Language Selection

English French German Italian Portuguese Spanish

License-Screening Measure Could Benefit Data Brokers

Filed under
Security

Congress is considering forcing states to use data brokers to help screen applicants for commercial drivers' licenses, a potentially lucrative development for an industry under scrutiny for how it handles personal information.

Under a provision of a major highway bill, state motor vehicles departments would have to establish an "information-based" authentication program before the nation's roughly 12 million commercial drivers' licenses could be issued or renewed.

The provision does not specify who should do the work. But only a handful of companies, such as ChoicePoint Inc., LexisNexis and Acxiom, have services that likely would satisfy the requirements.

The firms, which collect, buy and sell personal information on nearly all U.S. adults, package and analyze data on individuals for a variety of clients, from security and law-enforcement agencies needing background checks to companies trying to better target potential customers.

Several of those firms have recently suffered breaches of their databases, exposing millions of consumers to possible fraud or identity theft. A surge of such incidents at companies, banks, universities and other organizations this year sparked congressional hearings and a slew of pending bills to better protect personal information.

Specific rules for the identification program would be set by the Department of Homeland Security and the Federal Motor Carrier Safety Administration. The provision passed as part of the Senate version of the highway bill, which is now being reconciled with a House version that did not include similar language.

"It's important [for national security] because unless there's an established procedure to authenticate identification documents, we might not know who is getting commercial licenses," said a spokesman for Sen. James M. Inhofe (R-Okla.), who authored the provision.

But state motor vehicle officials say the program would be an onerous, unfunded and unnecessary expense.

The recently enacted Real ID Act imposes several new steps for approval of all drivers' licenses, they say, including verification of Social Security numbers, birth certificates and home addresses. Additional rules exist for certifying drivers who transport hazardous materials, the officials add.

Jason King, spokesman for the American Association of Motor Vehicle Administrators, said commercial data brokers are notorious for refusing to correct their databases if they contain erroneous information.

"We worry that it's garbage in, garbage out," King said. By contrast, he said, states verify Social Security numbers directly with the Social Security Administration and are developing a system to authenticate birth certificates.

In a statement, LexisNexis said it strongly supports the bill, though a spokesman declined to say if it lobbied for the provision.

"While state Departments of Motor Vehicle officials may check identifying documents such as birth certificates prior to issuing a driver's license, these documents can be fraudulently obtained or forged," the statement said.

James E. Lee, chief marketing officer for ChoicePoint, said his firm did not lobby for the bill. But he said ChoicePoint the company has a "national infrastructure" for comprehensive identity verification that states currently lack.

He added that the company corrects all inaccuracies that it can, but that if the data came from government agencies and was wrong to begin with, his firm cannot fix it. The bill includes an amendment by Sen. Russell Feingold (D-Wis.) that mandates standards for accuracy and procedures for challenging incorrect data.
Still, privacy advocates are concerned.

Timothy D. Sparapani, legislative counsel on privacy issues for the American Civil Liberties Union, said he worries about the government expanding its use of background checks.

He added that "it's a rather perverse incentive for the government to reward these companies . . . while these companies have not yet demonstrated a capability to control even the data they have collected."

By Jonathan Krim
The Washington Post

More in Tux Machines

Networking and Security

  • FAQ: What's so special about 802.11ad Wi-Fi?
    Here are the broad strokes about 802.11ad, the wireless technology that’s just starting to hit the market.
  • 2.5 and 5 Gigabit Ethernet Now Official Standards
    In 2014, multiple groups started efforts to create new mid-tier Ethernet speeds with the NBASE-T Alliance starting in October 2014 and MGBASE-T Alliance getting started a few months later in December 2014. While those groups started out on different paths, the final 802.3bz standard represents a unified protocol that is interoperable across multiple vendors. The promise of 2.5 and 5 Gbps Ethernet is that they can work over existing Cat5 cabling, which to date has only been able to support 1 Gbps. Now with the 802.3bz standard, organizations do not need to rip and replace cabling to get Ethernet that is up to five times faster. "Now, the 1000BASE-T uplink from the wireless to wired network is no longer sufficient, and users are searching for ways to tap into higher data rates without having to overhaul the 70 billion meters of Cat5e / Cat6 wiring already sold," David Chalupsky, board of directors of the Ethernet Alliance and Intel principal engineer, said in a statement. "IEEE 802.3bz is an elegant solution that not only addresses the demand for faster access to rapidly rising data volumes, but also capitalizes on previous infrastructure investments, thereby extending their life and maximizing value."
  • A quick fix for stupid password reset questions
    It didn’t take 500 million hacked Yahoo accounts to make me hate, hate, hate password reset questions (otherwise known as knowledge-based authentication or KBA). It didn't help when I heard that password reset questions and answers -- which are often identical, required, and reused on other websites -- were compromised in that massive hack, too. Is there any security person or respected security guidance that likes them? They are so last century. What is your mother’s maiden name? What is your favorite color? What was your first pet’s name?
  • French hosting provider hit by DDoS close to 1TBps
    A hosting provider in France has been hit by a distributed denial of service attack that went close to one terabyte per second. Concurrent attacks against OVH clocked in at 990GBps. The attack vector is said to be the same Internet-of-Things botnet of 152,464 devices that brought down the website of security expert Brian Krebs. OVH chief technology officer Octave Klaba tweeted that the network was capable of attacks up to 1.5TBps.
  • Latest IoT DDoS Attack Dwarfs Krebs Takedown At Nearly 1Tbps Driven By 150K Devices
    If you thought that the massive DDoS attack earlier this month on Brian Krebs’ security blog was record-breaking, take a look at what just happened to France-based hosting provider OVH. OVH was the victim of a wide-scale DDoS attack that was carried via network of over 152,000 IoT devices. According to OVH founder and CTO Octave Klaba, the DDoS attack reached nearly 1 Tbps at its peak. Of those IoT devices participating in the DDoS attack, they were primarily comprised of CCTV cameras and DVRs. Many of these types devices' network settings are improperly configured, which leaves them ripe for the picking for hackers that would love to use them to carry our destructive attacks.

