Consumers Union is maintaining a list of key federal identity theft proposals here. The list describes bill status (ready for floor, in committee, etc) and summarizes its provisions, including whether it preempts stronger state laws.

MASSPIRG and U.S. PIRG have joined a variety of public interest and media reform organizations in support of an FCC petition by Continental Airlines (also backed by a wide variety of other business organizations) urging rejection of a request by the Massachusetts airport authority, or MASSPORT, to use trumped-up public safety concerns to seize monopoly control of wireless (wi-fi) deployment at Logan Airport. An FCC ruling for MASSPORT could grant similar undeserved authority to any and all landlords (and incumbent providers as well) to block innovation and competition. MASSPORT's request, if granted, could have broad negative repercussions in the deployment of community wireless networks and other unlicensed and licensed uses of spectrum everywhere. Excerpts from our filing:

...the implications of this proceeding go far beyond airport applications and could affect literally millions of business users of unlicensed spectrum. Moreover, the implications extend far beyond the applications that are the focus of this proceeding. Last year alone more than 1 billion RFID devices and 100 million Bluetooth devices were sold in the U.S.; these and many other unlicensed devices, such as cordless telephones – some of which operate in the same band as WiFi - could all be affected by this proceeding and the dangerous precedent it could set...

...The Commission is charged under Section 1 of the Communications Act of 1934, as amended "to make available, so far as is possible, to all the people of the United States … a rapid, efficient, Nation-wide … radio communications service with adequate facilities at reasonable charges." For more than two decades the Commission has been making the presumption that reasonable competition was the best way to further this goal and the burden has been on those opposed to competition to show why monopolies are in the public interest. Massport has failed to do so.

As a consequence of the Commission’s pro-competitive policies in management of Part 15 devices, the unlicensed spectrum market is witnessing explosive growth and innovation.

The public interest filing was prepared by Jim Snyder of New American Foundation and Harold Feld of Media Access Project.

Over at his blog, Concurringopinions.com -- GWU law professor and privacy expert Daniel Solove has an excellent commentary on the FTC's settlement with ChoicePoint.

Professor Solove is co-author, with Chris Hoofnagle of EPIC, of a December 2004 ChoicePoint complaint to the FTC. That complaint largely focuses on ChoicePoint's unregulated sale of data broker information products. The settlement did not address this. We (previous post) and others, including Rep. Ed Markey (D-MA), have also criticized the failure of the settlement to reach this important issue.

Professor Solove's post makes the following and other points:

1. The settlement might not have been possible were it not for the California security breach disclosure law (SB 1386, codified at Cal. Civ. Code § 1798.82(a)) that required ChoicePoint to disclose its security breach. Currently, data brokers are trying to get Congress to pass a very weak and narrow security breach notice provision that preempts stronger state laws...A weak preemptive federal disclosure bill will wipe away much stronger protection in many states. The very kind of disclosure law that made the FTC settlement possible might be nullified if Congress passes the data "protection" laws that the data brokers want...

2. The FTC complaint and settlement illustrates why it is important to have data brokers regulated under the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681. FCRA, the law upon which the FTC's complaint was premised, regulates consumer reporting agencies...These databases have yet to be regulated. The ChoicePoint settlement does not address the letter Hoofnagle and I sent to the FTC. Thus, although the settlement is a step forward, it does not address all of the problems caused by data brokers. Much more must be done to effectively regulate data brokers.

For Immediate Release, 26 January 2006

FTC Issues Big Penalty To ChoicePoint For Privacy Violations
Now What Will Congress Do?

Statement of Edmund Mierzwinski, U.S. PIRG Consumer Program Director

"Today, the FTC warned corporate America that it can't play fast and loose with consumer information without paying the price. More

The complaint and settlement order detail a stunningly sloppy business model at ChoicePoint, which was ordered to pay a record $10 million civil penalty and $5 million in consumer restitution for selling credit reports and other confidential information to identity thieves, for violating its privacy promises and for failing to have any sort of adequate data security program, especially for a firm with billions of consumer records in its files.

