From the moment U.S. top cybercop Richard Clarke uttered the words "digital Pearl Harbor" in 2000, the technology world has been engaged in bitter debate: Could hackers really cause as much chaos with computers as terrorists armed with bombs and guns? Or are security experts simply spreading fear and trying to sell products when they talk about cyber attacks?

The discussion had died down until recently, owing to the fact that no digital Pearl Harbor ever occurred.

But then came reports late last year that Chinese nationals were actively attacking computers run by the U.S. government and private British companies, all of which were vehemently denied by the Chinese government.

Now security expert Alan Paller has fanned the flames, quoting a CIA agent as saying that hacker-profiteers had carried out the mother of all hack attacks -- taking power plants offline and extorting their owners for cash.

Paller, who is director of the SANS Institute computer security training firm, said he had no details of the attacks, except that they allegedly occurred in unidentified overseas cities.

Here's precisely what the agent, CIA analyst Tom Donahue, said at a SANS training seminar for utility system security experts in New Orleans:

"We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

Paller, who's also part of a task force devoted to shoring up power grid computer systems, rushed out an e-mail to reporters and to 185,000 security experts detailing the dramatic CIA statement.

A message from the CIA?

In an interview, Paller said that the CIA clearly wanted to get out the message that time is running out to secure U.S. power plants and other major critical infrastructure systems. A year ago, he noted, that same CIA agent had chastised him for talking in public about such sensitive national security issues.

"It means something that the man who got mad at me a year ago when I was talking about this said this in public," Paller said.

Paller said Americans should not dismiss the purported attacks as isolated, or the byproduct of low-budget computer security in a poor country.

"We have no reason to believe these plants have poorer security than ours,' he said.

The problem with Paller's story, according some cyberthreat skeptics, is there is no reason to believe it is true.

Rob Rosenberger, who runs Vmyths.com, a Web site devoted to debunking cybercrime rumors, said Paller's notice contained so few details about what might have happened that it isn't much more than an urban legend.

'Who did it? ... When did it occur?'

"SANS director confirms the CIA confirmed ... absolutely nothing," Rosenberger wrote in a stinging rebuke. "Who did it? Paller doesn't know. When did they do it? Paller doesn't know. Where did it occur? Paller doesn't know. Why did they do it? Paller doesn't know."

Asked about the dearth of information last week, Paller said the CIA has clamped up and is offering no additional information.

"It is very thin on data," he conceded. "But clearly (the CIA) thinks things need to be fixed for some reason."

The CIA, for its part, wouldn't offer additional comment on the reports, other than to confirm Donohue's quote as accurate.

But one thing is clear: We are in for another round of digital Pearl Harbor discussions.

The revival is at least partly grounded in reality: The big back-end computers that run power plants – known as SCADA systems, short for Supervisory Control And Data Acquisition – are increasingly linked to front-end business systems.

A decade ago, these systems were isolated and arcane, making them virtually impervious to outside hacker attack. But even with the increased scrutiny on homeland security after the Sept. 11 attacks, SCADA systems are increasingly connected to the outside world. That makes them a much easier mark for hackers.

The temptation of connectivity

The temptation to connect SCADA systems to the Internet is just too great, according to one Department of Homeland Security official, who spoke on condition of anonymity. Many utilities own plants spread over wide distances, making Web access important if they want to monitor their facilities remotely.

Since about 85 percent of utility computers are owned by private industry, there is constant pressure to implement cost-saving s like remote monitoring, the official said. But the more wired power plants are, the greater the risk.

Counterpane security expert Bruce Schneier says far too much is made of most cyberterror warnings.

"There's nothing like a vague unsubstantiated rumor to forestall reasoned discussion," he wrote on his blog, Schneier on Security. As for the CIA-sourced extortion plot, he wrote, "I'm more than a bit skeptical."

That doesn't mean the threat's not real, he added in an interview. And he's glad national infrastructure security is now getting extra attention, whatever the reason.

"Talk of cyberterrorism is often the just hype. But is getting the right things for the wrong reason good or bad?" he asked. "I like this kind of security to get more attention. ... The reality is these systems are vulnerable."

Critical infrastructure computers were getting more attention even before the recent rumors surfaced, said Will Pelgrin, director of the New York State Office of Cyber Security. A working group, including hundreds of professionals and the Idaho National Laboratory, is constantly probing utility systems for potential weaknesses. They've also developed security specifications and designed sample purchase orders to help smaller utility companies build security directly into their products.

