Is your business using or thinking of using facial recognition technology for activities in Portland, Oregon? Think again.

That’s the message to businesses operating in Portland in a new ordinance that broadly bans the use of facial recognition technology in the city, subject to certain exceptions. The ordinance, which took effect January 1, 2021, restricts private businesses from using automated or semi-automated processes to identify an individual by comparing an image of a person captured through a camera with images of multiple individuals in a database. Due to the expansive language contained in the final version of the ordinance, routine business practices used to support or improve operations are no longer permitted. For example, retailers may have previously used software that compares surveillance video images of individuals as they enter a store with a cloud-based photo database to identify suspected shoplifters. The ordinance now prohibits use of this software.

The law also has teeth. It creates a private right of action, statutory damages of $1,000 per day for each violation, and allows for recovery of attorneys’ fees. Similar to other biometric privacy laws, this ordinance has the potential to trigger a wave of costly class action litigation and upend business operations. This ordinance creates significant risk with use of facial recognition technology, and organizations should proceed with this awareness. The law also raises numerous unanswered questions, as noted below.
Continue Reading Portland’s New Facial Recognition Ban Increases Litigation Risk, Creates Uncertainty

Until recently, hackers have had limited success stealing Two-Factor Authentication (2FA) PIN and token information.  Unfortunately, a tool has been released that will now make it much easier for practically any bad actor to bypass many implementations of 2FA:

This does not mean we should stop using Two-Factor Authentication (2FA). We should still use

Some notable stats showed up in the recently-released 2017 Veracode State of Software Security report: while “nearly a third (29 percent) of survey respondents indicated that they are actively pursuing digital transformation projects [and] … a further 29 percent stated that they are either planning for or considering digital transformation projects for the future,”

According to a recent Genpact study:

  • Nearly two-thirds of consumers (63%) are worried that Artificial Intelligence is going to make decisions that will impact their lives without their knowledge
  • Less than one-third (30%) are at least “fairly comfortable” with the idea of companies using AI to access their personal data
  • Almost three-quarters (71%) say

Free and Open-Source Software (FOSS) is computer software that can be classified as both free software and open-source software. Anyone who wishes to use FOSS is freely licensed to use, copy, study, and change the software in any way, and the source code is openly shared so that people are encouraged to voluntarily improve upon the design of the software.  The Apache Software Foundation (web servers and other projects), the GNU Project (Linux) and the Android Open Source Project (mobile device platform) are some of the more popular FOSS projects that have been used to build the foundation of other products that are not free, like RedHat Linux.

Software development and licensing can be an expensive proposition: free, open-source projects can offer a tempting shortcut in software development (the code is already there) and an attractive cost-saving alternative to purchasing or licensing expensive “off the shelf” solutions. However, with the use of FOSS comes a serious risk decision: everything is provided “as is.” With a commercial solution you have warranty and support contracts that you can rely on to keep the software as current and bug-free as possible. There is no such assurance with the use of FOSS, where you’re directly responsible for the quality and security of the ‘free’ code.

Before you decide whether or not to use FOSS either as a solution to a technical issue or as part of a software development project, ensure you address the following risk factors – seeking adequate counsel in any area where you don’t feel 100% sure you’ve covered all the angles:

Code review: Open source projects are coded by the public at large. While there is certainly a Wikipedia-like argument that “the more people that work on it, the better the product,” you will still carry the liability for anything you produce/use using open source code.  Be careful that your IT teams apply the same level of rigor reviewing any open-source component of your products as they would to something they coded themselves. If you don’t have the staff for this kind of review I recommend sticking with off-the-shelf business solutions as much as possible.
Continue Reading What is FOSS, and why should I be worried about it?