It's being called the worst data leak of the information age. Earlier this month, U.K. officials had to admit they'd lost computer disks containing personal information on almost half the country's population, including nearly all families with children. If that's not bad enough, the databases included the worst kind of information to lose -- consumer bank account numbers.

It's a data scandal fit for tabloids. The price tag put on the loss is already $500 million. Prime Minister Gordon Brown had to issue a public apology, and the head of Britain's Revenue and Customs office was forced to resign. The U.S. audience might have missed the initial news because the story broke during the Thanksgiving holiday. But the obvious question floating across the Pond is this: Could something that dramatic happen in the United States?

Yes, most experts say. And the consequences here would be even worse.

The computer disks lost by British officials contained intimate details on every family in the United Kingdom that claims the child benefit -- a government subsidy payment that goes to every household with children. The disks were lost while being sent between government agencies. The information on them included the names, addresses, dates of birth, insurance numbers and banking details. In all, data on 25 million of Britain's 60 million citizens were on the disks.

That amount of the data loss is staggering -- just shy of half the nation's population.

"We've never had anything like this," said Avivah Litan, a bank security analyst with consulting firm Gartner. The stolen Veterans Administration laptop may sound comparable in number (26 million), but the type of data lost in that incident -- Social Security Numbers -- pales in comparison to the lost U.K. tapes, Litan says.

Gordon Brown

Toby Weiss, president and CEO of Application Security Inc., says consumers may have grown a bit numb to large-scale data losses now, with their spectacular multi-million-long lists of victims.

"Wow, when you're talking about names of children and their addresses, and bank account information, this is a whole different kettle of fish," he said. "The fact that it's so much important information in one shot, we've never had anything to compare with that."

Hot items on the black market
To really understand the importance of the U.K. leak, it's important to understand how valuable raw bank account information is. In a report written soon after the U.K. incident, Litan said Social Security numbers sell for as little as $5 on the ID theft black market. But live bank account information can sell for as much as $400.

Why? It actually takes some effort to turn Social Security numbers and even credit card numbers into cash. Social Security numbers are only a building block that can be used to apply for credit. Card companies have sophisticated tools designed to catch fraud as it happens, including software that spots unusual purchases and stops criminals in their tracks.

But banks have no such protections on checking account transactions, Litan says. In fact, anyone with a bank account number and routing number can print up fake checks and start draining consumer accounts. Banks don't even process checking account transactions in real time. Instead, they are batch-processed, generally once each day, through a system called ACH, or Automated Clearing House. So there really is little defense against a large-scale checking account theft. Millions of checking account numbers falling into criminals' hands would be difficult to combat.

"ACH is an accident waiting to happen," Litan said. "It's the 'not-talked about-network,' but it has a lot of vulnerabilities. ... Big banks are more worried about check fraud than anything else."

But even if lost bank account numbers never fell into criminal hands, the hassle and cost of such an incident would be enormous for both banks and consumers.

Whenever a large-scale theft of credit card numbers is revealed -- such as the theft of nearly 90 million account numbers from TJ Maxx -- card-issuing banks generally adopt a wait-and-see attitude. Sophisticated systems allow them to flag potentially stolen card numbers and watch carefully for signs of fraud.

There is simply no parallel system for bank account numbers, Litan said. So a similar incident in the United States might force banks to close and re-issue millions of checking accounts, at enormous expense.

"The impact on people's personal lives would just be untold. If you've ever had to change your credit card number you know it's a pain in the butt. When you talk about bank account numbers you multiply that tenfold," Weiss said. Consumers might spend days, or even weeks, unable to pay their bills or reliably access cash, he said. "It's a lot harder to issue someone new bank account numbers than new credit card numbers. ... It's safe to say this kind of thing (could cause) a recession."

New tools being tested
Richard Oliver, executive vice president with the Federal Reserve Bank in Atlanta, has spent the last 10 years studying electronics payments and hosting conferences on payment security. He said the bank electronics payment association, called NACHA, is currently testing tools that would allow improve bank check fraud prevention tools.

"There are efforts under way to make ... these transactions more secure," he said. While not as alarmed about the prospect of large-scale fraud as some others, he added "obviously, there's a problem."

Still, cleanup from even a relatively benign data loss -- where fraud was very unlikely -- would be very costly for banks, he said.

"It's certainly $10 to $20 per account," he said. "And it could go higher."

One saving grace for the United Kingdom in light of the data leak is the concentration of the banking industry there. Five banks control about 90 percent of all accounts in England, making it quite a bit easier for banks to collaborate on fraud prevention. In the United States, where there are 10,000 banks, regulations prevent any institution from controlling more than 10 percent of all depositors, Litan said.

"It's much easier for crooks to get by in the U.S., where there's 10,000 targets," she said.

That means a data loss such as the U.K. incident would be even more dire here in the states.

While there's no U.S. government program that's analogous to the U.K. child benefit program, plenty of federal agencies hold vast amounts of personal information, including bank account numbers, said Larry Ponemon, a privacy researcher who runs The Ponemon Institute. The IRS, for one, controls data every bit as rich as that lost in the United Kingdom. So does the Social Security Administration, which has millions of bank account numbers for direct deposit payments.

"Absolutely, it's possible," for a similar event to occur in the here, Ponemon said. In fact, it may have already happened, he said.

Despite aggressive disclosure laws requiring companies and agencies to admit to consumers when data is lost or stolen, Ponemon believes the vast majority of such incidents still go unreported.

"My gut says 80 percent," he said. "Actually, it's more than my gut, that's based on four years of research." In his studies, three-fourths of all companies admit to some kind of data leak. If all of them disclosed the leaks, the stream of press releases would be never-ending.

Exact threat is hard to determine
Still, despite spectacular news stories involving lost data and isolated stories of bank account thefts, clearly there has not been any large-scale raiding of consumer bank deposits by criminals. That leaves most analysts, and event the Federal Reserve, at a loss to describe how real the threat is.

"The issue nobody has their hands around is, 'How big a problem is this, actually?' Oliver said. "We see dramatic instances of theft. But the Fed has tried to do studies on check fraud, and it's very hard to get financial institutions to be forthcoming, and to get our hands on how big a problem this is."

Weiss, the security firm CEO, is concerned that if the U.S. banking system doesn't take the chance to learn from Britain's incident, we may all find out when it's too late. In his mind, the incident proves even the largest organizations are still far too cavalier with personal information.

"This is a continuation of a trend we are seeing in the market. … The big question is: How did so much data wind up on a portable medium?" he said. "How could someone pull down that much data without alarm bells going off? Whatever we're doing obviously isn't working. There is too much data moving around way too much."

