Privacy's last stand is taking place not far from The Alamo in Texas right now, to hear some people tell it. Two schools in San Antonio have begun tracking students using radio-enabled computer chips embedded in their ID cards, allowing administrators to know the precise whereabouts of their charges on campus -- be it in class, in the bathroom, in a stairwell or AWOL -- all while sitting at a computer.  

The stated purpose of the so-called RFID ID cards is simple: Because state aid is based on attendance, and the chips help schools count kids, tracking equals funding. The district also says the technology makes kids safer.

But at the intersection of technology, parenting, schools and privacy rights, things frequently get messy. Are schools merely modernizing, or are they teaching children to silently accept a Big Brother state? Should parents be happy that teachers can more easily keep tabs on their kids, or should they worry that vast databases of detailed location information might one day harm the children?

Technology with potential privacy implications is shoehorning its way into schools around the country, creating thorny issues at every turn.

Should district be allowed to demand middle-schooler's Facebook password?

Before San Antonio's implementation, Houston ran a trial in 2010 and found the RFID ID cards did in fact help boost attendance figures. RFID tracking has also been tried in California, where one preschool embeds chips in kids' clothes. Biometrics -- usually fingerprints -- have been used by some schools. In Carroll Country, Md., some kids now flash their palms instead of cash to pay for food. And the Daily Princetonian earlier this month revealed that new keyless locks opened by ID cards installed in dorm rooms feed a central database that records each time students enter buildings and rooms. University officials responded to the story the way every school does -- and nearly every data collection authority does -- by saying officials don't monitor the data but they reserve the right to access it in an emergency.

Children desensitized to being watched?
The definition of an emergency can be dicey, however, and that logic has already led to some celebrated privacy and technology lawsuits. Several districts around the nation have run into trouble for demanding students' social media passwords or asking to rummage through kids' cellphones without a warrant. 

A few parents in San Antonio are putting up a stink about the RFID cards, arguing that schools shouldn't be a playground for new privacy-invading technologies. A group calling itself "Chip Free Schools" has tried to organize opposition. Another parent is objecting on religious grounds.

Gov't agencies, colleges demand applicants' Facebook passwords

Chip Free Schools has received support from a larger privacy advocacy group -- Consumers Against Supermarket Privacy Invasion and Numbering, or CASPIAN, which was formed more than 10 years ago to protest the proliferation of supermarket loyalty cards.

Follow @RedTapeChron

E-mail a tip to Bob Sullivan

"RFID is used to track factory inventory and monitor farm animals," said Dr. Katherine Albrecht, director of CASPIAN. "Schools, of all places, should be teaching children how to participate in a free democratic society, not conditioning them to be tracked like cattle."

Of course, the fight against loyalty cards didn't get very far, and privacy concerns may take a back seat as schools are tempted by new technologies that help them manage their districts, warns Jay Stanley, a senior policy analyst with the American Civil Liberty Union’s Speech, Privacy and Technology Project.

It's often hard to see the long-term privacy issues created by technology through the fog created by short-term gains, he warned. Location tracking can have a chilling effect on casual congregating, for example -- kids who consider forming a club may skip the idea once they are aware that administrators will know about every meeting. 

"The consequences of tracking are that as people become more aware they are being tracked, they become less free," he said.

There's also concern that students who learn to accept tracking as teen-agers will enter adulthood desensitized to being watched by government agencies.

"Schools shape children not just by what they tell them, but also what we demonstrate to them," he said. "We don't want to see the next generation of citizens growing up thinking about this kind of invisible eye in the sky."

'Prisoners in their own schools'
There are also several practical problems with tracking students and collecting data on them, Stanley warned.  The practice can provide a false sense of security, for example, as kids might find a way to separate themselves from their RFID chips ("As a parent, I would wonder, do they know where your kid is, or do they know where your kid's chip is?" Stanley said). While the data might be collected for one use -- paying for lunch -- there might be mission creep. One day, it could be used as part of an adjudication procedure to find witnesses to a fight, for example. Long term, perhaps it will end up in the hands of political operatives, forcing a future presidential candidate to explain why he missed so many history classes. There's some concern -- theoretical at this point -- that the radio signal sent by the chip or the data collected could be stolen by others who might harm children. And there are worries about the cost.

NBC News' Charles Hadlock on the school's controversial use of tracking technology

"You should ask, 'Is this just a gimmicky solution to a problem that's been solved already, like using lunch money,’ and the funds might be better spent on education?’ " he said.

Katie Deolloz, who is helping coordinating RFID ID card opposition for CASPIAN, argued that the switch to an RFID card was really motivated by money.

"Students deserve to be treated with dignity and respect, not forced to wear microchips that track them like cattle," she said. "(The district) has spent upward of $500,000 solving a non-problem. Relying on RFID to track and monitor students during the school day shifts the burden of responsibility away from the administrators and teachers. (The district) needs to be in the business of educating children, not treating them like prisoners in their own schools."

Failing to provide Facebook password gets teacher's aide fired

Stanley concedes that parents confronted with tracking technology at schools might have a very different reaction than privacy advocates. Many already pay cellphone providers so they can use mobile GPS tracking tools to keep tabs on their children. Parents also tend to keep kids much closer at hand then they did a generation ago, when it was common for kids to spend entire days biking around the neighborhood unsupervised. When concerns about school tracking are raised, they sometimes respond with a simple shrug. 

Meanwhile, school officials point out that students have reduced civil rights when on campus. According to school spokesman Pascual Gonzalez, the kids have no right to privacy at school.

"During the school day, when they are within our four walls, we've got to know where those kids are," he said. "We reject the argument (that their privacy is being invaded). People saying that are not charged with the safety of children."

