An anonymous reader quotes a report from CNBC: Former Theranos chief operating officer and president Ramesh "Sunny" Balwani was sentenced to nearly 13 years in prison Wednesday for fraud, after the unraveling of the blood-testing juggernaut prompted criminal charges in California federal court against both Balwani and Theranos founder Elizabeth Holmes, who on Nov. 18 was sentenced to more than 11 years in prison.

During the sentencing hearing, attorneys for Balwani attempted to pin the blame on Holmes, telling U.S. District Court Judge Edward J. Davila that "decisions were made by Elizabeth Holmes." Davila had set a sentencing range of 11 years plus 3 months to 14 years, but prosecutors today sought a 15-year sentence given his "significant" oversight role at Theranos' lab business. The final guideline sentence was 155 months, plus three years of probation. Davila set a Mar. 15, 2023, surrender date. [...] Balwani's sentencing in federal court marks the end of the Theranos saga, which enthralled the public and prompted documentary films and novel treatments.

Google, Oracle, Microsoft and Amazon will share in the Pentagon's $9 billion contract to build its cloud computing network, a year after accusations of politicization over the previously announced contract and a protracted legal battle resulted in the military starting over in its award process. The Associated Press reports: The Joint Warfighter Cloud Capability is envisioned to provide access to unclassified, secret and top-secret data to military personnel all over the globe. It is anticipated to serve as a backbone for the Pentagon's modern war operations, which will rely heavily on unmanned aircraft and space communications satellites, but will still need a way to quickly get the intelligence from those platforms to troops on the ground. The contract will be awarded in parts, with a total estimated completion date of June 2028, the Pentagon said in a statement.

Last July, the Pentagon announced it was cancelling its previous cloud computing award, then named JEDI. At the time, the Pentagon said that due to delays in proceeding with the contract, technology had changed to the extent that the old contract, which was awarded to Microsoft, no longer met DOD's needs. It did not mention the legal challenges behind those delays, which had come from Amazon, the losing bidder. Amazon had questioned whether former President Donald Trump's administration had steered the contract toward Microsoft due to Trump's adversarial relationship with Amazon's chief executive officer at the time, Jeff Bezos. A report by the Pentagon's inspector general did not find evidence of improper influence, but it said it could not determine the extent of administration interactions with Pentagon decision-makers because the White House would not allow unfettered access to witnesses. "It's the most important cloud deal to come out of the Beltway," said analyst Daniel Ives, who monitors the cloud industry for Wedbush Securities. "It's about the Pentagon as a reference customer. It says significant accolades about what they think about that vendor, and that's the best reference customer you could have in that world."

An anonymous reader quotes a report from Quartz: The world is choking in plastic trash, and the UN wants to do something to fix it. A weeklong meeting of the Intergovernmental Negotiating Committee (INC) on Plastic Pollution in Punta del Este, Uruguay, ended last Friday (Dec. 2). It was a first, formal step towards a legally binding international treaty to deal with the global plastics problem. Such a pact would be the most consequential environmental treaty in years, on par with 2015's Paris Agreement on climate change. The INC will spend the next two years negotiating how binding the regulations will be. While most of the 1,800 attendees in Uruguay ostensibly support ending plastic pollution as a baseline, competing motives have factions pulling in different directions. Hardline countries and campaigners are pushing for outright bans on "problem plastics" and certain chemicals, as well as internationally set regulations and strict production monitoring. Plastics industry coalitions -- which include the world's largest plastic producers, like Nestle and Unilever -- are calling for a focus on recycling and global targets defined by national priorities.

Details of the treaty will have to be negotiated over the next couple of years. The High Ambition Coalition to End Plastic Pollution, made up of 45 countries, is calling to restrict the single-use plastics found in packaging and consumer goods. They make up half of the plastic waste produced today, so a restriction would hugely reduce pollution, as well as force a transformation for consumers -- and the companies producing their goods -- in the way they drink bottled water, order takeout, or buy cleaning products and cosmetics. An international standard for monitoring production would also try to ensure that plastics are chemically safe, genuinely recyclable, and durable enough to be reusable. Of the roughly 10,000 chemicals used in producing plastics, more than 2,400 have been found to be harmful, causing a range of health problems from asthma to infertility. Recycling is not currently viable for most plastics, but better production monitoring could shift that. Further reading: Is Plastic Recycling a Myth?

