Victims of child identity theft and their parents are left with an obvious question when they discover the crime: Why would anyone grant credit to a child?

The answer, for those who find it, is perhaps even more infuriating: Creditors often have no way to know an applicant is a child. Lenders, for example, usually have no idea how old the rightful holder of a Social Security number is. The nation's credit bureaus often don't know either. 

A new Child Identity Protection program implemented by the Utah state attorney general's office and the credit bureau Trans Union may be able to change that.

---

Believed to the first system of its kind, Utah parents can now register their children with the state agency, which will then pass the data along to Trans Union.  In turn, the credit bureau will place the child's SSN in a "high risk" database that warns potential lenders not to issue credit to applicants using that number.

 

"For the first time, parents can proactively protect their children from being victims of identity theft," said Richard Hamp, the assistant attorney general for Utah who helped create the program. "We're really excited about it."

The program is currently open only to parents in Utah, but both Utah authorities and Trans Union are already in talks with other states to make it available nationwide.

Prior to Utah's Child Identity Protection program, concerned parents couldn't do much to protect their kids' credit until after they suspected their kids' identities were stolen. Even then, the available options were often frustrating. Parents could ask a credit bureau if there was an open credit file using their kids' personal information and request that it be closed and the erroneous information expunged. If no credit file existed, they would receive an unsatisfying "no file" response, and be left to wonder if a criminal would open one in the future. 

Hard data on the incidence of child identity is hard to come by, because the crime can go undetected for a decade or more – until the child turns 17 and applies for credit or a college loan. But there are plenty of indications the crime is on the rise. A study released by fraud-fighting firm ID Analytics in 2011 found that 140,000 kids each year are hit by the fraud; another 500,000 sets of parents and children are "inappropriately sharing" Social Security numbers, hinting at an even more widespread problem, ID Analytics found.

Hamp was an early advocate of credit freeze laws passed by dozens of states that forced the nation's credit bureaus to offer identity theft victims to "lock" their credit reports from any applications for credit. Seeing the rise in fraud against kids, Hamp began working on legislation that would require the credit bureaus to let parents lock their children's Social Security numbers about two years ago.

"But Trans Union called and said they'd work with us on a voluntary basis. You don't need to legislate," he said. "I took them up on it."

Utah already had a leg up in creation of this kind of system, having launched its Identity Theft Reporting System website several years ago. Victims use the system, known as IRIS, to report the crime, and it includes a robust authentication system using various state databases, such as driver's license records. Hamp agreed to use IRIS to authenticate parents who wish to enroll children in an anti-ID theft program. That made Trans Union's part of the work much easier.

After Utah verifies the identity of the parent and collects a child's personal information, state authorities send the child's SSN and age to the credit bureau. Trans Union then places the information in its "high risk fraud database." If a child ID thief tries to use a kid's SSN while applying for credit, the lender gets a pre-programmed warning message.

"Initially I wanted a message that said, 'This number belongs to a kid,' but this allowed them to tap into a system they already had and get it done quickly," Hamp said.

Trans Union and Utah officials held a launch ceremony for the system in late January.

"We do recommend every parent enroll their children," said Steven Katz, senior director of consumer operations for Trans Union. "There is no downside to it."

Enrollment is free. Kids are automatically removed from the high-risk database on their 17th birthday, he said. Trans Union has agreed that none of the information entered into the system will be used for marketing purposes.

"The intention of this program is to assist parents and guardians in preventing ID theft among children, and that’s all the data will be used for," he said. Trans Union will consider sharing the data with the nation’s other credit bureaus, he said, much as the bureaus share fraud alert information now.

Parents who worry that Trans Union might misuse the data shouldn't allow that to keep them from using the program because "they don't give their kids' data to Trans Union, they give the data to us," Hamp said. "We retain all rights to the data."

The program isn't perfect, however. ID theft expert Linda Foley, who runs IDTheftInfoSource.com, said she's worried that the system only stops credit-based ID theft.  It's powerless to prevent creation of fake driving licenses, for example. Such a system risks "giving parents a false sense of security," she said.

Also, because so much of child identity theft is committed by parents, there's a fundamental flaw in the way the program is set up, she said.

"Since parents enroll kids, those stealing from their kids will not be interested in this opportunity. It needs to cover all children," she said.

Still, Hamp believes the Child Identity Protection system is a big step in the right direction, and he's urging all parents to consider it. Already, about 1,000 children have been registered, Hamp said. He plans on bumping up participation by partnering with school districts students can be registered en masse.

"I'm really excited about this," he said. "Instead of having to fight Trans Union, we came up with a mutually acceptable resolution. Is it perfect? No. Are there still going to be problems? Yes. But it's the best thing available for parents to protect their kids."

*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter.  

When the expression "red tape" was invented, they had phrases like this in mind: "Request to Inspect or Receive Copies of SF 278/OGE Form 278 Executive Branch Personnel Public Financial Disclosure Reports or Other Covered Records."

This is a story of what it takes to find out how much Newt Gingrich earned giving speeches last year.  Gingrich isn't hiding the information, which was filed with the Office of Government Ethics recently. It's simply being held hostage by red tape. 

NBC News Deputy Political Director Domenico Montanaro looked at Gingrich's amended financial disclosure, made available on Tuesday, and found on Page 2 references to "Annex A," where the candidate was supposedly to list his paid speeches. But Annex A was nowhere to be found. Montanaro e-mailed the Office of Government Ethics to ask for help. 

A Franz Kafka novel ensued.

---

Montanaro, long since pre-registered with the Federal Election Commission to receive public financial disclosure releases, was told he had to fill out "Form 201" with the Office of Government Ethics and directed to a page on agency’s website.  But the form was in .pdf format and, while it could be filled out electronically, the changes could not be saved. Instead, Montanaro found, he had to print it out.  But the completed form also could not be sent via fax back to the agency. It had to be electronically scanned and emailed to a special inbox at the Office of Government Ethics.

Upon receipt of the email, the agency promised to mail -- as in, dead-tree mail -- the elusive Annex A.

