Wednesday, February 02, 2022
Face-to-Face with The IRS: FILING YOUR TAXES ONLINE & FACIAL RECOGNITION
I’m very disturbed that Americans may have to submit to a facial recognition system, wait on hold for hours, or both, to access personal data on the IRS website. While e-filing returns remain unaffected, I’m pushing the IRS for greater transparency on this plan.
But e-filing is affected. As the IRS's spokesperson noted in a statement to Bloomberg, ID.me is still standing between e-filers and e-filing.
[IRS spokesperson Barbara] LaManna noted that any taxpayer who does not want to use ID.me can opt against filing his or her taxes online.
It may be true that people with existing accounts might be able to route around this tech impediment, but new filers are still forced to interact with ID.me to set up accounts for e-filing.
If spotty state interactions created national headlines, just wait until a nation of millions starts putting ID.me's tech through its paces !
ID.me Finally Admits It Runs Selfies Against Preexisting Databases As IRS Reconsiders Its Partnership With The Company
from the CEO-Blake-Hall-finally-understanding-bluster-can-only-take-you-so-far dept
"Tech company ID.me has made amazing inroads with government customers over the past several months. Some of this is due to unvetted claims by the company's CEO, Blake Hall, who has asserted (without evidence) that the federal government lost $400 billion to fraudulent COVID-related claims in 2020.
He also claimed (without providing evidence) that ID.me's facial recognition tech was sturdy, sound, accurate, and backstopped by human review.
These claims were made after it became apparent the AI was somewhat faulty, resulting in people being locked out of their unemployment benefits in several states. This was a problem, considering ID.me was now being used by 27 states to handle dispersal of various benefits.
And it was bound to get worse, if for no other reason than ID.me would be expected to handle an entire nation of beneficiaries, thanks to its contract with the IRS.
The other problem is the CEO's attitude towards reported failures.
> He has yet to produce anything that backs up his $400 billion in fraud claim and when confronted with mass failures at state level has chosen to blame these on the actions of fraudsters, rather than people simply being denied access to benefits due to imperfect selfies.
> Another claim made by Hall has resulted in a walk-back by ID.me's CEO, prompted by increased scrutiny of his company's activities . .
-- First, the company's AI has never been tested by an outside party, which means any accuracy claims should be given some serious side-eye until it's been independently verified.
-- But Hall also claimed the company wasn't using any existing databases to match faces, insinuating the company relied on 1:1 matching to verify someone's identity. But this couldn't possibly be true for all benefit seekers, who had never previously uploaded a photo to the company's servers, only to be rejected when ID.me claimed to not find a match.
It's obvious the company was using 1:many matching, which carries with it a bigger potential for failure, as well as the inherent flaws of almost all facial recognition tech: the tendency to be less reliable when dealing with women and minorities.
This increased outside scrutiny of ID.me has forced CEO Blake Hall to come clean. And it started with his own employees pointing out how continuing to maintain this line of "1-to-1" bullshit would come back to haunt the company. Internal chats obtained by CyberScoop show employees imploring Hall to be honest about the company's practices before his dishonesty caused it any more damage. [...]
Those messages had a direct effect: Blake Hall issued a LinkedIn post that admitted the company used 1:many verification, which indicates the company also relies on outside databases to verify identity.
In the Wednesday LinkedIn post Hall said that 1:many verification is used “once during enrollment” and “is not tied to identity verification.”
“It does not block legitimate users from verifying their identity, nor is it used for any other purpose other than to prevent identity theft,” he writes.
Hall's post hedges things quite a bit by insinuating any failures to access benefits is the result of malicious fraudsters, rather than any flaws in ID.me's tech. But this belated honesty -- along with the company's multiple failures at the state level -- has caused the IRS to reconsider its reliance on ID.me's AI. (Archived link here.)
. . .This doesn't mean the IRS has divested itself of ID.me completely. At the moment, it's only doing some shopping around. Filing your taxes online still means subjecting yourself to ID.me's verification software for the time being.
A recent blog post on ID.me's site explains how the company verifies identity as well as names the algorithms it relies on to match faces, which include Paravision (which has been tested by the NIST) and Amazon's Rekognition, a product Amazon took off the law enforcement market in 2020, perhaps sensing the public's reluctance to embrace even more domestic surveillance tech.
This may be too little too late for ID.me. Its refusal to engage honestly and transparently with the public while gobbling up state and federal government contracts has expanded its scrutiny past that of the Extremely Online. . ."
Filed Under: blake hall, facial recognition, irs, privacy
Companies: id.me
ALWAYS-ON INTERNET INTERACTIVITY: Generating More Data and Content
Chicago Cops Love Them Some Facebook Sharing, According To Internal Facial Recognition Presentation
from the facebook-remains-the-ultimate-third-party-candidate dept
Somewhere between the calls to end encryption and calls to do literally anything about crime rate spikes at this time of year, at this time of day, in [insert part of the country], localized entirely within [add geofence] lies the reality of law enforcement. While many continue to loudly decry the advent of by-default encryption, the reality of the situation is people are generating more data and content than ever. And most of it is less than a warrant away.
