Enough ink has been spilled on the topic to fill libraries, but this article is meant to distill some of the key arguments, viewpoints, and general information related to facial recognition systems and the impacts they can have on our privacy today.

What Are Facial Recognition Systems?

The actual technology behind FRS and who develops them can be complicated. It’s best to have a basic idea of how these systems work before diving into the ethical and privacy-related concerns related to using them.

How Do Facial Recognition Systems Work?

On a basic level, facial recognition systems operate on a three-step process. First, the hardware, such as a security camera or smartphone, records a photo or video of a person.

That photo or video is then fed into an AI program, which then maps and analyzes the geometry of a person’s face, such as the distance between eyes or the contours of the face. The AI also identifies specific facial landmarks, like forehead, eye sockets, eyes, or lips.

Finally, all these landmarks and measurements come together to create a digital signature which the AI compares against its database of digital signatures to see if there is a match or to verify someone’s identity. That digital signature is then stored on the database for future reference.

Read More At: The Pros and Cons of Enlisting AI for Cybersecurity

Use Cases of Facial Recognition Systems

A technology like facial recognition is broadly applicable to a number of different industries. Two of the most obvious are law enforcement and security. 

With facial recognition software, law enforcement agencies can track suspects and offenders unfortunate enough to be caught on camera, while security firms can utilize it as part of their access control measures, checking people’s faces as easily as they check people’s ID cards or badges.

Access control in general is the most common use case for facial recognition so far. It generally relies on a smaller database (i.e. the people allowed inside a specific building), meaning the AI is less likely to hit a false positive or a similar error. Plus, it’s such a broad use case that almost any industry imaginable could find a reason to implement the technology.

Facial recognition is also a hot topic in the education field, especially in the U.S. where vendors pitch facial recognition surveillance systems as a potential solution to the school shootings that plague the country more than any other. It has additional uses in virtual classroom platforms as a way to track student activity and other metrics.

In healthcare, facial recognition can theoretically be combined with emergent tech like emotion recognition for improved patient insights, such as being able to detect pain or monitor their health status. It can also be used during the check-in process as a no-contact alternative to traditional check-in procedures.

The world of banking saw an increase in facial recognition adoption during the COVID-19 pandemic, as financial institutions looked for new ways to safely verify customers’ identities.

Some workplaces already use facial recognition as part of their clock-in-clock-out procedures. It’s also seen as a way to monitor employee productivity and activity, preventing folks from “sleeping on the job,” as it were. 

Companies like HireVue were developing software using facial recognition that can determine the hireability of prospective employees. However, it discontinued the facial analysis portion of its software in 2021. In a statement, the firm cited public concerns over AI and a growing devaluation of visual components to the software’s effectiveness.

Retailers who sell age-restricted products, such as bars or grocery stores with liquor licenses, could use facial recognition to better prevent underaged customers from buying these products.

Who Develops Facial Recognition Systems?

The people developing FRS are many of the same usual suspects who push other areas of tech research forward. As always, academics are some of the primary contributors to facial recognition innovation. The field was started in academia in the 1950s by researchers like Woody Bledsoe.

In a modern day example, The Chinese University of Hong Kong created the GaussianFace algorithm in 2014, which its researchers reported had surpassed human levels of facial recognition. The algorithm scored 98.52% accuracy compared to the 97.53% accuracy of human performance.

In the corporate world, tech giants like Google, Facebook, Microsoft, IBM, and Amazon have been just some of the names leading the charge.

Google’s facial recognition is utilized in its Photos app, which infamously mislabeled a picture of software engineer Jacky Alciné and his friend, both of whom are black, as “gorillas” in 2015. To combat this, the company simply blocked “gorilla” and similar categories like “chimpanzee” and “monkey” on Photos.

Amazon was even selling its facial recognition system, Rekognition, to law enforcement agencies until 2020, when they banned the use of the software by police. The ban is still in effect as of this writing.

Facebook used facial recognition technology on its social media platform for much of the platform’s lifespan. However, the company shuttered the software in late 2021 as “part of a company-wide move to limit the use of facial recognition in [its] products.”

Additionally, there are firms who specialize in facial recognition software like Kairos, Clearview AI, and Face First who are contributing their knowledge and expertise to the field.

Read More At: The Value of Emotion Recognition Technology

Is This a Problem?

To answer the question of “should we be worried about facial recognition systems,” it will be best to look at some of the arguments that proponents and opponents of facial recognition commonly use.

Why Use Facial Recognition?

The most common argument in favor of facial recognition software is that it provides more security for everyone involved. In enterprise use cases, employers can better manage access control, while lowering the chance of employees becoming victims of identity theft.

Law enforcement officials say the use of FRS can aid their investigative abilities to make sure they catch perpetrators quickly and more accurately. It can also be used to track victims of human trafficking, as well as individuals who might not be able to communicate such as people with dementia. This, in theory, could reduce the number of police-caused deaths in cases involving these individuals.

Human trafficking and sex-related crimes are an oft-spoken refrain from proponents of this technology in law enforcement. Vermont, the state with the strictest bans on facial recognition, peeled back their ban slightly to allow for its use in investigating child sex crimes.

For banks, facial recognition could reduce the likelihood and frequency of fraud. With biometric data like what facial recognition requires, criminals can’t simply steal a password or a PIN and gain full access to your entire life savings. This would go a long way in stopping a crime for which the FTC received 2.8 million reports from consumers in 2021 alone.

Finally, some proponents say, the technology is so accurate now that the worries over false positives and negatives should barely be a concern. According to a 2022 report by the National Institute of Standards and Technology, top facial recognition algorithms can have a success rate of over 99%, depending on the circumstances.

With accuracy that good and use cases that strong, facial recognition might just be one of the fairest and most effective technologies we can use in education, business, and law enforcement, right? Not so fast, say the technology’s critics.

