ReportWire

Tag: privacy issues

  • NFL to use facial authentication technology for credentialed workers, not ‘everyone at the game’

    NFL to use facial authentication technology for credentialed workers, not ‘everyone at the game’

    Social media posts warned of the NFL rolling out new technology to speed up the process of entering football stadiums. 

    “The NFL will now use facial recognition at every stadium to verify the identity of everyone at the game,” text added to an image shared Aug. 4 on Instagram read. 

    The post’s caption added more information.

    “The #NFL is rolling out facial authentication technology in its stadiums starting on August 8,” it read. “The system allows fans to breeze through entry gates with a simple glance for speedy access and shorter lines. It also recognizes players and employees so that only properly credentialed individuals can access the locker rooms and the press box.”

    (Screenshot from Instagram)

    Some posts cast the NFL’s purported plan as unsettling surveillance. 

    “BIG BROTHER: The NFL announced this week that all 32 teams will be implementing facial recognition software to verify the identity of everyone in the stadium,” read an Aug. 6 Facebook post

    This post was flagged as part of Meta’s efforts to combat false news and misinformation on its News Feed. (Read more about our partnership with Meta, which owns Facebook and Instagram.)

    These posts mischaracterize the NFL’s plans. The league is implementing a new system for some staff and other stadium workers that relies on facial authentication software. But it won’t apply to all fans.

    NFL Communications Director Tim Schlittner said the league is implementing a new process for people “with working credentials,” including team and game day personnel, vendors and media. 

    “Fans are not included in the policy,” he said. 

    Under the new system, credential holders for all 32 NFL teams will be required to submit photos in advance. Then, Schlittner said “facial authentication” technology will be used to grant those people access to various parts of the stadium. 

    Software from the facial authentication platform Wicket will compare credential holders’ submitted photos to a real-time image of their face, Sports Business Journal reported. That report also said the software will be used for “high-security zones including the playing field, locker room and press box.”

    This will not apply to fans: “No fan is required to submit a photo to attend an NFL game,” Schlittner said.

    He said the change — an expansion of a pilot program launched at six stadiums last season — should “make credentialed access more efficient and secure.”

    Some people whom the new system would affect have objected to the change. Officials from the Las Vegas Metropolitan Police Department and its union said the league’s plan to use facial authentication technology would compromise officers’ privacy, The Associated Press reported

    Jeff Boehm, Wicket’s chief operating officer, told PolitiFact in an email that the company’s technology “is NOT used to verify the identity of everyone at a game or in a stadium.”

    Boehm said the NFL’s program is for credentialed people and “is not fan-facing.” 

    Most facial recognition technology “is used as a surveillance tool to identify ‘persons of interest’ in a large crowd or gathering,” he said. Facial authentication technology is different, Boehm said, because people opt-in; the photos used are “much higher quality photos than surveillance images,” which improves accuracy; and the data collected is used for the specific purposes stated — such as verifying a credential. 

    Some sports teams and live events have started using the technology for attendees seeking special access, he said, but their participation in those programs is optional.

    “Fans choose to participate and can opt-out at any time and use traditional methods for ticketing” or concessions, Boehm said. 

    A general overall interior view of the stadium during an NFL football game between the Cleveland Browns and the New England Patriots on Oct. 16, 2022, in Cleveland. (AP)

    At Cleveland Browns Stadium, fans can choose to submit a photo to gain access to benefits such as “Express Access” ticketing lanes, which the Cleveland Browns’ website described as “the fastest way into the stadium on gameday.” Wicket’s 2023 press release about the Cleveland Browns’ initiative addressed privacy concerns, describing its products as “opt-in only.”

    Mercedes-Benz Stadium, where the Atlanta Falcons play, also uses Wicket’s technology for its “Delta Fly-Through Lanes.” 

    Our ruling

    An Instagram post claimed “The NFL will now use facial recognition at every stadium to verify the identity of everyone at the game.”

    That mischaracterizes the league’s plan to adopt a new system that will rely on facial authentication software to grant credentialed staff and other stadium workers access to secured areas of the stadium. That change will not apply to all fans.

    At least one NFL team’s stadium has started offering faster ticketing and concessions service to fans who choose to enroll in a program that uses facial authentication software to access special ticketing and concessions lines. That program is voluntary.

