Watchdog Sues FBI Over Facial Recognition Secrecy

Watchdog Sues FBI Over Facial Recognition Secrecy

A civil liberties watchdog Thursday sued the FBI and other federal agencies claiming the government is improperly withholding information on how it uses a facial recognition database of millions of Americans.

“Because of the FBI’s secrecy, little is known about how the agency is supercharging its surveillance activities with face recognition technology,” said Kade Crockford of the American Civil Liberties Union in a statement.

“The public has a right to know when, where, and how law enforcement agencies are using face recognition technology, and what safeguards, if any, are in place to protect our rights.”

The ACLU lawsuit naming the FBI, Justice Department and Drug Enforcement Administration said the agencies “failed to produce any responsive documents” in response to a Freedom of Information Act request.

Activists believe the FBI is currently collecting biometric data on people’s faces, irises, walking patterns, and voices, and has a database of at least 640 million images of adults in the United States.

“Face and other biometric surveillance technologies can enable undetectable, persistent, and suspicionless surveillance on an unprecedented scale,” Crockford said.

“This dystopian surveillance technology threatens to fundamentally alter our free society into one where we’re treated as suspects to be tracked and monitored by the government 24/7.”

Backers of facial recognition say it is a useful tool that can make it easier to catch criminals and ensure safety at airports and venues with large crowds.

But privacy and civil liberties activists say the technology remains flawed and could ensnare innocent people.

San Francisco has banned the use of the technology by official agencies, and some researchers have warned of errors, notably in identifying minorities, and of the creation of large databases which could be breached or hacked.

The lawsuit filed in Massachusetts asks the government to turn over information on what data it has and who can access it.

The Justice Department did not immediately respond to a query on the complaint.

© AFP 2019

Senate Bill Maintains Funding Ban on Unique Patient Identifier

Senate Bill Maintains Funding Ban on Unique Patient Identifier

– Industry efforts to remove a Congressional ban on funding the development of a unique patient identifier stalled last week, as Senate appropriators declined to include the language in its draft fiscal year 2020 funding legislation.

Released on Wednesday, the Senate Appropriations Subcommittee’s proposal would keep the two-decades-old ban on providing funds to the Department of Health and Human Services for the development of a unique patient identifier.

Since 1999, a provision written into every Congressional budget has included the ban. However, the House of Representatives signaled support to remove the provision and implemented an amendment to eliminate the ban in its Departments of Labor, Health, and Human Services, and Education, and Related Agencies Act of 2020.

Industry stakeholders like CHIME have been calling for a removal of the ban in recent years and had hoped the House’s support would move into the Senate. But the draft bill does not include funds for HHS to begin developing a unique patient identifier, which many believe would help with patient privacy risks.

“None of the funds made available in this act may be used to promulgate or adopt any final standard under section 1173(b) of the Social Security Act providing for, or providing for the assignment of, a unique health identifier for an individual (except in an individual’s capacity as an employer or a health care provider), until legislation is enacted specifically approving the 13 standard,” according to the bill.

In 2018, CHIME told HHS that as it works toward strengthening healthcare innovation and investment, officials should seek out technology that more accurately identifies patients and work with the Centers for Medicare and Medicaid Services to promote patient identification solutions.

“CHIME has long been a supporter of developing a national patient identifier to accurately and efficiently match patients with the correct record,” CHIME officials explained at the time. “This is integral to CMS’ goal to achieve the free-flowing exchange of patient records and true interoperability.”

“From the perspective of CHIME, accurately matching patients to their data should be one of the principal goals of the innovation work group,” they added.

Just last month, CHIME joined 55 other stakeholder groups urging the Senate to remove the ban or to adopt the unique patient identifier, as well as identifying a solution to protect patient privacy.

The Health Innovation Alliance made a similar call to Congress on September 18, calling out the Senate for its failure to include the provisions to remove the “antiquated” ban. The lack of a unique patient identifier is not only a privacy risk, but patient safety concern, as well.

“Senate appropriators’ initial rejection of the overwhelming, bipartisan will of the House of Representative on UPI funding is disappointing, but there is still time to change course,” HIA Executive Director Joel White, said in a statement. “This outdated ban has contributed to healthcare waste and misspending while threatening patient safety for far too long.”

“With the UPI ban in place, studies show patients are accurately matched to their medical records as seldom as 50 percent of the time,” he added. “That is a failing score that Washington must not accept.”

Source: Senate Bill Maintains Funding Ban on Unique Patient Identifier

Universal background checks really do cut gun deaths

Universal background checks really do cut gun deaths

Controlling who has access to guns has much more impact on reducing gun-related homicides than controlling what guns people have, researchers report.

As the US reels from three back-to-back mass shootings—which occurred within the span of eight days in Gilroy, California, El Paso, Texas, and Dayton, Ohio—Michael Siegel, a researcher at the School of Public Health at Boston University, says that mirrored analyses of FBI and CDC homicide data serve to “double down” on evidence supporting laws that work to cut gun deaths.