He dismissed the idea that the cards represent a tracking device, calling it instead a "locator."

"There is nobody sitting at a bank of monitors looking at a bunch of dots on a computer screen," he said. "We only go and look for a student when we have reason to.|

Implementation of the RFID pilot program -- which involves 4,200 students at two of the district's 112 schools -- has gone on without a hitch, he said. 

So far, it appears parents are buying the district's argument. Gonzalez says only two district families are opposing the cards. If those students continue to refuse to wear the cards, they are subject to being kicked out of school, he said.

Stanley said he's not surprised at the lack of protest from parents. Many have become much more comfortable with the technology, and there is an apparent lack of consequences stemming from its use. There are no tales of sexual predators hacking databases of kids' fingerprints, no evil school principals who've posted detailed charts of kids' whereabouts on their Facebook page. So when the cost-benefit analysis is presented, it's hard to spell out that cost.

"With privacy, the issue is almost like the environment. We have to ask what kind of society we want to create long term," he said. "These things do have a very real effect on our freedom, but it's very gradual and often very subtle."

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter.

It's open season on the nation's largest credit reporting agencies, as the Consumer Financial Protection Bureau is now accepting complaints about Experian, Equifax, Trans Union and similar firms.  The bureau also says it will offer "individual-level" assistance for consumer who say they have a hard time getting errors fixed in their credit reports and credit scores.

The credit agencies, also known as credit bureaus, have attracted complaints from consumers for some time.  Numerous studies have shown the reports are full of errors -- in part due to high incidence of identity theft -- and that those errors can stand in the way of consumers trying to get home loans, auto loans, and much more. In 2011, there were 18,818 complaints filed by consumers against credit bureaus with the Federal Trade Commission, which formerly had regulatory authority over the bureaus.

"Credit reporting companies exert great influence over the lives of consumers. They help determine eligibility for loans, housing and sometimes jobs,” said CFPB Director Richard Cordray. “Consumers need an avenue of recourse when they feel they have been wronged.”

Consumers who wish to file a complaint with the bureau must first go through the standard dispute process established by each firm. If the dispute remains unresolved, consumers can complain to the bureau about incorrect information on a credit report; the results of a consumer reporting agency’s investigation; the improper use of a credit report; being unable to get a copy of a credit score or file; and problems with credit monitoring or identity protection services.

Consumers may file complaints at the bureau’s website.

Complaint handling is one of the core missions of the bureau, which was created as part of the controversial Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. The agency started collecting consumer complaints about credit card issuers in 2011, and has since added student loans, mortgages and other bank services.  The bureau added credit reporting agencies to its regulatory portfolio last month.

Consumers who are frustrated by credit reporting agencies can still complain to the Federal Trade Commission, but that agency does not generally get involved in settling individual disputes.

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter.

Have some critical online banking transactions to do? You might want to plan them for a Monday or Friday.  A group of malicious hackers is having its way with online banks lately, seemingly knocking sites offline at will.  The latest victims are HSBC and Ally Bank, but virtually every major bank has been targeted by the group since the attacks began five weeks ago. 

The attacks seem straight out of a movie plot: An anonymous note is posted online -- usually on a Monday or early Tuesday -- declaring that week's victims. The targets then are besieged at some point during that Tuesday through Thursday stretch. On Friday, the group seems to rest.

"Do you want attacks to be stopped? Stop the insults," the group declared in last week's warning message. "Insults" refers to the now infamous "Innocence of Muslims" online video that was initially blamed for last month’s mob attack on the U.S. mission in Benghazi, Libya.   

The bank attacks are remarkable because they seem unstoppable, even with advance warning. Just how bad are banks suffering at the hands of attackers? Rodney Joffe, senior technologist at Internet infrastructure provider Neustar, said the best some banks can do to prepare is to have a sincere-sounding apology at the ready, backed up with a plan B that points customers to an alternative method of communication such as a call center.

"There is in fact no way to defend against it properly," said Joffe, who has helped banks try to recover from the attacks.  "We can mitigate the attacks to some extent, but it is very difficult to keep systems up…This is one of our worst nightmares."

The criminals identify themselves in their warnings as the "al-Qassam Cyber Fighters," purportedly part of Hamas' al Qassam military wing. Bank security folks apparently have received a break this week, as a note posted by hackers claiming to represent al Qassam said they would take a break "during the next days" to mark a Muslim holiday.

The basic attack is nothing new:  It’s a denial of service attack designed to make the banking websites unavailable. Bank sites are flooded with bogus Internet traffic so they are overwhelmed, and can only give the equivalent of a busy signal to customers.  But these attacks are very different, experts say, because of the sheer amount of bogus traffic that's generated.

With online banking services broken, consumers flood banks with phone calls, creating headaches for customers and banks alike.

"It's customer service nightmare for banks. They just aren't set up for this," Joffe said.  

But the biggest nightmare, he said, is that banks don't "defeat" the attacks with countermeasures. The criminals simply stop and turn their attention on another target, leaving bank security officials wondering when they might be victimized again. Capital One, for example, has suffered at least two separate service disruptions.

As provider of backup content delivery for many of the world's largest websites, Akamai Technology handles denial of service attacks every day, and it has dealt with the current wave of attacks.   Mike Smith, director of Akamai’s incident response team, says the attacks succeed through a simple matter of arithmetic.

Follow @RedTapeChron

E-mail a tip to Bob Sullivan

Banks buy, at most, an Internet pipe that can handle 20 gigabits-per-second of Web traffic, he said. The attackers are generating about 50 gigabits-per-second, making any tool that could filter out bad requests inadequate.

