The White House has erased all mention of the Privacy and Civil Liberties Oversight Board from its Web site. The removal, which was done wth no public notice, has underlined questions about the Obama administration's commitment to the board, which was created on the recommendation of the 9/11 Commission to oversee the federal government's actions on civil liberties and privacy.

Climbing into his Volvo, outfitted with a Matrics antenna and a Motorola reader he'd bought on eBay for $190, Chris Paget cruised the streets of San Francisco with this objective: To read the identity cards of strangers, wirelessly, without ever leaving his car. It took him 20 minutes to strike hacker's gold. Zipping past Fisherman's Wharf, his scanner detected, then downloaded to his laptop, the unique serial numbers of two pedestrians' electronic U.S. passport cards embedded with radio frequency identification, or RFID, tags. Within an hour, he'd "skimmed" the identifiers of four more of the new, microchipped PASS cards from a distance of 20 feet. Embedding identity documents - passports, drivers licenses, and the like - with RFID chips is a no-brainer to government officials. Increasingly, they are promoting it as a 21st century application of technology that will help speed border crossings, safeguard credentials against counterfeiters, and keep terrorists from sneaking into the country. But Paget's February experiment demonstrated something privacy advocates had feared for years: That RFID, coupled with other technologies, could make people trackable without their knowledge or consent. He filmed his drive-by heist, and soon his video went viral on the Web, intensifying a debate over a push by government, federal and state, to put tracking technologies in identity documents and over their potential to erode privacy. Putting a traceable RFID in every pocket has the potential to make everybody a blip on someone's radar screen, critics say, and to redefine Orwellian government snooping for the digital age. "Little Brother," some are already calling it - even though elements of the global surveillance web they warn against exist only on drawing boards, neither available nor approved for use.

In the 2002 film Minority Report, video billboards scanned the irises of passing consumers and advertised to them by name. That was science fiction back then, but today's marketers are creating digital signs that can display targeted ads based on information they extract from examining the contours of individual human faces. These smart signs are proliferating in commercial establishments and public places from New York's Times Square to St. Louis area shopping malls. They are a powerful innovation in advertising, but one that raises compelling privacy issues - issues that should be addressed now, before digital signs that monitor our behavior become the new normal. The most common name for this medium is digital signage. Most digital signs are flat-screen TVs that run commercials on a continuous loop in airports, gas stations, and anywhere else marketers think they can get your attention. However, marketers have had difficulty determining exactly who sees the display units, which makes it harder to measure viewership and target ads at specific audiences. The industry's solution? Hidden facial recognition cameras. The tiny cameras can estimate the age, ethnicity and gender of people passing by and can track how long a given person watches the display. The digital sign can then play an advertisement specifically targeted to whomever happens to be watching. Tens of millions of people have already been picked up by digital signage cameras. While camera-driven systems are the most common, the industry is also utilizing mobile phones and radio frequency identification (RFID) for similar purposes. Some companies, for example, embed RFID chips in shopper loyalty cards. Digital kiosks located in stores can read the information on the cards at a distance and then display ads or print coupons based on cardholders' shopping histories. Facial recognition, RFID and mobile phone tracking are powerful tools that should be matched by business practices that protect consu

In the 2002 film Minority Report, video billboards scanned the irises of passing consumers and advertised to them by name. That was science fiction back then, but today's marketers are creating digital signs that can display targeted ads based on information they extract from examining the contours of individual human faces. These smart signs are proliferating in commercial establishments and public places from New York's Times Square to St. Louis area shopping malls. They are a powerful innovation in advertising, but one that raises compelling privacy issues - issues that should be addressed now, before digital signs that monitor our behavior become the new normal. The most common name for this medium is digital signage. Most digital signs are flat-screen TVs that run commercials on a continuous loop in airports, gas stations, and anywhere else marketers think they can get your attention. However, marketers have had difficulty determining exactly who sees the display units, which makes it harder to measure viewership and target ads at specific audiences. The industry's solution? Hidden facial recognition cameras. The tiny cameras can estimate the age, ethnicity and gender of people passing by and can track how long a given person watches the display. The digital sign can then play an advertisement specifically targeted to whomever happens to be watching. Tens of millions of people have already been picked up by digital signage cameras. While camera-driven systems are the most common, the industry is also utilizing mobile phones and radio frequency identification (RFID) for similar purposes. Some companies, for example, embed RFID chips in shopper loyalty cards. Digital kiosks located in stores can read the information on the cards at a distance and then display ads or print coupons based on cardholders' shopping histories. Facial recognition, RFID and mobile phone tracking are powerful tools that should be matched by business practices that protect consu

