When is a $50 Christmas gift not really a $50 Christmas gift? When you give a gift card.

How much is that $50 gift card really worth? Well, it's hard to say. The art of irritating and sneaky fees has reached new heights in this 21st century version of gift certificates. There are sign-up fees, transaction fees, dormancy fees and outright expiration dates. Poorly timed use of the cards could make the $50 gift worth more like $40, $30, $20 ... or in some cases, nothing.

Gift cards are definitely not all created equal.  Here's how to make sure the gift you give this holiday doesn't end up as a neatly wrapped present for some company's bottom line instead.

Gift cards have been called the gift that keeps on taking, and for good reason.  In some cases, only a few months after purchase, the cards slowly begin to lose their value, through "dormancy" or non-use fees. Some cards lose their value entirely after a year or two. Companies count on a certain number of consumers who drop the cards into the sock drawer and forget about them. It's easy money.

Consumers have raised a stink about the fees in the past, and state legislatures have reacted. Some even outlaw the fees. But the resulting patchwork of consumer protection laws, and their varying protections, has made the landscape more confusing.

Still, gift-givers are voting with their wallets, and despite the frustrations, they apparently love the cards. Last year, the average consumer received a little more than three gift cards under the tree, according to a study released last winter by Deloitte & Touche. This year, according to the National Retail Federation, holiday shoppers will spend $18.5 billion on gift cards, up about 6 percent from last year. Each shopper will spend about $90 on gift cards, representing 15 percent of their holiday budget.

Store-specific cards are cheaper
If you simply must buy one of those gift cards, be sure to turn it over and read the small print. Buying the wrong card could turn out to yield a pretty thoughtless gift. Specific guidelines are hard to offer, because the fee structures have become so incredibly complex. But there are some general rules you can follow when shopping for cards.

For starters, store-specific cards are usually a far better deal than the general-purpose variety, such as bank-issued value cards -- these look just like credit cards -- or cards that can be used in several stores at a mall.  The flexibility of letting recipients buy anywhere they want often isn't worth it. Most general-purpose cards come with up-front fees, as well as hefty replacement fees, maintenance fees and even fees for checking your balance on the phone.

Two of the worst examples cited by a recent study conducted by the Montgomery County, Md., Division of Consumer Affairs include the iCARD Visa Gift Card and the Good2Go MasterCard. The iCARD comes laden with a $25 maintenance fee after six months. After that, it can cost $25 to get the balance refunded by check. Refunds cost $75 after two years. The Good2Go card costs $9.95 to purchase and $4.95 each month for maintenance.  A chart of bank gift card fees is available from the Consumer Reports Web site.

Store gift cards are considerably less pricey. In fact, many retailers have given up on sneaky fees altogether. In the recent survey by the Montgomery County Division of Consumer Affairs, 18 of 30 major retailer cards charged no fees. These stores even allow consumers to recover the value of lost cards for free, either by presenting receipts or by registering the card. Now that's a thoughtful gift. Make sure you give your recipient the receipt along with the card (They already know how much you spent).

A list of these consumer-friendly cards can be found at the Montgomery County Web site.

On the other hand, about one-third of the cards examined by the consumer office slowly leak their value, starting at 12 months after the purchase price, at about $2 a month. It's these non-use, or "dormancy" fees that really seem Scrooge-like. According to the study, several of the firms inadequately disclose such fees –- so read carefully when you are purchasing. Kmart received especially stinging criticism, because it advertises on its Web site that its gift cards "never expire," but the monthly dormancy fee charged by the company does eventually drain a card's value to zero.

Retailers, of course, love the gift cards, and not just because of the fees. Spending gift card money is a game consumers just can't win. No one buys exactly $25 worth of merchandise. So either you spend more than the value of the card at the store, and plunk down your own money -- or you spend less, and leave some of that cash on the card.

"It's win-win for the retailer," said Kristin Arnold, who conducted a wide-ranging gift card fee study for Bankrate.com. The leftover money might sound like chump change, but it's not. Estimates of unspent gift cards funds -- called "breakage" in the industry -- range from 3 percent to 5 percent. That adds up to several billion dollars a year.

State governments collect fees, too
But while retail stores benefit from holding the cash while waiting for the gift card to be redeemed, they don't necessarily get to keep the unused funds. Many states have unclaimed asset laws known as escheat laws, which eventually require forfeited gift card money to be surrendered to state coffers. Ditto for cards that are lost and never used. It's another hidden fee -- hidden tax, in this case -- that comes with gift cards.

Escheat laws have a bright spot, however. Consumers can sometimes take expired gift cards found in the sock drawer after two years and talk their way into receiving new cards -- since the retailer doesn't get to keep the unspent money anyway.

Arriving at the store armed with knowledge of your state laws will make the conversation much easier. Consumers Union includes a comprehensive list of state consumer gift card laws on its Web site. Connecticut's law, one of the strongest in the nation, is explained clearly at GiftCardLaw.com.

State laws are another reason consumers should choose retail cards over bank cards, says Gail Hillebrand, an attorney for Consumers Union. Some state gift card laws don't apply to bank cards.

"With bank-issued gift cards, the protections are much more spotty," she said.

