How can the FBI be sure that vets are out of the woods? After two months of fretting, will all 26.5 million veterans believe their data -- missing for two months -- never fell into the wrong hands?

By now you've probably heard that the Veterans Administration on Thursday announced it had found our country's most famous lost laptop computer. When combined with a companion portable hard drive, the missing hardware stored more than 26 million Social Security numbers and caused about two months worth of embarrassment for the federal government. But the prodigal hardware made its way to the FBI's Baltimore office on Wednesday. And that wasn't the only good news. Forensics tests produced the best possible results; the data had not been accessed, the FBI said.

For two months, veterans and current GIs were told be extra vigilant about their credit reports. Now, are we to believe it was all just a false alarm? Are vets to believe their data is safe and sound? How can FBI computer forensics experts really be sure no one copied the data?

To answer that, I asked talked with Scott Larson, who spent 13 years as supervisor of the Computer Intrusion Squad at the FBI's Washington, D.C field office. Now, he's a consultant with computer security analyst firm Stroz Friedberg.

The FBI has yet to release extensive details about its forensic work in this case, but the process is always the same. Larson said that with proper tests, the agency could be close to 100 percent certain the vets' data was safe. But he did leave the door open for a possible high-tech data heist that even the FBI couldn't detect.

Take an image
When the wayward hardware returned, Larson said, the agency would immediately take an "image" or a copy of the hard drives involved. That would allow agents to examine the data on the drive without actually touching the original. Agents would then start looking in secret places for digital footprints.

"In the system registry there is some information that is stored that normally users can't get access to," he said.

For example: Agents would discover the last time the laptop was "booted," or turned on. They'd also examine the metadata connected to the database containing the personal information. That would tell agents the created date, modified date, and last access date for the file. If all those dates predate the last time the computer was in the VA's possession, that's a good sign.

But it's not proof the information is safe. A clever criminal could alter the computer's clock to foil a simple time stamp check. So agents also would need to look for evidence of any attempts to change the computer's clock.

System logs also would indicate whether the data had been copied to an external USB drive, or written to a CD or DVD.

The experts also would look for signs that the file had been moved, or log files had been removed, by examining parts of the hard drive where deleted files are stored, which is known as "unallocated space."

But what if...?
If the laptop and the hard drive passed all those tests, it would be likely that the common house burglar suspected of taking the laptop hadn't accessed the files. But it's not possible to say that a very crafty criminal didn't; perhaps someone who might have purchased the stolen equipment. After all, for two months we've all been discussing how valuable the data on that laptop is.

"It would be a very sophisticated crime," Larson said of that possibility. "They could use the same tools that FBI used to copy the hard drive, and the FBI would never know."

When applying his "gumshoe" logic, however, Larson said he thought that was highly unlikely.

"The investigator in me says 'no.' Somebody would have to go to great lengths to return it, a lot of trouble," he said. He thought such a criminal would be much more likely to destroy the hardware then leave open the possibility it could get back into the FBI's hands.

A true conspiracy theorist might conjure up this scenario: A smart criminal would realize the data would be more valuable if the victims believed that data was safe, as they'd be less vigilant. So returning the laptop would buy identity thieves extra time to turn the stolen information into money.

But that is fairly far-fetched. After all, such criminals have already had two months to print up fake driving licenses and credit cards. What would another few weeks get them?

"I'm close to 100 percent confident," that the data hasn't been accessed, "given the FBI's clean bill of health," Larson said.

But that's not 100 percent, meaning vets who've received letters of warning from the Veterans Administration would be smart to continue their vigilance about the credit reports for some time.

Today we are introducing a new monthly feature that I hope you'll find fun and educational – Truth in Advertising. I also hope you will participate and write in suggested topics. To get things started, here's this month's winner, concerning home loan offers that sound too good to be true. 

"Have you ever heard of a mortgage rate of 1 ¼ percent? Yes, 1 ¼ percent!," the radio ads blare, crowding out box scores and trade talk on a very popular New York-based sports radio station. "An unheard of rate so low, you cannot imagine."

This advertisement seems the mark of great imagination.  Here's more of one version of the ad, as supplied to MSNBC.com by the lender, Hall of Fame Funding.

"Hall of Fame Funding, one of the leading mortgage lenders in the tri-state area, has just secured funding for a special 30-year program …a 30-year rate starting at an unbelievable 1 ¼ percent. With an A.P.R. of …."  The prevailing rate is then inserted by the anchor; for an adjustable rate loan, it would be closer to 6 percent.

But in each ad, the "1 1/4 percent" rate is repeated several times. In some cases, the ads are taped spots. In others, the well-known sports anchors read the ads Paul Harvey-style, lending them an air of credibility.

"Could this be true?" I thought to myself when I first heard the ad. Is there such a loan as a 1.25 percent mortgage? During a time of rising interest rates, everyone is looking for an edge.  Perhaps Hall of Fame Funding has, as its advertising suggests, found some special money magic.

If there is such a low-cost loan, applying would be a no-brainer. I could load up on the cheap money, then buy myself some bank certificates of deposit at around 5 percent. My resignation would soon follow. Alas, as you can tell, I haven't quit my job yet. There is a catch. Listen closely, and you might hear that key word "starting." And you'll also hear the real interest rate, but you'll only hear it once. 

So it's hard to ignore the repeated reference to a 1.25 percent loan. I decided to investigate. 

What Eric told me

I called Hall of Fame to learn more. An operator named Eric took my call. He was encouraging.

"It's pretty sophisticated," he said. "You have to have a great credit score." But don't worry, he added, people who have scores in the 700s "can get away with murder."

I told him I was considering a $500,000 loan, like the one that the radio ads said I could get from Hall of Fame with payments of less than $2,000 a month. With a traditional mortgage, my payment on a loan like that would be $3,284, Eric explained. But he could sell me a $500,000 loan with payments at $1,786 -- a savings of 50 percent!

"I have this product myself," he assured me. "My payments were $4,100. They shot down to $2,100."

Using this loan I would save almost $100,000 during my first five years, and then I could afford a house in the overpriced New York City area, he told me.

But I was worried about this very interest low rate. "Is it really 1.25 percent that whole time?" I asked.

Almost, Eric said. He explained that the payments rise 7.5 percent each year, creeping up from about $1,800 to about $2,500 by year five. That's still a lot less than the $3,400 I could expect to pay with a traditional mortgage, Eric said.