Chris Jupin never thought he'd create a firestorm when he wrote on his personal blog in September about a bogus $4.95 charge that appeared on his debit card. But traffic to his blog increased sharply, and hundreds of Web users chimed in saying, "me too." About half of them had something in common: They had recently purchased credit services from credit bureau Equifax.

Jupin's short post complained about a company named Digismarket.com, which says on its Web site that it sells electronic books. The company lists a New York State phone number. Jupin, a 25-year-old from Atlanta, had never heard of Digismarket, and had never ordered electronic books. He immediately canceled his credit card and e-mailed the company asking for a refund of the $4.95 charge, which it granted quickly.

"I was surprised and angry, and then you get nervous," Jupin said. He had no idea how Digismarket got his credit card number. "We do everything online. We pay our bills, shop. So once I noticed this I was in a frenzy notifying the bank, getting a new card. And then I checked my accounts every day, because you get a little paranoid after something like this."

Despite receiving the refund, Jupin wasn't satisfied. He filed a complaint with the New York State Better Business Bureau. He also posted a detailed note on his blog about what happened to him, including instructions on how to complain to the New York Attorney General's Office about Digismarket.

Complaints about other e-book sites

Comments from people who'd also found bogus charges from Digismarket streamed in to Jupin's blog. Dozens of consumers also filed complaints with the Better Business Bureau. Then in the past month, consumers began writing to complain about other e-book-related bogus charges from Web sites with names like MyLiberia.com.

On Monday, MyLiberia.com site posted this cryptic message:

"We are now having our major scheduled refit. This site will reopen soon," it read. "Thank you for your input during the consultation stage."

It's not clear if Digismarket, MyLiberia and other e-book sites generating complaints are linked, but they share the same tactics. In each case, consumers are charged small amounts, generally less than $10.

Many victims have something else in common: They say the cards that were charged for e-books also were recently used to pay for Equifax credit report-related products, such as a credit score or credit monitoring. Some of the consumers complained to Equifax. A company spokesperson has told consumers it is investigating.

The reports don't necessarily mean Equifax was hacked, and some victims say they never purchased anything at Equifax.com.

'No connection to Equifax'
Equifax spokesman David Rubinger told MSNBC.com that the firm's security experts have researched the incident and have concluded that "there is no connection to Equifax." The firm's internal security monitoring software shows no signs of any data thefts, he said.

Rubinger suggested that fraud victims' connection to Equifax is a coincidence, and merely a function of the popularity of Equifax products. After many large data breaches, companies often offer consumers free Equifax credit monitoring products. With tens of millions of consumers signed up for such products, it's possible that the connection between e-book victims and Equifax is purely casual.

Still, it's hard to ignore the long roll of victims allegedly hit by Digismarket who say they've used the same credit card to purchase an Equifax product in recent months.

"I spoke with Equifax and they stated that their site is probably one of the most secure sites out on the net," wrote one victim. "Equifax stated that they would turn the information into the fraud department for investigation. I'm not blaming Equifax, but since so many use their services and have the same problems I would like to see the matter looked into."

Credit card fraud victims sometimes discuss common points of purchase to try to determine a possible source of leaked credit cards. But apparent connections can be misleading. As part of the card transaction process, credit card numbers are passed between several financial entities and card processing firms. Any one could be the culprit in a data leak. And a disgruntled or corrupt employee at any point in the chain could steal numbers and sell them for profit.

The one company that could clear up the confusion isn't helping.

'Refunds for all'
By all reports, Digismarket is giving customers who complain prompt refunds. But the phone number listed on its Web site was inoperative on Monday, and the firm didn't respond to e-mails sent by MSNBC.com to its customer support address.

Tony Barbera, investigations manager for the New York Better Business Bureau, said letters sent to Digismarket's Long Island address are simply returned.

Other companies accused of bogus e-book related charges aren't helpful either.

MyLiberia.com offers no contact information on its Web site, but one victim posted its customer support phone number, with an area code indicating it was near Portland, Ore. When I called the number, an operator with a thick accent answered. She said her name was "Anna," but would not say where she was located.

She was, however, quick to issue a refund. When I told her my name was Bob Sullivan, she found an entry for someone named "Tom Sullivan," whom she said had downloaded a book named "How to Lose Weight."

Without asking for any additional verification information -- even a credit card account number – she promised to issue a refund on the spot.

"I'm sorry for the situation. If you haven't bought anything from us I will credit back your account," she said.

Fake companies=cash
It's not clear when the e-book scam began. A few consumers say they saw fake e-book charges beginning in February, but it appears there was a flurry of activity in September.

Credit card thieves often create fake businesses to process bogus transactions -- that's much easier than using stolen cards to make purchases at legitimate retailers, and one of the quickest ways to turn stolen numbers into cash.

It is unusual for the fraudulent Web sites to issue refunds, however.

The refund is cold comfort to another victim, Victoria Volkov. While she also got her money back quickly from Digismarket, she figures many consumers might not be quite so diligent in checking their bills. That means many people may be unknowingly paying for e-books they didn't want and never ordered, she said.

"It looks like a lot of people were fraudulently charged by this company, and, of course, not all of them notice this small charge and contact Digismarket," she said. "People should be alerted somehow."

BBB's Barbera said it's a good idea for consumers to scan their bills and look for bogus charges – especially during the busy holiday season.

"Monitor your bills to make sure all your charges make sense, and when they don't, don't be afraid to call up your credit card company and ask, 'What is this?'" Barbera said.

Americans think Barack Obama is the Democrat most likely to advance their privacy rights and that Rudy Giuliani is the least privacy-sensitive of the top three Republican candidates, a new survey suggests.

The telephone poll of 600 adults, conducted by private research firm The Ponemon Institute, also found that 40 percent of Americans say protection of privacy rights is either important or very important in determining preference for the next presidential election.

Asked to select both the Democratic and Republican candidate they believe is most likely to "advance your privacy rights," respondents preferred Obama over Hillary Clinton and John Edwards by nearly a 2-to-1 ratio, with 43 percent naming Obama compared to 25 percent for Edwards and 23 percent for Clinton.

The poll had a margin of error of plus or minus 4.5 percent.

On the Republican side, John McCain was the top choice, named by 39 percent of respondents, but Mitt Romney's 35 percent was within the poll's margin of error. Rudy Giuliani was picked by 15 percent of those polled, with Ron Paul and Fred Thompson each named by less than 5 percent.

Ponemon, who conducts privacy-related surveys for corporations, said he was somewhat surprised by the results on the Democratic side. Of the three candidates, all current or former U.S. senators, only Clinton has sponsored privacy-related legislation. Yet she ranked last among the candidates, he noted.