To review: getting access to Gingrich's disclosure required a visit to a website, an email, downloading a .pdf, filling it out, printing it, scanning it, emailing it and then waiting for a first-class letter. 

Perhaps this kabuki dance helps keep the struggling U.S. Post Office in business, but in the age of Twitter, it's an awfully convoluted process to get a piece of information. And it makes you wonder about the spirit of financial disclosure rules.

Montanaro told the agency what you all must be thinking now. Why isn't this important public information simply placed on a website for all to see?

"Pardon my frustration, but OGE really doesn’t make this easy. … It’s really not the most efficient way for either me as a journalist to report or for an office of ethics to serve the public in a timely way. As a result, neither of us is serving readers or viewers in the best way we can," he wrote to "ContactOGE," the contact address he was given to place his request. "I know it’s not your fault, nameless email address. But an innovative, red-tape loathing staffer in your office might want to think about how to streamline this process and make a name for themselves -- maybe even you, ContactOGE."

As for that important information: Montanaro is still waiting.  We’ll update you when the Pony Express arrives with it.

Of course, the point of this tale isn’t to tell you that an NBC reporter was inconvenienced. You would have had the exact same experience if you tried to get the disclosure information. This is a story about the failure of transparency.

“I find it a little ironic the agency that’s set up to encourage government ethics makes this more difficult than it should be,” Montanaro told me. “They could be doing more productive things with their time than spending more than a week helping a reporter with something.  They could be investigating ethics. … I think the people who work there have good intentions, but it seems so often than these government agencies set up with the right intentions wind up getting mired in red tape.”

By the way, in case you are curious, the term "red tape" has many mythical origins, but the National Archives believes it has the right answer: red ribbons were used to bind piles of government documents dating back to the Civil War. Opening the files required someone to "cut through" the red tape.

Lucky for you, it's now possible to buy your very own sliver of government red tape, encased in plastic, from the National Archives eStore. Price:  $45. Apparently, red tape isn’t cheap.

(Financial disclosure: Several years ago, seeing the name of my blog, an official at Archives sent me one for free. It sits proudly in my office)

*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter.  
*Follow Domenico Montanaro on Twitter.

 

Facebook is apparently getting a lot more unfriendly.

Users are getting a lot more selective, deleting comments, photo tags and even friends at a record rate, according to a new study released Friday by the Pew Internet and American Life Project.

Pew is calling this phenomenon "the pruning" of social networks, and the study includes findings like this: 63 percent of users have unfriended people from their friends users. Another 44 percent have deleted comments made by others from their profile page, and 37 percent have removed tags from photos.

"Social network users are becoming more active in pruning and managing their accounts," says the report, written by Mary Madden, senior research specialist at Pew.

---

Users are also taking an active role in keeping their private information private, with 58 percent of users saying they use high-level privacy settings so only friends can view their pages. Women are far more restrictive, with 67 percent using the tightest privacy settings, compared to 48 percent of men. They lock down their accounts despite the fact that half of all users say they have "some difficulty" using the privacy controls.

The research seems to suggest that U.S. adults, who have so far shown little appetite for actively managing their personal privacy, are starting to get the hang of it.

"Social science researchers have long noted a major disconnect in attitudes and practices around information privacy online. When asked, people say that privacy is important to them; when observed, people’s actions seem to suggest otherwise," the report noted. The shift to more privacy on Facebook seems to belie this long-standing trend.

Perhaps regret has something to do with that.  The report found that 11 percent of Facebook users say they've posted something that they regret on a social network. Men are twice as likely to say so (15 percent to 8 percent). Users 50 and older, at 5 percent, are much less likely than young adults under 29 (15 percent), to express such regret. 

One area where there was a surprising lack of age gap: Overall privacy settings. While 23 percent of users 65 and over choose fully public settings, 22 percent of users 18-29make the same choice.

"The choices that adults make regarding their privacy settings are also virtually identical to those of teenage social media users," the report said.  "Private settings are the norm, regardless of age."

Young adults are more likely to "unfriend," however at 71 percent, compared to just 41 percent for the oldest users.

The Pew report is based on a survey of 2,277 U.S. adults conducted in May, and has a margin of error of +/- 3 percent.  In nearly all "pruning" related categories, and within nearly all age groups, use of privacy-related tools gained ground since the last time Pew conducted the study in 2009. Back then, only 30 percent of all users had untagged a photo, compared to 37 percent in 2011; and 56 percent had unfriended someone, compared to 63 percent in 2011. 

*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter.  

You already have an "insurance score." You have an "Employment Credit Score."  There's even a "MedFICO," which attempts to predict whether you’ll actually pay your doctor’s bills.  Now that a "Facebook score" has been invented,  I expect a "Grocery Habits score" and a "Music Taste" score to arrive any time now.

These scores probably hurt you more than help you, and in ways that are kept secret from you.  To borrow a phrase from today's big pop-culture story, American businesses are suffering from "Score-sanity."  And you are suffering the consequences.

In case you missed it, researchers at three U.S. colleges say they've figured out a way to predict future job success by scoring applicants' Facebook profile pages. This wasn't a mere exercise in finding embarrassing college photos. The profs created five categories that map to character traits which often lead to success at work: Conscientiousness, emotional stability, agreeableness, extraversion and openness. Then, people were boiled down to a "personality score," which may as well be called a Facebook score.  Surprise! The score did a decent job of mapping to employee reviews six months later.

---

Donald Kluemper, a management professor at Northern Illinois University, said he doesn’t want human resources departments to begin using Facebook scores, which have so far been tested on only 56 people. But as my colleague Eve Tahmincioglu said so well, "It may be hard to put the Facebook personality cat back in the hiring bag."

We already know that U.S.-based hiring managers routinely browse Facebook while screening applicants (something that is illegal in Germany). A scoring system that automates that process, and promises to take human error out of it, will be just too tempting. 

 

Today is not the day to debate the wisdom of the “Moneyball-ization” of America, the wisdom of our newfound romance with everything and anything that fits into a database.  My main concern with Facebook scores -- as it is with insurance scores -- is the lack of transparency. Odds are that you pay more for your auto insurance than you should if your credit score is low. How much more? No one knows, because the U.S. Supreme Court has ruled that auto insurance companies don't have to tell you. Insurers have decided that credit scores are a good predictor of future insurance claims, and punish drivers based on that.  But they don't have to tell them what the low-score penalty is.