"But what about the sixth year?" I asked.

"Hold on, Bob, I have another call," Eric said.

For a while, there was silence. Then, Eric got back on the phone and told me how likely it was that I'd refinance my mortgage before year six. Or that I'd move. And he reminded me that I would have saved $100,000 by then. He told me about a friend who bought a house two years ago for $430,000 that's now worth $730,000. Then he told me he couldn't calculate a payment because he didn't know what the interest rate would be in six years.

Humor me, I said. Let's say rates are flat. He still hemmed and hawed.

Finally, Eric said the payments in the sixth year would be about $3,600.

But that's hardly the worst of it. After a series of additional questions, Eric told me that as time went by, the actual balance on my mortgage would increase -- not decrease as it normally would -- after each payment. 

Let me explain. During those heady first five years of easy loan payments, I'd be borrowing money from my home to keep those low payments that appear to be based on 1.25 percent interest. It's a process called negative amortization, a phrase that was as hard for Eric to say as it was for The Fonz to say "I'm sorry" on "Happy Days." In fact, he didn't say it. He simply did the telephone equivalent of nodding after I did.

Thanks to the negative amortization loan, I would actually own less of the home after five years than I did the day I bought it.

"Well, you figure something's got to give," Eric said. 

Claims explained

What's going on here? I turned to an expert for an explanation.

Jack Guttentag is professor emeritus at The Wharton School of Business and runs the "Mortgage Professor" Web site. No one should shop for a home loan without visiting MTGProfessor.com.

Guttentag broke down Hall of Fame's claims for me. First, he explained that Hall of Fame Funding is hardly unique.  He said he regularly receives e-mails from consumers bragging that they're paying miniscule interest rates like 1.25 percent for the first five years of their new mortgage.

Well, not quite. Think credit card teaser interest rates, only much worse. Homeowners with loans like these pay a minimum payment and the amount of their loans keeps growing, as with credit card revolving debt. There never really is a time when the consumer is spending only 1.25 percent interest to borrow the money.  Rather, to make the payment "feel" like a 1.25 percent loan, the lender tacks on the added interest to the loan balance, a process called "capitalizing interest."

Here's the critical distinction to watch for: The 1.25 percent quoted in the ad is really the "payment rate," not the interest rate. In other words, it's the amount required by a calculator to keep your payments at that artificially low level. The difference is tacked onto the "back" of the loan, meaning after I start making payments, my $500,000 loan starts an upward climb.

That climb is capped at $550,000, Eric explained. But that's bad news, too. The moment the cap is reached, the monthly payment is immediately "recast." So I could face that $3,600 a month payment – or more -- sooner than five years in the future.

Guttentag had choice words for such mortgages.

"They are a nasty instrument," he said. "So complex that very few people really understand how (they) work."

Hall of Fame's 1.25 percent mortgage is not the cheapest teaser rate you'll find, by the way. A year ago, MSNBC.com wrote about the growth of exotic interest-only and negative amortization loans, and found one company selling something called 'The Stress-Free Mortgage" at 0.99 percent.

Guttentag called any ad that hawks a mortgage interest rate purporting to be this low "egregious." The industry calls these loans "pay-option ARMs." And as the days of rock-bottom mortgage rates fade into history, you'll probably continue to see ads across all media promoting mortgages with impossible interest rates like this.

Targeting jocks

So how can a company call a 6 percent mortgage a 1.25 percent mortgage? Aren't there laws against false advertising, and laws that mandate truth in lending?

There are. But even if a regulatory agency decided the ads were deceptive, mortgage brokers and mortgage bankers fall between the regulatory cracks, allowing them to walk very close to the legal edge. Federal banking regulators like the Federal Reserve or the Office of the Comptroller of the Currency don't have jurisdiction over mortgage bankers and brokers. Instead, state banking supervisors do.

In the case of Hall of Fame Funding, that would be the New York State Banking Department. Agency spokeswoman Elizabeth Billet pointed me to the federal Truth in Lending Act, which requires lenders to state the annual percentage rate when describing loan interest rates. What's unclear from the act is this: Is it within the law to mention one rate multiple times (in this case, 1.25 percent), and mention the true rate – the annual percentage rate – once?

My next step was to call back Hall of Fame Funding and ask what the company thought of all this.  When I called, I was eventually passed to the company's president, Dan LaRosa. The Hall of Fame Funding name was actually created to attract sports fans, he said. Initially, the company tried a cable television campaign with former New York Giants great Lawrence Taylor. That didn't work well. But the sports radio ads have been very successful, he said.

"We've gotten a lot of hits," he said. "We are able to help people."

LaRosa said the 1.25 percent mortgage "affords certain people the ability to move into something that they can afford the payments on," and works for people who may be moving in a year or two. Eric, LaRosa's employee, had earlier told me there was a prepayment penalty for paying off the loan within three years, but LaRosa said that wasn't always the case.

He also said borrowers pay 1.25 percent interest on the money during the first five years, with only fractional increases once per year.

Strictly speaking, that's true. But also strictly speaking, consumers are paying much higher interest rates for the money along the way -- they are simply paying with debt rather than paying with cash.

When I asked LaRosa if his ads were deceptive, he said he wouldn't answer any more questions over the phone. He asked me to e-mail questions to him. I did. Then his lawyer wrote to me.

'Not one consumer expressed confusion'

"The ad was not deceptive," said attorney Howard Newman in an e-mail. "I am informed by my client that other than your inquiry, not one consumer has expressed confusion or alarm upon responding to the said ad and conferring with a loan counselor."

Newman went on to make the point that the ad clearly states a "30-year rate starting at an unbelievable 1 1/4 percent – stressing the word "starting" -- and that the annual percentage rate is revealed soon after.

"Quite clearly, this was disclosed as an adjustable rate mortgage," he said. "Otherwise, the language 'starting at' would have been inappropriate and misplaced." Consumers can also choose to make more than the minimum payment each month, which would prevent the loan from negatively amortizing, he said.

In an interview, he defended use of the payment rate in advertisements, saying that the primary concern of most consumers is the amount of their monthly payment.

He did concede that the 1.25 percent mortgage is "a complicated loan product," difficult to fully explain in a 15 second ad. But such low-interest loans with teaser rates are popular with consumers, who are more sophisticated than many believe, he said.  And before they sign for a loan, consumers receive a variable rate program disclosure and a payment schedule explaining what really happens to their money. 