Amazon and Amazon Web Services (AWS) have joined the Open Invention Network (OIN) -- the world's largest patent non-aggression consortium. ZDNet reports: OIN has long protected Linux and Linux-related software from patent aggression by rival companies. With the recent increase in patent troll attacks, the OIN is also defending companies from these assaults. This is a natural move for Amazon. Besides relying on Linux and open-source software both for its retail and cloud businesses, Amazon has a strict policy against patent infringement, and users who engage in this behavior can have their listings removed or accounts deleted. Nevertheless, like all large companies, Amazon has also been sued for patent violations. Joining the OIN simply makes good business sense. Nithya Ruff, the Amazon Open Source Program Office director, added: "Linux and open source are essential to many of our customers and a key driver of innovation across Amazon. We are proud to support a broad range of open-source projects, foundations, and partners, and we are committed to the long-term success and sustainability of open source as a whole. By joining OIN, we are continuing to strengthen open source communities and helping to ensure technologies like Linux remain thriving and accessible to everyone."

An anonymous reader quotes a report from TechCrunch: Major privacy complaints targeting the legality of Meta's core advertising business model in Europe have finally been settled via a dispute resolution mechanism baked into the EU's General Data Protection Regulation (GDPR). The complaints, which date back to May 2018, take aim at the tech giant's so-called forced consent to continue tracking and targeting users by processing their personal data to build profiles for behavioral advertising, so the outcome could have major ramifications for how Meta operates if regulators order the company to amend its practices. The GDPR also allows for large fines for major violations -- up to 4% of global annual turnover.

The European Data Protection Board (EDPB), a steering body for the GDPR, confirmed today it has stepped in to three binding decisions in the three complaints against Meta platforms Facebook, Instagram and WhatsApp. The trio of complaints were filed by European privacy campaign group noyb as soon as the GDPR entered into application across the EU. So it's taken some 4.5 years just to get to this point. [...] What exactly has been decided? The EDPB is not disclosing that yet. The protocol it's following means it passes its binding decisions back to the Irish Data Protection Commission (DPC), Meta's lead privacy regulator in the EU, which must then apply them in the final decisions it will issue. The DPC now has one month to issue final decisions and confirm any financial penalties. So we should get the full gory details by early next year.

The Wall Street Journal may offer a glimpse of what's to come: It's reporting that Meta's ad model will face restrictions in the EU -- citing "people familiar with the situation." It also reports the company will face "significant" fines for breaching the GDPR. "The board's rulings Monday, which haven't yet been disclosed publicly, don't directly order Meta to change practices but rather call for Ireland's Data Protection Commission to issue public orders that reflect its decisions, along with significant fines," the WSJ wrote, citing unnamed sources. [...] The company was recently spotted in a filing setting aside 3 billion euros for data protection fines in 2022 and 2023 -- a large chunk of which has yet to land. "In line with Art. 65 (5) GDPR, we cannot comment on the content of the decisions until after the Irish DPC has notified the controller of its final decisions," said a spokesperson for the EDPB. "As indicated in our press release, the EDPB looked into whether or not the processing of personal data for the performance of a contract is a suitable legal basis for behavioral advertising, but at this point in time we cannot confirm what the EDPB's decision in this matter was."

The DPC also declined to comment on the newspaper's report -- but deputy commissioner Graham Doyle confirmed to TechCrunch that it will announce binding decisions on these complaints in early January.

A Meta spokesperson issued the following statement to TechCrunch: "This is not the final decision and it is too early to speculate. GDPR allows for a range of legal bases under which data can be processed, beyond consent or performance of a contract. Under the GDPR there is no hierarchy between these legal bases, and none should be considered better than any other. We've engaged fully with the DPC on their inquiries and will continue to engage with them as they finalize their decision."

A growing number of GOP-led states are barring state employees and contractors from using TikTok on government-issued devices as the FBI warns of possible threats to national security posed by the Chinese-owned social media platform. Texas became the latest to do so on Wednesday, joining South Dakota, South Carolina and Maryland, all of which banned the app on government devices in the past week. Wisconsin Republicans are urging their Democratic governor to do the same. Axios reports: "[U]nder China's 2017 National Intelligence Law, all businesses are required to assist China in intelligence work including data sharing, and TikTok's algorithm has already censored topics politically sensitive to the Chinese Communist Party," Texas Gov. Greg Abbott said in a letter to state officials Wednesday.

"There may be no greater threat to our personal safety and our national security than the cyber vulnerabilities that support our daily lives," Maryland Gov. Larry Hogan, whose directive also banned certain Russia-based platforms, said in a statement.