But the FTC is only part of our system of privacy protection. The states play a critical role as well. We only learned of the ChoicePoint breach following passage of California's pioneering security breach notice law, which ChoicePoint complied with nationwide. Security breach notices are an early warning system that you may become a victim of fraud or identity theft. Consumers also need the ability to control access to their credit reports to stop fraud and identity theft before it starts. The states are taking action. In 2005 alone, 22 more states passed breach notice laws and 8 more states, for a total of 12 so far, enacted security freeze laws that give consumers real control over who can access their credit reports.

But industry lobbyists have asked Congress to eliminate state authority to prevent identity theft. Several weak and preemptive proposals are ready for floor action but should be defeated. Further, none of the bills that are moving address the broader ChoicePoint problem. Choicepoint sells a number of data products that are unregulated, that consumers can neither look at nor correct by law, or sue ChoicePoint themselves if they are sold improperly and damage the consumer. Congress needs to regulate these unregulated data brokers. The states have already solved the breach notice problem."
-30-
U.S. PIRG is the federal lobbying office for state Public Interest Research Groups. PIRGs are non-profit, non-partisan public interest advocacy groups. PIRG's consumer pages are linked from the regularly-updated and searchable PIRG Consumer Blog at http://www.uspirg.org/consumer.

Toast the Earth: The PIRG-backed Exxpose Exxon Campaign has a new flash video, with some musical help from the band the Austin Lounge Lizards. The video shows ExxonMobil executives "Toasting the Earth" (pun intended) in celebration of its record-breaking 2005 profits. See the video and take action to stop global warming. PIRG's Global Warming pages here.

The FTC has imposed a $10 million civil penalty and ordered the data broker ChoicePoint to pay consumers $5 million in restitution to settle extremely detailed charges of sloppy practices that violated both the FTC Act and the Fair Credit Reporting Act. The complaint alleges that (so far) there are at least 800 known cases of identity theft stemming from ChoicePoint selling at least 163,000 consumer records to identity thieves. We'll have a release later today. A few excerpts from the complaint may answer your questions about just how one of the biggest and most sophisticated data brokers in America sold confidential dossiers, Social Security Numbers and regulated credit reports to identity thieves: MORE:

b. ChoicePoint accepted as verification of certain application information (e.g., business address) documents that otherwise called into question the authenticity of the applicant's business or the reliability of information supplied by the applicant, such as a utility statement showing a delinquent account or a telephone statement showing billing at a residential, rather than a business, rate;

g. ChoicePoint accepted and approved, without further inquiry, the applications of subscribers notwithstanding the fact that ChoicePoint's own internal reports on the applicant linked him or her to possible fraud associated with the Social Security number of another individual.

14. ChoicePoint also failed to monitor or otherwise identify unauthorized activity by subscribers, even after receiving subpoenas from law enforcement authorities between 2001 and 2005 alerting it to fraudulent accounts, and even when its own experiences with the subscriber should have raised doubts about the legitimacy of the subscriber’s business.

Some of ChoicePoint's products actually are strictly regulated credit reports (called consumer reports in the law):

b. Continuing to furnish consumer reports to a subscriber when the subscribe's telephone had been disconnected, the business address of the subscriber was found to be incorrect, the credit card number provided by the subscriber for payment to ChoicePoint was in the name of an individual not associated with the subscriber's ChoicePoint account, the subscriber made multiple changes of address and/or telephone numbers over a short period of time, and the subscriber made payments to ChoicePoint solely by commercial money orders drawn on multiple issuers;

21. In numerous instances, ChoicePoint has furnished consumer reports to subscribers under circumstances in which ChoicePoint had reasonable grounds for believing that the reports would not be used for a permissible purpose.

ChoicePoint has failed to implement reasonable procedures, such as site visits, audits, or other verification, for users who typically have both permissible and impermissible purposes for using consumer reports (such as attorneys, insurance companies, private investigators, detective agencies, and protective service firms) to ensure that such users were using consumer report information for permissible purposes only.

You can read the full complaint and settlement order here. Previous blog on these issues.

