Bedbugs, penny auctions, gold buying-companies and solicitations for home improvement work disguised as “free” energy audits are among the newest complaints that local and state consumer protection agencies dealt with during the past 12 months, according to a survey released Tuesday.

The fastest-growing complaints in the survey by advocacy groups the Consumer Federation of America and the North American Consumer Protection Investigators involved debt collection abuses, Do Not Call list violations, mortgage-related problems and home improvement scams.

---

The report’s top 10 complaints include familiar issues, such as auto sales and repair and credit/debt issues. But a set of real estate related complaints cracked the top 10 for the first time covering issues with timeshare sales and resales, retirement and assisted living facilities and real estate fraud. The full top 10 list is below. 

Tenant bedbug problems and home repair firms using high energy bills to dupe consumers were among the fastest-growing complaint categories, giving consumer agencies around the country a new set of issues to deal with. 

The agencies' report was generated by a survey of 38 state, county and city consumer protection agencies from 22 states from March 2011 through May 2012.

“State and local agencies are essential components of the consumer protection system in the United States,” said Susan Grant, director of consumer protection at CFA. “Their services save consumers and businesses money, relieve the burden on courts, foster confidence in government, keep the public safe, and help ensure fairness in the marketplace.” 

Click here to read the full report (.pdf)

The report also includes numerous cautionary tales.

In Georgia, the Governor’s Office of Consumer Protection told surveyors that more than 100 consumers complained that a penny auction company named Wavee charged their credit cards $179 for "bid credits" without their permission after they signed up. After an investigation, Wavee refunded more than $1 million to 16,000 consumers.  In another penny auction case, iTicketBid.com refunded $22,000 to Georgia consumers when it allegedly failed to deliver sporting events tickets and other merchandise.

In Virginia, the Fairfax County Department of Cable and Consumer Services said it fielded numerous consumer complaints that a debt collection agency was taking money from their bank accounts without their knowledge or consent.

"In one case, a consumer said that she had paid her dentist directly for the $40 she owed him, but in the meantime the collection agency that the dentist hired took the account information from her check and created a ‘remotely authorized’ check in her name to electronically debit $30 for late fees from her bank account," the report said. 

In Florida, the state's Department of Agriculture and Consumer Services said bogus "free energy audit" solicitation phone calls were among the fastest-growing Do Not Call violation complaints.  Callers often falsely claimed that because the audit was free, the call was not subject to the restrictions of the Do Not Call law. 

The Pinellas County (Fla.) Department of Justice and Consumer Services reported that consumers also received postcards or flyers promising free audits to help lower their utility bills.

"In one case, the consumer was told that his electric bill would be reduced by at least $130 a month and that he was eligible for a $360 rebate from the federal government if he agreed to have a special ‘energy efficient radiant barrier’ that was used by NASA installed in his home," the agency said. "He was pressured into opening a $5,800 line of credit for the work. The company started the job but never completed it."

The fastest-growing set of complaints to the California Department of Consumer Affairs involved bogus locksmiths and other firms that practice without proper licensing.  Locksmiths use the Internet to advertise low prices to consumers in crises, including being locked out of their homes. But after disassembling locks, they often sharply raise their quoted prices.  The department said it forced several such security companies to close, and made hundreds of others obtain proper licenses.

A new type of identity theft combining computer hacking and old-fashioned telephone tricks showed up among complaints reported to the New York State Department of State Division of Consumer Protection. A woman received an unsolicited call from a man who said he was a computer security professional and that her computer was infected with a virus.  He then tricked the woman into divulging her password and promised to fix her issue.

"The next day, however, she noticed an unauthorized charge on her credit card and realized that she had allowed an identity thief to gain access to the personal information stored on her computer," the agency reported.  

Also in New York, the demise of Hollywood Video turned into a headache for many consumers. After the video rental store shut down and filed for bankruptcy, the New York consumer agency received many complaints from consumers who said that Universal Fidelity Corp. -- which is managing the bankruptcy -- was demanding payment for unreturned videos, even though they had returned the videos and owed nothing. The agency says it is resolving complaints through mediation.

