The Washington Post’s Navigator column discusses ways that individuals can protect themselves from identity theft when they’re traveling:

One of the latest threats against travelers is invisible and silent: wireless attacks that siphon your credit card number, personal information and passwords. Anything with a radio-frequency identification (RFID) chip, including your passport or a credit card, can be read from afar. Thieves can also mine valuable data from your smartphone when it automatically logs on to a WiFi network.

Fortunately, there are a few simple ways to thwart these wireless assaults, including new luggage products and common-sense steps that protect your devices and credit cards. [...] Read more »

The National Institute of Standards and Technology announced a revision of the federal government’s computer security guide, “Security and Privacy Controls for Federal information Systems and Organizations (SP 800-53)” (pdf). The update includes “eight new families of privacy controls that are based on the internationally accepted Fair Information Practice Principles,” NIST said. Also:

State-of-the-practice security controls and control enhancements have been integrated into the new revision to address the evolving technology and threat space. Examples include issues particular to mobile and cloud computing; insider threats; applications security; supply chain risks; advanced persistent threat; and trustworthiness, assurance, and resilience of information systems. [...]

SP 800-53, Revision 4 also takes a more holistic approach to information security and risk management. The publication calls for maintaining “cybersecurity hygiene”—the routine best practices that help reduce information security risks—but also appeals for hardening those systems by applying state-of-the-practice architecture and engineering principles to minimize the impacts of cyber attacks and other threats. Read more »

To recap: A privacy and civil liberties oversight board was recommended by the 9/11 Commission, and the board was created in 2004 and placed within the White House. In 2008, Congress passed and President Bush signed the “Implementing the 9/11 Commission Recommendations Act of 2007,” which took the Privacy and Civil Liberties Oversight Board out of the White House and established it “as an independent agency within the executive branch.”

Terms for the original board expired in January 2008, but President Bush delayed the nomination of new board members for many months; none were confirmed by the Senate. In 2010, President Obama nominated James X. Dempsey, Vice President for Public Policy at the Center for Democracy and Technology, and Elisebeth Collins Cook, who worked in the Justice Department in the Bush administration. Privacy Lives joined in the call to nominate and confirm experts to the board. (For more information on the board, here’s a 2008 Congressional Research Service report (pdf) on the board’s history and powers.)

In December 2011, Obama nominated Rachel L. Brand (Chief Counsel for Regulatory Litigation at the U.S. Chamber of Commerce, National Chamber Litigation Center), Patricia M. Wald (who had served for twenty years on the U.S. Court of Appeals for the District of Columbia), and for the chairmanship, David Medine (a partner at WilmerHale whose practice focuses on data security and privacy). In August, all but Medine were approved by the full Senate, so the board did not have a chairman.

On Tuesday, the Senate finally voted to confirm (pdf) Medine (53 yeas, 45 nays, 2 did not vote). On the floor, Sen. Patrick J. Leahy (D-Vt.), chairman of Judiciary Committee, which sent the nomination to the full Senate for a vote, said: Read more »

The Los Angeles Times reports that the American Civil Liberties Union of Southern California and the Electronic Frontier Foundation have filed a lawsuit against the Los Angeles Police and Sheriff’s departments concerning privacy questions about the use of license-plate recognition systems. The groups have requested through the state public records act one week’s worth of the license-plate scanning data gathered and kept by the departments. (See a previous post for more information on the camera surveillance technology.)

Privacy rights groups on Monday filed a lawsuit against Los Angeles County’s two major law enforcement agencies after they refused to turn over information collected by electronic license plate scanners, the suit claimed.

CNet reports that President Obama has chosen Nicole Wong, a lawyer for social-networking site Twitter, as chief privacy officer:

President Obama has picked Nicole Wong, Twitter’s legal director, to be the White House’s first chief privacy officer, CNET has learned.

Wong previously was a vice president and deputy general counsel at Google at its Mountain View headquarters, where she managed a team of lawyers that worked with the company’s engineers to review products before they launched. The reviews included privacy, copyright, and removal requests, which earned her a nickname of “The Decider” — as recounted in a 2008 New York Times Magazine article. [...]

Choosing a Silicon Valley lawyer who has been immersed in technology issues is a reversal of the administration’s previous picks for department-level chief privacy officers. Homeland Security Chief Privacy Officer Mary Ellen Callahan is a Washington lawyer who previously worked for the Library of Congress.

Bloomberg News reports that hospitals are looking to biometric technology, including iris scans, as a defense against security breaches and medical identity theft:

Clinics and hospitals around the world are acquiring technology that identifies people based on physical traits to improve patient safety and stamp out fraud. HCA Holdings Inc. (HCA) hospitals in London, as well as health-care providers across the U.S., are buying so-called biometric technologies.

Biometrics makers, such as Safran SA (SAF), Fujitsu Ltd. (6702) and closely held AOptix Technologies Inc. and M2Sys Technology, say demand from health-care providers is growing. While ensuring the right person gets the right treatment is the main reason for buying biometrics, hospitals and patients see another benefit: reducing the risk of data breaches that can lead to identity theft. [...]

Identify theft is leaving hospitals with unpaid bills and consumers on the hook for costly treatment they didn’t receive. Data breaches, which include lost and stolen information, may cost the health-care industry in the U.S. as much as $7 billion a year, according to a survey conducted by the Ponemon Institute, a Traverse City, Michigan-based organization that studies privacy, data protection and security. Read more »