"You'd be hard pressed to find a consumer who understood (the ad to be an offer of ) a 30-year fixed rate at 1.25 percent," he said.

Regulator: 'It could be more clear'

Armed with a copy of the radio advertisement provided by Newman, I went back to the New York State Banking Department. After reviewing it, the agency contacted Hall of Fame Funding and said the advertisement needed clarification.

"It's not illegal," said Billet, the spokeswoman. "But it could be more clear." She pointed out that in the ad, Hall of Fame mentions a 1.25 percent rate twice before adding in the qualifier "starting at 1.25 percent." Billet said the agency has "instructed" the company to make changes to the ad.

But how can this company spend three months claiming to sell a 1.25 percent mortgage on the radio without stating just as often that the real interest rate -- the annual percentage rate -- is much higher?

Oh yeah? Make me!

The answer is a question: Who's going to make them?

The New York State Banking Department can -- and does - investigate consumer complaints. But it has no authority to prosecute. Instead, when the agency finds egregious cases or gets a flood of complaints, it must take a number at the New York attorney general's office and ask Elliot Spitzer to prosecute. Of course, only the choicest, noisiest cases rise to that level.

The Federal Trade Commission also can enforce Truth in Lending Act rules or truth in advertising rules through civil cases, but resource constraints mean it only targets regional mortgage brokers and bankers that are generating a lot of complaints, said Mary Engle, associate director of the Division of Advertising Practices.

Truth in Lending rules can be found in Regulation Z, written by the Federal Reserve Board as an extension of the Truth in Lending Act. Sadly, they are rarely enforced against mortgage brokers, says John Burnett, editor of BankersOnline.com.

"The only people who are effectively, proactively monitored for compliance are banks and other financial institutions because they have a regular regulator who comes in and looks," he said. As a result, "There are advertising requirements (mortgage brokers) are ignoring."

So that leaves it to you.

Of course, you can vote with your wallet and simply ignore ads that sound too good to be true. Better still, New Yorkers who believe a banking-related advertisement is deceptive can report the company by calling 1-877-BANKNYS. Those in other states can look up their state banking supervisor on the Internet, or fill out a complaint at FTC.gov. And of course, you can also complain to the media outfit that ran the advertisement.

And finally, you can complain to me. Truth in Advertisements will be a regular feature on the Red Tape Chronicles, and I'm taking submissions for July's entry and beyond.

Send in your nominations. I'll try to chase down the truth of the matter, and I'll also ask: Isn't someone responsible for enforcing truth in advertising rules?

Of course, I'll have to keep the topics interesting to a national audience, so I will avoid advertisements that are purely local. But something tells me I won't be lacking for material.

Now it's your turn to have the last word.  Either post your candidates below, or write them to me privately at BobSullivan@feedback.msnbc.com

Google video, YouTube and other online video sites host violent clips of children lighting themselves on fire and doing other dangerous, stupid things. MySpace is loaded with provocative photos of children and has become a playground for pedophiles. I think all these companies should be doing more to protect children, and I said so in two columns this week. Hundreds of readers have chastised me, saying that parents -- not companies -- are responsible for keeping their kids safe.

They're right. And I'm right.

We live in a world of black-and-white, this-or-that, dualistic conversations, and I think that causes more harm than good. Both parents and corporations can be held responsible for what's going on here. While I agree with almost every comment readers made urging greater parental responsibility and personal responsibility to deal with these problems, these are not mutually exclusive with corporate responsibility.

I run into this personal accountability deflection tactic often when I write about the unseemly ways of credit card companies. Predatory lending practices helped push 2 million Americans into personal bankruptcy last year, an outrageous number that is far higher than any other developed nation. Thanks to industry marketing and tradition, many non-debtors react to this devastating truth by saying something like, "No one holds a gun to their heads to buy new clothes with a credit card." Credit card companies just provide a service; and if people overspend, it's their fault, they argue.

And that's true. But there is an additional truth. Some companies purposefully pump more credit at people as their credit file shows high debt. Low-credit-score customers pay higher interest rates, so they're valuable, if risky, customers. Others lenders market heavily to college students, knowing the default rate will be high. These credit card companies share the blame for the bankruptcy problem. Blaming them is not the same as exonerating the students or the high-debt consumers.

The tobacco companies tried this technique too: "We don't force people to smoke, we just make the cigarettes." We know how that went.

Plenty of blame

As is almost always the case, there is plenty of blame to go around. Blame for people, blame for companies.

And so it is with online safety. You have to wonder where parents are when children are sticking fireworks in their behinds and lighting them. You have to wonder where parents are when a child buys a plane ticket to fly half-way across the world to see a man she met on MySpace.

But that doesn't exonerate Google, MySpace or any other Internet firm for the role it may have played in helping those things happen. These companies know this. None of them argues with absolutes; none of them says that anything goes on their sites, that total Internet freedom is a good thing. They have filters; they have people who remove illegal material and potentially dangerous material. None of them has any desire to be a part of a child getting hurt.

But when predictable bad things happen on your property, you are partly to blame. You don't get to build a rickety playground on your property, invite children in and then wipe your hands clean if the swing breaks and a child gets hurt -- even if you put up a sign that says "Play at your own risk."

It's clear from content easily discoverable on these Web sites that each needs to do more to keep kids safe. And so do parents. And so do kids. Now is not a time for absolute arguments on any side of this.

Five-step approach

Online child safety expert Parry Aftab likes to say attacking this problem actually requires a five-pronged approach:

1) Companies like MySpace have to know what they're really getting into when they open their doors to kids. They need mature risk-management plans and compliance strategies, and they need to know the kind of liabilities they might incur if things go wrong.

2) Parents need to understand new technologies. And even more important, they need to say "no" to their kids sometimes.

3) Kids have to get involved in keeping one another safe, since often they are the experts.

4) Law enforcement has to have a good relationship with Web sites and be ready to act quickly when necessary.

5) Schools have to help educate kids on the safe use of technology, and teachers have to be on the lookout for signs that something is wrong.

The Red Tape Chronicles often focuses heavily on No. 1. Companies should both make money and do the right thing. Sometimes, the pressure of one outweighs the honor required to do the other, and journalists can help reset the balance. But Red Tape readers this week were correct to point out that good parenting is even more important than good corporate citizenship as a tool to keep kids safe.

