This document discusses privacy implications of biometric data. It provides examples of how biometric authentication is used for fraud prevention at ATMs and for banking in Africa. Benefits include security, safety, ease of use and speed. Biometric data can be stored on or off devices. Off-device storage raises more privacy concerns as the data is transmitted and stored by vendors. Regulations for biometric data vary globally, with the EU having stricter laws. Disclosure of biometric data like fingerprints can impact individuals even if current misuse potential is limited, due to integrity and availability risks. Social and privacy concerns must be addressed for broad biometric adoption.
Leading Practices in Information Security & PrivacyDonny Shimamoto
Many not-for-profits are operating in an environment in which there is a tremendous amount of electronic documents, communications, and confidential data sits on computers and networks that are connected to the Internet. Privacy and security threats are also increasing, putting Internet communications and computer data at risk at an alarming rate. At the same time, laws and regulations with significant penalties have been passed or are being passed by states, the Federal government, and industry groups (e.g. PCI DSS) increasing the consequences of data breaches and privacy violations.
Whether you’re an executive director, program manager, or IT manager, this non-technical presentation will help you learn about the threats, requirements, and leading practices related to information security you need to help protect your donors and constituents.
With the new interconnected age comes new risks for cyber attacks and other fraudulent activity. Do you know what you need to keep your end users protected? Digital Insight discusses security and compliance in the interconnected age.
A single gigabyte of data in your data center contains thousands of folders and a massive amount of files. Which files contain sensitive data? Who owns and has access to these files? How do you protect this data? When faced with an audit or forensic investigation, most organizations are left scrambling for answers to these questions. Learn how the unique combination of File Activity Monitoring (FAM) and Data Loss Prevention (DLP) technologies simplify and accelerate these processes, reducing the time to remediate and protect sensitive data.
Our five step plan includes automating processes to:
1. Discover sensitive data
2. Identify data owners
3. Communicate with business owners
4. Implement policy controls
5. Remediate excessive access
Leading Practices in Information Security & PrivacyDonny Shimamoto
Many not-for-profits are operating in an environment in which there is a tremendous amount of electronic documents, communications, and confidential data sits on computers and networks that are connected to the Internet. Privacy and security threats are also increasing, putting Internet communications and computer data at risk at an alarming rate. At the same time, laws and regulations with significant penalties have been passed or are being passed by states, the Federal government, and industry groups (e.g. PCI DSS) increasing the consequences of data breaches and privacy violations.
Whether you’re an executive director, program manager, or IT manager, this non-technical presentation will help you learn about the threats, requirements, and leading practices related to information security you need to help protect your donors and constituents.
With the new interconnected age comes new risks for cyber attacks and other fraudulent activity. Do you know what you need to keep your end users protected? Digital Insight discusses security and compliance in the interconnected age.
A single gigabyte of data in your data center contains thousands of folders and a massive amount of files. Which files contain sensitive data? Who owns and has access to these files? How do you protect this data? When faced with an audit or forensic investigation, most organizations are left scrambling for answers to these questions. Learn how the unique combination of File Activity Monitoring (FAM) and Data Loss Prevention (DLP) technologies simplify and accelerate these processes, reducing the time to remediate and protect sensitive data.
Our five step plan includes automating processes to:
1. Discover sensitive data
2. Identify data owners
3. Communicate with business owners
4. Implement policy controls
5. Remediate excessive access
What is cyber law?
What is cyber crime?
Cybercrimes areas
what law relating to
Data protection and privacy
Software Licensing Issues
IT acts
Policy Versus Law
Codes of Ethics and Professional Organizations
Healthcare Security Essentials jean pawluk april 28 2011 slides2010
Data breaches continue to threaten patient privacy and leave medical service providers with a heavy financial burden. As companies plan their go-to-market strategy, the question that comes up more than any other is protection of the health data. We are faced with the challenge of how to protect the health data that we handle and be within the compliance defined by the HITECH Act, HIPAA, and related regulations.
