Chinese government has arrested hackers it says breached OPM database (Washington Post)
Beijing has repeatedly insisted that the government played no role in the intrusions, which compromised sensitive personal, financial and biometric data of the employees, and data on their families.
OPM: Stolen biometric data list grows by 4.5 million (Fedscoop)
The Office of Personnel Management underestimated the number of people who had their biometric data stolen in this year’s high-profile hack, with an additional 4.5 million people being affected.
In a Wednesday press release, an OPM spokesman said the subset of individuals whose fingerprints have been stolen has increased from approximately 1.1 million to 5.6 million. That number, according to the agency, comes after OPM and the Defense Department identified archived records containing additional fingerprint data that were not previously analyzed.
How authentication tools can save hundreds of millions in cash (Federal Times)
Federal agencies across the board are looking to improve cybersecurity by finding ways to validate users accessing citizen services online. But there are also significant savings to be found for the cost-minded agencies (read: all agencies).
Iowa DOT Using Digital ID’s (WHOtv)
Iowa Department of Transportation Director Paul Trombino says Iowa is the first state to offer a prototype for digital licenses currently being used by Iowa DOT employees. The new licenses which will only be optional and not mandatory are fitted with even more secure technology than the card version.
Trombino explained, “I use a fingerprint to open up my phone that can help authorize that. You may have to make a facial movement so it`s not just looking at a picture in order to open up the biometric perspective, so only you can open that up.” If that isn’t secure enough, “The picture physically moves, so it`s not a static picture like your regular driver`s license,” said Trombino.
DHS Outlines Plans to Enhance Use of Biometric Tech (Find Biometrics)
America’s Department of Homeland Security has released a new strategic framework on how it plans to move forward implementing biometric technologies. Entitled “DHS Vision Statement on Enhanced Biometric Capabilities”, the document indicates a tightening embrace of the technology.
The full DHS vision statement can be downloaded here [.pdf; 13 pages].
Interesting excerpt:
The DHS Office of Biometrics and Identity Management (OBIM) operates and maintains the DHS Automated Biometric Identification System (IDENT) and provides identity management services and expertise across DHS. Front‐end capabilities (i.e. biometric collection devices, applications, interfaces and supporting infrastructure) are each managed and maintained independently by the components, with limited collaboration. National Security Presidential Directive (NSPD)‐59 / Homeland Security Presidential Directive (HSPD)‐24 “Biometrics for Identification and Screening to Enhance National Security,” charges federal executive departments and agencies to use mutually compatible methods and procedures in the collection, storage, use, analysis, and sharing of biometric information. Access to external federal biometric databases however, through bilateral interoperability agreements, is not fully implemented, requiring DHS components to employ mission centric solutions for integrating certain biometric exchanges with the Federal Bureau of Investigation (FBI) and the Department of Defense (DoD). This requires DHS components to work independently with the FBI and DoD to integrate with each biometric system for access to data that assists in identifying and adjudicating subjects. The current IDENT system, although able to store multi‐modal biometrics, offers matching capability for fingerprints only, limiting operational components’ ability to implement the use of alternate biometrics that may better suit operational needs. Current DHS Component systems tend to be encounter‐based – instead of person‐centric – requiring biometrics collection processes to be repeated, rather than just verified. Connectivity for systems that collect biometrics in the field is inconsistent, often not allowing real‐time access to federal biometric databases. Further, existing biometric collection systems in the field are dated, many are at end‐of‐life, impacting the quality of the biometrics collected, which affects overall performance.
Current and prospective CIO’s should reread that paragraph. The future of identity management is large-scale, multimodal, interconnected and updated as soon as possible, and provides access to virtual and physical resources. The earliest adopter of large-scale biometrics is coming to grips with the challenges of biometrics 2.0. At SecurLinx, we have designed our technology and approach to help our customers cope with the dead-ends and cult-du-sacs associated with gradual adoption of new ID technologies and provide them the flexibility to take advantage of the opportunities afforded by emerging technology.
MasterCard puts faces and fingers under microscope (Mobile World Live)
MasterCard and First Tech Federal Credit Union, a US financial institution, will pilot the authentication of payments using facial and fingerprint recognition, in what they claim is a first for the country.
Separately, MasterCard is running another biometrics trial with International Card Services (ICS), the leading credit card provider in the Netherlands.
Uber driver background checks ‘not good enough’ (BBC)
At a press conference, George Gascon, district attorney in San Francisco, said problems with the data that Uber relied on to check drivers meant it could miss some former criminals. For instance, he said, 30,000 registered sex offenders were not in the database Uber used.
An alternative screening system used by other cab firms called Livescan did catch people who were on the sex offenders list, said Mr Gascon.
Rockies Fans to Get Biometric Fast Access to Ballpark (Find Biometrics)
There will be a dedicated Fast Access entrance set up, and those who have already registered for CLEAR’s air travel eGates will be able to get in right off the bat, while newcomers can sign up at the event provided they have a driver’s license.
US visa processing back to normal after computer glitch (Dawn)
US visa processing has returned to full strength after hardware problems, the State Department said on Monday, noting that 410,000 visas were issued in a week as officials scrambled to clear a huge backlog.
According to the article, 410,000 visas have been issued in the last week. Compared to the average of 50,000 daily visa requests (350,000 per week), that would clear about 60,000 applications in the backlog if June is an average month for visa applications.
US begins to fix visa problems, big backlog to clear (India Today)
“The database responsible for handling biometric clearances has been rebuilt and is being tested,” Kirby said, adding that 33 U.S. embassies and consulates, representing 66 percent of normal capacity, are now online and issuing visas.