Soon, some workers will face mysterious troubles getting past the first round of interviews, and have no idea why.  The cause could be an embarrassing photo in a social media profile. But based on this new research, it could that they don't discuss classic literature often enough in their timeline, or they don't have 700 friends. 

Study after study shows that while Americans claim to care about privacy, they don't.  Fewer than 10 percent change their behavior in an attempt to preserve their privacy; another  third essentially believe: "I have nothing to hide so why should I care?" 

Your Facebook score is the answer.

Professor Daniel Solove of George Washington University, who studies the intersection of privacy and policy, has found that most young Facebook users aren't worried about the things they post online because they have a naive faith that it won't hurt them later in life.  They believe no hiring manager would hold some random Tweet against them. They are wrong.  An HR department facing a stack of 100 resumes for one job would love a numerical tool that could automatically whittle the pile to five or six.  HR departments already do some of this whittling based on credit reports.

When young people tell me they have nothing to hide, I often ask them about their music  tastes. Most use iTunes, and increasingly use subscription services like Spotify. These firms know everything about their music tastes.  It is a very small leap to imagine these companies selling this data to employment background firms, which might then find a correlation between the bands that subjects listen to and their likelihood they'll habitually be late to work. Suddenly, a private allegiance to Megadeth could become a debilitating problem for an innocent worker who would have no idea why the rejection letters won't stop.

"No fair," folks often reply.

"But quite legal," I respond. Due to a quirk in the law (thanks to a very embarrassing Supreme Court nomination proceeding for Robert Bork), video rental records cannot be shared and sold in this manner. Thank God, otherwise Netflix would have done this long ago.  But music, social media posts, blog comments -- all these things are fair game to be sold, shared, jammed into a spreadsheet, and used to raise your health insurance rates or block you from a promotion.  Bought a lot of ice cream in 2008-2013? Watch those health insurance rates rise in 2020.

Maybe that's a good thing. To be fair, some people with higher credit scores do pay less for auto insurance because of this system. We can bicker about the wisdom of data mining and correlations. But we can't bicker about this: None of this is transparent.  No laws are in place to make sure this is fair.  No one has debated the wisdom of allowing social network activity to influence employment prospects (while other societies have decided against it). And most important, no one has made the rules clear for consumers.

There is a model for this. In the credit world, when consumers are denied a loan because of a low credit score, they are entitled to receive a "notice of adverse action." They are also entitled to see a copy of the credit report used in the decision.  Now is the time to think about regulations to ensure such consumer rights in this even-expanding world of "Score-sanity."  If someone's job prospects are hurt by the number of Tweets they publish on the New York Yankees, they should know. They should be entitled to a copy of their "Facebook Score" and the report that goes with it. 

I know companies which create such reports view them as proprietary, as the secret sauce they sell, and they fear that if consumers learn how the system works, they'll try to game the system. Tough. We’re talking about lives and livelihoods here. 

Correction: An initial version of this report said HR departments use credit scores when considering applicants. They use credit reports without a credit score.

*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter. 

 

Identity thieves have regained the upper hand, suggests a new survey released Wednesday by fraud research firm Javelin Strategy & Research.  The firm's annual survey of 5,000 consumers suggests a rise in the rate of ID theft during 2011, reversing a drop in identity-related that was found in last year's survey.  The main cause of the new increase: A return to old-fashioned credit card fraud.

"There's been a rebound. … ID thieves have bounced back," said Javelin President James Van Dyke, explaining that meant about 7.7 million Americans were hit with credit and debit card fraud in 2011, or about 2.2 million more than in the previous year.

The survey estimates that 11.6 million Americans were hit by ID theft in 2011, compared to 10.2 million in 2010. Put another way, 4.9 percent of the U.S. adult population -- roughly 1 in 20 adults -- was affected by identity-related fraud last year, compared to 4.35 percent of the population in 2010.

---

Javelin, like the Federal Trade Commission, uses a fairly broad definition for identity theft:  any time a transaction occurs using a victim’s name or account information without authorization.

Nearly all the increase can be attributed to sharp rise in credit-card fraud, the survey found. Last year, 2.3 percent of all adults found unauthorized charges on their cards, compared to 1.4 percent in 2010.

A recent rise in credit card fraud has also shown up in previously unpublished research by security firm Gartner. Analyst Avivah Litan shared the data with msnbc.com. 

Her survey found that, of all adults who say they've been hit by credit card fraud at some point, 29 percent said the most recent incident had occurred in the 12 months preceding September, when her survey was conducted.  That compares to just 18 percent who said the most recent incident hit 13-24 months earlier.

"Our data says the same thing (as the Javelin data)," Litan said. "It is worth noting that increases in fraud rates are even more pronounced on the small business and corporate side, which Javelin didn't survey."

Javelin's 2011 survey is the seventh time the firm has queried American adults looking for ID fraud trends. The survey, which has a maximum margin of error of 1.7 percent, was sponsored by several financial services companies, but Van Dyke said the sponsors weren’t  allowed to interfere with the research methodology or the publication of the resulting report.

What would cause a rise in old-fashioned card data theft?  Numerous factors, Van Dyke said.

"It's probably partly an issue of where the gains (the banks) had made couldn't be sustained," Van Dyke said. "Also, the economy also plays a part. We've done this long enough to see a correlation between the state of the economy and this kind of fraud." 

The recession has made life a bit harder for banks’ back-end fraud prevention systems, too. Some consumers have simply stopped using credit cards, but maintain open accounts. These dormant cards are ripe for fraud.  Meanwhile, the recession has also dramatically altered some consumers’ buying patterns, throwing banks’ pattern-recognition efforts off.

There is good news within Javelin's results, however.  The rate of new account fraud -- when a criminal uses a victim's personal information and good credit to open up new accounts -- has dropped slightly, according to survey takers. New account fraud is much more of nightmare for victims, and more costly to financial institutions..

