Pete Recommends – Weekly highlights on cyber security issues, April 10, 2021

Subject: LexisNexis to Provide Giant Database of Personal Data to ICE
Source: The Intercept
https://theintercept.com/2021/04/02/ice-database-surveillance-lexisnexis/

It’s hard to wrap one’s head around the enormity of the dossiers LexisNexis creates about citizens and undocumented persons alike. While you can at least attempt to use countermeasures against surveillance technologies like facial recognition or phone tracking, it’s exceedingly difficult to participate in modern society without generating computerized records of the sort that LexisNexis obtains and packages for resale. The company’s databases offer an oceanic computerized view of a person’s existence; by consolidating records of where you’ve lived, where you’ve worked, what you’ve purchased, your debts, run-ins with the law, family members, driving history, and thousands of other types of breadcrumbs, even people particularly diligent about their privacy can be identified and tracked through this sort of digital mosaic. LexisNexis has gone even further than merely aggregating all this data: The company claims it holds 283 million distinct individual dossiers of 99.99% accuracy tied to “LexIDs,” unique identification codes that make pulling all the material collected about a person that much easier. For an undocumented immigrant in the United States, the hazard of such a database is clear.


Subject: Fake Unemployment Benefit Websites Preying On Laid-Off Workers, Experts Warn
Source: Forbes
https://www.forbes.com/sites/dianahembree/2021/04/04/fake-unemployment-benefit-websites-preying-on-laid-off-workers-experts-warn/

Americans have lost $63 billion nationwide of unemployment funds during the pandemic to improper payments and fraud (mostly the latter), according to February 2021 data from a watchdog for the U.S. Department of Labor. Increasingly, these scams are carried out through sham unemployment websites and ‘phishing’ emails from scammers bent on identity theft, according to Tim Sadler, the co-founder and CEO of Tessian, an email security firm which features a form of artificial intelligence that enables systems to learn from data.

This March, the Federal Trade Commission warned of this new development in a press release. “At a time when many people left jobless by the pandemic are struggling to get by, scammers reportedly are using websites that mimic government unemployment insurance benefits websites,” said Seena Gressin, an attorney in the FTC’s Division of Consumer & Business Education. “These sites trick people into thinking they’re applying for UI benefits, and they wind up giving the scammers their personal information.”

And in case you’re wondering how jobless Americans run across these fake websites in the first place, both Sadler and Gressin put the blame on spam ‘phishing’ emails and texts.


Subject: FBI Issues Warning Surrounding Scammers, Fake COVID-19 Vaccine Cards
Source: CBS Pittsburgh
https://pittsburgh.cbslocal.com/2021/04/06/fbi-issues-warning-surrounding-scammers-fake-covid-19-vaccine-cards/

PITTSBURGH (KDKA) — The FBI is on the lookout for scammers who are selling fake COVID-19 vaccine cards, a crime that can send someone to prison for five years.Special Agent Scott Argiro from the FBI’s Pittsburgh office spoke with KDKA on Monday.

He says scammers are taking advantage of the opportunity to create these fake cards, which violate the same kind of laws as fake drivers licenses and fake passports.

“Yeah, scammers are making money. It hasn’t been set as a mandate to travel or to access places yet. We can only assume that it may come to that point. It’s not regulated by the FBI, that’s by lawmakers and Congress, but people are trying to get ahead of it.


Subject: Feds seize fake COVID-19 Pfizer, vaccine websites
Source: Becker’s Healthcare
https://www.beckershospitalreview.com/cybersecurity/feds-seize-fake-covid-19-pfizer-vaccine-websites.html

[hopefully, none of these were .gov — according to the news release, none appeared to be] – Homeland Security Investigations shut down seven fake COVID-19 vaccine, pharmacy and other pandemic-related websites, according to the U.S. Department of Justice.

The U.S. Attorney’s Office for the Eastern District of Virginia reported March 26 that it seized four domains pretending to be legitimate websites of Pfizer. The government also seized three websites claiming to be associated with the United Nations International Children’s Emergency Fund — or UNICEF.

All seven websites appear to have been created to extract information from users for malicious purposes, including phishing scams and fraud, according to a Justice Department news release.

“The online fraud and phishing schemes that were embedded within these seven sham websites sought to capitalize on the misfortunes of others during the global pandemic,” said Raj Parekh, acting U.S. attorney for the Eastern District of Virginia, according to the news release. “We urge the public to safeguard your sensitive personal information at all times, including from these fraudulent COVID-19 schemes.”


