Airline travelers may want to think twice about swiping their credit cards at airport self-service check-in kiosks following the possible theft of credit card account numbers from the kiosks at Canada's largest airport in Toronto.

One Canadian airline, WestJet, already has suspended use of credit cards for check-in at the Toronto kiosks in the wake of the investigation by Visa and MasterCard, which was revealed last week. Fliers can still use the machines, but now must use other methods – by swiping frequent flier cards, entering confirmation codes or using their passports.

About 31 million passengers fly through Toronto's Pearson International Airport every year, making the potential haul for credit card thieves able to access data entered into the 150 check-in kiosks enormous. But a possible kiosk-related heist raises questions about the security of the self-service machines at other airports, which are used by millions of travelers every day in the U.S and elsewhere.

It's still unclear how thieves could have stolen credit card numbers from the kiosks. A Canadian government report is expected later this week.

One possibility: Scammers attached small skimming devices to the kiosks that lifted the numbers from unsuspecting travelers, a technique often employed by criminals to steal information at bank ATMs.

But Scott Armstrong, spokesman for the Greater Toronto Airports Authority, which owns the machines, said investigators inspected the devices and found no signs of tampering. That suggests the data was collected by the machines and stored somewhere, then stolen by hackers who managed to access it – either directly or through the network that connects the kiosks to the airlines.

Put away your credit card?
Because of the uncertainty about the system in light of the investigation, some security experts are suggesting consumers should change the way they check in for flights.

Kiosks at Toronto airport are being investigated

"Next time you go to an airport kiosk for self-service check in, just type in your ticket reference number," said Avivah Litan, a security analyst at research firm Gartner. "Unless the kiosks are equipped with the latest in tamper-proof technology and card readers that encrypt data when the card is swiped, they are highly prone – given their public locations – to criminal tampering. They are a perfect target for thieves."

If the kiosks turn out to be the source of the stolen credit card information, that would raise another question: Why would the machines read credit card account numbers and other personal information, and store that data? Security consultants say the kiosks need only read names off the cards to check in passengers, but the machines in Toronto – and similar machines in the U.S. – could be set up to collect and store more data.

The kiosks in Toronto are made by IBM Canada, and the data is managed by two firms -- ARINC Inc., based in Maryland. and SITA Inc., a European consortium based in Geneva.

Linda M. Hartwig, a spokeswoman for ARINC, declined to comment on the apparent security breach. But she said the kiosks read everything on the entire credit card magnetic stripe – including account numbers and expiration dates -- then hand the information off to the airline. She said no data is stored on the kiosk itself.
Spokesmen for the other software company, SITA Inc., did not return calls seeking comment.

U.S. kiosk maker won't comment
In the U.S., about two-thirds of the kiosks used at airports are provided by Florida-based Kinetics, Inc., a subsidiary of NCR Corp. The firm would not discuss how its kiosks worked.

Several airlines contacted referred questions to Visa. A Continental Airlines spokeswoman, for example, said the airline wouldn't reveal if its kiosks collect credit card numbers while checking in fliers.

Christopher White of the Transportation Security Administration said the Toronto incident was "not an aviation security issue, it's more of a customer service issue, " and referred questions to the industry group, the Air Transport Association.

Elizabeth Merida, a spokeswoman ATA, would say only that there are no reports of similar credit card heists in the U.S..

Violation of state privacy law?
It's unclear what consumers expect when they use a credit card at the kiosks. The machines generally display a message such as "Your credit card will not be charged," suggesting that the account number won't even be read by the machine.

But that's probably not technically feasible, said Greg Buzek, president of research firm IHL Group, which studies the self-service kiosk industry. Credit-card-reading software generally will pull all data that's on the magnetic stripe and only later distinguish between names, account numbers, expiration dates, etc., he said.

After the account numbers have been read, they might be deleted -- but only if the software has been programmed to do so, Buzek said.

"What happens is completely up to the way the software is designed," he said. To make sure account numbers are not stored, "somebody has to physically take that information, take that data, and delete it."

Failing to do so might violate various state laws, said privacy expert Larry Ponemon, who runs research firm The Ponemon Institute. In California, for example, companies that collect information about consumers that is otherwise "non-public" are required to disclose that.

"Most people when they go to a kiosk just think of it as a way to identify you, not as a system that captures your credit card information," Ponemon said.

Kiosks wildly popular
Kiosks are enormously popular with airlines and fliers alike. Buzek said about three-fourths of consumers say they prefer checking in via kiosk. At Continental Airlines, more than 85 percent of travelers check in using them, he said.

The trend toward self-service machines has exploded in recent years. There are now about 70,000 ticketing kiosks in North America – including self-service movie theater or bus ticket machines -- performing $370 billion in transactions annually. That figure is expected to rise to $1.25 trillion by 2012.

But favoring machines over humans could have unexpected security consequences, warned Robert Grapes, chief technologist at Virginia-based security firm Cloakware Inc.

"We strive to make things convenient and we strive for a reduction of operational costs, but we focus on convenience more than security and now we're getting bit by that," he said.

RED TAPE WRESTLING TIPS
• Because the airlines and the kiosk makers have so far not been forthcoming about how their systems work, it's unclear how consumers should react to the Toronto airport story. There's no need to stop using airport kiosks, however. It's safe to use airline-issued record locators, such as confirmation codes, when checking in. Most machines accept frequent flier cards, too.

