|From: Glenn Petersen||11/6/2019 10:27:40 AM|
|Revisiting NSA Spying|
by Alex Tabarrok
November 6, 2019 at 7:34 am
In 2013 in light of the Snowden revelations about NSA spying I wrote, Did Obama Spy on Mitt Romney?
Did Obama spy on Mitt Romney? As recently as a few weeks ago if anyone had asked me that question I would have consigned them to a right (or left) wing loony bin. Today, the only loonies are those who think the question unreasonable. Indeed, in one sense the answer is clearly yes. Do I think Obama ordered the NSA to spy on Romney for political gain? No. Some people claim that President Obama didn’t even know about the full extent of NSA spying. Indeed, I imagine that President Obama was almost as surprised as the rest of us when he first discovered that we live in a mass surveillance state in which billions of emails, phone calls, facebook metadata and other data are being collected.As I read the situation, mass government surveillance has now become accepted in America, as in China. This bit remains relevant:
The answer is yes, however, if we mean did the NSA spy on political candidates like Mitt Romney. Did Mitt Romney ever speak with Angela Merkel, whose phone the NSA bugged, or any one of the dozens of her advisers that the NSA was also bugging? Did Romney exchange emails with Mexican President Felipe Calderon? Were any of Romney’s emails, photos, texts or other metadata hoovered up by the NSA’s break-in to the Google and Yahoo communications links? Almost certainly the answer is yes.
Did the NSA use the information they gathered on Mitt Romney and other political candidates for political purposes? Probably not. Will the next president or the one after that be so virtuous so as to not use this kind of power? I have grave doubts. Men are not angels.
|RecommendKeepReplyMark as Last Read|
|From: Glenn Petersen||11/9/2019 10:39:59 AM|
|India is trying to build the world's biggest facial recognition system|
By Julie Zaugg, CNN Business
Updated 1104 GMT (1904 HKT) October 18, 2019
The child labor activist, who works for Indian NGO Bachpan Bachao Andolan, had launched a pilot program 15 months prior to match a police database containing photos of all of India's missing children with another one comprising shots of all the minors living in the country's child care institutions.
He had just found out the results. "We were able to match 10,561 missing children with those living in institutions," he told CNN. "They are currently in the process of being reunited with their families." Most of them were victims of trafficking, forced to work in the fields, in garment factories or in brothels, according to Ribhu.
This momentous undertaking was made possible by facial recognition technology provided by New Delhi's police. "There are over 300,000 missing children in India and over 100,000 living in institutions," he explained. "We couldn't possibly have matched them all manually."
Locating thousands of missing children is just one of the challenges faced by India's overstretched police force in a nation of 1.37 billion people.
India has just 144 police officers for every 100,000 citizens, compared to 318 per 100,000 citizens in the European Union. In recent years, authorities have turned to facial recognition technology to make up for the shortfall.
New Delhi's law enforcement agencies adopted the technology in 2018, and it's also being used to police large events and fight crime in a handful of other states, including Andhra Pradesh and Punjab.
But India's government now has a much more ambitious plan. It wants to construct one of the world's largest facial recognition systems. The project envisions a future in which police from across the country's 29 states and seven union territories would have access to a single, centralized database.
The daunting scope of the proposed network is laid out in a detailed 172-page document published by the National Crime Records Bureau, which requests bids from companies to build the project. Interested parties had until October 11 to submit their proposal.
Currently unnamed, the project would match images from the country's growing network of CCTV cameras against a database encompassing mug shots of criminals, passport photos and images collected by agencies such as the Ministry of Women and Child Development.
The platform would also enable searches based on photos uploaded from newspapers, images sent in by the public or artist sketches of suspected criminals. It would also recognize faces on closed-circuit cameras and "generate alerts if a blacklist match is found," according to the tender document.
Security forces would be equipped with hand-held mobile devices enabling them to capture a face in the field and search it instantly against the national database, through a dedicated app.
The new facial recognition platform "can play a very vital role in improving outcomes" when it comes to identifying criminals, missing persons and bodies, according to the document published by the National Crime Records Bureau. It will also help police forces "detect crime patterns" and aid in crime prevention, it adds.
India's crime rate is high, particularly within the poor areas dotting urban centers. In 2016, there were 709.1 offenses per 100,000 people in 19 big cities, compared to the national average of 379.3, according to the most recent official figures.