Experts welcome the attention

Pelgrin wouldn't discuss the CIA report, but essentially echoed Schneier's point of view.

"Regardless of the fact or fiction we need to make sure these computers are secured," he said.

Just last week, The Federal Energy Regulatory Commission issued strict new guidelines for cybersecurity at power facilities. Some point to that news as possible motivation for the CIA to call out utility firms and call attention to the risks.

Regardless of the latest truth-or-hype debate, computer security experts have a delicate job to do, one not unlike dentists who warn about the ill-effects of infrequent checkups or mechanics who urge frequent oil changes.

Warnings of potential disasters can come across as fear-mongering -- until something genuinely bad happens, at which point it's too late to heed the advice. So those who issue such warnings about cybersecurity must walk a delicate line between talking about worst-case scenarios to motivate security improvements without sounding too melodramatic.

The phrase "digital Pearl Harbor," which once motivated the White House to create the position of national cyberczar, is now generally treated as a bad joke by security professionals.

But the best way to judge the success or failure of those experts trying to keep these power grid systems safe might be this: Years from now, when someone says digital Pearl Harbor, we will still be laughing?

Digital picture frames were one of the hit gifts this holiday season, but at least some consumers have ended up with an unwelcome extra present -- a computer virus.

Electronics retailer Best Buy acknowledged this weekend that some private label Insignia 10-inch digital frames it sold over the holiday season were contaminated with a unidentified virus. The frames have now been pulled from store shelves and the product discontinued, Best Buy said in a statement.

"While this is an older virus which is easily identified and removed by current anti -virus software, we are taking this situation seriously," the statement on the Insignia Web site read. "This situation is not characteristic of Insignia products. We have launched an investigation and will take the actions necessary to help ensure that a situation like this is not repeated."

Digital picture frames, which display digital photos without the need to print them or use a computer, are soaring in popularity. According to estimates by the research firm IDC, consumers bought about 1.7 million digital frames in 2006, about 5.6 million last year and will purchase nearly 10 million this year.

The infection was limited to the 10.4-inch version of the Insignia frames, with a model number of Number NS-DPF10A, Best Buy said. The firm did not identify the scope of the problem other than to say it impacted "a limited number" of the devices.

The problem was discovered in early January, but Best Buy didn't post a notice about it until Saturday because the firm was trying to "get a handle" on its inventory," said spokeswoman Nissa French.

The company has not directly contacted consumers who purchased the picture frame, French said. It will do that when it has developed a detailed solution. "We want to communicate everything at once, for the best customer experience," she said. She said that "fewer than two dozen" consumers had returned the devices to stores complaining about the virus.

Some might question the firm's delay in notifying consumers, who might still be able to avoid infecting their PCs. Only consumers who connect the gadget directly to a PC running the Windows operating system risk infection, Best Buy said. Even then, users with updated antivirus products would be protected. Consumers who only slipped memory cards into their picture frames are not at risk either, the company said.

It is not clear how the virus landed on the hardware, but the firm said the contamination occurred "during the manufacturing process." French could not say how many consumers have complained about infection.
Those who purchased or received the frames can call Insignia customer service at 877-467-4289 for more information.

"An Insignia representative will be available to answer questions about your digital picture frame and determine what actions are necessary to ensure your digital picture frame and computer are clean and fully functional," the firm said.

The incident highlights a new risk for gadget users, said Zulfikar Ramzan, a researcher with the security firm Symantec Corp. Any time a gadget with any kind of memory storage is connected to a PC, bad things can happen.

"The reality is that when you plug anything into your machine you run the risk that whatever files are on that device could be executed on your computer, and that could include a virus," he said.

Use of USB flash memory sticks raises the risks, he said, but any gadget can post a threat. "There are security issues and people have to understand the risks. From an attacker's standpoint, this is a great way to get onto your machines. "

While there are many possible explanations for the Insignia frame infection, Ramzan said a "rogue employee" was the most likely possibility.

But he also said that consumers who buy returned merchandise should be especially wary, as a gadget could be infected by the initial purchaser, and then returned to the store contaminated.

"You just never know," he said. "That's why it's important to have security software."

An earlier version of this story indicated that Best Buy spokeswoman Nissa French said "fewer than 2,000" picture frames had been returned by consumers; that has been corrected to read "fewer than two dozen."