"It's fairly brute force, rather than laser scalpel," he said. 

Banks could consider tripling the bandwidth they buy, he explained, but that would be a huge waste of money during non-attack time s... and the criminals might just increase their bogus traffic anyway.  "It's all an arms race," he said.

How are criminals able to marshal such enormous traffic resources?  They are employing a new kind of electronic army, experts said. Until now, most denial of service attacks involved large "botnets" -- armies of compromised desktop computers -- that could number 100,000 or more.  These were clumsy, hard to coordinate and often limited by bandwidth purchased by home users. In this attack, criminals are taking control over web servers that have access to much wider Internet traffic pipes -- computers that host popular website blogs, for example.  As a result, criminals can attack with refined armies of only 1,000 to 2,000 compromised servers, while still wielding a devastating cyberweapon against bank websites. 

Adding to the complexity for victims, such compromised servers are also harder to knock offline than home PCs in botnets, Joffe said, because they are often intertwined with legitimate businesses that are reluctant to voluntarily go offline to clean them up.

"It's not a new kind from a technical prospective, it's just able to generate overwhelming volumes of traffic that are indeed quite noteworthy," said Dmitri Alperovitch, chief technology officer at CrowdStrike, a startup focused on cyberespionage defense.

With a smaller, more powerful botnet, "attacker economics" favor the criminals, Smith said. It's easier for them to replace servers that are cleaned up, and it's much easier for them to stop and start attacks.

"They have much more command and control over the nodes," Smith said.

It's unusual for attackers to announce their targets ahead of time, but Smith said their reason for doing so is fairly obvious.

"What they are trying to do is amplify the bad public relations efforts element for banks," he said. 

Banks turn out to be a juicy target for denial of service attacks because their systems are easily turned against each other, Smith said.  Thanks to numerous fraud-checking tools, every request made at a bank site generates multiple responses from bank servers  –  log files, IP-checking tools, device-ID verification tools, etc. --  amplifying the effect of every bogus request.  In fact, while banks have beefed up fraud checks, they have done little to protect against denial of service attacks through the years, Smith said.

"Criminals have never wanted the sites to go down, because they need to sites to be up to commit fraud against the bank," he said. 

But even filters that find and deflect bogus website traffic wouldn't help much against these determined and sizable attacks, he said. 

"Most enforcement mechanisms don't have the capacity to deal with this much traffic," Smith said.

Given the remarkable scope of the attack, there has been much speculation by U.S. government officials -- openly and on background --  that the attacks could only be directed by a state-sponsored group, and represent an aggressive act of cyberwar perpetrated by agents of the Iranian government.  Both Sen. Joe Lieberman, I-Conn., and Defense Secretary Leon Panetta have openly blamed the attacks on Iran, with Panetta calling the incident a "pre 9/11 moment." Several intelligence officials have told NBC News that they believe Iran is behind the attacks.

Smith, however, says it's important not dismiss the possibility that old-fashioned online fraudsters are using the protests over the "Innocence of Muslims" film  as a cover to simply steal money from banks. As evidence, he points to a warning issued by the FBI on Sept. 17, which indicated that some banks had already been hit by denial of service attacks to help perpetrate wire fraud -- with thefts as high as $400,000. The website attacks serve as a diversion, and when consumers flood customer service phone banks, criminals who've stolen bank logins have an easier time slipping fraud through bank systems, the alert said.  In also predicts precisely the kinds of attacks banks are suffering through now.

"In some of the incidents, before and after unauthorized transactions occurred, the bank or credit union suffered a distributed denial of service (DDoS) attack against their public  website(s) and/or Internet Banking URL," the warning said. (PDF)  "The DDoS attacks were likely used as a distraction for bank personnel to prevent them from immediately identifying a fraudulent transaction, which in most cases is necessary to stop the wire transfer."

Smith said that same denial of service distraction technique was successfully employed by another group last year, making fraud -- and not geopolitics -- a likely motivator for the attacks.

"Maybe the intelligence world knows some things we don't know, but we haven't seen them prove it other than some public officials making statements," he said.  "But when you look at Al Qassam, until last month they were suicide bombers and restaurant shooter ... associated with physicals attacks, and overnight they acquired the capability to take banks offline? That I don't believe."

Robert Windrem, a senior investigative producer for NBC News, said there is "some level of disagreement" between  law enforcement and intelligence officials about the real source of the attacks.

"The disparity in certainty (that Iran is behind the attacks) is due to the way law enforcement and intelligence look at the same incident," he said. "Law enforcement deals with forensics, and the intelligence agencies deal with intelligence. Intelligence is looking at it from the source, whereas law enforcement is looking at it from the effect side."

Experts agree on this point: With cybercrime, pinpointing a source can be nearly impossible. Smart criminals cover their tracks with numerous layers of compromised computers, across several state and international boundaries. The painstaking work of obtaining legal documents necessary to perform forensics on compromised computers, track bogus traffic, then examine the source of that traffic can take months. Meanwhile, attackers come and go within minutes. 

But the good news for banks is this: Website disruption, while a serious nuisance for bill payers, is hardly the end of the world. Backup systems, such as phone service in-person teller service, remain in place. Consumers are inconvenienced, but that's the extent of the disruptions so far.

"Ultimately, there is a very low impact on a bank," Smith said.  "It's more perception than anything. … Websites are a cheaper way to do customer care, but they do have a manual fallback that's unaffected."

* Follow Bob Sullivan on Facebook.
* Follow Bob Sullivan on Twitter.