Why Ban Facial Recognition Technology?

First, the accuracy of these systems isn’t the primary concern for many critics of FRS. Whether the technology is accurate or not is inessential. 

While Academia is where much research on facial recognition is conducted, it is also where many of the concerns and criticisms are raised regarding the technology’s use in areas of life such as education or law enforcement. 

Northeastern University Professor of Law and Computer Science Woodrow Hartzog is one of the most outspoken critics of the technology. In a 2018 article Hartzog said, “The mere existence of facial recognition systems, which are often invisible, harms civil liberties, because people will act differently if they suspect they’re being surveilled.”

The concerns over privacy are numerous. As AI ethics researcher Rosalie A. Waelen put it in a 2022 piece for AI & Ethics, “[FRS] is expected to become omnipresent and able to infer a wide variety of information about a person.” The information it is meant to infer is not necessarily information an individual is willing to disclose.

Facial recognition technology has demonstrated difficulties identifying individuals of diverse races, ethnicities, genders, and age. This, when used by law enforcement, can potentially lead to false arrests, imprisonments, and other issues.

As a matter of fact, it already has. In Detroit, Robert Williams, a black man, was incorrectly identified by facial recognition software as a watch thief and falsely arrested in 2020. After being detained for 30 hours, he was released due to insufficient evidence after it became clear that the photographed suspect and Williams were not the same person.

This wasn’t the only time this happened in Detroit either. Michael Oliver was wrongly picked by facial recognition software as the one who threw a teacher’s cell phone and broke it.

A similar case happened to Nijeer Parks in late 2019 in New Jersey. Parks was detained for 10 days for allegedly shoplifting candy and trying to hit police with a car. Facial recognition falsely identified him as the perpetrator, despite Parks being 30 miles away from the incident at the time. 

There is also, in critics’ minds, an inherently dehumanizing element to facial recognition software and the way it analyzes the individual. Recall the aforementioned incident wherein Google Photos mislabeled Jacky Alciné and his friend as “gorillas.” It didn’t even recognize them as human. Given Google’s response to the situation was to remove “gorilla” and similar categories, it arguably still doesn’t.

Finally, there comes the issue of what would happen if the technology was 100% accurate. The dehumanizing element doesn’t just go away if Photos can suddenly determine that a person of color is, in fact, a person of color. 

The way these machines see us is fundamentally different from the way we see each other because the machines’ way of seeing goes only one way.  As Andrea Brighenti said, facial recognition software “leads to a qualitatively different way of seeing … .[the subject is] not even fully human. Inherent in the one way gaze is a kind of dehumanization of the observed.”

In order to get an AI to recognize human faces, you have to teach it what a human is, which can, in some cases, cause it to take certain human characteristics outside of its dataset and define them as decidedly “inhuman.”

That said, making facial recognition technology more accurate for detecting people of color only really serves to make law enforcement and business-related surveillance better. This means that, as researchers Nikki Stevens and Os Keyes noted in their 2021 paper for academic journal Cultural Studies, “efforts to increase representation are merely efforts to increase the ability of commercial entities to exploit, track and control people of colour.”

Final Thoughts

Ultimately, how much one worries about facial recognition technology comes down to a matter of trust. How much trust does a person place in the police or Amazon or any random individual who gets their hands on this software and the power it provides that they will only use it “for the right reasons”?

This technology provides institutions with power, and when thinking about giving power to an organization or an institution, one of the first things to consider is the potential for abuse of that power. For facial recognition, specifically for law enforcement, that potential is quite large.

In an interview for this article, Frederic Lederer, William & Mary Law School Chancellor Professor and Director of the Center for Legal & Court Technology, shared his perspective on the potential abuses facial recognition systems could facilitate in the U.S. legal system:

“Let’s imagine we run information through a facial recognition system, and it spits out 20 [possible suspects], and we had classified those possible individuals in probability terms. We know for a fact that the system is inaccurate and even under its best circumstances could still be dead wrong.

If what happens now is that the police use this as a mechanism for focusing on people and conducting proper investigation, I recognize the privacy objections, but it does seem to me to be a fairly reasonable use.

The problem is that police officers, law enforcement folks, are human beings. They are highly stressed and overworked human beings. And what little I know of reality in the field suggests that there is a large tendency to dump all but the one with the highest probability, and let’s go out and arrest him.”

Professor Lederer believes this is a dangerous idea, however:

“…since at minimum the way the system operates, it may be effectively impossible for the person to avoid what happens in the system until and unless… there is ultimately a conviction.”

Lederer explains that the Bill of Rights guarantees individuals a right to a “speedy trial.” However, court interpretations have borne out that arrested individuals will spend at least a year in prison before the courts even think about a speedy trial.

Add to that plea bargaining:

“…Now, and I don’t have the numbers, it is not uncommon for an individual in jail pending trial to be offered the following deal: ‘plead guilty, and we’ll see you’re sentenced to the time you’ve already been [in jail] in pre-trial, and you can walk home tomorrow.’ It takes an awful lot of guts for an individual to say ‘No, I’m innocent, and I’m going to stay here as long as is necessary.’

So if, in fact, we arrest the wrong person, unless there is painfully obvious evidence that the person is not the right person, we are quite likely to have individuals who are going to serve long periods of time pending trial, and a fair number of them may well plead guilty just to get out of the process.

So when you start thinking about facial recognition error, you can’t look at it in isolation. You have to ask: ‘How will real people deal with this information and to what extent does this correlate with everything else that happens?’ And at that point, there’s some really good concerns.”

As Lederer pointed out, these abuses already happen in the system, but facial recognition systems could exacerbate these abuses and even increase them. They can perpetuate pre-existing biases and systemic failings, and even if their potential benefits are enticing, the potential harm is too present and real to ignore.