"In fact, the overall amount lost to identity fraud is down slightly," Van Dyke said, from an estimated $20 billion to $18 billion.

The survey also hints at some other larger trends in identity security.  Smartphone users are about 30 percent more likely to report being hit by ID fraud. Surprisingly, 62 percent say they do not use a screen password to protect their devices.

"People aren't protecting their devices," Van Dyke said.

Some 36 million Americans, or roughly 15 percent of U.S. adults, say they received a data breach notification in 2011 from a company indicating it had lost their personal information.  Those who say they received such a notice were more than nine times as likely to also report being fraud victims.

"This is a trend we see spanning four years now, yet we haven't been able to generate any meaningful public awareness around it," Van Dyke said. Many consumers don't even sign up for free credit monitoring services when they are offered by companies that have leaked data, he said. 

Even so, more Americans detected ID fraud through electronic monitoring of accounts -- such as through online banking -- than through paper statements, the first time that has happened, according to the survey.  Such monitoring leads to earlier detection and lower financial losses for both banks and consumers.

Finally, the survey suggests some connection between active use of social networks and ID theft. Slightly more than 10 percent of LinkedIn users say they were hit (10.1 percent), while 7 percent of Google+ users and 6.3 percent of Twitter users reported being victims -- all three above average. Facebook users, at 5.7 percent, were barely above the national average of 4.9 percent.

Those with public profiles often confessed to being careless with data: 45 percent share their birth date and year;  63 percent shared their high school; 18 percent shared their phone number; and 12 percent shared their pet's name.

"We still have a significant education problem," Van Dyke said. "Consumers are having trouble  being able to grasp what is sometimes conflicting advice in the marketplace. In fact, sometimes it’s impossible to follow the patchwork advice they are given."

*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter. 

When you buy an online coupon, how do you know a store will honor it?

Edgar Dworsky walked into Rose's Chinese Restaurant in Waltham, Mass., last week with a $6 coupon he’d purchased for $3 and found out the hard way that not everything is what it seems online.

The online coupon category is getting more crowded daily. Led by giants Groupon and Living Social, there are now hundreds of smaller competitors. But not every email offering a discount is a good deal.

Dworsky purchased his coupon from MobileSpinach.com in early February. But when he went into Rose’s, the owner said he’d never heard of MobileSpinach and didn’t plan to honor it. Instead of enjoying a cheap meal, Dworsky found himself in the middle of the messy world of online merchant discounts.

---

Dworsky’s tale isn’t unique. Many store owners around the country say they’ve never agreed to accept coupons being offered for sale on MobileSpinach, and the firm has been dogged by nationwide complaints that it is selling allegedly “fake” coupons. 

The firm’s co-owner, John Vitti, blames the complaints on misunderstandings, poor memories of merchants and over-eager affiliate salespeople, and says he’s happy to issue refunds.  But merchants getting pitched daily by ever-increasing number of Groupon-like sites are often caught in the middle, completely confused by the complicated world of e-coupons.

Dworsky was equally frustrated when he tried to use his coupon on Feb. 11.

“The man at the counter, the owner, said he didn't know what this certificate was, that he never agreed to offer these certificates, and that he had not been paid for them. He indicated that someone had come in the day before with one like it also," Dworsky said.

And while MobileSpinach later agreed to refund the $3 he'd spent on the coupon, he wasn't really satisfied. Calls placed to other nearby restaurants unearthed a similar pattern.

"This is a scam of sorts ... or a naive company that thinks they can advertise deals that they have not yet formally acquired," said Dworsky, a former assistant attorney general in Massachusetts who now runs the consumer advocate website MousePrint.org.

Indeed, MobileSpinach has previously been accused of selling deals it didn't really have the right to sell. Last August, San Francisco-area foodie magazine Grubstreet wrote two stories about restaurants and consumers getting tripped up by Mobile Spinach group coupons that weren't authorized. In November, a student newspaper at George Washington University reported the same problemin the Washington, D.C., area. The paper said 50 disappointed consumers were turned away from a small restaurant called Crepaway with invalid $10 vouchers they'd purchased from Mobile Spinach for $5. 

Other unusual stories dog Mobile Spinach. Jim Gilbride, who owns Old Country Deli in Hicksville, N.Y., told msnbc.com that a caller recently offered him an opportunity to buy a Mobile Spinach ad. He declined, and was surprised when the ad showed up on MobileSpinach.com anyway.

"I never heard him say (the ad would go up anyway)," Gilbride said. "I dismissed him when he called."

A man who answered the phone at Kabob Corner in Medford, Mass., said the same thing about a $3 for $6 coupon offered for that store.

"It is a fake coupon," he told msnbc.com before hanging up.

Even merchants who have dealt with Mobile Spinach seem to face some confusion.

At Creative Cakes in Silver Spring, Md., owner Randi Goldman said she agreed to a $5 for $10 in merchandise deal with Mobile Spinach about six months ago.  She generally feels pestered by sites like Groupon and Living Social, and doesn't like the revenue split they offer -- merchants only pocket 25 cents for every dollar in value that is sold. But her Mobile Spinach salesman said she'd earn 100 cents on the dollar for every coupon sold.

"They said they'd pay me $5 for every coupon, and there was a special deal with the credit card companies who would pay the other $5," Goldman said.  So far, only a few coupons have been redeemed and her PayPal account has been credited the funds, she said.

Vitti, the co-founder of Mobile Spinach, admits that there have been some customer service issues, but blames them on confusion in the coupon marketplace.

"This space is getting crowded," he said. "There's just so much confusion. Sometimes merchants don't remember what they've agreed to."

That's his explanation for Dworsky's issue at the Chinese restaurant.

“I personally had a conversation with the owner of Rose's Chinese Restaurant and he apologizes for this confusion and so do we,” he said. 

A worker who answered the phone at Rose’s said the owner wasn’t present and declined to comment.

Vitti said the rash of San Francisco complaints was the result of a short-term experiment that involved offering deals for sale before they'd been arranged with a merchant. The company later ditched the idea, he said. 