 More from Red Tape Chronicles:   

The economy is so bad in Argentina that the government recently said it would start taxing overseas credit card purchases. It also demanded that banks report all credit card transactions -- foreign or domestic -- saying the data would be used to find tax cheats.

Even George Orwell couldn't have imagined this meeting of Big Brother and Big Data: a handy database of every single purchase made by citizens, ready to be categorized and analyzed by the government.  Let your mind wander for a moment and you can imagine the disturbing possibilities of a government so invasive that it knows when and where you buy milk and bread. 

The obvious question: Could it happen here?  There are grand cultural and economic differences between Argentina and the United States, but if the history of privacy tells us anything, it is this: Governments and corporations can rarely resist the temptation of using technology to gain the upper hand.

"This gives me chills," said Gartner banking consultant Avivah Litan, who was in Argentina recently consulting with that nation's government banking officials. "I think it is a reminder that our data can be looked at by anyone and probably is being looked at."

Argentina is not the first government to examine credit card receipts. In 2011, Brazil began taxing overseas credit card transactions. And Spain recently outlawed cash transactions over $2,500, a tactic that forces consumers to use traceable, electronic purchasing tools for big-ticket items. 

Big Brother is not behind these drastic measures. In Argentina, where only about 50 percent of the population buys with plastic, a currency crisis and high inflation have led to a dramatic rise in overseas purchasing. Taxing foreign purchases is an attempt to stem this tide, and encourage domestic spending. Brazil's motivation is similar. 

Follow @RedTapeChron

E-mail a tip to Bob Sullivan

But once the pipeline for data is established and the database is built, what's to stop mission creep? Argentina has said it will examine domestic transactions for evidence of undeclared purchases or other signs of tax evasion. What else could a government find in a database of transactions?

"When I first saw the story it kind of took my breath away," said Bill Hardekopf, who operates the credit card information website LowCards.com "I thought, 'Oh my, a government can track the purchases of every one of their citizens?' " 

There is a way to avoid becoming a line item in a government credit card transaction spreadsheet: pay with cash, something one in two Argentinians still does. But in the U.S., cash has become passé. Last year, only 27 percent of point-of-sale purchases were made with cash, compared to 66 percent for credit and debit cards, according to Javelin Strategy and Research, which expects that number to dip to 23 percent by 2017.  

Meanwhile, a host of new payment tools -- still rough around the edges -- are about to find their way into consumers' pockets and purses. Mobile cellphone payments are coming of age, with a quarter-trillion in annual transactions expected by 2016, according to IE Market Research.  And even the simplest of cash transactions -- "Buddy, can I borrow $5?” -- might not be long for this world.  Starbucks recently partnered with Square, a simple tool that allows cellphone users to accept casual payments from friends or small business clients. The convenience of such tools is undeniable; so is their traceability.  

"As we become more and more of a cashless society, the likelihood of purchases being tracked increases. Whether that is used for negative purposes, or will cause personal privacy issues, I don't know, but I can see the possibilities," Hardekopf said. 

But could it happen in the U.S.? Hardekopf said he had trouble imagining Washington could get away with the Argentinian tactic. He believes privacy interest groups would scream, other safeguards would kick in and the U.S. population just wouldn't swallow it.

But there are no laws preventing this kind of information sharing between banks and government agencies, Litan points out. Law enforcement officials routinely obtain personal information, such as cellphone locations and credit card receipts, during the course of criminal investigations.

"The (U.S.) government does have access to this information now because it regulates the banks," she said. "There's no secrecy laws like there are in Switzerland. There's no privacy laws that would prevent this."

Dan Mitchell, an economist at the libertarian Cato Institute, said there have already been attempts by both state and local governments to more broadly obtain detailed consumer financial data. The health care reform bill included a provision that required merchants to report credit card processing volume data to the IRS, for example.  And recent efforts by states to enforce sales tax on online purchases will necessitate detailed reporting on credit card transactions by merchants, he warned.

“So it's just a question of expanding the existing set of Orwellian laws,” Mitchell said.

Probably the strongest firewall against such an intrusion would be banks themselves, which would no doubt fight massive data requests.  But transaction data sharing from banks to government officials has risen sharply since the Sept. 11, 2001, terrorist attacks. The number of Suspicious Activity Reports filed by banks with their federal regulators has soared from 281,000 in 2002 to 1.5 million in 2011 (.pdf), according to the Financial Crimes Enforcement Network. Much of that increase can be attributed to a rise in mortgage fraud, but it demonstrates a dramatic increase in cooperation between banks and government officials. There also is a long history of federal authorities buying access to large troves of consumer data – such as the one once operated by commercial data broker ChoicePoint, now owned by the same firm which operates Lexis-Nexis.

That's why privacy expert Rob Douglas says that Argentina's data sharing is not an isolated incident.

"Given the explosion in the collection and retention of personal data by governments around the world under the guise of national and economic security, I fear the Argentine model is where all countries - including the U.S. - will end up under one scenario or another," he said. "After all, government by its very nature constantly seeks to know more about the governed. With the ever-expanding ability to store and sift vast amounts of personal data, it's inevitable that governments will do so unless reined in by the governed."

* Follow Bob Sullivan on Facebook.
* Follow Bob Sullivan on Twitter.

 More from Red Tape Chronicles:  

The cellphone industry trade group issued a report last week saying the average monthly bill is $47. It included a helpful chart showing how far bills have fallen during the past 10 years. 

Strange, because I don't know anyone who has a $47 bill. Or anyone who's bragging about how much less they are paying now.