An Indian technician checks the CCTV camera at the roadside near the Presidential Palace as preparations for the nation's Republic Day parade take place in New Delhi
An Indian technician checks the CCTV camera at the roadside near the Presidential Palace as preparations for the nation's Republic Day parade take place in New Delhi.
A foreign company
It is not known how many companies have submitted bids to install India's national facial recognition system, nor how long the government will take to consider their applications.
About 80 representatives of vendors took part in a pre-bid meeting, which took place in the National Crime Records Bureau's Delhi office at the end of July, according to minutes of the meeting seen by CNN. They discussed how the national database would be integrated with local police platforms and whether it should be able to identify people who have had plastic surgery.
"To be eligible to bid, a company has to have completed at least three facial recognition projects globally," explains Apar Gupta of the Internet Freedom Foundation, an NGO which has put forward a legal notice to cancel the call for bids. "This disqualifies most Indian companies."
The successful bidder will most likely be a consortium made up of a foreign company and a local partner — another requirement featured is for at least one of the bidding parties to be based in India.
IBM ( IBM), Hewlett-Packard Enterprise ( HPE) and Accenture ( ACN) have all shown interest, according to Sivarama Krishnan, who leads cybersecurity at PricewaterhouseCoopers India. CNN reached out to all three companies, but none of them were willing to comment.
Having a foreign company set up such a critical part of India's security apparatus could raise "national security issues," worries Gupta.
In 2018, a controversy erupted when Ajay Maken, an opposition politician in New Delhi, accused the local government of having awarded a contract, through an Indian company, to provide nearly half of the CCTV cameras it plans to install in the capital to Prama Hikvision, a joint venture between Chinese company Hikvision and Indian company Prama Technologies, citing the risk for espionage.
Ashish P. Dhakan, Prama Hikvision's CEO, confirmed that the company was supplying more than 140,000 CCTV cameras to New Delhi and has started installing them earlier this year.
"There is no evidence anywhere in the world, including India, to indicate that Hikvision's products are used for unauthorized collection of information," he told CNN. Hikvision has never conducted, nor will it conduct, any espionage-related activities for any government in the world."
It is not the company's only project in India. In 2018, Hikvision completed a network of surveillance cameras and command and control centers in Deesa City, Gujarat, according to a press release. In early October, it inaugurated India's largest CCTV factory near Mumbai, with more than 2,000 employees. It describes itself a "market leader" in India for video surveillance solutions.
Hikvision has come under increasing scrutiny in the United States. In early October, it was included on a blacklist of 28 Chinese companies and government offices essentially barred from buying US products or importing American technology over their alleged role in facilitating human rights abuses in China's Xinjiang region.
Experts doubt whether India can carry off such an ambitious project in such a short time. The system is expected to go live less than eight months after the contract is signed, according to the call for bids.
"A more realistic time frame would be 12 to 18 months," says Krishnan, who describes the project as "technologically challenging."
Creating the centralized platform will not be the hardest part. "India already has a national database with photos of all the criminals prosecuted in the country, which is regularly updated by law enforcement agencies in the states," he explains. "It will just need to be linked up to the country's CCTV system." A pilot project carried out in New Delhi proved this was feasible, Krishnan says.
Blanketing the country with enough surveillance cameras — especially advanced ones equipped with facial recognition technology — will be a much bigger challenge, he believes. India lags behind other countries in terms of installed security cameras.
New Delhi has 10 CCTV cameras per 1,000 people, compared with 113 in Shanghai and 68 in London, according to data compiled by consumer website Comparitech. The figure is far lower in India's rural areas, home to 66% of the country's population.
"Many villages in the countryside don't have a single surveillance camera," says Krishnan.
A passenger stands as she registers her personal details at a facial recognition counter at the Rajiv Gandhi International Airport in Hyderabad, on July 26, 2019.
But the country is catching up fast. New Delhi is about to have 330,000 new cameras installed, said the deputy chief minister of the capital, Manish Sisodia, in July as he kickstarted the process. The project has been touted as a way to improve women's safety in India's largest city, which in recent years has been the site of a number of high profile sexual attacks.
Facial recognition cameras were recently introduced in Bangalore airport and are being trialed in Hyderabad airport, according to Reuters. New Delhi airport also recently started using the technology to speed up security checks.
