EPA security breach exposes personal information of 8,000 people
By Jill R. Aitoro

A computer security breach at the Environmental Protection Agency (EPA) exposed the Social Security numbers and banking information of nearly 8,000 people, most of them current employees, the EPA confirmed August 1. The EPA told the Washington Business Journal in a statement that it notified 5,100 current employees and some 2,700 “other individuals” about a March security incident that exposed personal information on an EPA database. Those impacted were informed about the breach July 31, 4 months after it occurred. The EPA is offering free credit-monitoring services for 1 year to people affected by the breach. “EPA conducted a risk analysis, [which] indicates it is unlikely the personal financial information has been used,” according to the EPA statement. “Vigilantly keeping data secure from increasingly sophisticated cyber threats is a top priority at EPA. The agency already added new safeguards in response to the incident.” The agency’s Office of the Inspector General confirmed an investigation is underway.

Details Here

first published week of:   08/06/2012

Facial ID Tech Being Tested at Alabama County Jail

The Calhoun County Jail in Alabama is testing facial recognition technology that could help revolutionize the way criminals are identified by local law enforcement agencies in the state.

Although the jail’s system is still being implemented, the new biometric software will allow officers to confirm a person’s identity just by having him or her pass in front of a camera. The technology takes 3–D snapshots of an individual’s face, each consisting of 40,000 data points. The images are then automatically compared against a database to locate a match.

Biometric technology isn’t new to Calhoun County. The jail currently uses live scan fingerprinting and has an iris scan system. But Sheriff Larry Amerson believes facial recognition will provide several advantages over those identification methods, mostly centered on officer safety and efficiency gains.

“The way this software is designed, if you walk in front of the camera, it will automatically put a box around your face, grab [an image of] your face and attempt to identify you if you have it connected to the database,” Amerson said. “So when you’re releasing people, you can make a quick and certain identification.”

Details Here

first published week of:   04/16/2012

FBI Director Sees Cyber attacks as the No. 1 Looming Threat

FBI Director Robert S. Mueller (photo: left) believes public–private collaboration is crucial to protect America from cyber attacks — a threat he thinks could become bigger than terrorism itself.

Addressing a crowded hall at the annual RSA Conference on Thursday, March 1, Mueller said government and business need to pool their resources to combat cyber threats.

“We cannot confront cybercrime on our own. Borders and boundaries pose no obstacles for hackers, but they continue to pose obstacles for global law enforcement, with conflicting laws, different priorities and diverse criminal justice systems,” Mueller said, echoing comments he has made in the past. “And with each passing day, the need for a collective approach for true collaboration and timely information sharing becomes more pressing.”

Terrorists have not used the Internet to launch a full-scale attack, Mueller said, but their intent should not be underestimated.

Mueller mentioned al–Qaida’s online English–language magazine, Inspire, which is used to share ideas and recruit members, and how al–Shabab, an al–Qaida affiliate in Somalia, uses Twitter to taunt enemies and encourage terrorist activity.

Details Here

first published week of:   03/05/2012

FBI to open facial recognition searches to police nationwide
by Kathleen Hickey

The FBI is expanding the pilot project of its facial recognition software and will be offering a free-of-charge client software version later this summer to law enforcement agencies.

The Universal Face Workstation will enable law enforcement agencies to conduct automated facial/photo searches with minimal resource investment.

The facial recognition system was piloted in February with the state of Michigan, which is currently submitting searches to the Criminal Justice Information Services (CJIS) Division, according to Jerome Pender, the division’s deputy assistant director. He spoke in a recent statement before the Senate Judiciary Committee’s subcommittee on privacy, technology and the law in a hearing on facial recognition technology and privacy and civil liberties issues.

Several other states are now joining the initiative. “[Memorandums of understanding] have also been executed with Hawaii and Maryland, and South Carolina, Ohio and New Mexico are engaged in the MOU review process for facial recognition pilot participation. Kansas, Arizona, Tennessee, Nebraska and Missouri are also interested in facial recognition pilot participation,” Pender said.

The agency’s facial recognition pilot provides a search of a repository of nearly 13 million criminal mug shot photos taken at time of booking. It is scheduled to be fully operational in the summer of 2014.

Some have expressed privacy concerns about the system. In the same hearing, Sen. Al Franken (D-Minn.), chairman of the subcommittee, said he scheduled the hearing because “there is no law regulating law enforcement use of facial recognition technology.”

“Facial recognition creates acute privacy concerns that fingerprints do not. Once someone has your faceprint, they can get your name, they can find your social networking account and they can find and track you in the street, in the stores you visit, the government buildings you enter, and the photos your friends post online,” he said. “I fear that the FBI pilot could be abused to not only identify protesters at political events and rallies, but to target them for selective jailing and prosecution, stifling their First Amendment rights. Curiously enough, a lot of the presentations on this technology by the Department of Justice show it being used on people attending political events or other public gatherings. I also fear that without further protections, facial recognition technology could be used on unsuspecting civilians innocent of any crime -- invading their privacy and exposing them to potential false identifications.”

However, the FBI has stressed that CJIS holds only criminal mug shots and can be accessed only by authorized law enforcement agencies. Furthermore, participants are required to detail in their MOU the purpose, authority, scope, disclosure and use of information and the security rules and procedures associated with piloting, said Pender.

Details Here

first published week of:   08/20/2012

FBI turns off 3,000 GPS trackers after Supreme Court ruling

Andrew Weissmann, general counsel for the FBI, has announced that his agency is switching off thousands of Global Positioning System-based tracking devices used for surveillance after a Supreme Court decision last month. Weissmann made the statement during a University of San Francisco School of Law symposium on communications privacy this past Friday. According to a Wall Street Journal report, Weissmann said the ruling in the US vs. Jones case, which broadly limited the use of warrantless GPS tracking devices, brought about a "sea change" at the Justice Department.

The ruling, issued on January 23, held that placing a GPS device on the underbody of a car constitutes a search and requires a valid warrant. In the case of Antoine Jones, law enforcement agents obtained a warrant to place a GPS tracker on a car registered to Jones based on evidence suggesting he was involved in drug trafficking. However, the warrant expired before agents actually installed the device, and the GPS tracker was eventually installed in a different jurisdiction from the one the warrant had even authorized. The Justice Department claimed Jones had no reasonable expectation of privacy because he was driving on public roads.

Details Here

first published week of:   02/27/2012

Federal CIO: 1,200 Data Centers to Close by 2015

The federal government is on pace to close at least 1,200 of its 3,100 data centers by the end of 2015, Federal CIO Steven VanRoekel announced in a blog posted on the Office of Management and Budget website.

If completed on time, the closures would achieve the Obama administration’s goal of shutting down at least 40 percent of all data centers.

VanRoekel said the feds’ remaining data centers will have to become more efficient. The interagency group leading the ongoing data consolidation is focusing on efficiency in the data centers that are retained, he said. “Accordingly, agencies will focus on computing power and density instead of capacity, taking advantage of current technologies that deliver more bang for the buck,” VanRoekel wrote.

In the blog, VanRoekel said the U.S. Census Bureau is one of the agencies on the leading edge of the consolidation, having already consolidated two major data centers, which will avoid $1.7 million in operating costs beginning in 2012.

In the months since the feds announced the major consolidation last July, officials have continued to raise the bar. In July, 373 facilities were tapped for closure, with a target of 800 total by 2015. The number increased in this week’s announcement, which takes into account federal data centers of less than 500 square feet. As part of the process, federal agencies are planning to close 525 data centers by 2012.

Details Here

first published week of:   01/02/2012