My friend Will Femia, who blogs over at "Clicked," offered up another reason that this issue may have resonated with so many readers. It can be argued that the Golden Age of the Internet is drawing to a close, a point that John Dvorak at PC Mag recently made quite well. With the failure of Net Neutrality, we will soon have a two-tiered, class-structured Internet. E-mail is almost unusable and some people won't accept notes from strangers anymore. Free content is endangered, and free music largely killed. The special chaos that liberated so many to express themselves, that wrested publishing power from traditional media, is clearly under siege. Any suggestion that sounds like censorship is bound to be met -- and should be met -- with skepticism.

Will calls this the "There goes the neighborhood" phenomenon. And I think it's something to be seriously worried about.

Once again, I don't believe this is an either-or situation. I believe we can find ways to make kids safer without destroying the Internet.

But there is another thing I believe: Too many kids are getting hurt today, and we have to do a better job keeping them safe. All of us.

And now, as is the policy here at the Red Tape Chronicles thanks to tech editor Michael Wann, you have the last word.

When you think of Internet video, you probably think of the crazy Numa Numa dance or other harmless clips that sweep the Web like wildfire.

But there's another kind of fire that's found its way onto those user-created Internet video sites like YouTube and Google video -- children, lighting themselves on fire in front of cameras, all to get high rankings or even win prizes from video Web sites. And that's just one example of the sort of dangerous pranks that are now filling up these sites. An MSNBC.com investigation reveals that some video sites are jam-packed with clips of dangerous, even life-threatening stunts. It's become a dangerous game of "Can you top this?" that already has resulted in serious injuries, and could eventually lead to more dire consequences.

Graphic: click to see a slide show: To give MSNBC.com readers an idea of the kinds of violent videos that are making their way onto User-submitted Internet video sites, MSNBC.com has created this slide show. Only single images of the videos are shown -- still, some are graphic.

"Nobody can determine how bad this will get until we see a hospital report," said Jon Sorenson, a spokesman for the New York State Consumer Protection Board. His agency issued a warning to parents about online video violence on June 13.

We've chosen not to show the videos here, but we've decided to publish a slide show of still images pulled from the videos to give you a flavor of the content.

There are stupid tricks gone horribly wrong. In one clip, a young man dons a banana suit and covers himself in lighter fluid, then torches himself and badly burns his face. The video ends with him in a shower, bathing the side of his face in cold water to control blistering.

In another, men and teenagers build "dry ice bombs" in plastic bottles, then watch as one of them explodes in someone's hand and nearly blows off his fingers.

There's also apparently premeditated violence: In one, a child announces he's about to attack after another kid who "pisses him off," then is followed by a camera as he chases down and repeatedly shoots the child with what appears to be a BB gun, causing the youngster to fall to the ground writhing in pain.

And there's accidental horror caught on tape. In another video, a child hanging dangerously out of a car door is struck in the face by an oncoming car. In this video, as in several others, the most gruesome passage is repeated and played in slow motion.

Then there's sleight-of-hand video editing, such as a clip that appears to show a teen-ager running into the road and lying down as a bus passes over him.

Sorenson said all these videos encourage copycats, and many have already led to serious injuries.

"This is going to lead to someone getting really hurt. It has led to that already," he said. "Clearly, people are getting hurt making these videos … there's blood. It's true that kids do these stupid things (anyway), but could you ask for a better template for doing stupid things?"

Critical of Google

Sorenson was particularly critical of Google's service, because he said he's seem many of the violent videos selected for prominent featuring on Google's video home page or its new "Movers and Shakers" list.

"Their system certainly does promote dangerous videos because of the way they are represented," he said.

On Tuesday, MSNBC.com saw the banana suit clip featured on Google's main video page.

Sorenson said Google told him it screens all videos for inappropriate content, and does remove some videos, but added, "It's hard to reconcile any review with the videos that are being featured."

Google spokesman Steve Langdon said each video on Google's service is viewed by a person before it's placed on the site. Videos are selected for the home page using an automated process, but he said screening tools are used to restrict certain kind of clips from appearing there.

"We restrict which videos appear on the home page in an effort to filter out material that may be inappropriate for children," he said in an e-mail. For additional information, he pointed MSNBC.com to the Web site's terms of service, which indicates that the site may refuse to host content that includes "graphic violence or other acts resulting in serious injury or death."

Violent clips were a bit harder to find at Google video's main competitor, YouTube.com. But there are numerous clips showing boys and young men playing with fire. In one, called "Now my forearm," a young boy lights the lower half of his arm on fire. A voice on the video says, with a laugh, "I imagine that hurt."

YouTube company spokewoman Julie Supan issued an e-mail statement to MSNBC.com, saying the company has "no significant problem in this area."

"Our policy prohibits inappropriate content on YouTube and this would include violent content," she wrote. "Our community understands the rules and effectively polices the site for inappropriate material. Users can flag content they feel is inappropriate and once it is flagged, it is reviewed and removed from the system if it violates our Terms of Use. ... We also proactively identify inappropriate content in a number of different ways, and remove it immediately once we're aware of it."

She did not answer questions about specific videos on YouTube.

Paid for explosive video

Violent videos can be found elsewhere on the Internet. At Break.com, site owner Keith Richman holds video popularity contests and pays the winners. Last year, he paid $500 for rights to video of a dry ice bomb blowing up in a man's hand, according to Charlie Dyess – the man featured in the video.

The four-minute-long movie shows a group of men and teen-agers in a warehouse in Alexandria, La., making "dry ice bombs." When one failed to explode despite repeated attempts to trigger a blast, the 38-year-old Dyess picked it up. It exploded immediately.

"At first, I thought my fingers were gone. I thought I blew them off," Dyess said. Shrapnel from the bottle tore into his arm, and he temporarily lost hearing in his right ear.

Dyess recovered, and not long after, he and the man behind the camera – friend Jason Rogers -- decided to enter Break.com's contest. They won second place, good for $500, he said.

The clip also is currently available on the Google's video site.

At the time of the filming, Dyess said he was working on a movie project with his church's youth group – that's why there are several teens in the video. He agreed the video may in fact inspire other stupid pranks.

"But I know from working with youth that no matter what you preach they're going to do anything they want," he said.

Many copycats followed

In fact, he said after the movie won second place, a flood of copycat films were submitted to Break.com, which at the time was called Big-Boys.com.