 

Top 10 Complaints (with last year’s rank in parenthesis)

1. Auto (1): Misrepresentations in advertising or sales of new and used cars, lemons, faulty repairs, leasing and towing disputes.

2. Credit/Debt (2): Billing and fee disputes, mortgage modifications and mortgage-related fraud, credit repair, debt relief services, predatory lending, illegal or abusive debt collection tactics.

3. Home Improvement/Construction (3 -- Tie): Shoddy work, failure to start or complete the job.

4. Retail Sales (3 -- Tie): False advertising and other deceptive practices, defective merchandise, problems with rebates, coupons, gift cards and gift certificates, failure to deliver.

5. Utilities (4); Service problems or billing disputes with phone, cable, satellite, Internet, electric and gas service.

6. Services (5): Misrepresentations, shoddy work, failure to have required licenses, failure to perform.

7. (Tie) Internet Sales (6): Misrepresentations or other deceptive practice, failure to deliver online purchases.

7. (Tie): Landlord/Tenant (8): Unhealthy or unsafe conditions, failure to make repairs or provide promised amenities, deposit and rent disputes, illegal eviction tactics.  

8. Fraud (9): Bogus sweepstakes and lotteries, work-at-home schemes, grant offers, fake check scams, the “grandparent scam” and other common frauds.

9. Real Estate (not in top 10 last year): Timeshare sales and resales, retirement communities and assisted living facilities, real estate fraud.

10. (Tie) Household Goods (7): Misrepresentations, failure to deliver, faulty repairs in connection with furniture or appliances; Home Solicitations:

10. (Tie) Misrepresentations (10): Failure to deliver in door-to-door, telemarketing or mail solicitations, do-not-call violations.  

 *Follow Bob Sullivan on Facebook.
*Follow Bob Sullivan on Twitter.  

Skype helps keep more secrets than any software on Earth, but just how safe are those secrets? That question arose again in earnest this week, after a set of stories claimed new Skype technologies made it easier for law enforcement to eavesdrop on members.

With 250 million users, Skype –owned since 2011 by Microsoft -- might be considered the world's most widely distributed communication tool. Because its software encrypts those conversations, it is certainly the world's biggest deployment of encryption tools.  That's served the service well for years: It has a reputation for helping dissidents foment revolutions, and for being a last bastion of privacy. 

Governments, of course, hate secrets, and secret-keeping technologies that might enable what they identify as criminal behavior. Skype makes it possible to have phone calls that can't be wiretapped -- making the service a battleground in this perpetual privacy vs. order fight.

Since Skype first went corporate in 2005, with its purchase by eBay, that battleground has grown even more complicated.  A scrappy start-up can ignore the Chinese government and the FBI for a while; a Wall Street company with billions in revenue cannot.

Since that time, privacy advocates like Chris Soghoian have called on Skype to clearly spell out its secret-keeping technologies and provide assurance that it's not cutting deal with government agencies, enabling secret wiretaps or other intrusions.  In his view, Skype has been coy, and only answered in generalities.

---

"There are a lot of people who deep in their gut mistrust Skype," said, Soghoian, a fellow at the Washington, D.C., advocacy group Open Society Foundations, which says it promotes democracy around the world.

That mistrust set the stage for a flurry of reports this week suggesting that the service is no longer fully private. A flurry of bloggers -- noting the introduction of centralized "supernodes" by Skype that might provide a central point for eavesdropping, and a Microsoft patent describing a technological method for eavesdropping -- put two and two together and speculated that Skype's communications tools were no longer fully private.

In a rare step, Skype responded with a detailed rebuttal on its website.

"Nothing could be further from the truth," wrote Mark Gillett, the firm's chief development and operations officer, speaking generally about accusations that Skype is acting "against our users' interests."  He issued a point-by- response to many charge specifically leveled against Skype, saying that nothing about Skype's "posture and policies" with regard to law enforcement had changed. 

