Language Selection

English French German Italian Portuguese Spanish

License-Screening Measure Could Benefit Data Brokers

Filed under
Security

Congress is considering forcing states to use data brokers to help screen applicants for commercial drivers' licenses, a potentially lucrative development for an industry under scrutiny for how it handles personal information.

Under a provision of a major highway bill, state motor vehicles departments would have to establish an "information-based" authentication program before the nation's roughly 12 million commercial drivers' licenses could be issued or renewed.

The provision does not specify who should do the work. But only a handful of companies, such as ChoicePoint Inc., LexisNexis and Acxiom, have services that likely would satisfy the requirements.

The firms, which collect, buy and sell personal information on nearly all U.S. adults, package and analyze data on individuals for a variety of clients, from security and law-enforcement agencies needing background checks to companies trying to better target potential customers.

Several of those firms have recently suffered breaches of their databases, exposing millions of consumers to possible fraud or identity theft. A surge of such incidents at companies, banks, universities and other organizations this year sparked congressional hearings and a slew of pending bills to better protect personal information.

Specific rules for the identification program would be set by the Department of Homeland Security and the Federal Motor Carrier Safety Administration. The provision passed as part of the Senate version of the highway bill, which is now being reconciled with a House version that did not include similar language.

"It's important [for national security] because unless there's an established procedure to authenticate identification documents, we might not know who is getting commercial licenses," said a spokesman for Sen. James M. Inhofe (R-Okla.), who authored the provision.

But state motor vehicle officials say the program would be an onerous, unfunded and unnecessary expense.

The recently enacted Real ID Act imposes several new steps for approval of all drivers' licenses, they say, including verification of Social Security numbers, birth certificates and home addresses. Additional rules exist for certifying drivers who transport hazardous materials, the officials add.

Jason King, spokesman for the American Association of Motor Vehicle Administrators, said commercial data brokers are notorious for refusing to correct their databases if they contain erroneous information.

"We worry that it's garbage in, garbage out," King said. By contrast, he said, states verify Social Security numbers directly with the Social Security Administration and are developing a system to authenticate birth certificates.

In a statement, LexisNexis said it strongly supports the bill, though a spokesman declined to say if it lobbied for the provision.

"While state Departments of Motor Vehicle officials may check identifying documents such as birth certificates prior to issuing a driver's license, these documents can be fraudulently obtained or forged," the statement said.

James E. Lee, chief marketing officer for ChoicePoint, said his firm did not lobby for the bill. But he said ChoicePoint the company has a "national infrastructure" for comprehensive identity verification that states currently lack.

He added that the company corrects all inaccuracies that it can, but that if the data came from government agencies and was wrong to begin with, his firm cannot fix it. The bill includes an amendment by Sen. Russell Feingold (D-Wis.) that mandates standards for accuracy and procedures for challenging incorrect data.
Still, privacy advocates are concerned.

Timothy D. Sparapani, legislative counsel on privacy issues for the American Civil Liberties Union, said he worries about the government expanding its use of background checks.

He added that "it's a rather perverse incentive for the government to reward these companies . . . while these companies have not yet demonstrated a capability to control even the data they have collected."

By Jonathan Krim
The Washington Post

More in Tux Machines

Oracle: New VirtualBox 5.2 Beta, SPARC M8 Processors Launched

  • VirtualBox 5.2 to Let Users Enable or Disable Audio Input and Output On-the-Fly
    Oracle announced new updates for its popular, cross-platform and open-source virtualization software, the third Beta of the upcoming VirtualBox 5.2 major release and VirtualBox 5.1.28 stable maintenance update. We'll start with the stable update, VirtualBox 5.1.28, as it's more important for our readers using Oracle VM VirtualBox for all of their virtualization needs. The VirtualBox 5.1 maintenance release 28 is here to improve audio support by fixing various issues with both the ALSA and OSS backends, as well as an accidental crash with AC'97.
  • SPARC M8 Processors Launched
    While Oracle recently let go of some of their SPARC team, today marks the launch of the SPARC M8. The initial SPARC M8 line-up includes the T8-1, T8-2, T8-4. M8-8, and SuperCluster M8-8 servers.