"A dozen of India's largest cities are now pretty extensively covered, and 24 more are in the process of expanding their CCTV capabilities," says Krishnan. He adds that most railway stations are now also equipped with surveillance cameras, and the government plans to have them all covered by 2021.
"This is meaningful in India: most citizens will at some point in their life walk through a railway station," he said.
No legal safeguards
For privacy advocates, this is worrying. "India does not have a data protection law," says Gupta. "It is also not planning to adopt a specific legal framework for the new facial recognition system, which means it will essentially be devoid of safeguards."
He worries India's facial recognition system could become a tool of social policing, used to punish petty offenses such as public littering or to control the whereabouts of ethnic minorities.
Further down the line, it might even be linked up to Aadhaar, India's vast biometric database, which contains the personal details of 1.2 billion Indian citizens, enabling India to set up "a total, permanent surveillance state," he adds.
CNN reached out to the National Crime Records Bureau but did not receive a response.
India has a history of privacy issues. In 2017, India's Supreme Court issued a landmark ruling, decreeing that a right to privacy is part of the fundamental rights enshrined in the country's constitution.
The ruling paved the way for the draft Personal Data Protection Bill, which was presented to government last year but hasn't been introduced to Parliament yet.
Rights activists had argued that fingerprints and retinal scans collected under Aadhaar violated an individual's right to privacy.
Their fears about an invasion of privacy appeared to be confirmed in early 2018 when Aadhaar suffered an alleged breach after reporters said they were able to buy access to citizens' personal details for as little as $8.
Seeking to temper criticism of its prized new program, the government added new security measures. Later that year, in a separate ruling, the Supreme Court found the database did not violate the right to privacy.
The court did, however, introduce new restrictions on how Aadhaar information could be used, including measures preventing corporate bodies from demanding data.
Caught between the need to improve its policing outcomes and to protect its citizen's privacy, India will be walking a tightrope when it comes to building its national facial recognition database.
CNN's Manveena Suri and Swati Gupta contributed to this report.
|RecommendKeepReplyMark as Last Read|
|From: Glenn Petersen||11/15/2019 8:43:16 PM|
|EXCLUSIVE: This Is How the U.S. Military’s Massive Facial Recognition System Works|
Documents obtained by OneZero show how the military captures biometric data around the world
[GP: For the full report go to this link onezero.medium.com and scroll to the bottom of the page.]
Illustration: Ana Kova
Over the last 15 years, the United States military has developed a new addition to its arsenal. The weapon is deployed around the world, largely invisible, and grows more powerful by the day.
That weapon is a vast database, packed with millions of images of faces, irises, fingerprints, and DNA data — a biometric dragnet of anyone who has come in contact with the U.S. military abroad. The 7.4 million identities in the database range from suspected terrorists in active military zones to allied soldiers training with U.S. forces.
“Denying our adversaries anonymity allows us to focus our lethality. It’s like ripping the camouflage netting off the enemy ammunition dump,” wrote Glenn Krizay, director of the Defense Forensics and Biometrics Agency, in notes obtained by OneZero. The Defense Forensics and Biometrics Agency (DFBA) is tasked with overseeing the database, known officially as the Automated Biometric Information System (ABIS).
DFBA and its ABIS database have received little scrutiny or press given the central role they play in U.S. military’s intelligence operations. But a newly obtained presentation and notes written by the DFBA’s director, Krizay, reveals how the organization functions and how biometric identification has been used to identify non-U.S. citizens on the battlefield thousands of times in the first half of 2019 alone. ABIS also allows military branches to flag individuals of interest, putting them on a so-called “Biometrically Enabled Watch List” (BEWL). Once flagged, these individuals can be identified through surveillance systems on battlefields, near borders around the world, and on military bases.
“It allows us to decide and act with greater focus, and if needed, lethality.”
The presentation also sheds light on how military, state, and local law enforcement biometrics systems are linked. According to Krizay’s presentation, ABIS is connected to the FBI’s biometric database, which is in turn connected to databases used by state and local law enforcement. Ultimately, that means that the U.S. military can readily search against biometric data of U.S. citizens and cataloged non-citizens. The DFBA is also currently working to connect its data to the Department of Homeland Security’s biometric database. The network will ultimately amount to a global surveillance system. In his notes, Krizay outlines a potential scenario in which data from a suspect in Detroit would be run against data collected from “some mountaintop in Asia.”