The folks who invented the credit score for lenders are hard at work developing a similar tool for hospitals and other health care providers.

The project, dubbed "MedFICO" in some early press reports, will aid hospitals in assessing a patient's ability to pay their medical bills. But privacy advocates are worried that the notorious errors that have caused frequent criticism of the credit system will also cause trouble with any attempt to create a health-related risk score. They also fear that a low score might impact the quality of the health care that patients receive.

Fair Issac Corp., developer of the FICO credit score, is one of several investors in Healthcare Analytics, the Massachusetts start-up that is developing the hospital risk tool. Another investor is Tenet Healthcare Corp, one of the nation's largest hospital operators. Stephen Farber, who resigned as chief financial officer of Tenet in 2004, is the CEO of Healthcare Analytics.

Several published reports have described Healthcare Analytics product as a MedFICO score, computed in a way that would be familiar to those who've used credit scores. The firm is gathering payment history information from large hospitals around the country, according to a magazine called Inside ARM, aimed at "accounts receivable management" professionals. It will then analyze that data to predict how likely patients will be to pay future medical bills. As with credit reports and scores, patients who've failed to pay past bills will be deemed less likely to pay future bills.

The idea sounds ominous to Pam Dixon, who runs the World Privacy Forum, which studies medical privacy issues.

"This is a bad idea and I don't think this benefits the consumer at all," Dixon said. "And what about victims of medical ID theft? Are we going to deny treatment to these people because they have a terrible MedFICO score?"

Firm says product's not ready yet
Tim Hurley, a spokesman for Healthcare Analytics, said criticism of the firm's work is purely speculative, as its product is still in development. Even the term MedFICO is inaccurate, he said

"MedFICO does not exist," he said, adding that the name "will very likely not be used when we bring our tools to market."

He refused to confirm other published details about the company's work, saying it was too early given the "premature nature of our product development cycle." Farber, the Healthcare Analytics CEO, is not granting interviews to discuss the product, said Hurley. Farber did speak to a Chicago Tribune reporter earlier this year.

Hurley did say, however, that hospitals will not use the Healthcare Analytics product before patients receive medical treatment, and it will have no impact on medical decisions.

He also pointed to federal law that makes it illegal for hospitals to refuse treatment to patients in their emergency rooms, regardless of a person's ability to pay.

The Healthcare Analytics tool will be used after patients receive care and after a bill is generated to help hospitals make better financial planning decisions, Hurley said. It will also help health care providers sort through patient records and potentially make it easier to write off some unpaid bills as charity cases, rather than delinquent accounts, which would offer the hospital some accounting benefits, he said.

The firm "is particularly focused on finding ways to help hospitals systematically allocate charitable resources, to make sure that patients who need financial assistance the most receive it on a consistent basis across the industry," he said.

Impact could reach beyond the ER
Dixon, however, was skeptical. While she didn't suspect the so-called MedFICO would be used to turn patients away in emergency situations, she said it could impact patients during follow-up visits or other non-emergency situations.

"If you had a poor score, you could be denied a hospital stay, for example," she said.

Linda Foley, who runs the Identity Theft Resource Center, also said any kind of medical risk scoring would run into a thicket of federal laws designed to protect consumers. It's not clear if such a score would be covered by the Fair Credit Reporting Act and other credit-related laws that grant consumers the right to see their own credit reports and scores. The information may also be covered by the Health Insurance Portability and Accountability Act (HIPAA), which restricts the use of patients' private information.

"The problem we see is: Who is regulating this?" she said. "How do we know it will never be used before treatment?"

She also pointed to the problem of Medical ID theft, which now hits 250,000 people each year, according to the Federal Trade Commission. Identity theft victims frequently find it difficult to clean their credit reports of errors; she feared medical ID theft victims might face the same fate.

Foley also said that a health care score, even if it was initially designed only for use in post-treatment billing issues, could end up being used in unforeseen ways.

"That's happened with credit scores. Now they are being used for all kinds of things like setting auto insurance rates. What else could a MedFICO be used for?" she said. Perhaps an employer might access the scores and use them to predict which workers might be expensive to insure, she speculated.

Since the invention of the credit score in the 1980s, risk scoring has become a valuable tool in many industries. Auto insurers have created their own scoring system, for example. Many Web sites buy software that assesses the risk that any individual credit card purchase may be fraudulent.