• It's easier to check in with your credit card, though, so it's important to keep the risks in perspective. Remember, your liability for theft from your account is legally capped at $50, and consumers generally aren't forced to pay anything when they report their cards as stolen. Still, a compromised credit card is a hassle, so a little caution could be worthwhile.

When Marco Zaldivar purchased four T-Mobile cell phones for his family a few years ago, he had no interest in text messages. They came anyway, and by 2007 unwanted texts were adding $20 to $30 to his bill every month, he claims. When he asked T-Mobile to shut off text service, the firm said that was impossible. Instead, he was given a Hobson's choice -- either sign up for a bundled text message plan with a monthly fee, pay $800 in early termination fees to cancel the service or turn the phones off for the remainder of his two-year contract.

Zaldivar decided on a fourth option -- he's suing T-Mobile for violating consumer protection laws. The lawsuit, which seeks class-action status, got a small green light last week from a U.S. District Court in Seattle, which rejected T-Mobile's motion to dismiss the case.

"When T-Mobile customer service told me I could always take the battery out of my phone to avoid the charges, I couldn't believe this was happening to me," Zaldivar, a corrections officer in California, said in an e-mail statement to msnbc.com. "It left me no choice but to try to stand up for myself, and others in the same situation."

A number of the texts received by Zaldivar were unsolicited advertisements, said Zaldivar's lawyer, Jeff Friedman. Even when unopened, his client was still charged for the messages, he said.

T-Mobile said it would not comment on the lawsuit, but a spokeswoman said the company has recently added a feature that allows consumers to essentially turn off texting.

"T-Mobile is committed to providing the best customer experience in wireless and does offer customers the ability to block chargeable text messages," the spokeswoman said. "T-Mobile also has extensive filters built into the network to help detect and block spam text messages being sent to customer's handsets that originate from internet IP addresses."

Last year, when the Red Tape Chronicles explored the topic of text message spam, a T-Mobile spokesman said text message service could not be shut off because it was used for internal billing purposes.

"The text messaging feature on your account is actually a mandatory feature and cannot be removed," the spokesman said. "This feature is needed because it's where voice mail and billing notifications are delivered."
If Zaldivar's lawsuit is given class-action status, T-Mobile could have a large case on its hands.

Friedman said about 17 million of the 27 million T-Mobile customers are not signed up for a text message bundle currently, and about 4 million of them have never sent a text message, indicating their lack of interest in text service. The lawsuit will attempt to include all those consumers in the class.
T-Mobile would not discuss how many subscribers pay for text message bundles.

The lawsuit maintains that T-Mobile, which is based in Bellevue, Wash., made text service "mandatory," while never making that pre-condition "clear and conspicuous" in its contracts. That violates Washington state's consumer protection laws, the lawsuit alleges.

"This is a matter of a long line of abuses, where people with the carrier have very little choice," Friedman said. "(Zaldivar) was damned if he did and damned if he didn't. He felt trapped, and that he was put in an unfair position."

Verizon, AT&T and Sprint allow consumers to shut down delivery of unwanted text messages.
The T-Mobile lawsuit comes at a time when all carriers are turning up the heat on consumers to sign up for monthly text bundles. In August, T-Mobile will increase its basic text message cost by 33 percent, from 15 cents to 20 cents per message. Other carriers made that jump earlier this year.

Consumers can avoid those high prices by signing up for a bundle -- 400 messages for $5 a month, for example.

Critics say the basic price of text messages is excessive compared to other cell phone data-related charges. Because they carry only 160 text characters, text messages consume a tiny amount of bandwidth -- about 1/4000th as much as a typical song, according to the blog GThing.net. But downloading a 4-megabyte song costs only about $1 on a standard cell phone data download service -- or roughly five times the price of a single text message. At test message prices, music downloads would cost almost $6,000 each, the site argues. You can double-check the Gthing.net math here.

And remember, cell phone companies make 20 cents twice on each message -- when it's sent, and when it's received.

Friedman says he expects a federal judge to rule on certification of the proposed lawsuit class by the end of the year.

RED TAPE WRESTLING TIPS• Many people are signed up for a per-message text plan and don't realize it. If that's you, shut it off now, before you get a bunch of text spam. Check with your provider. Now with T-Mobile on board, all the major providers essentially let you shut off texting.
• For most people, even light users, it's worth signing up for at least a small text bundle. They are reasonably priced -- as little as $3 per month – and act like insurance for that one month you are stuck in a train tunnel and find yourself sending 15 or 20 text messages. It's odd for me to be recommending that you sign up for a service with a fee like that, but that's just the way cell phone math works right now.
• If you have teenagers, seriously consider plans with unlimited text messages. Youngsters are capable of sending incredible numbers of text messages, so you're best off insuring yourself against that.
• Even with an unlimited plan, you can still end up paying a lot for text messages – so-called "premium text messages" -- which can cost $1-$10 each. These are texts sent to or from special subscription services, like dating services. One consumer who wrote to Red Tape found himself on the long end of a $10,000 bill not long ago. Even if you use text messaging, you should consider calling your carrier and asking that premium texting be disabled.

Hate hidden fees and other "gotchas" from credit cards and banks? You have until Aug. 4 to sound off about it.

In May, the Federal Reserve proposed a sweeping set of rule changes that would ban a wide set of consumer-unfriendly bank practices. The rules would prevent credit card issuers from charging retroactive rate increases on outstanding balances, for example, and ensure that bills are mailed at least 21 days before the balance is due. It would also make it harder for banks to change overdraft fees in some cases, and clarify a wide set of bank practices that sometimes seem like booby-traps designed to cost consumers.