“Supernodes,” which route Skype traffic through central servers rather than allowing point-to-point connections, merely improve the flow of information around the service, Gillett said. What's more, they connect only addressing information -- actual phone calls don't flow through those servers, so they do not provide a convenient access point for wiretaps. That denial is clear and specific.

"Skype to Skype calls do not flow through our data centers and the 'supernodes' are not involved in passing media (audio or video) between Skype clients," Gillett wrote.

Moreover, he pointed out, they were first deployed back in 2010, well before Microsoft purchased Skype.  

There are, of course, plenty of other ways that law enforcement could theoretically crack its way into Skype calls. There could be a backdoor built into the service. Skype could create and keep a spare set of encryption keys to unlock message at government requests.  As Soghoian suggests, Skype could even authorize encryption keys that would allow the government to impersonate a user, and then perform a so-called "man in the middle attack," with a government agent secretly inserted into the middle of a phone call, able to eavesdrop.

Answering a query from NBC News, Skype executive Chaim Haas, said in an email that the firm does not save keys for government use.

"Encryption keys ... are not revealed to users or escrowed to third parties and are discarded when the session ends," said Hass, the service's senior vice president for technology, emerging media and digital strategy. "(The) use of credential-based identities and end-to-end encryption to make 'man-in-the-middle' attacks very unlikely," he added.

Skeptics like Soghoian still aren't satisfied, however. He says the volume of the conspiracy theories from the past week shows how much people are suspicious of Skype, even if supernodes are the wrong reason to doubt the company.

"Skype is always very careful how (it) phrases things," he said.  "If they say they haven't changed their intercept policy since Microsoft purchased the company, then the question to ask is, 'What was that policy before?' If you ask them, they won't give a straight answer."

Indeed, the answer Skype gives consistently to that question is this: "When a law enforcement entity follows the appropriate procedures, we respond where legally required and technically feasible."

It's that “technically feasible” part which bother Soghoian.

"Why don't they just come out and say how their technology works?" he said. "The company is extremely evasive and we wouldn't accept that anywhere else. ... Think about this: What other security company is there where the company won't describe how it secures user data, but people still assume it's safe?"

It's those assumptions that bother Soghoian. People say things on Skype that they wouldn't say elsewhere because they assume the conversation is completely safe from prying eyes.  If it's not, there's a real hazard.

"There's a solid body of research which shows that when people think they are safe, they will engage in riskier activities," he said. "People use Skype because they think it's secure, but Skype has done nothing to clarify what it does and doesn't offer." He's concerned that Skype is, in a sense, having it both ways -- benefitting from offering a communications tool with a reputation for being completely safe from government's prying eyes, while benefitting from relationships with governments that help its business.

Other technology companies, like Google, provide what are called "transparency reports," which give some information about the number of times they have fulfilled requests from government agencies. Twitter released its first such report earlier this month. So far, Skype has not done so.

Still, a transparency report is not likely to answer the key question: How safe are secrets on Skype? By the time that answer arrives, it will likely be too late to be relevant.  It's a bit of a Catch-22.  The day that data gleaned from a Skype-based wiretap shows up in a criminal indictment or lawsuit -- which is often how these mysterious business practices are revealed -- is the day that government agencies will no longer be that interested in eavesdropping on Skype.

"If people hear that Skype is not secure, they won't use it for those private conversations, and they will be less interesting to law enforcement," Soghoian said. 

Such was the case with once-popular encryption email service called "Hushmail." In 2007, it was revealed that Hushmail had helped the Canadian government obtain as massive number of emails while it tried to prosecute alleged illegal steroid dealers.  Hushmail then fell out of favor, and became a less interesting place for law enforcement, Soghoian said.

"Several agencies learned their lesson from Hushmail," he said.  "They blew their cover ... that won't happen again."

 *Follow Bob Sullivan on Facebook.
*Follow Bob Sullivan on Twitter. 

 

Nearly one in six convicted sex offenders is using sophisticated techniques invented by identity thieves to avoid their legally mandated registration requirements, a new study has found. These digital absconders might be able to avoid post-incarceration restrictions by living near schools and playgrounds, and could possibly gain employment working with children.