Subject: Police Ask for Your Video Doorbell Recordings FAQ
Source: Consumer Reports
https://www.consumerreports.org/legal-rights/police-ask-for-video-doorbell-recordings-what-to-do-faq/

CR breaks down all the ways law enforcement can and can’t access videos from Ring cameras and other devices..

According to a nationally representative Consumer Reports survey (PDF) of 2,223 U.S. adults in January 2021, 10 percent of video doorbell owners said that they’ve shared footage with law enforcement. An additional 12 percent of owners said they haven’t shared footage but have had a reason to do so.

The law enforcement side of the service, called the Neighbors Public Safety Service, allows police and fire departments to view videos that users post and to send requests for videos to camera owners to help with active investigations.For consumers who want to opt out of video requests from law enforcement or disable Ring’s Neighbors feature entirely,

For consumers who want to opt out of video requests from law enforcement or disable Ring’s Neighbors feature entirely, this article shows how to adjust settings in the Ring app.

Meanwhile, here’s an FAQ for homeowners with Ring or other video doorbell devices that explains their rights and obligations if the police request their video.


Subject: EPIC, Coalition Urge Florida Lawmakers to Preserve Private Right of Action
Source: EPIC
https://epic.org/2021/04/epic-coalition-urge-florida-la.html

EPIC, Coalition Urge Florida Lawmakers to Preserve Private Right of Action – EPIC and a coalition of privacy and consumer organizations today sent letters to Florida Governor Ron DeSantis, the Florida House Commerce Committee, and Florida’s Senate Rules Committee urging them to preserve private rights of action in two pending privacy bills, SB 1734 and HB 969. “The inclusion of a private right of action in HB 969 and SB 1734 is the most important tool the Legislature can give to Floridians to protect their privacy,” the groups wrote. “The statutory damages set in privacy laws are not large in an individual case, but they can provide a powerful incentive in large cases and are necessary to ensure that privacy rights will be taken seriously and violations not tolerated. In the absence of a private right of action, there is a very real risk that companies will not comply with the law because they think it is unlikely that they would get caught or fined.”


Subject: Single Sign-in For Government Services Expands to States, Localities
Source: Route Fifty
https://www.route-fifty.com/tech-data/2021/04/single-sign-government-services-expands-states-localities/173185/

The federal government is looking to partner with state and local governments to grow its Login.gov service, which it says is secure and user friendly. The U.S. General Services Administration is looking to partner with state and local governments to offer user authentication and identity verification services for users of federally funded programs.

Seventeen federal agencies use the Login.gov website to offer secure and single sign-in services and the expansion would allow state and local governments to utilize it for federal programs administered at the local level, including Medicaid and Medicaid managed care plans. Through Login.gov, users only need one account and password to access the participating federal services.

“Login.gov’s user-friendly, secure service is an ideal solution to help people get access to those resources during the time they need it most,” said spokesman Matthew Burrell in an email response to questions about the program.

The GSA announced earlier this year that it is looking to bring a limited number of state and local governments on board to use Login.gov. Both government partners and citizens would benefit from the expansion, officials said.


Filed


Subject: NIH’s COVID-19 data enclave continues to evolve with the virus
Source: FedScoop
https://www.fedscoop.com/n3c-data-enclave-pprl/

Technology linking patient records across data sources while preserving their privacy is being prototyped by the National Institutes of Health as researchers attempt to understand the evolving COVID-19 virus and its variants.The National Center for Advancing Translational Sciences within NIH launched the largest COVID-19 dataset in the U.S., the National COVID Cohort Collaborative (N3C) Data Enclave, in April. And now NCATS wants to use privacy-preserving record linkage (PPRL) to link data from its enclave with medical images, omics tools, electronic health records (EHRs), and social determinants of health to answer researchers’ lingering questions like why COVID-19 symptoms linger in some patients.

PPRL finds and links records on the same patient across independently maintained data sources using a cryptographic hash value to protect their identity.

The N3C Data Enclave is a Palantir analytics platform with three subsets — synthetic, de-identified and limited datasets — that a Data Access Committee of federal officials may or may not grant researchers access to upon request.

The Johnson & Johnson, Moderna and Pfizer vaccines have special RxNorm numbers in EHRs that will help N3C researchers study their efficacy over time.

NCATS’s data enclave is a Federal Risk and Authorization Management Program-certified environment that also requires dual authentication to access. The center’s security office monitors the enclave and also has an outside federal group run penetration tests, though it hasn’t really run into nefarious actor to date, Gersing said.


Subject: Army wants to clean up biometric ID data
Source: GCN
https://gcn.com/articles/2021/04/07/dod-biometric-data-cleanse.aspx

The Defense Department’s Automated Biometric Identification System is required to accept biometric data from across DOD, and some of this data comes from legacy collection systems that include poor-quality images or inaccuracies. For this reason, ABIS, which is supposed to be the authoritative biometric database, includes a large number of records with errors, missing data or low-quality images. Poor-quality data not only requires extensive computing resources to process, but it also results in a higher number of near matches that require a human examiner to resolve.

