In the noisy immigration debate raging in Washington, there is one voice NOT being heard.

The voice of identity theft victims. 

Behind many of the nation's millions of undocumented workers are someone else's documents. To get a job, illegal immigrants need a Social Security number, and they often borrow one.  As victim Melody Millet is fond of saying, U.S. citizens are being forced to share their identities with undocumented immigrants to give corporate America a steady supply of cheap labor.

Thousands, perhaps hundreds of thousands of Americans are right now sharing their identities with immigrants and don't know it. It is the dirty little secret of the immigration issue: By not dealing directly with the undocumented worker situation, the U.S government is actually encouraging identity theft.  In fact, one can argue that the origins of the identity theft epidemic can be traced to the immigration issue.

The scope of this problem is vast.  Every year, nearly 9 million people pay their taxes using the wrong Social Security number. The name used on W-2 tax forms used by employers doesn't match the name on file with the Social Security Administration.  There can be many reasons why -- a data entry typo by a human resources department, a woman changes her name after marriage and forgets to report it, or a man uses someone else's SSN to get a job. 

Social Security calls this a "no-match" situation.  When this happens, the Social Security Administration collects the money, but the wage credits go into limbo. They don't end up on anyone's annual Social Security statement, they end up in something called the Earnings Suspense File.  Since 1984, when the Social Security card employment verification requirement kicked in, nearly $500 billion in wages has ended up in that file. 

Who are all these people paying their taxes using the wrong SSN? Neither Social Security nor the IRS has ever studied this issue in great detail. But there are clear indications that many -- if not most -- of the 9 million mismatches are immigrants using the wrong SSN. One study by Social Security indicates no-match payments come most frequently from agricultural and restaurant industries, for example.

Not every mismatched SSN belongs to a real living person, and in fact, it appears many are chosen at random. Some belong to the deceased; others are entirely fictitious. One study showed thousands of entries using obvious fakes, such as 123-45-6789 or 999-99-9999.

Many victims are very real
But many victims are very real.  Recently, officials in Utah matched a database of children receiving welfare benefits with a database of workers paying state taxes and found 1,800 child victims.  It's impossible to know how many of the impostors were undocumented workers, but Utah Assistant Attorney General Rich Hamp says that behind most cases the agency has prosecuted so far, he's found an immigrant using someone else's papers.

Victims often don't have any idea they're sharing their identity with an immigrant, because there's no way to find out.  Social Security won't tell you if someone else is using your SSN. The extra earnings don't end up on your annual Social Security statement, because they are designated to the Earnings Suspense File instead. Ditto for the Internal Revenue Service.  The misuse isn't revealed in personal credit reports, either.  If somebody uses your number to get a credit card or car loan, the nation's credit bureaus create a new credit file instead of alerting you to the misuse.

Victims only find out when something goes wrong -- when there are unpaid taxes or unpaid bills, debt collectors often track down the original SSN holder.

But there are sometimes hints along the way.

SSN-only ID theft victim Margaret Harrison was once denied unemployment because records showed she had a job.  Harrison was in West Virginia -- her Social Security number was working on a farm in Washington state.  She couldn't prove her problem until recently, however, when she received a debit card with her impostor's picture on it. 

The immigration issue is an incredibly complex mine field of competing emotional issues. There are sloganeering and extremism on both sides.  There will be no kicking out every undocumented worker; and there will be no letting everyone in right away.  People who insist on either are naive, foolish or both.  There will be hard decisions and heartbreaks. This column does not suggest there is a simple answer.

And it also does not blame the immigrants, who are simply following the real-life rules they've been given.  Want a job?  Want to feed your family, want a better life for your kids?  Just get a nine-digit number. The message has been clear from our government and our corporations for 20 years -- no one cares whose nine-digit number you use.

Plenty of blame to go around
The blame lies on us all for not dealing with the situation directly, and instead encouraging under-the-table activity. There are millions of victims on all sides -- including the innocent bystanders who must share their Social Security numbers.

This is what happens when an extra-legal system is in place.  Today, there are no rules, which clearly encourages this sharing of Social Security numbers. It encourages the cottage industry that is document forgery. And ultimately, it encourages identity theft.

While consumers cannot learn the secret life of their Social Security numbers, several groups know all about it. The nation's credit bureaus, for example, can sort their data by number instead of name. 

Lenders routinely buy this information when assessing a consumer's credit risk.  Every time MSNBC.com covers this issue, workers at car dealers and banks write in to say they've seen countless examples of consumers who apply for accounts and have multiple names connected to their Social Security numbers.  Privacy rules prevent them from warning the consumers.

And of course, any agency that collects taxes, such as Social Security or the IRS, has this information.

It would certainly be possible for any of these groups to inform those who are sharing SSNs, but a serious attempt has never been made.  Why?  I suspect that doing so would personalize the immigration debate and might very well lead to a true flash point for the issue. 

Three years ago, Social Security did the next-best thing, sending letters to some employers with large lists of people paying taxes using the wrong SSN.  As workers scattered, seeing the letters as tantamount to a deportation notice, immigration rights groups protested. The letters were immediately withdrawn. And here we sit.

One thing activists on many sides of this issue seem to agree on –- it's time to bring undocumented workers out of the shadows.  That would be wise, as it would also bring countless identity theft victims out of the shadows. 

But until that happens, the IRS, the SSA and the nation's credit bureaus need to develop a system that allows the rightful holder of a Social Security number to know if it has a secret life. 

Technology often creates as many problems as it solves.  And it almost always ends up costing more money.

The other day, I lost the stylus in my swanky new Sprint phone.  It's unique, of course, unlike the thousands of other styli out there for the hundreds of other palm-sized devices. So there's only one place to buy a replacement -- Sprint. 

What does it cost to replace my stylus? $25.  I'm required to buy a package of three.

When I objected to the 19-year-old behind the Sprint counter, he rolled his eyes and looked at me like I had just complained that the price of Bazooka gum had jumped from 1 cent to 2 cents. As I turned to leave without purchasing the stylus, doomed to a life of poking my cell phone screen with pen caps, he grunted something that could roughly be translated as, "Shouldn't you be retiring soon?"

I think this was a rite of passage for me, and not a good one ... but I digress.

As anyone who knows me will gladly share, I lose a lot of things.  In high school, I was always the one borrowing a pen in a panic as the test began. If you travel at all, you've probably seen a cell phone, laptop bag or car keys that belong to me sitting in some airport on a seat near a gate during the past couple of years.  It's a condition, I believe, like being born left-handed. I know I am not alone. 

Now, here's the problem: When I was in high school and lost a pen, the penalty was about $1.  Today, thanks to our new and improved high-tech world, the penalty for losing my pen-like stylus is $25.  That's not inflation. That's thievery.