"For Obama, even though he too is a senator, perhaps he's seen as new blood," Ponemon said. "Perhaps they see Clinton and even Edwards as old school, and they won't do anything to advance privacy rights.

MSNBC Special Report: Privacy Lost
Read the complete survey (Requires Adobe Acrobat)

Ponemon said he was not surprised that Giuliani scored lowest among major candidates, since the former New York mayor is often associated with national security issues.

"People see him as pro-security, pro-surveillance, pro-wiretapping, and they figure if he's doing that he's not making privacy a top priority," Ponemon said.

Lee Rainie, who as director of the Pew Internet & American Life project has conducted several privacy-related studies, said Pew had not yet examined how privacy sentiments relate to the presidential candidates. But he said he wasn't surprised at the results of the Ponemon poll. There seems to be an inverse relationship between national security and privacy, he said; the more a candidate talks about the war on terror, the less than candidate sounds like a privacy advocate.

"It sounds like the axis on which people are basing their first judgment is on the surveillance issue," he said. "People who are thinking in those terms ... may think someone who is associated with surveillance or the war on terror might not be as privacy-oriented."

Privacy polls hard to interpret
Polling on issue like privacy is a challenge, which makes interpreting survey results difficult, said privacy law expert Daniel Solove, a professor at George Washington University and author of several privacy-related books, including the newly published "The Future of Reputation."

"When you ask a question that broad ... I don't even know if I could answer that question if I got polled," Solove said. "Some candidates might be strong on identity theft or information sharing but not on national security and privacy, for example."

For many voters, he explained, consumer privacy issues -- such as the collection of information by companies -- are viewed very differently from civil liberties issues like surveillance. When you ask about privacy, it's hard to precisely define the term.
"The question is, when (poll takers) say privacy, what do people think of?"

Ponemon's poll produced other surprises. It suggested young voters are more privacy-sensitive than previously believed. Among 18- to 28-year-olds, the MySpace-Facebook generation, 54 percent said privacy issues would be a factor in determining their choice for president, significantly higher than the 40 percent rating among the general population.

Previous polls indicated that younger tech consumers tend to be less worried about privacy than older Americans, Rainie said.

Ponemon's poll-takers also asked more-specific questions concerning privacy. Among the responses:
• 58 percent of adults said the protection of civil liberties will factor into their presidential choice.
• 25 percent said the protection of Internet anonymity will be a factor in their decision.
• 25 percent said protection from annoying and intrusive online marketing practices will be a factor.

TV pitchman extraordinaire Kevin Trudeau has been found in contempt of court by a federal judge in Illinois.

Trudeau, author of the best-selling book "Weight Loss Cures They Don't Want You to Know About," hawks his books in seemingly ubiquitous late-night television infomercials.

But U.S. District Judge Robert Gettleman ruled Friday that Trudeau had "misled thousands of consumers" in the ads by making claims that are "patently false." A hearing to determine Trudeau's penalty, and the future of his advertising, has not yet been set. FTC attorney Laureen Kapin said the agency will ask the judge to make Trudeau provide "consumer redress," which might ulimtately include financial compensation for book purchasers.

Trudeau, who also wrote the best-seller "Natural Cures They Don't Want You to Know About," makes ambitious claims about a weight loss program in his new book. Readers are instructed to follow a set of "protocols," including obtaining a series of colonics, a daily hormone injection, eating only organic foods, and at one point slimming food intake down to 500 calories a day.

In seeking the contempt of court ruling, the Federal Trade Commission argued that Trudeau's infomercials violate a court order he signed in 2004 prohibiting him from making misleading claims in television ads.
In the weight loss commercials, Trudeau repeatedly tells viewers that it's easy to follow his diet regimen. He also says that those who follow his diet can eventually eat whatever foods they like.

Gettleman found both statements to be misleading.

"Mr. Trudeau states ad nauseum in his infomercials that his diet is 'easy.' As the FTC points out, the dietary regimen prescribed by the weight loss book is anything but," he wrote. In the commercials, Trudeau "fails to mention that the diet requires 15 colonics in a 30-day period and a 500-calorie per day limit necessitating a physician's supervision," the judge said.

Trudeau's lawyers argued that his commercials represent only Trudeau's opinion, which is protected by the First Amendment. They also argued that a certain degree of "puffing," or hyperbole, is standard in advertising.

'Easy' is not an opinion
But Gettleman found that the word "easy" is not an opinion, but rather an advertising term with legal meaning. And he noted that the U.S. Supreme Court found in 1949 that advertisements claiming dieters can "easily" shed pounds "without torturous diet" were misleading when the actual dieting program was misrepresented.

"Mr. Trudeau is simply incorrect that the term 'easy' is always puffing or an expression of opinion," he said.

David Bradford, Trudeau's personal lawyer, said the author will comply with the court's ruling.

"Mr. Trudeau respectfully disagrees with the Court's ruling, but intends to comply with it while seeking to vindicate his First Amendment rights," Bradford said.

In his ruling, the judge found Trudeau's claim in the ad that he can now eat anything he wants, including mashed potatoes and gravy "loaded with fat," to be misleading. He noted that in his book, Trudeau writes that dieters must follow a strict eating regime "for the rest of your life."

"How Mr. Trudeau was able to eat a 'big' portion of prime rib 'marbled with fat' and a 'big hot fudge sundae with real ice cream, real hot fudge, real nuts and real whipped cream' and still follow (the regimen) remains a mystery," Gettleman said. "As far as this court can tell, it is impossible. More importantly, though, it is misleading, and it misrepresents the contact of his book in flagrant violation of this court's order."

Gettleman also dismissed the argument that Trudeau was entitled to First Amendment protection in the book and infomercial. Specifically, as commercial speech, the TV ad is not protected speech, the judge noted.

In September, Trudeau's lawyer defended the infomercials in an interview with MSNBC.com.

"The advertising has been airing for many months. There are no complaints about it," he said at the time. "There are no consumers' complaints of any consequence that we're aware of."

He said the Trudeau has a First Amendment right to say anything he wants in the book, and by extension, in the infomercial.

"Whether he's right or wrong is for the public to decide, not the government," he said.

Heidi Hansen, a U.S. Bank customer for nearly 10 years, had never seen anything like it. Her October bank statement contained a long string of unexpected 25 cent charges. Next to each was this confusing explanation:

"Purch Made With PIN - Fee."

Hansen, a 27-year-old Colorado resident, figured out what was going on pretty quickly. She was being charged extra for using her ATM card and PIN code to buy things at retail stores.

