The U.S. Government Accountability Office has released a key report about privacy and discrimination risks posed by the commercial use of facial recognition. The GAO completed the report in response to research showing the disparate impact the technology has on minorities, including a National institute of Science and Technology study which found that facial recognition systems misidentify Black women at disproportionately high rates. The GAO report finds that, despite improvements in facial recognition technology, “differences in performance exist for certain demographic groups.” The GAO report reiterates the office’s 2013 recommendation urging Congress to update the federal consumer privacy framework to reflect changes in technology. EPIC advocates for a comprehensive federal privacy law and has called for a moratorium on face surveillance.
“a team from the University of Chicago has come up with a much subtler tactic that still effectively fights back against these sorts of snooping algorithms.
Called “Fawkes”—an homage to the Guy Fawkes mask that’s become somewhat synonymous with the aptly named online collective Anonymous—the Chicago team initially started working on the system at the tail end of last year as a way to thwart companies like Clearview AI that compile their face-filled databases by scraping public posts.”
New Media Law Blog
Jeffrey Neuburger
Nov. 28, 2018
On November 20, 2018, the Illinois Supreme Court heard oral argument on whether a company’s technical violation of the Illinois Biometric Information Privacy Act (“BIPA”) is sufficient to confer standing or whether a plaintiff must allege actual harm resulted from the violation. (Rosenbach v. Six FlagsEntertainment Corp. et al., No. 123186) (prior decision). The Court’s forthcoming decision will have significant implications for Illinois employers and businesses given the enormous wave of BIPA class actions. [Please see our posts here and here for background on BIPA developments].
Read the full post about the Illinois Supreme Court argument on our Law and the Workplace blog.
Through a Freedom of Information Act request, EPIC has obtained the FBI’s “Policy for Biometric Information Sharing with Domestic and International Agencies.” The documents EPIC obtained also contain details of the United States’ agreement with Iraq to exchange biometric data, including to not subject the information to any dissemination restrictions of the US or Iraq. The FBI maintains one of the world’s largest biometric databases, known as the “Next Generation Identification” system, which includes facial IDs gathered from international conflicts. In 2007, EPIC, Privacy International, and Human Rights Watch warned the Secretary of Defense that the “system of biometric identification contravene international privacy standards and could lead to further reprisals and killings.” EPIC noted in 2010 “President Obama’s address on the end of the combat mission in Iraq has left open the question of what will happen to the massive biometric databases on Iraqis, assembled by the United States, during the course of the conflict.”
https://epic.org/2018/03/epic-foia-epic-obtains-fbi-pol.html Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.
This past week, a California district court again declined Facebook’s motion to dismiss an ongoing litigation involving claims under the Illinois Biometric Information Privacy Act, 740 Ill. Comp Stat. 14/1 (“BIPA”), surrounding Tag Suggestions, its facial recognition-based system of photo tagging. In 2016, the court declined to dismiss the action based upon, among other things, Facebook’s contention that BIPA categorically excludes digital photographs from its scope. This time around, the court declined to dismiss the plaintiffs’ complaint for lack of standing under the Supreme Court’s 2016 Spokeo decision on the ground that plaintiffs have failed to allege a concrete injury in fact. (Patel v. Facebook, Inc., No. 15-03747 (N.D. Cal. Feb. 26, 2018) (cases consolidated at In re Facebook Biometric Information Privacy Litig., No. 15-03747 (N.D. Cal.)). As a result, Facebook will be forced to continue to litigate this action.
Facial recognition technology is improving by leaps and bounds. Some commercial software can now tell the gender of a person in a photograph.
When the person in the photo is a white man, the software is right 99 percent of the time.
But the darker the skin, the more errors arise — up to nearly 35 percent for images of darker skinned women, according to a new study that breaks fresh ground by measuring how the technology works on people of different races and gender.
Following a report by The Wall Street Journal that the security vendor Tanium used a hospital’s live network as a demonstration platform on sales calls and even revealed private hospital data in a publicly posted demonstration video, Tanium CEO Orion Hindawi has admitted that mistakes were made in handling data from El Camino Hospital’s network. Hindawi was vague about whether the company had live access to the network, but in a blog post late yesterday, he said that the data was from “this particular customer’s demo environment” and that Tanium did not—and should not—have remote access to customers’ security data except in a very few cases where customers had granted access.
[Update, 3:30 pm EDT] Ars has learned from a source familiar with the installation that the company did, in fact, use a connection to El Camino Hospital’s on-premises instance of the Tanium web console for demonstrations.The connection would have had to have been provided by El Camino’s information technology staff—though it is not clear how far up in the hospital’s administration that arrangement was approved, and the arrangement was apparently never documented. Since 2015—about the time Tanium lost access to the El Camino Hospital installation—Tanium has required that these sorts of arrangements be codified in writing.
Pacemakers are devices that are implanted in the chest or abdomen to control life-threatening heartbeat abnormalities. Once they’re in place, doctors use radio signals to adjust the pacemakers so that additional major surgeries aren’t required. A study recently found that pacemakers from the four major manufacturers contain security weaknesses that make it possible for the devices to be stopped or adjusted in ways that could have dire effects on patients.
Chief among the concerns: radio frequency-enabled pacemaker programmers don’t authenticate themselves to the implanted cardiac devices, making it possible for someone to remotely tamper with them.
“Any pacemaker programmer can reprogram any pacemaker from the same manufacturer,” researchers from medical device security consultancy WhiteScope wrote in a summary of their findings. “This shows one of the areas where patient care influenced cybersecurity posture.”
Recent Comments