Don't forget Washington, Jackson, Grant ...
There has been some movement to create a national law that would clarify consumer rights. Earlier this year, Rep. Rodney Frelinghuysen, R-N.J., introduced the Gift Card Protection Act in Congress. The law would instruct the Federal Trade Commission to develop a rule that would essentially outlaw gift card non-use fees and expirations. The bill is so far hiding in the House of Representatives Commerce, Trade and Consumer Protection subcommittee. Frustrated consumers can contact their U.S. representative and ask that he or she support the legislation.

But there is something else consumers can do to fight these pesky fees.

Give cash.

I know, it's tacky. But cash is amazingly flexible. It can be used in any store. There are no up-front fees, no fees for disuse (other than inflation), and greenbacks don't expire.  They can even be used at stores that don't take credit cards at all.  And there's no "breakage."  A holiday card with some cash inside -- or at least an old-fashioned check, so you earn the interest if the money's not spent -- is an excellent, reasonable consumer response to unfair gift card fees.  Of course, this is Christmas, and reasonable consumer responses are not to be expected.

It's actually obscene what you can find out about people on the Internet.

Take cell phone records -- literally.  Your cell phone bills are there for the taking, for about $100 a month.  Dozens of Web sites offer this service –- one month, or one year. Every call, every phone number. However scary that sounds, it won't really hit you until you see it for yourself -- so click here for an example of what's out there.  Then hit "back" in your browser, and let me explain.

Who your friends are. How to contact them. Even where you were. All those crumbs are on sale. Right now. Online. To anyone.

It may be outrageous, but it's not new.  MSNBC.com first wrote about this problem in October 2001, in a story titled "I know who you called last month." 

The problem was exposed years earlier by a private investigator named Rob Douglas.  Banking records, home phone long-distance calling, even medical information, were all for sale, he told Congress.  Once a buyer of that kind of information, Douglas came to believe the practice was unethical, unfair and maybe even illegal –- and he began a crusade against the industry, eventually founding PrivacyToday.com.

During hearings in 1998 and 2000, Douglas told Congress that private investigators simply pretend to be their targets, call up the phone companies involved, and ask for the data they want.  Someone who wanted John Smith's cell phone records would just call up the cell company claiming to be John Smith and ask for a duplicate copy of last month's bill. It usually worked.  In the business, it's known as "pretext" calling -- calling and asking for records under a false pretext.  It was that easy.

Since then, reporters around the world have proved Douglas' point by purchasing all kinds of interesting cell phone records. Most recently, Maclean's magazine purchased the records of Canadian federal privacy commissioner Jennifer Stoddart. 

Still, all those Web sites selling all those records keep advertising their services.

But finally, someone seems to be noticing. In July, the Electronic Privacy Information Center (EPIC) filed a complaint with the Federal Trade Commission, asking for an investigation. A month later, EPIC asked the Federal Communications Commission to alter its regulations to make cell phone companies more accountable.

At about the same time, Sen. Charles Schumer, D-N.Y., introduced legislation designed to crack down on the sale of cell phone records by pretext callers. More recently -- just last week -- Sen. Ed Markey, D-Mass., sent a letter to both the FTC and the FCC demanding action.

Verizon steps up to the plate
But most important, a cell phone company has finally stepped forward and said it can't take it any more.  In July, Verizon sued a Web site named SourceResources.com for selling its customers' cell phone records.  In September, the site settled with Verizon, agreeing to discontinue sales, and to tell Verizon how it managed to obtain the customer records.  Verizon spokesman Tom Pica won't say what the company has learned from the trove of information. But it appears Verizon is in it for the long haul; on Nov. 2, the firm went after another alleged pretext Web site, a Florida company named Global Information Group. Pica said Global Information agents made "thousands of attempts" to trick Verizon customer service representatives into divulging phone records.

Kudos to Verizon for taking the issue on. For some time, cell phone companies have been operating like the ostrich -- pretending the problem didn't exist would make it go away.  In truth, cell phone firms were  afraid to take on the issue because doing so would be a tacit admission that there's a problem.  To sue Global and SourceResources, Verizon had to admit these firms managed to steal data, something companies are often reluctant to do.

But it's time to do something. Back in 2001, after Douglas testified before Congress, he helped orchestrate a sting operation against private investigators called Operation Detect Pretext. It specifically targeted firms selling banking information; most sell the same slate of personal data, including cell phone records.

Undeterred by FTC investigation
Initially, Douglas said, the Federal Trade Commission identified 1,500 firms advertising such services, both online and offline. The list was pared to 200 firms, which received warning notices. Then, about a dozen were targeted for stings. FTC investigators using techniques designed by Douglas called those firms, purchased data and recorded the conversations to be used as evidence in later legal action.  Eventually, three firms were sued. None was put out of business. In fact, one of the three still operates -- Information Search Inc.  On its site, it laments restrictions placed on its business by the FTC. And while the site indicates the firm no longer sells banking information without a permissible purpose, Information Search Inc. does still sell cell phone records.

"We talk all the time about securing information, and yet all of these companies are being duped by the easiest of scams," Douglas says. 

Five years after his sting operation, pretext calling still thrives. That's why Douglas says he doesn't hold out much hope that law enforcement will solve the problem of cell phone records for sale. 

For now, Verizon's willingness to admit there's a problem, and to put legal muscle into the fight against those who would steal customer data, is the most hopeful sign.

Lack of imagination
Still, EPIC's Chris Hoofnagle has so far been disappointed by other telecommunications companies and what he describes as a "hostile" response to his complaint. They've so far resisted calls for higher security standards.   But simple steps could make a big difference, like sending letters to account holders after toll records are requested.  Even a text message to the cell phone saying a request had been made would alert consumers that there's a problem.