This talk focused on the security challenges of health data \
Dealing with Data Breaches Amidst Changes In TechnologyCSCJournals
In the future, it is expected that the industry will be marked with multiple technologies. These technologies will play a crucial role in the improvement of the levels of efficiency that companies exhibit. On the other hand, one of the major weaknesses that will likely arise is a threat to the privacy, integrity, and security of data (Sloane, 2018). Through the use of various technologies such as the internet of things, companies will find it hard to protect their data against breaches (Griffy-Brown, Lazarikos & Chun, 2019). Data breaches will be based on the use of the latest technologies to exploit weaknesses found in the various systems. It is, therefore, recommended that companies must adopt a holistic approach in the development of protective, preventive, and reliable mechanisms of ensuring and guaranteeing information security and reduce the risks of data breaches (Ghosh, Mishra & Mishra, 2019). However, with the current trends, it is expected that more breaches will continue to happen, ranging from the use of phishing, hacking, malware, and also but not limited to ransomware.
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
Improving Collaboration Through Identity ManagementGov BizCouncil
Driven by recent events and several White House and Congressional directives, federal agencies are focused on identity management like never before. With all this pressure, agency leaders face a difficult task ensuring secure access to agency resources by the right people, at the right time, and for the right reasons, without restricting the organization’s operational effectiveness.
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
Steve Robinson of RPS Technology & Cyber presented "Discussing Cyber Risk Coverage With Your Commercial Clients" to the 68th Annual F. Addison Fowler Fall Seminar on October 17, 2014.
The trends continue to point upward for data incidents and 2013 is becoming a pace setter. The shifting regulatory landscape promises to add further complications for companies struggling to prepare for and respond to data privacy incidents.
This webinar will feature two leading data breach experts who have performed a two year trend analysis across hundreds of cases to offer a powerful and up-to-date perspective on what has happened and their predictions for the future. It will also cover how these factors are shaping regulations which are in turn influencing decision-making in the C-Suite.
Our featured speakers for this timely webinar will be:
-Bill Hardin, Director of Data Privacy Response & Investigations, Navigant
-Jennifer Coughlin, Privacy and Data Security Attorney, Nelson, Levine
-Gant Redmon, Esq. General Counsel and VP of Business Development, Co3 Systems
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Data Privacy: What you should know, what you should do!
CSMFO Data Privacy in the Governmental Sector, Local Government. Data Privacy Laws, PCI, Breaches, AICPA – Generally Accepted Privacy Principles
What is cyber law?
What is cyber crime?
Cybercrimes areas
what law relating to
Data protection and privacy
Software Licensing Issues
IT acts
Policy Versus Law
Codes of Ethics and Professional Organizations
Healthcare Security Essentials jean pawluk april 28 2011 slides2010
Data breaches continue to threaten patient privacy and leave medical service providers with a heavy financial burden. As companies plan their go-to-market strategy, the question that comes up more than any other is protection of the health data. We are faced with the challenge of how to protect the health data that we handle and be within the compliance defined by the HITECH Act, HIPAA, and related regulations.
This talk focused on the security challenges of health data \
Dealing with Data Breaches Amidst Changes In TechnologyCSCJournals
In the future, it is expected that the industry will be marked with multiple technologies. These technologies will play a crucial role in the improvement of the levels of efficiency that companies exhibit. On the other hand, one of the major weaknesses that will likely arise is a threat to the privacy, integrity, and security of data (Sloane, 2018). Through the use of various technologies such as the internet of things, companies will find it hard to protect their data against breaches (Griffy-Brown, Lazarikos & Chun, 2019). Data breaches will be based on the use of the latest technologies to exploit weaknesses found in the various systems. It is, therefore, recommended that companies must adopt a holistic approach in the development of protective, preventive, and reliable mechanisms of ensuring and guaranteeing information security and reduce the risks of data breaches (Ghosh, Mishra & Mishra, 2019). However, with the current trends, it is expected that more breaches will continue to happen, ranging from the use of phishing, hacking, malware, and also but not limited to ransomware.
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
Improving Collaboration Through Identity ManagementGov BizCouncil
Driven by recent events and several White House and Congressional directives, federal agencies are focused on identity management like never before. With all this pressure, agency leaders face a difficult task ensuring secure access to agency resources by the right people, at the right time, and for the right reasons, without restricting the organization’s operational effectiveness.
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
Steve Robinson of RPS Technology & Cyber presented "Discussing Cyber Risk Coverage With Your Commercial Clients" to the 68th Annual F. Addison Fowler Fall Seminar on October 17, 2014.