Yesterday, the FTC released its list of Top Ten fraud complaints for 2005: "Complaints about identity theft topped the list, accounting for 255,000 of more than 686,000 complaints filed with the agency in 2005." The study finds more than a third of complaints to the FTC are about identity theft (which includes credit card fraud). We still need to enact tough laws to prevent the crime.

I am sure industry will claim that the data can be parsed to show no new laws are needed (except weak federal laws trumping tiresome state authority, of course). Actually, here are the facts from the report: New credit card accounts are 15.6% of the misuse of victim's info, down only slighly from 2004, when it was 16.5%. Attempted (but unsuccessful) ID theft, by contrast, is steady at 6%. New utility, phone, and wireless accounts were 19.7%, down only slightly from 2004's 20.3% Clearly, after-the-fact fraud alerts don't work. We need to give consumers before-the-crime-starts control of their information through the security freeze. See previous blog.

The FTC has a news conference scheduled for 11 am to impose a multi-million dollar penalty against an unnamed company that failed to protect data security. Chris Conkey of The Wall Street Journal reports this morning that Choicepoint is the one. We only know about the millions of consumers whose financial lives have been put at risk of identity theft and fraud because of a pioneering California security breach notice law that is being complied with nationally (22 more states in 2005 passed their own new laws). The only way consumers can protect themselves against identity theft is to place a security freeze on their reports (12 states now have laws). (Our regularly updated list of state breach notice and free laws is here.) We need to watch Congress diligently as it continues to consider weak industry-friendly breach and freeze laws that would eliminate state authority to protect privacy and prevent identity theft.

All consumers should have the right to take control of their financial DNA by using a consumer-friendly and low-cost security freeze, as a new NJPIRG-backed law provides. Strong breach notice requirements without weak discretionary "risk triggers" should apply to all data collectors. Another question remains: What, if anything, is being done to affirmatively and comprehensively regulate all the business practices of ChoicePoint and other data brokers? More here from PIRG. Here's EPIC's ChoicePoint page; EPIC filed an FTC complaint on privacy-unfriendly business practices of ChoicePoint and other unregulated data brokers in December 2004. Will the FTC order also address data broker practices, or only the relatively narrow issue of data security and the ChoicePoint breach?

This PIRG Consumer Blog category archive (Protecting Privacy) keeps track of the threats to American's privacy and this one (States: Laboratories of Democracy) keeps track of Congressional, court and Bush administration threats to immunize wrongdoers from strong state requirements to protect health and safety, privacy, and other fundamental rights.

[27 Dec 2006-corrected bad URLs] (A few additional lines added, 24 January 06) This month, the Electronic Frontier Foundation annnounced a settlement with Sony Music over the inclusion of pernicious and dangerous copy-protection schemes (Mediamax or XCP) on millions of music CDs (settlement FAQs from EFF). (I have personal experience, see below.) Before you seek to play (let alone copy) one on your computer, Mediamax automatically loads a spyware-enabled Digital Rights Management (DRM) program -- bad enough, but wait, there's more: experts say the spyware also is so poorly designed that it exposes your computer to dangerous Internet worms. Good to hear about the EFF settlement, although an ongoing EPIC lawsuit seeks greater privacy protection. Here's my sad story as an involuntary Sony consumer guinea pig, with I hope a happy ending. More:

I should know better. Despite a greater level of DRM knowledge than the average consumer (I've blogged on the Sony DRM debacle), I foolishly loaded Z, the new CD by My Morning Jacket into my computer without reading the label (until DRM, who knew?). Big mistake. Almost before the CD drawer had finished closing, the CD dumped a load of trouble into my machine. Then, up popped a so-called EULA (End User License Agreement) from Sony's spyware/DRM program asking me if I accepted its MediaMax software terms limiting my fair use rights to hear or copy my music and forcing me to agree to let Sony spy on me to verify my compliance. No word about opening the door to dangerous Internet worms.