Subject: Dallas Cops Used Face Recognition Installed on Personal Phones
Source: Gizmodo
https://gizmodo.com/dallas-police-used-face-recognition-software-without-au-1846631918

Dallas police officers used unauthorized facial recognition software to conduct between 500 and 1,000 searches in attempts to identify people based on photographs. A Dallas Police spokesperson says the searches were never authorized by the department, and that in some cases, officers had installed facial recognition software on their personal phones.

The spokesperson, Senior Cpl. Melinda Gutierrez, said the department first learned of the matter after being contacted by investigative reporters at BuzzFeed News. Use of the face recognition app, known as Clearview AI, was not approved, she said, “for use by any member of the department.”

Department leaders have since ordered the software deleted from all city-issued devices.

BuzzFeed News first revealed Clearview AI was being used in Dallas on Tuesday following a yearlong investigation into the company. The Dallas Police Department is only one of 34 agencies to acknowledge employees had used the software without approval.

Today, facial recognition is considered one of the most controversial technologies used by police. The American Civil Liberties Union has pressed federal lawmakers to impose a moratorium on its use nationwide citing multiple studies showing the software is error-prone, particularly in cases involving people with dark skin.

Filed https://gizmodo.com/c/privacy-and-security


Subject: Utah pilots mobile driver’s license
Source: GCN
https://gcn.com/articles/2021/04/08/utah-mobile-drivers-license.aspx

Utah is testing a mobile driver’s license (mDL) that gives holders more control over the data they share when presenting their identification.What makes Utah’s mDL different from other efforts, said Christopher Caras, director of the Department of Public Safety’s Driver License Division (DLD), is that it is not a photo or digital version of an ID card. Instead, it uses standards from the American Association of Motor Vehicle Administrators and the International Organization for Standards (ISO) that enable security measures such as encryption and provide privacy protections that allow users to determine the data they share.

Utah’s mDLs are the first in the country to fully comply with ISO’s interface, according to the department. It is working with GET Group North America and its technology partner Scytáles to provide GET Mobile ID, the ISO 18013-5-compliant app that puts a license on a smart phone. Any reader that complies with that standard can verify the document.

Grocery stores, banks, hospitals and law enforcement officials, for example, that ask to see driver’s license information will need readers to accept the mobile credential. These readers typically work in three ways: via Bluetooth, near-field communication or QR codes. For instance, a grocery store clerk may ask to verify the age of someone trying to buy wine. With an mDL, the buyer can tell the app, “Share age,” and only that information is divulged to the store’s reader.

That includes the Transportation Security Administration’s Real ID requirement for domestic air travel. Caras said Utah is in talks with TSA on a partnership to make the mDL compliant with TSA requirements. TSA does not currently accept mobile or electronic driver’s licenses, but the Real ID Modernization Act, passed at the end of 2020, “helps lay the groundwork for future REAL ID-compliant mobile/digital driver’s licenses to individuals holding a valid REAL ID compliant physical DL/ID.”


Subject: Intelligence officers predict a future shaped by faceless enemies like disease, climate change
Source: Yahoo! News
https://news.yahoo.com/intelligence-officers-predict-a-future-shaped-by-faceless-enemies-like-disease-climate-change-175941424.html

WASHINGTON — The intelligence community has published [156-page PDF] a wide-ranging report detailing its predictions about the state of the world in the next two decades. The National Intelligence Council, in a report released Thursday, suggested that regardless of how humanity confronts ongoing challenges, some of the biggest threats will not be caused or instigated by human perpetrators. These global challenges will likely include “climate change, disease, financial crises, and technology disruptions,” which could create “food and water insecurity,” “increase migration” and its destabilizing effects, create “new health challenges” and decimate biodiversity, the authors write.

One of the major examples of that threat is the ongoing COVID-19 pandemic, the authors write, which they describe as the most disruptive global event since World War II.

The National Intelligence Council, a small body within the Office of the Director of National Intelligence composed of senior experts on various regions and threats, was formed in 1979 and tasked with peering into the near and distant future. Its “global trends” reports are drafted in an effort to help senior policymakers, lawmakers and private citizens think strategically about the possible evolution of threats to the current world order and how the future might look depending on how the U.S. confronts them.

Posted in: Communications, Cybercrime, Cyberlaw, Cybersecurity, Data Mining, Healthcare, Medical Research, Privacy, Technology Trends