"Right after that they got a mass load of nothing but all types of bombs," he said. "You see people willing to sacrifice burns and bruises to get that shot to win a competition." After all, he pointed out, unless a stunt goes wrong "you don't have a shot."

Rogers, who has a small video production company in Alexandria that films weddings, said he believes kids and adults are trying dangerous pranks simply because video cameras are present.

"It's surprising what happens when you put a camera in front of somebody," he said. "Sometimes it does encourage people ... to do dumb things."

Break.com also features a regular female contributor named PinkZombie who attempts stunts such as stapling her arm or putting firecrackers in her cheeks. So far, she's earned $3,500 from the site. Such stunts are often a part of becoming what Richman calls an "e-lebrity."

"People post to us not just because they want to get paid but because they want people to know who they are," he said.

Where is the line?

His site does edit content, and chooses not to publish some dangerous stunts, he said.

"The site is entertaining and irreverent ... but we don't put up things we think will offend people," he said. Other video clips come with warnings saying stunts depicted are dangerous.

But that's not enough, says Sorenson, who continues to complain to video sites.

"Looking at these things...there is no apparent monitoring of videos to determine if it is over the line, or if in fact there is a line," he said.

But Dyess, who nearly had his hand blown off, was more philosophical about the problem. He said long before Google video, YouTube, and the like, teenagers were performing stunts in front of video cameras -- many inspired by the MTV show "Jackass."

"These kids are bored and they want to do something," he said. Video cameras and Web site distribution have "brought the prankster out in everybody."

Dyess' partner, Rogers, also blamed television, saying sites like Break.com are no different from network televised boxing matches.

"Why do we watch boxing?" he said. "It only exists because we pay to see somebody get knocked out. We want to see somebody get hurt, but not to the extreme that it's life threatening."

We've seen this all before.

A young, brash Internet company with an edgy business plan pushes the edges of taste, laws and social standards, becomes the next big thing, gets a lot of attention and funding, begins to mature into a real business, and then finds it can't be young and edgy anymore. Next come a few desperate attempts to rein in the very atmosphere that made the site big. And finally, the last step is a sad end to an Internet phenomenon.

This is what we're seeing now with MySpace.com. The Web site was once synonymous with young people and goofy home pages. Everyone had one. It became a craze as big as Napster in its day. If you are under 25, you no longer exchange phone numbers in a bar, you exchange MySpace pages.

But for the rest of America, MySpace is now synonymous with something else: danger. The name now evokes the thought of online predators. Schools around the country are holding MySpace seminars for frightened parents. Children are flying overseas to see adults they've met romantically through the site. The MySpace craze turned very dark very fast. And all this as the site was acquired by News Corp. for a lot of money.

A tin ear

During much of this time, MySpace has turned a tin ear toward its troubles. Last year, when I first talked to the company, its spokesman insisted the firm removed any blogs that broke the company's terms of service, including blogs where kids reveal too much information about themselves. Empirically speaking, it's obvious MySpace wasn't aggressive enough. Anyone who has even casually browsed the site could see that. Most important, parents around the country who discovered their kids' MySpace sites were continually horrified by what they saw. Your idea of "too revealing" might be very different from mine or anyone else's, but when you're talking about kids, it's parents' standards that matter. And by those standards, MySpace was way over the edge.

As the heat was turned up on the site – when Dateline NBC came calling a few months ago – MySpace went into a shell. The company refused to go on camera and discuss its product. It was still hoping the problems would go away.

But anyone could see that wasn't going to happen. MySpace has a fundamental flaw: People can lie. It's nearly impossible to keep kids under 13 off the site, no matter what the terms of service say. And despite some respectable efforts by the company to allow kids to keep adults off their sites – kids can choose to limit visitors to a permitted group of friends, an option parents should insist on -- adults were finding and contacting kids anyway.

So on Wednesday, MySpace announced its latest initiative to keep kids safe. Those bloggers registered as adults won't be able to contact those bloggers registered as young children unless the adult knows the child's entire name. It's a nice thought. But one has to ask: Has MySpace dealt with its fundamental problem, that people can lie? The answer is no. An adult who wants to talk to a kid can simply create a fake profile as a kid. And kids can easily create profiles as adults. This new safety measure is a farce.

To prove this, I just tried an experiment. I tried to register at MySpace as a 12-year-old. I was refused; good enough. So I took the error message, "Based on the information you have submitted to us, you are ineligible," and searched for that in Google. Up came hundreds of Web pages with kids telling other kids how to circumvent this inconvenience. "I lied about my age," writes one. "I always do that," says another. If you have trouble, advises a third, "Close your browser and open it again." Works like a charm. I went from 12 years old to 19 years old in three clicks and 30 seconds.

The business model: Selling kids' need for attention

Fundamentally, MySpace is popular for one reason: Young people publish hundreds of thousands of risqué photos of themselves, and others like to look. It is a voyeur's heaven. Child advocate Parry Aftab of WiredSafety.org once described the site to me as an "attention competition." MySpace's product is simply kids' need for attention. It trades in a dangerous commodity.

It's not such a far cry from Napster, which traded in free music. Napster could offer to remove songs when copyright holders complained, and it could scream about the First Amendment, but fundamentally, Napster was trying to make a business off of ill-gotten goods. So is MySpace. To fix itself, the company needs to stop making cosmetic rules and fundamentally change its business. It may not survive such a change; but I believe there isn't much choice now.

Here's a hopeful alternative to the current story line. Nearly a decade ago, Internet wunderkind eBay faced ruination from thieves who had seized on it as a tool for vast international crimes. At one point, most of the auctions for items like plasma televisions were fraudulent, for example. Any outside observer could see this; auction sellers insisted on Western Union payments and offered goods at half their normal prices. But eBay kept up a public posture that it didn't want to interfere with its marketplace.

As eBay grew up, it saw the hogwash of its defense, and began to hire hundreds of employees to patrol the site. Now, the firm tells me it has nearly 1,000 eBay cops who take down suspicious auctions all the time. It's not perfect, but it is working. eBay's reputation has improved.

MySpace has said it has such patrols, but they are obviously a fraction of what's required. Parent News Corp. must aggressively – not passively – find a way to monitor kids' sites and remove material that's questionable before waiting for something terrible to happen. That won't keep every kid safe. But it will change the atmosphere of the site. Perhaps the end of the free-for-all will mean the end of the MySpace phenomenon. That's what happened to Napster.