Inspired by Friday’s report by the CTIA, I logged on to websites for the four major carriers in an attempt to find a $47 cellphone plan. As you'll see in a moment, I didn't have much luck. When you finish reading, I hope you'll take a moment to share with others how much you pay for cellphone service, either by leaving a Facebook comment below, or by emailing me at BobSullivan@feedback.msnbc.com.

But first, a little more about average monthly bills. You'll find a wide spectrum of figures if you go hunting, because there are so many levels of service -- old flip phones, old smartphones, 4G smartphones that can share bandwidth with tablets and PCs. That makes an “average" not terribly useful. Still, the quest for a two-digit number on the bottom of a monthly bill is real. Here's a little more data.

J.D. Power and Associates said the average monthly bill was $71 in 2010, back when smartphone penetration was far south of the 50 percent mark it hit this year.

New research the company provided to NBC News on Monday offers a more salient data point on the subject -- the average wireless bill reported by consumers, including family plans, is $111.

The Labor Department issued data this month saying Americans spent $1,226 in 2011 on smartphone plans– or more than $100 per month -- up from $1,110 four years earlier. That led to a hand-wringing article in the Wall Street Journal suggesting that consumers are cutting back on other things, like eating out, to pay for cellphones. For perspective, the Labor Department says all consumer spending rose only by $67 during that recessionary span, meaning the rise in cellphone spending accounted for that increase and then some.

The CTIA offers a good explanation for its $47 number. Vice President of Research Bob Roche said it represents “average revenue per unit,” which is quite different than an average monthly bill. For example, a family with four phones who pays a $200 bill would be paying $50 per unit. He also said the group is considering updated ways to express monthly costs. Still, the trend line produced by the CTIA showing monthly fees shrinking slightly is hard to stomach.

It's undeniable that today's phones do much more than ever before, and the service is worth more.  Not that long ago, we all waited until 9 p.m. to call friends so we didn't exceed our monthly minutes. Calling prices have plummeted. Meanwhile, we watch live video of sporting events while waiting for the bus. Reliability improvements have also allowed many consumers to turn off their land lines, saving them $40 per month or more.

It's insulting, however, to suggest that wireless prices have gone down. Not only have they gone up -- and this is my main area of interest -- they've become much, much more confusing, while regressing suspiciously towards nearly identical prices.

Inspired by the CTIA report, I went to AT&T, Sprint, T-Mobile and Verizon, looking for the least expensive but useful plan I could find. It's important to note that these are just sample findings, pulled for an imaginary consumer in a Seattle suburb. But they are typical.

Follow @RedTapeChron

E-mail a tip to Bob Sullivan

All these firms have adopted a frustrating new model that lowers prices on calls and raises prices on data, often loading up bills with complicated tiers for data usage. The punishment for exceeding your level of data service is severe, nudging people toward overpaying for large-consumption plans as insurance. But even basic "feature" phone plans aren't a picnic. I'll lay out the details below, but here are the CliffsNotes -- a smartphone with a data plan so small you can barely use it costs $80. A smartphone with a good-enough plan costs $110. A usable call-and-text phone costs around $70. Emergency-only phones, when you can find them, are around $40.

Verizon's plans require an A+B formula -- a line fee, then a usage fee. For basic phones, the line fee is $30 per month. The least expensive calling plan is an additional $10 monthly, with pay-as-you-go 20-cents-each text messages. Total: $40 plus taxes, texts and fees. So there's one option that's below CTIA’s average. Want unlimited talk and text? That'll cost a $40 usage fee, for a $70-plus bill.

Verizon's smartphones cost $40 for access, and another $40 for an absolutely minuscule 300 MB per month data plan that's destined for overage charges. Add a modest 4 GB plan, and you're at a $110 price point. Verizon is heavily marketing the fact that data plans can be shared among families and various devices, a "benefit" that can do more harm than good if your kid eats up all your data watching videos on an iPad. 

Sprint offers a $30 monthly calling-only phone, which covers 200 minutes per month and no texts. For $50, you get 450 minutes and a generous text plan -- but only on select phones. The first flip phone I picked required at least $69 per month -- sound familiar? -- and I only found the cheaper options with a lot of clicking around. Also, in addition to the usual taxes and fees, Sprint charges an administrative fee of "up to" $1.99 per line.

Sprint's smartphone pricing comes with slightly different engineering but much the same result. For $80, you get a lot of data but a fairly crippled talking plan -- only 450 minutes, with a 45-cent-per-minute overage penalty. For $110, you get unlimited data and talk.

AT&T offers a 450-minute plan for $40 to phone-only users, and $70 for unlimited calling. It's also gone to the shared data model, and its A+B pricing is slightly more confusing. For 1 GB of data, users pay $45 for the line and $40 for data. Again, that's an overage fee waiting to happen. Users who want 4 GB per month pay only $40 for the line and $70 for the data, for a total of $110. Amazing how common that number is.

T-Mobile's pricing is a little simpler - no line charges.  "Classic unlimited" phone-only plans are $60 per month. Talk-only 500-minute plans are $50. For smartphone users, T-Mobile's $95 monthly plan -- offering 5 GB at top speed, which can be shared with up to 5 devices -- might be the best deal. Getting 10 GB will set you back $125 per month.

But all these plans suffer from a fatal flaw, warns Tom Pepe, CEO of Validas, a firm that analyzes cellphone bills for consumers and corporations. Users have absolutely no idea what they are getting when they are buying 2 gigabytes of data per month. With older cellphones, consumers could roughly guess how many 100-minute conversations they might have during a month and predict usage that way. But no one knows how much bandwidth that live baseball playoff game video stream might cost you (what if it goes into extra innings?) This makes it nearly impossible to make sensible plan choices. So as an odd form of insurance, some consumers are buying data plans that far exceed what they really need.