The documents, which are embedded in full below, were obtained through a Freedom of Information Act request. These documents were presented earlier this year at a closed-door defense biometrics conference known as the Identity Management Symposium.
ABIS is the result of a massive investment into biometrics by the U.S. military. According to federal procurement records analyzed by OneZero, the U.S. military has invested more than $345 million in biometric database technology in the last 10 years. Leidos, a defense contractor that primarily focuses on information technology, currently manages the database in question. Ideal Innovations Incorporated operates a subsection of the database designed to manage activity in Afghanistan, according to documents obtained by OneZero through a separate FOIA request.
These contracts, combined with revelations surrounding the military’s massive biometric database initiatives, paint an alarming picture: A large and quickly growing network of surveillance systems operated by the U.S. military and present anywhere the U.S. has deployed troops, vacuuming up biometric data on millions of unsuspecting individuals.
The military’s biometrics program, launched in 2004, initially focused on the collection and analysis of fingerprints. “In a war without borders, uniforms, or defined lines of battle, knowing who is an enemy is essential,” John D. Woodward, Jr., head of the DoD’s biometrics department, wrote in a 2004 brief.
That year, the Department of Defense contracted Lockheed Martin to start building a biometrics database for an initial fee of $5 million. Progress was slow: by 2009, the DoD Inspector General reported that the biometrics system was still deeply flawed. The department indicated that it was only able to successfully retrieve five positive matches from 150 biometric searches. A later contract with defense industry giant Northrop resulted in similarly disappointing results with reports of “system instability, inconsistent processing times, system congestion, transaction errors, and a 48-hour outage.”
By 2016, the DoD had begun to make serious investments in biometric data collection. That year, the Defense Department deputy secretary Robert O. Work designated biometric identification as a critical capability for nearly everything the department does: fighting, intelligence gathering, law enforcement, security, business, and counter-terrorism. Military leaders began to speak of biometric technology as a “ game changer,” and directives from the DoD not only encouraged the use of the technology by analysts, but also by soldiers on the ground. Troops were instructed to collect biometric data whenever possible.
The same year, a defense company named Leidos, which had acquired a large portion of Lockheed’s government IT business, secured a $150 million contract to build and deploy what is now known as the DoD ABIS system.
Between 2008 and 2017, the DoD added more than 213,000 individuals to the BEWL, a subset of DoD’s ABIS database, according to a Government Accountability Office report. During that same period, the Department of Defense arrested or killed more than 1,700 people around the world on the basis of biometric and forensic matches, the GAO report says.
Krizay’s presentation indicates that the United States used biometric matching to identify 4,467 people on the BEWL list in the first two quarters of 2019. The presentation slide breaks down the numbers: 2,728 of those matches were of opposing forces carried out in the “theater,” or area of where U.S. troops are commanded.
Presentation slides from Glenn Krizay, director of the Defense Forensics and Biometrics Agency. June 2019. Presentation in full below.
DFBA claims that it has data on 7.4 million unique identities within its ABIS database, a majority of those sourced from military operations in Afghanistan and Iraq, according to the agency’s website.
That number is constantly growing. The documents suggest the DoD can collect biometric data from detainees, voter enrollments, military enlistments in partner countries, employment vetting, or information given to the military.
“Almost every operation provides the opportunity to collect biometrics,” a 2014 document on military biometrics says. “While quality is desired over quantity, maximizing enrollments in the database will likely identify more persons of interest.”
A graphic from a 2014 procedural document outlining military use of biometrics.ABIS also enables different operations and missions to create their own biometric watchlists. These databases can be be plugged into custom-built military mobile devices used to scan fingerprints, irises, and match faces against databases, according to a 2014 document outlining biometric procedures across the branches of the armed forces.
Presentation slides from Glenn Krizay, director of the Defense Forensics and Biometrics Agency. June 2019. Presentation in full below.
“Fusion of an established identity and information we know about allows us to decide and act with greater focus, and if needed, lethality,” Krizay wrote in his presentation.
But much is still unknown about how the DFBA and defense agencies use facial recognition and biometric data. A FOIA request which would return information about these systems was denied in part by the U.S. Army.
“Public release would be tantamount to providing uncontrolled foreign access,” the response letter said.
In his presentation notes for the Annual Identity Management Symposium, Krizay hints at the future of DFBA and ABIS.