But if the site wants to grow up and if it wants to shake its reputation, it will have to stop trading in the unholy currency of kids who need attention.

That lost Veterans Administration data may end up hurting you, even if you're not a vet.

Last month, the VA announced an employee had lost a computer loaded with the identities of 26 million current and former GIs. The dramatic incident has inspired outrage from lawmakers in Washington D.C. Unfortunately, that outrage has taken form in legislation that could make things worse for all of us.

How? It establishes nationwide standards for data security that actually eliminate some consumer rights granted at the state level.

If the Financial Data Protection Act, already passed by the House Financial Services Committee, is approved by the full House later this month, millions of consumers could lose the right to freeze their credit reports. And all those notices consumers now receive after a company loses personal data? Many of those would no longer be required.

The House is expected to vote on some data security legislation as soon as next week, with the Financial Data Protection Act one leading candidate.

Before we go on, a short history lesson is in order. Let's look back a few short years, before the California state legislature passed its data leak disclosure law and a time when we all lived in blissful ignorance, assuming the vast majority of companies took great care with our personal data. Then, the California disclosure law took effect and suddenly we knew the truth. ChoicePoint, LexisNexis, Bank of America, Citibank, Wells Fargo, the list goes on and on. All sent out notifications of data leaks, and they did so because the California law required it.

Soon after this litany of leaks, there were flourishes of legislative creativity, with dozens of states imitating California's laws. But also, there were hurried attempts by Congress to deal with the problem. A half-dozen federal bills were drafted, most with ill-conceived provisions that pre-empted state laws.

VA case lends urgency
Fast-forward to this year. With all the other distractions facing Washington D.C., federal data leak legislation seemed doomed, stuck on the far back-burner of Congress' stove. But that all changed last month, when the VA data leak came to light. And suddenly, there was the age-old urge to "do something" to fix the problem. So last year's legislation suddenly found room on the front burner.

Now, HR 3997 is dangerously close to passage by the entire House.

There are two clear problems with the bill: Under its provisions, only ID theft victims would have the right to freeze their credit; and companies that lose data would only have to tell consumers if there was a "significant risk" of harm. Guess who decides if lost data poses a significant risk?

The legislation would take away the right to a security freeze from about 100 million people. State legislature in 18 states, including California, New York, Florida, and Illinois, have passed security freeze laws in recent years. The law allowed consumers to lock up their credit files, cutting off criminals' access instant credit in their name. Freezes aren't a silver bullet, but they are the only thing consumers can do pre-emptively to protect themselves against ID theft.

This federal legislation would limit freezes to those who've already been a victim of ID theft -- a nonsensical limitation on a tool designed as preventative medicine.

If the Financial Data Protection Act were to become the law of the land, disclosure notices also would largely vanish. Had the Financial Data Protection Act been the law for these past three years, we may never have learned about the lost laptops, backup tapes, and hacker break-ins we now know are commonplace.

A large step backward
In short, passage of the bill would be a large step backward.

Fortunately, there are alternatives. A competing House bill, the Data Accountability and Trust Act (The acronym is DATA! Clever, eh?) passed by the Energy and Commerce Committee, doesn't pre-empt consumers' freeze rights. And it has a slightly lower bar for mandating disclosure notices. There are also two bills in the Senate which preserve security freeze rights. All of these measures would ease the requirements for companies to notify consumers after data incidents -- a bad thing -- but they seem to be the lesser evils.

There is great concern that the Financial Data Protection Act, which has the support of many in the financial services industry, will win the day -- at least in the House. In light of the VA incident, there is great impetus to get something passed -- particularly with the July 4 holiday and a congressional recess looming. As one consumer advocate told me, "They want to go home to the parades and say they did something for the vets."

Well, this is one case where doing nothing would be quite a bit better than doing something. If you're concerned about the safety of your personal information or you're interested in preserving rights given to you by your state legislature, now would be a good time to speak up.

WASHINGTON D.C. -- Today, if you have a problem with your cable TV service, you can march down to City Hall and complain to the mayor. Or, you can show up at a city council meeting and make an old-fashioned stump speech. And the mayor and city council can actually do something about your problem.

Most towns in America have an Office of Cable Communications or similarly titled board, giving consumers a local place to turn and companies a local office they must answer to.

Quaint? Perhaps. Antiquated? Maybe a little. Time for dismantling? Of course not. However, that's what your Congress is about to do.

The major telecommunications bill careening through Congress right now would shift almost all the responsibility for cable complaints from local governments to the Federal Communications Commission. With some 30,000 local governments currently taking and acting on cable complaints, it's not clear how the FCC would suddenly gear up to all of handle them. But I'll let you guess.

Why haven't you heard more about this? Because the end of the current cable franchise system is packed into the bill that has generated controversy on many other fronts -- Net Neutrality among them. The distraction has allowed the end-of-cable-franchises-as-we-know-them portion of the bill to sail through the legislative meat grinder without very much debate. That's too bad: We will rue the day that consumers' right to complain, and to find recourse, was taken away from City Hall and plopped onto a big white building in Washington D.C.

Federal pre-emption. It's a term you should get used to, because it's become the way of doing business in this town. Remember states' rights and federalism from your high schools textbooks? Now there's an antiquated idea.

Pre-emption: A way of life
Today in Washington, pre-emption is a rule of thumb. Pre-emption means federal law supersedes state and local laws if they govern the same areas. It's become standard operating procedure for Congress to pre-empt state laws with its own laws. Pre-emption is all about grabbing power -– typically, a local agency is forced to cede enforcement power to a federal agency. It's generally good for businesses, which get to avoid aggressive state legislators and offices of consumer protection and the like. But pre-emption is usually bad for consumers. It places your protection far away, behind a Web site and a mailing address and a bureaucrat you'll never meet. Pre-emption makes it impossible for states or cities to create laws that enforce stricter consumer protections than Congress imposes.

Back to today's subject: cable franchises. If you have a complaint, and you don't think your mayor handled that complaint properly, you can vote her or him out of office. If the FCC doesn't handle your complaint properly you can ... write an e-mail to the president. There's the problem.

Nevertheless, in the euphemistically titled and recently approved COPE Act (Communications Opportunity, Promotion and Enhancement Act), the House of Representatives has voted to take the power of complaint away from consumers. Oh sure, they can still bitch and moan at City Hall. But this bill names the FCC as the final hammer in any dispute, effectively undercutting local governments.