"The cell phone companies so far have suffered from a lack of imagination," Hoofnagle said.

For now, Douglas says, Verizon's initial legal forays haven't deterred pretext calling -- and a simple Google search supports his claim.  That means even bolder action is required. This is no mere philosophical debate for privacy advocates. Stolen cell phone records and information sold by data thieves and pretext callers have led to embarrassment, unfair harassment, even murder. Reporters used the records to find and hassle families in the Columbine tragedy.  In the Internet's most celebrated murder case, stalker Liam Youens purchased Amy Boyer's Social Security number and name of her employer from a data seller named Docusearch. He then showed up at Boyer's office and shot her to death.

On Youens' personal Web site was a simple indictment we would all do well to heed.

"It's actually obsene [sic] what you can find out about people on the Internet."

It was just a tiny thumb drive, but now, it's a pretty big problem for a Hawaii hospital.  And what happened there could eventually become a problem for you, too. 

Last month, Wilcox Memorial Hospital in Kauai had to inform 120,000 past and present patients that their private information had been misplaced.  Their names, addresses, Social Security numbers, even medical record numbers had been placed on one of those tiny USB flash drives -- and now, according to a letter sent home, the drive was missing.

The device had been misplaced in early October, and hasn't been heard from since, said hospital spokeswoman Lani Yukimura. While medical information was not on the device,  it would be a treasure trove for an ID thief who found it.  Once plugged into any computer's USB port, a finder would have access to about as many identities as ChoicePoint Inc. leaked to criminals last year. So why has the Wilcox incident gotten so little attention?

The Hawaii hospital's lost thumb drive passed by largely unnoticed. Perhaps it was because Hawaii flies a bit under the radar of the mainland. Or it may just be that people are tired of this kind of news. After all, according to a survey conducted by the Ponemon Institute recently, about 1 in 9 adults received a letter in the mail this past year saying their data had been lost or stolen. So what's another 120,000?

But the Hawaii story is a bit different from other data leaks you've heard about. It signals the next big headache looming for both consumers and the people who try to keep our data safe -- something called "endpoints" in the security industry.  Laptops, Palm pilots, PocketPC phones, and yes, those marvelous little thumb drives.

It's fine to spend millions of dollars protecting a network from hackers -- but what about all that data that goes walking out the door every night? What about those laptops left in taxis, or the whiz-bang cell phones left on airplanes? Those thoughts keep security professionals awake at night, and maybe you too.

My Blackberry, my self
"This is a really big issue," said Avivah Litan, security analyst at Gartner. "It's really just an unwieldy situation right now."

And unlike many potential security vulnerabilities that are discussed in geek circles, this one is not theoretical. Think about those wonderful Blackberry devices, for example. What if you lost yours? 

Two years ago, a wayward Blackberry that belonged to a former Morgan Stanley executive ended up on eBay. How do we know it was from a Morgan Stanley executive?  Because the buyer found 200 company e-mails and 1,000 contacts still on it. 

Credant Technologies is one of a small army of companies that have begun focusing on this issue. The firm surveyed corporate America to see how extensive the problem of lost devices is. Their findings, while self-serving, ring true.

Bob Heard, CEO of Credant, said that on average, a company with 1,000 employees loses 1 laptop each week.

Credant's survey of those who had lost laptops indicated that 82 percent were never recovered. It's not clear how many of those machines had customers' personal information on them, but 90 percent had "critical data," according to the survey.

Heard, himself a former identity theft victim, thinks the problem is out of hand.

"The problem has been expanded from a protection of data standpoint to a social issue," he said.

Devices that call for help
Other numbers paint a similarly bleak picture. Safeware, an insurance company, says more than 600,000 laptops were lost of stolen during 2004.  Laptop/device theft was the most commonly-reported attack in the 2005 Computer Security Institute/FBI Computer Crime & Security Survey -- outpacing denial of service attacks, computer virus attacks, insider theft, and other "sexier" problems.  About three-quarters of companies that responded to the FBI survey said they'd suffered a laptop or device theft in the past twelve months.

There are technologies being designed to combat the problem.  Numerous firms are experimenting with "phone home" technology that tells a missing laptop or phone to send a beacon the moment it's connected to the Internet.  Using a variety of geo-location technologies, firms and law enforcement agencies can hunt down the missing hardware. 

But recovering the device doesn't ensure that critical data -- like the names of 120,000 hospital patients -- won't already be compromised.  For that, password-protection and encryption are being tried.  But those strategies have their flaws, too, Litan says.  A database on a laptop might be encrypted, only for use by the owner -- but that person might run a report from the database and put it on a thumb drive for a presentation, a typical scenario.

There's really no way to keep someone from running reports on spreadsheets and databases in laptops, unless the database is completely locked up. In which case: Why have the laptop?

Best defense: Luck
Right now, your best defense is luck.  Lose your laptop in a taxi, hopefully the finder will be more interested in fencing it for $50 than downloading the data.  Using the simple password protection on your mobile device is worth the trouble because the odds are in your favor that the finder won't be a computer expert with a password-cracking program at hand.

Of course, he or she might be. 