While certain suspect individuals continue to proclaim encryption will result in an apocalypse of criminal activity, others are reaping the benefits of always-on internet interactivity. Clearview, for example, has compiled a database of 10 billion images by doing nothing more than scraping the web, grabbing everything that's been made public by an extremely online world population.
You want facial images free of charge and no Fourth Amendment strings attached? You need look no further than the open web, which has all the faces you want and almost none of the attendant restrictions. "Going dark" is for chumps who don't know how to leverage the public's willingness to share almost anything with the rest of the internet.
The Chicago PD knows who's keeping the internet bread buttered and which side they're on. A report from Business Insider (written by Caroline Haskins) highlights an internal CPD presentation that makes it explicit cops have gained plenty from the rise of social media platforms, easily outweighing the subjective losses end-to-end encryption may have recently created.[...] The document obtained by Business Insider shows the CPD is using multiple facial recognition vendors in their quest for the highly subjective "truth:" ranging from Amazon's no-longer-for-law-enforcement Rekognition to NEC, Cognitec, and Dataworks Plus. . .
> The document says CCTV footage and social media could lead to "suspect identification." But it also notes prospective pitfalls of the technology, saying that facial recognition was a "narrow tool" that couldn't be used to "'confirm' an identification by other means."
Again, the words are only as good as their interpretation by officers utilizing this technology and the wealth of information made accessible by social media platforms. And there's a shit ton of inputs. Millions of images are easily accessible through Facebook. Millions more have been harvested by the Chicago PD, which operates or has access to more than 30,000 surveillance cameras located in the city.
The Chicago PD's relationship with emerging surveillance tech has been no better than its constantly deteriorating relationship with the people it serves.
The PD has been an enthusiastic early adopter of unproven tech, blowing tax dollars on ShotSpotter (which is terrible at spotting shots) and Clearview's facial recognition AI (which has been assailed by law enforcement agencies as mostly useless).
We want law enforcement agencies to be good stewards of the money and power they're entrusted with. The Chicago PD has been neither for decades. While this presentation does a good job explaining the pitfalls of utilizing open source images in conjunction with facial recognition tech, the fact is Chicago cops are results-oriented. When that happens, the ends justify the means, even when the ends are ultimately tossed by trial court judges and federal civil rights lawsuits. Officers are on notice that facial recognition tech is highly-fallible. But, until we see otherwise, we can probably assume CPD officers are more interested in deploying the tech than ensuring search results are accurate."
Filed Under: chicago, chicago pd, facial recognition
Companies: facebook
Tuesday, February 01, 2022
NEW FIELDS OF CYBERWARS IN EURASIA...
German petrol supply firm Oiltanking paralyzed by cyber attack
"Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations.
Additionally, the attack has also affected Mabanaft GmbH, an oil supplier. Both entities are subsidiaries of the Marquard & Bahls group, which may have been the breach point.
Supply stable but volatile
Because the firm supplies a total of 26 companies in the country with fuel, German media raised worries about shortages immediately, but officials came forth to appease them.
Shell alone operates 1,955 gas stations in the country, so if they were to run out of fuel, it would cause a crisis that would have an adverse effect on an array of Germany's day-to-day operations, and by extension its national economy.
The managing director of the independent tank storage association in Germany, Frank Shaper, told Spiegel that the attack does not endanger the supply of fuel in the country neither on heating nor the transportation aspects.
However, the disruption remains significant, and if it takes the firm a long time to resolve the IT problems caused by the attack, the supply chain could also be disrupted.
This is mainly due to the automation of the tank loading/unloading process that cannot fall back to manual operations since it relies entirely on computerized systems that are currently offline...
Bleeping Computer received the following comment from the company regarding the current situation:
On Saturday, January 29th 2022, Oiltanking GmbH Group and Mabanaft GmbH & Co. KG (Mabanaft) Group discovered we have been the victim of a cyber incident affecting our IT systems. Upon learning of the incident, we immediately took steps to enhance the security of our systems and processes and launched an investigation into the matter. We are working to solve this issue according to our contingency plans, as well as to understand the full scope of the incident. We are undertaking a thorough investigation, together with external specialists and are collaborating closely with the relevant authorities. All terminals continue to operate safely.
Oiltanking Deutschland GmbH & Co. KG, an operating unit within the Mabanaft Group, operates all terminals in Germany and is not part of the Oiltanking GmbH Group.
Oiltanking GmbH Group continues to operate all terminals in all global markets. Oiltanking Deutschland GmbH & Co. KG terminals are operating with limited capacity and have declared force majeure. Mabanaft Deutschland GmbH & Co. KG has also declared force majeure for the majority of its inland supply activities in Germany. All parties continue to work to restore operations to normal in all our terminals as soon as possible.
Last week, the German intelligence service, BfV, warned local firms of ongoing cyberattacks coordinated by the APT27 Chinese state-supported hacking group...
While the attack on Oiltanking hasn’t been attributed to any actors yet, it could be the work of a state actor who seeks to cause large-scale disruption and economic damage."
BEA News: Gross Domestic Product by State and Personal Income by State, 3rd Quarter 2025
BEA News: Gross Domestic Product by State and Personal Income by S...
-
Flash News: Ukraine Intercepts Russian Kh-59 Cruise Missile Using US VAMPIRE Air Defense System Mounted on Boat. Ukrainian forces have made ...