“Using completely different data sets, we’ve confirmed the same thing,” Siegel says. “The main lesson that comes out of this research is that we know which laws work. Despite the fact that opponents of gun regulation are saying, ‘we don’t know what’s going on, it’s mental health issues, it’s these crazy people,’ which doesn’t lend itself to a solution—the truth is that we have a pretty good grasp at what’s going on. People who shouldn’t have access to guns are getting access.”

Siegel’s latest study in the Journal of Rural Health reinforces previous research findings that laws designed to regulate who has firearms are more effective in reducing shootings than laws designed to control what types of guns are permitted. The study looked at gun regulation state by state in comparison with Federal Bureau of Investigation (FBI) data about gun homicides, gathered from police departments around the country.

The researchers’ analysis reveals that universal background checks, permit requirements, “may issue” laws, and laws banning people convicted of violent misdemeanors from possessing firearms can, individually and collectively, significantly reduce gun-related deaths.

It’s a particularly compelling finding because in March 2019, Siegel and collaborators drew virtually the same conclusion by analyzing state laws in comparison with death certificate data the Centers for Disease Control and Prevention (CDC) collected nationally.

In that study in the Journal of General Internal Medicine, Siegel’s team analyzed 25 years of national data to examine the relationship between 10 different types of state laws and the number of deaths by homicide and suicide in all 50 states.

The National Institute of Justice and the Robert Wood Johnson Foundation Evidence for Action Program funded the studies.

State gun laws requiring universal background checks for all gun sales resulted in homicide rates 15% lower than states without such laws. Laws prohibiting the possession of firearms by people who have been convicted of a violent crime were associated with an 18% reduction in homicide rates.

In contrast, Siegel found that laws regulating the type of firearms people have access to—such as assault weapon bans and large capacity ammunition magazine bans—and “stand your ground” laws have no effect on the rate of firearm-related homicide. The researchers did not find that any of the state gun laws they studied were related to overall suicide rates.

Universal background checks, which have long been a top priority for gun control advocates and policymakers in the United States, appear to have the biggest impact. Though there has been a push for federal gun regulations in recent years, the power to legislate gun sales and gun ownership is largely beholden to the states. And according to Siegel, the data doesn’t lie. The average firearm homicide rate in states without background checks is 58% higher than the average in states with background-check laws in place. As of 2017, only 13 states, including Massachusetts, had laws requiring universal background checks.

Here, Siegel explains the findings of these two studies:

The post Universal background checks really do cut gun deaths appeared first on Futurity.

Source: Universal background checks really do cut gun deaths

How Identity Security Improves Your Business Processes

How Identity Security Improves Your Business Processes

Overall, we tend to think of cybersecurity as just that: security. It protects us from digital threats and malicious actors. Yet we also tend to think of it as a giant fence; it surrounds our IT environment where all the important business processes occur. Cybersecurity—identity management and security in particular—constitute a barrier to entry for normal transactions and communications.

However, this doesn’t reflect reality in the modern digital workplace. In fact, identity security can improve your business processes. Here are the ways identity management can make your business processes smoother and more productive long term!

How Identity Security Improves Your Business Processes

Without IAM: Cloud Environments Unruly

Enterprises migrate to cloud and hybrid environments more and more each passing day and the reasons why prove obvious. The cloud offers:

  • Faster communications.
  • Easier collaboration.
  • More productivity.
  • More flexibility.
  • A stronger bottom line.

However, the cloud offers its own challenges. Often these take the form of security challenges: who can access what from where, in addition to a porous digital perimeter.

However, it also presents some unique challenges to business processes. If everyone can access everything on the cloud, how does your chain of command look? Who is responsible for which project? How do you know only the necessary employees have the right access? What if you need someone outside of those employees?

With IAM: More Control Over Cloud Environments

Identity security can improve your cloud business processes. First, identity security ensures your business processes stay safe regardless of the environment. In fact, identity allows your enterprise to protect your users wherever they work—inside the network or outside of it. This allows them to move smoothly and securely while fulfilling their day to day tasks.

Further, identity security allows for scalability to match the limitless potential of cloud environments. As you grow your business on the cloud, your identity management solution should facilitate adding more users to the network.

Simultaneously, identity management—specifically identity governance and administration (IGA)—can help you maintain control over your cloud business processes. IGA allows your business to tightly control the access each user possesses, allowing for more streamlined workflows. Also, you can give employees temporary permissions for special projects, which automatically revoke to prevent access creep.

Without IAM: Password Problems

Think about passwords for just a second: are they really convenient?