The proposed rules are now open to public comment, but only until Aug. 4. Consumers who would like to make their opinions known about the new regulations can simply fill out a form on the Fed's Web site and leave comments there. Here's a link. Scroll about two-thirds of the way down the page and look for the words "submit comment."

Consumers should know that all comments will be made available to the public on that same Web site. In fact, already 31,000 comments have been made, though the Fed says 19,000 of those came via form letters. Still, according to CreditCards.com, the Fed's credit card proposals have drawn the second-most public comments ever, eclipsed only by a proposal involving real estate rules dating to 2000.

Sometimes, it's not good to know how the sausage is made. But credit card and bank rules are too important to leave to the sausage makers, and fortunately, all comments made so far are available for public inspection. They are worth at least a casual browse.

You can see a list of all 12,000 or so online comments here, but don't click on this link unless you have patience and a high-bandwidth connection.

A much shorter sampling of comments can be seen here.

Mostly positive
So far, the comments are overwhelmingly positive about the new rules, and encourage banking regulators to adopt them as soon as possible. But many comments are brief and some are full of simple name-calling.

"I recently had a WaMu credit card raise my interest rate by 60% and my minimum payment by 30% without explanation," is the entire comment left by a typical frustrated writer.

If you'd like to leave a more thoughtful comment about credit card and bank policies, you can read more about the rules in msnbc.com's prior coverage here.

You can also try to dig through the full text of the draft proposals, though they are a beefy read.

Digging deep
You will find satisfyingly detailed nuggets however, such as a rule that would "prohibit creditors from setting a cut-off time for mailed payments that is earlier than 5 p.m. at the location specified by the creditor for receipt of such payments." Many card companies now say the payment deadline is 1 p.m. on the due date, putting consumers at the mercy of the post office and the mailroom guy.

The rules also call for an end to some unhelpful bank euphemisms, such as the "grace period." Banks instead will be forced to use plain language like "how to avoid interest."

Detailed commentaries are still expected from industry groups and individual banks; these are likely to be relentlessly critical of the proposals. Immediately after the new rules were announced, the American Bankers Association issued a press release saying the regulations are "effectively price controls, which have never worked in the past, and we do not believe they will work here." Limiting the interest rates and fees that banks can charge troubled customers will end up forcing the institutions to charge higher rates to good customers, the association argues. "These rules will result in less competition, higher consumer prices, fewer consumer choices and reduced consumer access to credit cards," the bankers claimed.

While most banks have so far pulled their punches, hidden within the public comments are hints about the arguments banks will make. Officials from several financial institutions have met with regulators separately to express their concerns about any new consumer protections; notes from these meetings have been posted as comments. In one such note, American Express officials plead with regulators to postpone implementation of any changes for 18 months after adoption to allow "adequate time for system changes, staff training, testing, and integration." Other banks asked for similar 18-month timetables. During its meeting, Amex took issue with other proposals, such as a requirement that banks provide written notice before raising a consumer's interest rate.

"We ... continue to believe no additional prior notice should be required where the penalty (interest rate) has already been disclosed to consumers and is part of their account terms," American Express officials said, according to the note.

Little guys get in on the debate
Smaller lending institutions are also getting in on the discussion. In a letter send by Jeffrey Hubbard, vice president of risk management at Merrimack County Savings Bank in New Hampshire, the lender says technology limitations would prevent the bank from allowing consumers to opt out of overdraft protection when using debit cards to make withdrawals or buy things, but leave it in place for written checks.

"We wish to point out that a true opt-out of the payment of overdrafts related to ATM and (point of sale) debit card transactions is not feasible," he writes

To find more industry comments, click on the "all comments link" and look for links to comments that were not left by an individual.

Consumers, while mostly positive, also offer some criticism of the proposed Fed rules. Chief among them: They want banks to stop imposing overdraft fees when a bank has received a deposit that would cover the payment but has not yet been credited their account.

"I support your plan to ban overdraft fees on debit holds. Please go one step further and ban overdraft fees when the funds are in my account but haven't cleared yet," wrote Jim Flammio of Tacoma, Wash.

Other comments sound as if they come from exasperation.

"Give consumers a break," wrote Edward Dunne of Tampa, Fla., in his brief note

Consumers have two more weeks to give regulators their views.

Imagine standing in a retail store desperately looking for help from someone, anyone, and being directed to … a computer screen.

"No one here can help you," a clerk might say. "But someone 1,500 miles away probably can."

This just might be the future of customer service. Two companies, with products named Live Agent and Live Support, hope that consumers who today wander aimlessly through store aisles looking for help would be happy to use videoconference kiosks instead.

Already, shoppers in 34 Canadian Staples Business Depot stores all around the country have the option of getting video help from operators based in Toronto, according to Seattle-based Experticity, which makes the video kiosks for Staples.

Stores that are strapped for cash and have trouble hiring knowledgeable employees can offer better customer service through videoconference kiosks, says Chris Woods, chief technology officer of ClairVista, which makes Live Expert. Companies can also save money by leaning on a centralized staff, he said.

"Everybody who goes into a retail store today and walks away frustrated that they could not get their questions answered can get the help they need," Woods says.

Experticity's kiosk.

But won't customers lean on the exit doors after realizing the store has no plans to provide live human beings to help? DL Baron, CEO of Experticity, says just the opposite has occurred in trials at Staples.

