Tag Archive for: requirement

IRS To Ditch Biometric Requirement for Online Access – Krebs on Security

/in


The Internal Revenue Service (IRS) said today it will be transitioning away from requiring biometric data from taxpayers who wish to access their records at the agency’s website. The reversal comes as privacy experts and lawmakers have been pushing the IRS and other federal agencies to find less intrusive methods for validating one’s identity with the U.S. government online.

Late last year, the login page for the IRS was updated with text advising that by the summer of 2022, the only way for taxpayers to access their records at irs.gov will be through ID.me, an online identity verification service that collects biometric data — such as live facial scans using a mobile device or webcam.

The IRS first announced its partnership with ID.me in November, but the press release received virtually no attention. On Jan. 19, KrebsOnSecurity published the story IRS Will Soon Require Selfies for Online Access, detailing a rocky experience signing up for IRS access via ID.me. That story immediately went viral, bringing this site an almost unprecedented amount of traffic. A tweet about it quickly garnered more than two million impressions.

It was clear most readers had no idea these new and more invasive requirements were being put in place at the IRS and other federal agencies (the Social Security Administration also is steering new signups to ID.me).

ID.me says it has approximately 64 million users, with 145,000 new users signing up each day. Still, the bulk of those users are people who have been forced to sign up with ID.me as a condition of receiving state or federal financial assistance, such as unemployment insurance, child tax credit payments, and pandemic assistance funds.

In the face of COVID, dozens of states collectively lost tens of billions of dollars at the hands of identity thieves impersonating out-of-work Americans seeking unemployment insurance. Some 30 states and 10 federal agencies now use ID.me to screen for ID thieves applying for benefits in someone else’s name.

But ID.me has been problematic for many legitimate applicants who saw benefits denied or delayed because they couldn’t complete ID.me’s verification process.  Critics charged the…

Source…

Federal Agencies Announce a New 36-Hour Cybersecurity Incident Rule Reporting Requirement | Cozen O’Connor

/in


On November 18, 2021, the Office of the Comptroller of the Currency (“OCC”),  the Board of Governors of the Federal Reserve System (“Board”), and the Federal Deposit Insurance Corporation (“FDIC”) (collectively, the “Agencies”) issued a new rule (the “Rule”) that requires banking organizations and their bank service providers to report any “significant” cybersecurity incident within 36 hours of discovery, as set forth in the Federal Register (see 12 CFR Part 53 for the OCC, 12 CFR Part 225 for the Board and 12 CFR Part 304 for the FDIC). Due to the frequency and severity of cyberattacks on the financial services industry, the Rule is intended to promote the timely notification of “computer-security incidents” (as defined below) that may materially and adversely affect entities regulated by the Agencies. The Rule takes effect on April 1, 2022, with full compliance required by May 1, 2022.

Which entities does this Rule apply to?

The Rule applies to FDIC, Board, and OCC regulated “banking organizations.” The definition of a banking organization differs based on the applicable federal regulator:

  • FDIC: an FDIC-supervised insured depository institution, including all insured state nonmember banks, insured state-licensed branches of foreign banks, and insured state savings associations
  • Board: a U.S. bank holding company, U.S. savings and loan holding company, state member bank, the U.S. operations of foreign banking organizations, and an Edge Act or agreement corporation
  • OCC: a national bank, federal savings association, or federal branch or agency of a foreign bank

The Rule also applies to a “bank service provider,” which is defined as a “bank service company” or other person who performs “covered services,” which are services performed by a “person” that are subject to the Bank Service Company Act (“BSCA”) (12 U.S.C. §§ 1861–1867). Services covered by the BSCA include check and deposit sorting and posting, computation and posting of interest, preparation and mailing of checks or statements, and other clerical, bookkeeping, accounting, statistical, or similar functions such as data processing, online banking, and mobile…

Source…

The Requirement for High-Priced and Difficult Tools are Hampering Market Growth

/in


DUBLIN, Jan. 20, 2021 /PRNewswire/ — The “Digital Security Control – Global Market Outlook (2019-2027)” report has been added to ResearchAndMarkets.com’s offering.

Global Digital Security Control market accounted for $13.15 billion in 2019 and is expected to reach $40.22 billion by 2027 growing at a CAGR of 15.0% during the forecast period.

High-level safety attains by biometric technologies and extensive growth of information security is the major factors propelling the market growth. However, they require for high-priced and difficult tools are hampering the market growth.

Digital security control essentially deals with the protection and safety of an individual’s digital identification and other types of interactions that are being carried out in the world of digitalization. It is the network or a type of Internet equivalent of individual physical identity. Digital security comprises dissimilar tools which are being used to safe the physical identity of the subscriber, assets, and the technology in the mobile and online world.

Based on the hardware, the smart card segment is going to have a lucrative growth during the forecast period due to its heavy existence in the online payment segment which proposes superior security by limiting the security risk.

By geography, North America is going to have a lucrative growth during the forecast period due to the increasing demand for digital security systems in the telecommunication and internet security industry in this region. Increasing demand in commercial, industrial, transportation, and mobile security industries would provide the market growth in this region.

Some of the key players profiled in the Digital Security Control Market include 3M, Fireeye, Inc, Gemalto NV, HID Global (Actividentity, Inc.), Morpho S.A.S (Safran), NEC Corporation, Oberthur Technologies, RSA Security LLC, Safenet, Inc, and Vasco Data Security International, Inc.

What the report offers:

  • Market share assessments for the regional and country-level segments
  • Strategic recommendations for the new entrants
  • Covers Market data for the years 2018, 2019 2020, 2024, and 2027
  • Market Trends (Drivers, Constraints, Opportunities, Threats, Challenges, Investment…

Source…

UK Tribunal To Decide Whether Gov’t Agencies Can Continue To Pretend There’s A Residency Requirement For FOI Requests

/in

The UK’s Freedom of Information law is pretty straightforward when it comes to residency requirements. There aren’t any.

Anyone can make a freedom of information request – they do not have to be UK citizens, or resident in the UK. Freedom of information requests can also be made by organisations, for example a newspaper, a campaign group, or a company.

And yet, some UK government agencies have decided to read a residency requirement into a law that doesn’t contain one. As Owen Bowcott reports for The Guardian, these seemingly illegal non-responses to requests are about to be tested in court.

A combined hearing involving the Home Office, Metropolitan police, the Information Commissioner’s Office (ICO) and 13 separate cases is to be held at an information tribunal in London.

At issue is whether applicants overseas are entitled to a response when submitting freedom of information requests to UK government departments and agencies.

Nothing in the UK’s Freedom of Information law appears to institute a residency requirement for FOI requesters. Nor does it hint at territorial limitations that could allow agencies to withhold documents from certain requesters. But the agencies handling these 13 cases seem to feel there is a residency requirement and they appear to be applying this novel interpretation to screw with requesters they’d rather not respond to.

One set of requests deals with the UK’s government’s involvement with attempts to extradite Julian Assange for prosecution.

One of the blocked cases is an appeal by the Italian journalist Stefania Maurizi, who works for daily newspaper Il Fatto Quotidiano and writes about WikiLeaks.

She has been pursuing information about how the Crown Prosecution Service dealt with its Swedish counterpart during initial attempts to extradite Assange to Sweden.

So, it appears that at least one of the 13 cases is about documents being withheld because the agency doesn’t want to release them, not because there’s a genuine question about whether the agency is obligated to respond to non-UK residents. Meanwhile, the government says it’s going to continue following the law… by not following the law in these 13 cases — at least until the tribunal says otherwise.

Techdirt.