By Max A. Cherney, Reveal

Walter Baronowski didn’t think there was anything peculiar about a couple of guys renting his mother’s Florida house. He was relatively new to vacation rentals and managing the investment property, listing it on sites such as Airbnb and Expedia Inc.-owned HomeAway. Last-minute rentals weren’t a frequent occurrence, but it was, after all, Thanksgiving week, and Baronowski figured the two guys wanted to get away.

The men sounded normal over the phone and a brief back-and-forth through HomeAway’s messaging service. Plus, they were paying about $4,000 to book the place for the weekend, and the cash had arrived in his mother’s account. Nothing appeared awry with the rental until Baronowski’s cleaning guy arrived to find the place had been burglarized.

Baronowski’s erstwhile guests had broken into locked closets and storage areas and purloined what he later determined was more than $6,000 worth of property. A handgun, dumbbells, even his mother’s luggage were among the missing items, as well as one of Baronowski’s backup credit cards and several checks stolen from the middle of a checkbook.

“When I spoke with the people, they sounded normal, they checked into the property, and there were no red flags until they checked out,” Baronowski told Reveal from the Center for Investigative Reporting. “I didn’t learn until later that they paid on two separate credit cards with two separate names.”

Horror stories such as Baronowski’s – including trashed units and evendeaths – have been percolating in the American consciousness as Silicon Valley’s so-called sharing economy companies have turned inefficiencies into fortunes.

Although burglary by guests is decidedly rare, Baronowski’s experience serves to highlight how consumer habits have yet to catch up with the underlying complexity of the sharing economy. And it serves as yet another reminder that it’s worth reading the fine print of Silicon Valley’s promise to change the world with websites, clicks and apps.

Neither Baronowski’s homeowners insurance nor HomeAway would cover the theft.

Unlike tech giants’ preference to “move fast and break things” – to quote an old Facebook company motto – the insurance industry is lumbering toward new policies that help home sharers. As a result, what’s available is a motley bevy of policies that often contain vast differences in terms of what is and is not covered, according to the trade group Insurance Information Institute and representatives from four insurance companies.

“Many people kind of know they should talk with their insurer but don’t want to because they’re afraid it will cost them more,” Insurance Information Institute spokeswoman Janet Ruiz said in a phone interview. “That’s the wrong approach. You should talk to your agent so you know what to expect if something happens.”

Many homeowners and renters insurance policies, however, don’t cover frequent short-term rentals, which for the insurance industry would be classified as a business and thus require commercial insurance.

In a prepared statement, MetLife spokesman David Hammarstrom said the company is “working on creating specific policy language that will address home sharing, which did not exist at the time our current policies were created,” but he did not provide a time frame for when that would be implemented. Currently, MetLife’s homeowners policies do not, in general, cover home sharing, he wrote.

But Ruiz said some homeowners wouldn’t require additional coverage if a property is rented for just a few days every year. And so long as a unit isn’t listed beyond that threshold, the policy may cover burglary and damages, among other things – but coverage for lost rental income is less likely.

“Generally speaking, liability and property insurance coverage is provided (subject to all policy provisions) if you do a one-time short term rental of your home while you are not residing in the house at the time of the rental,” State Farm spokesman Sevag Sarkissian wrote in a prepared statement, adding that renting a room while still occupying the rest of the home likely would be covered by the homeowners policy.

To bridge the gap in insurance, other companies are experimenting with new kinds of coverage that are much cheaper than a commercial policy. In August, Allstate launched a pilot program in six states – Arizona, Colorado, Illinois, Michigan, Tennessee and Utah – that for $50 per year adds additional protection for home sharers, and Allstate spokesman Justin Herndon said the company plans to add another half-dozen or so states in early 2017. The pilot policy would have protected Baronowski from the burglary.

For its part, HomeAway offers insurance through CBIZ, a third-party, publicly traded financial firm, that would cover renter burglary, among other things. Because his mortgage has a homeowners insurance policy, Baronowski said he didn’t think he needed it.

Airbnb offers guarantees – but not theft insurance – that aim to protect hosts from the existing holes in insurance coverage. But those too have fine print that excludes certain items and is not a contractual obligation. The Insurance Information Institute and insurance companies such as Allstate believe it’s important to add a home-sharing policy, just in case.

“Airbnb has limits on what they’ll cover, and you need to know what Airbnb will really cover and when,” Ruiz said. “And you need to know what your insurance will cover and when.”

For academics, the issue of fine print is decidedly straightforward. Arecent paper titled “The Biggest Lie on the Internet: Ignoring the Privacy Policies and Terms of Service Policies of Social Networking Services,” by Jonathan Obar of York University and Anne Oeldorf-Hirsch of the University of Connecticut, used empirical evidence to demonstrate what has become the conventional wisdom.

“There’s a culture of not reading these policies. In some cases, companies are assuming that people are going to skip policies. And for their part, people don’t think anything is going to happen to them if they do.”— Assistant Professor Jonathan Obar, York University
Focusing on the privacy policy, the authors presented a fake social network with some jarring policies for users – giving up their first-born child and handing data to the National Security Agency directly, for example – and observed what happened when students signed up.

The results do not bode well for our future.

Of the students asked to sign up for the new social media site, 74 percent skipped the privacy policy altogether. Those who did read the fine print spent 73 seconds on the privacy policy and 51 seconds on the terms of service – which, respectively, should have taken 30 and 16 minutes, on average, to read.