"Here's the problem. People are getting oversubscribed. At a gas station you get 10 gallons of gasoline and you use 10 gallons of gasoline. If you don't use it by the end of the month, the gas station doesn't come and take back the gas from you," Pepe said.

On the other hand, consumers who discover new video streams or other bandwidth-hogging apps get an ugly surprise at the end of the month. That's good for no one, he said.

"There is a cost to that money," he said. "(The carriers) are getting a million calls into their call centers with people complaining."

The voice cellphone market reached a tipping point when the prepaid and discount market became a real alternative for average consumers. There are some options for discount smartphone shoppers -- MetroPCS offers a $50 plan for 2.5 GB of data, for example, but availability and phone selection are limited. And MetroPCS is in the midst of being acquired by T-Mobile, making the future of its discount plans hard to predict. Boost, Virgin and TracFone also offer plans, but they are not yet taking a serious bite out of the big four’s market share.

Meanwhile, the most exciting – and disturbing -- data from the CTIA report was this: Data usage by consumers is exploding, up 104 percent on an annual basis. Consumers uploaded and downloaded 1.16 trillion megabytes of data from July 2011 to June 2012, the report said. How much data is that? CTIA’s Roche says it’s the equivalent of sending all the books in the Library of Congress across the network eight times an hour, every day of the year.

With the most popular carriers adding new tiers of data service all the time -- Verizon offers 12! Really! -- and smartphones quickly driving call-only phones into extinction, Pepe expects the problem to get worse before it gets better.

"There's going to be growing pains," he said. "But we are consumers, and we are going to keep consuming. ... It's going to be an interesting time over next 12 months.”

What size check do you write for wireless service every month? Tell us in comments below, or write to me directly at BobSullivan@feedback.msnbc.com

* Follow Bob Sullivan on Facebook.
* Follow Bob Sullivan on Twitter.

 More from Red Tape Chronicles:  

If you and your company get an ugly divorce, does your company get to keep the friends?

A controversial court ruling last week has shined a light on this made-in-the-digital age problem: Who owns Twitter followers, Facebook friends and LinkedIn connections when employers and employees part ways? With personal and professional lives mingled online as never before, a distinctly 21st Century fight is brewing over who owns your friendships.

A  federal judge in Pennsylvania on Oct. 4 rejected a claim by Linda Eagle that her prior employee had illegally accessed her LinkedIn account after she left her company, Edcomm. Workers there changed Eagle's password after her departure, preventing her from accessing critical contacts and, she claimed, damaged her ability to find new work. 

But the judge dismissed most elements of her lawsuit, giving fuel to those who argue that social media groomed at work belongs to employers.

"The initial outcome of the case is very troubling," said Bradley Shear, a Washington, D.C.,-area lawyer who specializes in social media. It opens the door for employers to claim ownership of any social account -- even personal accounts -- because Eagle's account was created under her own name, he warned. "It demonstrates there's a need for people to become much more educated about this."

Other court rulings have hinted that courts might be inclined to see things the employer's way.  Earlier this year, a federal California court allowed a publication named PhoneDog to proceed with a lawsuit against former writer Noah Kravitz, who had amassed 17,000 Twitter followers while working there.

Kravitz claimed the followers were his, but PhoneDog sued for ownership in 2011, and the judge denied a motion to dismiss the case in a February ruling – a positive sign for PhoneDog’s legal argument. Two other recent cases also sided with firms making ownership claims on social media contacts.

Eric Goldman, a law professor at Santa Clara University, cautioned that each of these cases is "incredibly fact specific," and none establishes a universal principle that could be widely applied. Still, workers should be on notice that their employer getting their  friends in the divorce is not so far-fetched.

"People should learn from this that it's dangerous to mix business with pleasure," he said.

In many ways, the "who owns the connections and the conversations" issue is unique to social media and the digital age.  In the past, there was never any question that a public relations professional was speaking on behalf of a company, and that communication was company-owned  –  as were the contact lists. But what of a long-time flack who arrives at a new firm with a long list of her own Twitter followers, and who writes messages using that account that are decidedly personal?  Who owns those messages, and those contacts? The issue is as murky as most employees' work-life balance.

“Many of these accounts have 'mingled interests,' " Goldman said. “That makes things difficult.”

In fact, the very nature of social media means the accounts don't really work unless they have a touch of personality. Tweeted press releases aren't interesting on Twitter; personal wit is regarded above all, and encouraged at every smart firm with a social media presence. 

On the other hand, it's reasonable to think of LinkedIn contacts as akin to customer lists, which are clearly proprietary and belong to employers as intellectual property. For decades, firms have claimed ownership of client lists (and employees have tried sneak out the door with them). If a LinkedIn account is little more than a list of business connections that are directly related to a job, why wouldn't a company claim it?

Of course, fights over Rolodexes aren’t new – but old-fashioned piles of business cards make a poor analogy for a long-curated group of Twitter followers.  Besides, users who have a developed a personal relationship with a social media creator aren't likely to be much use to a company which takes over an account, Goldman noted.

“You can grab the Rolodex, but you can’t really grab the relationship?” he said.

There's also the subtle "you are nothing without me" argument. When television anchor and early Twitter adopter Rick Sanchez left CNN, he had a follower list of 150,000. Without CNN, Sanchez would not have compiled such a following, and when he left, observers imagined a brewing controversy. A fight was averted when CNN Sanchez keep the list as long as he changed his Twitter handle, from @ricksanchezcnn to @ricksancheznews .

LinkedIn hasn't offered a lot of guidance in the issue, but in a brief statement to NBC News, the company seemed to suggest that it might take up the fight on behalf of users at some point.