The study, conducted by Utica College and funded by the U.S. Justice Department, estimates that roughly 92,000 of the 570,000 registered sex offenders across the country are systematically manipulating their names, birthdays, Social Security numbers and other personal identifiers so they can live as they want while appearing to satisfy court-imposed or statutory restrictions.

"These are offenders who are flying under the radar and authorities don't know it," said Don Rebovich, the Utica professor who directed the study. "The authorities really don’t have the resources to keep on checking on these people. Offenders find where the vulnerabilities are in the system and exploit them."

---

These digital absconders create two obvious problems. Communities expend energy and resources dealing with offenders who aren't really there -- local police knock on doors and send notices to warn neighbors; public listings are published on the Internet. And sex offenders live where they please as normal adults, without any protective measures kicking in.

"In the worst-case scenario, by thwarting registration requirements, they could potentially have easier access to children," said Staca Shehan, director of case analysis at the Center for Missing and Exploited Children, who is familiar with the study. "(In) those jurisdictions that have residency restrictions that would not allow (offenders) to live within distance of a school, daycare or park, (they) could avoid that type of requirement."

While the study found that an average of 16.2 percent of sex offenders manipulate their identities nationally, some states fared worse: Louisiana, Washington, D.C., Nevada, Tennessee and Delaware all had digital absconder rates of higher than 25 percent.

Officials in Tennessee, Nevada and Delaware challenged the study's conclusions and complained that they had not been contacted by the researchers for additional information that might have clarified the results; officials in the other states did not immediately respond to requests for comment.

'Strategic' manipulation
Shehan said there are generally two kinds of sex offender absconders: those who simply fail to keep their records current, and hope they fall through the cracks; and those who are more systematic in their evasion, intentionally altering their identities so they can circumvent the restrictions. 

"That takes a lot more thought," she said. "They are much more strategic about what they are doing ... and so that's much more concerning."

In one celebrated case of sex offender identity manipulation, a convict named Frank Kuni changed his name to Jamie Shepard and was able to get a job as a U.S. Census worker in New Jersey. Kuni was recognized by a mom after he knocked on the door of her Pennsauken home, and he was later sentenced to three years in prison. Kuni’s case attracted national headlines because of the fear it created surrounding temporary Census workers.

The Utica study, believed to be the first attempt to quantify these more strategic absconders, was conducted by Utica College's Center for Identity Management, set up to examine a variety of identity issues in the digital age. Rebovich is director of the center.

It's well known that some sex offenders neglect their registration requirements, dropping off the grid and accepting only cash-paying jobs to remain hidden. But the Utica study found something more subtle, and perhaps more disturbing -- sex offenders who appear to be satisfying their registration requirements while living a digital double life.

In a parallel survey of 223 law enforcement agencies from 46 states, Utica found that awareness of ID-theft style registry evasion was low -- only 5 percent of respondents said they knew of an identity manipulation case within their jurisdiction. 

And nearly 40 percent of the agencies responded that they had zero absconders, suggesting some law enforcement agencies are unaware of the problem.

The power of the Utica study lies in the use of sophisticated algorithms developed by private firm ID Analytics, a fraud-fighting company used by many large banks and other financial institutions. ID Analytics receives more than 1 billion credit applications and other credit-related events from clients every year. It uses sophisticated software to track the behavior of identity thieves across the credit system, and can find fraud that individual firms miss. It knows, for example, if a criminal uses a systematic series of birthdays or addresses on a set of credit card applications at various banks in an attempt to evade fraud detection. The ID Analytics tool has enough data that it can generally tell the difference between honest typographical errors and systematic fraud attempts. 

ID Analytics ran sex offender data through its massive database of credit-related events, and found evidence of rampant identity manipulation among the offenders.

Kristin Helm, a spokeswoman for Tennessee's sex registry, challenged the study's findings, saying that fewer than 1 percent of that state's sex offenders are absconders. Criminals have always used false identities to try to evade police, but law enforcement systems are geared to handle that issue, she said. "Fingerprints obtained by law enforcement identify individuals regardless of a name or Social Security number," she said, adding that names sometimes change for legitimate reasons, too, such as marriage. 