Hansen was not amused, and dashed off a hasty note to U.S. Bank.

"I never saw any documentation that you were beginning to charge a penalty for using your PIN," she wrote. "This is a ridiculous charge and I would like these taken off of my account! This is a disgusting example of big banks adding fees and you should be ashamed doing this to loyal customers!"

U.S. Bank confirmed that it does charge 25 cents to some checking account customers who enter a PIN instead of signing a receipt when making a purchase. Only unlucky account holders in Colorado, Indiana, Kentucky and Ohio are charged for using a PIN code, said spokeswoman Jennifer Wendt.

As you've probably guessed, more than a few quarters are at stake.

Not long ago, I wrote a column explaining the difference between credit and debit, advising consumers to put the cash cards away and always use old-fashioned credit cards when shopping. Unexpected fees for PIN-based debit card transactions are just another reason to do that.

Less security, but more profit

The answer is simple: easy money.

First, let me explain the terms. "Debit or credit" is a misleading question. While all the plastic in your wallet looks the same, most of us carry around three different ways to pay: a regular credit card, a bank/ATM/debit/cash card that can be used with a PIN code to buy things at retail stores (PIN-debit transactions) and a bank/ATM/debit/cash card that can be used with a signed slip to buy things (signature debit). It's the last two we're concerned with here.

Look for fees like this on your statement.

Why would banks impose PIN-code fees? After all, PIN-based transactions are more secure than the signature-based form, as the 4-digit code provides another layer of verification that the true cardholder is using the card. U.S. Bank isn't the only bank that charges some consumers to make PIN-debit purchases. Wells Fargo charges a static $1 monthly fee to PIN-debit users. If it seems like these banks are pushing customers to sign receipts rather than enter PINs, well they are. That's because they stand to rake in more money from signature debit -- up to seven times more.

Remember that banks skim a bit off the top for every transaction paid with plastic. Numbers are hard to come by, but here's an example: Gartner's Avivah Litan says a bank will take in perhaps 20 cents from a merchant for a $100 PIN-debit purchase, but $1.48 for a signature debit purchase in the same amount. In general, banks can make up to 50 cents on PIN transactions, with the fee capped. But banks can rake in up to 2 percent of signature-based transactions, a potentially huge haul.

So Heidi is paying a quarter for each purchase because U.S. Bank really wants a bigger cut of her purchases, an explanation that left her unsatisfied.

'What ... is the point of a debit card'?

"What exactly is the point of a debit card if this is what they are doing?" she said. "No one is going to use it as a debit anymore if they have to pay a quarter each time to do so."

Heidi Hansen

It's still a mystery why the fees only appeared only recently on her statements; U.S. Bank couldn't answer that question. But Wendt, the bank spokeswoman, said the decision to levy the fee in four states was "market driven," because other banks in those states charge PIN fees too.

Lisa Westermann, assistant vice president of Wells Fargo, said PIN fees were assessed on "a very limited number of customers ... depending on account type and applicable waivers." There is nothing geographic about Wells Fargo PIN fees, she said.

Greg McBride, an analyst who monitors bank fees at BankRate.com, says PIN fees were common five to 10 years ago, but have actually been waning of late. In a survey earlier this year, only seven of 100 banks charged PIN fees, he said. Banks now prefer the carrot to the stick when steering consumers to use signature debit, he said.

Most banks prefer incentives to penalties

"Now the more frequent way you are seeing that incentive is through debit card reward programs," he said. Banks give airline miles for signature-debit purchases, but not PIN-debit transactions, for example.

Litan said it's disingenuous of banks to work this hard so consumers don't use PINs.

"The fact that banks are actively promoting signatures over PINs proves they are much more interested in revenue than security," she said.

As for Hansen, U.S. Bank lost about $5 in revenue by picking on the wrong customer. Her e-mail got instant results, and the PIN fees were refunded. Going forward, however, she feels like she can't use her debit card any more, and she's considering switching banks.

"I've been with U.S. Bank for years and am deeply entrenched with checking, savings, reserve line, direct deposit, automatic withdrawals and bill pay, but this sneaky little fee might just make me angry enough to uproot and change banks," she said. "I wonder if their other customers are as annoyed as I am."

Perhaps. Or perhaps they aren't noticing those quarter-sized nicks on their monthly statements.

RED TAPE WRESTLING TIPS

•The PIN fees might seem small, but consumers can run up quite a bill using their debit cards, McBride said. The first piece of advice: Watch banks like a hawk.

"People who use debit cards don't just use them sporadically they use them religiously," he said. "The (fee) may be small but it can add up over the course of weeks and months. All the more reason to carefully check your statement each month."

•The second piece of advice: Only use a cash card to get cash. Use credit cards to buy things. For my argument (and much disagreement from readers) see my previous column.

A legal battle between titans of industry began Tuesday in New York, and the outcome may have serious implications for the future of Internet commerce. Tiffany & Co. is suing eBay for allegedly allowing sale of counterfeit merchandise on the auction site. Should Tiffany prevail, eBay and other e-commerce sites could have to change the way they do business.

It's no secret that eBay.com is a favorite haunt for counterfeiters. Four years ago, Tiffany officials purchased hundreds of items labeled as "Tiffany's" and determined that 73 percent were fakes, according to court documents.

The jewelry and design firm filed suit against eBay in 2004, alleging that because eBay must have known about the overwhelming amount of cheating on the site, it contributed to the fraudulent sales.

"EBay has disclaimed the responsibility for sale of counterfeit items on its site," Tiffany's lawyer James Swire, said Tuesday during his opening statement. "EBay simply turned a blind eye. ... Because of that, it is liable for contributory infringement."

EBay, for its part, says it quickly removes fraudulent items when notified by trademark holders.

"EBay's record in responding is exemplary," argued Bruce Rich, eBay's lawyer. "The mind-set of our client ... has been we want to work and find a way to fix it."

Should the judge side with Tiffany, eBay could face a costly new expense. It would have to take on the task of verifying authenticity of any trademarked item for sale on its site, said Geoffrey Potter, chairman of the anti-counterfeiting practice at the law firm of Kramer Levin Naftalis & Frankel. A Tiffany win also would likely bring a wave of new lawsuits, he said.

"Waiting in the wings are other owners of famous brand luxury merchandise," he said. "EBay would have to change its business model for auctions of trademarked goods."

The legal issue hinges on which entity is most responsible for enforcing trademark rights, Potter said. A judge will decide if eBay should proactively remove counterfeits or if the company is doing enough by simply responding to trademark holder requests, he said.

"It's going to turn on eBay's legal duties," Potter said.