"Protecting our State's critical cyber infrastructure from foreign and domestic threats is key to ensuring the health, safety, and well-being of our citizens and businesses," South Carolina Gov. Henry McMaster wrote in a letter requesting that the state's Department of Administration block access to the app.

"South Dakota will have no part in the intelligence gathering operations of nations who hate us," South Dakota Gov. Kristi Noem said in a press release.

Apple plans to expand its Communication Safety features, which aim to disrupt the sharing of child sexual abuse material at the source. From a report: In August 2021, Apple announced a plan to scan photos that users stored in iCloud for child sexual abuse material (CSAM). The tool was meant to be privacy-preserving and allow the company to flag potentially problematic and abusive content without revealing anything else. But the initiative was controversial, and it soon drew widespread criticism from privacy and security researchers and digital rights groups who were concerned that the surveillance capability itself could be abused to undermine the privacy and security of iCloud users around the world. At the beginning of September 2021, Apple said it would pause the rollout of the feature to "collect input and make improvements before releasing these critically important child safety features." In other words, a launch was still coming. Now the company says that in response to the feedback and guidance it received, the CSAM-detection tool for iCloud photos is dead.

Instead, Apple told WIRED this week, it is focusing its anti-CSAM efforts and investments on its "Communication Safety" features, which the company initially announced in August 2021 and launched last December. Parents and caregivers can opt into the protections through family iCloud accounts. The features work in Siri, Apple's Spotlight search, and Safari Search to warn if someone is looking at or searching for child sexual abuse materials and provide resources on the spot to report the content and seek help. Additionally, the core of the protection is Communication Safety for Messages, which caregivers can set up to provide a warning and resources to children if they receive or attempt to send photos that contain nudity. The goal is to stop child exploitation before it happens or becomes entrenched and reduce the creation of new CSAM.

Nobody is immune to being scammed online -- not even the people running the scams. From a report: Cybercriminals using hacking forums to buy software exploits and stolen login details keep falling for cons and are getting ripped off thousands of dollars at a time, a new analysis has revealed. And what's more, when the criminals complain that they are being scammed, they're also leaving a trail of breadcrumbs of their own personal information that could reveal their real-world identities to police and investigators. Hackers and cybercriminals often gather on specific forums and marketplaces to do business with each other. They can advertise upcoming work they need help with, sell databases of people's stolen passwords and credit card information, or tout new security vulnerabilities that can be used to break into people's devices or systems. However, these deals often don't go to plan.

The new research, published today by cybersecurity firm Sophos, examines these failed transactions and the complaints people have made about them. "Scammers scamming scammers on criminal forums and marketplaces is much bigger than we originally thought it was," says Matt Wixey, a researcher with Sophos X-Ops who studied the marketplaces. Wixey examined three of the most prominent cybercrime forums: the Russian-language forums Exploit and XSS, plus the English-language BreachForums, which replaced RaidForums when it was seized by US law enforcement in April. While the sites operate in slightly different ways, they all have "arbitration" rooms where people who think they've been scammed or wronged by other criminals can complain. For instance, if someone purchases malware and it doesn't work, they may moan to the site's administrators. The complaints sometimes lead to people getting their money back, but more often act as a warning for other users, Wixey says. In the past 12 months -- the period the research covers -- criminals on the forums have lost more than $2.5 million to other scammers, the analysis says. Some people complain about losing as little as $2, while the median scams on each of the sites ranges from $200 to $600, according to the research, which is being presented at the BlackHat Europe security conference.

Ivan Mehta, writing for TechCrunch: After putting unique usernames on the auction on the TON blockchain, Telegram is now putting anonymous numbers up for bidding. These numbers could be used to sign up for Telegram without needing any SIM card. Just like the username auction, you can buy these virtual numbers on Fragment, which is a site specially created for Telegram-related auctions. To buy a number, you will have to link your TON wallet (Tonkeeper) to the website. You can buy a random number for as low as 9 toncoins, which is equivalent to roughly $16.50 at the time of writing. Some of the premium virtual numbers -- such as +888-8-888 -- are selling for 31,500 toncoins (~$58,200). Notably, you can only use this number to sign up for Telegram. You can't use it to receive SMS or calls or use it to register for another service.

frdmfghtr shares a report from NBC News: The Department of Homeland Security announced Monday that it is extending the deadline to require Real ID-compliant identification for air travelers, pushing the start date from May 3, 2023, to May 7, 2025. The deadline for the new IDs has already been extended previously. While time extensions in the past were caused by a lack of full state compliance with the requirements for issuing the more secure driver's licenses, the deadline was previously pushed from October 2021 to this coming May, officials said at the time, because the pandemic had made it harder for people to get into state motor vehicle departments to obtain the new identifications. "For those who aren't aware, this requirement came about after the 9/11 attacks way back in 2001, supposedly required to make the IDs harder to counterfeit," adds Slashdot reader frdmfghtr in a comment. "If the requirement has been pushed out repeatedly to almost 20 years after the original deadline, then it could not have been that necessary."