“We will still need to reveal adversary agent networks, identify and track proxy forces, protect our rear areas and lines of communication, account for enemy prisoners of war, and identify high value individuals,” he wrote.
The presentation suggests that the department hopes to incorporate biometrics widely into security measures.
“We’ve already shown we can’t secure our personnel systems,” he wrote. “If Wikileaks can obtain over a half a million of our reports, what can the likes of China or Russia do?”
DFBA also plans to better integrate ABIS with other similar databases across the government. Despite DFBA being pitched as the central point of digital biometrics for the military, the department is still unable to share information with the Department of Homeland Security’s biometrics system because of formatting issues. In 2021, the DoD is expected to grant a contract for a new version of its biometrics program, one that brings identification software to the cloud and adds even more capabilities.
“If Wikileaks can obtain over a half a million of our reports, what can the likes of China or Russia do?”
Meanwhile, critics of facial recognition and biometric technology both in and out of government worry about the accuracy of the technology and how it is being used, especially in regards to bias inherent in much of machine learning, as well as privacy violations.
The U.S. Commerce Departments’ National Institute of Standards and Technology (NIST) tests have shown that black females are 10 times more likely to be misidentified than white males. When applied in combat scenarios, such discrepancies can have lethal consequences for individuals misidentified by automated systems.
“It’s unlikely that we will ever achieve a point where every single demographic is identical in performance across the board, whether that’s age, race or sex,” Charles Romine, director of the Information Technology Lab at NIST, told the House Homeland Security Committee in June 2019. “We want to know just exactly how much the difference is.”
Executives at Leidos, the contractor that built ABIS, do not share similar concerns about the accuracy of their data. “Interestingly, the latest U.S. National Institute of Standards and Technology (NIST) tests show that the top-performing algorithms actually work better with black faces than with white faces,” Leidos Vice President John Mears wrote on the Leidos website.
It’s not clear which tests Mears is referring to on the NIST website, but when contacted regarding that quote, NIST did not support his claim.
“As a broad blanket statement it is not correct,” a NIST spokesperson told OneZero, adding that a report studying demographics in facial recognition is currently underway.
Leidos declined to comment for this story, and referred all questions to the DoD when asked how it vetted for bias in its facial recognition algorithms.
This technical challenge is not slowing down the adoption of biometrics. It’s unclear how many identities have been added to ABIS since Krizay’s presentation, or since DFBA last updated its website. Every indicator suggests the military is only growing its capability of collecting more and more data.
As that data is further connected to sources like the Department of Homeland Security, the U.S. military’s surveillance system grows stronger.
“We are not wandering in the dark,” Krizay wrote in his presentation. “We know who people are and more of what they have done.”
|RecommendKeepReplyMark as Last Read|
|From: Glenn Petersen||11/24/2019 11:16:19 AM|
|Police can keep Ring camera video forever and share with whomever they’d like, Amazon tells senator|
By Drew Harwell
The Washington Post
November 19, 2019 at 2:32 p.m. CST
Amazon’s Ring sells a line of motion-detecting, Internet-connected cameras for use in doorbells, peepholes and inside the home. The company has signed video-sharing deals with more than 600 police departments nationwide. (Ring)
Police officers who download videos captured by homeowners’ Ring doorbell cameras can keep them forever and share them with whomever they’d like without providing evidence of a crime, the Amazon-owned firm told a lawmaker this month.
More than 600 police forces across the country have entered into partnerships with the camera giant, allowing them to quickly request and download video recorded by Ring’s motion-detecting, Internet-connected cameras inside and around Americans’ homes.
The company says that the videos can be a critical tool in helping law enforcement investigate crimes such as trespassing, burglary and package theft, and that homeowners are free to decline the requests. But some lawmakers and privacy advocates say the systems could empower more widespread police surveillance, fuel racial profiling and spark new neighborhood fears.
In September, following reports about Ring’s police partnerships by The Washington Post and other outlets, Sen. Edward J. Markey (D-Mass.) wrote to Amazon asking for details about how it protected the privacy and civil liberties of people caught on camera. Since that report, the number of law enforcement agencies working with Ring has increased nearly 50 percent.
In two responses from Amazon’s vice president of public policy, Brian Huseman, which Markey’s office made public Tuesday, the company said it placed few restrictions on how police used or shared the videos offered up by homeowners. (Amazon chief executive Jeff Bezos owns The Washington Post.)