But Stephen Coggeshall, chief technology officer for ID Analytics, said his technology is well-versed in screening out mundane reasons for identity changes and finding patterns that specifically indicate active evasion is taking place.

"This goes way beyond typos," he said. "These are people who have slightly adjusted or substantially adjusted their personally identifiable information for a reason. They are actively doing so, and we are observing them use these aliases relatively recently."

Nevada spokeswoman Julie Butler also questioned the validity of the study, which she had not seen. She said that Nevada uses fingerprints to track sex offenders, so identity manipulation techniques would be ineffective.

"Our registry is fingerprint-based. We don't base it on date of birth, or Social Security number, or name," Butler said. "They can put down their name as whatever and we still have them in the database."

But Coggeshall responded that even in states which use fingerprint identification, an identity manipulator would only be discovered when trying to engage in an activity – such as becoming an elementary school teacher – which triggers a fingerprint evaluation. 

"In general it doesn't help you track where they are or if they're living under an alias at an unregistered location," he said. "It can help to find sex offenders as they enroll in certain groups, but many … groups don't routinely fingerprint new enrollees."

SSNs connected to multiple people
Two years ago, using this tool on a database of Social Security numbers, ID Analytics found that rampant evidence of identity theft: 5 million SSNs were connected to three or more U.S. adults in credit applications, and 140,000 were associated with five or more people, indicating almost certain fraud. The tool can also track individual identity manipulators, as ID Analytics calls them, as they attempt various frauds across an array of credit issuers.

This tool was turned on the sex offender registry problem at the invitation of Utica College in Utica, N.Y., beginning last year. ID Analytics took a large sample -- nearly 100,000 -- of the 570,000 active registered sex offender records and ran them through its credit application database, looking for signs of manipulation.

The findings were disturbing. In Louisiana, the study found, nearly two-thirds of offenders' records showed signs of manipulation. Rebovich theorized that Louisiana's problem might stem from the aftermath of Hurricane Katrina, which gave some people a golden opportunity to drop off the grid.

Officials in Louisiana did not immediately respond to requests for comment.

In many cases, the study found, the steps criminals take are subtle -- changing an address from "440 Monroeville Road" to "434 Monroeville Road," for example. In fact, in the majority of cases, digital absconders were much more likely to move across town than across the country. Absconders who fake their address are six times more likely to remain in the same state than to cross state lines, the study found, and 90 percent of those who remain in state stay within 40 miles of their original registered address. In many cases, the data shows, those addresses belong to a family member. That might allow absconders to show up on a moment's notice at their registered address in case local police do a random check, Rebovich said.

But the address change could also allow them to apply for jobs and housing they would otherwise be unable to qualify for, he said.

While half of the manipulations involve bad addresses, plenty of other types of evasion are going on, the study found. One subject studied had five names, three Social Security numbers and four dates of birth, for example.

About 10,000 offenders had used at least four different Social Security numbers, Rebovich said. The evidence indicates this was usually done to evade the court registration requirements rather than commit financial identity theft, the study found.

One reason sex offenders seem to get away with evasion is that registration requirements are set by states and vary widely. In some states, convicts merely send updates through the U.S. mail to state officials, and are subjected to little, if any, verification. In others, officers try to check on sex offenders, but ofter are assigned hundreds, or even thousands of offenders, to track.

In other states, such as Florida, there are strict requirements and frequent random inspections, Rebovich said. That shows up in the data -- Florida's digital absconder rate is about half the national average, at 9.4 percent.

The study was funded by the Justice Department's Bureau of Justice Assistance, which plans on issuing a comprehensive report later this fall. Requests for comment from the Department of Justice went unanswered.

'System is never going to be perfect'
Shehan, of the Center for Missing and Exploited Children, said she didn't believe that the potentially high rate of digital absconders means the entire sex offender registry program is broken. In fact, she said the situation has improved since passage of the Child Safety and Protection Act of 2006, which instituted some national standards on offender registries.