Of course, a dollar short and a day (actually only two seconds) late, I voted no and ejected the CD. Not good enough since the Big Brothers at Sony installed the software first, without asking. A EULA works that way generally -- it's the common one-sided take-it-or-leave-it software contract that you don't see until after you open the shrinkwrap and stick the disk in your machine. According to EFF:

Problems with MediaMax
The MediaMax software, which is included on over 20 million Sony BMG CDs, has different, but similarly troubling problems [to XCP's problems, also explained]. It installs on the users' computers even if they click "no" on the EULA, and does not include a way to uninstall the program. The security issue involves a file folder installed on users' computers by the MediaMax software that could allow malicious third parties who have localized, lower-privilege access to gain control over a consumer's computer running the Windows operating system. The software also transmits data about users to SunnComm through an Internet connection whenever purchasers listen to CDs, allowing the company to track listening habits -- even though the EULA states that the software will not be used to collect personal information and SunnComm's website says "no information is ever collected about you our your computer."

So I checked my computer's program files/common files directory and, indeed, there was a folder full of trouble. Well, after corresponding with EFF and perusing the Sony and SunnComm/MediaMax (its spyware/DRM contractor) sites, I determined that the second release (22 Dec) of the uninstaller should work but that the 6 December patch and the earlier 16 Dec uninstaller wouldn't work and could cause more trouble. So I decided to run uninstaller #2 in Firefox, my preferred browser. No go. Had to load up Microsoft Internet Explorer and enable Active-X (generally a bad security idea). But it appears to have worked-- after a while my computer burped up the mess and the directory no longer is present. More information from Sony about the uninstallers and the settlement is here.

No consumers should ever have this sort of hassle. I assure you that many consumers have not gone to the trouble I did and very likely still have the mess on their machines. Web privacy is difficult to maintain. Problems exist, both large and small. Not knowing about or having any real control over what others are loading on your machine, or what kinds of spying you are agreeing to if you merely visit a US government website (persistent cookies) or join a Yahoogroup (it even tracks non-subscribers who correspond with Gmail users) are a few other examples of the numerous surveillance issues that the web has created. Of course, as many have noted in blog posts and news stories about Google's resistance to the government's recent information demands: well, if companies didn't collect so much information about us in the first place, it wouldn't matter so much. The Department of Justice has subpoenaed Google, seeking millions of Internet search records. From the upstate New York Times Herald Record:

"If Google didn't have this data, the DOJ wouldn't be able to subpoena it," said Rebecca Jeschke, a spokeswoman for the Electronic Frontier Foundation. "People don't know that Google is keeping this information. This seems to be creeping a lot of people out."

We're part of a Media and Democracy Coalition seeking to ensure that our communications policies serve the interests of consumers, citizens and competition, instead of kow-towing to the self-serving demands of telecommunications and media monopolies. As Congress and the FCC consider myriad proposals to amend or interpret telecommunications laws, one of the biggest challenges will be preserving "Net Neutrality" -- essentially, preserving an open Internet by preventing price or content discrimination by network carriers. As FCC Commissioner Michael Copps has stated:

We need a watchful eye to ensure that network providers do not become Internet gatekeepers, with the ability to dictate who can use the Internet and for what purpose.

want to create entirely new categories of fees that risk destroying the anyone-can-publish culture of the Internet. And they are lobbying for legislative protection of their meddling with the Internet content that runs through their pipes. These are not good ideas. More:

What's at stake is the future of the Internet. It wasn't built by the Baby Bells, or the cable companies, and it has flourished as a marketplace of new ideas under the simple rule that anyone could hook up and pitch new cultural or political ideas or invent new communications products and hook them up, without going through a gatekeeper that controlled how fast their content was distributed or who could access it. As Stross explains:

the superabundance of content in the Internet's ecosystem is best explained by its organizing principle of "network neutrality." The phrase refers to the way the Internet welcomes everyone who wishes to post content.

Consumers, in turn, enjoy limitless choices. Rather than having network operators select content providers on our behalf - the philosophy of the local cable company - the Internet allows all of us to act as our own network programmers, serving a demographic of just one person.

Today, the network carrier has a minor, entirely neutral role in this system - providing the pipe for the bits that move the last miles to the home. It has no say about where those bits happened to have originated. Any proposed change in its role should be examined carefully, especially if the change entails expanding the carrier's power to pick and choose where bits come from - a power that has the potential to abrogate network neutrality.