"We found that consumers are lining up to talk to the person on the screen because they know the dopey kid behind the counter can't answer their question," he said. "When consumers start using it, it becomes their preferred mode of engagement."

Long-distance, video-based help has a number of obstacles to overcome, both companies concede. Chief among them is the impression consumers might get that the machines are there simply to replace humans and cut costs. If companies can't even bother to greet store shoppers with in-person smiles, why would consumers bother to go to the store?

Why help from afar might be better
But Baron counters that consumer help in many large retailers is already poor, and long-distance help will actually be an improvement.

"How many times have you walked out of the store because you knew more than the kid who was helping you?" he said. Floor clerks have an impossible task in trying to "keep up with and explain increasingly complex products." With a centralized set of agents, each one can specialize in a product area and provide better advice. Agents can also use interactive screens to show consumers how to complete challenging tasks such as electronics installations, and even print out instructions for consumers, Baron said. Buyers with Web cams can connect to customer service again from home for additional help.

That's assuming the video conference technology works, of course. Web cams are notoriously flaky, as anyone who's tried home video-conference tools can attest.

And of course, the advice will only be as good as the operators who are hired to give it. A home improvement store might convince fantastic kitchen remodeling experts to answer video questions 24 hours per day. But it's easy to imagine a firm hiring ill-equipped $8-an-hour operators to read off poorly written scripts instead.

Customer service expert Robert Spector, author of "The Nordstrom Way," said companies should tread carefully when making fundamental changes to the way they treat in-store shoppers.

"A lot of (companies) get enamored with the technology and lose sight of the consumer," he said. "Many companies don't think like their customers, they think in ways to make (the company's) life easier, rather than 'how do we make the consumer's life easier.' "

Replacing real customer service with discount gimmickry never works, he said. In one personal pet peeve, Spector said he's had several frustrating run-ins with live chat supports offered by Web sites.

"I always feel like I could do much better actually talking to someone than just comparing typing skills," he said. Live video help could work he said, but only if it's nothing like live chat help.

And there's always the bottom line
But even if the videoconference service tools aren't perfect, and the customer service benefits are dubious, remote assistance may be attractive to major retailers because of the potential cost savings.

Home improvement stores face a crush of ambitious project builders every Saturday morning, but by 2 p.m., the panic has died down and many highly skilled employees are stuck stocking shelves, Baron said. If stores could "load balance" customer support by funneling all questions through a central support team, they could keep top employees occupied with higher-skill tasks.

Woods argues that centralized video service would both cut costs and make customers happier. "If you could take the top 50 associates you have and take them off the sales floor and make them available chain wide, that's the ideal situation," Woods said.

In Baron's perfect world, there's a customer service video screen at the end of every store aisle, with a top-tier expert ready and willing to answer your question. What's the worst-case scenario? Think about toll-free hotlines. When was the last time you preferred waiting on hold and talking to someone half-way around the world to getting help in person?

No, presidential candidate Barack Obama was not found dead in a "shock accident." John McCain was not "found unconscious in a toilet." Will Smith wasn't "found dead in bathtub" either. And Britney Spears has not broken her arm in a "freak poolside accident."

The truth is quite a bit more subtle. A Microsoft security upgrade in April largely dismantled a network of hijacked computers used by criminals to send spam, and the hackers are desperately trying to rebuild it. To entice users to click on the links that will infect their computers with the notorious Storm worm, they have dispatched an avalanche of e-mail with fantastic news headlines in recent weeks. The average Net user is getting about 60 of the phony news bulletins per day, says the security firm MessageLabs.

Here's a sampling of subject lines:
"Bill Clinton in today's Times - thank god Hilary didn't beat Obama."
"Beijing Olympics canceled upon the death of China's president."
"Obama bows out of presidential race."
"Scandal rocks Obama as lurid sex video leaked?"
"Dog digs grave for owner."
And perhaps the most fantastic of all,
"Oil falls below $100 a barrel."

No, spammers haven't hired a bunch of former supermarket tabloid writers. They're just doing what they do best – exploiting human nature.

The Storm worm is the Internet's version of Broadway's "Phantom of the Opera" -- the longest running hit show around. Storm first appeared in January 2007, teasing users with a headline about deadly storms that hit Europe -- "230 dead as storm batters Europe," it said, offering a link to a full story. Clickers found themselves infected with the Storm worm.

Storm was an immediate hit for the hackers, who managed to trick hundreds of thousands of recipients into clicking on the booby-trapped link. That enabled them to build an enormous network of hijacked computers, called a botnet, which they use to send out more spam or commit other Internet crimes.

There have been hundreds of Storm variants since the first one, sent by a loosely affiliated gang of computer criminals. Some estimates say that up to 10 million PCs have been infected with Storm at one time or another.

But in April, Microsoft updated its malicious software removal tool, much to the chagrin of the hackers. About four-fifths of the vast Storm network was cut off, said Paul Wood, a security researcher at MessageLabs.

"That really cut into (the hackers) business model." Wood said. "So they are trying to do something to regain their power."

That something is a huge spam campaign with over-the-top subject lines, all designed to be an irresistible click to recipients. Storm has always relied on fake news to entice e-mail recipients, but this latest surge is so creative it would be amusing if the e-mails didn't pack a very serious punch.