'Gotcha' capitalism
My lose-itis aside, the high cost of high-tech replacement is a huge source of stress in modern life, and it's often incredibly unfair -- an example of what I like to call "gotcha capitalism."  My colleague Roland Jones recently unmasked a particularly egregious form of this in a story called "High-tech car keys causing low-tech hassles."

Many car keys now come with special computer chips embedded inside that prevent a criminal from using a duplicate key to steal the car.  The technology is clever. The chip emits a frequency that the car recognizes; if it doesn't hear that frequency, the car refuses to start. The technology behind the key is usually RFID, which you will see cropping up in all kinds of places during the next decade. Pants and shirts will be able to talk to each other this way (you're wearing that?), and they'll be able to talk to the store, too (you should really wear this! And look, it's on sale!)

But there's a cost for all this wizardry. A very high replacement cost.  Car owners who have come to terms with their lose-itis can't stock up on duplicate keys at the hardware store for a couple of bucks. The price to replace RFID keys is astronomical.  A key for a new Lexus can cost $335.  Worse yet, the number of places to buy a replacement is limited, so if you lose your key on a weekend, you may be out of luck for several days.

The captive consumer
Here's what's wrong with this picture.  A consumer who loses a telephone stylus or an electronic car key is a captive consumer.  There is no free market in operation. There's no shopping around for the best deal.  As a result, companies can charge almost anything they want for these replacement items. In fact, the situation becomes akin to what critics have at times called reverse competition:  the only pressure on the price set by companies is upward pressure -- that is, how much money can the seller squeeze out of the buyer, because there's no countervailing force, like competition, creating downward pressure.

Of course, companies relish this position. Have you ever wondered why you must buy a new car charger with each cell phone you get? Are there really that many designs for the thing? It's as if there's been a great schism in the engineering world, and every single cell phone designer must concoct a slightly different car charger to make a point.  This isn't a place for individualized artistic expression, and all this creativity is clogging our landfills with perfectly functioning cell phone cigarette lighter chargers.  It's another example of our oh-too-disposable culture.

I know, people always respond to these articles by saying this is simply capitalism at work -- companies trying to make the most money for their bottom line and their shareholders.  Phooey.  This is a monopolistic situation, where a captive consumer has no choice but to buy one product from one company. There is no free market in operation here.

That's not capitalism.

And perhaps more important, it's yet another source of anxiety in our already-anxious times.  I know I speak for all those of us with lose-itis when I say, give us a break, not a "gotcha!"  And if not, at least get us a bulk discount on replacement keys.

Have you suffered from the high cost of high-tech replacement? Feel free to use the box below to request sympathy or commiserate.

On an outrage scale of 1 to 10, this story is truly a 10.

Any information you give to a company that helps you prepare your taxes can be sold to anyone else.  Only a single signature on a permission slip stands between you and the complete loss of your privacy. While that seems shocking -– aren't tax records sacred? -- this isn't new. The IRS says it's a long-standing practice. 

Worse yet, the government and the nation's tax preparers are steering you to use one of these third-party tax preparation companies.  Anyone who wishes to file a return electronically -- the only rational way to file in the 21st century -- must use a private company to do so.  And that private company has the right to share everything it knows about you.

Taken together, these two facts may form the single biggest privacy heist of our time.

Anyone who uses a storefront tax preparation shop like H&R Block, or files taxes using over-the-shelf software like TurboTax, should be on alert for information disclosure forms that come your way. Signing one could really come back to haunt you.

We all imagined that tax returns were handled with solemn care.  It's obvious why: The government makes you provide the most intimate details of your life each year. How could this information not be kept private?

And in fact, Internal Revenue Service tax code prohibits disclosure of tax returns by the government except under very specific circumstances.  But disclosure of the information by third-party companies –- that's a different matter.

Last week, thanks to a story in the Philadelphia Inquirer, we all learned of a proposed regulation change at the IRS that formalizes the process necessary to obtain consumers' consent that their tax return data be shared.

What process?
When the objections started piling up, the IRS defended itself by saying it was merely clarifying an already-existing process.  Tax preparers can already share your information, I was told. This new regulation is good for consumers, because it spells out the process needed to gain their consent.

As Chi Chi Wu of the Consumer Federation of America said to me, this is the first time you hear of an agency defending an awful practice by saying it's already happening. 

The new regulation has its genesis in last year's big tax preparer complaint -- that many returns were shipped overseas to places like India for preparation, without consumers' realizing how far their personal information had traveled. So Rep. Ed Markey, D-Mass., generally a friend of privacy protection, asked the IRS to spell out new rules governing tax preparation outsourcing.

Consumers must now be told if their data is flying overseas for preparation.

But the rules also codify other kinds of data sharing, and that's where the problems start. Here's the offending language, which you can read for yourself in the proposed rule:

"These proposed regulations allow tax return preparers to obtain consents to use tax return information for solicitation of services or facilities furnished by any person..."

IRS: There's no change
IRS spokeswoman Nancy Mathis assured me that this is no different from past behavior by tax preparers, who could always share their data with affiliates. That's how they offer those usurious refund anticipation loans and other sneaky products, like those investment plans H&R Block is now being dragged to court for. H&R Block, by the way, didn't return phone calls requesting comments for this story.

But I disagree with Mathis.  The rest of the sentence of the regulation clearly suggests wider sharing of our data is on its way. It reads:

"...rather than limiting solicitations to the services or facilities offered by the tax return preparer or member of the tax return preparer's 'affiliated group.'''

When I asked her to explain the distinction she didn't, other than to refocus attention on the supposed beefed-up disclosure requirements.

"The heart of this proposed regulation is about the right of taxpayers to control their tax return information," she said. "The idea is to emphasize taxpayer consent and set clear boundaries on how tax return preparers can use or disclose tax return information."

I agree the regulation is clear.  Here's the relevant language that tax preparers now have to show to consumers:

"Warning: Once your tax return information is disclosed to a third party per your consent, we have no control over what that third party does with your tax return information. If the third party uses or discloses your tax return information for purposes other than the purpose for which you authorized the disclosure, under Federal tax law, we are not responsible for that subsequent use or disclosure, and Federal tax law may not protect you from that disclosure."

Allow me to translate:  "You, and your privacy, are screwed."

See what's been struck from the code
I called Markey's office looking for comment on the hubbub. In January, Markey had publicly credited the IRS for addressing the tax return outsourcing issue.  On Thursday, his response to the controversy was measured.

