Facial Recognition Technology In Schools – Protective or Invasive?

Wired, July 17,2018:  Over the past two years, RealNetworks has developed a facial recognition tool that it hopes will help schools more accurately monitor who gets past their front doors. Today, the company launched a website where school administrators can download the tool, called SAFR, for free and integrate it with their own camera systems. So far, one school in Seattle is testing the tool and the state of Wyoming is designing a pilot program that could launch later this year.

On its face, this type of facial recognition technology appears to be a significantly helpful tool in monitoring unwanted visitors in our childrens’ schools but there are privacy and technology defect issues that need to be addressed as well.

One group in particular, the Electronic Frontier Foundation published a white paper outlining how facial recognition technology often misidentifies black people and women at a much higher rate than white males.  (Let’s stay away from any racial debate and stick to the tech flaws that are currently embedded in the software that obviously needs major tweaking.)  Amazon employees are strongly protesting the use of its FR product,, Rekognition for law enforcement purposes.  Last week, Microsoft President Brad Smith called for federal regulation of facial recognition technology, writing, “This technology can catalog your photos, help reunite families or potentially be misused and abused by private companies and public authorities alike.”

Every parent or guardian of a child should have the knowledge that their children are secure in their schools but at what cost? Children are as entitled to privacy as are adults.  And, will the technology simply search for unwelcome visitors or closely monitor targeted children?

Our stance is that this technology needs to be refined so as to not misidentify children and its use regulated to maintaining a safe environment against intruding elements – not to track children.

BNI Operatives: Situationally aware.


As always, stay safe.

Insurance Companies’ New BFFs – Private Plate Readers

We ran into a case recently wherein the insurance company refused to pay out on a claim based on information they received from a private plate reading company (Digital Recovery Network, or DRN, referenced in the below article) that the claimant was nowhere near the scene of an alleged hit and run incident that rendered his vehicle totaled.

From Consumerist:

When you hear the phrase “vast hidden network of cameras that scan license plates,” what do you think of? The police? The Department of Homeland Security? While the government and privacy advocates argue over government use of plate-scanning data, private companies are already collecting and selling that data with little regulation.

The Boston Globe’s BetaBoston brought this industry to our attention. There happens to be a bill up for discussion right now that would ban private-sector license plate data collection and scanning in Massachusetts.

The most logical private-sector application of this technology is to track down and collect cars with delinquent payments. Indeed, many cameras are mounted on tow trucks or unmarked cars belonging to recovery companies. Spotter cars love to check office parking lots during the day, and malls and sporting events on weekends and after hours.

Okay, but you’re current on your car payments, so you have nothing to worry about. Right? Nope. The plate-scanning companies don’t just erase all of that data. They’re keeping a massive database of which cars were in which locations at what time. Government entities have to purge their data, but private companies don’t. It’s all for sale. If you’re out driving or parked on the street, after all, your plate is visible to everyone. Cameras too. Here’s a visual primer on how it works.

“I fear that the proposed legislation would essentially create a safe haven in the Commonwealth for certain types of criminals, it would reduce the safety of our officers, and it could ultimately result in lives lost,” the vice president of marketing for Vigilant said in his testimony at a transportation committee meeting today. Vigilant just happens to be the parent company of Digital Recovery Network, or DRN, a company that sells plate-scanning cameras and the data they collect.

This has been really great for the recovery industry, and we don’t begrudge banks taking back cars once the owners have defaulted on their loans. Well, as long as they have the right car. It’s the “collecting and selling the data” thing that most people have more trouble with. DRN claims that it has scans about 40% of the vehicles in the United States at least every year, and competitor TLO brags that its cameras have probably seen every car in the country at least once, and they have a database of over a billion sightings of individual cars ready for companies to mine. Who’s searching this data? Who the hell knows? Private investigators can use it. So can insurance companies.


I imagine there will be even more nefarious uses of this plate location information so my advice to all is that you keep in mind that when you are traveling, you are always being monitored. 1984 has finally arrived.