Storm's creators are believed to be in Russia, but it's obvious from the headlines that they have a solid understanding of U.S culture.
"Oprah Winfrey survives horror highway crash."
"Michael Jordan confesses to relationship with Madonna a decade ago."
"Martha Stewart found unconscious in home."
"Obama challenges McCain to a marathon race to see who is fit as the commander-in-chief for USA."
"Scientists estimate oil to run out earlier than expected in 2012."
"Lindsay Lohan crashes brand new Lamborghini."

Obviously, the strategy works -- or the spammers would have moved on to something else, says Dylan Morss, manager of business intelligence at Symantec.

"This is a tried and true social engineering tactic," Morss said. "These are almost incredulous headlines, but you kind of want to look. They are going for a common human vice here." Symantec says it has blocked 200 million of these spam messages since April.

Users who click on the link in the body of the e-mail are sometimes sent to a harmless-looking herbal supplement page hawking body part enhancement. Others are sent to a pornographic video Web site that imitates YouTube, and told they must install a plug-in to view the videos.

Agreeing to download any software from porn sites is a recipe for certain Web disaster. But even the supplement sites can be laced with malicious software, Wood says.

To stay safe, never click on a link in an e-mail, even If a subject line about presidential candidates or a Hollywood stars piques your interest. Instead, fire up your Web browser and go to a major news site like msnbc.com to check it out. If John McCain really has challenged Barack Obama to a duel in Weehawken, N.J., I promise our politics section will have the story. And if Madonna is linked to any other famous athlete, Courtney Hazlett and Scoop will be all over it.

Traditionally, buying a home has been "free," at least with regard to real estate agents. Sellers pay steep commissions -- usually around 6 percent – which are split with the shoppers' agent. That allows home buyers to focus their energy on hunting for hidden fees from their mortgage provider.

But a disturbing trend that has emerged recently threatens this tidy arrangement. Some buyers' agents are now slipping junk fees into their contracts. Usually labeled "administrative fees," they range from $195 to $500. While their legality is in dispute, they have become commonplace. Virginia real estate broker Frank Llosa, who exposes real estate agent tricks on his blog "FranklyRealty," says perhaps 40 percent of buyer contracts now have administrative fees tucked inside.

"I don't think it's right," Llosa says. "I don't believe in administrative fees and I don't think any buyer should pay them."

These new junk fees are even more disturbing when they are not properly disclosed. Many buyers work with agents on a fairly informal basis and only sign an agency agreement when making an offer on a house. Then, they sign dozens of forms, making an agency contract with an administrative fee easy to miss – particularly since most have the expectation that the agent is working for free for them.

Sometimes the fees aren't disclosed until closing day. They don't appear on the Good Faith Estimates provided by banks when pricing mortgages, for example. Instead, buyers' agent fees first appear on the complex HUD-1 settlement form given to both parties at the closing table. At that point, it's difficult for a buyer to stop the proceedings and argue about the fee. That's why it's always best to ask for a preliminary HUD-1 draft estimate, which is often available 48 to 72 hours before closing.

The fees began appearing about five years ago, Llosa said. But now, say other experts, they seem to be in vogue as brokers struggle to stay afloat during the housing market bust. He said a few real estate brokerage firms are trying to attract talented agents by promising that deals will include administrative fees that they can keep.

When compared to the purchase of a $250,000 home, which could generate a $15,000 commission, a $250 junk administrative fee might seem trivial. But by the time agents split commissions with each other and their brokerage agency, commission checks could be whittled down to $3,000 to $4,000, so $250 is a sizable tack-on.

That doesn't mean you should pay it. Many buyers have simply refused to pay it, crossing it off the agency agreement, said New York-based real estate attorney Jeff Arouh.

"A sophisticated buyer may say, 'I'm not going to pay that fee,'" he said. But if the issue is unresolved until closing day, that's another matter, he said. "You might get angry, but are you going to lose a deal because of $250"

Against the law?
There is another critical question to be answered about administrative fees: Are they legal? A buyer named Vicki Busby, of Alabama, is suing her real estate agency over a $149 administrative fee she was forced to pay, and seeking class action status for the case. Believe it or not, there are laws against unfair fees.

The Real Estate Settlement Practices Act of 1974, which governs home purchases, includes provisions designed to prevent junk fees. Silly as it may sound, the law dictates that fees can only be collected for services actually provided. That means junk fees levied simply for the heck of it are not allowed.

When challenged, some real estate agents argue that administrative fees are office-related charges -- document preparation, and the like – that traditionally have been covered by the sizable commission checks. But Arouh said agents may be able to stay on the right side of the law if they simply itemize their services in a way that links the administrative fee to a particular service, such as assistance in mortgage application preparation.

He also said that's splitting hairs.

"The services of a real estate broker are those of a professional, and they agree to be compensated for providing a bundle of services and that bundle is reflected in commissions," he said. "I think administrative fees are inappropriate, but that's my opinion. I come from the school of thought that if you are a professional you deal with (consumers) as a professional and you don't nickel and dime them."

That school, apparently, is suffering from severely reduced enrollment at the moment.

RED TAPE WRESTLING TIPS
• It's nice to go shopping with an agent without having a signed agreement, as that keeps you a free agent. But when the time comes to make an offer on a property, don't just gloss over the agency agreement because your agent now seems like a friend. Look specifically for the words "administrative fee." If you find them, refuse to pay it. No agent will lose a deal over the administrative fee.
• If you feel the agent was deceptive in communicating the fee to you -- you have the sense that her or she tried to sneak it by you while signing other papers, for example -- give that some thought. If your agent operates with that m/o, what else might he or she hide from you? Consider changing agents.
• Get a preliminary HUD-1 form as early as possible, and look for the words "administrative fee." If you see it before you get to the closing table, you'll have a much easier time fighting it.
• Remember, no matter whose relative the agent is, he or she has a strong incentive to persuade you to buy something -- anything. Agents make money by closing deals, period. So maintain an arm's-length relationship.