Names, credit card numbers, Social Security numbers: information Daron Breinholt did not go looking for, but found Thursday morning. He took out the trash from the shoe distribution center, where he works, in the warehouse section on Salt Lake's west side. "I was just throwing away some stuff (in a dumpster) , and it was chock full of medical records," said Breinholt. "There's everything in there from canceled checks to routing numbers. They could steal a lot identities. A lot of identities were in there." At least some of the records appeared to come from Mountain Medical Center, a chiropractic office that had been in the Murray area until some months ago. Dr. Randall Malin said through his lawyer that he did not throw away records. "It's news to him," said Attorney Robert Harrison. Salt Lake Police packed away perhaps twenty boxes of papers, and said they would protect the documents, as they dug into the matter. Surveillance video, which 2News has not been able to see, reportedly showed two people who drove up in a red pickup truck Wednesday afternoon, and unloaded the materials from a trailer.

Maintaining privacy is on many people's minds these days, but sometimes that's the last thing they do. Allegations last week that two British tabloids, The Sun and The News of the World, had employed high-technology snoops to listen in on the mobile phone messages of public figures highlighted fears of what can happen when digital data fall into dubious hands. The reports came only days after another privacy debacle, this one self-inflicted. Photos and family information about Sir John Sawers, soon to be Britain's chief spy, appeared in another newspaper, The Mail on Sunday, after his wife posted them on Facebook. While attitudes toward privacy can appear paradoxical, the seeming contradiction is really about something else: control. When people bare their bodies on Facebook or their souls in the digital confessional of Google's search engine, they feel as if they are in charge. Not so, when the private embarrassments come to light unexpectedly.

The owner of a website onto which a purportedly stolen Goldman Sachs Group Inc computer code was downloaded has declined to say whether or not other people accessed the code while it was on the site. Roopinder Singh, who runs file storage website xp-dev.com, told Reuters in London on Friday that computer files show whether or not the valuable code -- which U.S. prosecutors have charged former Goldman employee Sergey Aleynikov with stealing -- was viewed by others, but he declined to say what they show due to the scale of the case. According to Singh, accounts at xp-dev.com initially have a privacy setting that only lets the user see them. However, users can change that setting to allow other people to view files. "Private is the default," he said. "You then have the option ... You can explicitly either share it (or keep it private)." He declined to say what the settings on Aleynikov's account were.

Never mind landing the job. Now people on the lookout for employment have another cause for worry: identity theft. As the joblessness rate soars, scammers are ginning up fake Web sites or posing as recruiters to trick job seekers into giving up sensitive personal information. Corneilus Allison became a potential target after he applied for a position at Aetna (AET) in January, court documents show. In hopes of securing a position at the insurer, he entered required personal information into Aetna's job Web site. In May he received a response-but it wasn't an offer of employment. Aetna instead told him that his personal information, including his Social Security number, might have been compromised. Hackers had found their way into Aetna's job application site, managed by an outside vendor, nabbed e-mail addresses of job seekers, and sent correspondence as if from Aetna asking for additional personal information.

Since Obama's landmark speech on cybersecurity in May, his administration hasn't revealed much about its long-percolating plans to shore up the government's defenses against hackers and cyberspies. But privacy advocates monitoring the initiative are already raising concerns about what they know and what they don't: the details that have trickled out--including the involvement of the National Security Agency--and the veil of classified information that still covers much of the multibillion-dollar project. "It feels like the Bush administration all over again," says Pam Dixon, executive director of the World Privacy Forum. "Not enough people know the details about these programs to have a good public discussion. We all want good security of government systems, but you have to balance the cloak and dagger elements with civil liberties."

The nation's Social Security numbering system has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual's date and location of birth.

Should individual states mandate that businesses comply with the Payment Card Industry's Data Security Standard (PCI DSS)? The answer is "yes," according to Nevada, which has passed a new law that, as of next year, requires businesses to comply with PCI when collecting or transmitting payment card information. Nevada is the first state to mandate full PCI compliance for businesses. Minnesota in 2007 incorporated only a portion of PCI in its Plastic Card Security Law. According to Nevada's new law, if a data collector doing business in that state accepts a payment card in connection with a sale of goods or services, the data collector shall comply with the current version of PCI DSS, as adopted by the PCI Security Standards Council or its successor organization, with respect to those transactions, not later than the date for compliance set forth in the Payment Card Industry (PCI) Data Security Standard or by the PCI Security Standards Council or its successor organization. Is it a Game-Changer? As states rush to adopt or strengthen privacy legislation, Nevada's move is seen by some observers as a potential "game-changer." But they question whether states should be in the business of mandating compliance with an industry standard.