BNI Operatives: Situationally aware.

As always, stay safe.

Privacy Interrupted: Time to Go VPN.

What Is A Virtual Private Network (VPN)

(from HowToGeek.com)

Overview: A VPN, or Virtual Private Network, allows you to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites, shield your browsing activity from prying eyes on public Wi-Fi, and more.

VPNs essentially forward all your network traffic to the network, which is where the benefits – like accessing local network resources remotely and bypassing Internet censorship – all come from. Most operating systems have integrated VPN support.

Definition:  When you connect your computer (or another device, such as a smartphone or tablet) to a VPN, the computer acts as if it’s on the same local network as the VPN. All your network traffic is sent over a secure connection to the VPN. Because your computer behaves as if it’s on the network, this allows you to securely access local network resources even when you’re on the other side of the world. You’ll also be able to use the Internet as if you were present at the VPN’s location, which has some benefits if you’re using pubic Wi-Fi or want to access geo-blocked websites.

When you browse the web while connected to a VPN, your computer contacts the website through the encrypted VPN connection. The VPN forwards the request for you and forwards the response from the website back through the secure connection. If you’re using a USA-based VPN to access Netflix, Netflix will see your connection as coming from within the USA.

Reasons To Use A VPN:

1. Access Full Netflix and Streaming Content from Outside the USA

Because of copyright agreements, Netflix and Hulu and Pandora and other streaming media providerscannot broadcast all content outside of the USA. This means: many movies and shows are blocked to users in the UK, Canada, South America, Australia, Asia, and Europe. This geographical enforcement is managed by reading your user login IP address and tracing it to its country of origin. By using a VPN service, you can manipulate your machine’s IP address to be from within the USA, therein unlocking access to more Netflix and Pandora streams. You will need to configure your television movie player or mobile device to use the VPN connection, but if you are a streaming fan, then the effort and cost of a VPN are worth it.

2. Download and Upload P2P Files in Privacy

MPAA and other cinema and music associations absolutely detest P2P file sharing. For reasons of both profit and legality, the MPAA and other authorities want to forbid users from sharing movies and music online. A VPN can be a P2P user’s best friend. While a VPN connection will slow your bandwidth by 25% – 50%, it will cipher your file downloads, uploads, and actual IP address so that you are unidentifiable by authorities. If you are a file sharer and do not wish to risk copyright prosecution or civil lawsuits, definitely consider spending 15 dollars a month on a good VPN. The privacy and protection from surveillance are definitely worth it.

3. Use Public or Hotel Wi-Fi in Confidence

Most people are unaware of this, but that Starbucks hotspot and that 10-dollar-a-day hotel wi-fi are not safe for confidential email and browsing. Public wi-fi offers no encryption security to its users, and your signals are broadcast for anyone savvy enough to eavesdrop. It’s very easy for even a junior hacker to intercept your unencrypted wi-fi signal using an Evil Twin phony hotspot or a Firefox Tamper Data plugin. Public wi-fi is terribly insecure and is perhaps the biggest reason why mobile users should consider spending the 5 to 15 dollars per month for the safety of a VPN connection.

If you log into a public wi-fi network and then connect to a personal VPN, all of your hotspot web use will then be encrypted and hidden from prying eyes. If you are a traveler or a user who is regularly using public wireless, then a VPN is a very wise investment in privacy.

4. Break Out of a Restrictive Network at Work/School

As an employee of a company, or a student at a school/university, you will be subject to an ‘Acceptable Use’ policy for browsing the Web. ‘Acceptable Use’ is often debatable, and many organizations will impose draconian restrictions, like blocking you from checking your Facebook page, visiting YouTube, reading Twitter, surfing Flickr, performing instant messaging, or even accessing your Gmail or Yahoo mail.
A VPN connection will allow you to ‘tunnel out‘ of a restrictive network and connect to otherwise-restricted websites and webmail services. More importantly: your VPN browsing content is scrambled and indecipherable to the network administrator, so he cannot collect any recorded evidence about your specific web activities. About.com does not recommend violating Acceptable Use policies as a rule, but if you feel you have justifiable reasons for bypassing your specific network restrictions, then a VPN connection will help you.