CAMBRIDGE, Mass. -- For years, The Amazing Randi sat next to Johnny Carson performing magic tricks on The Tonight Show. But last week, James Randi was holding court for a very different audience -- an invitation-only collection of three dozen computer security experts at MIT's famed Stata Center near Boston. There, in what might be called the hall of fame for hacking, Randi couldn't stop himself from pulling gags. But when he wasn't bending spoons, making things disappear, or stroking his foot-long white beard and wizened chin, Randi revealed secrets about the art of deception.

"Many times," he confessed, "Magicians don't really know why their tricks work. They just work."

Put another way: Charlatans don't bother creating detailed schemes for deception. They just have a feel for what fools people.

On the other hand, the scientists who are working hard to make computers, airports, cities, and everything else safe for us often aren't endowed with this same feeling. They study problems, write papers, review their code, and write sophisticated cryptographic schemes. Then, with heavy hearts, they walk through rows of cubicles at American companies and see Post-It notes tacked onto computer screens with passwords.

At the first ever "Security and Human Behavior"conference last week, many of the world's top minds in computer science gathered to address this paradox. Their self-assessment was refreshingly honest and direct.

"In a field that has been marked by great human achievement during the past several decades, our branch of it can only be called a failure," conceded Matt Blaze, a computer science professor at the University of Pennsylvania, eliciting nervous laughter.

He wasn't really kidding. Despite remarkable advances in technology, most consumers are using the exact same clumsy security procedures they have for decades. And many feel even less secure.
In the meantime, the charlatans have continued to hone their deception skills. And they've enjoyed remarkable success at mucking things up. A trivial trick such as phishing e-mails – look-alike notes designed to steal personal information which appear to come from banks -- has wreaked havoc with companies and consumers alike for years.

That's why this ad hoc geeky group invited a magician, an architect, a photographer, a philosopher, several economists, a few psychologists and about a dozen other experts in behavioral studies to come give them an education in how people think. This high-powered collection of computer scientists humbly arrived at MIT asking for help, in an effort to get a better feel for the people they are trying to protect.

Famed cryptogrpahy experts Bruce Schneier, now of British Telecom, and Ross Anderson, a U.K. proferssor, assembled the small group -- including the magician -- as a way of getting at new answers to old problems.
"Many real attacks on information systems exploit psychology more than technology," Schneier says. "Security design is by nature psychological, yet many systems ignore this."

MIT's Stata Center, designed by Frank Gehry, has impossible towers and absurdly bright colors, and wouldn't look out of place in a Dr. Seuss book. Its hallways are full of plaques memorializing the greatest pranks ever pulled by MIT students - the security squad car that somehow made it onto the top of the campus rotunda, for example. The car actually sits high up on a ledge in the middle of the building's center hall (Forget the rotunda stunt, how did it get there?).

This hall of pranks seemed the perfect place to discuss the failures of technology -- and technologists -- in the modern age.

Bad guys have better people skills
Criminals usually don't bother learning all the ins and out of the technology they exploit -- they simply learn enough to be dangerous. But they spend endless hours understanding the people they plan to fool. Hackers long ago learned a short cut, what they call social engineering: Why spend years trying to hack into a bank when you can just ask an account holder to give you their name and password?

The technologists, on the other hand, tend to fight this battle with one hand tied behind their back. They generally spend most of their time studying technology, learning all its nooks and crannies from the ground up. They write careful research papers following the strict rules of scientific method. They must spend endless hours defend their findings against all comers, and they can't hurt anyone while conducting studies. They know the technology well, but they have little time to sit around understanding how people work.

But all that is starting to change, say some in this group of security researchers turned amateur psychologists. Several years ago, a quiet alliance was formed between behavioral economists – who study why people make irrational choices – and security professionals. Scientists and economists began writing papers together and sharing research costs. With last week's MIT meeting, the computer folks cast a much wider net in their search for answers.

Security, Schneier told the gathering, is "both a feeling and a reality," and both are important. Local police, for example, fight both crime and the perception of crime. Failure in either area can have serious consequences. Regardless of actual crime data, crime fighting is useless if residents of a town don't feel safe.

Pedophelia and the "License to Hug"
To that end, researcher Jean Camp at the Indiana University points out that people can easily assess risk when there are physical clues. People have a natural aversion to dark, empty parking lots for example, but there's no correlation to these kinds of physical clues online. That tends to keep older users from feeling safe while surfing. Camp studies this trust problem with residents at a nearby nursing home. She has created a large glowing box which sits next to a computer screen that turns green when fellow residents recommend a site is safe, and red when it's risky. Seniors find the large, obvious signal, reassuring, she said, and they are more likely to take advantage of the Internet to stay in touch with family.

But the battle to make people feel secure can sometimes feels like a losing cause. Frank Furendi, a noted British author on the subject of Risk and Fear, described what he calls a growing "hysteria" on the subject of pedophilia in the U.K. By next year, he said, one-third of all British citizens will have been subject to police checks. As a result, some parents won't let their children play with kids of parents who haven't been checked. He describes the problem in a new pamphlet, "License to Hug."