Still, she said it's important that states move to biometric identifiers, such as fingerprints, to maintain more accurate records of offenders and their whereabouts.

"Criminals are constantly thinking of ways to beat the system," she said. "The system is never going to be perfect."

Rebovich is hoping the study will spur new methods for checking up on sex offenders, including techniques that would seem familiar to those who work in financial fraud. In a model developed by Utica and ID Analytics, offenders could be given a score, similar to a credit score, which would rate the likelihood that identity manipulation was occurring. 

"We are trying to develop a predictive model," he said. "So we can turn it into an alert system, so states can do this in real time, if they want to."  

Coggeshall said such an alert system would have helped police track down Frank Kuni before he was able to get a job with the Census Bureau.

"In retrospect, we know there are things we would have been able to observe" he said.

http://on.msnbc.com/topnewsemailsignup">Click here to sign up to receive our Top News email each day.

 *Follow Bob Sullivan on Facebook.

*Follow Bob Sullivan on Twitter.  

Scammers committing a particularly painful form of identity theft appear to have hit on just the right formula to trick thousands of victims: A punishing heat wave, large utility bills, a bad economy and a good story.

The criminals have been marching across the country, making their way from state to state, persuading victims that a special federal government assistance program -- sometimes described as a bailout authorized by President Barack Obama's administration -- is available to pay their utility bills. Victims are given bank account and routing numbers to use when paying their bills online, but only after they "register" by surrendering their Social Security numbers and other personal information.

There is no such utility payment assistance program. But electricity users seem to be falling for the ruse everywhere, making it in one of the more successful scams in recent times. Last week, 2,000 people were tricked in Tampa the local utility company, TECO Energy Inc., told msnbc.com.  There were more victims in North Carolina, Pennsylvania, Indiana, and across New England. Utility firms in Utah and Californiareported similar scam epidemics earlier this year. And at least 10,000 people fell for the scam in New Jersey in recent weeks, Public Service Electric & Gas told msnbc.com.

---

"We see scams once or twice a year, and a handful of people fall for them. But this is crazy," said Sylvia Wood, TECO spokeswoman. She said about 2,000 customers tried to pay their bills with bogus account information traced to the scam within a 24-hour period last week. The scam spread so fast that all callers to TECO are now greeted by an automated message with a warning.

The continued spread of the “Obama utility bill scam,” as some have dubbed it, means it’s likely coming to a neighborhood near you. Scammers find victims through all the usual digital channels -- emails, bogus tweets, even Facebook messages. But in an unusual twist, the scam also has a real-world element. Agents for the criminals are going block by block, knocking on doors and handing out leaflets, encouraging people to pay their bills with the bogus account information.

One reason the scam is spreading: It seems to work. Before the local utility company gets wise to the bogus account numbers being used, the payments are processed and initially credited to victims, who receive payment confirmation notices. The victims often share their success stories with family and friends, who also fall for the scam. Only later are the payments rescinded.

Facebook has hastened the spread of the scam, said Bonnie Sheppard, spokeswoman from PSE&G in New Jersey, as victims passon their “success stories.”

"Once it morphed into the social media thing, it just kept getting passed on from friend to friend to friend," she said.

In addition to 10,000 victims, tens of thousands of New Jersey residents also jammed customer service lines asking about the scam, she said. That's good news -- calling to verify the authenticity of an email is a good idea -- but it continues to be an additional headache to the utility company, which has been facing record demand from the heat wave.

Caroline Morales of Bethlehem, Penn., told the Allentown Morning Call that she had been tempted by the scam.

"My neighbor comes running with a paper that had a routing and account number," she told the paper. "She said Obama was helping people pay their utility bills, mortgage and any bills you had." While Morales had her doubts, she said her mom told her, "It's probably true since he is looking for votes."

The myth-busting site Snopes has several version of the scam message on its website.