5.  Bypass the Country’s Web Censorship and Content Surveillance

In the same way ‘Acceptable Use’ policies are enforced at workplaces and schools, some nations choose to impose oppressive internet censoring on their entire countries. Egypt, Afghanistan, China, Cuba, Saudi Arabia, Syria, and Belarus are some examples of nations who surveil and limit access to the World Wide Web.

If you live in one of these restrictive countries, connecting to a VPN server will enable you to ‘tunnel out‘ of the censorship restrictions and access the full World Wide Web. Simultaneously a VPN conceals your page-by-page activity from any government eavesdropping. As with all VPN connections, your bandwidth will be slower than the uncloaked internet, but the freedom is absolutely worth it.

6. Cloak Your VOIP Phone Calls

Voice-over-IP (internet telephoning) is relatively easy to eavesdrop on. Even intermediate-level hackers can listen in to your VOIP calls. If you regularly use VOIP services like Skype, Lync, or online voice chatting, definitely consider implementing a VPN connection. The monthly cost will be higher, and the VOIP speed will be slower with a VPN, but personal privacy is invaluable.

7. Use Search Engines Without Having Your Searches Logged

Like it or not, Google, Bing, and other search engines will catalog every web search you perform. Your online search choices are then attached to your computer’s IP address and are subsequently used to customize the advertising and future searches for your machine. This cataloging might seem unobtrusive and perhaps even useful, but it is also a risk for future public embarrassment and social faux pas.

8. Watch Home-Specific Broadcasts While You Are Traveling

Local network news can be rather dodgy in some countries, and access to your favorite streaming television, sports games, and video feeds can be locked out while you are away from your home country.

By employing a VPN tunnel connection, you can force your borrowed connection to access your home country as if you were physically there, therein enabling your favorite football feeds and TV and newscasts.

9. Avoid Reprisals and Traceback Because of Your Researching

Perhaps you are a celebrity, or you are an employee doing market research of your competition. Perhaps you are a reporter or writer who covers sensitive topics like war atrocities, violence against women, or human trafficking. Perhaps you are a law enforcement officer investigating cybercriminals. In any of these cases, it is in your best interests to make your computer untraceable to prevent reprisals.

A personal VPN connection is the best choice for manipulating your IP address and rendering you untraceable.

10. Because You Believe Privacy Is a Basic Right

All the above reasons notwithstanding, you are a firm believer in personal privacy and the right to broadcast and receive without being surveilled and cataloged by authorities. And that is perhaps the biggest philosophical reason you want to spend a nominal amount a month on a good VPN connection service.

PC Magazine’s Best VPNs For 2017. 

In last week’s Bulletin, we covered the repeal of many online privacy laws that, in essence, allow ISPs to now openly track our every move online and compile and distribute our online private search history.  It’s probably well past time for people and businesses to move to VPN use.

BNI Operatives: Situationally aware.

As always, stay safe.

Is My DMV Record Public? How About My Voting History?? Public Records Checklist.


With the ease of information gathering these days, we are finding that many people are worried about their relevant data availability to the general public.  Many information brokering sites aggregate personal information from public records and it’s important to realize that most information is gathered through voluntary release from the individual (e.g., your date of birth from a subscription). Below we provide a checklist of common information that is public and that which requires additional permissions.

Personal public records may include some or all of the following information:

  • Name
  • Address.
  • Birth date/age
  • Names and contact information of family members
  • Names and contact information of neighbors
  • Political party affiliation
  • Past arrests, (and current) warrants and wants
  • Businesses or websites owned
  • Listed telephone numbers
  • Email addresses
  • Recorded real property records (developed/undeveloped)
  • Recorded motor vehicle records (vehicles, aircraft, boats registration)*
  • Hunting and fishing licenses
  • Credit header (includes name, dob and address, possibly employment)
  • Litigation history
*Check your state for publicly available vehicle registration and ownership records release. 