As for companies, there are a patchwork of federal regulations that mandate data be handled with better care: the Graham-Leech-Bliley Act for banks, HIPPA (The Health Insurance Portability and Accountability Act) for hospitals, among others.  These laws are supposed to provide both guidelines and a deterrent to bad practices. For example, federal agencies can fine companies for carelessness. 

Should a hospital, for example, be able to place 120,000 identities on a thumb drive, lose it, and get away with a simple "I'm sorry" letter? Or should there be some penalty for the hospital's failure to encrypt their customers data before putting it on so portable a device?

A future Red Tape Chronicles entry will discuss how often such fines are levied, but I'll bet you can guess the answer.

Tired of corporations with misleading advertising? Tired of class-action lawyers making big bucks and leaving crumbs behind for their plaintiffs?  Here's a story for you.

DVD rental firm Netflix just settled a case involving accusations of misleading advertising.  In the settlement, Netflix agreed to pay the lawyers up to $2.5 million.  Consumers don't get any money.  They get what's known in the class-action world as a "coupon settlement." Instead of money, Netflix customers get one free month's trial for upgraded service.

What's worse, that free trial sounds an awful lot like a marketing tactic.  After the free month, consumers' will automatically be enrolled in the upgraded service, and will pay for it -- unless they opt out of the upgrade.  Sound familiar?

This is the kind of hard sell that marketing managers dream about, and it has Netflix consumer Chris Ambler hopping mad. He's set up a Web site named NetflixSettlementSucks.com, where he's gathering opponents to mount a formal objection.

What is Netflix?
Now for the details. You've probably heard of Netflix, the Internet-age way to rent movies. You make a list of movies you want to see, and Netflix mails them to you, two, three or four at a time.  Whenever you mail the DVDs back, Netflix sends you more.  The basic plans cost between $10 and $18 a month -- and for that price, you can rent "unlimited" movies.  If you are an avid movie watcher, and you are conscientious with the mail, you can end up renting dozens of movies for one low price.

Well, kind of.

Last year, Netflix was sued by a consumer who claimed the firm had several sneaky ways to limit the number of movies it actually sent home.  For starters, those one-day-turnaround  deliveries could actually take up to six days.  The company didn't count Saturdays or non-postal holidays.  And in the lawsuit, the plaintiffs argued that Netflix purposefully tacked on an extra day here or there while handling DVDs. In reality, someone who paid for the "three-at-a-time" movie package could at most rent 10 movies a month, the lawsuit claims, a far cry from unlimited rentals.

What's more, the lawsuit claims, Netflix gave quick turnaround to new customers and consumers who didn't watch many movies -- their most profitable consumers.  Avid movie-watchers who burned up the path to the mailbox were selectively penalized, getting movies slower than other members.
(You can see the lawsuit at San Francisco County Superior Court's Web site, but you'll have to download a piece of software and search for case 434884).

It was all unfair, the plaintiffs said, to consumers and to Netflix competitors like Blockbuster -- which says of its service that users should expect two- to three-day delivery.

No admissions, but a settlement
Netflix admits to none of this behavior but in September agreed to settle the case anyway. The settlement terms are simple: Consumers who are current members get a free one-month upgrade. If you are currently allowed three movies at a time, you'll be able to get four at a time for that month. But here's the problem. When your free month is up, Netflix will send you an e-mail. If you don't follow the instructions in that e-mail, you'll continue to be enrolled in the higher-service plan, and you'll be paying for it.

Even better for the Netflix marketing department: If you are a former Netflix customer who's quit, you get a free month of movies -- but you'll have to fork over a credit card or other payment method. And again, after that month is up, if you don't opt out, you'll be a paying member.

At this point, let's recap: 
Lawyers: Up to $2.5 million
Netflix: A great upsell marketing plan
Consumers: A couple of extra DVDs, followed by higher bills

'A very good settlement'
Seth Safier, lawyer for the plaintiffs, insisted that the settlement terms really did help consumers.
"This is a very good settlement. It addresses exactly what the plaintiff was complaining about," he said. Netflix unfairly limited the amount of unlimited movies someone could rent, and so the settlement gives consumers a month's worth of extra movies. True enough.

He also says the court may not award him and his partner the full $2.5 million Netflix has agreed to pay -- the amount is merely a ceiling, pre-approved by Netflix. 

And, Safier said, consumers will be given ample opportunity to decline the higher-priced services. 
But why not just automatically assume they have the service they want already and ratchet them back down at the end of the free month?

"Netflix doesn't work that way," he said.

Netflix spokesman Ken Ross promised consumers would be treated fairly, citing the firm's high customer approval ratings.

'Absolutely ridiculous'
And, ironically enough, Chris Ambler (you remember him, the NetflixSettlementSucks.com guy) is among those who gives Netflix high marks. He said he loves the service and has never had trouble getting the movies he wants in a timely way. But he thinks the settlement terms, well, suck.

"I looked at it, and I thought, 'This is absolutely ridiculous,'" Ambler said.  In the long run, he figures he'll be paying the price for the settlement through higher subscription fees. And he's upset about what he calls free marketing.  So he's brought about 300 like-minded complainers to class-action lawyer Jay Edelson, who's offering to write a formal objection for free. It's not clear if the objection will have any impact, but Edelson figures it's worth a shot.

"A lot of people are upset about this class," Edelson said. "This tars good class-action attorneys and feeds the fire for critics."