A crowded field
Meanwhile, Fair Issac's core business of selling credit scores to lenders has recently become a more crowded field. Some banks now use their own formulas to generate risk scores, and the nation's three main credit bureaus have developed their own scoring formula.

Scoring risk in the health care industry could be a valuable business, given the rising rate of unpaid bills. American hospitals face $40 billion in unpaid bills every year and 47 million Americans did not have health insurance last year. Others face rising out-of-pocket costs.

That means hospitals need more tools for collecting debts from private individuals, Hurley said.

"Hospitals have historically worked primarily with insurance companies and government programs like Medicare to arrange for payment," he said. "It is a recent trend that individual patients, including insured patients, have assumed significant individual responsibility for paying for care."

Fair Issac did not immediately return a request to be interviewed. A spokesman for Tenet directed all questions to Healthcare Analytics.

While published reports said the new patient scoring system could be in place by this spring or summer, Hurley denied that, saying the firm didn't even have plans to test the system for another six months and it wouldn't be sold commercially until the end of the year.

If you're like most Americans, you feel you're getting screwed all the time. When you open your monthly bills, rent a car or sign up for pay television service, you hear that tiny voice inside saying "Watch out!" You're not paranoid. You're merely paying attention. Hidden fees cost the average American consumer nearly $1,000 a year, $5 or $10 at a time, new research shows.

For the past two years, I've been writing about the kinds of 21st century headaches that lead to consumer paranoia and compiling them in the Red Tape Chronicles. In response, more than 50,000 of you have left comments on the blog. Sometimes you criticize me and my conclusions, sometimes you cheer me, but most of the time you come to share your complaints about unfair companies and government policies. In the past year I've heard from a father whose daughter ran up a $10,000 cell phone bill, a man who lost his entire $179,000 retirement fund to a hacker and countless others who paid hundreds of dollars in surprise bank overdraft charges.

In the face of this tidal wave of complaints, I set out to scrutinize the issue of unfair fees, taxes and contracts, and I found something you probably already know: Corporate cheating not only hurts your wallet every day, it is assaulting our way of life. The results of that research were recently published by Random House in a book I wrote titled "Gotcha Capitalism," which is now available in bookstores and online. You can read a free excerpt of the book today on msnbc.com. Other excerpts will follow later this month.

Fundamentally, "Gotcha Capitalism" is a story about the death of the price tag, about the constant bait-and-switch tactics that layer on fees and surcharges long after we're in a position to bargain over them. It's about rampant false advertising, about the explosion of small print and asterisks and about the seeming disappearance of federal authorities working to keep our marketplaces fair. It's about a threat to our economic system, which was designed to reward good companies with innovative products, low prices and smart employees, but now benefits cheating companies who hire the best liars and create the most misleading ads and confusing fine print.

I know all these fees -- and all the resulting phone calls, letters and other hassles -- can be a depressing topic. But there's good news: You don't have to take it anymore. You have each other.

The Internet is a powerful tool that consumers can use to find each other and share tips and tricks about getting around red tape and getting justice. It can also be used to expose unfair companies and their bad habits. And, of course, it can be used to call attention to a problem, which can lead to media interest and sometimes congressional hearings and news laws. In the last year, several unfair credit card company practices were stopped, largely because consumers complained and Congress began to listen.

I want to thank each and every person who has taken the time to leave a comment on the Red Tape Chronicles over the past two years. In some way, all of you have contributed to "Gotcha Capitalism." Some Red Tape readers will even find excerpts of their submissions in the book.

And I would like to invite anyone who's ever felt cheated by their cable company, Internet provider, 401-k administrator or anyone else to do one powerful thing: complain. And keep complaining. Do so politely, but don't put up with poor treatment. Complain to the clerk and then to a manager. Write an e-mail to the corporate office. Complain on the Internet, on this blog and on others like it, such as Consumerist.com and RipOffReport.com. Or make your own Web site and send it to your friends. By speaking up and making your complaints public, two things will happen. You will often get your money back. But more important, you will be placing a vote for a return to fairness, to a true market economy where companies can afford to be fair and the best firms win. You will be sending the message that "gotchas" just won't be tolerated.

Got some Red Tape you want untangled? Or just want to blow off steam? Share your story below.