He attributed the Washington, D.C.,-area complaints to rogue affiliates. Some deals on MobileSpinach.com weren't arranged directly by the Mobile Spinach sales team, but rather by affiliates in a revenue-sharing arrangement.

"There was confusion because the only way to redeem those was for people to make purchases online, and they were walking into the store with those," he said. "Over time we were getting more and more customer support issues, to a point where we are uncomfortable with them. Sometimes these aggregators and deal providers don't have best relationships (with merchants). ... Sometimes you wondered, ‘Who's got the relationship here?' "

So as of Feb. 4, he said, Mobile Spinach has stopped dealing with affiliates and will only promote deals sold directly by its sales force. The number of deals being offered dropped from "thousands to about 400" as a result, he said.

"We are trying to clean up this industry," he said. “There has been many well documented problems in the coupon, gift card and now the deal space with redemption at any size merchant ... even large national retailers.”  

He said the full value offer to Creative Cakes was real – “customer acquisition costs,” he said – but added that it is only temporary.

Consumers who feel they've purchased a bad deal from Mobile Spinach should contact the firm for a refund, he said. "We have a refund-anytime, no-questions-asked policy," he said.

Merchants, however, face a slightly trickier proposition. They can refuse to honor any coupon, but that risks irritating a potential customer. Gilbride, the deli owner, said he'd probably honor a coupon brought in by a frequent customer just to avoid a negative interaction. 

”I've been in this business 26 years now," he said. "I try not to get frustrated anymore by any of this." 

*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter. 

 

"I should have flown with someone else or gone by car/’Cause United breaks guitars."  

Dave Carroll created perhaps the most successful gripe against a misbehaving company in the history of gripes, doling out Web-style justice with a remarkably viral -- and sarcastic -- music video. Now, he's trying to share his formula for success with other consumers on a website named Gripevine.com.

The site, which is free for consumers, is the latest in a crowded field of Web services that aim to act as a megaphone for aggrieved consumers who otherwise feel ignored when companies do them wrong.

---

Carroll suffered every traveling musician's nightmare in 2008. When he arrived at a gig after a flight, he found his guitar had snapped in two. The Canadian musician’s nightmare became United Airlines' nightmare after he posted the video.

Carroll's catchy and hysterical music video spread like wildfire in early 2009. As views crept upward toward 10 million, it was obvious that his song had become the gold standard in Web-based consumer revenge.

Carroll’s guitar catastrophe occurred six months earlier, when he tried to safely transport himself and his $3,500 Taylor acoustic from his home in Halifax, Canada, to Omaha, Neb. During a stop in Chicago, he says he and other passengers witnessed baggage handlers recklessly tossing bags on and off the flight. When he arrived in Nebraska, his instrument was critically damaged.

As recounted by Carroll, six months of haggling ensued. Carroll said he tried to make United fork over $1,200 to cover costs of repair. The airline refused. He said he'd accept the money in travel credits; United still wouldn't budge. As an act of desperation, he wrote the song and enlisted friends in the video production.

Within a few days, the song was viewed half a million times. Apparently spooked, United called offering Carroll $2,400 in cash and credits, which he said he declined, instead encouraging the airline to donate the money to a music school.  The song rocketed up the iTunes music chart, and Carroll received two Taylor guitars from the factory to use as props in a follow-up video.

And with the experience offering a nice lift to his band, Sons of Maxwell, it also opened him up to an entirely new world.

"When it went viral, I was caught off guard by the reaction,” he said this week. “I received about 10,000 emails in first three weeks. It was a conversation starter. People were telling me they liked the video, but they really wanted to share their own story. And they asked me for help. Obviously, I couldn't write a song for everybody. But I had a passion to help somehow."

After a couple of false starts, Carroll settled on Gripevine, which offers a simple-enough platform. Annoyed consumers post their gripes on the site.  An automated system informs the targeted company that a gripe exists and offers them a chance to solve the problem. If that doesn't work, Gripevine offers consumers a tool that "amplifies" the gripe, making it easy for social network friends to "support" the grievance by sharing it with their friends, who can then share it and their friends, and so on. 

"The more times your gripe is viewed and the more people you share it with, the more the company will be motivated to work with you to resolve your issue," says Gripevine on its instruction page.

Gripevine users will also earn "credibility points," which will help companies learn if the griper is just a serial complainer or a genuinely aggrieved customer with a beef.

Carroll is not providing the service out of the goodness of his heart -- companies will have to pay a fee to get access to a "dashboard" that makes dealing with gripes easy. Carroll is hoping that companies view the fee as a small price to pay to stem a looming social media train wreck.

Although Carroll lives in Nova Scotia and his business partners are in Toronto, Gripevine handles consumer complaints across the U.S. and Canada. The site launched earlier this month; so far, 4,000 consumers have signed up and a dozen companies have claimed their Gripevine pages, which Carroll said will be free for the first six months. The website is also in talks with several Fortune 1000 firms, he said.

"Every customer is a potential ‘United Breaks Guitars’ customer," he said.  "The right answer for them is solve each problem before it gets out of hand. ... United could have solved my problem with $1,200 in credits."

While there's an obvious pro-consumer tilt to such a service, and many companies have been initially skeptical when approached, Carroll says he genuinely wants to help both sides of the transaction. 

"We call ourselves the Switzerland of customer service,” he said. “Users can't use profanity. We encourage them to be solution-based. It looks like the small guy taking on big companies, and they are worried about brand bashing. But if you are a good company, you really do want to treat people right. ... Gripevine is one way you can turn these things around quickly."

Gripevine is not alone, though it is more sophisticated than most. A smartphone app called "ComplainApp" makes it easy for users to post their complaints simultaneously on various social networks. A website named GetSatisfaction.com provides tools for companies to set up their own online customer service communities, encouraging quick problem resolution. Straightforward Twitter and Facebook posts often get results, as many companies actively monitor social network for potentially damaging viral moments. And various complaint websites like ConsumerAffairs.com and RipoffReport.com (not to mention the Red Tape Chronicles) offer consumers a chance to simply post their frustrations and hope someone sees them and offers help.

The key for companies, Carroll says, is not waiting passively for the next clever trick that makes an angry consumer a Web sensation.