Of the viable use cases of facial recognition that have been explored, the closest thing to a “safe” use case is ID verification. However, there are plenty of equally effective ID verification methods, some of which use biometrics like fingerprints.

In reality, there might not be any “safe” use case for facial recognition technology. Any advancements in the field will inevitably aid surveillance and control functions that have been core to the technology from its very beginning.

For now, Lederer said he hasn’t come to any firm conclusions as to whether the technology should be banned. But he and privacy advocates like Hartzog will continue to watch how it’s used.

Read Next: What’s Next for Ethical AI?

The post The Toll Facial Recognition Systems Might Take on Our Privacy and Humanity appeared first on IT Business Edge.

The Senate this week voted to void privacy rules that were promulgated at the end of the Obama Administration by the Federal Communications Commission (FCC). The Senate used the Congressional Review Act, which allows late date rules of one administration to be rolled back by the next. The FCC has already voted to stay privacy rules.

The rules required internet service providers (ISPs) to get customer permission to share personal information that they gather. ISPs want to be able to sell that data and are two steps away from having that happen: passage by the House of Representatives and President Trump’s signature.

IoT Roaming Small, but Will Expand Quickly

The Roaming Consulting (ROCCO) released a study this week on Internet of Things (IoT) roaming. The finding is that only 5 percent of mobile network operator revenue is from IoT roaming today. That is not the whole story, however. The firm said that responses suggest that the percentage will increase significantly.

By 2020, survey responses indicated, 20 percent to 30 percent of MNO revenue will be generated in this way. Some MNOs will generate half their revenue by IoT roaming. Almost 70 percent said that they find inbound and outbound IoT roaming “interesting” or “very interesting.”

Should Companies Buy 802.11ac Wave 2 Equipment Now?

There is a natural inclination for corporate users to buy the latest available technology. It’s human nature and in many cases makes technical sense.

But not always. Jon Gold at Network World points out that 802.11ac wave 2 access points (APs) are starting to crowd wave 1 devices in sales. The sticking point, he points out, is that these APs are not particularly useful – at least not yet:

But it’s unlikely that wave 2 technology, in and of itself, is something an enterprise really needs right now, according to some experts. The main issue is that, since there are almost no laptops, smartphones or other endpoints on the market right now that use wave 2, the most innovative features of the technology simply won’t work.

The incremental benefits of Wave 2 are also beyond the needs of most businesses. And, finally, the differences between Wave 2 and later version Wave 1 chipsets and filters are not that great.

There’s also a rationale for going with Wave 2 even now, however. Since the refresh cycles for APs is very long – Gold says it can be seven years – buying them now in anticipation of appropriate equipment is not necessarily a bad idea. As usual, companies must decide based on their unique circumstances.

Both Democrats and Republicans Like Dig One Idea

Stop the press: Ars Technica has found a topic on which Democrats and Republicans agree. It is dig once policies, which focus on having construction crews install conduit whenever they are building new roads or sidewalks. The conduit can be empty; inserting cable if it is needed later can be done at a lower cost and with less disruption than digging again.

The idea, the story says, has been around for years. Dig once seems to be getting a boost in Congress. Marsha Blackburn (R-TN) held a hearing this week that included discussion of the idea. Nothing is straightforward in Washington, however. Despite the rare bipartisan support, it is unclear if a proposal from Representative Anna Eshoo (D-CA), which was used in the hearing, will actually get a vote. Eshoo is a longtime dig once advocate.

The Dangers of the IIoT
There are (at least) two Internet of Things (IoT). The one that includes fitbits and connected surveillance cameras is one. The other, which is more hidden, is the Industrial Internet of Things (IIoT). As the name implies, the IIoT controls the factory floors, industrial loading docks and myriad other places where big machines and processes dominate. The IIoT is hugely valuable for these venues. It offers the ability to collect massive amounts of data that can be fed into Big Data platforms, boiled down and turned into efficiency gains.

As usual, however, there are great dangers. Semiconductor Engineering’s Ed Sperling looks at the benefits and dangers of the IIoT. On the security front, there are many threats. Some can lead to total breaches and others to slow and steady data leaks. The latter, Sperling says that experts say, are more common.

Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at cweinsch@optonline.net and via twitter at @DailyMusicBrk.

The post Senate Moves to Roll Back Privacy Rules appeared first on IT Business Edge.

An ongoing question among skeptics is whether the data speeds promised by big ISPs are actually delivered. In New York, the Attorney General has weighed in with his answer – in the form of a lawsuit.

The AG, Eric Schneiderman, this week sued Charter and its Time Warner Cable subsidiary. The company, the suit says, “allegedly conduct[ed] a deliberate scheme to defraud and mislead New Yorkers by promising Internet service that they knew they could not deliver,” according to Ars Technica.

The story says that the state conducted a 16-month investigation and found that the premium plans promising services of 100 Megabits per second (Mbps), 200 Mbps and 300 Mbps were in reality as much 70 percent slower. The suit says that the bad behavior dates from 2012 – before Charter acquired Time Warner Cable – to the present.

Could Net Neutrality, in Some Form, Survive?

The assumption when Ajit Pai was named Chairman of the Federal Communications Commission (FCC) by President Trump was that net neutrality rules put in place during the previous administration were certain to change. That is still likely so, but the new top man may be finding that change is not easy.

Pai, who had earlier said that his desire was to use a weed whacker on the net neutrality rules, is being more circumspect, according to Computerworld, which reported that Pai wouldn’t say what is in store for net neutrality, and suggested that Congress may take it upon itself to settle the issue:

Lawmakers will likely push for legislation, similar to a proposal from early 2015, that would write basic net neutrality protections into law, Senator John Thune, the Republican chairman of the Senate Commerce, Science, and Transportation Committee, said recently. A law passed by Congress would supersede any actions taken at the FCC.

