Daily Digest (12/24)

NY’s Cuomo Suspends Facial Recognition in Schools Until 2022; Facebook to Allow Users to Use Security Keys; Mass. Governor to Sign Bill Limiting Facial Recognition Use; UK Privacy Regulator Issues Warning Over SolarWinds Hack.  

NY’s Cuomo Suspends Facial Recognition in Schools Until 2022

New York Gov. Andrew Cuomo on Tuesday signed legislation suspending the use of facial-recognition technology and any other biometric technology in public and private K-12 schools.

The law placed a moratorium on schools buying or using biometric technology until at least July 1, 2022, or until a study could be done to determine acceptable use of the technology, Scoop News Group reports. 

“Facial-recognition technology could provide a host of benefits to New Yorkers, but its use brings up serious and legitimate privacy concerns that we have to examine, especially in schools,” Cuomo, a Democrat, said in a news release. 

“This legislation requires state education policymakers to take a step back, consult with experts and address privacy issues before determining whether any kind of biometric identifying technology can be brought into New York’s schools.

“The safety and security of our children is vital to every parent, and whether to use this technology is not a decision to be made lightly,” Cuomo said.

The law also directed the state Office of Information Technology to work with the New York State Education Department to develop the report and obtain feedback from teachers, parents and school-safety experts to address issues of data privacy and security. 

Sources (all links external): 

Facebook to Allow Users to Use Security Keys  

Facebook said Tuesday that it would allow users to set up physical security keys next year to verify their identity before logging into its mobile app.

The company currently has an option to require a hardware security key to connect to a desktop computer prior to each log-in, Reuters reports. 

Users could purchase a hardware key from retailers and register it with Facebook, the company said. 

Facebook added that it also planned to expand Facebook Protect, its security program for high-profile accounts including election candidates, to other accounts globally next year, Reuters reports. 

Mass. Governor to Sign Bill Limiting Facial Recognition Use

Republican Massachusetts Gov. Charlie Baker’s office said that he would sign a police-reform bill he rejected earlier this month after the state Senate made concessions, including allowing use of facial-recognition technology in limited cases.

A Baker spokeswoman said that he’d look forward to signing the bill after the Senate approved its own amendment, tweaking the changes proposed by the governor on Dec. 10., MassLive reports. 

Officers requesting the use of face biometrics would have to submit a written request to the Department of Motor Vehicles, state police or the FBI, according to MassLive.

“Today’s Senate proposal reflects the amendments that the governor made to the bill two weeks ago,”  Lizzy Guyton, Baker’s communications director, said in a statement after the Senate approved its amendment.

“After discussing the governor’s amendments with the Black and Latino Legislative Caucus, the administration believes this package addresses the issues identified by the governor’s amendments and he looks forward to signing this version should it reach his desk.”

UK Privacy Regulator Issues Warning Over SolarWinds Hack 

The U.K.’s data-privacy regulator warned organizations that they should “immediately check” if they have been affected by the SolarWinds hack.

The watchdog reminded those holding data on U.K. citizens that they had 72 hours to report a breach once discovered, BBC News reports. 

Last week, a security source told the BBC News that the investigators believed only a small number of British organizations had been affected. 

But it has been reported that accountants Deloitte, chip-makers Intel and Nvidia and cloud-computing software company VMWare were among those who have used the Orion network monitoring tool that had been altered to provide the hackers a backdoor.

The National Cyber Security Centre also urged organizations to take steps to protect their networks.

“This is a complex, global cyberincident,” said Director of Operations Paul Chichester. “But simply having SolarWinds does not automatically make an organization vulnerable to real-world impact.”

–By DPN Staff