"Now we're not worried about pedophiles, we're worried about people who haven't been police checked," he said. "In response to an insecurity, we've created more sources of insecurity."

Often, Furendi noted, it's much easier for governments to create the appearance of security than the reality of security.

Among the fresh ideas discussed at MIT: computers might be too friendly. Our natural risk sensors do a good job of telling us when something physically dangerous is nearby (like a hungry bear), but do a terrible job of warning us about cyber-danger. Meanwhile, software makers have gone to great pains to make computers user-friendly. Perhaps that's a mistake, said Nicholas Humphrey of the London School of Economics. Occasionally, some healthy fear might help online, Humphrey said. Forget small padlocks on e-commerce sites – how about a large shark abruptly appearing on the screen to stoke primal fears?

Security fire drills called for
Privacy expert Alessandro Acquisti of Carnegie Mellon University brought a similar concept from the area of learning science -- the idea of the "teachable moment." Employees rarely read and digest memos about security with great zest and eagerness, he notes. But giving them the equivalent of a security fire drill can immediately change behavior.

Imagine, for example, if once each month or so your company's IT department send a legitimate-looking e-mail with a faux virus attached. Employees who "fall" for the e-mail would get a slightly embarrassing reminder not to click on unexpected e-mail attachments. In some more critical circumstances, failure in such random tests could impact an employees' annual review or raise. In a controlled test, Acquisti said, computer users were far more likely to learn safe computing behavior from this kind of random testing than traditional memos and warnings.

Not so easy to 'Fix the World'
After two days with 35 intense presentations each followed raucous question and answer sessions, things got strikingly quiet during the last panel, called "How Do We Fix the World." The topic of security ranges from keeping the family digital photos safe to keeping terrorists off airplanes. It also has no end-point. Terrorism researchers are plagued by the troubling question: "When will we know we've won the war on terror?" Security researchers face the same rhetorical problem.

But Aquisiti said he is hopeful this first-ever meeting will spur more interdisciplinary discussions. There was even talk of a "dating service," for researchers from different area to help them find each other ("I'm an economist studying the cost of antivirus software looking for a psychologist who is an expert in primal fear of predators.") Aquisiti was even hopeful a new field of study might be born. He struggled a bit to name it, however.

"Hmm…Perhaps the behavioral psychology of privacy and security," he said.

Or perhaps, they could just call it magic.

With gas prices soaring and seemingly no end in site, drivers are going to great pains to save at the pump. But it seems something obvious has been overlooked: skipping the commute and working from home. Fewer than 10 percent of Americans work from home even one day per week.

Much of the resistance to telecommuting comes from companies and bosses who don't trust their employees. New York Times best-selling author Tim Ferriss, who wrote The 4 Hour Workweek, has some tips for getting around that obstacle. You can watch the video by clicking here. It was produced by NBC's Andrew Gross and Colleen Sanvido, and edited by David Bentley. The three-dimensional graphics come courtesy of NBC's Patrick Longstreth.

You can read about Tim Ferriss' telecommuting tips by clicking here.

Think you don't have anything to worry about in the switch from analog to digital television? Think again.

Consumers have been told that the upcoming transition TV changeover would mainly impact viewers with old TVs using ancient rabbit ears for reception. And those stone-aged watchers need only purchase a new set-top converter box, subsidized by coupons from the U.S. government, to continue watching. And everyone would go on their merry sitcom-watching ways.

Turns out, that's not the whole story.

There actually are two analog-to-digital transitions going on. One, you've heard a lot about – the broadcast changeover. But the other – the analog cable to digital cable transition – could leave up to 100 million TVs in the dark, unable to display any cable TV channels at all without adding extra equipment.

The cable version of the analog-to-digital jump will impact anyone who takes a coaxial cable line from the wall and plugs it directly into a TV set. There will be no government coupons to help pay for the millions of new set-top boxes or converters that will be needed to make them work again.

The cable industry has produced countless advertisements about the coming conversion reassuring consumers that they had nothing to worry about.

Come February, though, millions of TVs will no longer be capable of displaying cable TV channels without new equipment – even basic channels, like ESPN, Comedy Central and The Food Network.

Kevin Findlen of Modesto, Calif., says he got the bad news recently from his cable provider, Comcast. He had seen the reassuring advertisements from the cable industry. But a few weeks ago, he decided to call Comcast and double check. The answer he got surprised him.

Most of Findlen's TVs will no longer be capable of displaying cable TV channels by next year, he says he was told.

"TVs that are connected directly to the cable connection will cease receiving programming on the conversion date except for the local channels," Findlen recalls being told by a Comcast operator. While his main TV in the living room with an attached set-top box would be fine, every other TV in his house would lose all cable channel service.

Findlen is now worried. And millions of cable consumers should be worried, too. At some point, all of them will lose service unless they get a new equipment.

Comcast, the largest cable provider, said it will begin dropping analog signals in 20 percent of its markets by the end of this year, although it has not yet disclosed the impacted markets.

Comcast spokeswoman Jennifer Khoury said consumers will receive advanced notice that their analog cable service is shut off and will be given a host of alternatives for keeping their TVs up and running.

What's going on
D-day for the analog broadcast signal – a date some observers have labeled "Y2K for TV" – is coming on Feb. 17, 2009. That cutoff will be abrupt. But the death of cable analog television is arriving a bit more stealthily, and more piecemeal.

