Subject: US needs an agency to call ‘balls and strikes’ on digital IDs, lawmaker says
Source: Nextgov/FCW
https://www.nextgov.com/digital-government/2025/09/us-needs-agency-call-balls-and-strikes-digital-ids-lawmaker-says/408054/
Rep. Bill Foster, D-Ill., said Congress needs to create a federal body capable of auditing identity verification technologies to lay the groundwork for a broad embrace of digital IDs.
One of the leading voices in Congress for the adoption of digital identifications said a federal agency is needed to verify the security of the software and hardware underpinning mobile phones and other authentication technologies.
Speaking on Wednesday at Identity Week America, Rep. Bill Foster, D-Ill., voiced his continued support for the U.S. government to take more of a role in the development and use of secure digital IDs, including mobile driver’s licenses, that can be used to help prevent bad actors from committing identity theft or fraud.
Digital identifications allow individuals to store their personal data on phones or in apps to prove their identities. These often include the use of biometrics and passwords to protect the saved information. More than a dozen states now offer their residents the opportunity to receive digital IDs or mobile driver’s licenses.
While his previous proposals have garnered bipartisan support — Foster mentioned that he is currently working with Rep. Mike Kelly, R-Pa., on the digital ID push — he said additional security steps will be needed on the federal level to ensure the security of the technologies used to verify peoples’ identities.
Although the National Institute of Standards and Technology has released guidance, frameworks and best practices to help organizations enhance their cybersecurity and overall security postures, the agency’s recommendations remain voluntary.
Foster said, however, that he envisions this new federal entity also having the ability to verify the accuracy of the privacy claims made by the Transportation Security Administration about the facial recognition technology it uses in the airport screening process….
Topics:
Filed: https://www.nextgov.com/digital-government/
Source: Help Net Security
You type your email address into a website form but never hit submit. Hours later, a marketing email shows up in your inbox. According to new research, that is not a coincidence. A team of researchers from UC Davis, Maastricht University, and other institutions has found that many websites collect keystrokes as users type, sometimes before a form is ever submitted. The study explores how third-party scripts capture and share this information in ways that may fit the legal definition of wiretapping under California law.Mapping old laws to new practices […] Shaoor Munir, a co-author of the study, told Help Net Security why his team took a careful approach when defining what counts as wiretapping. “In our paper, we adopt a deliberately strict definition of wiretapping. Under California’s CIPA § 631, wiretapping can include contemporaneous interception of a user’s communications. Websites routinely attach client-side event listeners that capture what people type before they press submit. In our measurements, we observed such captures on approximately 40 percent of sites,” Munir said. […] Why this matters legally
Under CIPA, every party to a conversation must consent before an interception takes place. This is stricter than federal wiretapping laws, which require consent from only one party.
The study does not declare any specific company’s actions illegal. Instead, it provides evidence that some tracking practices could qualify as wiretapping depending on how courts interpret the law. This matters because CIPA allows individuals to bring private lawsuits. That means enforcement does not rely only on government action.
[…]
Privacy risks for users and organizations – From a privacy perspective, the study highlights how little control users have over their data once it leaves their browser. Even without submitting a form, sensitive information can be collected and shared with multiple parties, often without disclosure.
Munir described why this silent data collection is so concerning. “Consider a scenario where a user types private information in a text box on a website and then deletes it without submitting because they might be uncomfortable sharing that information even with the first-party website. They would have no idea that even though they never submitted this information, it was still captured and transmitted to a third-party,” he said.
[…]
Source: Nexstar via WTAJ
https://www.wtaj.com/news/facebook-privacy-settlement-payments-start-heres-how-your-payout-size-is-determined/
(NEXSTAR) – After years of anticipation, the payments in a $725 million class action lawsuit against Facebook have finally started to go out, the company in charge of issuing them says.
The social media giant agreed to pay millions of users directly to settle claims it violated people’s privacy by sharing their data with third parties. The settlement was granted final approval in 2023, but payouts have been delayed by objectors and appeals.
But the wait is almost over. Angeion, the company handling the settlement’s administration, who originally said the payments would begin in August, has now confirmed the distribution of payments has begun as of Wednesday, Sept. 3.
Eight members of the settlement class – the named plaintiffs who represented all Facebook users in the case – will get $15,000 each.
Subject: SEC’s IT shop inadvertently deleted a year’s worth of texts from ex-chair’s phone
Source: FedScoop
https://fedscoop.com/sec-it-gary-gensler-text-messages/
When Gensler showed up for work on the morning of Sept. 6, 2023, and noticed that SEC apps were gone from his phone, he reached out to the Office of Information Technology, whose personnel “hastily performed a factory reset of the smartphone, which resulted in the permanent deletion of the device’s data, including nearly a year’s worth of text messages,” according to the watchdog.
Had OIT or Gensler known that his phone had been wiped due to the new policy, the messages could have been recovered, per the OIG, which dinged SEC IT for poor change management with regard to the wiping policy, not properly maintaining its mobile device inventory or identifying inactive devices, and not effectively reviewing and escalating relevant system-generated notifications, among other issues.
Subject: A University of Oregon student reported a troubling online privacy lapse. The university placed him under investigation
Source: oregonlive.com
https://archive.is/rG2KG#selection-126.0-139.103
Physics major Owen Mitchem said he was able to inadvertently access confidential information, including the Social Security numbers of more than 3,500 public university employees around the state, last fall, including of the university’s president and its football coach, the highest-paid public employee in the state. He says the breach should have been a wake-up call for the university to tighten its online security.
But according to an email the university provided to The Oregonian/OregonLive in response to a public records request, the university’s associate dean of students, Dianne Tanjuaquio, concluded that Mitchem’s actions violated the school’s policies on “acceptable use of computing resources.” She required him to write a 750-word essay reflecting on the situation; if not completed, he could face a suspension of his student account, preventing him from registering for classes or changing his course schedule.
Source: It is Happening substack
https://www.bespacific.com/travel-under-trump-2-0/
Follow up to Burner Phone 101 Workshop – See also It Is Happening – Don’t cross a U.S. border without a “perfect burner phone”: “More and more people — both Americans and non-U.S. citizens — are thinking twice before traveling into the United States with their phones. And for good reason. Under Trump 2.0, phone searches at the U.S. border have surged, and Customs and Border Protection agents are targeting everyone from liberal protestors and lawyers who represent said protestors to journalists and basically anyone else who doesn’t praise Dear Leader. No matter who you are, if CBP wants to confiscate your phone, they can. This is where burner phones come in. Earlier this summer, Mark and I posted a three-part interview …
—
Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.
Subject: New Study: How Often Do AI Assistants Hallucinate Links? (16 Million URLs Studied)
Source: Ahrefs blog
https://www.bespacific.com/how-often-do-ai-assistants-hallucinate-links/ahrefsblog:
“AI assistants like ChatGPT and Claude can hallucinate URLs and direct visitors to non-existent pages on your website. But how often does it happen? To find out, we looked at the http status of 16 million unique URLs cited by ChatGPT, Perplexity, Copilot, Gemini, Claude, and Mistral.
We found that AI assistants send visitors to 404 pages 2.87x more often than Google Search. ChatGPT is the greatest offender, with 1.01% of clicked URLs and 2.38% of all cited URLs returning a 404 status (compared to baseline 404 rates of 0.15% and 0.84% respectively). Here’s what we found….
—
Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.