"Recent reports of some changes to the tax regulations suggest that tax preparers could with consent sell information to anyone. The IRS has suggested to my office that their regulations have been misinterpreted, and that the regulations do not significantly  expand the ability of tax preparers to disclose taxpayer information to others, and that the major challenge for the IRS was, and still is, ensuring that any consent is informed and not coerced.  I hope that the IRS moves quickly to clarify this matter."

Let's hope it does. I don't have a law degree, but I am pretty concerned about the phrase "use tax return information for solicitation of services or facilities furnished by any person."

That seems clear to me.  So does the language that's been removed from the tax code, language that in the past was very specific about what could and couldn't be revealed by tax preparers. Read for yourself:

"(A consumer's consent) does not apply for purposes of facilitating the solicitation of additional business to be furnished at some indefinite time in the future, as, for example, the future sale of mutual fund shares or life insurance, or the furnishing of future credit card services."

That  language (taken from IRS tax code 01.7216–3 for nerds out there) is very clear.  And it has been removed from the revision.

You must use an outside firm to e-file
Now, consumers still have to consent to all this information-sharing. It is voluntary.  But there's a reason people walk into an H&R Block -- it's because they don't want to deal with a lot of paperwork.  So how carefully will they read this consent document when it's handed to them with a bunch of other papers to sign?  Given the history of tax preparation firms, do you trust them to be clear about this process?

Then there's this.  You have the option of filing taxes on your own, without the help of a tax preparation firm, thereby avoiding this whole mess.  But if you are a child of this century, you have probably considered filing electronically. You get your refund faster.  The IRS has been pushing for electronic filing for years. 

But there is no way to directly e-file with the IRS.  You must use an outside firm, a third-party Web site or software firm, to do so.  And yes, such companies are covered by the new regulation. As soon as your data touches their servers, and they obtain a consent, they'll be able to sell the data to marketers.

In the case of e-filing, the software company or Web site must get the consumer to do something active, like type his name or a special 6-digit PIN code, to gain consent.  Wu thinks that's at least a step above the form consumers will be handed at tax preparer storefronts. I'm not so sure. When you are filling out the endless Web site tax form pages, will you stop to read the disclosure you are presented?  How big will the small print be?

Privitization is the problem
The sharing of intimate details like income, number of children, medical expenses -- even the amount of your tax refund -- and everything else found on a tax form is a horrible idea.  The IRS can simply clarify this problem by clearly disallowing the sale of our personal information.

But there is a larger problem here, the force in Washington that is right now pushing for privitization of every government service.  Underneath today's privacy controversy is this: Tax collection is a government job.  Outsourcing it to aggressive, for-profit firms will have all manner of unintended consequences. This is only one of them. The best solution to today's controversy is for the IRS to develop its own e-filing system and give consumers the chance to avoid all the mess. And the larger solution involves the federal government thinking twice before it outsources every critical function it performs.

Last week came yet another story predicting doomsday for the Internet. Except this time, it wasn't a Digital Pearl Harbor that was coming. It was a "Katrina of the Internet."

Ordinarily, I would just shrug off such a story -- there are always two or three of these each year -- and recommend that readers do the same. After all, the Internet sky has been said to be falling many times, and yet, it never seems to happen. But this story was written by Ted Bridis at the Associated Press, whose work is beyond reproach. So I dug in, and sure enough, there is something to be worried about.

The fundamental problem, one that should ring true to many consumers, is this: On the Internet, it's far too easy for data to lie about what it is, and where it's come from.  Until the problem of such data impersonation is solved, no one can promise you that your e-mail won't one day disappear, your Internet phone calls will stop working, or your electronic commerce business might one day be brought to its knees. Just imagine if your water, electricity, heat, or gasoline were that unreliable.

"It's as if our electric grid didn't even have fences around it," said Paul Vixie, president of Internet Systems Consortium Inc., a non-profit that helps run the computers at the heart of the Internet. "This is disgraceful what we do, and what we don't do, to protect the Internet."

All this means, at a minimum, consumers should have Internet disaster plans ready, a virtual fire escape and digital smoke detector. Have backup copies of your baby pictures somewhere, and not just online; keep paper copies of banking statements for the day you can't bank online, that kind of thing. We've come to depend on the network, but we should remember that it has an Achilles heel.

The Internet is a bit of a paradox, being both incredibly fragile and incredibly resilient. Recall that we all lost a day's work seven years ago when a frustrated Philippine graduate student named Onel de Guzman released the LoveBug virus on the world.

On the other hand, despite the best efforts of every ill-meaning hacker to ever sprout pimples, the Internet has not "gone down." Sites have gone down. E-mail has been overwhelmed by spam. Web traffic has even been slowed a smidge by computer worms. But basically, the Internet has survived everything that's been thrown at it. That's a credit to its redundant, distributed design -- files are copied and backed up all over the world, and there are almost always multiple ways for data to travel. If one Internet road is cut off, there are always detours. The system has survived everything, even 9/11 and Katrina.

This resiliency is a good news/bad news story. And here's the bad news: At this point, every alarm bell that's sounded has the air of the boy who cried wolf.

But as I called around to security experts last week, the people who really watch the 1s and 0s as they fly around the globe, I could sense exasperation. Just because the big one hasn't come yet doesn't mean it won't come, I heard.

Turning the Internet against itself
Now, for the new attack. VeriSign Inc. says someone took an army of 30,000 hijacked computers and trained them on 1,500 targets earlier this year, overwhelming them with traffic. The attacked computers were helpless. And then, after a few weeks, the attacks stopped. The attacking packets were not defeated by countermeasures; the attackers simply moved on.

Such denial of service attacks are not new. But VeriSign's Ken Silva said that this new attack was much more intense than anything seen before. 

"We're trying to fire a flare here," he said. "This is a problem that is bigger than anyone is currently thinking."

Here's why: Hackers aren't using simple hijacked home computers to attack. They are turning the Internet's Domain Name Server system against itself.  The domain name server system is the Internet's addressing system. It maps ugly numeric IP addresses like 129.206.1.1 to simple names like MSNBC.com.  There are 13 root nameservers, which are essential to the proper functioning of the Internet. Verisign runs two of them.

But there are perhaps 1 million or more additional domain name servers, operated by just about every company with a network in order to speed things up.

It's these local domain servers that are being used in the attack. Criminals have figured out a way to ask one of these smaller servers a question, and by using a fake return address, get the answer sent to a different computer. That's called spoofing, but it might be thought of as data identity theft. Or, in real-world terms, it's like having a pizza delivered to a friend's house as a prank.

Criminals have trained tens of thousands of domain name servers on individual computers, flooding them with so much traffic that they are forced off the Internet. The attack is incredibly effective because traffic coming from domain name computers tends to be trusted. And it's particularly hard to filter out the attacking traffic from legitimate traffic.

