Thursday, April 16, 2015

US: Social Security Number is an unreliable identity management technology

Should We Kill the Social Security Number? (Huffington Post)
That's right: Social Security numbers were not intended for identification. They were made to track how much money people made to figure out benefit levels. That's it. Before 1972, the cards issued by the Social Security Administration even said, "For Social Security purposes. Not for Identification." The numbers only started being used for identification in the 1960s when the first big computers made that doable. They were first used to identify federal employees in 1961, and then a year later the IRS adopted the method. Banks and other institutions followed suit. And the rest is history.
Author: Adam Levin, Former Director New Jersey Division of Consumer Affairs; Chairman of and Identity Theft 911.

There's a lot of good data in the article about just how much fraud is perpetrated against the IRS, fraud that is at least partly due to over-reliance on the Social Security number for ID purposes.

Wednesday, April 15, 2015

True cybersecurity requires a conceptual shift

The user knows nothing: Rethinking cybersecurity
This position — that the adversary knows your system as well as you do, if not better, as soon as it is stood up — while extreme, led to the creation of large number factorization, the basis for all modern encryption, from PGP to RSA tokens. Under these encryption schemes, as long as the key is kept private, someone can know everything about how the security system works and still not be able to crack it.

To get to a place of true cybersecurity, another stark innovation in thinking is needed. What is needed is an Inverse Shannon's Maxim: the user knows nothing.
Coincidentally, our CTO and I were having a conversation along these lines just yesterday. It's a thrill a minute at SecurLinx!

Quick links

South Africa: Banks piling into biometric security (The Citizen)

From the Interpol World Conference:
Security experts call for tighter international border control (Albawaba News)

New biometric permit cards required for long-term stays (Cayman Compass)

Tuesday, April 14, 2015

Israel: Interior Minister foresees mandatory biometric ID

Erdan wants advanced biometric ID card mandatory for all Israelis (Jerusalem Post)
All citizens will have to gradually move to biometric identification, Interior Minister Gilad Erdan said Monday, submitting a report on the system’s pilot run to the cabinet and Knesset.

“Smart biometric documentation that cannot be counterfeited, together with use of the biometric data will allow a full security and defense package for Israeli citizens’ identities and will balance our responsibility to ensure their security with our requirement to defend their privacy,” Erdan stated.
Obviously, his stance isn't universally popular, but read the whole thing. There are a lot of good bits of information there including this one: Israel is the OECD country with the most counterfeited passports.

India: Using biometrics to protect vulnerable children

Aadhaar goes to orphanages, joins war on child trafficking (Bangalore Mirror)
Aadhaar's comprehensive database that comprises iris (retina scan) and biometric (fingerprint) information is hoped to aid enforcement agencies find missing children, curb human trafficking and check illegal adoptions. Aadhaar enrolments have begun in Karnataka for children in child care institutes run by the state government's Department of Women and Child Development. Nearly 4,000 kids and youngsters are in care of state homes and will get identity cards.
A couple of notes:

Aadhaar means "foundation." An alternate name for the Aadhaar Project is the UID Project for Universal ID.

In the quoted passage above, "child care institutes" are orphanages rather than the child care centers some readers may be more familiar with.

Forecast: Global biometrics market CAGR 14% through 2020

Global Biometrics Market Forecast & Opportunities 2020 (TechSci Research) — The global biometrics market is projected to register a CAGR of around 14% until 2020.

Monday, April 13, 2015

The attorney suing Facebook

A lawyer Silicon Valley loves to hate (Seattle Times)
Though one tech financier calls Jay Edelson “a leech tarted up as a freedom fighter,” the Chicago class-action lawyer has had an impact on the privacy issues that the Internet has made so pervasive.
Biometric tech for bikers wins Singapore award (Planet Biometrics)
Already hosting soe 40,000 enrolees, the BIKES system facilitates self- immigration clearance at designated lanes. Designed for speed and accuracy, the process takes under 16 seconds.
Singapore has been one of the more enthusiastic adopters of border biometrics.
The question: when will biometrics take over from passwords? (The Guardian) — Four smart takes on large-scale customer-facing authentication.

Wednesday, April 8, 2015

USAA and customers both embrace biometrics

Biometric Innovation Boosts USAA Fiscal Results, Customer Satisfaction (Mobile ID World)
In a synopsis, the company credited its strong performance – which saw its net worth increasing by ten percent, reaching $27 billion – at least in part to “innovations such as secure facial and voice recognition on mobile devices”.
Tying in to the post below, the article mentions that the USAA customers who use it really love Apple Pay.

A sceptical look at Apple's Touch ID for banking

Why RBS and NatWest were wrong to trust Apple on biometric security (Information Age)
Here, Richard Walters, GM and VM at Intermedia, expands on Whaley’s criticism, claiming that the biometric technology offered by Apple is not secure enough to support sensitive activities like mobile banking.
Very much worth reading in its entirety.

Tuesday, April 7, 2015

News you can use

Florida man, initially thought dead, arrested after facial recognition match (Ars Technica)
A Florida businessman accused of falsifying his death overseas was located and then arrested by federal authorities after facial recognition software returned a match to his face in passport records. Jose Salvador Lantigua now faces one federal count of providing a false statement on a passport application.
Though never easy, it's getting harder to fake your own death.

Illinois: More on the Facebook facial recognition lawsuit

Facebook lawsuit calls collection of biometrics data illegal (Biometrics Update)
According to the Illinois Biometrics Information Privacy Act, it is unlawful to acquire biometric data without first providing the subject with a written disclaimer that details the purpose and length of the data collection, and without the subject’s written consent.
Read the whole thing.

Photos aren't simply records of something that happened, mere mementos, anymore. They're search terms and search results. That has implications for both public and private entities who collect and store images of people. Ordinary snapshots are now biometric data.

Now, about those Florida school yearbooks...

New Nealand: Biometrics allow for the return of ten-year passports

Prime Minister John Key: 10-year passports in six months (New Zealand Herald)
New Zealand moved to five-year passports in 2005 in response to security concerns sparked by the 2001 terrorist attacks in the US...

In addition, developments in biometric technology have allayed concerns about passport fraud and counterfeiting.

Monday, April 6, 2015

Facial recognition technology is changing how we think about photography

SCOTLAND: Cash-strapped police spend £700k on UK database (The Scotsman)
The MPs noted a “worrying” lack of government oversight and regulation of the use of biometrics by public bodies.

It called for day-to-day independent oversight of the police use of all biometrics, and for the Biometrics Commissioner’s jurisdiction to be extended beyond DNA and fingerprints.
ILLINOIS: Does Facebook's facial recognition technology violate privacy laws? (ABA Journal)
The lawsuit, filed Wednesday, argues that the social media company was required by Illinois law to inform Carlo Licata in writing that it would collect and retain his “biometric data,” and specify when it would destroy that data.

Both Facebook and the police in Scotland have been collecting photos of individuals for years but facial recognition technology changes things. Photos aren't simply records of something that happened, mere mementos, anymore. They're search terms and search results.

That has implications for both public and private entities who collect and store images of people.

Ordinary snapshots are now biometric data. The news pieces above both show long-standing policies being scrutinized in the context of reliable facial recognition technology.