fbpx

Download free GDPR compliance checklist!

Tag Archives for " identity "

Using Cell Phone Numbers As A Secondary ID Can Pose Security Risks

Security experts say our growing reliance on cell phones to help confirm our identity online is motivating “SIM-swap” scams to highjack our numbers.

SIM-swap — a “social engineering” trick fraudsters use to take control of somebody else’s phone number. Once scammers control your number, they can get your text messages — including the verification codes many online services send when customers reset their passwords.

Source: Using Cell Phone Numbers As A Secondary ID Can Pose Security Risks, Experts Say : NPR

French Liberte Tested by Nationwide Facial Recognition ID Plan

France is poised to become the first European country to use facial recognition technology to give citizens a secure digital identity — whether they want it or not.

Saying it wants to make the state more efficient, President Emmanuel Macron’s government is pushing through plans to roll out an ID program, dubbed Alicem, in November, earlier than an initial Christmas target. The country’s data regulator says the program breaches the European rule of consent and a privacy group is challenging it in France’s highest administrative court. It took a hacker just over an hour to break into a “secure” government messaging app this year, raising concerns about the state’s security standards.

Source: French Liberte Tested by Nationwide Facial Recognition ID Plan – Bloomberg

Gatwick Airport commits to facial recognition tech at boarding

Gatwick has become the UK’s first airport to confirm it will use facial-recognition cameras on a permanent basis for ID checks before passengers board planes.

It follows a self-boarding trial carried out in partnership with EasyJet last year.

The London airport said the technology should reduce queuing times but travellers would still need to carry passports.

Source: Gatwick Airport commits to facial recognition tech at boarding – BBC News

Amazon testing payment system that uses hands as ID

Forget the titanium Apple Card — Amazon’s latest payment method uses flesh and blood.

The e-tailing giant’s engineers are quietly testing scanners that can identify an individual human hand as a way to ring up a store purchase, with the goal of rolling them out at its Whole Foods supermarket chain in the coming months.

Source: Amazon testing payment system that uses hands as ID

Court of Amsterdam decision demonstrates “threshold for use of fingerprints is high”

The Court of Amsterdam (‘the Court’) issued, on 15 August 2019, its decision on Case 7728204 CV VERZ 19-9686, where it upheld the choice of an employee of Manfield Schoenen BV, a retail company, who refused to provide their fingerprint for a newly introduced system of finger scan authorisation for cash registers.

The Decision highlights that Article 29 of the Act Implementing the GDPR (‘UAVG’) allows the processing of biometric data, such as fingerprints for the purpose of unique identification if the same is a necessity to fulfil authentication or security purposes. In addition, the Decision also notes that the processing of such biometric data is forbidden under Article 9(1) of the General Data Protection Regulation (GDPR).

Source: Netherlands: Court of Amsterdam decision demonstrates “threshold for use of fingerprints is high”

Data Breaches Show it’s Time to Rethink Use of Social Security Numbers

The Social Security number — created in 1936 to track Americans’ social benefits — was never meant to be a form of identity verification. But that line disappeared in the mid-1970s, and the single identifier proved convenient when it came time for the U.S. to handle information using computers.

But we shouldn’t be using an unchangeable nine-digit code for verification. It’s a little like having a Facebook password that we can’t change even if we know somebody else has it.

Full article: Data Breaches Show it’s Time to Rethink Social Security Numbers | Time.com

Privacy rights under threat with Irish government’s national ID card

A UN representative has called out the Irish government’s introduction of an ID card which contains biometric information.

UN special rapporteur on extreme poverty Prof Philip Alston criticised the roll-out of the Public Services Card (PSC), saying the government introduced the card “without any transparency of public debate”.

Source: UN official says privacy rights under threat with Irish government’s national ID card | The Canary

New rules for biometric EU identity and residence cards given final approval

The European Union’s Council has approved new rules for biometric fingerprint and photo security features of identity and residence cards, as proposed by the European Commission.

The biometric features of European ID cards will be stored on a contactless chip, making them similar in security to passports.

Source: New rules for biometric EU identity and residence cards given final approval | Biometric Update

Deidentification versus anonymization

Anonymization is hard. Just like cryptography, most people are not qualified to build their own.

Unlike cryptography, the research is far earlier-stage, and the pre-built code is virtually unavailable. That hasn’t stopped people from claiming certain datasets (like this ) are anonymized and (sadly) having them re-identified.

Full article: Deidentification versus anonymization

The growing legal and regulatory implications of collecting biometric data

Although biometric technologies make the authentication experience easier, the actual collection and storage of the data is presenting new security risks.

In EU use of biometric data now is now regulated by General Data Protection Regulation (GDPR). In the US, state regulators have reacted to these growing concerns around biometric data by enacting or proposing legislation. The Illinois Supreme Court reversed the lower court rulings and ruled that Six Flags had violated BIPA. Massachusetts, New York, and Michigan all have privacy bills in development that have similar requirements to BIPA, and more states are likely to consider drafting laws governing the collection, usage, and storage of biometric data.

Full article: The growing legal and regulatory implications of collecting biometric data | ZDNet

1 2 3 8
>