Android Leftovers

  • Goodbye QWERTY: BlackBerry stops making hardware
    BlackBerry CEO John Chen has been hinting at this move for almost a year now: today BlackBerry announced it will no longer design hardware. Say goodbye to all the crazy hardware QWERTY devices, ultra-wide phones, and unique slider designs. Speaking to investors, BlackBerry CEO John Chen described the move as a "pivot to software," saying, "The company plans to end all internal hardware development and will outsource that function to partners. This allows us to reduce capital requirements and enhance return on invested capital." The "Outsourcing to partners" plan is something we've already seen with the "BlackBerry" DTEK50, which was just a rebranded Alcatel Idol 4. Chen is now betting the future of the company on software, saying, "In Q2, we more than doubled our software revenue year over year and delivered the highest gross margin in the company's history. We also completed initial shipments of BlackBerry Radar, an end-to-end asset tracking system, and signed a strategic licensing agreement to drive global growth in our BBM consumer business." BlackBerry never effectively responded to the 2007 launch of the iPhone and the resulting transition to modern touchscreen smartphones. BlackBerry took swings with devices like the BlackBerry Storm in 2008, its first touchscreen phone; and the BlackBerry Z10 in 2013, the first BlackBerry phone with an OS designed for touch, but neither caught on. BlackBerry's first viable competitor to the iPhone didn't arrive until it finally switched to Android in 2015 with the BlackBerry Priv. It was the first decent BlackBerry phone in some time, but the high price and subpar hardware led to poor sales.
  • Oracle's 'Gamechanger' Evidence Really Just Evidence Of Oracle Lawyers Failing To Read
    Then on to the main show: Oracle's claim that Google hid the plans to make Android apps work on Chrome OS. Google had revealed to Oracle its "App Runtime for Chrome" (ARC) setup, and it was discussed by Oracle's experts, but at Google I/O, Google revealed new plans for apps to run in Chrome OS that were not using ARC, but rather a brand new setup, which Google internally referred to as ARC++. Oracle argued that Google only revealed to them ARC, but not ARC++ and that was super relevant to the fair use argument, because it showed that Android was replacing more than just the mobile device market for Java. But, here's Oracle's big problem: Google had actually revealed to Oracle the plans for ARC++. It appears that Oracle's lawyers just missed that fact. Ouch.
  • Understanding Android's balance between openness and security
    At the 2016 Structure Security conference, Google's Adrian Ludwig talked about the balance between keeping Android as open as possible, while also keeping it secure.
  • Google's Nougat Android update hits the sweet spot: Software 'isn't flashy, but still pretty handy'
    Nougat, Google's latest update of its Android smartphone software, isn't particularly flashy; you might not even notice what's different about it at first. But it offers a number of practical time-saving features, plus a few that could save money — and perhaps even your life. Nougat is starting to appear on phones, including new ones expected from Google next week.
  • How to change the home screen launcher on Android
  • Andromeda: Chrome OS and Android will merge
  • Sale of Kodi 'fully-loaded' streaming boxes faces legal test
  • Android boxes: Middlesbrough man to be first to be prosecuted for selling streaming kits

Endless OS 3.0 is out!

So our latest and greatest Endless OS is out with the new 3.0 version series! The shiny new things include the use of Flatpak to manage the applications; a new app center (GNOME Software); a new icon set; a new Windows installer that gives you the possibility of installing Endless OS in dual-boot; and many bug fixes. Read more

Expandable, outdoor IoT gateway runs Android on i.MX6

VIA’s “Artigo A830” IoT gateway runs Android on an i.MX6 DualLite SoC and offers HDMI, GbE, microSD, numerous serial and USB ports, plus -20 to 60° operation. As the name suggests, the VIA Technologies Artigo A830 Streetwise IoT Platform is designed for outdoor Internet of Things gateway applications. These are said to include smart lockers, vending machines, information kiosks, and signage devices that run “intensive multimedia shopping, entertainment, and navigation applications.” The outdoors focus is supported with an extended -20 to 60°C operating range, as well as surge and ESD protection for surviving challenges such as a nearby lightning strike. Read more