Like a flea market
In Potter's opinion, those duties have been clearly spelled out in lawsuits brought against flea market owners. Courts have found ignorance is no defense for flea market owners when counterfeit items are routinely sold by third parties at rented booths.

"EBay looks to a lot of people like a flea market," he said.

Generally, case law also places the burden on merchants to sell only legitimate goods, he said.

The Internet element adds a layer of complexity to the case. Courts have repeatedly ruled that Web sites are not generally liable for the behavior of third parties, such as messages left by readers on blogs like this one.

But the eBay case is different, Potter said, because it involves commercial activity rather than free speech.

"There's a real difference between speech protected by the First Amendment, and the notion of the marketplace of ideas -- and theft," he said. "And courts have drawn that distinction."

Opening arguments were heard in federal court at the Southern District of New York. As a bench trial, there is no jury. The trial will be complete in about a week, with a verdict expected in two to three months.

For more, read MSNBC.com's prior report on the lawsuit, "EBay fighting its toughest legal battle?"

Reuters contributed to this report.

Josephine made about $37,000 in 2004, but thanks to itemized deductions, she only paid taxes on $26,000. The Midwestern bookkeeper ended up getting a $1,000 refund, which was deposited into her account at a local credit union.

She never intended for the whole world to know this.

But a brief foray onto the file sharing network Limewire exposed her tax return to millions of Web users, who could find it as easily as you can find movie times on Google.

Josephine's tax return was apparently pilfered, stored by someone else, and shared anew on Limewire recently. With just a few seconds of searching, an MSNBC.com reporter found intimate details of Josephine's life -- how much she paid in property taxes, her Social Security Number, even her bank account number.

Josephine (whose name has been changed to protect her privacy from further violation) didn't want to talk about it when contacted, saying only that she "may have used it (Limewire) in the past." She also said she was unaware her identity had been stolen.

She's hardly alone. In recent months, researchers, congressional aides, and journalists have pulled off the parlor trick of finding consumers' tax returns on file-swapping services.

The peer-to-peer services, descendants of Napster, have worked to attain a level of legitimacy in the face of music-industry lawsuits, but most remain active haunts of those looking to download free music and videos. But when swappers incorrectly install the software, they can share everything on their computers. Tax returns, generated by automated tax software, are an easy target. Credit card numbers, personnel files, and even sensitive military documents also have turned up.

'Actively looking'
Chris Gormley, chief operating officer of the Tiversa security firm, has a message of all P2P users: These are no longer mere parlor tricks. Criminals are now well aware that Limewire and its competitors are a treasure trove of personal information. They now actively exploit the services every day.

"These aren't for entertainment," Gormley said. "These are people who are actively looking for this stuff."

Tiversa gets paid to search P2P networks for sensitive corporate information that might be left there by careless employees. Recently, the company began cataloging all search terms entered into the services by would-be downloaders. The presence of identity thieves was obvious. On Sept. 14, the first day of checking, Tiversa charted 2,314 searches for "credit card" and 8,303 searches for "passport." Criminals also ran searches for medical information (5,767), retirement-related documents (4,064), Quickbooks or Quicken files (about 6,000) and even audits (several hundred). Then there were vague searches for words like account, loan, confidential, log in, or proposal.

The most common search term also was the most obvious: "bank." Tiversa found 106,000 searches for that word alone.

Criminals have only piled on since then. By the end of September, there were twice many searches for "account" and "credit card." There were three times as many searches for "ATM."

By the end of October, the cumulative effect of these searches had become enormous. Tiversa picked up about 300,000 searches for credit cards, 440,000 for medical information, 650,000 for retirement-related documents, and 7.5 million for bank documents.

The person behind many of those 7.5 million searches is most likely a criminal planning to turn that downloaded data into money.

Worse than phishing
Falling for faulty peer-to-peer software is a much more severe problem than falling for other traditional identity theft tricks like phishing e-mails, Gormley said. When a consumer fills out a fake Bank of America message, the criminal will probably only get account data and perhaps a PIN code. But when a criminal can root around a consumers' hard drive, the stolen data haul is much more valuable. Combine that exposure with the refined search capabilities of software-sharing tools like Limewire, and these networks become the perfect accomplice for identity thieves, Gormley said.

"This is just like someone looking at your computer (in your house)," he said. "They're getting a lot more information than a phishing attack."

With an estimated 10 million to 12 million people using file sharing networks at any given time, and perhaps 60 million users total in the U.S. according to the Federal Trade Commission, identity thieves are shooting fish in a barrel.

One man who apparently shot a few fish was Gregory Kopiloff of Seattle, who pleaded guilty earlier this month to just the kind of crime Gormley is warning about. Kopiloff, who faces up to 20 years in prison, admitted using Limewire to download tax returns, credit reports, student loan applications and other files with personal information. He also admitted to stealing $73,000 from 50 victims.

Secret government files
Earlier this year, Tiversa CEO Robert Boback testified before a House committee that the stakes with file-sharing software data theft are even higher. He said company researchers had found nearly 200 secret government files on Limewire.

The company would not divulge the contents of the files, citing national security reasons. Boback would say only that they were "highly classified – clearly marked 'secret' or above -- government documents from the U.S. and others."

Careless music-seeking teenagers are usually blamed for Limewire file exposures. They install file-swapping software and steal their music, not giving a thought to their parents' Quicken files and tax returns.

But this stereotype isn't necessarily accurate. Josephine is an adult who installed the software herself. A second tax return found on the service belonged to couple in their early 20s living near Baltimore. The husband served in the U.S. military. With no kids to blame, it's likely they installed Limewire on their own. Attempts to reach the couple were unsuccessful.

Much as embarrassing MySpace and Facebook photos now haunt job-seeking young adults, the appearance of the Baltimore couple's tax return suggests there may be a new class of P2P identity theft victims: recent teens who have graduated from illegal file-swapping to adulthood, but who haven't counted on the privacy implications of their downloads.