In 2005, the U.S. Senate passed the Real ID act 100-0. It was included in the $82 billion Iraq Supplemental Spending Bill.

In an article from 2006, Ars Technica detailed some of the financial and technological challenges associated with implementing the act.

The U.S. Federal Trade Commission (FTC) is investigating several unnamed crypto firms over deceptive or misleading crypto advertising, according to a Bloomberg report. Decrypt reports: "We are investigating several firms for possible misconduct concerning digital assets," the FTC spokeswoman Juliana Gruenwald Henderson said in a statement. Henderson declined to share further information about which firms are the subject of the probe or what had prompted the Commission to launch investigations.

According to the FTC's website, "when consumers see or hear an advertisement, whether it's on the Internet, radio or television, or anywhere else, federal law says that ad must be truthful, not misleading, and, when appropriate, backed by scientific evidence." Additionally, the agency enforces laws that require truth in advertising, including rules that individuals disclose when they have been paid for endorsements or reviews. "While we can't comment on current events in the crypto markets or the details of any ongoing investigations, we are investigating several firms for possible misconduct concerning digital assets" an FTC spokesperson told Decrypt.

Some Amazon users will now earn $2 dollar per month for agreeing to share their traffic data with the retail giant. From a report: Under the company's new invite-only Ad Verification program, Amazon is tracking what ads participants saw, where they saw them, and the time of day they were viewed. This includes Amazon's own ads and third-party ads on the platform. Through the program, Amazon hopes to offer more personalized-ad experiences to customers that reflect what they have previously purchased, according to Amazon.

"Your participation will help brands offer better products and make ads from Amazon more relevant,"Amazon wrote in its Shopper Panel FAQ. The $2 reward only applies to Amazon users invited to participate in the program, though customers who didn't get invited can get added to a waitlist and potentially join later, an Amazon spokesperson told Insider. The spokesperson declined to tell Insider how the company decided who to invite.

Apple has announced that its Self Service Repair store for iPhones and MacBooks is now open for business in Europe. From a report: First announced last November, the repair program essentially enables anyone to purchase genuine Apple components to repair their damaged devices, while the Cupertino company also provides online manuals to guide consumers through the self-service repair process. It's worth noting that while the program is open to anyone where the repair store is available, repairing Apple's hardware probably isn't for the average consumer, as just getting into the devices to begin the repairs is a complex process. But for any have-a-go hero out there willing to invest a bit of time and money learning, Apple is also selling the tools necessary to carry out fault-specific repairs, with an option to rent a repair kit for $49 if they only have a one-off repair they wish to carry out.

FTX founder Sam Bankman-Fried promised to testify before Congress after he finished "learning and reviewing" the events that caused the popular cryptocurrency exchange to file for bankruptcy last month. The Verge reports: Bankman-Fried's promise was made in response to a tweet from House Financial Services Chair Maxine Waters (D-CA) last week calling on him to join the committee's hearing on FTX's collapse on December 13th. But Bankman-Fried didn't commit to testifying at the hearing scheduled for next week.

"Once I have finished learning and reviewing what happened, I would feel like it was my duty to appear before the committee and explain," Bankman-Fried said in a tweet on Sunday. "I'm not sure that will happen by the 13th. But when it does, I will testify." Bankman-Fried resigned as FTX's chief executive last month, a move that could hinder his ability to fully review internal company materials before agreeing to testify.

An anonymous reader quotes a report from KrebsOnSecurity: In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba, one of the Internet's largest and oldest botnets. The defendants, who initially pursued a strategy of counter suing Google for tortious interference in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. The judge in the case was not amused, found for the plaintiff, and ordered the defendants and their U.S. attorney to pay Google's legal fees. The lawyer for the defendants, New York-based cybercrime defense attorney Igor Litvak, filed a motion to reconsider (PDF), asking the court to vacate the sanctions against him. He said his goal is to get the case back into court. "The judge was completely wrong to issue sanctions," Litvak told KrebsOnSecurity. "From the beginning of the case, she acted as if she needed to protect Google from something. If the court does not decide to vacate the sanctions, we will have to go to the Second Circuit (Court of Appeals) and get justice there."