For example, criminals send a question from a hijacked university computer to BigCompany.com's domain server, pretending to be Retailer.com. The responses go to Retailer.com. Repeated thousands of times, the site eventually topples over. Were the rogue traffic sent from a university computer, Retailer.com might be able to filter it out. But Retailer.com tends to believe BigCompany's domain name server, and cutting it off would tend to cut off visits from every employee in the company. Multiply that effect by a few hundred domain name servers and the Web site has a terrible choice -- either shut out half the Internet, or be overwhelmed by traffic.

Why people are really worried
Now here's what has the network operators really worried. Domain name server software is being used to dramatically amplify the size of the attacks. When a criminal sends a a certain kind of question with a fake return address to a cooperative domain name server, the answer coming out is 64 times larger than the question. That gives the attackers an incredible multiplier effect.  One computer initiating an attack like this feels like 64 computers to the target.  And the 30,000 domain name servers used in the attacks earlier this year?  They created a Internet storm that felt like 2 million computers.

"This is not childs' play out there," Silva said. "This is very serious."

The problem has actually been discussed for close to a year, said Johannes Ulrich, director of the  Internet Storm Center. It's called open recursive domain name servers, if you'd like to read up on the conversation.  These computers shouldn't just take questions from anyone -– they really only need to answer to computers on their local network. But they do. Perhaps three-quarters of all DNS servers are incorrectly set up, VeriSign's Silva said.  Hundreds of thousands of computers are ready and waiting to be used in another attack, Silva says.

Ulrich was a bit more reserved in his description of the problem's severity.  While the heart of the Internet itself -- the 13 root nameservers -- is probably not at risk, individual sites are absolutely in peril, he said.  Four years ago, attackers struck at Microsoft's domain name servers, shutting the company's Web sites down for the better part of three days.  A similar attack using this new technique could shut down large Web sites, Ulrich said. 

Those who operate domain name servers are urged to make them far less compliant to the whims of attackers.

The fundamental problem
But Vixie said this new attack was just one of dozens of methods hackers could use to threaten Web sites. There's a far more fundamental problem with the Internet, he said, one that needs to be addressed immediately -– data can readily lie about where it's come from. 

Computers are a trusting lot. They simply believe the return address they see when a request comes in.  That's how the Internet was designed, for a trusting lot of university professors.  But today, the network doesn't deserve the trust we give it. The ability to lie about return addresses enables most Internet misbehavior, in everything from this new attack to phishing e-mails that appear to come from legitimate companies. The Internet is not only anonymous, it's imposter-friendly, and that's the problem. New standards, such as a new Internet protocol called IPv6, would severely limit a computer criminal's ability to hide behind other identities. To stop the specific case raised by VeriSign would be even easier, Vixie said.  Simple changes by Internet service providers could make sure that no packet leaving their network wasn't properly addressed, with a return address known to belong to a customer -- a technique called reverse path forwarding. 

But adoption of new, safer standards has been sluggish, to put it generously. There's a reason. Without any meaningful government regulation, such changes must be made on a voluntary basis. For-profit companies just don't spend money for no reason. In the case of packet spoofing, there's no cost for an ISP to allow impersonating packets out of their network -- the cost is on the company that suffers the attack. So there's no motivation for the ISP to fix the problem, and in fact, there's economic incentive to ignore the problem.

The built-in atrophy is called an "asymmetric cost benefit" -- you're asking one company to spend money so another company saves money. Fat chance. Nothing will change until change is forced. So long as we live in a Web where anyone can hide this way, the Internet can't be trusted.   

On almost the same day as this latest Internet threat story came out, NBC News revealed that screeners at over 20 airports failed to catch bomb-making material carried on airplanes by congressional investigators. The news was followed by the usual chest-beating and claims that keeping bombs off airplanes was a top priority for airport security workers. 

It's hard to imagine, in a world where the government hasn't gotten airplane security right yet, it will take on the basic security of the Net.  And yet, if it does not, and the current state of affairs continues, we may just yet get that digital Pearl Harbor. And there will be a long list of people saying "I told you so.' 

How does someone in Moscow step up to a cash machine and withdraw money from an account holder half a world away?  Even when the debit card is still in the victim's wallet?

Last week's story about criminals withdrawing money from ATMs all around the world had many MSNBC.com readers asking how such a thing was possible. It's easy, actually, say fraud experts.  The recipe for creating counterfeit cards is right there on the Internet.

It's often called "white card" fraud. Criminals somehow get their hands on the electronic information stored on a legitimate card's magnetic stripe. Generally, it's stolen from a retailer or payment processor's database, as happened when thieves last year broke into computers at CardSystems Solutions Inc. Luckily for the criminals, CardSystems didn't store just account numbers -- it even stored customer's secret codes that were never meant to be copied on magnetic stripes. Stolen "mag stripe" data is the holy grail for card thieves. 

Then they take the stolen data and write it onto a new, blank card -- a card that's often plain white -- and they're off to the bank. 

To show me how easy it was, two executives from MagTek Inc., one of the largest makers of credit card stripe readers, visited MSNBC.com and gave a demonstration.

Within minutes, I was withdrawing money from my account using a plain white piece of plastic at an ATM. In this case, I knew the PIN code. But, as last week's story explained, resourceful criminals are finding ways to derive PINs. This was only a demonstration, mind you, so everything was on the up-and-up.

But a visit from experts is hardly necessary to get started in white card fraud.  Dan Clements, who runs CardCops.com, shared with me a magnetic card theft tutorial that's commonly found on Web sites operated by Internet criminals.  The document is surprising both in its detail and its smugness.

"You must have certain mindset," the author, identified as jedimasterC, writes. "It takes charisma. It takes charm. If you're a pimply 16 year old wearing cut offs and a sleeveless shirt, do you honestly think that someone will believe you can afford a $3,000 computer system? It's possible, if you know how to act and what to say."

More from the tutorial in a moment.

The key: getting an encoder
Andy and Paul Deignan are brothers who both work for MagTek. Both came by to show me how easily thieves can manufacture scores of counterfeit cards. MagTek sells both card readers, which are seen in stores across America, and card encoders, which very few people should ever see.  Encoders actually write information onto that mysterious piece of magnetic tape on the back of the card. Banks use them to create credit cards.  Readers cost about $100. Encoders cost between $1,500 and $2,000.

Except on eBay, where stolen or salvaged encoders can sell for as little as $500. Armed with one, someone can create credit and debit cards that work exactly like the cards produced by financial institutions.

Magnetic strips may seem mysterious, but they're not.  In fact, they are just like the magnetic tape you'll find on cassette tapes.  Card readers and encoders are very similar to the "heads" you'll find on cassette recorders, Andy Deignan tells me.