"When I had this problem, at the beginning, I had no social media clout," he said.  "If companies are solving people's problems based on how many Twitter followers they have, well, that's really short-sighted."

*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter. 

More content from msnbc.com and NBC News

• Cape Cod dolphin strandings keep rescuers working OT
• Leaked: Climate skeptics’ strategy for schools
• Study: 1 in 8 voter registrations have errors
• Restaurant settles lawsuit over N-word receipts

It appears that Mitt Romney now has a Rick Santorum Internet-age problem.

Recall that Web users who search for "Santorum" using a tool like Google are immediately confronted with a parody site that offers a faux definition of the word "santorum" which is not suitable for work or polite conversations.  Within the past few weeks, enterprising Romney-haters have pulled off the same trick, albeit at a slightly less tasteless level.

Searching for Romney using Google now yields a page defining the term Romney as "to defecate in terror" within the first five links or so, reports Danny Sullivan of SearchEngineLand.com.  (Go ahead, try it for yourself).

---

 

Clicking on the site brings visitors to a Web site called "SpreadingRomney.com" which echoes the SpreadingSantorum.com site.  The page repeats the definition and links to a story about Romney's ill-fated family vacation that include a lengthy trip with the family dog strapped to the roof of the car.

"I don’t recall seeing it recently, so it appears to be a new gain,"  Sullivan wrote in a blog post about it.

The rise is unusually meteoric, and almost certainly signifies a concentrated effort to game Google's ranking system. In fact, Sullivan uncovered a page at DemocraticUnderground.com encouraging people to "Google Bomb" the SpreadingRomney site.

(Geeks would say this technique isn't, strictly speaking, a Google bomb. But it certainly must feel like one to the Romney camp).

The site launched on Jan. 10, site creator Jack Shepler told Sullivan. He also said he's not affiliated with any campaign, and created the site just to be funny, "and to make a point."

It got a boost when msnbc's Rachel Maddow mentioned it during her show two days later, but that hardly justifies the high Google ranking. SpreadingSantorum has been around for years, has attracted thousands of links the old-fashioned way, and the site offers real points of debate about gay rights debate.  SpreadingRomney.com is hardly more than a blank page, yet still managed to fool Google and Microsoft's Bing. (Msnbc.com is a joint venture of Microsoft and NBC Universal.)

We've discussed earlier how political entities can trick search engines, and why Google seems to let this go on as a form of political speech.

Sullivan supports that concept, but the quick rise of SpreadingRomney.com might be changing his mind a bit.

"For this site to leap-frog ... others, it creates all the same issues that Google initially encountered with real Google bombs, the impression that anyone can fire off a linking campaign and make it into the top results for anything," he said. "Certainly Google should take a harder look at why its algorithm rewarded a site with so little substance to it."

 

*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter. 

Parents angry about Facebook use now have their poster child. He's a dad wielding a .45 pistol, who posted a YouTube video showing him firing bullets through his daughter's laptop computer as an act of discipline.

The shooter, who identifies himself as Tommy Jordan from North Carolina, has not yet responded to requests for comment, so it's not possible to verify the authenticity of the stunt, in which he allegedly “executed” the laptop after his daughter posted a profanity-laced note on her Facebook page.

No matter: it’s sparked a firestorm of debate. In less than 24 hours, the laptop-pistol video has garnered more than 1.5 million views, many of them parents cheering the uploader's depiction of tough love.

---

 

"I thought the video was great. I can only imagine the look on his daughter's face when she saw that on her Facebook page," wrote one.

"Sometimes to get your point across to a child (especially a teenager) you have to get their attention. These days that's hard to do. So he found a way to get her attention."

Still another: "I applaud it. She'll think twice before she hits the enter button next time. PS. Nice shot."

Other parents reacted with shock at the public humiliation apparently inflicted on the teenager by her father.

Monica Vila runs an online forum for parents struggling to deal with technology and teen issues called The OnlineMom.com.  She falls into the shocked crowd.

"When I saw it for the first time, I got chills," she said. "And when I saw people cheering him on, I got chills again."

She's heard from thousands of frustrated parents through her site, and she's even heard stories of parents hurling laptop computers out the window when children were disobedient. But she's never seen such a public attempt to embarrass a child.

The shooter in the video isn't acting like a parent, she said: he's acting like a peer, taking out his frustration.

"For the life of me I can't understand what the lesson here is," she said. "If you think about it, he basically just threw a similar temper tantrum to the one his daughter threw, except this one with bullets."

In the video, the man says his daughter had posted a profanity-laced comment on Facebook criticizing him, believing he couldn't see it. Using his skills as an IT worker, he did, a fact he mentions several times in the 8-minute video.

"Her actions merited some punishment, but he's basically saying, I'm more badass than you," said Vila. "Plus, the way the whole thing is choreographed. It's not about parenting. It's about him, he's mad, and he has a gun."

Parents have plenty of reason to feel angry -- even desperate -- about kids' use of social networks.  It's not unusual that they'd try something extreme to get their kids' attention, she said.

"I do see the frustration parents feel," she said. "But the applause of other parents saying, 'Yay,' comes from their unwillingness to jump in and be parents in the platform that their kids are playing in."

Betsy Brown Braun, a child development and behavior specialist, is sympathetic to the anger parents feel when faced with rebellious teen-agers. She even conceded that the video has high entertainment value, with the dad puffing on a cigarette while sporting a cowboy hat.

"The reason it's gotten people cheering it on is because parents are frustrated, she said. “ Teenagers are impossible. He was doing what any parent would like to do. They are living vicariously through him."

In fact, most parents have probably fantasized about doing something similar.   The difference is, they thought better of it, Braun said.

"The sane parents have stopped themselves," she said.  "The difference between a sane, mature person and a child is that the mature parent is able to stop their impulses and do appropriate things that can help a child grow. It may not be what you want to do right now, what feels good, but it's the thing that's going to benefit the child three months, six months, years from now.”

When Braun works with parents, she often hears some version of, "You don't know what it's like!" But as the mother of triplets, she had to deal with three teenagers at once. Some of her experiences are chronicled in the books she’s written on raising children, including "Just Tell Me What To Say,” and  “You're Not the Boss of Me."