Among those critics is the Bush administration, which has long made lawsuit reform a platform of Republican politics. Earlier this year, a freshly emboldened Republican Congress passed the Class Action Fairness Act, and President Bush signed it. The law forces most class-action cases into federal court, where judges have been less friendly to class-action lawyers.  And it limits the fees paid to class-action lawyers in coupon settlements.

The law, however, was not retroactive and has no impact on the current Netflix case.  And it is silent about settlements that might be mistaken for clever marketing plans.

How far are you away from financial ruin? Probably not more than a few weeks.

A new survey conducted by the financial services giant HSBC suggests that four in 10 Americans don't have even one month's worth of living expenses saved up in case of an emergency. Should crisis hit -- a hurricane, a lost job, a sudden relocation -- people in this category simply have no "Plan B."

That flies in the face of advice that personal finance experts have given for years. So, if you're in that spot, here's some practical advice.

In its survey, HSBC asked if a catastrophe like Hurricane Katrina hit, how many months of basic living expsense did consumers have saved up.  Over 60 percent of respondents said they had less than three months savings.

"That caught us by complete surprise," said Carlo Airdo, director of credit education for HSBC North America. "That's very concerning." The firm launched a Web site named www.yourmoneycounts.com to coincide with the survey.   

Earlier this year, the Commerce Department announced that the personal savings rate among Americans had dipped below zero. In other words, the average person now spends more than they make each year. Economists are debating the significance and accuracy of the data, chiefly because it doesn't include the extra money people have gained in home equity or other investments.  But they are missing the point.

Americans clearly are not prepared for a disaster -- natural or economic.  A disturbing amount of people are living paycheck-to-paycheck.  For evidence, just look to the Gulf Coast. Hurricane victims were so desperate so quickly, in part, because they had no buffer. Many had no way to make mortgage payments, pay credit card bills, or deal with other debts when their incomes were suddenly interrupted.

What if it was me?
If you were lucky enough to watch the Rita, Katrina, and Wilma hurricane disasters on TV -- instead of watching them up close and personal -- you couldn't help but wonder, what if that was me?

Perhaps you were even motivated to buy and stash a supply of water, non-perishable food, even gasoline.  But what's the most basic essential of all in a capitalist economy: money?  The worst red tape of all is the red tape you'll find when you simply cannot support yourself.

Personal finance experts recommend keeping about three months worth of living expenses in a special account, hidden away for a rainy day that hopefully never comes.  But about half the country is simply ignoring that advice.

Here's one reason why:  Saving three months worth of living expenses would require consumers to chart three months worth of expenses.  Staring the monthly budget in the face is often an ugly process, a bit like looking in the mirror the morning after a night of heavy drinking. For many, it seems better not to look. That might work for a while; that is, until the day a natural disaster strikes, or the pink slip arrives. Then, all the poor planning comes home to roost.

The price of angst
Last month, I wrote about FEMA suspending its $2,000 expedited assistance grants for hurricane victims, and thousands of people wrote to MSNBC.com complaining that they had been unfairly denied FEMA assistance.  Their stories were tragic, but underscored the problem -- an alarming amount of victims had absolutely no margin for error in their lives.  A few weeks of bureaucratic delays in FEMA aid left them destitute.  With no savings, they had no flexibility, and were completely at the mercy of a bureaucracy that failed them.

But even before disaster strikes there's a cost to the lack of a Plan B: financial anxiety. The HSBC study found that 80 percent of Americans say they are worried about their level of savings.  How can you put a price tag on angst? 

Dollars just don't add up
How did so many Americans get so close to the edge? Things are different in Europe.  According to a research letter published by the Federal Reserve Bank of San Francisco, personal savings rates in Germany, France, and the U.K. all hover over 10 percent.  Europeans don't have the same love affair with credit that Americans have. And, they haven't been drugged quite as much by the wealth effect of housing boom.  In the U.S., a startling amount of people -- 50 percent -- don't pay fully pay off their credit card bills every month.  Since many are paying usurious interest rates, one has to assume they don't have a lot of cash saved up. Otherwise, those folks would avoid the high interest rates and pay down the debt.

But I'm not suggesting grabby consumerism is the only cause.  Ask anyone you meet at any bus stop in America -- the squeeze is on.  Healthcare costs keep exploding, gas prices are high, this winter's heating costs are looming large.  College tuition is about the price of a decent three-bedroom house in a second-tier U.S. city.  To paraphrase Harvard's Elizabeth Warren, author of The Two Income Trap, an average American working at an average job just can't afford an average home any more.  The dollars just don't add up.  So we squeeze the difference out of credit.

Don't look for relief of this state of affairs from America's credit industry. In fact, emboldened by the new bankruptcy law, which makes it harder to escape debt, credit card firms have increased the minimum monthly payments required on many accounts. In many cases, they've jumped from 2 to 4 percent, doubling that line item on debtors' montlly budgets. 

Open – but don't use – a line of credit
"Obviously, a lot of families are on the edge, living paycheck to paycheck," says Liz Pulliam Weston, author of Your Credit Score and several other personal finance books. "There is big group that is incredibly vulnerable, not just to a disaster, but also to life's everyday ups and downs."

If you're one of the 40 percent of Americans who couldn't make it through next month without a paycheck, Weston has some firm advice.  But it's not what you might think.  Don't simply start squirreling money away, she says.

"There are still more important financial goals," she said.  Paying down credit card debt still takes top priority in her book.  That also gives you a step in the right direction towards financial crisis readiness, because you'll be freeing up your available credit.  Funding disasters with credit cards is not optimal, but it's better than the alternative.