    We rate the claims that the NFL will use facial recognition to “verify the identity of everyone” at every game False.

    Source link

  • PolitiFact – Proposed online safety act does not require websites to verify government IDs

    PolitiFact – Proposed online safety act does not require websites to verify government IDs

    Imagine: You try to sign into Facebook, and the platform asks for government identification before you can proceed. Then YouTube does the same. And TikTok, and X and Reddit, and the list goes on. 

    Social media posts claim that a Senate bill, the Kids Online Safety Act, would mandate that social media platforms, websites and apps use this method to verify users’ ages.

    “Hey (by the way) everyone should be panicking about this,” read a Feb. 16 X post with 1.8 million views as of Feb. 23. “This bill would require everyone to upload your government ID in order to use most sites on the internet. You can forget about your silly lil stan/fandom accounts if this passes.”

    Another X post with 1.7 million views as of Feb. 23 focused on the potential implications for online activism. 

    “If you care about Palestine you NEED to pay attention to KOSA, I’m so serious,” the Feb. 17 post read. “It’s a mass censorship bill & forces everyone to upload their govt ID online to access anything. Say goodbye to being anonymous online. Say goodbye to organizing online. #KOSA”

    Social media users have made similar claims about the bill for months. 

    The claims ignore critical facts.

    The Senate bill, S1409, does not require social media platforms, websites or apps to use government identification to verify people’s identities.

    If the bill becomes law, though, some experts said companies could possibly use age verification methods, which could include government-issued identification. 

    What does the Kids Online Safety Act require?

    The Kids Online Safety Act, sometimes called KOSA, would require social media platforms, websites and apps to take steps to reduce and mitigate harms such as sexual exploitation and online bullying that minors might experience online. Sixty-two senators from both parties have co-sponsored the bill, meaning it will likely head to the House, where its fate is uncertain. The bill’s introduction in 2022 followed months of congressional investigation into how technology and social media companies manage children’s safety.  

    The bill would cover social media platforms, video games, messaging apps and video streaming services that connect to the internet and are used — or are “reasonably likely to be used” — by minors. It would require that companies: 

    • Provide safeguards that limit other users’ ability to communicate with minors or access minors’ personal data.

    • Provide parental tools to supervise minors’ use and to provide minors with default settings with the most restrictive privacy and security safeguards. 

    • Provide features that would let minors more easily delete their accounts and the data linked to those accounts.

    • Provide features that would let minors set time limits for use.

    One section of the bill requires a federal study of “methods and options for developing systems to verify age at the device or operating system level.” 

    Facebook’s Messenger Kids app is displayed on an iPhone in New York, Feb. 16, 2018. (AP)

    We contacted Sen. Marsha Blackburn, R-Tenn., and Sen. Richard Blumenthal, D-Conn., the bill’s lead sponsors, and a Blumenthal spokesperson pointed us to information about the bill on Blumenthal’s website.

    The website answers questions about whether the bill would require age verification or force users to provide their driver’s license or government ID to create social media accounts.

    The answers to these questions is no, both on Blumenthal’s website and a similar section of Blackburn’s website. The bill “does not impose age verification requirements or require platforms to collect more data about users (government IDs or otherwise). In fact, the bill states explicitly that it does not require age gating, age verification, or the collection of additional data from users,” according to both Blumenthal’s and Blackburn’s sites. 

    We verified that the bill says nothing in the legislation should be interpreted as requiring companies to: 

    • Collect “any personal data with respect to the age of users that a covered platform is not already collecting in the normal course of business.”

    • “Implement an age gating or age verification functionality.”

    Experts also told PolitiFact that the bill does not require websites or social media platforms to verify government IDs. 

    Experts don’t rule out age verification if left to the companies 

    The bill would require companies to treat adults and minors differently for features and functions such as default safety settings and who can contact them through their accounts. 

    The bill “does not have an age verification requirement, but most of the bill would only apply to users who are known to be 16 or younger,” said John Perrino, a Stanford Internet Observatory policy analyst. He said that if companies must determine who is under a certain age, it raises “legitimate privacy concerns,” but added that platforms can use other methods that do not include verifying government IDs to determine users’ ages. Those include self-reporting and face scanning tools, some of which are already in use.   

