Carbon Chemist

Tag: biometrics

  • Inside Clear’s ambitions to manage your identity beyond the airport

    Inside Clear’s ambitions to manage your identity beyond the airport

    [ad_1]

    The more Clear is able to reach into customers’ lives, the more valuable customer data it can collect. All user interactions and experiences can be tracked, the company’s privacy policy explains. While the policy states that Clear will not sell data and will never share biometric or health information without “express consent,” it also lays out the non-health and non-biometric data that it collects and can use for consumer research and marketing. This includes members’ demographic details, a record of every use of Clear’s various products, and even digital images and videos of the user. Documents obtained by OneZero offer some further detail into what Clear has at least considered doing with customer data: David Gershgorn writes about a 2015 presentation to representatives from Los Angeles International Airport, titled “Identity Dashboard—Valuable Marketing Data,” which “showed off” what the company had collected, including the number of sports games users had attended and with whom, which credit cards they had, their favorite airlines and top destinations, and how often they flew first class or economy. 

    Clear representatives emphasized to MIT Technology Review that the company “does not share or sell information without consent,” though they “had nothing to add” in response to a question about whether Clear can or does aggregate data to derive its own marketing insights, a business model popularized by Facebook. “At Clear, privacy and security are job one,” spokesperson Ricardo Quinto wrote in an email. “We are opt-in. We never sell or share our members’ information and utilize a multilayered, best-in-class infosec system that meets the highest standards and compliance requirements.” 

    Nevertheless, this influx of customer data is not just good for business; it’s risky for customers. It creates “another attack surface,” Gilliard warns. “This makes us less safe, not more, as a consistent identifier across your entire public and private life is the dream of every hacker, bad actor, and authoritarian.”

    A face-based future for some

    Today, Clear is in the middle of another major change: replacing its use of iris scans and fingerprints with facial verification in airports—part of “a TSA-required upgrade in identity verification,” a TSA spokesperson wrote in an email to MIT Technology Review

    For a long time, facial recognition technology “for the highest security purposes” was “not ready for prime time,” Seidman Becker told Swisher and Goode back in 2017. It wasn’t operating with “five nines,” she added—that is, “99.999% from a matching and an accuracy perspective.” But today, facial recognition has “significantly improved” and the company has invested “in enhancing image quality through improved capture, focus, and illumination,” according to Quinto.

     Clear says switching to facial images in airports will also further decrease friction, enabling travelers to verify their identity so effortlessly it’s “almost like you don’t really break stride,” Peddy says. “You walk up, you scan your face. You walk straight to the TSA.” 

    The move is part of a broader shift toward facial recognition technology in US travel, bringing the country in line with practices at many international airports. The TSA began expanding facial identification from a few pilot programs this year, while airlines including Delta and United are also introducing face-based boarding, baggage drops, and even lounge access. And the International Air Transport Association, a trade group for the airline industry, is rolling out a “contactless travel” process that will allow passengers to check in, drop off their bags, and board their flights—all without showing either passports or tickets, just their faces. 

    a crowd of people with their faces obscured by a bright glow

    NEIL WEBB

    Privacy experts worry that relying on faces for identity verification is even riskier than other biometric methods. After all, “it’s a lot easier to scan people’s faces passively than it is to scan irises or take fingerprints,” Senator Jeff Merkley of Oregon, an outspoken critic of government surveillance and of the TSA’s plans to employ facial verification at airports, said in an email. The point is that once a database of faces is built, it is potentially far more useful for surveillance purposes than, say, fingerprints. “Everyone who values privacy, freedom, and civil rights should be concerned about the increasing, unchecked use of facial recognition technology by corporations and the federal government,” Merkley wrote.

    [ad_2]

    Source link

  • A Leak of Biometric Police Data Is a Sign of Things to Come

    A Leak of Biometric Police Data Is a Sign of Things to Come

    [ad_1]

    Thousands of law enforcement officials and people applying to be police officers in India have had their personal information leaked online—including fingerprints, facial scan images, signatures, and details of tattoos and scars on their bodies. If that wasn’t alarming enough, at around the same time, cybercriminals have started to advertise the sale of similar biometric police data from India on messaging app Telegram.

    Last month, security researcher Jeremiah Fowler spotted the sensitive files on an exposed web server linked to ThoughtGreen Technologies, an IT development and outsourcing firm with offices in India, Australia, and the US. Within a total of almost 500 gigabytes of data spanning 1.6 million documents, dated from 2021 until when Fowler discovered them in early April, was a mine of sensitive personal information about teachers, railway workers, and law enforcement officials. Birth certificates, diplomas, education certificates, and job applications were all included.

    Fowler, who shared his findings exclusively with WIRED, says within the heaps of information, the most concerning were those that appeared to be verification documents linked to Indian law enforcement or military personnel. While the misconfigured server has now been closed off, the incident highlights the risks of companies collecting and storing biometric data, such as fingerprints and facial images, and how they could be misused if the data is accidentally leaked.

    “You can change your name, you can change your bank information, but you can’t change your actual biometrics,” Fowler says. The researcher, who also published the findings on behalf of Website Planet, says this kind of data could be used by cybercriminals or fraudsters to target people in the future, a risk that’s increased for sensitive law enforcement positions.

    Within the database Fowler examined were several mobile applications and installation files. One was titled “facial software installation,” and a separate folder contained 8 GB of facial data. Photographs of people’s faces included computer-generated rectangles that are often used for measuring the distance between points of the face in face recognition systems.

    There were 284,535 documents labeled as Physical Efficiency Tests that related to police staff, Fowler says. Other files included job application forms for law enforcement officials, profile photos, and identification documents with details such as “mole at nose” and “cut on chin.” At least one image shows a person holding a document with a corresponding photo of them included on it. “The first thing I saw was thousands and thousands of fingerprints,” Fowler says.

    Prateek Waghre, executive director of Indian digital rights organization Internet Freedom Foundation, says there is “vast” biometric data collection happening across India, but there are added security risks for people involved in law enforcement. “A lot of times, the verification that government employees or officers use also relies on biometric systems,” Waghre says. “If you have that potentially compromised, you are in a position for someone to be able to misuse and then gain access to information that they shouldn’t.”

    It appears that some biometric information about law enforcement officials may already be shared online. Fowler says after the exposed database was closed down he also discovered a Telegram channel, containing a few hundred members, which was claiming to sell Indian police data, including of specific individuals. “The structure, the screenshots, and a couple of the folder names matched what I saw,” says Fowler, who for ethical reasons did not purchase the data being sold by the criminals so could not fully verify it was exactly the same data.

    [ad_2]

    Source link