You know all about rental car gas roulette: Either pay in advance for gas you'll never use, or bet that you'll have enough time to fill up the tank before you drop off the car. You might even know that some companies insist on a receipt as proof you've filled the tank if you take the second option.

But now, there's a third possibility: Pay up regardless. Some rental car locations are charging an extra fee to consumers who return their cars with a full tank. This "top-off fee" is being charged even if consumers present evidence they have that the tank is full. In other words, you're dinged if you do and dinged if you don't.

"I couldn't believe it," said Steven Dentali, who was charged the fee in October after renting a car from Dollar Rent A Car in Manchester, N.H. "I said to them, 'You're telling me I'm penalized no matter what? There's no way around me having to pay something?'"

That's precisely what the rental car agreement said. Here's the exact wording he received in his e-mail confirmation:

"Gasoline Policy: Vehicle must be returned with full tank or local refueling charge applies. If car is returned full a $2.00 top off fee will be applied."

When Dentali started asking questions, he said he was told that the fee was being test-marketed by Dollar at select locations in New England.

Dentali demanded a refund and was told he had to talk with a manager, who in turn told him to call Dollar's corporate offices. He did, and said he was promised a refund. But the $2 never arrived.

Dentali, who wins the Red Tape Perseverance Award for this month, made another phone call and sent an e-mail to Dollar. Finally, his complaint landed on the right desk. On Dec. 26, he got a late Christmas gift via e-mail from the rental card company, albeit a measly one:

"I am unable to advise you as to whether or not this is a permanent policy or what the purpose is for it, but in an effort to regain your confidence in Dollar Rent A Car, I have requested a refund check in the amount of $2.16 to be forwarded to you from our accounting office," wrote an employee of Dollar Thrifty Automotive Group, Dollar Rent A Car's parent company. "Please allow up to three weeks for processing and mailing."

'Not a widespread practice'

Chris Payne, a spokesman for Dollar Thrifty, said the location that assessed the "top-off" fee was a locally owned franchise, which is allowed to set its own policies. Corporate-owned Dollar locations don't charge the fee, he said.

"Franchisees are given some discretion when it comes to the operation of their own facilities, and occasionally they will have different fees," he said. "This 'top-off' fee appears to be something they have enacted. I can tell you that it is not a widespread practice among Dollar locations."

Rental car companies have been playing games with gasoline prices for years. In fact the games are so common that we don't even question them any more. Why, for example, does the price of gas double between the time you rent the car (and are offered the chance to pre-pay for gas) and the time you return the car?

Fortunately, rental car firms don't get away with everything. Just a few months ago, Budget Rent-A-Car got got the attention of the Federal Trade Commission after the rental company instituted a policy requiring receipts from customers who returned their cars full of gas, and dinging those who returned without receipts with $5 to $10 fees that the FTC said were poorly disclosed.

The top-off fee represents a new zenith in fee creativity. For Dentali, it was just too much to bear. Even though he figures all those wasted lunch hours, faxes, and phone calls ultimately cost him about $200 to get his $2.16 refund, he thinks the fight was worth it.

"My parents went through the Depression and taught me what a buck is worth," he said. "And I have a strong sense of what's right and what's wrong, a sense of fairness. …You catch a company sneaking a small dollar amount like that on your bill, and if you don't challenge it, they'll keep getting away with it."

In a quiet, nearly empty conference room on the other side of the city from the 140,000 enthusiasts cramming the Las Vegas Convention Center, a roomful of wet blankets was discussing a dirty little secret of the high-tech industry, a small sacrilege during this annual celebration of all things geek.

Sure, all these gadgets are cool, but do they work? If past history is any indication, often, they often won't. Here's that dirty little secret, unearthed by the group of consultants from Accenture: Product returns cost the tech industry $14 billion each year, a huge chunk for a $200 billion business. The Accenture group will be releasing a study on gadget product returns later this week, but I got an early peek. Their main finding is this: Consumers often can't figure out how to use many of the gadgets they buy, and a sizable portion of those gadgets end up right back at the store.

"Customers believe that the product doesn't work or does not perform as expected," said Allen Delattre, who runs the electronics research group at Accenture. "But almost none of (the products) have a hardware or software defect. The returns are happening because people can't figure out how to make things work."

Return rates are as high as 20 percent in some product categories, he said. For a gadget maker, return of a perfectly working device simply because the buyer got frustrated is something just short of a tragedy.