Meanwhile, Google said the court's decision will have significant ramifications for online crime, adding that it's observed a 78 percent reduction in the number of hosts infected by Glupteba since its technical and legal attacks on the botnet last year.

"While Glupteba operators have resumed activity on some non-Google platforms and IoT devices, shining a legal spotlight on the group makes it less appealing for other criminal operations to work with them," reads a blog post from Google's General Counsel Halimah DeLaine Prado and vice president of engineering Royal Hansen. "And the steps [Google] took last year to disrupt their operations have already had significant impact."

Risky and criminal online behaviour is in danger of becoming normalized among a generation of young people across Europe, according to EU-funded research that found one in four 16- to 19-year-olds have trolled someone online and one in three have engaged in digital piracy. From a report: An EU-funded study found evidence of widespread criminal, risky and delinquent behaviour among the 16-19 age group in nine European countries including the UK. A survey of 8,000 young people found that one in four have tracked or trolled someone online, one in eight have engaged in online harassment, one in 10 have engaged in hate speech or hacking, one in five have engaged in sexting and one in three have engaged in digital piracy. It also found that four out of 10 have watched pornography.

Julia Davidson, a co-author of the research and professor of criminology at the University of East London (UEL), said risky and criminal online behaviour was becoming almost normalised among a generation of European young people. "The research indicates that a large proportion of young people in the EU are engaging in some form of cybercrime, to such an extent that the conduct of low-level crimes online and online risk-taking has become almost normalised," she said.

New submitter CrankyOldGuy writes: Chinese hackers have stolen tens of millions of dollars worth of U.S. COVID relief benefits since 2020, the Secret Service said on Monday. The Secret Service declined to provide any additional details but confirmed a report by NBC News that said the Chinese hacking team that is reportedly responsible is known within the security research community as APT41 or Winnti. APT41 is a prolific cybercriminal group that had conducted a mix of government-backed cyber intrusions and financially motivated data breaches, according to experts.

Several members of the hacking group were indicted in 2019 and 2020 by the U.S. Justice Department for spying on over 100 companies, including software development companies, telecommunications providers, social media firms, and video game developers. "Regrettably, the Chinese Communist Party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China," former Deputy Attorney General Jeffrey Rosen said at the time.

"Graduate students at Northeastern University were able to organize and beat back an attempt at introducing invasive surveillance devices that were quietly placed under desks at their school," reports Motherboard: Early in October, Senior Vice Provost David Luzzi installed motion sensors under all the desks at the school's Interdisciplinary Science & Engineering Complex (ISEC), a facility used by graduate students and home to the "Cybersecurity and Privacy Institute" which studies surveillance. These sensors were installed at night — without student knowledge or consent — and when pressed for an explanation, students were told this was part of a study on "desk usage," according to a blog post by Max von Hippel, a Privacy Institute PhD candidate who wrote about the situation for the Tech Workers Coalition's newsletter....

Students began to raise concerns about the sensors, and an email was sent out by Luzzi attempting to address issues raised by students.... Luzzi wrote, the university had deployed "a Spaceti occupancy monitoring system" that would use heat sensors at groin level to "aggregate data by subzones to generate when a desk is occupied or not." Luzzi added that the data would be anonymized, aggregated to look at "themes" and not individual time at assigned desks, not be used in evaluations, and not shared with any supervisors of the students. Following that email, an impromptu listening session was held in the ISEC. At this first listening session, Luzzi asked that grad student attendees "trust the university since you trust them to give you a degree...."

After that, the students at the Privacy Institute, which specialize in studying surveillance and reversing its harm, started removing the sensors, hacking into them, and working on an open source guide so other students could do the same. Luzzi had claimed the devices were secure and the data encrypted, but Privacy Institute students learned they were relatively insecure and unencrypted.... After hacking the devices, students wrote an open letter to Luzzi and university president Joseph E. Aoun asking for the sensors to be removed because they were intimidating, part of a poorly conceived study, and deployed without IRB approval even though human subjects were at the center of the so-called study.
von Hippel notes that many members of the computer science department were also in a union, and thus networked together for a quick mass response. Motherboard writes that the controversy ultimately culminated with another listening session in which Luzzi "struggles to quell concerns that the study is invasive, poorly planned, costly, and likely unethical."