The Senate is now considering a similar bill. It's an emotional topic -- a hearing Tuesday before the Senate Commerce Committee was packed to standing room only.

Telecommunications firms are lobbying hard for the legislation, operating Web sites like WeWantChoice.org and Consumers4Choice.org. Of course: Who wouldn't rather be accountable to easy lobbying targets in Washington D.C.? Local mayors can be a bother.

The system IS broken
Before I go on, let me say that the system, as it is, is broken. Those who want to change the way cable franchises work have a point. Not long go I covered city council meetings in far flung places like Parsippany, N.J., and Lake Havasu City, Ariz. All across our nation, dysfunctional city halls and Napoleonic mayors hold up cable franchise deals in all sorts of creative ways. They take a sizable cut of the subscription fees (5 percent or so) as free tax money. Some cities hold up cable companies for outright grants to pay for things like fire trucks. The negotiations can drag on for months. It isn't fair. With their sometimes absurd demands, localities hold back competitive forces and limit consumer choice.

But dismantling the franchise model is a classic throw-the-baby-out-with-the-bath-water solution –- and it's sharply undermining an important consumer protection mechanism under a smoke screen. Remember, companies who want to provide video and Internet services over a wire to your house have to enter your city. They have to climb your telephone poles. Sometimes, there's nothing wrong with quaint. We should be working hard to preserve the quaint, local element of cable television, not working to nationalize it.

Yet that's what the COPE Act will do. As you might expect, local government advocacy groups like the U.S. Conference of Mayors and the National League of Cities, are sharply opposed to the bill. Elizabeth Beaty, spokeswoman for a group that represents local cable franchise boards, the National Association of Telecommunications Officers and Advisors, said each community needs to able to set and enforce customer service standards for cable firms.

"No one is going to hold them more accountable than your local government," she said. "Who is more accountable: Your mayor or an unelected professional staff person at the FCC?"

Here's a typical scenario Beaty offered: A cable company promises to show up between 8 a.m. and noon for an installation. Then, the cable company doesn't show up. Now what? In some cities, the firms are bound by their franchise agreements to compensate the consumer. Beaty's concerned that a federal consumer standard might not include such a provision, or it might be hard to enforce. At the city level, it's easy –- cable providers must pay fines, and obtain a letter of credit that's essentially a bank account municipalities can draw on if the firm tries to duck its fines.

A bigger hammer?
Telecom companies see all this very differently, of course. Kelly Gannon, a spokeswoman for TV4US, said the bill would actually strengthen consumer protections. Far from taking away the hammer consumers have at City Hall, "They're being given a bigger hammer," she said. "The cable companies are more afraid of the FCC than local mayors."

Washington tougher on corporations than local government? That argument is hard to swallow.

Should the COPE Act become law, Beaty predicts immediate and serious consequences for consumers. For example, she's wondering how the FCC will be able to handle a cascade of complaints when there are no appropriations in the bill for extra staff. A survey of 100 member cities revealed they had received 34,000 complaints in 2005. That would be a heavy new workload for the FCC. Even if local governnments still act as complaint-takers who pass problems on the the FCC, as some versions of the proposed legislation suggest, that's still an overwhelming number of disputes. It seems obvious on its face that many customer complaints will go unheeded, misdeeds will go unpunished -- and customer service will plummet.

On this point, there is even disagreement among the supporters of the larger COPE Act. While the traditional phone companies support this virtual end of local franchising, the National Cable and Telecommunications Association said it is "neutral" on that portion of the bill. In an interview with me, Brian Deitz said cable firms would actually be sad to see franchising go. Cable companies support local enforcement, he said.

Perhaps that's because his industry doesn't want the phone companies to get an easy ride after they've spent decades fighting City Halls around the country.

The Senate bill that was debated today includes some additional measures to protect consumers' local rights to complain, and the bill is still in flux. That's good, because the already passed House bill –- the one you know about because it passed on Net Neutrality –- also passed on consumer rights. Before the Senate passes its version, now's the time to speak up, before you lose your right to speak up at City Hall about your cable company.

In January, we told you about a cascade of complaints against a Web site that lured consumers with the promise of a free cell phone -- and then allegedly held their rebates hostage.

Now that company -- InPhonic Inc. -- has been sued by the Washington, D.C., Attorney General's Office for those very practices. The company is one of the "most complained about" firms in America, according to the Washington, D.C., Better Business Bureau.

Doing business as the Web site Wirefly.com and a host of other brands, Washington D.C.-based InPhonic Inc. published aggressive advertisements promising free cell phones from major brands, including Verizon Wireless, Cingular Wireless, Sprint, and T-Mobile. The company says it sold nearly 1 million cell phones last year, making it perhaps the largest independent Internet cell phone retailer. The rebates in question were sizable, often $150 or more.

But last year, consumers began pelting the D.C. Better Business Bureau with complaints that the rebate procedures were so cumbersome as to be nearly impossible. Consumers were forced to wait 180 days to file for their rebates, but had to file before 210 days passed, giving them a tiny window of opportunity to get their funds. When the story was told on the Red Tape Chronicles, many consumers wrote to say they'd fulfilled the tedious requirements, but still had not received their rebates.

Washington, D.C., prosecutors apparently heard the same complaints. They filed a consumer protection lawsuit in the district's Superior Court on Thursday,

In a statement, the agency alleged that InPhonic "imposes restrictive conditions" on the rebates, and the firm is "unreasonable in its enforcement of the rebate terms," requiring a host of complicated paperwork and denying rebates for technical reasons.

"A company needs to let consumers know up-front about special conditions that make it difficult to obtain advertised savings or to avoid hidden charges," Attorney General Robert J. Spagnoletti said in a statement. "Consumers should be able to count on the bargains that companies offer them."

InPhonic denied the charges in a statement to the Washinton Post.

Consumers who complained to MSNBC.com said that Wirefly operators "talk in circles" when they called trying to get their rebates.

"They answer your questions with questions," said Marie Vento in January, when she was trying to track down $600 worth of rebates.

Back in January, there were more than 1,400 complaints filed against InPhonic at the D.C. Better Business Bureau. Now that number has climbed past 2,000. Ed Johnson, president of the bureau, said InPhonic was one of the "most complained about" companies in the bureau's nationwide complaints database. He said consumers should read InPhonic's story as a cautionary tale.