Personal information that requires additional permissions:

  • Bank records (require a judgment in hand before processing)
  • Medical records (require signed HIPAA releases from the individual)
    • Doctor’s records
    • Hospital records (including ambulance call sheets)
    • Urgent care facilities
    • Dental records
    • Drug and alcohol treatment centers
  • Credit score and history (require individual’s signed authorization for release)
  • Social Security Number (requires release by the individual)
  • Marriage and divorce records (require authorization from one of the parties involved)
  • Birth certificates (require the party’s authorization)
  • DMV driver’s history (requires the driver’s authorization)

Business/Government Public Records

Business and government public records generally come from information recorded within the business or agency itself. They are often more statistical in nature.

Some information that may be available on a business or government public record include:

  • Revenue
  • Number of employees
  • Fictitious business names
  • Collection items
  • Business credit score
  • Payment history
  • Business ownership

Just a point of information with our presidential election drawing near; currently, only your party affiliation is a public record.  Several states, including Florida and California, however, are fighting legal battles to have these public records include your choice in each election in which you voted.  Aside from marketing purposes by the major parties (and many of those practices are questionable), I see no real necessary purpose for these very personal records to become public fodder.

BNI Operatives: Situationally aware.

As always, be safe.



How Confidential Are Our Medical Records Really?

confidential medical records

1. Introduction To Healthcare Privacy

Since the introduction of the federal Health Insurance Portability and Accountability Act (HIPAA), many people presume, incorrectly, that all or most of the medical information that they have provided to medical professionals, insurance companies or employers is protected.

The fact of the matter is that individuals often trade confidentiality in return for things such as insurance coverage, employment opportunities, government benefits, or work site health and safety investigations.


2. What types of health and medical information exist?

Health professionals create medical records when they treat patients that generally include medical history, lifestyle details (such as smoking or involvement in high-risk sports), and family medical history. These records may also  contain  lab results, medications prescribed and surgeries.

Health and medical information is also collected from individuals when they apply for disability, life, or accident insurance through private insurers or government programs.

Additionally, individuals often generate health and medical-related information themselves via online research, joining support groups and using mobile apps , (zocdoc.com for example has the user provide significant medical details before scheduling an appointment with one of their participating providers).

3. Who may have access to health and medical information?

a. HIPAA covered entities and their business associates

Healthcare providers, health plans, and healthcare clearinghouses have access to medical records and health information but are also required to comply with HIPAA.

b. Insurance companies

Insurance companies usually require individuals to release records before they will issue a policy or make a payment under an existing policy. Most insurance companies must comply with HIPAA as health plans, but certain types of insurers are not required to comply with HIPAA.

It is important to also your state laws. To find the applicable state’s insurance department, visit the. National Association of Insurance Commissioners website.

c. The Medical Information Bureau

The Medical Information Bureau (MIB Group, Inc.) is a database of medical information shared by life and health insurance companies.

  • The MIB is subject to HIPAA as a business associate of its member health insurance companies.
  • MIB files do not include the totality of one’s medical records as held by a health care provider. Rather it consists of codes signifying certain health conditions.
  • A decision on whether to insure is not supposed to be based solely on the MIB report.

The MIB does not have a file on everyone, and won’t have information on someone who has not applied for individually underwritten life or health insurance in the last seven years. However, people who believe they have an MIB file will want to be sure it is correct.

