Privacy & data protection

WASHINGTON--The federal government is trying to find better ways to standardize and coordinate personal information about American citizens that is currently spread across thousands of databases, according to a White House official.

There are more than 3,000 programs or databases in the federal government that hold personal information--Social Security numbers, addresses, fingerprints, and so on--yet the government is only beginning to develop a plan for collecting, protecting, and using such information.

"You have a lot of duplication of data" among various agencies, said Duane Blackburn, a policy analyst in the White House's Office of Science and Technology Policy. … Read more

WASHINGTON--Is the idea of widespread biometric data collection still too spooky to win over the American public?

At some level, it's already becoming commonplace: California and some other states demand fingerprints from driver's license holders. The Verified Identity Pass program includes iris scans, as does the U.K's border control system. And prisoners have their blood forcibly drawn for a DNA sample.

But more widespread use of biometrics, especially by the government, raises substantial privacy concerns that may alarm many Americans and prove difficult to resolve, panelists at a conference here said Tuesday.

"How would I … Read more

A 12-year-old who uses his iPhone mostly for texting with his girlfriend has discovered what looks like a new vulnerability with the device.

The unnamed boy, son of blogger Karl Kraft, turns on the passcode lock and disables SMS Preview in order to prevent his parents from seeing any messages, Kraft wrote on his blog.

Those settings block the display of incoming text messages and show an alert saying "New Text Message" if an SMS comes through while the phone is locked. However, if the phone is set to emergency call mode the incoming text messages are previewed.… Read more

CA on Tuesday announced it acquired identity management company IDFocus.

With the acquisition, CA plans to use IDFocus' Ace identity management technology to provide employees with multiple authorizations in their company's employee resource planning (ERP) system to automatically have those authorizations checked against the information they are seeking or the task they're trying to conduct.

Specifically, the CA Identity Manager aims to give employees various authorizations, then run a check against the segregation of duties (SOD) policies set up in the IDFocus software. If a policy has been violated, the CA Identity Manager is designed to kick in … Read more

Skype's president said that the company was largely unaware of a major security breach affecting Skype users in China.

In a blog published Thursday, Josh Silverman, Skype's president, explained he did not realize that TOM-Skype, Skype's partner in China, was logging and storing users' instant messages that were deemed offensive by the Chinese government.

He said the company knew that instant-messaging chats were monitored by the government, as all communications in China are. And he explained that Skype disclosed this to users in 2006, explaining that a text filter was being used to block certain words in … Read more

Many people are wondering what to do now that their bank has been acquired in the wake of the lending crisis. Well, whatever you do, don't click on links in e-mails purportedly sent by your bank.

Security firm SonicWall said Thursday that it has been seeing e-mails that attempt to lure people to fake bank Web sites, where they are asked to re-verify their personal and bank information as part of a merger.

In one example that targets people affected by the Chase acquisition of Washington Mutual, the e-mail asks recipients to click on a link and confirm their … Read more

As the federal government makes efforts to protect citizens online, it is encouraging people to look out for themselves as well.

To kick off its fifth annual "National Cyber Security Month," the National Cyber Security Alliance, an organization of government, academic, and industry representatives, paired with Symantec to release the results of a national poll on Thursday showing Americans do not feel very safe online, yet they believe they are more protected than they actually are.

Just 26 percent of respondents said they felt their computers were "very safe" from viruses, and 21 percent felt their … Read more

Updated at 1:30 p.m. PDT with the New York Times saying they fixed the hole.

A new report from researchers at Princeton University reveals serious Web site security holes that could have been exploited to steal ING customers' money and compromise user privacy on YouTube, The New York Times' Web site, and MetaFilter.

The sites have all fixed the holes after being notified by the report's (PDF) researchers, William Zeller and renowned security and privacy researcher and Princeton computer science professor Edward Felten.

The vulnerability arises from a coding flaw that could allow someone to do a … Read more

Even before someone hacked Sarah Palin's Yahoo Mail account I had been wondering whatever happened to encryption.

Encryption -- the science of rendering plain text unreadable by anyone but the intended reader -- made a splash in the mid-1990s. At the time the U.S. government was investigating human rights activist Phil Zimmermann for allegedly violating the Arms Export Control Act by distributing his PGP (Pretty Good Privacy) e-mail encryption software. The government eventually relaxed the restrictions and PGP was no longer programa non grata.

Nearly a decade has passed and it struck me recently that encryption still hasn'… Read more