The trends continue to point upward for data incidents and 2013 is becoming a pace setter. The shifting regulatory landscape promises to add further complications for companies struggling to prepare for and respond to data privacy incidents.
This webinar will feature two leading data breach experts who have performed a two year trend analysis across hundreds of cases to offer a powerful and up-to-date perspective on what has happened and their predictions for the future. It will also cover how these factors are shaping regulations which are in turn influencing decision-making in the C-Suite.
Our featured speakers for this timely webinar will be:
-Bill Hardin, Director of Data Privacy Response & Investigations, Navigant
-Jennifer Coughlin, Privacy and Data Security Attorney, Nelson, Levine
-Gant Redmon, Esq. General Counsel and VP of Business Development, Co3 Systems
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Data Privacy: What you should know, what you should do!
CSMFO Data Privacy in the Governmental Sector, Local Government. Data Privacy Laws, PCI, Breaches, AICPA – Generally Accepted Privacy Principles
Hidden security and privacy consequences around mobility (Infosec 2013)Huntsman Security
An overview of the security and privacy implications and risks resulting from the wider adoption of mobile devices, apps, cloud and the resultant changes to customer interaction and business processes
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
Infosecurity ISACA North America Expo and Conference will debut in New York City’s Javits Convention Center 20-21 November 2019. The event will leverage ISACA’s Cybersecurity Nexus (CSX) community and solutions with Infosecurity Group, Reed Exhibition’s immersive event series staged worldwide for the infosecurity industry.
Download Event Brochure
ISACA will bring experience developed since the 2015 launch of its CSX Conferences, expert workshop series, certification preparation sessions, and latest developments related to the CSX Training Platform, all to the new event programming. Infosecurity, which entered the North American conference arena in 2017, will build on its strengths in industry expositions, media, immersive learning and leadership networks.
How will biometric payment overcome consumer fears over privacy and contactle...Linxens Group
This presentation introduces biometrics, compare various biometric systems implementations, application requirements and user privacy protection levels, as well as examine the regulatory compliance requirements such as the European Union’s General Data Protection Regulation (GDPR).
It also demonstrates how the implementation of biometrics on a smart card shall overcome consumer fears over contactless payments and personal data privacy concerns.
For more information: http://www.linxens.com
The objective of this module is to gain an overview of the ethics surrounding big data and the legislation that governs it.
Upon completion of this module you will:
- Gain knowledge on how to recognize the necessity of regulating big data
- Obtain an understanding of the difference between privacy and data protection
- Understand the need to implement data protection actions into your own business
Similar to Privacy Implications of Biometric Data - Kevin Nevias (17)
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Privacy Implications of Biometric Data - Kevin Nevias
1. PRIVACY IMPLICATIONS OF BIOMETRIC DATA
Kevin Nevias – CISSP, CEH, CHFI, CISA, CISM, CRISC, CGEIT, CCNA, G2700
09/20/16
2. What are the benefits of using Biometric Authentication?
ATM Example: Fraud Prevention
Financial institutions have suffered huge losses as the result of ATM fraud. In
several instances losses of 15 to 45 million dollars occurred within hours.
Moving from stripe to chip technology will help, but this does not eliminate the
risks.
Biometrics significantly reduces the risk, but the added security also brings
along significant privacy concerns.
3. Example of Benefits – Banking in Africa
• Identity theft in South Africa has motivated banks to rethink the way they authenticate
customers.
• Capitec - from the initial launch of its branches incorporated biometrics as part of the
account opening process with fingerprint scanners and webcam photographs of customers.
Other South African banks have followed suit - Barclays Africa customers now provide their
signature using a digital Wacom tablet that digitally stores their signature.
Some of the benefits realized
• Security - Identification document fraud in South Africa is high as criminals use counterfeit
drivers’ licenses and birth certificates to commit identify fraud. Biometric fingerprint
scanners can detect and prevent fraud at the point of sale.
• Safety - The use of biometric identification protects customers against fraud as once in the
system, biometric data allows customers to transact at the bank branch without
identification documents which reduces the risk of potential theft or loss of valuable
documents.