Wikileaks Releases Spy Files Russia, CCleaner Infected, Equifax Has a Dirty Little Secret

  • Spy Files Russia
    This publication continues WikiLeaks' Spy Files series with releases about surveillance contractors in Russia. While the surveillance of communication traffic is a global phenomena, the legal and technological framework of its operation is different for each country. Russia's laws - especially the new Yarovaya Law - make literally no distinction between Lawful Interception and mass surveillance by state intelligence authorities (SIAs) without court orders. Russian communication providers are required by Russian law to install the so-called SORM ( Система Оперативно-Розыскных Мероприятий) components for surveillance provided by the FSB at their own expense. The SORM infrastructure is developed and deployed in Russia with close cooperation between the FSB, the Interior Ministry of Russia and Russian surveillance contractors.
  • Malware-Infected CCleaner Installer Distributed to Users Via Official Servers for a Month
    Hackers have managed to embed malware into the installer of CCleaner, a popular Windows system optimization tool with over 2 billion downloads to date. The rogue package was distributed through official channels for almost a month. CCleaner is a utilities program that is used to delete temporary internet files such as cookies, empty the Recycling Bin, correct problems with the Windows Registry, among other tasks. First released in 2003, it has become hugely popular; up to 20 million people download it per month. Users who downloaded and installed CCleaner or CCleaner Cloud between Aug. 15 and Sept. 12 should scan their computers for malware and update their apps. The 32-bit versions of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected.
  • Equifax Suffered a Hack [sic] Almost Five Months Earlier Than the Date It Disclosed
  • This is why you shouldn’t use texts for two-factor authentication

    For a long time, security experts have warned that text messages are vulnerable to hijacking — and this morning, they showed what it looks like in practice.

Amazon Changes Rental ('Cloud') Model on GNU/Linux

Devices/Hardware: Embedded/Boards, CODESYS, and EPYC Linux Performance

  • Linux friendly IoT gateway runs on 3.5-inch Bay Trail SBC
    While the MB-80580 SBC lists SATA II, the gateway indicates SATA III. Also, the gateway datasheet notes that the RS232 ports can all be redirected to RS232/422/485. Software includes Windows IoT Core and Server, as well as Yocto, Ubuntu Snappy Core, and CentOS Linux distributions.
  • Rugged panel PC scales up to a 19-inch touchscreen
    The fanless, IP65-rated WinSystems “PPC65B-1x” panel PC runs Linux or Win 10 on a quad-core Atom E3845, and offers 10.4 to 19-inch resistive touchscreens.
  • CODESYS announces CODESYS-compatible SoftPLC for open Linux device platforms
  • EPYC Linux performance from AMD
    Phoronix have been hard at work testing out AMD's new server chip, specifically the 2.2/2.7/3.2GHz EPYC 7601 with 32 physical cores.  The frequency numbers now have a third member which is the top frequency all 32 cores can hit simultaneously, for this processor that would be 2.7GHz.  Benchmarking server processors is somewhat different from testing consumer CPUs, gaming performance is not as important as dealing with specific productivity applications.   Phoronix started their testing of EPYC, in both NUMA and non-NUMA configurations, comparing against several Xeon models and the performance delta is quite impressive, sometimes leaving even a system with dual Xeon Gold 6138's in the dust.  They also followed up with a look at how EPYC compares to Opteron, AMD's last server offerings.  The evolution is something to behold.
  • Opteron vs. EPYC Benchmarks & Performance-Per-Watt: How AMD Server Performance Evolved Over 10 Years
    By now you have likely seen our initial AMD EPYC 7601 Linux benchmarks. If you haven't, check them out, EPYC does really deliver on being competitive with current Intel hardware in the highly threaded space. If you have been curious to see some power numbers on EPYC, here they are from the Tyan Transport SX TN70A-B8026 2U server. Making things more interesting are some comparison benchmarks showing how the AMD EPYC performance compares to AMD Opteron processors from about ten years ago.