Of course, we could list all of the security issues that accompany passwords and other forms of single-factor authentication:

  • Users repeat their passwords, which increases the risk of a credential stuffing attack.
  • Most passwords exist in some form of the Deep Web for easy malicious use.
  • Employees frequently share their passwords with one another or write them down.
  • Even novice hackers can guess users’ passwords through information publicly available on social media.

However, the above list focuses on the cybersecurity aspect of passwords. What about convenience? Sure, passwords represent a known quantity, but think of all the headaches that come with them.

For example, employees tend to forget their passwords—unsurprising given how many passwords the average user commits to memory; actually, each employee may have 100 accounts to keep track of on average.

Whenever an employee forgets their password, they call your Help Desk to retrieve or reset it. This easts up valuable time in more than one way. Your employee has to wait for the password, letting precious work time slip by unused. Meanwhile, your Help Desk must let other critical tasks go unfulfilled and thus create a long wait for other employees.

It certainly doesn’t sound convenient.

With IAM: Streamlined Logins and Authentication Protocols

Some of you reading this may have lifted an eyebrow at this claim. After all, isn’t identity management authentication notorious for impeding the user experience and causing delays in business processes? Don’t employees work faster if they remain familiar with the system—which always means sticking with the legacy identity management solution?

This may have been true back in the legacy identity management heyday. But you may find it far from true now.

Focusing on your business processes, let’s look at the opposite of single-factor authentication: multifactor authentication (MFA).

In modern MFA, many of the factors used for authentication take place behind the scenes. These include:

  • Geofencing.
  • Time of Access Request.
  • Device Registration.

Sure, the user experiences a login experience not all that dissimilar to a “traditional” one. However, their identity remains under heavy scrutiny during login.

Moreover, next-generation multifactor authentication doesn’t end at the login stage. No one can overstate the importance of this distinction. Most legacy identity security solutions allow free reign after login, which lays out the welcome mat for hackers.

Yes MFA presents so many obstacles most hackers choose instead to target low-hanging fruit. Yet assuming invincibility never did anyone good in the long term. You should constantly evaluate your users’ identities and their intentions. Through continual behavioral analysis, you can do that.

Also, you can deploy behavioral analysis—including monitoring typing behavior—quietly.

Without IAM: Constant Risk

Unfortunately, identity management and cybersecurity don’t just work as a gate. They need to become full-fledged aspects of your business processes if you aim to succeed.

Think about the consequences of a data breach—the majority of which begin with stolen or cracked credentials. A single breach costs more than just finances pilfered and legal fees paid (both of which prove substantial by themselves). You also need to consider the damage to your enterprise’s reputation, its customer loyalty, and its attractiveness to new customers.

After all, consumers and clients are statistically less likely to patronize a business if they feel their data is handled carelessly. Think of the damage that attitude could do to your long term growth.

In other words, your business processes may truly be next-generation. It won’t matter in the wake of a data breach due to missing identity security.

WIth IAM: Better Business

Incorporating IAM into your business processes creates a digital perimeter which deters most hackers. Sure, you should still engage in threat hunting and have an incident response plan ready. But you can rest assured you took every step possible to keep yourself secure. Your customers and employees will thank you for it.

Ben Canner

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.

Source: How Identity Security Improves Your Business Processes

Identity Theft and Cyber-Fraud in the UK Hit All-time High

Identity Theft and Cyber-Fraud in the UK Hit All-time High

In 2017 the risk of fraud continued to evolve and intensify in the UK; identity fraud hit a new all-time high and cyber-enabled fraud accounted for an even greater proportion of the growing problem, according to the 2019 Fraudscape report.

In 2017 more than 305,000 instances of fraudulent conduct were recorded to the National Fraud Database:

  • Identity fraud continued to rise, hitting an all-time high of 174,523 cases in 2017 (up one percent from 2016). 95 percent of these cases involved the impersonation of an innocent victim.
  • Eight out of 10 fraudulent applications were made online.
  • There was a 27 percent increase in 14-24 year olds becoming ‘money mules’.
  • Overall bank accounts identified as being used as ‘mule’ accounts were up by 11 percent.
  • More than a third of bank account takeover victims were over 60-years-old.
  • Organizations successfully prevented over $1.6 billion in fraud losses through non-competitive data sharing.

This ‘retargeting’ by identity fraudsters can be seen as a shift towards more accessible products, such as mobile phone contracts, online retail accounts, retail credit loans and short-term loans.

Source: Identity Theft and Cyber-Fraud in the UK Hit All-time High

5 HIPAA Data Breaches Lead to $3.5M OCR Settlement

Source: Xtelligent Media | Health IT Security

February 01, 2018 – Fresenius Medical Care North America (FMCNA) recently agreed to a $3.5 million OCR settlement following allegations that it committed HIPAA violations on five different occasions at separate FMCNA covered entities. FMCNA provides product and services for individuals with chronic kidney failure, and has a network including dialysis facilities, outpatient cardiac and vascular labs, urgent care centers, hospitalist, and post-acute providers.