For demonstration purposes, the Deignan brothers took my debit card, dropped it in an encoder, copied the data from the back, and handed the card back to me. Then they took a piece of white plastic, a second card, inserted that into the encoder, and essentially pasted my ATM information onto the second card. The process took less than 15 seconds.

The walk to the nearest cash machine took longer. Within a minute, I had taken a white piece of plastic and withdrawn $100 from my own checking account. Obviously, with slightly different data and a PIN number, I could have taken the money from someone else's account. With a database of stolen information, I could have withdrawn money from hundreds of accounts.

'Keep the fake stuff and your real stuff separate'
In fact, as jedimasterC makes clear in his document, anyone with magnetic stripe data, blank cards and an encoder can churn out counterfeit credit cards. Anyone with a PIN can make counterfeit debit cards and start withdrawing money from anywhere in the world. That's what happened last week to thousands of consumers around the country.

We're going to omit much of the detail in jedimasterC's tutorial, but to give you a taste of how detailed it is, the author even recommends specific encoder models that would-be thieves should get.  To have a portable manufacturing operation, he tells pupils to buy a briefcase to carry the equipment in, even a cigarette lighter power inverter so they can create counterfeit cards while in the car. And he recommends an extra wallet, so criminals can "(k)eep the fake stuff and your real stuff separate."
 
Criminals demand instructions
To create fake stuff, criminals do have to fork over at least a few hundred dollars for an encoder -- a small barrier, given that many are purchased with stolen credit cards.  But there is one obstacle, the Deignan brothers say. The machines are normally castoffs from banks and retailers, so they rarely come with the appropriate cables, software and instruction manuals. 

That's when MagTek hears from the crooks.  Many are brazen enough to write to MagTek to ask for help.

In January, a writer using the name Dan asked MagTek for that kind of help.

"I have a MagTek ...and I need the documentation for it.  When I try to access this information (on MagTek's Web site) it says that I need a login/password.  Can you provide me with this or at least the documentation?" wrote Dan in early February. He even provided the model's serial number.  When MagTek looked up the unit, it found the items was originally purchased by a financial institution.  MagTek customer support then told the writer it would not provide a manual.

Dan then went on the attack.

"Are you saying that MagTek does not provide any support for resale hardware?  Isn't this illegal?... I hope that the provided statement was a mistake and you can provide me with access to the documentation I need.  Otherwise I will start legal action against MagTek," he wrote in one e-mail.

Then later on:

"I have no doubt that the corrupt government that exists will not do anything about your blatant violation of the laws in this country, I will still submit a complaint to the attorney general.  I see no disclaimer on the unit that I bought. Therefore MagTek is in violation of the law.  Of course, being a large corporation MagTek is exempt from the law," he said. "Your greed is surely destructive to any innovation."

Greed, it turns out, is a powerful motivator.  While MagTek does what it can to make things hard on potential criminals like Dan, people manage to get the software and hardware they need anyway, Clements said -- normally by buying it from each other. 

It's all about attitude
In fact, according to the tutorial shared by CardCops, creating the fake card is the easy part of magnetic stripe counterfeiting. JedimasterC spends most of his time in the tutorial explaining the attitude that's necessary to pass off a counterfeit card as real. 

White cards can only be used in situations where a person is not involved in the transaction, such as an ATM or a gas station.  Store transactions are a bit tougher, requiring plastic that actually looks authentic.  Criminals can use their own plastic and rewrite the information on the magnetic stripe (a bad idea, JedimasterC warns), or they can buy prepaid credit cards and use them as "card stock."

Either way, committing crimes in person requires a certain mindset, the author says.

"You ARE the person on your ID. This is YOUR credit card. You are buying something you saved for. It is YOUR money you are spending," he writes.  And in case something goes wrong and the card is denied -- most often, the account used to create the fake card has been called in as fraudulent -- jedimasterC has a plan.

"You will have cards declined frequently. I like to make the nice person at the register think it may be declined before I even use it. I'll say something like "Ohhh, I didn't think it was that much. I hope I have enough left to buy it! They will expect it to be declined and think nothing of it if it is."

Retailers taking extra steps
Retailers and processors have caught on to the widespread phenomenon of card counterfeiting and have made some small adjustments to their systems to combat it.  Riders of the New York City subway are now required to enter their ZIP codes when swiping bank plastic to buy Metro cards.  Many stores now force their clerks to type into payment terminals the last four digits found on the front of the plastic card, to make sure it matches the data on the magnetic stripe.  Obviously, if they don't match, the card is fraudulent. Such checking does make a counterfeit thief's life a bit harder.

But the cat-and-mouse game continues, and the criminals have a counter-measure.  JedimasterC's file includes a list of stores that do this kind of fraud checking.

Clements says the tutorial written by jedimasterC really is old news -- he's had the information for 18 months, and the file is probably quite a bit older. Retailers and credit card companies have had time to implement upgraded fraud detection, which has reduced the amount of counterfeit credit card fraud, he said.

That's why the recent spate of stories of debit card fraud have him concerned. Since no human interaction is required, and cold, hard cash is the end result, he is one of many experts who believe debit card counterfeiting will only get worse in upcoming months.

"You can easily get these machines. The software you need to encode cards can be gotten easily. With the advent of compromised PINs, these guys are off to the ATMs," he said. "Consumers and banks need to realize the bad guys have the data and plastic and can make ATM cards in minutes."

Consumers should regularly check their bank account information and report evidence of fraud to their banks immediately.  Consumers who don't report debit card fraud within 60
days may not be able to recover the stolen money. MSNBC.com has more information on consumer rights and electronic transfers available here.

What if a desperate identity thief digging through your trash found a credit card application ripped into little pieces, taped it back together, filled it out and mailed it in?  Would he get the credit card?

The answer, according to one man's experiment, is clearly yes.

Rob Cockerham is a credit card company's nightmare -- in this case, JP Morgan Chase & Co.'s nightmare.  Armed with a roll of tape, a digital camera, a blog, a lot of irritation about those unsolicited credit card offers and a rapier wit, Cockerham set out to embarrass the company's credit card division about one month ago.

It was that mountain of credit card applications, so familiar to any adult American with a wallet, that drove Cockerham to perform his experiment.

"I get a heck of a lot of credit card applications in the mail," he writes.  "I almost always tear them in half and throw them away. Sometimes, if I am feeling particularly paranoid, I'll tear them into little bitty pieces." But, he wonders in the blog, "Is that good enough?"