RED TAPE WRESTLING TIPS
It's critical to understand exactly how every file-swapping program works. Here's the simple, broad view. It you can download files from someone else's computer, they can download from yours. Behave accordingly.
• TOXIC: Every file-sharing program should be treated as toxic, and in fact, many antivirus programs do just that. Make sure your antivirus software detects and disables unwanted file sharing programs. You're better off not using them.
• FIREWALLS: Some P2P software won't work, or won't work well, when your firewall is turned on. So a user might turn the firewall off to download files. This is playing with fire. What are the odds you'll start watching that stolen movie and forget to turn the firewall back on?
• USER ACCOUNTS FOR KIDS: Symantec's Jody Gibney offers this tip to parents who are worried about their technically proficient children: The Windows operating system allows separate user accounts for children and parents. Use them. That way, if your child accidentally shares his "My Documents" folder (the most common P2P pitfall), he or she won't be sharing your documents. Remember, Windows creates separate My Documents folders for each account. Of course, this isn't foolproof. If your child chooses to share your entire hard drive, you'll still have a big problem. But user accounts will help.
• PASSWORD-PROTECTION: It will also help to separately password-protect your security software so your kids don't disable your firewall or antivirus protection, Gibney said.
• IF YOU MUST: Those who are using file-swapping software need to pay special attention during installation to understand what part of their computer is being shared with the universe. Limewire and other software makers are making strides at changing the default settings so the software is less promiscuous. Limewire users now, by default, expose only a "shared" folder if they accept all default choices. That generally means you'll only share files you've downloaded from Limewire. Still, it's easy to change that setting and land in a heap of trouble.
• REALLY SHUT IT DOWN: Limewire also has a tricky feature that confuses many users into thinking they're turned the software off when they haven't. Clicking the "X" in the software's upper right-hand corner doesn't shut down the software, it merely minimizes it. That's foreign behavior to most software users, who click the X to close every other program they use. To really turn Limewire off, you've got to right-click the icon at the bottom of the computer and select "exit." This no doubt leads to a lot of users sharing more files than they intended.
• DO YOU NEED THOSE FILES? It's also important for consumers to realize how many sensitive documents they store on their computer and act accordingly. Software like TurboTax and Quicken creates many files that would be a gold mine to ID thieves. These must be carefully stored, ideally with additional password protection. You never know who might glance at your computer some day through some new Internet theft technique, or when you'll have to call a service technician for help. Destroying files that are no longer needed is also a good habit. Why take the risk? And you probably have to expand your idea of what's a sensitive file, too. In addition to the kind of items consumers generally think of secret, such as tax returns, Gormley said, criminals now regularly look for spreadsheets from work, retirement information, health records, and so on. He's seen some horror stories.
"Consumers' hard drives are full of things like psychiatric records, things you really wouldn't want anyone to see," he said.

With 150 million phone numbers now registered on the Federal Trade Commission's Do Not Call list, it seems clear most consumers don't want to receive unsolicited marketing phone calls. But apparently, it's not clear to everyone.

The FTC on Wednesday announced multimillion-dollar penalties against three companies -- lender Ameriquest Mortgage Co., adjustable bed seller Craftmatic Industries Inc., and home alarm firm ADT Security Services -- for violations of the Do Not Call list rules.

See MSNBC.com's Bob Sullivan discuss the Do Not Call list on MSNBC cable.

Craftmatic and three of its subsidiaries agreed to pay $4.4 million -- the second largest Do Not Call penalty ever -- to settle various FTC telemarketing-related charges. The agency alleged that Craftmatic obtained consumers' phone numbers through sweepstakes entries, then placed tens of thousands of calls to entrants who were on the Do Not Call list. Because the sweepstakes form did not expressly seek their assent to receive telemarketing calls, the calls violated federal regulations, the FTC said. The FTC also said Craftmatic placed millions of computer-generated "abandoned" calls by failing to connect customers to a live representative within two seconds as required.

ADT agreed to pay slightly more than $2 million to settle charges that two of its authorized dealers -- Alarm King and Direct Security Services -- placed telemarketing calls to consumers on the list. While ADT did not place the calls, the FTC held it responsible for the marketing tactics of its affiliates. A similar ruling last year held DirecTV responsible for phone calls placed by its affiliates, and that company agreed to pay a $5 million fine.

Ameriquest was fined $1 million after the FTC found the firm had purchased consumers' phone numbers from "lead generation" companies. Consumers had been enticed to provide their phone numbers and other personal information to Web sites offering various financial products. Because the consumers had not expressly given Ameriquest permission to call them, the calls were a Do Not Call violation, the FTC said.

The use of lead generation firms has created notoriety for Ameriquest before. A 2003 investigation by msnbc.com found that Ameriquest was purchasing leads from firms that sent spam e-mail to locate consumers interested in obtaining mortgages.

The FTC also announced Wednesday it is pursuing charges against a smaller company, Global Mortgage Funding, for allegedly making hundreds of thousands of calls to consumers on the Do Not call list in an attempt to sell them financial products. The FTC complaint also alleges the company failed to transmit required caller ID information when placing its calls.

"Consumers have made clear that they greatly value the Do Not Call Registry, and they must be able to depend on its privacy protection," FTC Chairwoman Deborah Platt Majoras said at a news conference announcing the enforcement action. "By bringing enforcement actions, like those announced today, we will ensure that the small number of bad actors pay a price for not adhering to the law and respecting consumers' privacy requests."

The Craftmatic sweepstakes finding is significant because it addresses one potential loophole in the Do Not Call list. The law authorizing the list makes several exceptions, including allowing companies with its "existing business relationships" with consumers to call them. There has been debate about the legality of calling consumers who had filled out sweepstakes entries or otherwise surrendered their phone numbers to companies in innocuous ways. The FTC finding shows the agency is taking a narrow interpretation of the law, requiring firms to obtain consumers' permission to receive marketing calls at the time they surrender their phone numbers.

The FTC will not consider sweepstakes entries as "existing business relationships," Majoras said, when "they are really just an attempt to trick consumers into giving up their phone numbers." She said the FTC is investigating other sweepstakes-based telemarketing programs.

The Ameriquest case also suggests the FTC is taking a limited interpretation of affiliate marketing relationships, which could limit the usefulness of companies that generate leads for mortgage companies.

Since the advent of the Do Not Call list in 2003, the FTC and the Department of Justice have brought 34 law enforcement actions against violators and collected $16 million in penalties.

Last month, the FTC ruled that it would not allow phone numbers to expire from the list. Initially, phone numbers registered to the list were set to expire in five years, but the commission found that most consumers want their registrations to remain permanent.

For the first time, everyone in America can now do something to prevent identity theft. Read on and I'll show you how.

On Nov. 1, the nation's three credit bureaus gave all U.S. consumers the ability to shut down access to their credit reports, making it almost impossible for a stranger to get the data needed to commit financial identity theft. The process is called a security freeze.

The change was not really voluntary. The credit bureaus battled with state legislators for nearly four years to avoid making the freezes available to consumers. But after 39 states passed security freeze laws of one kind or another, the industry decided earlier this year to make the option available to everyone. But there's a catch.

Using security freezes can be costly, and they can be a hassle. But that's just the bad news. I'll save the good news for later.