Pai’s reluctance to speak overtly and Congress’ possible action suggest that net neutrality could survive. Whether it does so in anything resembling today’s form is still a long shot, however.

Bad News Continues for Tablets

The end of 2016 brought no good news for the tablet sector as IDC reports that it experienced its ninth consecutive quarterly decline.

The firm found that during the fourth quarter, 52.9 million tablets were shipped, which was 20.1 percent less than the year-ago quarter. For the year, shipments were 174.8 million, a decline of 15.6 compared to 2015. Commentary in the press release is that traditional tablets – those without detachable keyboards – are in decline globally.

The top five vendors (in order, Apple, Samsung, Amazon, Lenovo and Huawei) had mixed results. Apple shipped 16.1 million devices during the fourth quarter of 2015 and 13.1 million during the fourth quarter of last year. Samsung also declined. It shipped 9 million in the fourth of 2015 and 8 million in 2016.

There were two winners: Huawei gained 1 million, from 2.2 million to 3.2 million last year, and  Lenovo upped shipments from 3.2 million to 3.7 million between the two years’ fourth quarters. Amazon stayed at 5.2 million devices shipped in both year’s fourth quarters.

The “other” category lost a great deal: It shrunk from 30.5 million tablets shipped in the fourth quarter of 2015 to 19.8 million during last year’s fourth quarter.

Organizations to Follow Voluntary Privacy Rules

A number of ISPs and other companies have pledged to adhere to a set of privacy principles without regard to ongoing action by the FCC. The rules, WirelessWeek says, were written by the Federal Trade Commission (FTC) and were “the law of the land” before the FCC acted on privacy issues last year. They seem to focus on simplicity and directness:

They include commitments to transparency in providing customers with clear, comprehensible, and accurate notice about the data collected, how it’s used, and what is shared with third parties; data security to protect the information collected; and sending out notifications “without unreasonable delay” when data breaches occur.

Companies and groups saying that they will follow the guidelines include Verizon, AT&T, T-Mobile, the CTIA, Comcast, Charter, USTelecom, the Wireless Internet Service Providers Association and WTA-Advocates for Rural Broadband.

Globalstar Gets Go-Ahead from the FCC

Globalstar has been given the all-clear by the FCC to create a terrestrial broadband network in the 2.4 GHz spectrum that it holds, according to TVTechnology.

The spectrum is between 2.4835 and 2.495 GHz. The December Report & Order from the FCC says that no Broadcast Auxiliary Spectrum operations will need to move. The order, according to the story, does not address other requests from Globalstar. StreetInsider reports that GlobalStar has asked for permission to provide services in three countries.

Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at cweinsch@optonline.net and via twitter at @DailyMusicBrk.

The post New York Attorney General Sues Charter, TWC appeared first on IT Business Edge.

2017 and Beyond: How Digital Innovation Will Impact the World

According to the findings of a Cognizant study on how businesses and jobs need to evolve in the digital era, the economic impact of being behind your peer group in digital is huge. For large enterprises, this “laggard penalty,” as the study calls it, can result in hundreds of millions of dollars of lost economic opportunity just over the next few years.

In an email interview following the release of the study, dubbed “The Work Ahead: Mastering the Digital Economy,” Paul Roehrig, global managing director of the Center for the Future of Work at Cognizant, provided some valuable commentary. A particularly keen insight came in response to my question about what the focus of students just beginning their university studies should be in order to become as well-equipped as possible to help their companies master the digital economy:

If you want to master the digital economy, be a better human. As noted in the study’s findings, it may sound counterintuitive, but in a world of more pervasive technology, activities that humans do well will be even more important in 2020 than today. Analytical thinking, communication, and learning skills are all critical now, but in the digital economy these very human activities — things we do naturally, but AI systems struggle with — will become even more essential in our personal and work lives, and for our businesses.

Roehrig said that while the revenue impact of all this will vary by industry, every sector will be affected:

The study focuses on several industries — retail, banking, insurance, manufacturing, and life sciences — that collectively generate more than $60 trillion in revenue today (roughly the scale of about 40 percent of world GDP). What we found is that the impact of digital transformation on these industries between 2015 and 2018 alone could be up to $20 trillion. That number may sound too big to be true, but when you break it down, it seems a lot more realistic.

Leaders from 2,000 companies across the globe think that within three years digital will, on average across all industries studied, influence more than 10 percent of all revenue. In gross revenue terms, this equates to around $2 trillion across the organizations we surveyed. That’s hardly chump change. While the revenue impact will vary by industry, all sectors will be affected. The trend is most pronounced in retail, where the impact of digital on revenue will rise by more than 39 percent. For retailers, it’s already a life-or-death imperative to excel in digital, because customers simply will not tolerate mediocre experiences.

As for which industries are lagging furthest behind, Roehrig said the study found that life sciences and insurance companies are currently the “least digital” sectors:

That means they currently attribute the least amount of their revenue to new technologies and digital experiences, invest less, etc. In many cases, leaders feel like regulation or a lack of clear ROI may be preventing innovation, but those arguments won’t last for long, as we’re starting to see real technology-fueled innovation in those sectors. Also, it’s interesting to see that leaders in life sciences and insurance expect revenue to be impacted by more than 30 percent over the next three years. This is simply a massive shift in how they plan to create value.

