The Georgetown Law Center for Privacy & Technology released a report that takes a harsh look at the Department of Homeland Security (DHS)’s “Biometric Exit” program. The “Not Ready for Takeoff: Face Scans at Airport Departure Gates” report highlights the myriad number of privacy and fairness issues associated with the use of biometric data for screening and other purposes. The Biometric Air Exit program uses biometric data to verify travelers’ identities as they leave the U.S. and has been deployed at Boston’s Logan International Airport and eight other airports. The program is operated by DHS and uses photographs of passengers taken at the gate while boarding to verify travelers’ identities as they leave the country. Prior to departure of an outbound international flight, DHS prepopulates the Traveler Verification Service (TVS) with biometric templates from the travelers expected on the flight. TVS either confirms the travelers face or rejects the face as a “non-match.” Non-matched travelers credentials will then be checked manually.
Earlier this month, the Department of Homeland Security (DHS) issued a binding order restricting the government’s use of cybersecurity software developed by Moscow-based Kaspersky Labs.
Government departments and agencies have 90 days to remove or discontinue use of any Kaspersky Labs software products—but the buck doesn’t stop there. Kaspersky boasts more than 400 million users and 270,000 corporate clients, meaning organizations that provide any services involving federal information systems would be wise to investigate whether they, either directly or indirectly, use Kaspersky products and services. Continue reading
Formed by the Cybersecurity Act of 2015, a task force established to share cybersecurity information between federal government and private industry representatives has released its “Report on Improving Cybersecurity in the Health Care Industry.” They presented six major action items for Congress, the Department of Health and Human Services, other government agencies and private industry.
The Report organized its recommendations under six Imperatives:
- Define and streamline leadership, governance, and expectations for health care industry cybersecurity;
- Increase the security and resilience of medical devices and health IT;
- Develop the health care workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities;
- Increase health care industry readiness through improved cybersecurity awareness and education;
- Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure; and
- Improve information sharing of industry threats, weaknesses, and mitigations.
In a recent alert, we evaluated the action items and draft recommendations prepared by the Task Force, = and discuss how the Trump administration will react to these new proposals.
Read our review of the Health Care Cybersecurity Task Force Report
The Trump administration has issued two executive orders focusing on national cybersecurity. The first establishes the American Technology Council, tasking it with developing policy around the use of information technology by the federal government and providing insight into how information technology policy is delivered to the president.
The orders include aggressive deadlines for federal agencies to submit reports on the cybersecurity of critical infrastructure entities, which may be difficult to meet.
For more insight, read our detailed review of the executive orders.