• Ease of use - Biometric systems make it easier for customers in that they require less
documentation and don’t require users to memorize passwords or carry tokens .
• Speed - Customer experience can be enhanced as banks are able to identify and verify
customers quicker and Biometrics can also streamline the application process, reducing the
number of documents individuals must provide.
4. On Device versus Off Device Storage of Biometric Data
On Device Storage (device side)
Example: iOS Touch ID
- Generally used as a replacement for a
password/passcode on a mobile device
- Biometric data is not stored or transmitted to
a vendor (i.e. Apple, Bank of America, Chase,
PNC, etc.)
- User has control of how and if feature is used
- Limited privacy concerns
- Will this data be stored in the cloud in the
future? Probably – Apple already has patents
for this capability (although we have no way of
knowing when or if this will be enabled).
Off Device Storage (server side)
Examples:
- USAA :(fingerprint, voice, facial),
MasterCard: (selfie-pay), Diebold / Citibank
ATM (pilot): Iris scanning, DMV (facial)
- Generally used as a replacement for a
password/passcode on mobile/non-mobile
device (i.e. ATM, phone, etc.)
- Biometric data is stored and transmitted to a
vendor in most cases
- Currently user usually has control over
whether feature is enabled (with some
exceptions)
- Vendor largely controls how data is
transmitted, stored and provided to other
parties
The primary focus of this discussion is Off Device/Server Side Storage
5. Biometric Data Regulations in the US and Other Regions
Data Privacy in regards to Biometric Data is not highly or consistently legislated and regulated in the
US
- No federal laws exist that require businesses to take specific actions in the collection and processing
of Biometric data. A few laws exist that address specific instances such as the Family Educational
Rights and Privacy Act which addresses collecting and releasing Biometric information of students
- Several states have laws governing or prohibiting the use of Biometric data in connection with
drivers licenses
- Illinois and Texas have enacted laws regulating private entities use of Biometric information and
several other states have introduced similar legislation
- The Illinois Biometric Information Privacy Act (BIPA) creates a right of private action against business
that do not comply with the act. This type of legislation is likely to increase
Data Privacy in regards to Biometric Data is highly legislated and regulated in many regions outside
of the US
- The EU GDPR (General Data Protection Regulation) will take effect in May 2018 and replace the EU
Data Directive
- Article 9 requires individuals to give "explicit consent" for companies to use "special categories" of
personal data including Biometric data
- Transfer of biometric data out of a jurisdiction is generally restricted
- The GDPR requires a "Privacy Impact Assessments (PIA)" for processing Biometric data
6. Question: Is Biometric data considered Personal Data, Public,
Private, Restricted, Sensitive, Confidential?
Examples of Biometric Data include:
- Fingerprints, Iris patterns, retina scans, facial recognition, DNA, voice, etc.
- Biometric data is generally considered personal data as it can be used to confirm the unique
identity of a user and therefore the processing of this data is generally subject to data
protection and privacy laws.
The fact that the data is considered personal does not by itself determine how an
organization should protect the data
A Privacy Impact Assessment (PIA), rather than a "label", is the key to understanding threats,
risks and the associated controls that should be implemented.
Answer: Yes?
7. Privacy Impact Assessment
- A privacy impact assessment can determine the confidentiality, integrity and availability
requirements for each Biometric data element based on business, technical, legal and regulatory
requirements
Examples (for demonstrative purposes only):
1) Facial Recognition Pattern used by mobile banking application
Confidentiality Requirement – Medium (this data needs to be protected, but is generally publically
available and can't be easily used for malicious purposes)
Integrity Requirement – High (changing of this information could result in unauthorized access to
financial data)
Availability Requirement - Medium (secondary authentication methods are available)
2) Retina Scan used to access a secure data center
Confidentiality Requirement – High (retina scans can be used to identify chronic health conditions and
may be subject to HIPAA regulations)
Integrity Requirement – High (changing of this data could allow unauthorized access to a secure
facility)
Availability Requirement – High (this is the only authentication method allowed and must always be
available)
8. What are the implications of the disclosure of Biometric data to
unauthorized individuals?
