who were victims of fraud, 15 percent said they reacted by avoiding online retailers, and half of that group specifically avoided small retailers. Only 8 percent of that group said they avoided large merchants after a fraud.

"Small online merchants are really being singled out," he said.  In other words, they are hit both by fraud, and by lost sales due to the impression of risk created by fraud. "Consumers are very sympathetic to small merchants, but when you see this lack of trust play out, it underscores how significant the problem is and how important it is that we deal with it.”

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

• 'Privacy tax' creator makes his case, says software is 'eating the world'
• Death of the price tag: Stolen from us too soon
• FTC: 5 percent of credit reports contain 'serious' errors that cost consumers

Antoine Duhamel / www.archi-photo.fr

Nicolas Colin

If you aren’t paying for the product, you are the product.

Internet users know this implicitly; there are no free apps, no free search engines. Instead, users trade their information in exchange for some service, vaguely aware that the company’s side of the bargain is free access to data it can turn into profit.  Some consumers get angry at the notion they provide free labor and raw materials to some of the world’s largest and richest companies, but Nicolas Colin thinks people should be a whole lot angrier. In fact, he believes that “software is eating the world.”

Colin, a tax inspector for the Ministry of the Economy and Finance in France, believes that corporations have turned the Digital Age into a massive tax haven which dwarfs anything high-priced accountants have ever pulled off in places like the Cayman Islands. His beef: Corporations don’t pay a penny in taxes on all that free labor.  In other words, not only are you are the product, but you’re also paying for all the roads, fiber-optic lines and airports that digitally dependent corporations need to get rich.

Colin caused a stir last month when he co-authored a report for the French government recommending what some have called a “privacy tax” – essentially a mechanism to punish companies that profit from misuse of consumer data. The idea of a new tax based on something seemingly so vague went over like a lead balloon in many quarters.

Follow @RedTapeChron

But Colin’s idea is far broader, and has wide multinational implications. He wants to change the fundamentals of how taxes are levied, a step every bit as radical as the invention of income or sales taxes. 

He wants to tax data.

While new taxes aren’t exactly popular these days, the Red Tape Chronicles decided to hear him out.

Colin’s proposal begins with the notion that, like it or not, we are all part of the supply chain now.

“What we do leaves traces, generates data. This data can be leveraged to create value,” he told NBC News during an extended interview via email. "If you want to create value, you can either hire employees, contract on the market or design an application that will attract millions of users and will turn their activity into economic value -- make them part of the supply chain.”

In a strange reversal of fortune resulting from this new business model, Colin said, labor now happens in rich, giant Western nations while profits are counted in smaller, tax-friendly places. 

With millions of unpaid laborers around the world helping to make your product, the notion of place has become less and less important in terms of taxation, he argues

“Digital technology has moved value creation from inside the factory to the customers' hands and brains,” he said. “Value is now co-created by companies and the people who use their applications. This has consequences on corporate tax, because it changes the geography of value creation. It's not where the factories are anymore, it's where the users are.  … Many authors have written on this phenomenon. Each has his own phrase to describe it : Web 2.0, co-creation, crowdsourcing, peer production, distributed capitalism, wikinomics, etc. But there's really one reality: In the digital economy, users create part of the value alongside employees, contractors, capital, and companies' assets.”

Governments can’t tax worker income, or levy company payroll taxes, when the “workers” aren’t paid. And they can’t charge sales taxes for products which are given away for free.  The situation creates quite a dilemma for taxation authorities, and it will ultimately have devastating consequences for society, Colin predicts.

“Tax base erosion will happen in each sector disrupted by the digital economy,” he said. “Yesterday it was advertising, entertainment, retail, travel. Tomorrow it will be banking, health care, cars, telecommunications, manufacturing, higher education. The law must change quickly, because software is eating the world.”

So what is to be done? Rich nations must negotiate and agree on a new concept of “permanent establishment” which defines where companies operate and therefore are subject to taxation, he argues. 

His basic notion: “There should be a permanent establishment wherever a company collects data to fuel a service provided on the same territory.”

The French proposal comes amid growing frustration among French lawmakers with their inability to collect taxes from large, digital companies like Google, which generated $2 billion in advertising in France last year but paid almost no taxes there. France has already tried an ill-fated “link tax” in an attempt to support local publishers who fear they are losing money because of the search engine’s free links. 