    Caitlin Chin-Rothmann, a fellow at the Center for Strategic and International Studies, a Washington, D.C., think tank that receives some funding from tech platforms, said, “It is possible that companies could extend some KOSA provisions to all users regardless of their perceived age.”  For example, platforms could mitigate “content that glorifies eating disorders, suicidal behaviors or substance abuse” for people of all ages, Chinn-Rothmann said.

    To offer parental controls, as the bill requires, companies would have to identify both parents and minors, and “the only way to authenticate that relationship is through identity verification for both users,” said Shoshana Weissmann, digital director and Fellow at R Street Institute, a think tank that receives some funding from Google. 

    On their websites, Blumenthal and Blackburn wrote that the bill says online platforms must provide the safety and privacy protections “if an online platform already knows that a user is underage.” 

    “Online platforms often already request a date of birth from new users, either for advertising and profiling the user, or for compliance with Children’s Online Privacy Protection Act,” the sites read. “Online platforms also frequently collect or purchase substantial amounts of other data to understand more about their users. But if an online platform truly doesn’t know the age of the user, then it does not face any obligation to provide protections or safeguards under the bill or to collect more data in order to determine the user’s age.”

    Haley Hinkle, policy counsel at Fairplay, a nonprofit organization that opposes child-targeted marketing and supports the Kids Online Safety Act, said some of the bill’s protections apply only when the platform knows users are minors. The bill defines “knows” as having “actual knowledge or knowledge fairly implied on the basis of objective circumstances.”  

    “If a platform has used technology to determine a user’s age for purposes of delivering advertisements or ensuring advertiser brand safety, it must also apply that determination to KOSA protections,” Hinkle said.

    Weissmann said the data on who is a minor “is nowhere near” cut and dried, and the issue likely would result in litigation. Weissman and R Street Institute have opposed the bill.

    “I’m sure I could be flagged as a minor on some platforms where I search for SpongeBob clips and memes,” she said. “Meanwhile, a minor might be searching for information about cancer or even jobs that might make them appear more like an adult.”  

    To avoid lawsuits and liability, platforms covered in the law would likely require all users to verify their ages, Weissmann said. 

    Chin-Rothmann said because there are few “robust technological methods” for accurate age verification that also protect privacy, verifying government IDs might be the “most straightforward and low-cost” age verification method for platforms to use. 

    Our ruling

    An X user says the Kids Online Safety Act “would require everyone to upload” government identification “in order to use most sites on the internet.”

    The Senate bill does not include that requirement or say social media platforms, applications or websites must collect more user information than they already do. 

    Experts did not rule out that companies could turn to methods such as requiring government identification because of the law, but that is speculation. 

    We rate this claim False.

    RELATED: US frets about TikTok feeding data to China; banning app won’t end the threat, experts say

    Source link

  • SEC weighing ‘additional measures’ after hacked post on bitcoin ETF approval

    SEC weighing ‘additional measures’ after hacked post on bitcoin ETF approval

    The Securities and Exchange Commission on Friday said that a social-media post on X falsely stating that it had approved spot bitcoin exchange-traded funds was created after an “unauthorized party” obtained control over the phone number connected with the agency’s account on the platform.

    The markets regulator said its staff would “continue to assess whether additional remedial measures are warranted” in the wake of the breach, which occurred Tuesday and raised questions about cybersecurity at both the agency and the social-media platform, formerly known as Twitter.

    The agency said it was coordinating with law enforcement on the matter, including with the FBI and the Department of Homeland Security.

    “Commission staff are still assessing the impacts of this incident on the agency, investors, and the marketplace but recognize that those impacts include concerns about the security of the SEC’s social media accounts,” the SEC said in a statement.

    The confusion began on Tuesday afternoon, when the hacked post appeared on the SEC’s X account.

    “Today the SEC grants approval for #Bitcoin ETFs for listing on registered national securities exchanges,” the post read. “The approved Bitcoin ETFs will be subject to ongoing surveillance and compliance measures to ensure continued investor protection.”

    A second post appeared two minutes later that simply read “$BTC,” the SEC noted in its statement. The unauthorized user soon deleted that second post, but also liked two other posts by non-SEC accounts, according to the agency. The price of bitcoin
    BTCUSD,
    -0.71%
    rose sharply in the wake of the posts, before soon pulling back.

    In response to the hack, SEC staff posted on the official X account of SEC Chair Gary Gensler announcing that the agency’s main account had been compromised, and that it had not yet approved any spot bitcoin exchange-traded products. Staff then deleted the initial unauthorized post, un-liked the liked posts and used the official SEC account to make a new post clarifying the situation, the agency said Friday.

    The SEC also said that it had reached out to X for assistance Tuesday in the wake of the incident, and that agency staff believe the unauthorized access to the SEC’s account was “terminated” later in the day.

    “While SEC staff is still assessing the scope of the incident, there is currently no evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts,” the agency said.

    The following day, the SEC announced that it had, in fact, approved the listing and trading of spot bitcoin ETFs.

    Wednesday’s move marked a breakthrough for the crypto industry, which for years has tried to get such ETFs off the ground in hopes of drawing more traditional investors to the digital-asset space.

    Bitcoin was down 7.6% over a 24-period as of Friday evening.

    Source link

  • PolitiFact – Can a stranger steal contact info from iPhone? No, that’s not how Apple’s NameDrop works.

    PolitiFact – Can a stranger steal contact info from iPhone? No, that’s not how Apple’s NameDrop works.

    Can a stranger covertly get your child’s personal data by placing an iPhone near your kid’s phone?

    Apple’s new NameDrop iPhone feature allows users to quickly share contact information with their phones. But social media warnings — many from U.S. law enforcement agencies — are stoking privacy fears among parents.

    “Stay alert,” one Nov. 30 Instagram post warned. “The new iPhone update automatically enables ‘NameDrop.’ If anyone places their iPhone near your iPhone or child’s iPhone, it will automatically receive their contact information including a photo, phone number, email, address, and more.”

    The post was flagged as part of Meta’s efforts to combat false news and misinformation on its News Feed. (Read more about our partnership with Meta, which owns Facebook and Instagram.)

    We found multiple social media posts making similar claims. They may be echoing recent social media warnings from U.S. police departments, as well as news reports about those warnings.

    (Facebook screenshots)

    A Connecticut police department issued a “tech alert” in a Nov. 26 Facebook post.

    “With this feature enabled, anyone can place their phone next to yours (or your child’s phone) and automatically receive their contact information to include their picture, phone number, email address and more, with a tap of your unlocked screen,” the post said.

    Law enforcement agencies in Oklahoma, Tennessee, Wisconsin, Virginia, Florida and more states have issued similar warnings. One police department in Pennsylvania had such a warning, but has since deleted it.

    Many of the posts overstate the risks from the NameDrop feature and do not accurately reflect how it works, experts said.

    This Apple video explains how the NameDrop feature works. (Apple via YouTube)

    What is NameDrop and how does it work?

    NameDrop was introduced this summer with Apple’s iOS17 update. In a June 5 press release, Apple said “a user can hold their iPhone near another to share their contact information with only their intended recipients. Users can also choose the specific contact details they want to share — and, importantly, what information they don’t want to share.”

    NameDrop is part of Apple’s existing AirDrop feature, which lets users send photos, videos and more to nearby Apple devices.

    The NameDrop technology also works with Apple Watch models that use watchOS 10.1.

    Getting someone’s contact information isn’t as simple as putting two phones near each other, though. A user must take actions to share their contact information and their phone must be unlocked.

    “It was wrongly reported that iPhones would send the information automatically. Physical interaction with the device — pressing an approve button — is required,” said Johannes Ullrich, dean of research for SANS Technology Institute, an accredited college established by the SANS Institute, a company that specializes in information security and cybersecurity.

    Apple’s iPhone user guide explains how NameDrop works:

    • To share contact information between two phones, hold the display of your iPhone a few centimeters from the top of the other iphone. Both phones will vibrate and glow when a connection is made.

    • Keep holding the phones there until NameDrop appears on both screens.

    • Each user can then choose what contact information to share and receive the other person’s, or to receive only the other person’s.

    • To cancel, simply move the phones apart or lock your iPhone before the NameDrop transfer completes.

    The option to share or receive also goes away if you swipe the screen up, according to a demonstration shared on YouTube by ZolloTech, a technology review website.

    “This process necessitates a deliberate and noticeable action, as the phones glow when data is being shared, making it highly improbable for the transfer to occur from a distance of more than a few centimeters,” said Rob Lee, the chief curriculum director and faculty lead at SANS Institute.

    Lee said if a phone is left open and unlocked and out of reach, it is vulnerable to typical data exposure risks, including contact sharing.

    “However, this type of data transfer cannot be executed by merely passing by,” Lee said.

    People with concerns about NameDrop, which is enabled by default in iOS17, can simply turn it off in their iPhone settings. In your iPhone’s settings, go to General, then select “Airdrop,” then turn off the “Bringing Devices Together” option.

    Parents and guardians of children who have phones with this capability should go over the feature with their children so that they understand how to use it. 

    Our ruling

    An Instagram post warned that your child’s contact information could be given to a stranger if their iPhones come too close together, thanks to Apple’s new NameDrop feature. 

    But that is not how the technology works, experts said. To share contact information using NameDrop, two users must place and hold their unlocked phones together, then each person would choose whether to send or receive contact information, or both. They can also choose which information to share, such as an email or a phone number. It’s not something that happens automatically.

    We rate this claim False.

    Source link

  • Clorox slashes forecast due to effects of cyberattack; stock falls

    Clorox slashes forecast due to effects of cyberattack; stock falls

    Clorox Co. shares fell in the extended session Wednesday after the company slashed its outlook stemming from the impact of a cybersecurity attack over the summer.

    Clorox
    CLX,
    +1.21%
    shares fell about 3% after hours, following a 1.2% gain to close the regular session at $131.83. At Wednesday’s close, Clorox shares were down 6.1% for the year, while the S&P 500 index
    SPX
    has gained 11.1%.

    The company forecast a loss of 75 cents to 35 cents a share, or a loss of 40 cents to break-even per share on an adjusted basis, for the quarter ending Sept. 30.

    Also see: A stranger in your hotel room? Kitty-litter shortages? Online attacks are causing real-world effects.

    Clorox said sales are expected to decrease by 28% to 23% from the year-ago first quarter of $1.74 billion, or in a range between $1.25 billion and $1.34 billion.

    Analysts surveyed by FactSet had forecast first-quarter earnings of $1.29 a share on revenue of $1.77 billion.

    In a statement late Wednesday, Clorox said the reduced outlook was “due to the impacts of the recent cybersecurity attack that was disclosed in August, which caused wide-scale disruption of Clorox’s operations, including order-processing delays and significant product outages.”

    The company said shipment and consumption trends prior to the cyberattack factored in its prior forecast.

    In early August, Clorox forecast sales in 2024 would be flat to 2% higher than 2023’s $7.39 billion, and adjusted earnings between $5.60 and $5.90 for the year, while analysts had expected $5.62 a share on revenue of $7.4 billion at the time.

    Analysts currently forecast, on average, adjusted earnings of $5.78 a share on revenue of $7.5 billion.

    Based on the company’s current assessment, Clorox said it expects “to experience ongoing, but lessening, operational impacts in the second quarter as it makes progress in returning to normalized operations,” and restocking retailers.

    Analysts also forecast second-quarter earnings of $1.18 a share on revenue of $1.77 billion.

    Clorox said it was “in the process of assessing the impact of the cybersecurity attack on fiscal-year 2024 and beyond,” and said it would provide an update during its first-quarter earnings call scheduled in November.

    Back in mid-September, Clorox said the cyberattack would weigh on its results, and by the end of the month shares were on their longest losing streak since 2009.

    Clorox shares have fallen nearly 18% since the company first disclosed the attack in a filing with the Securities and Exchange Commission on Aug. 14.

    Source link

  • A stranger in your hotel room? Kitty-litter shortages? Online attacks are causing real-world effects.

    A stranger in your hotel room? Kitty-litter shortages? Online attacks are causing real-world effects.

    It was past midnight when Alessandra Millican and a friend entered the Bellagio hotel room that was costing them hundreds of dollars a night, but unexpected noises made them stop cold.

    “We started hearing grunts,” she said. “It’s somebody waking up — we were halfway through the room and we realized there’s somebody sleeping in here.”

    Millican…

    Source link