Of course, the Internet isn't perfect, (U.S. Internet is frightfully slow as numerous commentators have pointed out, e.g., see Stross above and see a recent post to the Lessig blog), but allowing the Bells and the cable companies to change its structure in their own image is the wrong way to go. Our coalition is watching Congress closely, especially a bill draft expected to be considered soon in the House Energy and Commerce Committee. (My previous blog on the lobbying in Congress. By the way, I hear BellSouth disputes the New Orleans story I mention.)

For more information on net neutrality and open access to the Internet, and on balanced communications policy generally,I urge you to check out any of the following must reads: See Stanford law professor Larry Lessig's blog generally; it also links to excerpts from his seminal books on the Internet, its architecture and its stimulation of culture, including Code and Other Laws of Cyberspace. I also recommend Jeff Chester over at the Center for Digital Democracy (see his papers on Open Access and on the Supreme Court's Brand X decision), Tim Karr from Free Press and his personal MediaCitizen blog, especially the entry All Your Broadband Are Belong To Us, and Harold Feld's (lawyer for the Media Access Project) personal blog, Tales of the Sausage Factory. If you really want to dig deep, see the 472 page volume Open Architecture As Communications Policy: Preserving Internet Freedom in the Broadband Era, edited by Mark Cooper, research director of the Consumer Federation of America and a fellow at the Stanford Center for Internet and Society. PIRG's Media Reform pages are here.

The Food and Drug Administration, once known as the world's gold standard for safety, is now simply the latest Bush administration agency to assert, apparently for political reasons, that it knows best when it comes to protecting the public, and that the states and their stronger laws can take a seat on the sidelines. According to the Wall Street Journal (14 January 06) in the story FDA Plan Would Aid Drug Makers In Liability Suits: Agency's Approved Labels Would Pre-empt State Law; Plaintiffs' Lawyers Object:

Inclusion of the new FDA policy in the long-awaited drug-labeling rule has sparked disagreements between FDA career officials and Bush administration appointees, according to people with knowledge of the matter.More:

In 2004, the Office of the Comptroller of the Currency (OCC) issued two sweeping rules restricting state authority over national banks and their operating subsidiaries (our website OCCWatch here). In fall 2005, the National Highway Traffic Safety Administration (NHTSA) proposed a rule similar to FDA's: car and truck manufacturers would be immunized from state tort claims if their vehicles meet its modest safety tests (previous blog).

The FDA's proposed rule is designed to give drugmakers protection from state law claims in court if a drug's warnings meet FDA's standards, no matter how weak they are. The Journal explains:

The policy could help companies argue they weren't required to warn consumers about a potential risk when the FDA had determined that the safety issue didn't warrant inclusion on a medicine's label. The new policy, which would address state liability statutes, has been written into a broad new drug-labeling rule that is likely to be issued shortly, according to people with knowledge of the matter, though the rule has been repeatedly delayed.

[Update 2/07-corrected bad url] Kudos to the Federal Trade Commission (and, I understand, several consumer attorneys) for filing court papers (FTC filing here) opposing a proposed settlement of a lawsuit alleging that Netflix used unfair practices. In a previous blog, I've detailed how the settlement would allow Netflix to use a sordid negative option or "free-to-pay" scheme (one that's actually banned for telemarketers because it is so anti-consumer and deceptive) to increase revenue at the expense of its customers, while our supposed champions, the lawyers, would take up to $2.5 million in cash. From the FTC release:

...the FTC has two basic concerns with the Netflix settlement. First, the settlement would serve more as a promotional vehicle for Netflix, than a means of providing redress to consumers, and could leave some consumers in a worse position than if they had decided not to participate. Second, the notice to class members does not adequately inform them about the existence of the negative option and the settlement agreement, does not require disclosure of the terms of the negative option plan, and fails to specify how consumers can cancel once they are enrolled.