Disclosure Example:
Office of Personnel Management (OPM) 2015 Data Breach: 5.6 million fingerprints were stolen as part of the attack
- Unlike passwords or even social security numbers Biometric data can never be changed
- No uniform standards exist for securely storing Biometric data and the fingerprints that were disclosed were not
encrypted in any way
- This seems really bad
But…
- What can someone do with this data?
Right now the potential for misuse of stolen fingerprints is limited as an attacker must be able to inject this data
into the information flow of an authentication transaction
The potential for misuse will likely increase in the future as Biometric authentication becomes more common and
the data is more widely used
This leads to the next question which is:
If it is really hard to do anything malicious with this data does that mean we don't really have to
worry about how well it is protected?
9. Why do we need to protect Biometric data and do I really care
if my fingerprint is "stolen"?
- The prior slide showed that the risks associated with the disclosure of Biometric data may not always
be high (putting regulatory requirements aside) especially for data such as facial scans or even
fingerprints that can be obtained relatively easily and don't divulge any sensitive details about an
individual.
But…..
We also need to consider the integrity and availability of the data and what could happen if the
integrity or availability is compromised?
- What if your fingerprint that was sent to the FBI for a criminal background check was accidentally
added to the criminal database instead of the civilian database?
- What if a known terrorist or criminal fingerprint or other biometric data was destroyed or replaced
with your data?
- What is the only way to access a secure facility is through Biometric authentication and the system is
not available?
- These examples clearly illustrate that the confidentiality, integrity and availability of Biometric data
all need to be equally considered.
-
10. Do you believe that you should control how your Biometric data
is captured and used?
Most people believe:
They should have to consent to have their biometric data collected, stored and distributed
They should have the right to know exactly how their data is being used and that it is stored and
transmitted securely
but this is a complicated issue and the fact that the privacy of Biometric data is not highly legislated
and regulated in the US creates interesting questions that need to be considered such as:
? If you are hired by a financial institution and subject to a background check and fingerprinted do
you know where that data goes and who has access to it?
? Do you need to give permission for a bank to take and store your picture when you are
performing a transaction at an ATM?
? Do you know what the DMV is allowed to do with the facial recognition data that they store and
which agencies they can share the information with?
? Can the FBI collect and store publically available pictures that are available on Facebook?
? If you have been to Disney World have you thought about what they do with your finger scan
data ? **
** Disney doesn't actually capture fingerprints. They take a biometric measurement based on your fingers size and proportion.
11. Social Implications of Broad Biometric Adoption
Hmmmmm this could be a problem….
Biometrics can be an enabling technology, especially for individuals with disabilities (i.e. someone
that can't type a password), but only if it is used correctly.
Many social factors need to be considered for Biometrics to be successful on a global level or for a
company to make Biometric authentication mandatory rather than an option.
Social Adoption Considerations:
- Long fingernails are highly valued in some cultures and communities which must be considered
when using finger scanners
- An individual may not want to place their finger on a scanner for fear of catching a disease
- Some individuals simply don't like to have their picture taken
12. Social Implications of Broad Biometric Adoption (continued)
Social Adoption Considerations (continued):
- Individuals may be reluctant to use Biometrics if they don't trust the entity that will be
collecting and storing the data
- Individuals may have doubts about the accuracy of Biometric data and concerns about how
the data will be used now and in the future
- In emergency situations individuals may need a trusted individual (child/parent, etc.) to
perform a transaction on their behalf. How many people have ever given their card and PIN to
a spouse or child?
- People may have concerns that the Biometric data will be used for research or other purposes
that they don't believe in
- Some Muslim cultures prohibit women from being seen without a veil
- Certain individuals may dress in a manner that makes it difficult see facial features clearly such
as wearing head coverings or hats
13. Examples of Current Privacy Concerns
May 2016 - Facebook faces privacy lawsuit over photo tagging: Facebook is being sued in a
case alleging that its photo-tagging feature that uses facial recognition technology invades
users' privacy and violate the Illinois Biometric privacy laws. In May a federal judge rejected
Facebook's request to have this lawsuit dismissed.
December 2015 - Bangladesh introduces mandatory Biometric registration for all SIM card
owners: With this new system every mobile SIM will be associated with its users identity as it
appears in the national identity card system. This will potentially give the government
unprecedented oversight into the lives of Bangladeshi citizens. It is not clear which laws will
govern the use of this data.
April 2016 – Oklahoma moves to enact law to accommodate religious objections to Biometric
photo requirements on Drivers License: In April 2016 reinstated this lawsuit which alleged that
requiring a Biometric photo as a condition for obtaining a drivers license violated Oklahoma's
Religious Freedom Restoration Act.
14. Examples of Current Privacy Concerns: FBI Next Generation
Identification (NGI)
• The Next Generation Identification (NGI), provides the criminal justice community with the
world’s largest and most efficient electronic repository of biometric and criminal history
information.
• National Palm Print System (NPPS). This system contains palm prints that are searchable to
law enforcement nationwide. The NGI System also allows direct enrollment and deletion of
palm prints and supplemental fingerprints similar to the existing direct fingerprint
enrollment capability.
• Rap Back - The Rap Back service allows authorized agencies to receive notification of
activity on individuals who hold positions of trust (e.g. school teachers, daycare workers) or
who are under criminal justice supervision or investigation.
• Interstate Photo System (IPS) - The IPS, through facial recognition, now provides a way to
search millions of criminals’ photos—data the FBI has collected for decades.
15. FBI Next Generation Identification (NGI) Privacy Concerns
• The 2015 omnibus budget, for example, includes $117 million for the purchase of rapid
DNA testing machines for state and local law enforcement. The FBI runs the nation’s largest
DNA database, CODIS. Therefore state and local police who obtain these machines will use
them to send DNA samples to the FBI database for matching tests. Presumably, like with
other biometrics, the FBI will keep those records, thereby exponentially expanding its DNA
collection on people nationwide, many of whom will never be convicted of any crimes.
• The FBI recently issued a request for quotations (RFQ) to build out its mobile biometrics
capabilities. Specifically, it’s looking for software that can be used on small Android-based
mobile devices like Samsung Galaxy phones and tablets to collect fingerprints and face
images from anyone officers stop on the street.
• The biggest concern with this new mobile program is that it appears it will allow (and in
fact, encourage) agents to collect face recognition images out in the field and use these
images to populate NGI—something the FBI stated in Congressional testimony it would not
do.
16. FBI Next Generation Identification (NGI) Privacy Concerns
• New Report: FBI Can Access Hundreds of Millions of Face Recognition Photos
• Today the federal Government Accountability Office (GAO) finally published its exhaustive
report on the FBI’s face recognition capabilities. The takeaway: FBI has access to hundreds
of millions more photos than we ever thought. And the Bureau has been hiding this fact
from the public—in flagrant violation of federal law and agency policy—for years.
• According to the GAO Report, FBI’s Facial Analysis, Comparison, and Evaluation (FACE)
Services unit not only has access to FBI’s Next Generation Identification (NGI) face
recognition database of nearly 30 million civil and criminal mug shot photos, it also has
access to the State Department’s Visa and Passport databases, the Defense Department’s
biometric database, and the drivers license databases of at least 16 states. Totaling 411.9
million images, this is an unprecedented number of photographs, most of which are of
Americans and foreigners who have committed no crimes.
• The FBI has done little to make sure that its search results (which the Bureau calls
“investigative leads”) do not include photos of innocent people, according to the report.
The FBI has conducted only very limited testing to ensure the accuracy of NGI's face
recognition capabilities. And it has not taken any steps to determine whether the face
recognition systems of its external partners—states and other federal agencies—are
sufficiently accurate to prevent innocent people from being identified as criminal suspects.
As we know from previous research, face recognition is notoriously inaccurate across the
board and may also misidentify African Americans and ethnic minorities, young people, and
women at higher rates than whites, older people, and men, respectively.
17. FBI Next Generation Identification (NGI) Privacy Concerns
• FBI Wants to Remove Privacy Protections from its Massive Biometrics Database
• Next Generation Identification (NGI) Database includes fingerprints, face recognition, iris
scans and palm prints—collected not just during arrests, but also from millions of
Americans for non-criminal reasons like immigration, background checks, and state
licensing requirements. The FBI wants to exempt this vast collection of data from basic
requirements guaranteed under the federal Privacy Act
• EFF, along with 44 other privacy, civil liberties, and immigrants’ rights organizations, sent
a letter to the FBI demanding more time to respond.