"We don't know the specific facts and circumstances of the relationships or agreements between Ms. Eagle and her former employer, nor are we parties to the lawsuit, so we can't comment on it specifically," said LinkedIn spokesman Hani Durzy. "However, LinkedIn prides itself on being a members-first organization, and in general we believe that a member's professional profile belongs to them.”

Other digital-era issues offer conflicting notions.  In the United States, employees have no right to privacy over emails they write at work, even if they are using personal email accounts. Employers are within their rights to employ snooping software to watch everything workers do with company computers.  That might suggest any Facebook or Twitter work done by an employee on company property belongs to the company. On the other hand, there's a long history of domain name confusion that sides with workers. Employees who register company domains in their own names, for example, often end up with an awful lot of leverage after they leave the company -- they can redirect the domain, for example.

To Shear, the lawyer specializing in social media, that leads to a practical question for companies that might be inclined to make claims on social media accounts.

"LinkedIn is an external system. Why are you are putting resources into an external system that you don't have control over?  Companies prefer their own email to Gmail for this reason," he said. 

One critical element of the Eagle case is that she had shared her password with a coworker, who updated the LinkedIn page for her. That put the company in a good position to make a claim -- it could change the password, lock her out and ask questions later.  So should employees refuse such password sharing? Some companies compel users to do so, though increasingly state legislatures are considering laws making the practice illegal.  Meanwhile, most social networks -- including LinkedIn -- say it's against their terms of service to share passwords.

There may already be existing laws that cover a lot of this controversy. Non-compete and non-solicitation agreements -- which prevent workers from contacting clients after exiting a firm -- prevent a lot of the issues that businesses are really concerned about when they make social media contact claims.  Still, those are often unenforceable, particularly in California, which has broad employment right laws. That has Shear and Goldman concerned that future employment agreements will contain the broadest possible provisions, with companies seeking rights to all online relationships while workers are in their employ.

"That would be an egregious overreach," Goldman warned.

It would also kill the spirit of social media, as popular Twitter posters would disappear overnight, each time they change jobs.

"In the end, we as readers will be the losers, because we won't be able to find the people we are looking for," he said

There is one saving grace in this discussion: Despite our pride of amassing a few thousand friends or followers, Goldman points out that most social media accounts are not so valuable that they are worth fighting over in court.

"The economics don't support litigation," he said. "How much is an account with 17,000 followers worth?  At $1 a follower, that's $17,000 -- that would hardly even get (the lawsuit) filed."

RED TAPE WRESTLING TIPS
Both Shear and Goldman stressed that companies need to have very specific social media policies -- pre-nuptial agreements, if you will -- specifying who gets what when the inevitable breakup arrives. 

For workers who are concerned, Shear offers three quick tips.

• Make sure the email used to set up the social networking account is a personal email that you control, not a corporate email address that can be cut off -- and could be used as evidence of ownership in litigation. Also, use personal contact information, such as a home number and address.
• Make sure the name on the account is personal -- Sally Smith, not Sally_XYZCompany. Finally, use a personal photograph, rather than a company logo, in the profile picture.

* Follow Bob Sullivan on Facebook.
* Follow Bob Sullivan on Twitter.

 More from Red Tape Chronicles: 

In the first presidential campaign since social media came of age, the campaigns of President Barack Obama and Mitt Romney are both struggling to learn the new rules of the road.

When you're watching the first presidential debate Wednesday night, don't believe what you see. Online, that is. As Mitt Romney and Barack Obama make their inevitable slip-ups and fact-challenged assertions, bring your well-trained skepticism to every computer, cell phone and tablet screen near you.

Jokes that seem to catch fire on their own -- remember Clint Eastwood's invisible Obama from the Republican convention? -- might not be quite so organic. Twitter themes that seem to be everywhere might not be popular so much as purchased. And stinging one-liners that show up in your streams and news feeds might make you chuckle, but they are probably half-truths, and most definitely not a great tool for picking the leader of the Free World.

Even if you aren't on Twitter, virtually all political reporters are, and they increasingly take their cues from it. This is the first presidential election in which social media will play a mainstream role, and it's important to remember not everything is as it seems online.

Four years ago, Facebook and Twitter had only just begun to capture the world's imagination (Pew says that 10 percent of the electorate used social media in 2008 to research candidates, and Twitter was scarcely 2 years old on election night). But with this election cycle, the social media giants are now key outlets for candidates to transmit their messages to voters. While social media may appear to offer unfettered, uncontrollable discussion of candidates and their positions, the campaigns are hard at work learning how to manipulate the tools to their advantage. And there's added spice to the Internet element of this season's presidential campaign -- because social media is so new, rules of engagement are lacking.

For example, Barack Obama famously held a surprise virtual town hall on Aug. 29, offering to take questions from Reddit.com users, embracing that site's standard "Ask Me Anything" (AMA) format. The event was unusual because it occurred during the height of the Republican National Convention, breaking the well-established convention that candidates don't upstage each other during their opponent's convention. Obama almost certainly wouldn't have held a traditional press conference that day -- but a Reddit AMA?  Who's to say that was a violation of unwritten politicking rules? When suspicion arose that questions from the AMA might have been less spontaneous than they first appeared, many observers chimed in with cynical reminders that real-world town halls and press conferences also include plants. Who's to say what rules should apply on Reddit?

About the same time, Romney's campaign made what is believed to be the first major campaign purchase of a "sponsored hashtag," attempting to corral discussion on Twitter around the topic "#AreYouBetterOff?" Simultaneously, a parody Twitter account named MexicanMitt was temporarily suspended. A month or two earlier, Romney's number of Twitter followers shot up by a surprising amount. Are such hashtag purchases tasteful? Was suspension of the account coincidental? Is it fair to purchase followers? Again, the online rules aren't clear. 