"And this problem is only going to get worse," said Delattre, after watching Bill Gates' glitzy keynote address Sunday evening in which automobiles merrily talked to MP3 players and Web sites flawlessly communicated with cell phones and cameras. In fact, everything will be connected in the "cloud," the Microsoft founder said to rabid fans.

Not so fast, says Accenture.

Products like Panasonic's "Life Wall," which will let people display life-sized, live video of their baby sleeping in a crib on the wall next to that night's Nightly News broadcast will soon be launched into consumers' already complicated lives.[ Cars already are allowing consumers to bark out commands and hear their tunes or talk to friends.

But when the cool car-phone-stereo doesn't work, who does the frustrated consumer call? The MP3 maker or Jiffy Lube? The cell phone handset maker or the network provider? Or is the car salesman supposed to deal with the file not found errors?

"The answer … is to call the person you have the best experience with," Delattre said. But that's not necessarily the company that caused the problem. Instead of collaboration, you are bound to have collisions.

Cooperation...or collision?
Almost everything new at this year's CES involves gadgets communicating and cooperating like never before. More to the point, tech support staffs at all these companies will have to cooperate like never before. The folks at Accenture aren't sure that's going to go smoothly. In fact, one Accenture consultant said a co-worker recently bought a new luxury car that has been in the shop for 30 days while technicians try to figure out why its Bluetooth capabilities are on the fritz.

How patient will consumers be when these inevitable conflicts and glitches arise? A study last year showed the average gadget buyer has a "pain threshold" of only 20 minutes with new devices. Any problem that can't be solved in the time it takes to watch a Seinfeld rerun will likely cost the retailer a sale.

The cost can be quite a bit more than that. Handling returns is incredibly expensive for retailers, who have to inspect the product, troubleshoot the problem and repackage the item for reduced-price sale. An old rule of thumb in the PC industry states that one returned computer wipes out the profit made from the sale of two others, Accenture says.

'One throat to choke'
The problem of knowing where to complain is familiar to PC users. When their computers won't work, they're used to hearing the hardware maker blame the software maker, and vice versa. How much worse will the pass-the-blame game get in the new super-connected world? When it comes time to work things out, no consumer will be willing to call multiple manufacturers and retailers to get an answer.

Another Accenture expert, Jean-Laurent Poitou, says consumers will insist on having "one throat to choke" when things go wrong. That means some companies will end up biting the bullet for others' mistakes. If there is too much cost-shifting going on, development of all these products could grind to a halt.

But interoperability glitches aren't the only reason the Accenture folks think returns are going to increase. Thanks in part to the constant hawking by technology companies at trade shows like this one, people's expectations for their gadgets have never been higher. That means there's much greater chance for disappointment, too.

'Razor blade of technology'
But even good news is bad news in this story, Delattre said. Plummeting high-tech prices mean the latest gadgetry is no longer only for the rich and famous. For example, flat-panel TVs and amazing high-fidelity stereos can be in almost every living room (good), though most customers won't want to pay someone else to come set them up (not so good).

"You are basically handing a razor blade of technology to people and telling them they are responsible for the cuts," he said.

At the same time, customer service models at most high-tech firms have simply not evolved to handle all the questions they get from users. Consumers who might tolerate 45-minute waits for support on $50 software products won't put up with similar service for $1,500 televisions.

"It's a perfect storm," for customer returns, Delattre says. "It's not a pretty picture. This is a huge problem for the industry, a huge economic impact. It's a potential profit killer."

Too many features
Given all the magic our gadgets can perform now, why is it so hard to make these incredibly powerful devices simple enough for grandma and grandpa to use? Ben Shneiderman, a professor at the University of Maryland and founder of the Human-Computer Interaction Laboratory, says that companies often forget the practical ways their customers will use products when they pack them with features. Feature feeding frenzies like CES certainly don't help.

"Companies with strong usability communities that test, test, test with real users are likely to have more successful products," said Shneiderman, who didn't attend the trade show. "Usability is the differentiating factor that makes for video game, iPod, navigation, and cell phone success stories vs. disasters. The trick is aligning consumer needs with interface features. Too many features overwhelm some users."