So he mimicked the steps an ID thief might take. He performed reconstructive surgery on a Chase MasterCard credit card application with Scotch tape. For good measure, he changed the address on the application, to see if Chase would mail the card directly to an identity thief.  And he used his cell phone number, much like a criminal would.  He documented it all, mailed it all in and wondered what would happen.

The answer -- and the punch line -- wasn't long in arriving.  Cockerham's card was mailed to the new address, his father's house, on March 4, less than a month after the tattered application had been sent in.

"I still can't believe it came," Cockerham told MSNBC.com.  "Crazy."

The saga is documented on Cockerham's Web site, cockeyed.com, under the heading "The Torn-Up Credit Card Application."

In his blog, Cockerham pulls few punches. At one point, he points to a Chase Web site on ID theft, where the company recommends that consumers "tear up" financial solicitations before throwing them away, "so thieves can't use them to assume your identity.

In honor of Cockerham's humor, this column is being renamed the Red Scotch Tape Chronicles for a day.

Situation called an 'Internet prank'
Chase spokesman Paul Hartwick called Cockerham's Web site an "Internet prank." The company, he said, takes fraud detection seriously and employs 1,000 people to "protect our customers."

Applications that arrive in damaged form are customarily transferred to an electronic format, he said -- often by machine. So it's possible a human being never handled the taped-up application and never had the chance to spot the obvious sign of trouble.  He refused to discuss Cockerham's application specifically, citing privacy concerns. But he said in general that an application that was filled out with a former address and a phone number that may at some time have been connected to the individual applying would likely pass a fraud test and be approved.  The obvious implication is that Cockerham's father's address and Cockerham's cell phone number might have been in Chase's system somewhere, or at least in the database Chase used to verify the application.

"We have sophisticated systems in place to protect our customers, and to offer credit to customers who are creditworthy," he said. When asked if Cockerham should have received the credit card, given the state of the application, he answered, "Yes."

(For the complete text of Chase's response to the Web site, see the bottom of this blog).

That answer seems hard to believe.  It is believable that a machine might have automatically re-entered Cockerham's application, so no human being was involved who might have noticed the tape.  But that explanation hardly inspires confidence in the system. Neither did an incident in December, when Chase issued a Visa credit card in the name "Never Waste Trees" to another prankster. 

On the other hand, Chase is a bit unlucky that it was targeted by Cockerham's comic wrath.  It's hardly the only company that has issued credit cards in embarrassing fashion. For years, underaged children and pets have been getting credit cards.  But zero percent balance transfers aren't limited to domesticated animals.  Even Alan Greenspan once testified before the U.S. Senate Banking Committee that "dogs, cats, and moose are getting credit cards."  That was six years ago.

Not much has changed since, other than about 25 million people have become victims of identity theft, according to the Federal Trade Commission.

It's time to face the facts
Clearly, some credit card applications are hardly screened for fraud.

Card issuers will respond with a card to any application that comes back with any signs of life -- and they'll deal with fraud later. That's how the credit industry works.

A certain number of high-risk applications will turn out to be fraudulent, but many won't, the thinking goes.  And the banks can afford to play those percentages. To them, identity theft is just a cost of doing business, another line item like paper and postage and electricity.  If there's a person behind that hastily approved application who must deal with credit report black marks, well, so be it. 

The mind-set appears entrenched.  Cockerham said he got an anonymous e-mail in response to his blog from a credit card industry worker with a confession: His employer tells him to approve literally everything -- even applications that come in with the words "stop sending me these."  The issuer figures the consumers might change their minds once they have their hands on the plastic, Cockerham relayed from the e-mail.

Don't think the ripped-up application scenario is far-fetched.  While I was researching the book "Your Evil Twin: Behind the Identity Theft Epidemic," many police officers in the western half of the United States told me there is a tight connection between identity theft and methamphetamine addiction.  Meth addicts, who can stay awake for 30 hours or more, have been known to obsessively stitch together shredded documents to commit crimes.

For years, I've been quoting experts who say banks don't do a very good job verifying credit card applications.  They often don't even check to see if basic information like birthday or street address is correct.

So each of those 5 billion pre-approved applications that carpet bomb American consumers every year is an identity theft ticking time bomb. Cockerham drives this point home with a sledgehammer.  An application stitched together with Scotch tape?  With a cell phone listed under phone number, and a change-of-address request?

At a time when ID thieves are unrelenting, when thousands of consumers around the country are reporting thousands of dollars mysteriously missing from their bank accounts, withdrawn via the magic plastic from places like Russia and Canada -- this is no time for banks like Chase to approve credit card applications that have been taped together.  What more proof is necessary that the system is broken?

What needs to happen
It is time for Congress to take another look at this industry.  In 2003, the Fair and Accurate Credit Transaction Act was passed. In it were new requirements for credit issuers meant to protect consumers from this kind of thing.  Obviously, the rules aren't working. 

It's time credit card companies were told to stop slinging 5 billion credit card applications around the country every year.

But don't hold your breath. Consumer advocates have pushed for such moderate safety measures for decades with hardly a budge from Congress or the industry.  Back in the 1960s, the industry used to skip the application process altogether and mail unsolicited live credit cards to consumers, which led to an enormous crime wave. It took the better part of the decade, and an act of Congress, just to stop that practice.  Pre-approved credit card applications, which are one teeny-weeny step away from that, soon replaced the mailing of unsolicited credit cards. We've been dealing with the junk mail and the theft ever since. And we will be for some time.

So for now, Cockerham has this advice for consumers who are equally frustrated by pre-approved credit card offers.  Tearing them up, it seems, isn't good enough.

"You should probably buy a shredder today," he said.

A consumer can also call 1-888-5OPT-OUT to get off the specialized marketing lists credit bureaus give to credit card companies, or you can visit www.optoutprescreen.com and fill out the forms there to accomplish the same thing.   In about six weeks, most of the applications will disappear. But be warned, you will be asked to supply your Social Security number.  There's no other way to get off the lists.

Chase statement on Cockerham's Web site, delivered via e-mail from Paul Hartwick
Chase Card Services/Business Affairs:

"When Chase receives an application for credit, we are legally obligated to appropriately handle it. In rare instances, we receive torn or otherwise blemished applications. Still, we analyze each application by checking it for complete, accurate and critical information and conducting a series of credit and fraud reviews. If the application passes those reviews, we will issue a card to the applicant.

"Although this particular incident clearly is an Internet prank, Chase takes these matters extremely seriously and always seeks to improve its processes to serve and protect our card members. Chase is actively involved in fraud protection. We use sophisticated systems to monitor and detect fraudulent activity and employ over 1,000 people dedicated to protecting our customers. In addition, consumers are protected under MasterCard and Visa's zero liability policy and are not liable for any unauthorized purchases made with their cards."

