Welcome to ID Tech’s digest of identity industry news. Here’s what you need to know about the world of digital identity and biometrics today:
Employees and Subscribers Voice Concerns Over T-Mobile’s CLEAR Biometric Login Policy
T-Mobile’s new policy mandating biometric login through CLEAR, provided by Alclear LLC, has raised concerns among employees and subscribers regarding data privacy and security. Replacing traditional passwords, the system now requires fingerprints, facial scans, and iris recognition, a shift drawing scrutiny due to Alclear’s data-sharing policy, which allows biometric and personal data to be shared or sold to third parties. Alclear’s data collection scope includes Social Security numbers, government-issued ID details, credit card information, and device IP addresses, raising additional privacy concerns. Alclear’s Better Business Bureau rating of B- reflects unresolved complaints about data handling practices, further fueling unease. While the change aligns with industry trends in biometric verification, T-Mobile users and privacy advocates highlight the need for stronger data protection and transparency.
New CLR Cert Evaluation Program Tackles Biometrics, Deepfake Detection
Cabinet Louis Reynaud (CLR Labs) has introduced CLR Cert, a Conformity Assessment Body (CAB) program aimed at evaluating compliance in biometrics, cybersecurity, digital identities, and remote identity verification. The launch aligns with the European Union’s NIS2 Directive, mandating enhanced cybersecurity across critical sectors. CLR Cert’s biometric assessments cover standards like CEN TS 18099 and ISO/IEC 30107, focusing on presentation and injection attack detection, which are increasingly important under the EU AI Act. In cybersecurity, CLR Cert evaluates ICT product compliance with EN 17640, preparing organizations for the NIS2 and Cyber Resilience Act. Digital identity evaluations include assessments for eIDAS V2-compliant European digital identity wallets, Qualified Trust Service Providers, and mobile passports. CLR Cert also provides conformity checks for remote identity proofing systems to meet Anti-Money Laundering (AML) and eIDAS requirements, supporting secure digital onboarding amidst new regulatory demands.
IDEX Biometrics Appoints New CFO
IDEX Biometrics has appointed Kristian Flaten as Chief Financial Officer, effective November 1, 2024, amid its ongoing expansion into biometric authentication markets, including a recent implementation of biometric student ID cards in Kenya. Flaten, who brings over 25 years of experience from roles at Quantafuel ASA, BW Offshore, Export Finance Norway, and Handelsbanken, will lead financial operations from the company’s Oslo headquarters. His appointment supports IDEX’s strategic growth, including partnerships like its collaboration with IDEMIA for biometric payment cards. Outgoing CFO John Kurtzweil will remain in an advisory role to facilitate a seamless transition.
VFS Global Renews Contract to Handle Finnish Visa Services
The Ministry for Foreign Affairs of Finland has renewed its contract with VFS Global to manage visa and residence permit services across 32 countries, focusing on biometric data collection, including fingerprints and facial images, for identity verification. This partnership, which has processed over 8.5 million applications since 2010, covers regions such as South Asia, the Americas, and the Middle East. VFS Global will continue handling administrative tasks like document and biometric data verification, while Finnish authorities make final visa decisions. Key service locations include India, where VFS Global manages centers for Schengen visas and residence permits. The service provider uses ISO-certified data handling processes aligned with EU privacy regulations and incorporates security measures like automated document authentication.
DISA Launches AI Concierge System for Internal Use
The Defense Information Systems Agency (DISA) has launched an AI concierge system to assist staff in navigating complex policy documents, enhancing its existing digital identity and biometric authentication infrastructure. Authorized for agency-wide use, the AI tool helps differentiate between historical and current policies, addressing a challenge in document management within defense agencies. Compliant with Cybersecurity Maturity Model Certification (CMMC) 2.0, effective December 16, 2024, the system integrates with DISA’s software acquisition pathways. Expanding on this, DISA is also exploring AI applications in software modernization and bot detection for cybersecurity, aligning with the DoD’s broader AI integration strategy.
Abu Dhabi Airport Opens Biometric Preclearance Facility for US-Bound Passengers
Abu Dhabi Airports has inaugurated a US Customs and Border Protection (CBP) Preclearance facility at Zayed International Airport (AUH), featuring biometric facial recognition for US-bound passengers. This new facility, part of the airport’s recent terminal expansion, enables travelers to complete all US immigration and customs procedures before departure, allowing them to bypass immigration queues upon arrival in the US. Integrated with Abu Dhabi’s Smart Travel initiative, the facility uses biometric capture devices for facial verification at dedicated checkpoints. Etihad Airways highlights this as a competitive advantage for its US routes, as the preclearance supports direct transfers to domestic flights upon landing in the US. The initiative, a collaboration between Abu Dhabi Airports, US CBP, and local authorities, aligns with US efforts to expand biometric screening at international departure points.
Google Wants to Give Kids a Tap-to-Pay Digital Wallet
Google is set to expand its tap-to-pay feature to children on Family Link-managed Android devices in 2025, integrating biometric authentication and parental controls. Parents can add payment cards, view transaction histories, and manage usage via the Family Link app, with each transaction requiring fingerprint, facial recognition, PIN, or password verification. In-store purchases will be permitted, but online transactions will be blocked. Gift cards and event tickets are supported, while government IDs and health cards are excluded initially. Unlike Apple Cash Family, Google’s solution supports various payment cards but won’t offer transaction limits at launch. Launching first in the US, the service targets a supervised digital payment experience for young users, ensuring secure, monitored transactions through Google’s encryption and Family Link controls.
Scottish Biometrics Commissioner Calls for Comprehensive Biometric Data Retention Policy
A joint report from Scottish Biometrics Commissioner Dr. Brian Plastow and the Scottish government calls for Police Scotland to establish a dedicated policy on biometric data retention. Currently, Police Scotland retains biometric data under a general policy for criminal records, which may result in excessive retention periods without regular assessments. The report, issued under the Criminal Procedure (Scotland) Act, includes six recommendations urging Police Scotland to prohibit indefinite biometric data retention and require periodic reviews to ensure data storage is necessary and proportionate. The Commissioner suggests enhanced management of retention data and a public consultation to align with evolving privacy standards, recommending policy implementation within a year.
Yukon’s New Traffic Safety Act Includes Biometric Privacy Amendments
Yukon’s Legislative Assembly has passed the Traffic Safety Act with a 10-8 vote, modernizing traffic regulations and incorporating biometric privacy safeguards. Introduced by Highways Minister Nils Clarke, the act replaces legislation from 1977 and includes provisions addressing privacy concerns over facial recognition, reflecting input from the privacy commissioner. Stricter penalties and escalating consequences for traffic violations are outlined, with bipartisan support from the Yukon Liberals and NDP, who prioritized road safety alongside privacy protections. The Yukon Party raised concerns about data handling, reflecting global debates on facial recognition in law enforcement. Privacy protections in the act follow standards seen internationally, balancing safety and individual rights, and addressing issues such as data storage and access.
–
October 31, 2024 – by Tony Bitzionis and Alex Perala
Follow Us