The cure, however, may be worse than the disease. The Accenture researchers think companies that sell gadgets that customers can't use will look to adopt a new model -- one that sounds like those tack-on extended warranties, only worse. Can't get your phone to work with the car? Pay $10 a month, and your cell phone company will help. Not sure you are getting the best sound playing your iPod through your bedroom stereo? Well, someone will tell you how for $25.

Or, consumers will simply hire part-time home technology helpers, the way they hire plumbers or "pool boys," say the Accenture researchers.

A little advice goes a long way
But Las Vegas is jam-packed with people this week who see things very differently. And so, apparently, do some retailers who work every day to keep consumers happy. Andre Sam manages the Best Buy electronics store on Manhattan's Upper East Side, one of the busiest tech stores in the country. During the holiday season, recognizing that difficult return policies make shoppers reluctant to buy high-tech gifts, Best Buy instituted a liberal return policy. Gifts purchased way back in November can be returned through January with no restocking fee.

Even so, Sam said he's seen very few gadget gifts come flying back into the store. GPS devices, cell phones, and digital cameras all seem to be staying in their new homes, he said.

"People are doing a lot of research at home before they buy these things," Sam said. In fact, the most commonly returned items were not gadgets, but movies -- though there is a gadget-glitch-related reason for that. Some gift-givers bought the wrong format DVDs, for their loved ones, for example, Sam said.

But Sam acknowledged that not everything has gone perfectly. He said he's interrupted several buyers who were on their way to return video games, offering the explanation that the devices simply didn't work. Each time, he said, he took the gadget out of the box, hooked it up to a store TV and showed the consumer what they were doing wrong.

"Once we get it to work, they say, 'Gimmie that back.' All we did was connect everything," Sam said.

For the promises of CES 2008 to come true in America's cars and living rooms, the tech industry will need a small army of folks like Andre Sam to go along with all that technological wizardry. But the question remains, will consumers pay for that?

Citibank is using the rather blunt instrument of lowering some customers' daily ATM cash withdrawal limits to fight a recent spate of cash machine fraud. The company said Thursday that the change impacts "a small population of customers" in New York City, but would not provide additional details.

It's not clear how much daily withdrawal limits were lowered, but the New York Daily News spoke with one consumer who said her limit had been cut in half.

"Though we can't provide details of ongoing security investigations, we are working closely with law enforcement on this matter," Citibank said in a statement to msnbc.com. "We continue to monitor our customer accounts for suspicious transactions and encourage customers who notice suspicious activity to call our customer service unit at the number on the back of their ATM cards."

Consumers who suffer fraud aren't liable for the losses, if they report the missing money in a timely fashion. Those who need extra cash can call Citibank and ask that their daily limits be raised.

But lower cash withdrawal limits may have a more serious impact in New York than elsewhere. Many New York City restaurants, for example, don't take credit cards, so customers often must scurry to ATMs in order to cover their bills.

This is at least the second time that Citibank has curtailed access to cash in response to a fraud outbreak. In March 2006, overseas travelers found they couldn't withdraw any money from ATMs in places like Canada or Russia. Later, it was revealed that criminals had managed to steal ATM card numbers and PIN codes from an outside source, prompting the abrupt security measure.

Citibank wouldn't answer questions about the incident that led to the recent limits on cash withdrawals. Spokesman Rob Julavits said the lower limits were imposed only on New York City consumers, but wouldn't explain why the fraud was geographically limited.

Doug Johnson, senior advisor for risk management policy at the American Bankers Association, said lowering daily withdrawal limits is a standard tool used by banks to fight fraud.

"Institutions, once they find fraud that's serious enough, they will take action. It's not unusual," he said.

He would not comment on the Citibank incident, but when asked if consumers in other parts of the country might be at risk, he said, "I wouldn't focus just on New York." He wouldn't provide specifics, saying only that banks around the country are constantly fighting ATM fraud.

'Consumers ... deserve more'
Avivah Litan, a bank security expert with consulting firm Gartner, said Citibank's strategy in dealing with this latest round of fraud -- limiting consumers' access to cash -- was disappointing.

"Consumers expect more both in terms of security and convenience and frankly, they deserve more," she said. "This will probably serve as a wake-up call to Citi to invest more in enterprise fraud detection and stronger card security systems. There are certainly good technical solutions that can detect fraud with a fairly high degree of confidence. ... The problem is banks like Citi don't typically invest in these solutions until they either have to in order to comply with regulations, or because they are getting hit hard with fraud losses or loss of consumer confidence."