Weston also advocates a step many might not consider -- opening up a personal line of credit with your bank *before* you need it.  That way, you will get the loan on your terms.  You'll lock in a good rate, and have the time to shop around.

The trick is to leave the account empty -- don't be tempted to use it to pay down credit card debt, because you're likely to keep up your current spending habits and land a big credit card bill again.

Instead, use the line of credit as your get-out-of-jail-free money, your financial lifeline and plan B.  That'll buy you some time to build up savings of your own.

Home equity is not a disaster plan
As for that negative personal savings rate, optimistic economists like to point out that the statistics don't include appreciation on investments -- basically, many people enjoy increased equity in their homes.  American consumers, the theory goes, are saving money simply by owning a home, which continues to rise in value 10 to 20 percent each year.  Home equity itself is savings – both rainy day savings and retirement savings.

I could start down the road of the housing bubble debate at this point -- there is one, and if you are counting on home equity to retire on, you are gambling -- but I won't. That argument is immaterial in this discussion.  As any smart investor will tell you, you never want to be in a position where you don't get to pick the timing to cash out an investment.  If disaster strikes and you have to sell or take out a home equity loan, you may very well be forced into unfavorable, costly terms. Just ask someone trying to sell a house in Washington D.C. at the moment, where buyers have suddenly gotten shy. 

And, more to the point, ask someone who might try to take out a home equity loan now on a house in Cameron Parish, where the hurricane hit.

Who knows what might happen to house prices long-term?  But everyone knows rainy days do come.  We are all vulnerable to something -- a hurricane, a tornado, an illness, or downsizing.  The sad truth, we now know, is that we cannot count on our government to come to the rescue.  That makes now a good time to get your emergency kit ready, and stocked full of food, water, gasoline, and, most importantly, MONEY. 

On the Internet, it was always possible to outsmart the phish.  Just don't click on unexpected links, and you were pretty safe.  But RATs? They are much smarter, and if you aren't careful, they'll probably outsmart you. 

Remote access Trojans -- RATs -- are crawling all over the Internet, experts recently told me.  RATs can steal your online banking passwords and let criminals move money out of your brokerage accounts. They let a criminal watch everything you are typing from half-way around the world.

How to stop RATs?   There's no easy answer, the experts say, but here are the basic hints. If they sound a bit like mom's advice, they should.
1.) Don't go out in the cold without a coat.
2.) Stay away from places you know you shouldn't be.
3.) Don't eat candy from a stranger.
4.) Get your money's worth.
Now, Let me explain.

1.) Don't Go Our in the Cold without a coat
Maybe you thought it wasn't that cold out; mom knew better, and made you bundle up.  After all, you couldn't see the cold viruses floating around at school.  Somehow, she could.

The Internet's menaces -- particularly Trojan horse programs -- are just as invisible as cold viruses, that's why firewalls and antivirus software are a must now.   If you're worried about a criminal watching data flying out of your computer, a well-tuned firewall should stop that.  Windows XP now ships with a firewall turned on.   Other firewall software is pretty inexpensive now, and the very vigilant can even buy small machines that act as hardware firewalls.  It's a good idea to regularly make sure the kids didn't turn it off. Mom used to say you could catch a cold just running out to the car to grab a book.  You can catch a RAT by turning your firewall -- or your antivirus software -- off for a few moments.

Still, no firewall or antivirus software is perfect; many Net users with updated software are infected with malicious software like RATs. So there's other advice you must follow.

2.) Stay away from places you know you shouldn't be
Rats like dark alleys; so do RATs.  Pornography, file-sharing, and other murky Web sites are a major source of Trojan horses and other viruses.  Innocent-looking downloads can cause a world of headaches. However tempting these sites may be, avoiding the Internet's seedy side will go a long way toward keeping your computer safe.  And that means keeping the kids from downloading free software, too. 

3.) Don't eat candy from a stranger
For years, unexpected e-mail has been a major source of trouble; now, unexpected greeting cards are causing trouble, too. Who can resist the offer of a cute, musical well-wish for Halloween or Thanksgiving?  You can.  Clicking on a greeting card invites the sender to execute a small program on your computer.  It's a prime method for sneaking malicious software onto your machine.  If there's a hair of doubt in your mind, call the sender to make sure it's a genuine well-wish and not a Trojan horse.

4.) Get your money's worth
Online bankers and brokers are just starting to get the message that there should be more between a criminal and your money than your pet's name.  Federal regulators recently told U.S. banks that by next year, they had to go beyond a user name and a password to identify customers on their Web sites.  You don't have to wait that long.

Bank of America and ING Direct are two banks rolling out measures that include additional steps, such as entering a PIN number with mouse clicks.  Demand more from your bank's Web site.  Ask at a branch; send an e-mail.  A host of technology is available that would let you retire Fido as your password.  Give your bank the idea that you'll take your money somewhere else if they don't make you feel safer.

And some old wives' tales
Unfortunately, there are some old Internet safety ideas that don't really work in this world of RATs.
Time was, savvy consumers who paid attention to their computer could sense when something was amiss, like a spyware attack. The computer would slow down, the hard drive would run continuously, the modem lights would blink.

Well, that sixth sense is less and less useful. With broadband connections, there are no blinking lights.  Well-written RATs barely consume any processor space. The target computer doesn't slow down, and the hard drive won't spin out of control.  So your intuition won't cut it.  Without special tools, there isn't any reliable way to detect a RAT.