Google issued a statement last month saying it was researching the French proposal.  Google did not immediately respond to requests for more information about its tax payments in France or about Colin’s proposal.

But last week, CEO Eric Schmidt wrote a blog post describing two new France -friendly Google initiatives.

“Today I announced … two new initiatives to help stimulate innovation and increase revenues for French publishers,” he wrote. “First, Google has agreed to create a … Digital Publishing Innovation Fund to help support transformative digital publishing initiatives for French readers. Second, Google will deepen our partnership with French publishers to help increase their online revenues using our advertising technology.”

Not quite the radical shift in taxation policy Colin and his supporters are looking for. He makes a forceful case for the inequity of free, and untaxed, labor online. 

“You can replace employees and contractors with users of an application, and these users work for pleasure, not for money,” he said.  “So it's free -- well, almost free, because the marginal cost of a user is practically equal to zero in the digital economy. … Using those applications, French people contribute to profits made by foreign companies, yet those companies don't pay the taxes necessary to cover the public expenses that help fuel this value creation.”

He pointed to a popular speech made by Sen. Elizabeth Warren, D-Mass., during her campaign, making the case that companies benefit from tax-funded infrastructure, but aren’t paying their fair share.

“Individuals become active users if they are educated, equipped, covered by social insurances, and massively connected, and all of this costs money to the government,” he said.

While such a new tax regime involves a massive shift in the notion of taxation – from location of production to location of data collection -- the shift wouldn’t be unprecedented.  He cited the creation of progressive income tax early in the last century, and the implementation of the value-added tax in the 1950s, as similar shifts.

The European valued-added tax – or VAT -- requires companies to pay taxes every time they take any kind of raw material and turn it into a product that can be sold at a higher price. Data taxation grows logically from this idea, Colin believes.  With data collection, under Colin’s scheme, companies “create value” when they turn consumers’ information into a product that can be sold. Taxing data really means taxing creation of this new value, he says.

“The French are very proud to have invented the VAT in the ‘50s. Today it's the most neutral tax, the most widely accepted by both individuals and corporations, and the one that raises the most revenue for governments,” Colin said. 

He acknowledged that Americans, who have long resisted VAT taxes, will probably receive the idea of digital-age tax change with strong skepticism. But he argues that 20^th century taxes distort the market and hurt the economy.

“Sometimes, new taxes are good for business when they help pay down the debt and balance the budget, and above all when they replace outdated taxes that distort the market instead of supporting growth and job creation,” he argued.

The privacy tax, which Colin suggested implementing as an intermediate step, has been roundly criticized, beyond the notion that any new tax is a bad idea: Critics have said it would be nearly impossible to manage, would force government bodies to make rulings on very technical matters, and that its collection could itself represent a privacy violation.  But Colin argues there is already general consensus in the computer security world on best practices with consumer data. Such a tax would properly align incentives in the marketplace, the way a carbon tax might create incentives for companies to take better care of the environment.

“What we recommend is to tax companies' behavior that is not in the interest of their users and not in the interest of innovation and growth,” he said.  “The French tax on non-compliant data collection behavior can really be compared to a carbon tax: In both cases, it creates an incentive for companies to change their behavior in the public's interest -- less pollution, more data protection, user empowerment and more innovation through smart disclosure.”

And while changing an entire tax regime would require international treaties, Colin argued that France could unilaterally impose privacy taxes on firms operating within its borders.

“There is no way companies can avoid it, because that would mean closing the service for users based in France,” he said. “Is Google ready to stop operating its search engine in France? Or Facebook ready to close 20 million accounts?” 

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

Five percent of U.S. consumers have an error on their credit report that "could lead to them paying more for products such as auto loans and insurance," the Federal Trade Commission said Monday, as it issued a long-awaited study of credit report accuracy. 

Follow @RedTapeChron

“These are eye-opening numbers for American consumers,” said Howard Shelanski, director of the FTC’s Bureau of Economics.  “The results of this first-of-its-kind study make it clear that consumers should check their credit reports regularly.  If they don’t, they are potentially putting their pocketbooks at risk.”

The trade group for the nation's credit reporting agencies issued a swift response challenging the agency’s interpretation, saying the study shows credit reports are "highly accurate."