"In general, rebate offers are a mainstream marketing technique that can represent a real value to the consumer. What most consumers do not realize is that unless the rebate is provided at the point of sale, it is only a potential rebate," he said. "If you are required to follow a course of action in order to obtain the rebate and the process has restrictive or complicated rules, the likelihood of getting the discount is greatly diminished."

For a list of ways to track down wayward rebates of all kinds, see an earlier Red Tape Chronicles Entry, "13 Ways to Track Down Wayward Rebates."

The Washington D.C. lawsuit seeks restitution for consumers, a permanent injunction against the alleged unfair business practices, and civil penalties.

What could be worse than losing secret information that identifies all the nation's veterans?
Losing secret information that identifies men and women fighting a war.

Those who have tracked the Veterans Administration lost data debacle know it was already one of the worst data loss stories ever. Initially, the VA said the lost equipment -- stolen by a house burglar from a VA employee's home -- included data on 26.5 million veterans. Two weeks ago, a VA spokeswoman specifically told me National Guard troops were not involved.

The story's changed now, much for the worse. During the weekend, the VA revealed that some active duty members might have been in the list. Then Monday evening, the Washington Post reported that up to 2.1 million military men and women were on that equipment. And yes, that includes National Guard members.

No slight to the harm done to the veterans -- but this strikes me as a far more severe story. Imagine what an enemy agent could do with that information, with a list of current military fighters. They could create fake IDs, or harass family members. Or, I'm sure, even worse.

There was already confusion about this story. Vets have been writing me for days asking if there was any way to know who was on the computer. The VA hasn't been able to give specifics. In fact, the original announcement said "some spouses" were also on the computer, but that's all.

Tuesday's disclosure makes the story all the more frustrating. How are active duty military personnel supposed to deal with this news? Many are hardly in a position to look up their credit report and check for signs of identity theft.

Thanks to NBC's Pete Williams, we can offer a few more details about why the VA has been so vague. The data apparently was taken home by an employee on either DVDs or CDs. Some of those CDs or DVDs were copied to the employees computer, but no one knows how many. In the best case scenario, only some of the data was copied before the computer was stolen.

The CDs/DVDs themselves were not stolen.

It's also possible that some of the data, after it was copied "was erased over time," VA spokeswoman Louis Filkins told me.

Pete Williams is also reporting Wednesday night that about 10 percent of those active duty military who may have been exposed by the theft are currently engaged in wartime activity.

As more information dribbles out about what happened to this data, Critical information is still missing: Namely, who's on the list? That's what vets and active GIs need to know.

One year ago, Hank Gerbus had his hard drive replaced at a Best Buy store in Cincinnati. Six months ago, he received one of the most disturbing phone calls of his life.

"Mr. Gerbus," Gerbus recalls a stranger named Ed telling him. "I just bought your hard drive in Chicago."

Gerbus, a 77-year-old retiree, was alarmed. He knew the old hard drive was loaded with his personal information -- his Social Security number, account numbers and details of his retirement investments. But that's not all. The computer also included data on his wife, Roma, and their children and grandchildren, including some of their Social Security numbers.

In June 2005, when Gerbus took his computer to Best Buy for repairs after a hard drive crash, he knew the drive was a potential hot potato. So when a clerk there told him it had to be replaced, he asked for the damaged hardware back.

No dice. The replacement was done for free, under warranty, and Gerbus was told the old drive had to be sent to a repair center in Chicago to fulfill warranty terms.

"I asked in the store on two or three occasions. ... I was very concerned," he said. "But they said 'we can't give you the old one because it's under warranty.'"

Gerbus said he was assured that, after verifying the warranty, workers in Chicago would drill holes through the drive and make it unusable.

Hank Gerbus, 77, says he has no idea who might have had access to the drive containing a trove of his family's personal information. Photo: WLWT-TV

Tracked down in Florida

Gerbus' hard drive did make it to Chicago. But instead of being destroyed, it landed in Ed's hands. In January, Ed tracked down the Gerbus family at the couple's winter home in Florida, and placed that disturbing call.

"The only way he would have had my Florida number was if he had my hard drive," Henry Gerbus said.

Ed told Mr. Gerbus he'd purchased the drive at a flea market for $25, Hank Gerbus recalls. The two made arrangements to return the hardware to its rightful owner. But Gerbus has no idea who else might have seen the personal information in the interim.

"From June (2005) to January, I don't know where it was," he said. "That's why I am so concerned."

A Best Buy spokeswoman didn't dispute the details of Gerbus' story, but wouldn't answer questions about the incident.

"The allegations are very disturbing, as they are inconsistent with our standard procedures for disposing used hard drives," the company said in a statement said. "The allegations, if true, would be intolerable. ... We are vigorously investigating."

That vigorous investigation, however, apparently didn't begin in February when Gerbus said he called Best Buy to complain. It seems to have begun just last week, when Gerbus' story was first told by reporter Tom Sussi of WLWT-TV, a Cincinnati-based NBC affiliate.

Gerbus has asked Best Buy to pay for identity theft insurance for him and his family. He says the firm so far has offered him only a $250 Best Buy gift card as compensation.

Hard drives not properly trashed

It's not clear why the drive wasn't destroyed, and how it apparently ended up on the resale market. But Gerbus' tale of the nemesis of old hard drives is no isolated incident. There have been several celebrated cases of researchers buying hard drives at used equipment stores and discovering critical data on them.

In the most dramatic example, in 2002-2003 MIT researcher Simson Garfinkel examined 129 used hard drives purchased from a variety of outlets. Only 12 had been completely cleared of data. The other drives contained thousands of documents with critical information -- one had 3,722 credit card numbers on it. Another had been used to power an ATM machine and contained sensitive bank data.

To retrieve some of that data, Garfinkel and colleague Abhi Shelat had to use advanced techniques -- but their demonstration showed old hard drives are often disposed of improperly. Simple deletion of data is not enough, as there are a variety of techniques that can be used to recover it. And data can be retrieved even from drives that have crashed, like Gerbus', using similar techniques.

On the other hand, drilling holes through a hard drive -- and specifically the platter inside -- is quite effective.

Too bad in Gerbus' case that wasn't done.

What's the lesson here? Perhaps when you bring in a computer for service, it wouldn't be a bad idea to bring your own drill. Just in case.