Individuals can obtain a copy for free once a year by calling (866) 692-6901 or ordering it through MIB’s website.

d. Prescription drug database companies

Two companies, Milliman (IntelliScript) and Ingenix (MedPoint) buy prescription information from pharmacy benefit managers (PBMs) and compile it into reports.  They sell these prescription drug purchase history reports to insurance companies.

e. Financial institutions

Financial transactions are likely to reveal information about where an individual goes for healthcare. This kind of information is not covered under HIPAA. However, the federal Gramm-Leach-Bliley Act (GLB) requires financial institutions to notify individuals of information-sharing practices and provide an opt out for certain third party sharing.

f. Government agencies

Government agencies on all levels (local, state, and federal) may request or receive certain types of health or medical information. For example, government agencies may request medical records or information to verify claims a person makes through Medicare, MediCal, Social Security Disability, and Workers Compensation.

g. Educational institutions

Educational institutions may have records that contain vaccination histories, information about physical examination for sports, counseling for behavioral problems, and records of visits to the school nurse among other things. Privacy of education records is under the control of the U.S. Department of Education and the Family Educational Rights and Privacy Act (FERPA).  HIPAA does not cover education records.  For more information about FERPA, visit the Department of Education’s website on FERPA.

h. The court system and law enforcement

When a person is involved in litigation, an administrative hearing, or a worker’s compensation hearing and his or her medical condition is an issue, the relevant parts of a medical record may be introduced in court.

In addition, law enforcement officials may receive health information in situations such as an instance of abuse, a death, a gunshot or stabbing.

If records are for a legal proceeding, they become a part of public record. Individuals should consult legal counsel for more information.

i. Employers

Employers usually obtain medical information about their employees by asking employees to authorize disclosure of medical records. This can occur in several ways not covered by HIPAA. Depending on state law, employers may have to establish procedures to keep employee medical records confidential. Employees should ask prospective employers about the company’s medical records privacy policy.

j. Marketers and data brokers

Health- and medical-related information may be passed on to marketers and data brokers when individuals participate in informal health screenings or otherwise voluntarily release information in a situation that doesn’t fall under HIPAA or stronger state law.

k. Websites and mobile applications

A tremendous amount of health-related information is available on the Internet. Many sites and discussion forums are available for individuals to share information on specific diseases and health conditions. Websites dispense a wide variety of information, but they also collect a wide variety of information. There is no guarantee of confidentiality when a site isn’t subject to medical privacy laws (and most aren’t).

Personal Health Records (PHRs). PHRs allow consumers to store, manage, and share their health information.  Individuals manage their own PHRs which is what distinguishes them from electronic health records (EHR) that a health care provider controls and populates. Various companies offer PHRs, and features vary.  However many PHRs offer individuals the ability to store and transmit medical history information, prescription information, test results and imaging, drug alerts, immunization records, and treatment plans.
These types of aggregated electronic health records pose a number of privacy risks, here are a few:

  • HIPAA and/or state health privacy laws may not apply to a PHR.
  • The website operator could be asked to turn over customer records as part of a legal proceeding.
  • Website privacy policies are subject to change.

The World Privacy Forum’s Personal Health Records Page contains helpful information.

l. Anyone else to whom an individual reveals the information

It is important for individuals to understand HIPAA’s limits.  The best policy is ask questions and do a little research before revealing health or medical information.   There are many instances in which people create or release health or medical information and there are no applicable privacy laws.  In these cases, it is best to look for and understand any relevant privacy policies the person or company has agreed to follow.

The bottom line is become an informed medical consumer.  For the sake of expediency, we often provide access to our health information and that may be a mistake that cannot be corrected should that data become involved in any sort of civil or criminal proceeding or funds (disability, death benefits…) determination.  Research before you release your private medical records.

BNI Operatives: Street smart; info savvy

As always, stay safe.




Sterling, Silver and By, George!, a Wynn!

complaint department

Is every private conversation going to become fodder for public scrutiny? 

Two  news stories currently in rotation are those of  LA Clippers owner, Donald Sterling’s public airing of what appear to be racist comments and, separately, actor George Clooney’s spat with Vegas casino king, Steve Wynn, wherein the latter is alleged to have used a descriptive expletive in reference to President Obama.