"My friend just informed me that President Obama is paying her electric bill this month. That supposedly you call and use your ss# as the bank account, then give them the routing number of XXX and that’s it, it pays for your electric bill but only once a year," the site says, describing how the misinformation spreads.

The door-to-door element is surprising. Most ID theft scams are electronic, because physically visiting victims carries great risks for criminals.  But it also helps make the scam believable; solicitors sometimes wear what appear to be utility company uniforms to help sell their story,

It's also possible that the solicitors don't know they are working on a scam, speculated Katherine Hutt, a spokesperson for the Better Business Bureau in Washington, D.C. That agency’s national office has issued a nationwide alert for the scam.

 "I wonder if people going door to door even know," said Hutt. "They could be just temporary employees of the scam artists."

Victims who are invited to try using the fake account numbers to pay their bills second-hand -- from friends, rather than directly from solicitors -- often don't expose themselves to identity theft, because they aren't asked by scam artists for their personal information. They do, however, contribute to the hysteria that might persuade others to fall for the scam if they encounter the criminals in a door-to-door visit.

And they face a serious risk: Victims who try out the fake account numbers may not realize their bill remains unpaid, utility firms say, and they risk late fees or even service interruption. 

"We're doing the best we can to alert customers and tell them that, no matter what, you have to pay your bill properly," said Wood, of Tampa’s TECO. Both TECO and PSE&G said they are, for now, waiving late fees and not threatening to cut off power to victims.

In most areas, the scam is short-lived.  In Tampa, only about 400 bogus payments cleared utility company systems before TECO systems recognized the bogus payments were all coming from a small set of bank accounts. Another 1,600 payments were rejected, according to the firm.

And in New Jersey, an email and telephone campaign seems to have stopped the scam for now.

"Since we publicized this information... the number of customers calling about the scam has decreased dramatically," said Sheppard, the PSE&G spokeswoman.

Still, plenty of regions of the country that have yet been hit, and with summer heat bearing down, there are still prime targets.

"One thing we have been saying again and again since we found out about this," Wood said. "Customers should never pay their bills with information that is not their own. We're encouraging them to use common sense."

 *Follow Bob Sullivan on Facebook.
*Follow Bob Sullivan on Twitter. 

Does the U.S. government read your email? It's a simple question, but apparently there's no simple answer. And the Justice Department and the Internal Revenue Service are reluctant to say anything on the topic.

In March, the American Civil Liberties Union caused a nationwide stir when the advocacy group released the results of its year-long investigation into law enforcement use of cellphone tracking data. After issuing hundreds of Freedom of Information Act requests, the ACLU learned that many local police departments around the country routinely pay mobile phone network operators a small fee to get detailed records of historic cell phone location information. The data tell cops not just where a suspect might have been at a given moment, but also create the possibility of retracing someone's whereabouts for months. In most cases, law enforcement obtains the data without applying for a search warrant; generally, subpoenas are issued instead, which require law enforcement to meet a lower legal standard.

ACLU lawyer Catherine Crump, who ran the cellphone location data investigation, is at it again. This time, she has filed similar Freedom of Information Act requests with several federal agencies, asking about their policies and legal processes for reading Internet users' emails.

"It's high time we know what's going on," Crump told msnbc.com. "It's been clear since the 1870s that the government needs a warrant to read postal mail. There's no good reason email should be treated differently."

---

There are hints that it is being treated differently, however. In a landmark 2010 case, United States v. Warshak, government investigators acknowledged that they read 27,000 emails without obtaining a search warrant, violating both the suspect's privacy and the privacy of everyone who communicated with the suspect, according to Crump.

Evidence obtained during that email search was thrown out on appeal by the 6^th U.S. Circuit Court of Appeals, but that ruling applies only to four U.S. states.

The case opened a window into what Crump fears is a widespread practice.

In the aftermath of the Warshak case, the Internal Revenue Service told its investigators that they should not try to obtain emails without a court order, but in doing so it hinted that other warrantless email searches had been conducted in the past.