While one has almost nothing to do with the other, their coincidental timing and similar nomenclature are sure to make an already confusing situation worse.

The prospect of millions of TVs suddenly losing their ability to display cable TV channels at about the same time that antenna-connected TVs stop working entirely is a recipe for chaos.

Joel Kelsey, an analyst at Consumers Union, sees it as something even more nefarious than that. He said some cable industry advertisements around the issue have been "extremely misleading."

"There's a whole lot of confusion in the marketplace and this is adding to it," he said. Many cable consumers, like Findlen, can't sit back and do nothing, as the ads suggest – they'll need cable boxes or converters soon, Kelsey said.

In an attempt to head off some of the confusion, the Federal Communications Commission issued a Consumer Advisory in May.

"Cable companies are not required to switch their privately-owned systems from analog service to digital service," the notice says, before warning consumers that cable companies may make the switch anyway, and may change consumers extra for the necessary equipment.

Reclaiming bandwidth
Most cable providers now offer two different types of service on the same wire – analog and digital. Currently more than half of cable subscribers already have a set-top box and digital service, easily identified by the presence of interactive menus such as an advanced channel guide which offers movies on demand.

Those consumers, when using a digital set-top box, have nothing to worry about. But analog users face looming changes that could be costly.

There are 26.5 million cable consumers who subscribe to analog service, according to the National Cable and Telecommunications Association. Many other consumers use the digital signal on one TV but take advantage of the analog signal on other sets in their home by plugging their coaxial cable directly into their TVs. The FCC said last year there were more than 100 million televisions using the cable analog signal one way or the other.

The cable industry, though, plans to shut down those analog signals in an effort to reclaim space that can be used for new services, such as additional high-definition channels.

Analog cable is a bit of a bandwidth hog – as many as six digital channels can fit in the space being occupied by one analog channel. With the arrival of new competition from the telephone industry, such as Verizon's FIOS service, cable companies need the extra bandwidth to keep up. But it's unclear how the industry can turn off analog service without leaving millions of customers in the dark.

The cable transition will not be as brutal as the end of the analog broadcast, which will hit with one fell swoop in February.

Instead, cable operators will decide on their own when to make the switch. So far, some services – such as Time Warner – have indicated that its analog signal won't be shut down any time soon. Robyn Watson, spokeswoman for the company, said its 3 million analog "basic cable" consumers won't see any changes in service.

Legally, cable companies are under no requirements to keep serving up analog stations. The FCC has set a very low bar for protecting analog customers. Cable providers need only continue to transmit analog versions of broadcast channels (generally, the familiar channels 2-13) for the next three years.

When cable companies advertise that its customers won't have to do anything to keep their televisions working after February 2009, they are promising only to keep those few, local broadcast channels available to all.

Comcast is taking up the FCC on its offer and is planning the most aggressive digital conversion of all the major cable companies – 20 percent of its markets will lose their analog signals by the end of this year. Comcast has not yet disclosed the impacted markets.

Other cable operators are handling things a bit differently. Cablevision recently dropped 9 channels off its analog cable line-up. That suggests the company plans to slowly cut back on analog offerings, rather than drop them all at once. Cablevision hasn't made additional channel line-up plans, according to spokesman Jim Maiella.

Cox spokesman David Grabert said his company has no plans to change its analog line-up.

"At the present time we feel offering analog service is a very customer-friendly approach," he said. While other video service providers such as satellite-based services require boxes for each TV set, cable analog signals give customers more choice, he said. "For us that's a strong competitive advantage."

'Free for as many customers as we can'
Derek Harrar, vice president of video services for Comcast, said his company will do a lot to minimize the pain of transition for consumers. That includes one free set-top box to every subscriber and the option to rent a low-priced converter for other sets at a cost that is considerably less than the regular charge for a full-fledged set-top box, generally between $5-$10 per month.

"Our objective is to make it free for as many customers as we can," Harrar said."The last thing we want to do is to have our customers be really frustrated with us."

But Findlen already is frustrated, and he fears he might be forced to rent three new digital boxes for a monthly fee of $6 each starting next year. To him, that's a hidden price increase just to maintain his current level of service. And he's upset that Comcast and the cable industry persists in advertising that nothing will change for him.

In particular, he takes offense to the message currently on Comcast's Web site, devoted to the digital conversion.

"If all your TVs are currently connected to Comcast, you don't have to worry about a thing. When February 17, 2009 rolls around, you can just sit back, relax and keep watching your favorite shows," it says.

But instead, he says, Comcast operators have told him otherwise.

"(I was told) you must connect each TV in your home to one of their converter boxes to continue receiving the same programming you get today," he said.

Brian Deitz, spokesman for the cable industry association, defends industry advertisements, saying they very clearly limit their promises to providing standard broadcast stations in cable analog formats in the future. He also says it's not accurate to link the end of broadcast analog signals to the end of cable analog signals.

"Cable's migration has been going on since the beginning of 2000," he said. The fact that some cable analog signals are being dropped at about the same time that broadcast analog signal are being dropped is coincidental, he added.

But Amina Fazlullah, a staff attorney at the Public Interest Research Group, is concerned that the cable industry will use confusion of the broadcast conversion as an opportunity to upsell new services, change channel lineups, and just generally make more money from subscribers.

"The advertisements say nothing is going to change, everything is going to be the same. Well, what's clear is things are not going to be exactly the same," she said. "The channels you chose from will change. The method you use to get cable could change, you might need a new box. A lot of different aspects could change."