She said her main concern about the father's actions in the video is the example they set.

"This models exactly what you don't want kids to do when they are upset," she said. "This is about how you handle rage. It's the

poorest example of shooting from the hip you could imagine."

But she saw something in the video that many observers might have missed.

"I heard this as a cry for help.  This guy is in trouble. The communication is so bad between them that, in this case, they are both acting like angry 5-year-olds," she said. "Teenagers can really be impossible. ... You get to the point where you say, 'I've had it. You are driving me crazy!' But he needs other tools for dealing with this."

 

*Abuse, appropriate parenting, or something in between? Tell us here
*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter. 

 

More on parenting from Today.com

• Mom makes wayward teen stand on side of road with a “Honk if I need education” sign advertising his 1.22 GPA 
• Why making your kids cry for YouTube views is not bad 
• Hot sauce used in discipline
  

How much would you pay to be sure you wouldn’t get stuck in a middle seat on a 3-hour flight? Would you pay $2,000? You know airline fees have been a little crazy lately, but this sounds pretty extreme.

Famed consumer advocate Ralph Nader says American Airlines tried to charge him nearly $2,000 extra recently to get an aisle seat for an upcoming flight.

American Airlines says there is no such thing as $2,000 aisle seat fee.  But Nader was informed , repeatedly, that the only way he could be sure he’d be able to get an aisle seat to accommodate his large 6-foot, 4-inch frame on an upcoming Hartford, Conn., to Dallas-Ft. Worth flight was to buy a different ticket than the $750 ticket he already had -- one that would cost him $2,680, or almost $2,000 more.

"I knew that it might be $50 more for aisle seats. But they said, 'Oh no.  The only choice is pay $2,680 or be an elite traveler,’" Nader said. "It's extortion. They are charging you for knee lengths."

---

To be clear, American Airlines hasn't upped its aisle seat fee to $2,000.  Instead, when Nader's travel agent Bill Magner asked for an aisle seat, he was told there were no aisle seats left. When Magner looked at the seating chart of the plane and saw a dozen empty aisle seats, the American Airlines agent clarified by saying that all aisle seats available for seat assignments to non “Preferred” economy class ticket holders were gone.  But if Nader were willing to buy pay a full-fare, refundable ticket –  for $2,680.40 --  he could get a guaranteed aisle seat .

Got it?

"Astonishing," said Magner, who has booked airline seats for Nader for 30 years.  "When I called American Airlines, after I finally got them on the phone, they were absolutely no help."

But the airline said it's got a perfectly sensible explanation, and it's merely doing what nearly every airline does.

"The seats that were eligible to book ahead of time (by non-preferred customers) were already chosen," said Tim Smith, an American Airlines spokesman.  In other words, all the other aisle and window empty seats were being reserved for last-minute business frequent fliers, “preferred” customers or those who are willing to pay higher fares.  "The point of this exercise is to make sure our most loyal customers have first run at those seats."

This "the flight's not full, but it's full for you," confusion should feel familiar to folks who've ever tried to book a free trip with airline miles on a popular route.  Even if a flight is relatively empty, an airline can say that there are no seats left for non-paying miles travelers.  Now that seat assignments have become a source of revenue, airlines are beginning to apply the same logic elsewhere, with some awkward results.

Smith assured us that the airline isn't trying to sell consumers $2,000 seat upgrades -- but in fact, as Nader sat trying to book his Feb. 11th flight on Feb. 1, that was the only option available to him.

Airlines get away with creating artificial seat scarcity when they have a monopoly on certain routes. American is the only airline offering a non-stop from Hartford to Dallas-Ft. Worth, and Nader doesn't have a flexibility in his travels.  So he, like so many other travelers, was stuck.

"They are mopping up when they have control of the routes. It's really amazing," Nader said. ""These are rampaging, crazed corporations. The computer tells them there is no competition and they pull back all the aisle seats looking for money."

It's unclear how many seats are put on hold for last-minute preferred travelers -- Smith said the number varies with every flight based on a complex calculation, though "it's safe to say that the first 5, 6, or 7 rows are saved for preferred."  And that means it’s unclear how many aisle or window seats are available for reserve by economy-class travelers on the lowest rung an airline’s frequent flier ladder.

But don't blame Nader for thinking that a conspiracy is in the works: that the number of aisle seats available to economy travelers is precisely one fewer than they might want at the time of booking.

"They are setting a condition and then backing off and pulling back the seats whenever they want," he said.

Nader did have the option to wait until the day of his flight, when those held-back seats would be released, and hope there would be an empty aisle seat.  But of course, even when paying $750, there would be no guarantee.

RED TAPE WRESTLING TIPS

Exceptions do happen.  And on Saturday, after calls to the airline's executive offices and to msnbc.com, Nader was able to persuade the airline to place him in an aisle seat for his original $750 fare.

You, on the other hand, have only limited  options to make sure you don't get stuck in a middle seat between passengers named "Rock" and "Hard Place." Gaining preferred status on an airline and sticking to it is really the "best" of your bad options. Booking early, before those "available" non-preferred seats fill up, can help.  Only choosing destinations where there's healthy competition will help, but megamergers like the recently completed Continental-United marriage are making those harder to find.

But really, the only way to avoid such Draconian airline fees is to take the train.

 

 Don't miss the next Red Tape:
*Get Red Tape headlines on your Facebook Wall
*Follow Bob on Twitter. 
*Get an e-mail newsletter with Red Tape stories (requires Newsvine registration).

It should be clear by now that nothing online is sacred, and no security company is safe from hackers. VeriSign Inc., the firm at the center of so many critical systems on the Web, was infiltrated by hackers in 2010.  Because details of the attack, first disclosed Thursday by Reuters, are so vague we are left to assume the worst -- and the worst is pretty bad.

It's possible that the VeriSign hackers could turn the Web upside down and create an Internet where nothing would be what it seems.  A hacker website could look and act just like your bank's website. Your PC could easily be tricked into downloading automatic software updates that would appear authentic but actually contain viruses. And no matter what web address you typed into your browser, you could be redirected to a criminal's website half-way around the world.