Seemingly unrelated yet, they are —  both conversations involved were conducted in private.

1. Donald Sterling and V. Stiviano.

As we are all too well aware, in the first matter,  V. Stiviano (aka Maria Perez, aka Maria Vanessa Perez, aka Vanessa Stiviano, aka Victim S.) recorded a private conversation between herself and her half-century older boyfriend/”host” , Donald Sterling (without his knowledge or consent) in which she relentlessly pursued an apparent interest in his profound thoughts on “the Instagram” (was he thinking” telegraph”??) and her posing with Magic Johnson.   Granted, Sterling’s racially biased responses during the interrogation are horribly offensive comments but at which point did his 1st Amendment freedom of speech during that private exchange end? And, when did secret recordings become legal again in California?

The law is quite clear on audio recordings in California: (Source: Reporter’s Recording Guide)

Summary of statute(s): In California, all parties to any confidential conversation must give their consent to be recorded. This applies whether the recording is done face-to-face or intercepted through some electronic communication such as a cell phone call or series of e-mail or text messages. Both civil and criminal penalties are available to victims of illegal recordings. 

Criminal penalties: A first offense of eavesdropping or wiretapping is punishable by a fine of up to $2,500 or imprisonment for no more than one year. Cal. Penal Code §§ 631, 632. Subsequent offenses carry a maximum fine of $10,000 and jail sentence of up to one year. Disclosing the contents of intercepted telephone conversations could lead to fines of up to $5,000 and one year in jail. Cal. Penal Code § 637. Violation of the state’s hidden camera statute is a misdemeanor punishable by up to a year in jail and fines of up to $1,000. 

The state’s civil code provides for fines of up to $50,000, three times the amount of actual or special damages, and punitive damages for committing an assault or trespassing to capture a visual image or sound recording. Cal. Civil Code § 1708.8(d).

As no official charges of unauthorized audio recordings have been filed, is V. receiving special treatment from Cali prosecutors?

The next real legal issue with this situation concerns NBA Commissioner Adam Silver’s demand that Sterling relinquish his ownership of the basketball team.  Leaving all else aside (the NAACP’s second lifetime award to alleged racist Sterling, wife Rochelle Sterling’s lawsuit v. V. [!], etc.), it appears a crime may been committed in this matter, the right of freedom of speech suspended and the forfeiture of property (the franchise, not the players – no need for get huffiness, please) is being forced.  How are these actions not unconstitutional and  illegal?

I’m not justifying the man’s outrageously abhorrent comments but neither do I endorse the trashing of basic rights and breaking the law.

The Sterling/Stiviano matter requires an authoritative, objective review.


2.  George Clooney and Steve Wynn.

According to George Clooney, he voluntarily attended a private dinner at which Steve Wynn was also a guest.  Clooney alleges that at some point during said dinner, Wynn offered up a statement,  to the effect, “I voted for him and he’s an a-hole!”.   It appears that the two were engaged in a heated conversation regarding healthcare.

George is a 52 y.o. man with a career in  perhaps one of the most contentious working environments in creation – Hollywood.  I’m relatively certain he has heard much worse than the expletive alleged voiced by Wynn.  How the dinner dishing debacle become public:

According the The Hollywood Reporter:

The incident was first reported by Las Vegas gossip writer Norm Clarke in his Las Vegas Review-Journal column. The argument occurred at the luxurious Botero restaurant at the mogul’s Wynn Hotel two weeks ago, according to Clarke. (A publicist for Clooney confirmed the details of the column to THR.)

Wait. Wynn allegedly made these statement at a dinner in his own hotel?  So, private dinner, personal conversation and in the restaurant owner’s own venue and he was till “outed” for voicing his opinions? And the media and the public believe they have the moral authority to judge Wynn?  Next.

The Sterling/Stiviano and Clooney/Wynn matters clearly make the point that grown-ups need to return to adulthood.

BNI Operatives: Street smart; info savvy, (highly opinionated this week).

As always, stay safe.