The exact nature of the problems that caused the US visa system to ground to a halt hasn’t been made clear to the public. In articles informing this post and the previous one, “hardware” and “database” have been the only technical specifics mentioned. It’s hard to say what went wrong without knowing exactly how the State Department’s system was built, but it looks like things are returning to normal.
More progress will help clear the backlog of visa applications.
Hardware glitch in Washington freezes US visa issuance worldwide (Times of India)
The State Department said the June 9 failure was preventing it from processing and transmitting the mandatory security-related biometric data checks routinely carried out at embassies and consulates worldwide, and it could take up to a week to fix it.
This Wednesday release from the State Department doesn’t contain much detail that isn’t included in the Times of India article linked above.
[ed: OK, ballyhoo is probably too strong, but the alliteration demanded it.]
Bridge Day panel backtracks on security plan (Beckley Register-Herald)
Bridge Day 2015 vendors, BASE jumpers and rappellers may be able to choose this year to either pay for a background check with a contracted security company or submit to a biometric fingerprint scan for free.
The Bridge Day Commission in Fayette County passed a motion Wednesday that adds the option of the background check. The check would be conducted by a contracted, third party security company, said Bridge Commission Chairwoman Sharon Cruikshanks.
The cost of the background check will be $12 to $35, depending on which of the three companies the commission contracts.
“Biometric scans are a free option,” Cruikshanks said.
This one is especially of local interest here in West Virginia. Not mentioned in the article is that this year’s Bridge Day Festival takes place on Saturday, October 17, 2015.
Background checks became a requirement for vendors and jumpers after 2001. The fingerprint innovation appears to be meant to make the process easier by requiring less text-based identifying information from people undergoing the background check.
More information and the counter-argument to these measures can be read here: Fingerprinting Plan For Bridge Day 2015 Forces Jumper Boycott.
…it’s something.
US customs launches biometric pilot at airports (Security Document World)
“The facial recognition software provides the [CBP Officers] with a match confidence score after the e-passport chip is scanned and the photo is taken. The score is generated by algorithms designed to detect possible imposters.”
A one-to-one search comparing the passport photo to the person standing at the customs kiosk is about as simple as a facial recognition deployment gets.
The only complicating factor is where they get the photo. If they use the photo physically present on the passport’s photo page, they will probably want to contend with the security marks and holograms somehow while processing the image for matching. If they want to use the photo stored electronically on the passport’s internal chip, as it appears they do, they’ll need some specialized hardware that retrieves the photo and the issue of “broken” passports will arise. Still, as far as country-level biometric deployments go, this one isn’t too daunting.
In a post-pilot phase, it may be desirable to use the passport number to pull the photo from a State Department database and compare that to the passport image and a live image of the person presenting their travel documents.
Thumbs Up? New Mexico to Study Biometrics to ID Voters (University of Minnesota)
Senate Minority Whip William Payne introduced a proposal this week that calls for the state’s top elections officials to study the feasibility of bringing biometrics into the mix. That could mean anything from retinal scans to the thumbprint-imaging technology used to access smartphones.
After hearing the same debate year after year, the Albuquerque Republican said he wanted to find a way to take some of the “venom” out of the argument that requiring photo identification would lead to voter suppression.
I don’t like to see so much made of retina biometrics but because this is big enough news, I’m linking it anyway.
In Your Face: USAA Brings Biometric Logon to Mobile Users
“This will make USAA the first U.S. financial institution to offer facial and voice recognition on a mobile app as added protection against fraud and identity theft,” the company announced.
So how does it work? USAA’s facial recognition requires users to look at the screen and, when prompted, blink their eyes. For voice recognition, users must read a short phrase.
US customs allocated funding to test biometric exit app (Security Document World)
A Department of Homeland Security (DHS) appropriations bill released on 9 January allocates US$3 million in funding for testing of a biometric exit app that would be used by Customs and Border Protection (CBP).
The funding will be used for a biometric exit mobile application demonstration at two airports, according to an explanatory note added to the bill.
The idea of implementing an exit system at all US ports of entry was first touted in 1996 as part of the “Illegal Immigration Reform and Immigrant Responsibility Act”.
LA County Sheriff’s Department to Start Collecting Face and Eye Scans (The Epoch Times)
Thai argues the new data collection will actually protect people from identity theft and will avoid wrongful arrests.
“Sometimes we arrest people, and they don’t use their real name, so by having a better way to identify that person, it will protect the public [from] those that will get their name used by somebody else,” he said.
The technology will be used by all of the approximately 46 law enforcement agencies in Los Angeles County. It will take about 15-18 months to be installed and fully operational.
LA County may be one of the more complex law enforcement environments in the developed world.
Face-scanning ATM test in Baltimore (PYMNTS)
Securityplus Federal Credit Union is installing the biometric ATM at one of its seven branches. Instead of calling in each member for a photo session, the ATM will snap a picture after members enter their eight-digit PIN. When the member later returns to the ATM for another transition, if the face is deemed a match, the transaction is granted without requiring the PIN again.
U.S. expects some familiar faces among Syria rebel recruits (Reuters)
The Pentagon has estimated that it can train 5,400 recruits in the first year and that up to 15,000 will be needed to retake areas of eastern Syria controlled by Islamic State. It hopes more training sites might allow training of more recruits.
They will face a thorough vetting, including psychological exams and gathering of biometric data, the official said. Candidates’ names would be run through U.S. databases and shared with regional allies for checks.
SIA forms ‘Airport Entry and Exit Working Group’ with SIBA (Security Info Watch)
The Security Industry Association (SIA) and Secure Identity & Biometrics Association (SIBA) on Tuesday announced the formation of the Airport Entry and Exit Working Group and release of its Identity and Biometric Entry and Exit Solutions Framework for Airports.
A biometric entry and exit monitoring system has been required under U.S. law for a long time now. Maybe the time is right to give it a real try.