A former Goldman Sachs computer programer accused of stealing secret trading codes from the investment bank was being held in federal custody on Monday, pending the posting of $750,000 bail. Sergey Aleynikov, 39, was ordered by U.S. Magistrate Kevin Nathaniel Fox in Manhattan on Saturday to post a $750,000 personal recognizance bond to be secured by three financially responsible people, according to court documents. The bond also was to include $75,000 in cash, and Aleynikov was ordered to surrender his passport and not to access the computer data at issue in the case. A preliminary hearing in his case was scheduled for August 3. Aleynikov, a Russian immigrant living in New Jersey, was arrested on Friday night by FBI agents as he got off a flight at Newark Liberty International Airport, according to court documents. He is accused of "theft of trade secrets" related to computer codes used for sophisticated automated stock and commodities trading at an unspecified, New York-based financial institution, according to the court affidavit filed by FBI special agent Michael McSwain. Sources familiar with the situation have told Reuters columnist Matthew Goldstein that the financial institution is Goldman Sachs. A Goldman representative declined to comment on Monday. A lawyer for Aleynikov, Sabrina Shroff, also declined to comment.

Diplomats and civil servants are to be warned about the danger of putting details of their family and career on social networking websites. The advice comes after the wife of Sir John Sawers, the next head of MI6, put family details on Facebook - which is accessible to millions of internet users. Lady Sawers disclosed details such as the location of the London flat used by the couple and the whereabouts of their three children and of Sir John's parents. She put no privacy protection on her account, allowing any of Facebook's 200 million users in the open-access London network to see the entries. Lady Sawers' half-brother, Hugo Haig-Thomas, a former diplomat, was among those featured in family photographs on Facebook. Mr HaigThomas was an associate and researcher for David Irving, the controversial historian who was jailed in Austria in 2006 after pleading guilty to Holocaust denial. Patrick Mercer, the Conservative chairman of the Commons counter-terrorism sub-committee, said that the entries were a serious error and potentially damaging.

They may be after the phone, but what about the data? How much of your life is on your mobile device? Some misguided companies let employees use personal devices for work. I wonder what an auditor would say about due diligence and due care when data is leaked through such ignorance. Think, before you set a lax password, or none at all. Karl Thieves are increasingly going after iPhones and other smartphones but victims now can fight back with technology. One device allows a user to remotely activate a loud siren designed to rattle the thief. Another application, designed for iPhones, can reveal the phone's location. Police statistics show petty crime is down in New York but anecdotal evidence and recent headlines about street muggings targeting costly and coveted devices like Apple's iPhone and T-Mobile's Sidekick have disturbed smartphone users concerned about protecting access to e-mail, passwords and other data.

Thieves are increasingly going after iPhones and other smartphones but victims now can fight back with technology. One device allows a user to remotely activate a loud siren designed to rattle the thief. Another application, designed for iPhones, can reveal the phone's location. Police statistics show petty crime is down in New York but anecdotal evidence and recent headlines about street muggings targeting costly and coveted devices like Apple's iPhone and T-Mobile's Sidekick have disturbed smartphone users concerned about protecting access to e-mail, passwords and other data.

Frontline video on eWaste, Computer Security On the outskirts of Ghana's biggest city sits a smoldering wasteland, a slum carved into the banks of the Korle Lagoon, one of the most polluted bodies of water on earth. The locals call it Sodom and Gomorrah. Correspondent Peter Klein and a group of graduate journalism students from the University of British Columbia have come here as part of a global investigation -- to track a shadowy industry that's causing big problems here and around the world. Their guide is a 13-year-old boy named Alex. He shows them his home, a small room in a mass of shanty dwellings, and offers to take them across a dead river to a notorious area called Agbogbloshie.

ACTA (Anti-Counterfeiting Trade Agreement) has concerned many consumer rights organizations for some time now. Given that it could easily affect criminal laws in many countries around the world, it's not hard to see why there is demand for public disclosure and allow public debate in the matters. Still, to this day, ACTA is being negotiated behind closed doors by many countries around the world and now consumer groups want to, at least, have the negotiations disclosed to them. When it comes to the privacy and surveillance debates, which are in various stages in different countries right now, many say that for national security concerns, further surveillance measures should be taken in the law books. Many policy makers want to know every detail of day-to-day communications of millions of people including who you talk to, when, how, where, and, with a warrant, what the contents of those messages are. Unsurprisingly, consumer rights groups have a problem with that. Meanwhile, when it comes to the highly secretive negotiations happening with ACTA, many consumer rights organizations want a clear indication on how the new international standard is forming and the contents of the legislation and to have such things disclosed to the public. Ironically, policy makers seem to have a problem with that.