"The study also showed that 95 percent of consumers are unaffected by errors in their credit report," the Consumer Data Industry Association said in a statement.

The FTC study, eight years in the making, also tracked consumers as they tried to fix or dispute errors in their credit reports. More than one in 10 who did this saw their credit score change as a result.

The study was ordered by Congress in 2003, when it passed the Fair and Accurate Credit Transaction Act. The FTC followed 1,001 consumers as they tried to navigate the credit report system and to fix mistakes in their reports.

Among other things, the study found:

*26 percent of consumers in the study identified a "potentially material error";

*21 percent managed to obtain a modification of an error;

*Roughly half of that group experienced a change in credit score;

*Most of those credit score changes were minor, with roughly half resulting in swings of 20 points or less;

*The most important finding of all: For 52 of individuals studied, "the resulting increase was such that their credit risk tier decreased," meaning they were likely to get cheaper loan rates.

Consumer groups responding to the study said it indicates a need for reform of the credit reporting industry.

“It’s unconscionable that 40 million American have errors in their credit reports, and that 10 million have errors grave enough to cause them to be denied or charged more for credit or insurance or even be denied a job,” said Chi Chi Wu, staff attorney at the National Consumer Law Center. 

Studies of credit report errors have been conducted before, but they have produced confusing results. Many errors are not material — a misspelled street name for example.  And errors are not the real problem — lower credit scores that cost consumers when they try to get loans are. Credit bureaus are required by law to quickly fix mistakes, but there have long been allegations that the dispute process is difficult and stacked against consumers. The FTC report attempts to address that, too.

Of the 262 consumers in the study who disputed information they said was inaccurate:

*37 percent said all their concerns were addressed;

*42 percent said their report had been modified, but there were still errors on their report;

*21 percent said they were unsuccessful in getting their reports modified.

The report did not attempt to establish the veracity of the consumers' disputes.

Credit expert John Ulzheimer, who formerly worked with Fair Isaac, which invented the credit score, and is now president of Consumer Education at SmartCredit.com, said he felt both the FTC and the credit industry trade group were "embellishing" their claims about the results of the study, but he, too, found the FTC data troubling.

"I'd side with the FTC that the results are more disturbing than they are confirming credit files are accurate," he said. He suggested taking the dispute results with "a grain of salt" because the errors claimed by consumers were not independently confirmed.

FTC Chairman Jon Leibowitz told CBS News, which first reported the study’s findings on “60 Minutes,” that the results were "highly troubling. ... It's a pretty high error rate."

The credit industry began fighting back even before the “60 Minutes” segment aired. It issued a press release Sunday afternoon, and several employees of Experian spent the evening sending tweets to Twitter users who attacked the industry.

"It's easy to selectively hype snippets from the FTC study to sensationalize the issue," Stuart Pratt, consumer data industry spokesman, said in the release. "But the number important to consumers is the one they ignored – that only 2.2% of credit reports contain material errors."

The industry and FTC numbers differ because they describe slightly different things: The FTC says 5 percent of consumers are impacted by a serious credit report error, while the industry derives its 2.2 percent figure from the fact that consumers have three different major credit reports, and often errors appear on only one or two of those.

The industry also disagrees that errors are hard to fix.

"The notion that it is difficult to dispute an error is just wrong.  It is irresponsible to suggest to consumers that they might as well not take action when they have a question about their credit report," Pratt said.

Experian public relations officials repeatedly sent out this message last night: "If you ever spot an error on your credit report, please report here http://t.co/5nncPpfP Avg dispute time is 14 days."

It also sent users to the Experian website to read about the firm's policies

"Experian’s Commitment to Data Integrity, Customer Service and Consumer Education http://t.co/kejlxpQYvia @ExperianNews"

Some Twitter users complained about Tweet campaign:

"@Experian_US so (you are) responding (to) tweets from US but resolving life changing disputes from Chile and India!Priorities please!!!" wrote @elizabethforma.

As the Red Tape Chronicles and other outlets have reported, consumers disputes are often sent overseas for consideration, and workers in places like India and Chile only have a few moments to consider each dispute.

An Experian official who was sending out Tweets would not agree to be interviewed by NBC News; she directed questions to Pratt at the industry group.

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter