Search


  • Categories


  • Archives

    « Home

    Archive for the ‘International’ Category

    As biometrics use expands, privacy questions continue to fester

    Tuesday, April 19th, 2016

    As the costs of the technologies fall, biometric identification tools — such as fingerprint, iris or voice-recognition scanners — are increasingly being used in everyday life. There are significant privacy questions that arise as biometric data is collected and used, sometimes without the knowledge or consent of the individuals being scanned.

    Biometrics use has become more commonplace. Many smartphones, including iPhones, have fingerprint “touch” ID scanners that people can use instead of numeric passcodes. And law enforcement personnel have been using fingerprint scanners for years, both domestically and internationally. In the past few years, we’ve see banks capturing customers’ voice prints in order, the institutions say, to fight fraud. Or gyms asking members to identify themselves using their fingerprints. Reuters recently reported that companies are seeking to expand fingerprint-identification systems to credit cards and railway commuters.

    And the voluntariness of a person submitting his or her biometric has also been questioned. Do you realize when you’re calling your bank that you’re handing over your voice print? Another situation a few years ago in Washington, D.C., also raised at the issue of voluntariness. The District considered requiring that all visitors to its jail “have their fingerprints scanned and checked against law enforcement databases for outstanding warrants.” So if you wanted to visit a friend or relative who was in the D.C. jail, you would have to volunteer to submit your biometric data. The plan was dropped after strong criticism from the public and civil rights groups.

    Your biometric data can be gathered for any number of innocuous reasons. For example, I had to submit my fingerprints to obtain my law license, not because of a crime. Family members, roommates and business colleagues of crime victims have submitted fingerprints in order to rule out “innocent” fingerprints at a crime scene in a home or workplace. Some “trusted traveler” airport programs gather iris scans. Some companies use iris-recognition technology for their security systems.

    There are a variety of privacy, security and usage problems that can arise from the widespread use of biometric data. Such problems could lead to discrimination or disenfranchisement of people who can’t submit their biometrics. For example, it’s possible that some people won’t be able to give the biometric. Some people with missing limbs or prints that are difficult to capture consistently. Or the machinery used to capture the biometric could have difficulty capturing diverse users – very tall or very short, etc. people could have problems with iris scanners, for example.

    Or there are religious or cultural problems and you can’t use facial recognition as a biometric because the person wears a beard or a headscarf. Or a person is just plain uncomfortable handing over their biometric. The reason for discomfort could be because of privacy or civil liberty questions or a fear that the biometric would be misused or stolen.

    Some people are wary of the covert collection of biometrics. For example, there are systems that can scan a person’s iris from a distance. And there’s the problem of mission creep — fingerprints added to a database for innocuous reasons (ruling out “innocent” fingerprints at a crime scene) are then used for other purposes. What if iris scans are collected for building-access control but are later added to a criminal database? Data submitted for one purpose should not be used for a different purpose without the individual’s knowledge and consent.

    Another privacy and security issue has to do with how biometrics can be compromised. A person could capture a biometric, say a fingerpint, from a person and later use it to gain access. And capturing a biometric for misuse can be easy, depending on the biometric. Fingerprints are left everywhere, faces can be photographed, voices can be recorded. How do you solve the problem of misuse of your fingerprints, which you cannot change?

    There are ways to lower the privacy and security risks in biometric systems. You need to look at the system as a whole. How is the system set up, protected, and maintained? Are there stringent security and audit trails, among other security protocols?

    But even strong biometric systems can fail or be hacked. So the march toward centralizing identification using biometric data such as fingerprints, voice prints or iris scans should be halted. It decreases security to have a centralized system of identification, one ID for many purposes, as there will be a larger amount of harm when the one biometric is compromised. A better system is one of decentralized identification, which reduces the risks associated with security breaches and the misuse of personal information.

    Obama’s new federal privacy council long overdue, but Americans need more protections

    Wednesday, February 24th, 2016

    Recently, President Obama released a package of cybersecurity reform proposals. Along with these proposals, Obama also unveiled a new executive order: “Establishment of the Federal Privacy Council.” The council will be composed of senior privacy officials from at least 24 federal agencies, including Cabinet-level departments and NASA and the Office of Personnel Management, and “may also include other officials from agencies and offices, as the Chair may designate.”

    The new council is tasked with developing, coordinating and sharing ideas and best practices for federal programs to protect privacy and implement “appropriate privacy safeguards” throughout the administration.