I asked Roehrig which information technology jobs that are currently considered to be in high demand are destined to become obsolete the fastest. He indicated that it’s more a question of how technology will change jobs, rather than how technology will make them disappear:

The impact of technology on jobs is a really important question, and it’s on a lot of people’s minds. In fact, around 77 percent of senior leaders globally said they were concerned that ‘automated technology (robots) will take jobs from people I care about (and maybe me).’ Even though there is concern about automation taking jobs away, senior leaders saw the positives in technology enabling work. For example, the study found that more than 60 percent of leaders said technology would help them be more creative and help them serve customers better; around 87 percent said new technologies would improve their productivity. The vast majority of leaders believe, as we do here at Cognizant’s Center for the Future of Work, that it would be a mistake to short human imagination. As we have throughout history, we will continue to find plenty of work for human hands and brains.

When we think about impact on jobs, it’s helpful to look at the kinds of work being done that make up ‘a job.’ In fact, we believe that many — many — more knowledge jobs will be altered by technology, rather than simply being ‘automated away.’ Even so, the new machines will make some work less relevant in the digital economy. If a specific job is made up of highly repetitive, data-intensive tasks that don’t require much human judgment or empathy, it could be a candidate for process automation. 

Given that Cognizant is a major offshore outsourcing services provider, I asked Roehrig how the offshore outsourcing model will change to adapt to the future digital economy. His response:

Throughout history, how we work — how we share labor, the tools we use, and so on — defines our societies as well as our specific industries and companies. From the Stone Age to the Iron Age to the Industrial Revolution, this has been the case. When the Internet — a new ‘machine’ —became accessible to many, knowledge work could be done wherever there was a smart person with a connection. This new technology opened up opportunities to distribute work in a new business model. It was similar to when physical work — like manufacturing — was able to be distributed globally once the labor and shipping costs got low enough to make economic sense.

These shifts have always resulted in massive value creation, and this won’t change as we move into the digital economy. What will matter most in the digital economy will be having the right skills to create value and innovate based on new machines — AI, algorithms, bots, big data — and new business models aligned to digital and physical products and services. And that can happen anywhere.

Finally, I asked Roehrig whether privacy is likely to become more of a casualty or more of a benefactor of the future digital economy. He said there are no easy answers:

Given all the news about hacks, phishing, and too much information on Twitter and Facebook, it’s not surprising that 87 percent of global leaders said privacy was a major concern about our digital future. The fact is that there will be a digital dark side, and it will be a bumpy ride for all of us as we decide how to manage privacy in a world where everything can be shared. There are no easy answers, but we are already learning how to make this work. We know this because this is happening around us now, and smart leaders are adapting to our digital environment at a remarkably rapid rate.

Security breaches are now expected, and often not fatal. In fact, as we shared in our findings, the targets of the biggest macro-hacks paid a steep price, but virtually all are still open for business. Our definition of privacy and what we expect will certainly change. It’s already happening. While we can’t stop this, we can steer it. Our decisions, ethics, and even optimism will be even more essential in the new digital economy than ever before. 

A contributing writer on IT management and career topics with IT Business Edge since 2009, Don Tennant began his technology journalism career in 1990 in Hong Kong, where he served as editor of the Hong Kong edition of Computerworld. After returning to the U.S. in 2000, he became Editor in Chief of the U.S. edition of Computerworld, and later assumed the editorial directorship of Computerworld and InfoWorld. Don was presented with the 2007 Timothy White Award for Editorial Integrity by American Business Media, and he is a recipient of the Jesse H. Neal National Business Journalism Award for editorial excellence in news coverage. Follow him on Twitter @dontennant.

Save

The post To Master the Digital Economy Be Better at Being Human appeared first on IT Business Edge.

Although more than a year has passed since the cyber attack on health insurance giant Anthem, many industry experts are still asking questions: What went wrong? Who is at fault? Were there preventative measures that could’ve been taken? And while these questions have yet to be answered, immediate action must be taken to achieve better security. In this slideshow, Mark Hickman, COO at WinMagic, discusses the top five ways health care organizations can protect themselves from a data breach.

Securing Health Care Information

Click through for five ways health care organizations can better protect protected health information (PHI) from a data breach, as identified by Mark Hickman, COO at WinMagic.

Encrypt Everything

Experts believe personal health information (PHI) is so attractive due to the high profitability of the personal and financial information contained within medical records. As a result, health providers should exercise the concepts of “encrypt everything” and intelligent key management, both of which must be handled separately. Isolating the encrypted data from the encryption key will prevent a security compromise from occurring.

Enforce Policies on Lost or Stolen Devices

Forty-three percent of data breaches are due to lost or stolen devices, with smartphones and tablets outranking desktop and laptop computers as the devices most likely to go missing. There are numerous examples of employee negligence-related data leakage. At Oregon Health & Science University (OHSU) the PHI of approximately 1,000 patients was exposed when an unencrypted laptop was stolen from an employee’s car. In a separate breach, also at OHSU, the PHI of 14,000 patients was compromised when an unencrypted thumb drive was stolen from an employee who brought it home without authorization.

Even when devices are stolen, encryption can prevent data getting into the wrong hands. This makes it vital for organizations to not only implement clearly-defined procedures for protecting mobile and employee-owned devices, but also to enforce them.

Exercise Caution When Accessing Foreign Networks

In a Cisco report on BYOD, 59 percent of respondents who used smartphones to access PHI said the smartphones were not password protected, 53 percent of respondents accessed unsecured or foreign Wi-Fi networks, and 48 percent of respondents could not confirm if they disabled “discovery mode” on their Bluetooth devices and smartphones, which makes these devices extremely vulnerable to a cyber attack. Many health care roundtable participants also reported that it was not uncommon for doctors to email PHI to personal email addresses (a known HIPAA violation) which opens yet another opportunity for access to unencrypted PHI.

IT departments at health care organizations should enforce strict requirements with respect to health care providers accessing PHI via mobile devices.

Beware of Medical Devices and Mobile apps

Be careful when downloading apps and monitor all technology involved in the health care environment. Shockingly, nearly 20 percent of breaches within the health sector are caused by unsecure mobile apps and medical devices.