Here's a novel method for raising fees without actually raising fees -- stop issuing refunds.  That's what eBay did to some of its sellers recently. 

Raising fees is an annual rite of spring for the mammoth online auction marketplace.  Since eBay is really the only game in town for sellers who want the best price, eBay faces few real limitations to price hikes -- normal market forces don't apply. Even last year, when an online protest was sparked by fee increases of 50 percent in some areas, eBay weathered the storm with little damage.

Emboldened by that experience, eBay once again announced it would be plucking extra nickels and dimes from sellers in January.  Some of those price hikes were revealed in an announcement in January.

Other increases were, let's say, more subtle.

First, a bit of background.

For those unfamiliar with eBay fees, they are complex and cumbersome. eBay gets a cut of all items sold on the site  -- multiple cuts, actually.  In the simplest eBay transaction, the seller pays once when an item is listed on the site (an insertion fee), and then a second time when the item is sold.  Both fees are a percentage of the item's value. Sellers also pay a cornucopia of other fees -- for picture management, for placement, for running an eBay store, for accepting PayPal payments. That makes it hard to peg an overall rate for eBay's annual fee increase -– in the same way that it's often hard to know how much an airline has raised ticket prices.

While the sellers pay the fees, increases obviously impact buyers, too, who indirectly face higher prices as sellers recoup their costs.

A surprise $1.20 increase
Now, for that new, not-so-improved refund policy. For years, eBay would issue refunds to sellers who dropped the price of an item after it was listed. Not any more.  And to make matters worse, this "no-more-refunds" fee increase was not part of the fee increase announcement eBay made in January. In some cases, the increase is a stiff 50 percent.

Here's an example: A seller lists a pair of boots with an initial starting price of $55, and pays $2.40 as an insertion fee.   But let's say soon after the boots are listed, another seller puts up several similar pairs with a starting price of $40. Naturally, the initial seller gets few bids and then lowers the initial price to $45.

The listing fee for a $45 item is $1.20 -- half the $2.40 fee for a $55 item. Until now, the seller who changed the price would get a refund of $1.20.  Not now.

Again, this end of the refund policy is nowhere to be found in eBay's fee increase announcement. Only an eagle-eyed reader of eBay's help pages would spot a clue suggesting the change.  On a page titled "Revising Your Listing," eBay has added several parenthetical expressions hinting at it. In a section explaining how to revise the price of an item, there's this new phrase: "(You will not receive credit for the difference in your insertion fees.)"

Seller: Price revisions are necessary
Eli, an Israeli who sells jewelry on eBay, said he changes his prices constantly because the marketplace is so "dynamic."  Last week, he was shocked to notice dozens of fee refunds missing from his account. He asked for anonymity because he makes his living by selling on eBay, and he fears reprisals from the company if he speaks publicly against it.

"This is one of those things they just kind of slip in," he said. "This change is fishy. It looks like they are trying to hide it.  We found it out for ourselves without any announcement about it."

Eli says he is one of many merchants who often revise prices on whole inventories of items -– and those $1.20 fees can add up quickly.  In fact, on March 1, eBay released a new software tool that makes batch price revisions easy -- up to 200 items at a time. Eli thinks that's no coincidence.  eBay does take additional fees for items that are revised upward. And remember, now, the site loses nothing if prices are revised downward.

eBay: Necessary for a fair market
eBay spokeswoman Catherine England said the change is consistent with its user agreement terms. It was posted on its revised listing page more than 14 days before the change was enacted on Feb. 22.  She also said the change was not designed to raise revenue, but rather to make eBay's auctions more fair.

"The spirit behind this is it's about ensuring that the marketplace is a level playing field. We don't want people to manipulate their starting prices," England said.  Sellers are encouraged not to change their initial price by the change, she said.  "It's about the health of the marketplace."

She also said such revision fees aren't common and didn't think the change would impact many users.

"In the land of eBay I don't think they are a significant concern for our community," she said.  "Most people are pretty thoughtful about their starting price."

But eBay watchdog Rosalinda Baldwin, who runs The Auction Guild newsletter, said she was particularly disturbed that the end-of-refund change didn't end up on eBay's fee increase press release. 

As for why, she has her suspicions.

"(I) wonder if this fee increase ... was even too sleazy for eBay to mention in public, or if eBay felt they could slip it in without anyone noticing," she said.

One can see why Baldwin is wondering. Clearly, eBay's massive fee structure makes notification for all changes a bit cumbersome. The fee announcement from January is already complex.  But that's no reason to not spell out each and every change that leads to nickels and dimes flying from a consumer's pocket into eBay's coffers.

Perhaps the revision change is minimal. While Eli was spitting mad, he did say the change so far has only cost him about $10 a week.  Still, eBay has a privileged position as the Internet's 800-pound gorilla market. Adding a parenthetical expression to a terms of service page is no way to announce a fee increase -– even one that might be euphemized as an end-of-a-refund plan.

Like millions of people in America last September, Sonny Wasilowski was riveted by the real-life drama of JetBlue Flight 292. The plane's landing gear was stuck, and as pilots prepared for an emergency landing at Los Angeles International Airport, television stations trained their cameras on the potentially doomed flight.

But as the plane circled LAX to burn off fuel, Wasiloski had no idea what was happening. All he saw was the same picture of an airplane floating against the darkening night sky. Like many watchers, Wasiloski had tuned into the unfolding drama at work and was watching news video coverage on his computer, over the Internet.  But the video he watched online was essentially useless to him.

Wasilowski is deaf. 

As TV news anchors tracked the plane's every move on Dec. 10, closed captioning information let deaf viewers at home know what was happening.  But there were no captions on any of the online video news services Wasilowski watched. With only the rarest of exceptions, captions never follow video online.

That made video of the JetBlue plane -– and nearly all Internet videos -- useless to Wasilowski and millions of Americans who are deaf or hard of hearing. As Flight 210 hit the runway in a shower of sparks and burning rubber, Wasilowski could only guess what was really happening.

"Without captions, I can only understand so much," says Wasilowski.

There are 28 million deaf and hard-of-hearing people in the United States, according to the National Association of the Deaf.  There are virtually no Internet videos with closed captioning information.  The top online news video providers -- including MSNBC.com and CNN.com -- currently don't provide captions. 

Given the explosive increase in online video viewing during the past 24 months, the situation has become dire, says Jamie Berke, a deaf advocate and the About.com Internet guide for the deaf community.

"The deaf and hard of hearing community is afraid of being left out of this next generation of media," she said in an e-mail to MSNBC.com. "A whole new world of internet media is rapidly developing, and deaf and hard of hearing people are being left out. It is like when television first began."