Police in those communities can use Ring software to request up to 12 hours of video from anyone within half a square mile of a suspected crime scene, covering a 45-day time span, Huseman wrote. Police are required to include a case number for the crime they are investigating, but not any other details or evidence related to the crime or their request.
Markey said in a statement that Ring’s policies showed that the company had failed to enact basic safeguards to protect Americans’ privacy.
“Connected doorbells are well on their way to becoming a mainstay of American households, and the lack of privacy and civil rights protections for innocent residents is nothing short of chilling,” he said.
“If you’re an adult walking your dog or a child playing on the sidewalk, you shouldn’t have to worry that Ring’s products are amassing footage of you and that law enforcement may hold that footage indefinitely or share that footage with any third parties.”
Che’von Lewis, a spokeswoman for Ring’s Neighbors social network, said in a statement that “Ring users place their trust in us to help protect their homes and communities, and we take that responsibility very seriously.”
Ring, she added, “does not own or otherwise control users’ videos, and we intentionally designed the Neighbors Portal to ensure that users get to decide whether to voluntarily provide their videos to the police.”
Markey’s questions focused in on ways the cameras could be used to capture children and other passersby without their knowledge or consent. Ring’s terms of service state that users must install the cameras so they do not “take any recordings beyond the boundary” of a user’s property, such as a public road or sidewalk. When asked by Markey how the company enforced that, Huseman wrote that users are responsible for following the rules and that Ring does not “view users’ videos to verify compliance.”
Ring allows users to decline police requests for video and does not directly identify them based on their refusal, which Huseman wrote would “eliminate the pressure implicit in receiving an in-person request from police.” “Users must expressly choose to assist police, the same way they would traditionally answer the door or respond to a public request for tips,” he added.
Asked about Ring’s plans regarding adding facial-recognition capabilities to its cameras, Huseman wrote that it was a “contemplated but unreleased feature” that would be made available to the public only with “thoughtful design including privacy, security and user control.” Huseman also listed other security cameras that offer facial-recognition features and wrote, “We do frequently innovate based on customer demand.”
Best known for its popular doorbell cameras, Ring has sold millions of motion-detecting cameras that can be installed in peepholes, floodlights and indoors. Police requests can target footage from any of Ring’s cameras, including video recorded inside an owner’s home. The company says millions of homes across the United States now have Ring camera systems installed.
The cameras begin recording as soon as motion is detected and offer live-streaming access to homeowners, who can then share the footage on the Ring video-based social network Neighbors. The stream of videos often includes high-resolution footage of people’s faces, as well as labels for people homeowners have deemed suspicious, and the company advertises the system as the core of a high-tech “new neighborhood watch.”
Ring’s police partnerships have exploded across the country, from the local police department in Seward, Alaska, to the sheriff’s office in Key West, Fla. Roughly 630 law enforcement agencies can now request homeowners’ video through Ring, including 200 agencies that joined up within the past three months, according to a company map.
Ring has invested heavily in marketing itself as a high-tech safety companion for the American neighborhood, and its massive reserve of videos of children at doorsteps — shared by homeowners to Ring’s “Neighbors” social network — has become an unmistakable signature of its holiday advertising campaigns.
This month, the company said Ring doorbell buttons had been pressed 15.8 million times on Halloween, up from 8.3 million times last year. The peak time in Houston was 7 p.m., with more than 300,000 rings. How many of those trick-or-treaters had their image captured by Ring cameras is unknown.
|RecommendKeepReplyMark as Last Read|
|From: richardred||11/25/2019 11:46:17 AM|
| Uber Pressured to Begin Collecting Driver Biometrics in London |
Posted on November 25, 2019
Tweet Like Plus Pin It Share
Ride hailing giant Uber is being pressured to provide the biometric data of its drivers in an effort to increase the safety and security of passengers in London.
The request comes from Transport for London (TfL), the city agency that regulates public transportation, on the eve of the expiration of Uber’s licence to operate in the city. Uber has to decide this week if they will accept the terms of the new licence — which could require drivers to scan their fingerprints or faces — or to take TfL to court.
The measures being proposed by TfL are aimed at ensuring a driver’s identity matches the one registered through Uber in their app, and that they are therefore registered and licensed to operate by TfL. This may include requiring them to submit to a biometric scan.