More than 50 per cent of internet users say they would be more interested in advertisements if they were tailored to their own interests, according to a new report from Q Interactive. Furthermore, another 50 per cent of respondents said they would view an advertiser favourably if they received personalised ads. Despite a number of obstacles that prevent marketers from obtaining too much personal information, 53 per cent of internet users would rather have free online services and insider information in exchange for relevant targeting data. However, 32 per cent of the respondents said they would accept worse service in exchange for privacy, and 15 per cent would prefer to pay for premium service and view no advertising whatsoever. Last year, a survey from Dynamic Markets on behalf of Coremetrics, found that half of UK consumers were happy for marketers to use behavioural targeting to track their online behaviour.

Likely a bit of bias in the survey, but indicitive that targeted ads are not going away. Like most things digital, doing it safely is important for consumers. - Karl More than 50 per cent of internet users say they would be more interested in advertisements if they were tailored to their own interests, according to a new report from Q Interactive. Furthermore, another 50 per cent of respondents said they would view an advertiser favourably if they received personalised ads. Despite a number of obstacles that prevent marketers from obtaining too much personal information, 53 per cent of internet users would rather have free online services and insider information in exchange for relevant targeting data. However, 32 per cent of the respondents said they would accept worse service in exchange for privacy, and 15 per cent would prefer to pay for premium service and view no advertising whatsoever. Last year, a survey from Dynamic Markets on behalf of Coremetrics, found that half of UK consumers were happy for marketers to use behavioural targeting to track their online behaviour.

The Federal Trade Commission today approved a final consent order settling claims that CVS Caremark violated customers' privacy and the Health Information Portability and Accountability Act (HIPAA) when it failed to dispose of records properly last year. Earlier this year, CVS Caremark agreed to settle FTC charges that it failed to take reasonable and appropriate security measures to protect the sensitive financial and medical information of its customers and employees, in violation of federal law. In a separate but related agreement, the company's pharmacy chain also has agreed to pay $2.25 million to resolve Department of Health and Human Services allegations that it violated HIPAA regulations. "This is a case that will restore appropriate privacy protections to tens of millions of people across the country," said FTC chairman William Kovacic following the settlement. "It also sends a strong message to other organizations that possess consumers' protected personal information. They are required to secure consumers' private information." Under the final consent order, CVS Caremark is required to rebuild its security and confidentiality program, which will be audited every two years for the next 20 years. The HHS settlement requires the company to develop a new training program to instruct employees on how to handle patient data.

Rogue employees and hackers were the most commonly cited sources of data breaches reported during the first half of 2009, according to figures released this week by the Identity Theft Resource Center, a San Diego based nonprofit. The ID Theft Center found that of the roughly 250 data breaches publicly reported in the United States between Jan. 1 and Jun. 12, victims blamed the largest share of incidents on theft by employees (18.4 percent) and hacking (18 percent). Taken together, breaches attributed to these two types of malicious attacks have increased about 10 percent over the same period in 2008. Some 44 states and the District of Columbia now have laws requiring entities that experience a breach to publicly disclose that fact. Yet, few breached entities report having done anything to safeguard data in the event that it is lost or stolen. The ITRC found only a single breach in the first half of 2009 in which the victim reported that the lost or stolen data was protected by encryption technology. "It is a dual problem here undeterred by law or common sense," said ITRC co-founder Linda Foley. "You would think if all these organizations have to notify, that they would take some steps to make sure their data doesn't get exposed in the first place."

It's not exactly what anyone might expect to find at a garbage dump in Ghana. Journalism students from the University of British Columbia discovered intact hard drives containing secret international security data and personal information at a digital dumping ground in Ghana, said their teacher, Peter Klein. Mr. Klein, a producer for the PBS television program Frontline and an Emmy Award winning journalist, said the drives included information about U.S. Homeland Security and Pentagon defence contracts as well as social security numbers, credit card numbers, and family photos. The dumps are frequented by criminal gangs in the country, he said. The findings are part of a project by Mr. Klein's graduate students investigating electronic waste, or e-waste. The team also travelled to Guiyu, China, and India, piecing together the afterlife of discarded computers, drives and parts. To find out if cyber criminals could get information stored on the computers, the students bought several hard drives from vendors near the Ghana dumps to test at home in Vancouver. One of the drives came from Northrop Grumman, a large U.S. military contractor. It contained "details about sensitive, multimillion-dollar U.S. government contracts" as well as contracts with the defence intelligence agency and NASA, according to a synopsis of the project on the PBS website.

Cornell University officials are investigating the theft of a school computer that may have compromised the personal information of about 45,000 current and former students, faculty and staff. University spokesman Simeon Moss says the university has sent e-mails about the incident to everyone whose data was on the computer. They're being offered one year of free credit reporting, credit monitoring and identity restoration services. A Cornell Web page on the theft says there have been no known misuses of the data, which include Social Security numbers. The page says the laptop was in the possession of a Cornell technician who was doing some troubleshooting. Moss says police are investigating the theft.