Many MSNBC.com readers suggested another intriguing idea that doesn't *really* work -- cutting and pasting passwords into online banking sites instead of typing them. The theory goes that since RATs that monitor keyboard keystrokes send a stream of characters you type to the bad guys, cutting and pasting the logins would mean there was nothing to steal.

That would foil some RATS, but not others, advises noted cybersleuth Richard Smith, who runs ComputerBytesMan.com.  Smart RATs actually monitor every entry made in a Web page form -- those boxes used for data entry like name, address, and the like. As you might imagine, anything entered in those boxes is generally pretty juicy information for a criminal.  These kind of RATs will steal even cut-and-pasted information.

Simpler RATs -- those that only capture keystrokes -- can be foiled with the cut-and-paste method, Smith said. And in fact, there was a time when he recommended it.  But it's generally not worth the trouble at this point, he said.

Checking on your antivirus software is a much more productive way to spend your time. Believe it or not, millions of computer users don't have any antivirus protection at all: 17 percent of Internet users, according to a Consumers Union study published in August. That's a recipe for disaster. And it could have something to do with the fact that in the same study, about 50 percent of consumers reported suffering a spyware attack in the prior six months; and why 1 in 10 computers connected to the Net right now are infected with something, according to Webroot Software.

All of which means the next time you connect to your online bank, it'd be a good idea to check on your firewall and update your antivirus software.  And while you're at it, zip up your coat. It's getting cold and dark outside.

This year, 1 in 10 Americans received a letter saying a U.S. company had somehow lost their personal data. What could be worse than that?  Not getting the letters. Never knowing the data was lost or leaked or exposed.  That's one possible outcome of legislation being considered by Congress right now. 

The Data Accountability and Trust Act, which was approved by the House Commerce, Trade, and Consumer Protection Committee on Thursday in a straight party line vote, would reduce both accountability and trust. It is the first privacy bill to reach this stage, but it still faces several hurdles before it becomes law.

Earlier this year, dozens of companies had to fess up that they'd leaked personal data, all because a California law forced their hands. For the first time, consumers got a glimpse at how fragile their privacy is. But federal legislation under consideration would undercut the California law, and other state laws like it. The fragility of our privacy would slip back into the shadows, and once again become a tightly guarded secret.

As it was written for Thursday's vote, the Data Accountability and Trust Act would grant consumers fewer privacy rights, not more.  To explain the problem: If the bill were in effect earlier this year, it's possible consumers never would have found out about ChoicePoint, Lexis-Nexis, or the other 75 data breaches that exposed some 50 million identities. 

At issue is the "trigger" that would force companies to disclose data breaches.  Congress is considering a very high standard for that trigger. The mere discovery of lost data is not enough; the consumer must be deemed at "significant risk" of a crime.  Who does the deeming? Whose finger is on the trigger?  The company.

That's a much less consumer-friendly standard than California's state law – the one that shined the light on ChoicePoint data leak earlier this year. It's also a higher bar than laws passed this year by some 20 other states, in light of the ChoicePoint incident.  But if Congress passes its version, it will trump all state laws, a tactic known as pre-emption.   

Who knows what Lexus-Nexis, et al, would have done if such a law were in effect last year. But it's easy to imagine many of those firms would have decided the lost data tapes or computer hacks didn't pose a significant risk to consumers.  No California law, no notices.

Few experts believe that there was a sudden lack of computer security this year.  Rather, there was a sudden bout of truth, thanks to California state law. Were that law trumped, we would likely end up back in the dark.

There are two other bills working their way through Congressional committees, both on the Senate side.  One, introduced by Sen. Arlen Spector, R-Pa., has a slightly better standard for disclosure notices. Firms don't necessarily have to tell consumers that their data has been lost. But, if they don't tell, they have to provide some proof to federal officials the missing data isn't being used to harm consumers.  That's a start.

Who are the commercial data brokers?
But in other ways, all the legislation misses the point.  The ChoicePoint data leak story was not really about identity theft. It was about this: "Who the hell is ChoicePoint, and why is it making money selling my personal information?"   People who had never heard of ChoicePoint were furious when they discovered how much this company knew about them, and how much money it was making brokering the information. The nation suddenly woke up to the commercial data broker industry.

Now, consumer groups want explicit rights to check up on what ChoicePoint and other firms know about them – a free ChoicePoint report, to go along with that free credit report. And consumers want to know exactly who knows what about them. 

To its credit, ChoicePoint does make much of its data available to consumers. But there are hundreds of little ChoicePoints in the world.  Most, you've never heard of. New laws would give consumers the right to fix errors in their background reports, but how can you fix errors when you don't know which company has them?

Without a centralized list of companies to check, consumers have no idea who is buying and selling their information.  The Data Accountability and Trust Act, doesn't deal with this critical problem.

Nothing is better than something
The DATA bill is also silent on overseas data handling.  U.S. firms regularly send people's personal information to places like China, India, Mexico, Thailand, just to name a few. U.S. privacy regulations have no force there, and consumers have no rights and scant assurances of safety.  Ignoring that crucial element of this issue is a serious oversight which would leave a gaping hole in any privacy rights legislation.

One side note: The bill as currently written exempts the federal government from any notification requirements.  In other words, the government wouldn't have to tell consumers if it lost their data. A classic "Do as I say, not as I do," situation.