Data Storage in the Cloud

A third of health care organizations say that when it comes to data security, they are most concerned about the use of public cloud services. However, it is not just public services that should be of concern. With respect to private cloud storage providers, there can be a range of solutions and variances in the types and implementation of security measures. Because HIPAA rules apply to business associates and their subcontractors or vendors, it’s important that all cloud service providers contractually agree to adhere to HIPAA standards.

If health care organizations allow the implementation of cloud-based applications such as enterprise file-sync-and-share services, IT departments should ensure that a solution is in place that will encrypt files at the endpoint before being pushed to the cloud.

The post 5 Ways Health Care Can Achieve Stronger Data Security appeared first on IT Business Edge.

Top 5 Places Your Enterprise Data Is at Risk

During the very first session I attended at Enfuse 2016 — Public Information Gathering and Social Engineering: Low Tech, High Reward, presented by Ken Pyle, partner with DFDR Consulting – I was blown away by how easy it is to gather personal information and gain access to a network. In another post, I will go more in depth about how companies are unwittingly sharing everything a bad guy needs to get into your system, but today, I want to tie one of Pyle’s comments with something that is currently in the news.

As he spoke about the ways we leave traces of information behind for hackers to find and use, Pyle mentioned MySpace, calling it a gold mine of information for thieves. Yes, the social media site has all but disappeared from the social networking consciousness, but the site itself didn’t disappear. Neither did all of that information that users once shared with the same vigor they now share on Facebook, Instagram and other sites. No one ever deletes their stuff, Pyle told the audience. Mostly, we forget that it is even there.

The bad guys haven’t forgotten, though, and chances are good they’ll find that treasure and use it to their advantage.

It didn’t take long for Pyle to prove prophetic. Shortly after returning home from the conference, I discovered that MySpace was among the social media sites to be breached. And, according to eSecurity Planet:

The Myspace data includes email addresses, user names and passwords. In a separate article, Motherboard notes that the Myspace breach appears to be the largest theft of email addresses and passwords in history.

Now, as a CNET articled pointed out, if you changed and strengthened passwords since 2013 and didn’t include too much PII in your profile, you should be okay. But I suspect that a lot of MySpace passwords and user name combinations have been migrated to other accounts. Despite knowing the dangers of poor password management, we still aren’t very good at updating and changing passwords unless forced to. As Dodi Glenn, VP of cyber security at PC Pitstop, told me in an email comment:

The use of weak passwords and unencrypted database passwords still presents a serious security problem to individuals and companies alike, and it’s one of the top causes of data breaches. With username and password reuse, an individual may use the same email address or username and password on site A that they would use on sites B and C. When site A gets compromised, the hacker uses an underground tool to check other various sites to see if this account login and password combination exists elsewhere, not associated with MySpace.

As Craig Kensek, security expert with Lastline, told me, organizations should use this MySpace breach as a learning experience, as well as a signal to invest in newer technologies that will do a better job at protecting data from increasingly complex attacks.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

The post Even ‘Dead’ Social Media Sites Are a Gold Mine for Hackers appeared first on IT Business Edge.

How to Implement a VDI Solution

Click through for five tips on effectively implementing a desktop virtualization solution, as identified by Jeff McNaught, executive director and chief strategy officer, Dell Cloud Client-Computing.

Understand Users’ Needs

Understand the various technology needs within the organization before designing your VDI solution.

So you think you know what everyone does in the organization. But do you really? Many people within the same organization have vastly different technology needs and different security profiles. In a design firm for example, the designers need a lot more horsepower than the HR department, and those working on confidential prototypes likely need greater security than the marketing department. Architects may work on plans in the office, but review and update them with clients at building sites. Hospitals may have terminals accessed by multiple health care workers to view and update patient records on the ward – and patient information is governed by HIPAA compliance regulations – but doctors and health care professionals continue to demand access to this information using the consumer devices they own or love. In order to design an effective VDI solution, the IT manager first needs to understand the unique needs of the end users and the various ways those users will need to access data so that the solution selected has the right level of flexibility and performance to ensure end user productivity and satisfaction.

Outline Desired Outcomes

Decide on the outcomes from a VDI solution.

Just as end users have a variety of needs and expectations when it comes to the technology they use every day, the IT manager must also determine what they want to get out of deploying VDI. Whether it’s lowering IT costs over time, the need to secure and control data, or reduce maintenance on endpoints (or all the above), knowing the desired outcomes and building a solution to meet those needs is key. Blueprint assessments offered by major vendors can objectively identify gaps and help to customize a solution to fit the organization’s unique needs. An added benefit to this is the ability to clearly communicate the benefits to end users during the transition and deployment phase.

Start with a Pilot Program

Before deploying your VDI solution to the entire group, consider starting with a pilot program for a small group of users, including the potential endpoints (thin clients, PCs, tablets and even smartphones). This will enable you to deploy the solution in a small setting, work out any issues, and get end-user feedback before rolling it out to a wider group. This will minimize end-user downtime and decreased productivity. It will also increase end-user satisfaction as the deployment is done gradually, measured and assessed before being rolled out broadly across the organization. This has become easier than ever with the recent introduction of hyper-converged VDI appliances, which can reduce planning and deployment from months to days.

Consider Long-Term Needs

Make sure the VDI solution can support future scalability needs.

Understandably, many of us tend to focus on immediate needs – there is always something that needs to be fixed now. However, when deploying a VDI solution, fixating on the short term can lead to potentially outgrowing the infrastructure much earlier than planned. To avoid this, it’s important to consider long-term needs and projected company growth up front. Today, many hyper-converged appliances have built-in scalability features so it’s easier to “right-size” the investment. In other words, not just knowing that it can scale, but precisely how high, and in what increments it can scale. This takes the guesswork out of VDI and ensures that you’re not under or over investing for your needs.