There is little argument that Obama's campaign, which held an exclusive on grass-roots Internet campaigning last time around, holds a major advantage over Romney on Twitter and Facebook. Some of that is pure demographics -- new Web tools skew younger and more liberal. But some of it is the result of well-timed sarcasm campaigns. Each time Romney trips over his tongue, you can be sure a cascade of social media comedy  -- a "meme," in Internet lingo -- will follow. Sometimes, that's an organic outpouring of creativity. Sometimes, that's the work of an Obama supporter like Matt Ortega. He told Salon earlier this year that he was behind a website named "EtchASketchMittRomney.com," which appeared almost immediately after top Romney aide embarrassingly said that the candidate's campaign positions in the GOP primary could be easily changed, as if they were written on an Etch-A-Sketch. Ortega said he owns dozens of other similarly sarcastic websites, all powered by the pickup they get on Twitter and Facebook. Ortega is a Democratic consultant, but swears the sites are unpaid hobby work.

Turning candidates into punch lines
There's certainly nothing wrong with being funny. Obama's Reddit chat didn't break any rules; neither did Romney's Twitter advertising. But is social media a free-for-all? Perhaps, said Brad Phillips, a media consultant who runs MrMediaTraining.com. But he's not convinced that social media has made things worse. Campaigns have always stretched the rules -- and the truth -- to get any advantage possible, he said.

"Think about the Willie Horton ads (pillorying Michael Dukakis in 1988). So many others," Phillips said. "If the Internet existed in those campaigns, would they have used online tactics? Of course." Nor would campaign managers from elections past have fretted about scheduling a virtual press conference during an opponent's convention, he said. In some ways, he's surprised there hasn't been much evidence presented yet of "dirty tricks" online, such as the whisper campaign during the 2000 primaries alleging that John McCain had an illegitimate child.

Follow @RedTapeChron

E-mail a tip to Bob Sullivan

On the other hand, Twitter and Facebook have created one huge new avenue for attack, Phillips said -- the power of humor. Once upon a time, the biggest threat to a candidate could be a misstep so bad that it became fodder for late-night TV humor on Johnny Carson's "Tonight Show."

While that's still true -- an unplanned appearance on David Letterman's Top 10 List can really hurt -- Twitter and Facebook allow campaigns to create their own late night butt-of-joke moments without needing a comedy writer to see it their way. It's easy to argue that the real damage from Clint Eastwood's halting Republican Convention speech came from the hours of sarcastic Tweets and Facebook discussions that began before Eastwood even finished speaking.

"In the past, you knew a crisis had jumped the firewall when it appeared on late night TV as a joke....that meant the issue had gone beyond being just a story for political types," Phillips said. "You wonder if same dynamic is played out now online. If you can make a candidate a punch line (in social media) you've scored a hit."

Phillips also said sarcastic memes could slowly but surely wear down a candidate's chances, cumulatively building and impression that "a candidate is a joke," which would be hard to counteract.

"Is that clean (campaigning)?" he asked. "I don't know. But in future political cycles, I believe candidates will have to pay a lot more attention to this."

Clean or not, University of Virginia professor and presidential politics expert Larry Sabato has been sharply critical of both campaigns -- and political reporters -- for getting caught up in what he calls the "Gaffe Game." Hunting for the next one-liner is a poor way to evaluate presidential candidates, he says.

"When we tire of Gaffe Game, let's have a POTUS Spelling Bee. Would be about as revealing," he said recently in his own Twitter feed.

Scoring points through sarcasm is hardly new, but Sabato believes social media has indeed accelerated the gaffe obsession in this election cycle.

"Many people are on (Twitter) for hours every day. Do they make it worse? Is the pope German? They drain every gaffe of every ounce of meaning and political advantage," he said. "Every time a candidate has a blunder or tongue-twister, Twitter explodes with commentary defending and deriding the candidate."

On the other hand, there is hope, Sabato thinks. Social media seems to accelerate the news cycle, too, meaning that gaffes come and go quicker than they would in the past.

"They … destroy the gaffe quickly -- it burns itself out on Twitter faster than it would otherwise," he said.

Campaign zingers now 140 characters?
So does social media help or hurt the election process? Naturally, it's impossible to say. But it's important to note that voters shouldn't be fooled by what might seem like more personal connections offered by candidates through Facebook "Likes," "personal" e-mails and Tweets. In Phillips' impression, candidates are far more sterilized and prepackaged than ever.

"The candidates are so carefully controlled, access to them is controlled, they are trying to prevent any kind of YouTube moment. (Candidates' moves) are planned within an inch of their lives," he lamented. It's hard to believe that only five presidents ago, reporter Sam Donaldson and President Ronald Reagan sparred during fairly spontaneous press conferences. And vice presidential candidate Geraldine Ferraro spent two hours answering reporters' questions about her tax returns.

Today's candidates usually hide behind carefully orchestrated digital personas, lobbing one-liners over the wall in an attempt to slowly move the needle on the small number of undecided voters who will swing the election.

"Candidates are giving away the ability to have a knockout fantastic answer," he said. "They are just trying to advance in inches not in yards," he said.

That raises the discouraging possibility that the key to who wins and who loses on Nov. 6 could be which candidate comes up with the best joke that fits in 140 characters or fewer.

* Follow Bob Sullivan on Facebook.
* Follow Bob Sullivan on Twitter.

 More from Red Tape Chronicles: