Members of Congress are continuing their push against facial recognition used by the federal government in the wake of the IRS decision to stop using ID.me facial recognition software.On Wednesday, Secretary Alejandro Mayorkas, Rep. Pramila Jayapal, and Rep Ayanna Pressley joined Senators Ed Markey and Jeff Merkley in calling for DHS to end its use of Clearview AI’s facial recognition technology.”Facial recognition tools pose a serious threat to the public’s civil liberties and privacy rights, and Clearview AI’s product is particularly dangerous. We urge you to immediately stop the Department’s use of facial recognition technology, including Clearview AI’s tools. Clearview AI’s technology could eliminate public anonymity in the United States,” the members of Congress wrote in a letter to Homeland Security.”It reportedly allows users to capture and upload photos of strangers, analyze the photographed individuals’ biometric information, and provide users with existing images and personal information of the photographed individuals found online. Clearview AI reportedly scrapes billions of photos from social media sites without permission from or notice to the pictured individuals. In conjunction with the company’s facial recognition capabilities, this trove of personal information is capable of fundamentally dismantling Americans’ expectation that they can move, assemble, or simply appear in public without being identified. Reports indicate that use of this technology is already threatening to do so.”They go on to explain that the use of facial recognition technology would deter people from participating in marches and rallies “for fear of being permanently included in law enforcement databases.”The technology poses unique threats to Black communities, other communities of color, and immigrant communities, the members of Congress added, noting that three Black men have already been wrongfully arrested based on mistakes made by a facial recognition system. Studies from the National Institute of Standards and Technology (NIST) have also found that Black, Brown, and Asian individuals were up to 100 times more likely to be misidentified than white male faces with most facial recognition tools available. According to the letter, facial recognition software is being promoted widely among law enforcement agencies, and “reviews of deployment of facial recognition technology show that law enforcement entities are more likely to use it on Black and Brown individuals than they are on white individuals.”

“Additionally, past law enforcement use of this technology reportedly targeted Black Lives Matter activists. Use of increasingly powerful technologies like Clearview AI’s have the concerning potential to violate Americans’ privacy rights and exacerbate existing injustices,” Jayapal, Markey, Pressley, and Merkley wrote. “Therefore, as the authors of the Facial Recognition and Biometric Technology Moratorium Act (S. 2052/H.R. 3907) — which would halt a federal agency or official from using these technologies — we urge you to stop use of facial recognition tools, including Clearview AI’s products.”The Department of Homeland Security did not respond to requests for comment. The letter comes two days after the Internal Revenue Service (IRS) announced that it will no longer be using ID.me facial recognition software. The agency added in a statement that it will “transition away from using a third-party service for facial recognition to help authenticate people creating new online accounts.”The IRS had faced overwhelming backlash from civil rights groups and members of Congress from both parties, all of whom questioned how the IRS could begin the use of facial recognition without advance warning. But the issue revealed that the IRS was one of many federal and state agencies using facial recognition tools to provide access to vital government services and benefits. ID.me’s facial recognition tools are already used by 27 states for their unemployment benefits systems, according to CyberScoop, while 30 states and 10 federal agencies also use ID.me for other government services. The Veterans Affairs Administration and Social Security Administration both use facial recognition.More than 70 million Americans who filed for unemployment insurance, pandemic assistance grants, child tax credit payments, or other services have already had their faces scanned by ID.me. Several civil rights groups — including Fight for the Future, Algorithmic Justice League, the Electronic Privacy Information Center, and others — that started a protest movement last week designed to stop the IRS plan have expanded the effort to other agencies.Caitlin Seeley George, campaign director at Fight for the Future, told ZDNet they have updated their campaign page, dumpID.me, and are urging the Veterans Affairs Administration, the Social Security Administration, the US Patent and Trademark Office, and the many states using ID.me for unemployment benefits to follow the example of the IRS.”Veterans trying to access their benefits, elderly people trying to access Social Security Administration resources, and those applying for unemployment benefits in dozens of states are all facing the same problems and threats that caused the IRS to stop using ID.me. Many of these essential services are critical for marginalized groups, people who are already disproportionately targeted by surveillance and misidentified by facial recognition technologies,” Seeley George said. “No one should be coerced into giving their biometric information to a third party vendor for seven years or longer in order to access these essential government services. We expect all the lawmakers who spoke out against the broad use of facial recognition by the IRS to push these other agencies to stop using ID.me and any other biometric verification tools.”ID.me to let users delete selfiesIn the wake of the IRS decision, ID.me founder and CEO Blake Hall said they decided to modify their process and will now allow people to choose to verify their identity with a human agent without going through a “selfie check.” Agencies will now be able to choose this option, and Hall said they were also going to allow ID.me users to delete their selfie or photo at account.ID.me beginning on March 1.Aubrey Turner, the executive advisor at identity access management software company Ping Identity, listed several other authentication methods that agencies could use to replace their reliance on facial recognition as a means to stop fraud. He said they could use security keys (FIDO), mobile push, behavioral biometrics, authenticator apps like Google Authenticator, SMS, email, or voice. But all have their pros and cons relative to the balance of security and end-user convenience, he noted.”Static Knowledge Based Answers (KBAs) can no longer be trusted as a means of identity verification and authentication. Facial recognition as implemented by ID.me may not be the answer for IRS, but neither is UID + password. We deserve and should demand better as citizens,” Turner said. “What’s done is done as far as the IRS ending the relationship with ID.me, but how Congress plans to secure taxpayer accounts after abandoning ID.me is now my biggest question and concern.” More

It is the bane of every security researcher: no matter how sophisticated the tool is to fight harmful behavior on any given interface, hackers will always adapt, scale up their game, and find new ways to work around the mechanism. 
In an effort to get ahead of the scammers, Facebook is trying a new approach: to unleash an army of bots on a version of the platform, tasked with harmful actions – so that the Facebook-controlled bots can discover the loopholes before the real scammers even get to them.

Innovation

The technology will be operating in an alternative version of Facebook, dubbed WW to reflect that the system is a scaled-down version of the World Wide Web (WWW). 
SEE: Managing AI and ML in the enterprise 2020: Tech leaders increase project development and implementation (TechRepublic Premium)
Contrary to traditional simulations, in which the simulated bots would be working on a simulated platform, WW is built on Facebook’s real-world software platform. 

The company’s engineering team developed a method called Web-Enabled Simulation (WES), which consists of carrying out simulations on real web infrastructures, rather than artificial ones, to better reflect real user interactions and social behavior.
Using WES, Facebook’s engineers built WW – a parallel version of the social media platform, complete with Messenger, profiles, pages, and inopportune friend requests, but exclusively reserved for bots. 
Presenting the technology at a webinar, Mark Hartman, research scientist at Facebook, said: “The simulations happen on the actual tens of millions of lines of code that make up the Facebook infrastructure. The bots use all of the same software and tools that a user would be using on the platform.” 
“It means the simulation results are much closer to the reality of what happens on the platform, and to the many subtleties where harmful behavior can occur,” he added. 
The bots, therefore, operate in an environment that is very close to the actual users on the platform, but a safe distance has wisely been kept. The bots’ actions are carefully constrained, and the engineers set up both a privacy layer and interaction mechanism layer to separate the two worlds. 

Facebook’s engineers built WW – a parallel version of the social media platform, exclusively reserved for the artificial doing of bots.  
Image: Facebook
Hartman’s team is currently focusing on using the bots to simulate scamming behavior, to find out if the detection mechanisms on Facebook are good enough, but also to uncover the new ways that scammers might try to extort money from unknowing users. 
Real-life scammers typically crawl over the social-media platform until they find a target. And so, in a similar vein to game development, the engineering team recreated a scenario in which innocent bots simulate interactions with bots that are rewarded for crawling and acquiring another agent that they can scam.
Hartman explained that several methods were used to train the bots. They ranged from the old-fashioned rule-based approach, in which bots chose to carry out actions like sending a friend request based on a predetermined set of rules, to unsupervised learning, in which the bots are given the reward criteria but not the rules to get there.
SEE: Sixteen Facebook apps caught secretly sharing data with third-parties
Supervised learning was also a part of the mix: using anonymized data, the researchers defined patterns of real user behavior and trained the bots to imitate them.
“There is a strong relationship with AI-assisted gameplay,” said Hartman. “Simulated game players are a little bit like our bots. We are automating the process of making the game ever-more challenging, because we want to make it harder for potentially sophisticated and well-skilled bad actors.” 
From an engineering perspective, the proposal is ambitious, and Hartman stressed that the project is still in a research phase. Hartman hopes that it is only a matter of months before the WW initiative comes to life, but admitted that further research was needed in various fields such as machine learning, graph theory or AI-assisted gameplay.
If the project were to come about at scale, however, the research team anticipated a significant boost to Facebook’s defense in the war against harmful behavior. 
“The bots, in theory, can do things we haven’t seen before thanks to reinforcement learning,” said Hartman. “That’s something we want because it will let us get ahead of the bad behavior, rather than catch up with it.”
What’s more: using the WES method, WW could be replicated for any large-scale web system in which a community’s behavior can be observed. It could go a long way, therefore, in alleviating moderation efforts for many organizations. More

The Office of the Australian Information Commissioner (OAIC) has made available the outcomes of its latest privacy complaint investigations, including a determination made against Services Australia.
In the complaint against the CEO of Services Australia, Australian Information and Privacy Commissioner Angelene Falk found that the federal government department interfered with the complainant’s privacy as defined in the Privacy Act 1988 by breaching one of the guiding privacy principles.
Specifically, the department disclosed the complainant’s personal information in breach of privacy principle 11.
Australian Privacy Principles (APP) 11 requires an APP entity to take active measures to ensure the security of personal information it holds, and to actively consider whether it is permitted to retain personal information.
The entity must also take reasonable steps to protect the information from misuse, interference and loss, as well as unauthorised access, modification, or disclosure; and they must take reasonable steps to destroy or de-identify the personal information it holds once the personal information is no longer needed for any purpose for which the personal information may be used or disclosed under the APPs.

However, this requirement does not apply where the personal information is contained in a Commonwealth record or where the entity is required by law or a court/tribunal order to retain the personal information.
In her declaration, Falk said she found that Services Australia engaged in conduct constituting an interference with the privacy of the complainant; and must pay the complainant AU$3,000 for non-economic loss caused by the interference with the complainant’s privacy within 60 days of the date of determination. The determination was made on 30 June 2020.
See also: Robo-debt: Minister claims the government is not built for refunds
The complainant’s grievance relates to the collection of her personal information by the former Child Support Agency (CSA) and former department administering child support, and subsequent disclosure to the complainant’s ex-partner in 2012. Services Australia now administers child support.
As explained by the OAIC, the complainant applied to CSA for a change of assessment to the amount of child support paid by her ex-partner. On receipt of the ex-partner’s objection review application, CSA collected the complainant’s personal information from her bank, but did not notify her of that action.
The complainant applied to the Social Security Appeals Tribunal for a review of the objection decision, at which time CSA disclosed the complainant’s personal information to the Tribunal and to the ex-partner as part of the Tribunal review process.
The complainant claimed that the bank statement revealed her personal information in the form of places she frequented. The complainant added that she feared harm from the ex-partner and that she had attempted to keep her location unknown to him.
She had previously obtained a Family Violence Order against the ex-partner.
The complainant was originally seeking compensation of AU$30,000.
Other recent determinations made by Falk include the compensation of AU$3,000 to the complainant for non-economic loss and AU$2,000 for aggravated damages regarding a breach of privacy principle 12 by a psychologist; and compensation of AU$10,000 for non-economic loss and AU$3,400 for economic loss to the first complainant and AU$3000 to the second complainant for non-economic loss in a breach of a few privacy principles by a medical clinic.
RELATED COVERAGE
Services Australia’s proud achievements include answering the phone
Minister Stuart Robert talks about respect and transparency, but they require more than just answering the phone. They even require more than a personalised dashboard. They require wholesale culture change.
Australians made over 3,000 privacy complaints last year
3,306 privacy complaints were made to the Office of the Australian Information Commissioner in 2018-19 and the commissioner has finally admitted her office needs more assistance.
Australian Privacy Commissioner offers advice on staff privacy amid COVID-19
Employers given a little reminder that their Privacy Act obligations still apply, even in a global pandemic.
Accidental personal info disclosure hit Australians 260,000 times last quarter
85 cases of human error resulted in 269,621 instances of Australians having their personal information disclosed accidentally. More

The company responsible for the operation of São Paulo’s subway system has failed to demonstrate sufficient evidence that it is ensuring the protection of user privacy in the implementation of a new platform that will use facial recognition technology. This is the conclusion of a group of consumer rights bodies following the conclusion of legal […] More

Amazon Prime Day is a great time to save money on expensive tech items like laptops, tablets, TVs, and more. But if you’re on a strict budget this summer, we at ZDNET have got you covered.You can find some very useful tech products, devices, and other gadgets for under $25, even before Amazon Prime Day deals officially go live tomorrow, July 16. We’ve rounded up the best deals under $25 that are light on your wallet but super helpful in your life.Also: The best Prime Day deals right now Best Amazon Prime Day 2024 deals under $25 Rocketbook Core Reusable Smart Notebook for $24 (save $10) More