Of course, it's not clear any data bill will be passed this year. Congress is absorbed by a few other matters.

But for once, a distracted Congress might be a good thing.  This is one case where nothing may be better than something. Any federal bill that erodes rights granted by California legislators, and more recently by dozens of other legislators around the country, would do more harm than good.

How's this for red tape: A hurricane destroys your home.  You call the Federal Emergency Management Agency's toll-free number to register for help.  A machine tells you they're too busy, and to hang up and use their Web site. So you visit Fema.gov and get the following message:

"The system is unavailable. Please try again later or contact the FEMA Helpline at the number listed below."

Many victims of this busy hurricane season are all too familiar with the routine. And Steve Kanstoroom, who's been watching FEMA closely, is hardly surprised. Kanstoroom has come to expect such gunk in the wheels of disaster recovery.  He's spent the past two and a half years collecting such stories at FEMAInfo.us, a Web site that's largely critical of the federal government's response to disasters. The stories he tells there will make your spine tingle and your heart hurt.

For Kanstoroom, interest in the subject is more than academic.  His Oxford, Md., home was battered in 2003 by Hurricane Isabel. But he was lucky; he had flood insurance.

The initial compensation offered him through the National Flood Insurance Program was $85,000, well below what he says were the true costs to repair his home.  So he challenged the finding and FEMA instructed his flood insurance company to pay him $250,000 instead.

Kanstoroom says his personal journey through FEMA's bureaucracy gave him a bird's-eye view of the agency's problems, and he began to chronicle them on his site.  Since then, he's testified numerous times before Congress and has become the de facto hurricane and flood victim advocate.

Some of the problems Kanstoroom discusses are basic. FEMA's busy signals, for example.

In October, FEMA's Nicole Andrews told MSNBC.com that the agency had staffed up to 12,000 telephone operators, many on loan from the IRS.  Some, she said, were outside contractors.

One of those outside contractors is Augmention Inc., a call-center firm based in Rockville, Md., just outside Washington. According to the Washington Post, Augmentation had about 1,000 people answering the phones for FEMA last month. According to documents on FEMA's Web site, the firm has a $31 million contract for "temporary staffing."

But the company isn't great at answering its own phones.  An operator hung up twice on a reporter who asked for the name of a public relations official. Eventually, messages were left for company executives, but they were not returned. And FEMA representatives didn't return phone calls seeking comments about Augmentation or about the FEMA call centers. 

Untrained eyes
But troubles getting through on the telephone are just the beginning, warns Kanstoroom.  Those who do get through to FEMA, and to their insurance companies, are in for other surprises.

Take those lucky ones, like Kanstoroom, who have flood insurance. The army of adjusters wandering around the Gulf Coast is swollen with the ranks of the inexperienced, he says.  Many are trained en masse during weekend seminars. They come from all walks of life. After all, the job can be very lucrative. Efficient adjusters can earn $1,000 a day or more.

"When you are standing outside your hurricane-damaged home, you are the last person on the planet to think they've sent you someone who's never adjusted a claim before," Kanstoroom said. That's particularly true when they arrive wearing a FEMA jacket, or driving a car sporting an insurance company logo.  Kanstoroom's adjuster in 2003 was on leave from the military, having just returned from the Iraq war, he said.

An adjuster's qualifications are no trivial matter.  Adjusters make decisions that hurricane victims must live with for the rest of their lives.  Errors of omission –- say, compensation for mold mitigation –- can be the difference between rebuilding a damaged home and losing one.

Alan Jackson used to be a claims adjuster based in Alabama before he went to law school. Now he sues insurance companies that he says intentionally lowball victims.  He also says FEMA and insurance agencies will literally let anyone become an adjuster. In fact, in September, Jackson says he attended a Mobile, Ala., training seminar with 500 people in attendance.  When the time for administering the certification test came, the administrator gave all the correct answers to the students.

"Everyone got 100 on the test," he said.  Jackson signed a sworn affidavit describing the incident, which Kanstoroom submitted as part of his congressional testimony on Oct. 20.

Jackson recommends hurricane victims ask their adjuster for a resume; if it's thin, he says insist on getting another adjuster, even if that means going to the back of the line and waiting a couple of months for insurance relief.

Still in trailers
The inefficiencies in the system may sound like typical government bungling, but they come with a hefty price, Kanstoroom warns.  As every day passes, consumers face a steeper mountain to restore their lives. Just ask the victims of 2003's Hurricane Isabel that are still living in FEMA trailers.  In June, some of them joined a $2 billion lawsuit filed against FEMA and government officials and federal contractors for allegedly mishandling their 2003 claims. 

Among other items, the lawsuit alleges that sales agents told consumers that flood insurance would ensure their homes would be restored to "pre-flood conditions"; meanwhile, adjusters were being trained to give victims only a fraction of their home's value.

Kanstoroom, who advised plaintiffs in that case, says he worries that history might be repeating itself. He sent a letter to Sen. Trent Lott, R-Miss., last week urging him to re-examine FEMA's role in Katrina, Rita and Wilma recovery.

"Adjusting abuses are being carried out by some of the same firms that are named in the $2 billion lawsuit," he said in his Oct. 20 testimony.  And then later, to Lott, he added:  "Time is of the essence, and without immediate action on the part of Congress, tens of thousands of victims will suffer needlessly as victims have from prior storms."