I recently noted that Tamara Draut of Demos has a new book Strapped out later this week (my previous blog) analyzing the growing debt burden on twenty-somethings. Another important commentator on youth and debt is Anya Kamenetz, whose new book Generation Debt: Why Now Is A Terrible Time to Be Young will be out next month. This week, Anya's Village Voice column Shadie Sallie: An inside look at what Bush has done to your student loan critiques the political role of the student loan gatekeeper and Washington powerhouse Sallie Mae. More:

Sallie has helped keep student loan prices high by a series of actions undermining the Clinton Administration's Direct Student Loan program. DSL offers healthy, low-cost competition to the guaranteed loan program, which, instead of guaranteeing that students get adequate low-cost loans, generally guarantees banks (and secondary market servicers like Sallie), excess profits at the expense of taxpayers and students. In addition to numerous efforts aimed at gutting the DSL program in Congress, Sallie Mae has stepped inside the agency that runs it. From the VV column:

At least seven former employees, attorneys, or lobbyists for Sallie Mae have received high-ranking federal appointments to the Department of Education since 2000...Besides simply not promoting the Direct Loan program, the Bush-era Department of Education has taken concrete steps to dismantle it.

The Wal-Mart campaigners over at American Rights at Work have a new flash video Friends With Low Wages, and it "stars" Garth Brooks, in a parody appearance, of course.

“We are encouraging the public to find out the truth about Wal-Mart’s unionbusting ways and speak out against its ruthless tactics,� said Mary Beth Maxwell, Executive Director of American Rights at Work.

The PIRG-backed Americans for Insurance Reform has a new report (release) attacking the insurance industry for its poor Hurricane Katrina response:

The case studies contained in The Insurance Industry’s Troubling Response To Hurricane Katrina, were gleaned from hundreds of calls that came into AIR’s Katrina Insurance toll-free hotline, established on September 12, 2005. This unprecedented hotline allowed AIR to monitor complaints, refer them to government officials where appropriate, and keep records of hurricane-related insurance problems.

Watch your local bookstore for copies of our credit reform colleague Tamara Draut's new book Strapped: Why America's 20- and 30-Somethings Can't Get Ahead. Tamara runs the Economic Opportunity Program over at the think tank Demos.

From the promo: Strapped offers a groundbreaking look at the new obstacle course facing young adults - the under 35 crowd - as they try to build careers, buy homes and start families. As Tamara Draut explains, getting ahead is getting harder. A college degree is the new high school diploma - but it now costs a fortune to get that degree and students graduate with crippling debts. Good jobs are scarcer...And, the cost of everything ... keeps going up and up. Budding families, even those with two incomes, struggle to pay the bills, while Visa and Master card have become the new safety net. Young adults are starting behind the financial eight ball -- borrowing their way into adulthood and wondering whatever happened to the American Dream.

Over at Alternet, author Howard Karger has a nice piece on the Reverend Al Sharpton apparently withdrawing his recent endorsement of a predatory auto title pawn lender (my previous blog).

Our appearance Saturday morning talking about credit card issues on C-Span Washington Journal is available to watch on the web, at least for a few days. Go to that link and scroll down to January 7th, or search on "Mierzwinski" for the correct clip. You may need to skip to the second page. Previous blog has credit card details. Hint: C-Span archives on the web are great. But, the first time I tried to play a show from its archive, I found I had to go to their help page and properly configure my Realplayer's "real-time streaming protocol." It was easy, once I found the help.

Building on research by EPIC, Illinois Governor Rod Blagojevich and Illinois Attorney General Lisa Madigan, backed by Illinois PIRG, have proposed [Chicago Tribune story] legislation to fight identity theft and protect privacy by restricting the use of "pretext phone calls" by private investigators. From the governor's release:

[The legislation would] crackdown on the unauthorized release or sale of phone records and other private information by brokers and phone companies. According to the Electronic Privacy Information Center (EPIC), Illinois would become the first state in the nation to fight “pretexting,� which is pretending to be the account holder, or have authorization to access an account, to obtain cell phone records, long distance call records and other personal records, such as GM OnStar information.