But there's important context to this story which might ratchet down the "Oh My God!" factor considerably.  For starters, there is reason to believe that VeriSign's revelation is nothing more than evidence companies are starting to comply with rules forcing them to disclose such incidents: In other words, similar successful hacks like this may have occurred in the past but simply went unreported.  We'll discuss the evidence for that in a moment. First, let's look at the possibilities raised by the VeriSign attack.

---

 

VeriSign is involved in two distinct, fundamental Internet security structures that could be impacted by this attack.  A successful attack on one would be serious, but a raid on the other could threaten the Internet itself. So let's start there.

VeriSign's most critical function is its role in the Domain Name System address book, which governs what happens when Web users type common name Web addresses into their browsers.  There are 13 "root"  DNS servers placed strategically around the planet for redundancy. VeriSign operates two of them. Should a hacker gain access to this part of VeriSign's business, he or she could theoretically poison the other 11 root DNS servers, and the bad data would eventually spread to the other DNS servers. The consequences could be dire: It could mean that everyone who typed "msnbc.com" into a Web browser would be sent to a computer controlled by criminals, instead of the real msnbc.com website.  A computer criminal with destructive intensions could theoretically ruin the database that maps names with IP addresses and effectively shut down parts of the Internet. It has long been discussed that these root name servers are perhaps the most vulnerable point of the attack on the Internet

But it's more likely that the agencies controlling the other 11 root Domain Name Servers would be able to regain control of the DNS table and restore the system within a day or two, if not within hours. As you might imagine, root DNS servers do disagree from time to time and there is a process for handling that.

It's also important to note that VeriSign, in the SEC disclosure which started this incident, claims that its DNS servers were not attacked by hackers.

"Access was gained to information on a small portion of our computers and servers. We have investigated and do not believe these attacks breached the servers that support our Domain Name System ("DNS") network," the firm wrote in the filing.

VeriSign's other crucial function is issuing digital certificates through its VeriSign Authentication Services group. Certificates impact your computer use every day because they tell your PC that a company's website or software is really what is says it is. Certificates are a crucial part of the SSL system that ultimately displays a friendly looking lock when you visit your online bank.  They also identify the legitimacy of software updates sent to your computer by software makers.  Many modern PCs won't install software unless it is digitally signed. 

A hacker who could influence the way VeriSign issues certificates would be a massive problem for both consumers and corporations.

"VeriSign is one of the most important enterprise trust authorities in the world, which delivers people safely to more than half the world's websites,” wrote Catalin Cosoi, Chief Security Researcher at Bitdefender Labs. “A certificate issued by VeriSign will automatically be accepted by both browsers and operating systems. This kind of incident practically voids all the security provided by 64-bit operating systems,"

In other words, hackers would have an easy time loading viruses onto PCs around the world.

That's terrible, but it's not new. Virus writers have been compromising certificate issuers with abandon for the past 18 months. It's one of the reasons that Stuxnet computer virus managed to infect millions of PCs worldwide.  That also means structures are in place to deal with fraudulent certificates.

"The worst case scenario would be several phishing attacks with valid certificates that browsers will render as legit," Cosoi said. "This would potentially yield a huge level of data that could be exploited for financial gain. However, it’s important to remember that a strong anti-phishing solution will keep you protected."

Of course, it's not even clear from VeriSign's filing that its certificate business was compromised.  Complicating matters further: Symantec Corp. purchased most of that business from VeriSign last year. For its part, Symantec said on Thursday that the assets it acquired in the sale were not compromised.

"We want to make it very clear that Symantec takes the security and proper functionality of its solutions very seriously. The Trust Services (SSL), User Authentication (VIP) and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the VeriSign, Inc. quarterly filing," said Symantec spokeswoman Nicole Kenyon in a statement to msnbnc.com.

Of course, it’s possible that one of Verisign’s other business unit – it provides extensive security consulting, for example – was the hackers’ only target.  That seems unlikely, however, given the target-rich environment the offers to computer criminals.

To be sure, many experts think the Verisign attack is serious business.

"The SEC filing says 'Information stored on the compromised corporate systems was exfiltrated.' That sounds like a targeted attack to me," said Mikko Hypponen, chief technology officer at F-Secure.com. "Like the one against Google. And RSA. And Lockheed-Martin."

But it's possible the VeriSign admission, buried in the SEC filing, is little more than paperwork which puts in print something that security professionals have long understood: No firm is safe from hackers.  This might be at once comforting and disturbing: In October of last year, the SEC issued guidelines that called out public firms for under-disclosing security leaks and hinted strongly that fines would come when firms failed to report successful hacker attacks. The VeriSign quarterly report was issued soon after, and it's easy to imagine the disclosure is more routine than anyone would like to admit.  In fact, Stewart Baker, a lawyer at Steptoe & Johnson, predicted as much in a blog earlier this month.

"With enforcement so easy, and the harm from breaches so tangible, so serious and so likely to bring headlines, no one should expect the enforcers to go easy on companies that have been slow to disclose. Instead I expect a growing wave of cases based on companies' failure to make timely disclosure of ongoing breaches," he wrote.

Clearly, admission by VeriSign that executives at the firm were unaware of the breach shows a terrible lack of coordination inside the firm. And it's scary to read this admission, too: "Given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information."

Still, it’s important to note that we are talking about attacks that could be a year old, and whatever they were, criminals are already deep in the process of exploiting them. Sad to say there’s nothing most consumers can do in response to this report.

In health news, there’s always the complicated issue of increased diagnosis vs. increased incidence. Is a new disease on the rise, or are we simply better at finding cases of it? The VeriSign incident raises the same question.

But the deeper truth here is probably something that professionals have known for some time: In the cat and mouse game between hackers and security firms, hackers are winning and, in some places, it's starting to look like a blowout.  

 

 Don't miss the next Red Tape:
*Get Red Tape headlines on your Facebook Wall
*Follow Bob on Twitter. 
*Get an e-mail newsletter with Red Tape stories (requires Newsvine registration).