Language Selection

English French German Italian Portuguese Spanish

License-Screening Measure Could Benefit Data Brokers

Filed under
Security

Congress is considering forcing states to use data brokers to help screen applicants for commercial drivers' licenses, a potentially lucrative development for an industry under scrutiny for how it handles personal information.

Under a provision of a major highway bill, state motor vehicles departments would have to establish an "information-based" authentication program before the nation's roughly 12 million commercial drivers' licenses could be issued or renewed.

The provision does not specify who should do the work. But only a handful of companies, such as ChoicePoint Inc., LexisNexis and Acxiom, have services that likely would satisfy the requirements.

The firms, which collect, buy and sell personal information on nearly all U.S. adults, package and analyze data on individuals for a variety of clients, from security and law-enforcement agencies needing background checks to companies trying to better target potential customers.

Several of those firms have recently suffered breaches of their databases, exposing millions of consumers to possible fraud or identity theft. A surge of such incidents at companies, banks, universities and other organizations this year sparked congressional hearings and a slew of pending bills to better protect personal information.

Specific rules for the identification program would be set by the Department of Homeland Security and the Federal Motor Carrier Safety Administration. The provision passed as part of the Senate version of the highway bill, which is now being reconciled with a House version that did not include similar language.

"It's important [for national security] because unless there's an established procedure to authenticate identification documents, we might not know who is getting commercial licenses," said a spokesman for Sen. James M. Inhofe (R-Okla.), who authored the provision.

But state motor vehicle officials say the program would be an onerous, unfunded and unnecessary expense.

The recently enacted Real ID Act imposes several new steps for approval of all drivers' licenses, they say, including verification of Social Security numbers, birth certificates and home addresses. Additional rules exist for certifying drivers who transport hazardous materials, the officials add.

Jason King, spokesman for the American Association of Motor Vehicle Administrators, said commercial data brokers are notorious for refusing to correct their databases if they contain erroneous information.

"We worry that it's garbage in, garbage out," King said. By contrast, he said, states verify Social Security numbers directly with the Social Security Administration and are developing a system to authenticate birth certificates.

In a statement, LexisNexis said it strongly supports the bill, though a spokesman declined to say if it lobbied for the provision.

"While state Departments of Motor Vehicle officials may check identifying documents such as birth certificates prior to issuing a driver's license, these documents can be fraudulently obtained or forged," the statement said.

James E. Lee, chief marketing officer for ChoicePoint, said his firm did not lobby for the bill. But he said ChoicePoint the company has a "national infrastructure" for comprehensive identity verification that states currently lack.

He added that the company corrects all inaccuracies that it can, but that if the data came from government agencies and was wrong to begin with, his firm cannot fix it. The bill includes an amendment by Sen. Russell Feingold (D-Wis.) that mandates standards for accuracy and procedures for challenging incorrect data.
Still, privacy advocates are concerned.

Timothy D. Sparapani, legislative counsel on privacy issues for the American Civil Liberties Union, said he worries about the government expanding its use of background checks.

He added that "it's a rather perverse incentive for the government to reward these companies . . . while these companies have not yet demonstrated a capability to control even the data they have collected."

By Jonathan Krim
The Washington Post

More in Tux Machines

Leftovers: OSS

  • Blockchain Startups Venture Beyond Bitcoin
    Bitcoin is the most widely-known example of blockchain-based technology, but many of today's startups are looking past the cryptocurrency and towards other, more business-friendly implementations. European blockchain startup incubator Outlier Ventures and Frost & Sullivan have mapped out the blockchain startup landscape, identifying several key areas of activity. It outlines possible paths to success following a busy year for blockchain investments.
  • Another Sandy Bridge Era Motherboard Now Supported By Coreboot
    The Sapphire Pure Platinum H61 is the latest motherboard to be supported by mainline Coreboot for replacing the board's proprietary BIOS.
  • OSI Welcomes the Journal of Open Source Software as Affiliate Member
    The Open Source Initiative® (OSI), a global non-profit organization formed to educate about and advocate for the benefits of open source software and communities, announced that the Journal Of Open Source Software (JOSS), a peer-reviewed journal for open source research software packages, is now an OSI affiliate member.
  • Open source project uses Docker for serverless computing
    Serverless computing has fast become a staple presence on major clouds, from Amazon to Azure. It’s also inspiring open source projects designed to make the concept of functions as a service useful to individual developers. The latest of these projects, called simply Functions as a Service (FaaS) by developer and Linux User contributor Alex Ellis, uses Docker and its native Swarm cluster management technology to package any process as a function available through a web API.
  • PyCharm 2017.1, MicroStrategy 2017.1, Next.js 2.0, and Ubuntu 17.04 final beta released — SD Times news digest: March 27, 2017
  • Open source JavaScript, Node.js devs get NPM Orgs for free
    The SaaS-based tool, which features capabilities like role-based access control, semantic versioning, and package discovery, now can be used on public code on the NPM registry, NPM Inc. said on Wednesday. Developers can transition between solo projects, public group projects, and commercial projects, and users with private registries can use Orgs to combine code from public and private packages into a single project.
  • Slaying Monoliths at Netflix with Node.js
    The growing number of Netflix subscribers -- nearing 85 million at the time of this Node.js Interactive talk -- has generated a number of scaling challenges for the company. In his talk, Yunong Xiao, Principal Software Engineer at Netflix, describes these challenges and explains how the company went from delivering content to a global audience on an ever-growing number of platforms, to supporting all modern browsers, gaming consoles, smart TVs, and beyond. He also looks at how this led to radically modifying their delivery framework to make it more flexible and resilient.
  • Mudlet, the open source MUD client has a new major stable build available
    I don't know how many of you play MUDs, but Mudlet, an open source cross-platform MUD client has hit version 3.0.

today's howtos

Minimal Linux Live

Minimal Linux Live is, as the name suggests, a very minimal Linux distribution which can be run live from a CD, DVD or USB thumb drive. One of the things which set Minimal Linux Live (MLL) apart from other distributions is that, while the distribution is available through a 7MB ISO file download, the project is designed to be built from source code using a shell script. The idea is that we can download scripts that will build MLL on an existing Linux distribution. Assuming we have the proper compiler tools on our current distribution, simply running a single shell script and waiting a while will produce a bootable ISO featuring the MLL operating system. Yet another option the MLL project gives us is running the distribution inside a web browser using a JavaScript virtual machine. The browser-based virtual machine running MLL can be found on the project's website, under the Emulator tab. This gives us a chance to try out the operating system in our web browser without installing or building anything. I decided to try the MLL build process to see if it would work and how long it would take if everything went smoothly. I also wanted to find out just how much functionality such a small distribution could offer. The project's documentation mostly covers building MLL on Ubuntu and Linux Mint and so I decided to build MLL on a copy of Ubuntu 16.04 I had running in a virtual machine. The steps to build MLL are fairly straight forward. On Ubuntu, we first install six packages to make sure we have all the required dependencies. Then we download an archive containing MLL's build scripts. Then we unpack the archive and run the build script. We just need to type four commands in Ubuntu's virtual terminal to kick-start the build process. Read more

GCC Compiler Tests At A Variety Of Optimization Levels Using Clear Linux

For those curious about the impact of GCC compiler optimization levels, a variety of benchmarks were carried out using GCC 6.3 on Intel's Clear Linux platform. Read more Also: LLVM 4.0.1 Planning, Aiming For Better Stable Releases