CyberSec Law Report – 21 July 2019

CyberSec Law Report 21 July 2019

Orlando Ends Facial Recognition Program

Orlando, Florida officials announced the city will end its testing of Amazon Facial Rekognition technology due to lack of resources. No report on how the facial recognition technology performed was released. The statement from Orlando’s Chief Administrative Officer, stated that Orlando will not be pursuing any other facial recognition programs in the near future

Earlier this year, Amazon shareholders voted to move forward with selling facial recognition technology and services to law enforcement agencies. The company’s facial recognition technology is known as Amazon Rekognition and I used to match photos with identities from databases taken from various sources. Facial recognition is a form of biometric identification developed for security applications like positively identifying a person to unlock a door or computer to ensure secure access.

Facial recognition has become the technology of choice for mass surveillance of crowds and for identifying suspects in criminal investigations. It has been divulged that law enforcement agencies including the Department of Homeland Security are accessing databases of driver photos and passport photos to help apprehend criminals without the consent of citizens.

Keeper Password Protection
Keeper Password Protection

Technology companies like Google and Microsoft have taken issue with Amazon’s willingness to work with law enforcement agencies and facial recognition technology. The average US citizen has little or no idea how their personal data including photographs is being accessed and used by police or other agencies. There is inadequate legislation covering or limiting the use of personal data in the United States by law enforcement including how long an image can be retained by an agency or who can access it. Recently a US Customs and Border Patrol (CBP) contractor had driver data and images hacked from their own server of border information collected at a US land border. The contractor was found to be in violation of CBP policies as they has downloaded the driver data onto their own servers and to use it for their own product development.

Orlando Sells Driver Data to Advertisers

Florida is again in the news with personal data leaks. The state of Florida Department of Highway Safety and Motor Vehicles (FHSMV) was caught selling driver data to advertisers. Official records show that FHSMV sold Florida driver and ID cardholder information to over 30 private companies, including marketing firms, bill collectors, insurance companies, and data brokers, all without the consent of their residents. In 2017, Florida earned $77 million by selling the personal information of drivers’ and ID card holders’ information. Florida license and ID cardholders have no way to opt out of the data sharing. FHSMV can legally sell the data, however, buyers are not permitted to use the data for marketing.

Florida has frequently been in cyber security news lately. Three Florida municipalities suffered ransomware attacks this year. The cities of Riviera Beach and Lake City, and Key Biscayne all had essential city services crippled when hackers compromised IT systems through spear phishing attacks.

Europol Cannot Track 5G Devices

European law enforcement agencies will lose the ability to track criminals and monitor their communications as the world migrates to 5G cellular service. In a Reuters interview Catherine De Bolle, head of Europol, brought up the concern that current police surveillance technologies only work son 4G devices and networks. Updates to both domestic regulations and technology are needed to keep up with new networks.

Europol, based in The Hague, has been the European Union’s police agency since 1999. The agency is responsible for combatting crime. DeBolle hopes to double Europol’s budget by2027 to help fight hackers and cybercrimes.