Minimize Downtime

Consider deployment and managed services as a means to minimize downtime.

In order to quickly start seeing a return on investment, organizations need to deploy new solutions without losing employee productivity. While deploying virtual desktops no longer requires a VDI specialist in the IT department, some organizations with a limited in-house IT staff may want to consider on or off-premise management services to help deploy and maintain the solution over time. Services may also include IT or end-user training and compliance reporting, in addition to maintenance and support. With the right solutions provider, managed services can ensure that the solution works for you over the long term.

The post 5 Tips for Effectively Implementing a Desktop Virtualization Solution appeared first on IT Business Edge.

Yesterday, The Federal Communications Commission, in a party line, 3-2 vote, approved proposed privacy regulations that would limit the ability of Internet service providers (ISPs) to collect and share some forms of data without subscriber consent.

WirelessWeek said that rules would create three categories of data. ISPs would also be required to make public how they gather the data and improve data protection and breach reporting practices.

If they became law, the rules would apply to broadband service providers but not social media websites or other online entities that collect data. Government surveillance, encryption and law enforcement would not be affected.

More Proof of Mobile Security Woes

Crowd Research Partners conducted a survey on behalf of Bitglass, Blancco Technology Group, Check Point Technologies, Skycure, SnoopWall and Teneable Networks. The result is yet another confirmation of trouble on the mobile security front.

The survey reached 882 IT professionals. Twenty-one percent work in organizations that have suffered a mobile breach. The survey also found that 24 percent had connected with malicious Wi-Fi hotspots and 39 percent said that mobile devices had downloaded malware. Both worker- and company-owned devices were involved.

Ubuntu Releases Aquaris M10 Tablet

Canonical, which uses the Ubuntu operating system (OS), is releasing the Aquaris M10 tablet in Europe. PCMag has the specs and prices.

The world of non-iOS and non-Android OSes is an interesting one. For some time, there seemed to be a race to be the third major OS. That has faded; it will be a duopoly. The vendors still interested in the sector are trying to find the strongest niche and specialty areas:

The company is billing the new tablet as a convergence device, a tablet when you’re on the go and a desktop PC when you’re at home. To enter PC mode, you connect a mouse and keyboard for a full-featured version of the Ubuntu operating system at your disposal.

The story doesn’t say if or when the device will be available in the United States.

Google Calling with Fiber Phone

This week, Google introduced Fiber Phone. The $10 per month service is available to those who take the company’s Internet service. Fiber Phone rates for international calls will be the same as Google Voice rates, according to eWeek.

Customers can keep their existing phone number or choose a new one. Caller ID, call waiting, 911 service and other standard features are included. Links to other lines controlled by the customer, including landline and cell phones, allow a call made on one to be available on the others.

Garages Vulnerable to Hacking

One effect of the Internet of Things (IoT) and other ways in which the world increasingly depends upon the Internet is that physical and cyber security become increasingly connected. That’s evident in the possibility that crackers can take control of a vehicle while it is on the highway or unlock and steal it when it is parked.

Another example of the danger is a vulnerability in VertX and Edge door controllers from HID Global. These devices sometimes control access to sensitive areas. ITWorld describes the complex way in which the exploit works. The damage is not easily undone, according to commentary from Ricky Lawshae, a researcher with Trend Micro’s DVLabs division:

The door also can be unlocked in a way that makes it impossible for a remote management system to re-lock it, Lawshae said, adding that every door on the network can be unlocked at the same time by sending UDP broadcast packets.

Trend Micro reported the vulnerability to HID. The company released a patch that is available at its partner portal. The story points out that the problem may not fade away, since fixes are adopted slowly.

Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at cweinsch@optonline.net and via twitter at @DailyMusicBrk.

The post FCC Votes to Strengthen Privacy Rules appeared first on IT Business Edge.

But often a breach will start with something more mundane. Ever since people started sending emails and using the Internet, they have been making the same careless mistakes that leave sensitive information and the business at risk. Sure people are under pressure, they’re in a hurry, and they need to get the job done, but sometimes they let their guard down.

No matter how much you nag people, plead with them and warn them, these mistakes and risky behaviors never seem to end. In this slideshow, Daren Glenister, field chief technology officer, Intralinks, has identified five all-too-common mistakes users need to be careful to avoid.

Risky User Behaviors

Click through for five security blunders users make on an all-too-frequent basis, as identified by Daren Glenister, field chief technology officer, Intralinks.

Sending Emails to the Wrong Address

Virtually everyone has done this at one time or another – transposing a character, forgetting a dash, using “.com” instead of “.org”, etc. It’s when contents are sensitive and not encrypted that the real drama begins. A Google search will reveal many urgent requests on security forums from people who sent confidential files to the wrong address, and are now pleading for advice. According to research by Ponemon Institute, 62 percent of respondents have accidentally sent files to people outside the organization who were not authorized to see them. Talk about rolling the dice!

Devices Getting Lost or Stolen

People are always losing their devices – at the airport, in the back of a taxi, at a restaurant, etc. If a device that’s lost or stolen contains sensitive data, let’s hope you can remote erase it – a lesson NASA learned the hard way. Since it could be hours before you realize your device is missing, you also need to make sure files are encrypted and protected from unauthorized access. (Besides, you may have just misplaced your device, and this way you’ll still have your data.)

Using the Same Password for Work and Personal Accounts

Using separate, strong passwords for work and non-work is such a pain. The only bigger pain is when passwords are stolen, leading to other people using your accounts without your knowledge to steal sensitive data. For example, the massive breach at Target began when someone stole the credentials of an HVAC contractor. At Home Depot, attackers used a vendor’s username and password to steal credit card details for 56 million people. A Verizon Data Breach Report found that a staggering 76 percent of network intrusions began with stolen credentials. We’ve all been warned about password safety, but apparently some people aren’t listening!