Here's the main "gotcha." For most of you, it will cost $10 to establish a security freeze. And once a freeze is in place, you won't be able to apply for new loans without "thawing" the report so a lender can assess your credit information. That costs money too -- $10 each time you need a car loan or a home loan. That doesn't sound too bad until you realize that there are three credit bureaus, and many households have two adults. That means it could cost a couple $60 each time they set up or lift a freeze.

Then there's the hassle. Setting up a freeze requires irritating paperwork like sending certified letters. And it means keeping track of freezing and thawing. It does no good to freeze one or two reports. If you want real identity theft protection, you'll have to freeze all three. If you want to get a new credit card, you'll have to thaw at least one report. To buy a new house, you'll probably have to thaw all three, then make sure they are frozen again.

Here's the good news. All those state laws about security freezes are still in effect, and some forward-thinking legislatures imposed price caps on the process. So a freeze might be cheaper, depending on where you live. In Maryland, for example, consumers pay a maximum of $5 for freezes. In New York, the initial freeze request is free.

Advice for ID theft victims
There's more good news: ID theft victims everywhere can now get and maintain security freezes for free – free to set, free to thaw and free to permanently remove.

The advice for ID theft victims is easy: Follow the links below and freeze your credit reports immediately. A security freeze is the best way to restore your peace of mind. The freeze won't stand in your way when you need a new credit card or loan; there will just be a small speed bump. You will have to give the bureaus a password -- a PIN code similar to a debit card password – to let you unlock your report so a creditor can peek at it. You might have to think a bit more before you obtain new credit, but that's not such a bad thing.

To get a free freeze, you will need a police report or similar government document to prove you are a victim.

One note about the process of recovering from a bout with an identity imposter: The police or your financial firm might suggest that you set up a "fraud alert" or "security alert" on your account. The proper term is "fraud alert," which is very different from a security freeze.

Fraud alerts are easy to set up (a simple phone call will do) and free. Unfortunately, they often don't work. The alert is simply a note in your credit file that advises businesses that you might be a victim of ID theft. Lenders can still pull your credit report and dole out loans or credit cards in your name. Fraud alerts also expire in 90 days, unless you follow up with paperwork, so you might as well get a freeze.

Security freezes provide much stronger protection. No one can access your credit report without your permission, period.

The credit bureaus encourage consumers to get only a fraud alert because their agenda is to keep you an active participant in the credit market (i.e., they want to keep pushing credit cards at you). You are better off with a security freeze, and don't let anyone tell you otherwise.

Advice for everyone else
The decision to freeze or not is a bit more nuanced for those who haven't been victimized by identity theft. It's hard to tell someone to pay $60 and fill out of bunch of paperwork as a purely preventative measure. In states where security freezes have been available for years, very few consumers have signed up.

Consumers Union is very high on freezes. Gail Hillebrand, the group's credit bureau expert, compares freeze fees to paying for insurance.

"If you are the person in the household who will have to unravel the identity theft after it happens, then you probably think $10 a pop is a good deal," she said. Consumers who are already paying for $10-per-month credit monitoring services should cancel and pay for security freezes instead, she said.

For consumers who pay their bills on time every month and stay on top of their paperwork, a freeze is a good choice. But many consumers will have a difficult time keeping track which reports have been frozen and which have been thawed, and how much they're paying in fees. If that's you, I can't recommend setting up and paying for freezes. Instead, take the time to write one letter to your state legislator asking why consumers in New York get freezes for free and you don't.

There is a class of consumers who are great candidates for a freeze: Those whom Hillebrand describes as "mature in the credit market." Many older consumers have as many credit cards as they'll ever need and have no plans to buy a car or a house in the near future – or perhaps ever again. For them, a security freeze is great insurance against becoming a victim of elder fraud, and obviously won't be a hassle to maintain, as thaws are unlikely. If you or your parents fit that bill, the $30 or $60 that it costs to sign up for freezes would be money well spent.

In a few states, seniors get to freeze their reports for free. Check the links below for specifics.

How to do it
Setting up a freeze isn't rocket science, but it will take you about as much time as it takes to make a loaf of bread. So here's the recipe.

Instructions for residents of each state are slightly different. Fortunately, the three credit bureaus have fairly simple grids on their Web sites explaining what the costs are and the process is. Remember, you'll have to get a freeze at all three bureaus.

Equifax
General info:
http://www.equifax.com/securityfreeze/index.html
State-by-state information
http://www.equifax.com/securityfreeze/state_file_freeze_grid.html
To get a freeze, Equifax wants you to send a certified letter with seven specific elements to Equifax Security Freeze/P.O. Box 105788/ Atlanta, Georgia 30348. The elements are spelled out clearly on the general information page, but they are, basically -- name, address, date of birth, SSN, utility bill for proof of address, payment and a police report if you are a victim.

Experian
General info and state-by state information
http://www.experian.com/consumer/security_freeze.html
To get state-specific information, scroll to the bottom of the page and pick your state from the drop-down menu.
Before giving you the information you need, Experian will warn you that a security freeze may make your credit life very difficult. Take that with a grain of salt, and then pick your state. You'll send the request by certified or overnight mail to Experian/ P.O. Box 9554/ Allen, TX 75013. Again, the recipe is listed on the firm's Web site, but it will call for a name, SSN, date of birth, current and past addresses dating back two years, a copy of your driver's license, and one utility bill.

TransUnion
General info and state-by-state information
http://www.transunion.com/corporate/personal/fraudIdentityTheft/preventing/securityFreeze.page
Send your freeze requests to Trans Union/Fraud Victim Assistance Department/ P.O. Box 6790/ Fullerton, CA 92834. A few state residents can call instead of write -- check the link above. Trans Union wants the following on the letter: name, address, Social Security Number, a copy of your driver's license and payment.

I know you are busy, and I know this is a hassle. But if you throw a loaf of bread in the oven, you'll be able to fill out the necessary paperwork by the time it's done. And you'll have twice the sense of accomplishment.

There are a couple of asterisks I need to tell you about. While the freeze provides solid identity theft protection, it's hardly foolproof. It can't stop non-credit-related forms of ID theft, such as the creation of a duplicate driver's license or criminal identity theft (when a suspect gives your name to police when booked for a crime). It also won't stop an undocumented worker from using your Social Security Number to obtain employment.

And sadly, it won't stop every company from accessing your credit report. New creditors are largely frozen out, but existing lenders -- your current credit card company, for example -- can still view your report and offer you new credit cards. It also won't stop those pre-approved credit card offers. The bureaus can still give your name and address to credit card companies. Of course, you can stop those mailings by calling 1-888-5OPTOUT or visiting http://optoutprescreen.com.