(EXCERPT) Dylan Ratigan (Host): Does your client, the people that your client hires, to get these records, do those people lie to the phone company, misrepresent their identity, in order to obtain the records that your client then resells?

Slade: In all likelihood, yes, but I wouldn't characterize it as lying. It's what's called a pretext call...

Ratigan: Well come on, come on Larry...

Slade: It's what's called a pretext call...

Ratigan: It's called a lie...It's a lie, Larry.

I'm scheduled to appear on a live call-in edition of C-Span Washington Journal tomorrow, Saturday morning, 7 January from 9:30 am - 10 am, Eastern, to talk about rising credit card minimum payments. Then, I'll be talking about the same issue on CNN In The Money Saturday afternoon at a little after 1:30 or so for a segment (show is 1-2pm Eastern) and then the CNN show repeats Sunday at 3pm.

I'll put up up a longer post on this issue-- but here's the short version: Banks have raised minimum payments in response to regulatory action (previous blog) but have not been required to double them from 2 to 4% of the principal owed. The basic regulator rule is that minimum payments must include all new finance charges (interest) and any penalty fees, and must also reduce your principal by 1%. This will result (with no penalty fees) in an increase in payments, but nowhere near a doubling. Over the last twenty years or so, to increase profits from interest payments, most banks reduced minimum payments to about 2%, with the kicker that new interest was included. So, if you had a penalty interest rate of 24% APR, which computes to a 2%/month interest rate, your payment equals only your new interest, and there is no reduction in principal. Under this new rule, there will at least be some reduction in principal every month. You're still much better off paying more than the minimum -- pay as much as you can afford, if you cannot afford to pay the full balance each month.

On 22 December 2005, Pennsylvania Governor Ed Rendell approved SB 712, to provide for security breach notification. PennPIRG didn't support the bill and asked the Governor to veto it. It suffers from the same flaws as most federal proposals-- its exceptions are broad and its threshold, or trigger, before notification to consumers is required, is too high, way too high. It is so high, it is possible that the law won’t result in any notices at all:

The unauthorized access and acquisition of computerized data that MATERIALLY compromises the security or confidentiality of personal information maintained by the entity as part of a database of personal information regarding multiple individuals and that causes or the entity reasonably believes has caused or will cause loss or injury to any resident of this Commonwealth.

Rent-to-own stores promise the American dream of ownership then snatch it away with usurious anti-consumer contracts. New Jersey's long-running cold war to keep rent-to-own stores covered by its 30% APR criminal usury statute has gone hot again. The Associated Press reports that Hilda Perez

had rental agreements on furniture, a television and computer while still paying off the initial obligation. When she fell behind on the $167 weekly payments after shelling out more than $8,000, Rent-A-Center sued to repossess the goods, and Perez fought back. Her lawyer filed a class-action countersuit claiming that Rent-A-Center violated consumer fraud law by charging more than 30 percent interest. With her case pending before the state Supreme Court, Perez recently testified before the Assembly Consumer Affairs Committee against a bill regulating rent-to-own purchases. The proposal could be voted on before the current legislative session ends on Jan. 9.

The predatory rent to own industry went state-by-state in the 1980s and early 1990s (the predatory payday lenders are trying with mixed success to copy that playbook), and succeeded in enacting industry-approved rules in about 46 states that allow it to charge usually undisclosed triple-digit interest rates in impossible-to-finish typically 78 week contracts to purchase furniture, televisions and other household goods. New Jersey has the strongest law against rent to own (PIRG backgrounder), and NJPIRG, AARP and the Consumers League of NJ (CLNJ documents on the fight here) are girding for the next legislative vote, which could occur next week.

The Seattle Times has a story Sunday Credit-card rule changes may break your back with a much stronger emphasis on credit card tricks.

Among credit-card disadvantages for consumers: One card can have several interest rates at one time. And terms of your cards can change at any time based on how you pay your other bills. "Credit cards offer convenience, credit cards offer emergency life preservers," said Ed Mierzwinski, a consumer advocate with WashPIRG's national office. "If you start to use your credit card for daily expenses, and you start paying for pizza at 18 percent interest — do the math."