For now, hints are all we have. Crump's Freedom of Information Act requests -- filed in February with the FBI, the IRS, the Justice Department's Office of Legal Counsel and other agencies -- were largely ignored, she says. So on June 14, she filed a lawsuit in the Southern District of New York in an attempt to force the agencies to comply.

"Four months have passed and I haven't gotten a single document," she said. "The American people have a right to know."

The federal agencies have until July 19 to reply to the lawsuit. The FBI is not included in the lawsuit because it replied recently denying Crump's request, saying it was too broad. The ACLU is appealing that determination through a different legal procedure.

Justice Department spokesman Charles Miller directed all questions about the matter to the agency's New York office. A spokeswoman for that office, Ellen Davis, said she couldn't discuss it. 

"We do not comment on ongoing litigation," Davis said in an email.

Julianne Breitbeil, a spokeswoman for the IRS, said federal privacy laws prevent the agency from discussing the lawsuit.

The Justice Department and the Obama administration had a chance to settle the issue in April 2011, during a Senate hearing on the Electronic Communications Privacy Act. Instead, officials with both the Commerce and Justice departments failed to provide any clarity. Instead, a Justice Department official argued against extending Fourth Amendment protections -- specifically strict warrant requirements -- to email, saying that doing so would hinder investigations.

"Congress should consider carefully the adverse impact on criminal as well as national security investigations if a probable-cause warrant were the only means to obtain such stored communications," James Baker, associate deputy attorney general, testified at the hearing.

Crump interpreted the testimony as indicating that warrantless email searches by federal agents are routine.

"It was disappointing when the Obama administration refused to commit one way or the other to obtaining a warrant," she said. "It leads me to suspect the federal government isn't getting warrants."

The 1986 Electronic Communications Privacy Act and its subsection, the Stored Communications Act, provides some guidelines for law enforcement review of email, but those are badly out of date now. They declare that federal authorities don't need a warrant for data that's stored externally (as opposed to locally, on a person's hard drive) if it's more than 6 months old. Given the ubiquity of services like Web-based Gmail, the 180-day distinction and the local vs. network storage issues are both now largely meaningless, and that's essentially what the 6^th Circuit Court found.

The discussion of requirements for email searches is more relevant than ever, given the explosion of social networks and their semi-private conversation tools and the coming of age of cloud services, where corporations are encouraged to keep all data in shared spaces that would fall under the Stored Communications Act. Concerned that such privacy issues would slow adoption of cloud services, a coalition of cloud-friendly companies calling itself "Digital Due Process," has argued for updates to the Electronic Communication Act that would require higher legal standards for digital evidence gathering.

A critical element of the email issue is a debate about whether the Fourth Amendment requires the government to get warrant based on probable cause in order to read a suspect’s email. To get a warrant, the government must appear before a judge, and convincingly argue that inspection a suspect’s email will probably turn up evidence of a crime.

"The warrant and probable cause requirement safeguard Americans' privacy in two important ways. Having to go to a judge means there is someone involved whose job it is to look out for the target's rights. And having to demonstrate probable cause will reduce the chances that innocent people have their communications read," Crump said.

The distinction is also important as the U.S. government plunges headlong into new high-tech surveillance technologies, such as its massive new million-square-foot "Utah Data Center," under construction in rural Utah for the National Security Agency. The facility is designed to help protect cyberspace, NSA official have said. But Wired Magazine published a cover story earlier this year arguing that the facility will be capable of monitoring every email and text message sent around the world -- including messages to and from U.S. citizens. It is scheduled to come online in 2013.

The NSA denies that the facility will be used to spy on Americans, but it's hardly far-fetched to surmise it will have such capabilities. 

Explosion of such technological capabilities is why clarifying digital Fourth Amendment rights is so critical, Crump said.

"No data is more personal than email correspondence," she said. "Email is deeply personal and private. It is an unfiltered view of our thoughts and a catalog of our relationships stretching back for years. Government agents should not be allowed to troll through all of our most private correspondence without proving to a judge that they have probable cause to believe that a search will turn up evidence of a crime."

 *Follow Bob Sullivan on Facebook.
*Follow Bob Sullivan on Twitter.