Finally, a freeze may lead to minor inaccuracies in your credit report. Companies that provide data to the bureaus might not be able to update your address information or other vital statistics if you move or change your name. So if you get a freeze, you should check your credit report at least once a year at AnnualCreditReport.com and make sure the information is accurate.

Despite these imperfections, a credit freeze is the best thing you can do – and in fact, the only thing you can -- to stop identity theft before it starts. Think of it like The Club you place on car steering wheels. Yes, the car can still be stolen, but many car thieves see a Club and move on to another target. ID thieves who face security-freeze speed bumps when trying to get credit cards or loans in your name are just as likely to move on to the next Social Security number.

The state of consumer protection in America is abysmal. Competing by cheating seems to be the rule of the land, with thousands of companies acting as if there are no laws and demonstrating no fear that misleading or harming consumers puts them at any risk for penalties.

To know why, simply look at the roster of players assembled to fight on our behalf. The agencies charged with making America fair and safe have been undercut and underfunded for decades. It's as if we're asking a minor-league baseball team to play the New York Yankees on our behalf, only this is no game. The consequences of weakened consumer protection can literally be life and death.

You may have heard the curious story this week of the Consumer Product Safety Commission, which is supposed to make sure thousands of everyday consumer products don't pose unnecessary dangers. Given the spate of recent high-profile recalls, Congress has just discovered there's too much work for the agency's paltry staff of 400, and is now considering a law to beef up its work force Curiously, the commission's chairwoman, Bush administration appointee Nancy Nord, opposes the increase. Could this be: A government bureaucrat rejecting more resources? Many observers were shocked.

They shouldn't be. Since the 1980s, all federal consumer protection agencies have been bled dry. And many of their politically appointed leaders have actually worked to hamstring their organizations to ensure they don't interfere with companies trying to make a buck.

Consider this: In the 1970s, when the Consumer Product Safety Commission was created, it had a staff of 900. Today, it's fewer than half that. At a time of unprecedented growth in world imports, and unprecedented product recalls, the commission's staff has never been smaller.

How bad is it? The New York Times recently reported that the agency has basically one person assigned to inspect new toys.

FTC: Shrunk from 1,700 to 1,000
Now let's look at the Federal Trade Commission, the granddaddy of consumer protection in America. In 1979, the FTC had 1,746 full-time employees. By 2006, that number had shrunk to 1,007 -- down nearly 40 percent. During this time, the FTC picked up a few more duties: Internet fraud, identity theft and the Do Not Call list, just to name a few. Not to mention the proliferation invention of infomercials, digital advertising, and the addition of 75 million more people to the U.S. population.

The FTC is loaded with well-intentioned lawyers who spend their days and nights chasing after bad guys, sending warning letters to companies that engage in blatantly false advertising and other unfair or deceptive trade practices. But given the massive staffing cutback, it's no wonder that our nation's airwaves are jam-packed with charlatans. Is it any wonder that the FTC's warning about unfair and deceptive mortgage advertisements, for example, didn't arrive until a few weeks ago, when just about every last potential victim of an exotic mortgage already had one?

The FTC files occasional lawsuits and tries to make examples out of as many cheaters as it can, but those serve as little more than a few thumbs in a crumbling dam.

FDA: Food safety inspectors lacking
The same story is repeated at virtually every federal agency chartered to protect us. Here's another, concerning the very basic task of keeping food safe. The Food and Drug Administration has 1,000 fewer food inspectors than it did 10 years ago, William Hubbard, a former FDA commissioner, told msnbc.com on Thursday. Seems like bad policy at a time when imports from countries with far different food safety standards than ours have exploded. The agency had planned to close about half its field inspection office and outsource some of its work, but recent scrutiny and a flood of imported food scares postponed any action. Even so, according to a recent New York Times story, a typical inspector must review 1,000 "food entries" every day. And on Thursday, Congress heard testimony that the FDA can't even keep track of what foreign firms it inspects, and probably two-thirds of foreign drug makers are never inspected.

States can't help, either
You might think that state government agencies would provide you with fall-back protection. Unfortunately, just as federal consumer protection agencies were being slashed, a second, parallel trend took hold during the past decade -- a trend toward pre-emption of state laws, rendering them null and void in the face of similar federal laws. Today, there are many situations where state officials simply can't help you. Most disputes with the nation's credit bureaus, for example, can only be addressed by a federal agency.

Industry groups favor this trumping of state power. It's easier to lobby and control one Congress than 50 statehouses. For example, when Congress this week deliberated giving the Consumer Product Safety Commission new resources, industry opponents took umbrage at a provision that would allow state attorneys general to sue companies over safety violations.

The law's opponents trotted out a familiar argument: "We don't want to have to deal with a patchwork of 50 different laws." Don't fall for that line. Consumer protection at the state level is just about all we have left. Federal consumer protection is nearly dead, or at least comatose. After decades of atrophy and neglect, it will take years to revive it.

This week, the Senate took a small step in that direction. Over the objection of the commission's leader, the U.S. Senate Commerce, Science, and Transportation Committee approved a budget increase for the Consumer Product Safety Commission. That's good. But it is a baby step. Even if the legislation were to become law, which is unlikely, it would only increase staffing by 20 percent. As we've mentioned, there's only one toy inspector for the whole country. Adding a one-day-a-week toy inspector won't really keep the country's children safer.

Regulation is not a dirty word
Instead, what's needed is a dramatic change in attitude and approach. It begins with an end to the anti-regulation era. Somehow, decades ago, many Americans were convinced that regulation was a dirty word, and that agencies that produced and enforced rules were to blame for any economic hardship the nation faced. Free markets, they were convinced, meant freedom from regulations.

Dismantling regulatory powers instead has meant freedom to exploit consumers. Hidden fees and unsafe products have been the obvious consequence.

Some say, "Well, that's a free market. If people are too stupid to protect themselves, government shouldn't do it for them." But outside of the pure mean spiritedness of that sentiment, that kind of thinking is economic lunacy. Good governments serve a few limited functions, such as providing for common defense and safety. Establishing fair marketplaces is one such role. Imagine if there were no weights and measures rules so oil companies could lie about how big a gallon of gas is (which, by the way, they do) and delis could fix their scales to cheat you out of meat. Or what if restaurants never had to pass a health inspection. All these require government regulations and regulatory agencies. We couldn't function without them.

Our world is ever-shrinking. Goods and services can come from anywhere and contain anything, and money can move around the world in a blink of an eye. Being a consumer is more confusing than ever. We need rules to keep things fair; and we need people to enforce these rules. That's a basic government function, one that's been abdicated for far too long.