    Although the council’s mission is important, this move seems incomplete. First, such a concerted effort to improve privacy protections throughout the federal government should have begun years ago. If privacy and security protections for sensitive personal data had been prioritized, there might not have been the problems caused by the hacker attack last year against the Office of Personnel Management, which did not use encryption or other such security technology to protect the information (including fingerprints) of the millions of current and former federal employees affected. Read more »

    Happy International Data Privacy Day 2016

    Thursday, January 28th, 2016

    International Data Privacy Day is today. Take the time to think about how privacy is important in your life and how you can protect your rights from being infringed upon. Please also take the time to donate to any number of organizations out there trying to protect your privacy rights. Visit the official site to find events near your area.

    CFPB Is Latest to Call on Companies to Build in Privacy Protections From Beginning

    Wednesday, July 15th, 2015

    There have been myriad data breaches and security problems recently with private and public sector systems. As more sensitive data is passed through more hands — corporate and government — there needs to be an emphasis on security.

    Although the Consumer Financial Protection Bureau is focused on financial data, its call for privacy protections to be built into systems from the beginning is valuable for all sectors. In the case of the CFPB, it has set out guiding principles of data privacy and security for the creation of new payment systems.

    These new systems are aimed at reducing “pocket-to-pocket” payment times between consumers and businesses or other entities. The CFPB wants to ensure any new payment systems are secure, transparent, accessible, and affordable to consumers. The systems should also have robust protections when it comes to fraud and error resolution. [...]

    The CFPB wants to ensure that consumer protections are at the forefront as new and improved payment systems are developed. The protections recommended in today’s Consumer Protection Principles relate to privacy, transparency, costs, security, and consumer control. They also relate to funds availability, fraud and error resolution protections, and payment system accessibility. Read more »

    Happy International Data Privacy Day 2015

    Wednesday, January 28th, 2015

    International Data Privacy Day is today. Take the time to think about how privacy is important in your life and how you can protect your rights from being infringed upon. Please also take the time to donate to any number of organizations out there trying to protect your privacy rights.

    Visit the official site to find events near your area. Here are a few highlights in the United States:

    California
    DPD San Francisco: Data Privacy Trends 2015

    W San Francisco, 181 Third Street, San Francisco, CA
    Jan 28, 2015
    The ever-growing demand for big data. Increasingly effective “bad actors,” leading to the worst year on record for data breaches. Privacy practices designed only to deal with compliance or breach response. Conflicting global privacy laws. A growing concern among consumers about who’s doing what with their data. These and other factors are impacting corporate and consumer needs and behaviors around data privacy like never before. Forrester Research predicts that privacy will be a top business technology agenda item for 2015; here’s your chance to hear candid, up-to-the-minute views from an impressive panel of leading thinkers about what matters most in data privacy for the year ahead. Read more »

    Update: Netherlands Threatens to Fine Google Over Privacy Policy

    Tuesday, December 16th, 2014

    In the ongoing case concerning Google’s changes to its privacy policies a couple of years ago, the Netherlands announced that it will fine the Internet services giant if it doesn’t meet certain requirements by February 2015. “The Dutch Data Protection Authority (Dutch DPA) has imposed an incremental penalty payment on Google. This sanction may amount to 15 million euros. The reason for the sanction is that Google is acting in breach of several provisions of the Dutch data protection act with its new privacy policy, introduced in 2012.”

    Here’s a recap of the controversy and legal questions surrounding Google’s change to its privacy policies. In January 2012, Google announced changes in its privacy policies that would affect users of its services, such as search, Gmail, Google+ and YouTube. Advocates and legislators questioned the changes, saying that there were privacy issues, and criticized (pdf) the Internet services giant for not including an opt-out provision. The critics included 36 U.S. state attorneys general, who wrote to (pdf) Google raising privacy and security questions about the announced privacy policy changes. The EU’s Article 29 Data Protection Working Party wrote to (pdf) to the online services giant about the privacy policy changes, which affect 60 Google services. The Working Party, which includes data protection authorities from all 27 European Union member states as well as the European Data Protection Supervisor, asked Google to halt implementation of these changes while the data protection authority in France (the National Commission for Computing and Civil Liberties, CNIL) investigates. Google refused and its new privacy policies went into effect in March 2012. The CNIL investigation continued, and in January, CNIL fined the Internet services giant €150,000 ($204,000) over privacy violations. Read more »