The news comes at a time when both Uber and TfL are facing pressure to increase security measures after Uber drivers in the UK and the U.S. have been accused of assaulting passengers while on duty with Uber.
The move has been called “disproportionate and discriminatory” by James Farrar, Uber driver’s representative at the Independent Workers of Great Britain union. He says that the proposed changes would make London’s Uber drivers the “most surveilled” workforce in the City.
Uber has faced pressure to use biometric registration on their drivers for years now, and in 2016 introduced a new driver log-in feature that requires drivers to send a selfie to be authenticated by Uber before they can begin their shift.
Some experts believe TfL may be willing to back off of the biometric requirements of their proposal and settle for a less controversial approach such as additional passwords or codes similar to what are used for online banking.
“Maybe TfL will be satisfied with something simple, but it seems like they are going the extra mile with Uber to make sure,” said Alan Woodward, a data protection expert from the University of Surrey, in an interview with Wired.
Woodward also spoke to the controversial matter of forcing a large number of people to submit their biometric data to a government agency.
“What could it be used for, what is the purpose that it could be passed on for? Could it be passed on to the police? These are, at best, grey areas when it comes to sharing that data and GDPR.”
Attempts to register the biometric data of Uber and Lyft drivers failed in October of 2017 in California, when authorities concluded that current screening procedures were a sufficient way of ensuring the safety of passengers.
Sources: Wired UK, CityAM
November 25, 2019 – by Tony Bitzionis
|RecommendKeepReplyMark as Last Read|
|From: Glenn Petersen||11/26/2019 9:44:36 AM|
|The California DMV Is Making $50M a Year Selling Drivers’ Personal Information|
A document obtained by Motherboard shows how DMVs sell people’s names, addresses, and other personal information to generate revenue.
by Joseph Cox
Nov 25 2019, 4:05pm
The California Department of Motor Vehicles is generating revenue of $50,000,000 a year through selling drivers’ personal information, according to a DMV document obtained by Motherboard.
DMVs across the country are selling data that drivers are required to provide to the organization in order to obtain a license. This information includes names, physical addresses, and car registration information. California’s sales come from a state which generally scrutinizes privacy to a higher degree than the rest of the country.
In a public record acts request, Motherboard asked the California DMV for the total dollar amounts paid by commercial requesters of data for the past six years. The responsive document shows the total revenue in financial year 2013/14 as $41,562,735, before steadily climbing to $52,048,236 in the financial year 2017/18.
The document doesn't name the commercial requesters, but some specific companies appeared frequently in Motherboard's earlier investigation that looked at DMVs across the country. They included data broker LexisNexis and consumer credit reporting agency Experian. Motherboard also found DMVs sold information to private investigators, including those who are hired to find out if a spouse is cheating. It is unclear if the California DMV has recently sold data to these sorts of entities.
In an email to Motherboard, the California DMV said that requesters may also include insurance companies, vehicle manufacturers, and prospective employers.
Asked if the sale of this data was essential to the DMV, Marty Greenstein, public information officer at the California DMV, wrote that its sale furthers objectives related to highway and public safety, "including availability of insurance, risk assessment, vehicle safety recalls, traffic studies, emissions research, background checks, and for pre- and existing employment purposes."
"The DMV takes its obligation to protect personal information very seriously. Information is only released pursuant to legislative direction, and the DMV continues to review its release practices to ensure information is only released to authorized persons/entities and only for authorized purposes. The DMV also audits requesters to ensure proper audit logs are maintained and that employees are trained in the protection of DMV information and anyone having access to this information sign a security document," Greenstein wrote.
Multiple other DMVs around the U.S. previously confirmed to Motherboard that they have cut-off data access for some commercial requesters after they abused the data.
One of the main pieces of legislation that governs the sale of DMV data stemmed from a case in California. Lawmakers introduced the Driver's Privacy Protection Act (DPPA) in 1994 after a private investigator hired by a stalker obtained the address of actress Rebecca Schaeffer from the DMV. The stalker went on to kill Schaeffer. The DPPA was designed to restrict access to DMV data, but included a wide array of exemptions, including for private investigators.
After Motherboard's earlier investigation, senators and digital privacy experts criticized the sale of DMV data, and some said the law should be changed. Senator and Democratic Presidential candidate Bernie Sanders said DMVs should not profit from such information.
|RecommendKeepReplyMark as Last Read|