“There’s a culture of not reading these policies,” Obar said in a phone interview. “In some cases, companies are assuming that people are going to skip policies. And for their part, people don’t think anything is going to happen to them if they do.”

Aleecia M. McDonald, a nonresident fellow at Stanford University’s Center for Internet and Society, suggests fine print is “stuffed in our faces so often” that people have become desensitized to its importance. We see it as another interruption. In a 2008 paper, McDonald and Lorrie Faith Cranor, a professor at Carnegie Mellon University, estimated that reading only the privacy policy (not including terms and conditions) of major sites people visited over a year would take an average of about 200 hours.

But even taking the time to read the documents entails several more hurdles.

“To understand these documents, you have to be a geek, a wonk and a nerd,” she said, referring to the amount of legal and technical jargon. To further complicate the documents, many of the companies hedge claims by using what McDonald called “weasel words,” which are effective at encouraging people not to take action.

Although McDonald agrees it’s ridiculous to expect Americans to read every privacy policy, reading the terms of a couple of websites used for a vacation rental site, or paying an attorney to do so and explain it, is not outrageous.

“While we’ve been trained out of reading these terms of service – it’s like yes, yes, yes, get out of my face – this is a time people really need to pause and think about what could go wrong,” McDonald said.

For his part, Baronowski readily admits that he assumed HomeAway would do more than it agrees to and that he didn’t read its policies closely. He also made the assumption that HomeAway would offer the same level of protection for its hosts as its rival, privately held Airbnb, which, according to spokesman Nick Shapiro, would have reimbursed Baronowski for the stolen property and the loss of rental revenue. Baronowski said he knew Airbnb offered some form of protection in addition to the security deposit, but not the details.

HomeAway places the burden of payments on the person renting out his or her property. In an emailed statement, HomeAway Chief Services Officer Jeff Mosler told Reveal that it suggests that the host talk on the phone with the guest, verify the person’s identity via internet searches and get a copy of his or her identification, among other things.

“As part of the client services agreement to sign up for HomeAway Payments,” Mosler wrote, “owners and property managers appoint Yapstone as a limited partner to provide online payment services. In this relationship, owners and property managers still maintain liability for chargebacks.”

Contract aside, Baronowski doesn’t think the company handled his situation appropriately. In addition to the stolen property, Baronowski also was out rental income of about $3,000 and a security deposit of $1,000. That’s because HomeAway doesn’t collect the cash itself, but rather works with a third party, YapStone, to process payments – and YapStone figured out, too late, that the credit cards used by the burglars were stolen. Although HomeAway markets the payments service asHomeAway Payments, the company wouldn’t handle Baronowski’s service inquiry, referring him to YapStone.

YapStone did not return a request for comment.

Both HomeAway and YapStone invest in fraud detection and prevention technology and operations, but risks still exist, which is why HomeAway recommends the additional security measures, according to Mosler.

In Baronowski’s email exchanges with YapStone customer service, reviewed by Reveal, the company refused to compromise. It was Baronowski’s responsibility to ensure that the renters weren’t fraudsters, YapStone reps told him – and to investigate the potentially mishandled transaction, they would charge him an additional $25 fee for each one.

“If I’m paying for transaction processing, I expect to get something for the service. Isn’t fraud protection a part of that service?” Baronowski said. Although YapStone eventually waived the fee, Baronowski never got the rental income.

“They were just so rude about it,” he said. “They didn’t help with anything. They didn’t even offer an apology. For a multibillion-dollar company (parent company Expedia), it would have been nothing.”

Speaking with Reveal, HomeAway spokesman Jordan Hoefar reiterated that the company’s terms spell out that it does not bear the responsibility to reimburse hosts for losses and encouraged Baronowski to work with local law enforcement to recover his property. Baronowski filed a police report, but Fort Lauderdale police did not return Reveal’s requests for comment about progress on the case.

Additionally, because HomeAway doesn’t process the payments directly or see the revenue flow through its own accounts, it has no mechanism to reimburse Baronowski for the lost sales, according to spokesman Hoefar.

Airbnb, HomeAway and other vacation rental firms insist that incidents such as burglary or a home being trashed are rare. “Of the millions and millions of travelers, we’re talking about percentages of percentages,” Hoefar said. Airbnb echoed the sentiment, citing millions of successful bookings and relatively few issues.

The anecdotal evidence, what little is public, appears to bear out what the vacation rental firms insist: Reveal did not find an issue like Baronowski’s that was logged with the Better Business Bureau for HomeAway. That’s not to say that vacation rental firms didn’t have their share of complaints.

For example, hundreds of similar issues have been filed with the Federal Trade Commission, according to documents obtained by Reveal through the Freedom of Information Act, and the Better Business Bureau received hundreds of complaints for both Airbnb and HomeAway. And in Airbnb’s case, there is a website dedicated to horror stories from both hosts and guests.

As of publication, Baronowski says that, conservatively, he’s spent about 200 hours dealing with the aftermath of the burglary, following up with police and dealing with customer service at HomeAway and YapStone, as well as financial institutions. He’s frustrated by the situation but, aside from costly and lengthy litigation – which, because of the terms, he very well might lose – he has little recourse.

“Baronowski is trapped in a time where we’re still figuring out the edges,” McDonald said.