PayPal president Scott Thompson has revealed a sneak peek of upcoming technologies from the online payment company. The new payment options center around smart phones, and allow tricks such as paying in a store via phone and bypassing the checkout line, or entering a PIN and phone number at a register instead of a credit card number. Payment through phones took off long ago in Asia, and has been gaining increasing acceptance in the United States. PayPal's concepts are notable because they avoid new gadgets or the near-field communication technology used by alternative offerings such as Google Wallet.

Thompson writes:

Let's be clear about something--we're not just shoving a credit card on a phone. PayPal is reimagining money and making it work better for merchants and consumers--whatever device you're on, wherever you are in the world, and however you prefer to pay (whether that's cash, credit, or installments).

The company released a concept video that outlines the new payment systems.

Hackers today are testing mobile devices ever more strenuously, but the work often stands on shaky legal ground, according to Jennifer Granick, an attorney for ZwillGen, a law firm that specializes in legal issues related to the Internet. Granick was formerly civil liberties director for the Electronic Frontier Foundation.

Presenting at Black Hat, a computer security conference in Las Vegas, Granick outlined the tricky legal landscape that faces researchers trying to work in mobile. While historically, companies have often been reluctant to open their arms to hackers, mobile devices introduce new challenges, such as having to deal with tangled FCC regulations, and laws that aren't designed for modern devices.

For example, Granick explained, techniques such as jailbreaking iPhones to run non-Apple approved software are governed under U.S. copyright law. The U.S. Copyright Office reviews its rules every three years, and did add exemptions to allow jailbreaking. However, since the iPad didn't exist the last time this review happened, jailbreaking these devices exists in a legal limbo.

Just to work on devices often requires taking some legal risk. Companies such as Apple lock down mobile devices and software through restrictive developers' agreements and end-user license agreements, as well as with technical protections that are backed by law.

One particularly tricky area is location-based services. In many cases, Granick said, how communications are classified can determine how severe the legal risk connected with hacking them becomes. Accessing communications in a way that could be considered wiretapping comes with strict legal penalties, but accessing stored communications is sometimes treated differently. Under some interpretations, Granick said, there might be reason to classify communications between users and companies such as Foursquare so that intercepting them would be considered wiretapping.

Considering the fierce debates already going on around the info that passes through mobile devices, Granick's talk illustrated the legal difficulties of pinning down exactly what goes on.

Facebook is often criticized over privacy. Just think of the launch of Beacon.

But listening to CTO Bret Taylor defend the company's privacy practices yesterday at a hearing before the U.S. Senate Committee on Commerce, Science, and Transportation, it's hard to fault the company's technology. Facebook is in many ways at the cutting edge of Internet security and privacy--and it has to be considering the large quantity of personal information that it stores.

Facebook's privacy woes have not been caused by technical bungling. It's hard to imagine, for example, the company suffering the sort of ongoing technical humiliation that Sony has recently experienced. Facebook's record so far has been much better than that. Rather, it's Facebook's tendency to suddenly change the rules that have landed it in hot water.

Taylor's discussion of how Facebook handles user privacy was thoughtful and impressive. "People will stop using Facebook if they lose trust in their services," he said, a line we also heard from Google in last week's hearing. He went on to outline the ways that Facebook allows users to control what happens to their data, in particular the fine-grained privacy controls that allow users to select who can see their posts. Users can set different policies for photos, status updates, and other kinds of content, and can even set special privacy policies for specific posts.

"We cannot satisfy people's privacy expectations by creating a one size fits all approach," Taylor argued.

Taylor highlighted that the company has worked with partners on new authentication technologies that allow users to share information with third parties safely, and noted, "We are one of the few Internet companies to extend our privacy controls to our mobile interfaces."

He added that the company also offers different default settings for minors, and is currently testing a new, more transparent privacy policy for all users.

What Taylor didn't talk about is Facebook's habit of changing its default privacy settings without giving users much notice. The last time this happened, for example, users logged into Facebook and were confronted with a long description of changes to how their would be shared. Few have the patience to sit down, understand the changes, and fix them.

This is where the company keeps going wrong. And no matter how sophisticated or thoughtful its privacy and security technology, Facebook can't fix its problems until it gets the human factor right.