Sharing Devices with Family and Friends

This one is especially apt after the holidays, since many people received new devices as gifts and are figuring out how to use them. According to a survey by Kaspersky Lab, one respondent in three reported sharing their computers, phones and tablets, and of those, 32 percent take no precautions to protect their information. Unfortunately, grandma or little Joey may not be sufficiently aware of cyber threats, making them susceptible to scammers or being tricked into downloading malware.

Sending Sensitive Files Via a Consumer-Grade Service

When you need to share a file that’s too large for your email system, it’s tempting to send it through one of the free cloud services. But in general, these consumer-grade services lack the visibility and control necessary for protecting sensitive data. For example, you may love Dropbox, but you shouldn’t use it for transferring files containing PII or company-sensitive information that needs to be protected. Also remember that in regulated industries, you don’t have to wait for a breach to occur – just being in violation of the rules is enough to get hit with a stiff penalty

People Will Make Mistakes – Be Prepared

Human nature being what it is, people will continue to make silly mistakes and fail to follow security precautions no matter how much you remind them. Since they’re probably not going to tell you when something bad happens, it’s best to be prepared at the outset.

Many organizations are turning to Information Rights Management (IRM) technology that embeds encryption and user permissions directly into a file, including who is authorized to view it. If your sensitive data falls into the wrong hands, access can be immediately revoked, keeping the information safe. Think of it as mistake insurance, providing protection when people let their guards down – as they inevitably will.

The post The Human Factor: 5 Security Blunders People Keep Making appeared first on IT Business Edge.

In the following slideshow, Accellion provides an overview of the trends expected to be seen in cybersecurity and how these changes will affect C-level executives and boards of directors.

2016 Security Trends

Click through for cybersecurity trends expected in 2016, as identified by Accellion.

Privacy vs. National Security

The privacy vs. national security debate will be a critical presidential campaign topic.

The fallout from Edward Snowden’s revelations has been unfolding ever since his initial disclosure in 2013. His revelations illustrated to the world just how far governments had gone in encroaching on personal privacy, and set in motion a debate that should come to a head in 2016.

Events such as the Paris attacks and the overturning of the EU-U.S. Safe Harbor data transfer pact are fanning the flames of the data privacy debate, and the latter issue should be a hot button item in 2016’s presidential race. Staying informed on the outcome of this decision will be essential for organizations planning to do business in Europe, and this is just the first example of how privacy concerns can affect the private sector. As the presidential race narrows in 2016 to two candidates, organizations will need to stay informed of each candidate’s stance on privacy, as well as their proposals to balance privacy with national security and what role technology companies will play.

The Role of CISOs

CISOs will finally get a seat at the board of directors table.

It has been a long time coming, but with the record-breaking data breaches seen in 2015, 2016 is shaping up to be the year CISOs finally get some well-deserved respect from the board of directors. As many of the breaches seen in 2015 demonstrated their capacity to completely destroy a company’s reputation, a CISO’s role is more important than ever.

Boards of directors are realizing two realities: First, no company is safe from a data breach and, second, a data breach is no longer a technology issue but a brand issue. As a result, CISOs will have more interactions and influence with the board. In turn, directors will be more inclined to approve IT budget increases that demonstrate a broader array of security capabilities.

Privacy Regulations

Expect more national regulations and standards for privacy and international file sharing.

Countries are increasingly looking to protect their citizens’ data, in much the same way corporations look to protect their highly sensitive information. This could potentially create headaches for global enterprise IT managers trying to keep track of where company data is being stored.

We will see more nations follow the EU’s lead in requiring data to be stored out of the NSA’s reach. Enterprises should consider localized storage solutions that are either privately owned or maintained on-premise. These solutions offer complete data sovereignty, and fully comply with geographic data segregation requirements. An added incentive to data sovereignty is that it also offers an economic opportunity for local cloud storage firms.

Multi-Factor Authentication

Multi-factor authentication will become the norm.

The use of personally identifiable information (PII) as a sole means of authentication will become a thing of the past, and multi-factor authentication will become the standard for accessing sensitive information. With sophisticated breaches becoming the norm, organizations will rely heavily on security systems that have implemented a form of multi-factor authentication to access critical data. This will ensure there are enough steps of verification to make inappropriate or malicious access much more difficult for would-be hackers.

The breach that occurred last year at the IRS, where hackers used PII to steal tax returns, is the perfect example of why this shift will occur. Attackers were able to use legitimate processes — namely a “Get Transcript” feature that provided access to old tax documents — to commit fraud, resulting in losses in the tens of millions of dollars. Internet black markets are experiencing a Golden Age and you’d be hard pressed to find an individual over the age of 18 whose PII isn’t currently for sale. This state of affairs sets an industry precedent for more robust authentication protocols, and makes it likely that multi-factor authentication will become as common as the use of passwords.

Wearable Device Risks

First enterprise data breach caused by a wearable device.

With the emergence of wearables in the enterprise, 2016 stands to be the year we see the first network intrusion caused by a wearable device like a smartwatch. As a result, it’s important for IT managers to establish policies regarding the proper use of wearables as they have for other BYOD devices like smartphones and tablets.

As more wearables gain Internet access, employees with devices such as smartwatches are going to be the weakest links in the security ecosystem. New technology always puts functionality before security and simultaneously draws the attention of ambitious hackers looking to make a name for themselves in the hacking community. Thus, the target currently placed on wearables is bigger than ever.

The post What Does 2016 Hold for the Evolving Security Landscape? appeared first on IT Business Edge.