No time to enjoy victory on TV captions
The irony for the deaf community is this: Only recently was it able to claim victory in its decades-long battle to require closed captions on over-the-air television broadcasts.  While many stations have included the real-time text captions for years, FCC regulations requiring captions on TV were phased in -- and only this January became compulsory for all English broadcasts.

The importance of accessible media can hardly be overstated. In fact, there are situations where lack of captions on news and information video can create a life-or-death crisis.

In July 2004, Connie Anderson, a deaf employee in Nevada's state Medicaid office, was watching news coverage of the Carson City, Nev., wildfires from her home.  She knew she was close to the southern portion of the fire.  At one point, the channel she was watching flashed up the message: "Mandatory Evacuation Areas" on the screen. But the areas were described by the anchors and not displayed -- and the program was not captioned.

"It was impossible for me to know which areas were being evacuated," she wrote in an e-mail interview. "What a horrible time this was for me.  I'm a competent, educated, professional woman –- and felt completely helpless and cut off from the flow of information that was readily available to others."

That's why the lack of captions on Internet news services is the most frequent complaint in the deaf community, Berke says. Both CNN.com and MSNBC.com officials said they were investigating the technology required to add captions.

"The possibility of closed captioning for video is currently being evaluated by MSNBC.com's technology team," said MSNBC.com's Anne Keegan.

CNN.com's Jennifer Martin said the Web site is hoping for improved technologies before jumping into online captioning.

"We have been actively looking into closed captioning for our video resources," Martin said. "We have not yet made an investment, and before we do would like to see closed captioning technologies more robust for online, live video."

Campaign under way
In recent months, the deaf community online has begun a vocal campaign to insist on captioning. Berke now runs an advocacy Web site called Captions.org.  Wasilowski, a deaf activist, hosts a blog on the topic. And the student newspaper at Gallaudet University, which caters to hard-of-hearing and deaf students, recently editorialized on the topic. 

At first blush, it might seem the marriage of interactive text and video is perfect for the online experience.  Video transcripts are seen as an essential element of one of the Internet's next great things, searchable video archives. Google, among others, is said to be working on such a tool.

Several software packages have also been designed to include captions in the leading video players, including Microsoft's Media Player (Synchronized Accessible Media Interchange), RealNetworks' RealPlayer (RealText) and Apple's QuickTime (Text Track). (Microsoft is a partner with NBC Universal in MSNBC.com)

Meanwhile, online video captions would benefit others outside the deaf and hard-of-hearing community. Those who wanted to watch videos in places where sound was not permitted -- perhaps in an office -- would find captions useful.  So would those who speak English as a second language.

And with television content that's simply repurposed online, presumably all of it already has been transcribed for broadcast.  Taking those already-existing captions and putting them online sounds easy enough.

But it's not.  For one, there is a debate about who owns the caption text prepared for broadcast, says Stephen Brand, who runs a Web captioning company named Speche Communications.   And sites like MSNBC.com don't simply have a single stream of video to worry about, as a television station does.  At any given time, users can watch thousands of videos, many coming from multiple sources.  Preparing and maintaining captions for all of them is a serious technological hurdle.

"The pieces on the Web are cut up in so many ways" for broadcasters that publish online, said Jennifer G. Sagalyn, director of partnerships at the WGBH/National Center for Accessible Media.  "It's not a mirror of what's broadcast."

There's also the problem of timing. While vastly improved, streaming video online is still a bit unpredictable. Required buffer times vary wildly, and there are still occasional fits and starts.  If caption text is sent separately, timing it with unpredictable video could be tricky.

But perhaps the biggest hurdle is the speed at which video technology has suddenly been adopted by Internet users.  Even five years ago, online video was still a luxury for at-work users with understanding bosses and the lucky few with reliable high-bandwidth connections.  But last year, broadband users began to outnumber dial-up users, and video usage has followed suit. Apple's iPod video player, and video sharing sites like YouTube, have also helped push a surge in video -- one that has in some ways outpaced Web captioning technology.

"We know the access piece wasn't exactly hatched yet," said Mary Watkins, outreach director at WGBH. "There aren't any bad guys here."

'We will get only crumbs'
Federal laws requiring accessibility haven't been able to keep up, either. The Telecommunications Act of 1996 is silent on the issue of closed captions for Internet video.

Federal law does require government agencies -- or any agency that's supported by federal money -- to provide text alternatives any time audio and visual content is created for meetings such as legislative sessions. But private firms like Web media companies are not bound by such rules.

Given the headaches involved, many believe captioning won't happen until it's required by federal regulators. And therein lies another hurdle. While the Federal Communications Commission has clear authority to regulate television broadcasts, and the ability to pull the license of any station that doesn't comply with its rules, there is no such similar regulatory body that can force Internet companies to add captions.

"Our only hope is that Congress updates the Telecommunications Act of 1996 to make captioning on the Internet mandatory, too," Berke said. "If we are forced to rely on voluntary (participation) we will get only crumbs."

Emerging technologies
Others say there is some hope in emerging technologies.  Several companies are hard at work making tools to ease the migration of captions from television to the Internet.  Boston's WGBH, which was instrumental in the creation of TV caption technology during the 1970s, has created a Web video software tool called CaptionKeeper.   It grabs the text captions broadcast on television's so-called "Line 21" and digitally attaches them to streaming video for Webcasts. Other tools make it easier to marry after-the-fact transcripts -- which many television shows independently produce -- and video via timestamps.  For live streaming video situations, like the JetBlue crash landing, Brand's Speche Communications provides tools that make it easy for typists sitting anywhere in the world to create captions for videos on-the-fly.  Other tools, such as IBM's CaptionMeNow, perform instant speech-to-text translations to provide captions.

Most promising of all, perhaps, will be the demand from all consumers to search for videos using keywords.  Creation of such next-generation search wizardry will require text transcriptions of videos; closed captions should  be able to go along for the ride. Already, video search engines are surging in popularity, with a 500 percent jump in visitors from last February to this February, according to LeeAnn Prescott, a research analyst at Hitwise USA Inc.

Watkins is hopeful that new video search engines will drive the push toward more accessible online video.

But for all that optimism, right now, America's 28 million deaf and hard-of-hearing residents are left behind in the fastest-growing segment of the world's most powerful communication tool. For people like Darcy Cooper, a deaf Webmaster at Tyler Technologies in Renton, Wash., Internet video might as well not exist.

"As far as online videos ... I would not even watch unless captioning were provided," she says. "Who would waste time watching something without being able to hear what they are saying?"

For those interested in finding the few videos that are captioned online, a search tool can be found at Harkle.com.

NOTE: An earlier version of this story incorrectly identified the JetBlue flight number and destination.