"Afterwards, von Hippel took to Twitter and shares what becomes a semi-viral thread documenting the entire timeline of events from the secret installation of the sensors to the listening session occurring that day. Hours later, the sensors are removed..."

"Twitter CEO Elon Musk turned to journalist Matt Taibbi on Friday to reveal the decision-making behind the platform's suppression of a 2020 article from the New York Post regarding Hunter Biden's laptop," reports Newsweek.

"Taibbi later deleted a tweet showing [former Twitter CEO] Jack Dorsey's email address," adds the Verge, covering reactions to Taibbi's thread — and the controversial events that the tweets described: At the time, it was not clear if the materials were genuine, and Twitter decided to ban links to or images of the Post's story, citing its policy on the distribution of hacked materials. The move was controversial even then, primarily among Republicans but also with speech advocates worried about Twitter's decision to block a news outlet. While Musk might be hoping we see documents showing Twitter's (largely former) staffers nefariously deciding to act in a way that helped now-President Joe Biden, the communications mostly show a team debating how to finalize and communicate a difficult moderation decision.
Taibbi himself tweeted that "Although several sources recalled hearing about a 'general' warning from federal law enforcement that summer about possible foreign hacks, there's no evidence - that I've seen - of any government involvement in the laptop story."

More from the Verge: Meanwhile, Taibbi's handling of the emails — which seem to have been handed to him at Musk's direction, though he only refers to "sources at Twitter" — appears to have exposed personal email addresses for two high-profile leaders: Dorsey and Representative Ro Khanna. An email address that belongs to someone Taibbi identifies as Dorsey is included in one message, in which Dorsey forwards an article Taibbi wrote criticizing Twitter's handling of the Post story. Meanwhile, Khanna confirmed to The Verge that his personal Gmail address is included in another email, in which Khanna reaches out to criticize Twitter's decision to restrict the Post's story as well.

"As the congressman who represents Silicon Valley, I felt Twitter's actions were a violation of First Amendment principles so I raised those concerns," Khanna said in a statement to The Verge. "Our democracy can only thrive if we are open to a marketplace of ideas and engaging with people with whom we disagree."

The story also revealed the names of multiple Twitter employees who were in communications about the moderation decision. While it's not out of line for journalists to report on the involvement of public-facing individuals or major decision makers, that doesn't describe all of the people named in the leaked communications.... "I don't get why naming names is necessary. Seems dangerous," Twitter co-founder Biz Stone wrote Friday in apparent reference to the leaks.... The Verge reached out to Taibbi for comment but didn't immediately hear back.

Twitter, which had its communications team dismantled during layoffs last month, also did not respond to a request for comment.
Wired adds: What did the world learn about Twitter's handling of the incident from the so-called Twitter Files? Not much. After all, Twitter reversed its decision two days later, and then-CEO Jack Dorsey said the moderation decision was "wrong."
In other news, "Twitter will start showing view count for all tweets," Elon Musk announced Friday, "just as view count is shown for all videos." And he shared other insights into his plans for Twitter's future.

"Freedom of speech doesn't mean freedom of reach. Negativity should & will get less reach than positivity."

America's Transportation Security Administration "has been quietly testing controversial facial recognition technology for passenger screening at 16 major domestic airports — from Washington to Los Angeles," reports the Washington Post.

Their article adds that the agency "hopes to expand it across the United States as soon as next year." Kiosks with cameras are doing a job that used to be completed by humans: checking the photos on travelers' IDs to make sure they're not impostors.... You step up to the travel document checker kiosk and stick your ID into a machine. Then you look into a camera for up to five seconds and the machine compares your live photo to the one it sees on your ID. They call this a "one to one" verification system, comparing one face to one ID. Even though the software is judging if you're an impostor, there's still a human agent there to make the final call (at least for now).

So how accurate is it? The TSA says it's been better at verifying IDs than the manual process. "This technology is definitely a security enhancement," said [TSA program manager Jason] Lim. "We are so far very satisfied with the performance of the machine's ability to conduct facial recognition accurately...." But the TSA hasn't actually released hard data about how often its system falsely identifies people, through incorrect positive or negative matches. Some of that might come to light next year when the TSA has to make its case to the Department of Homeland Security to convert airports all over the United States into facial recognition systems....

The TSA says it doesn't use facial recognition for law-enforcement purposes. It also says it minimizes holding on to our face data, so it isn't using the scans to build out a new national database of face IDs. "The scanning and match is made and immediately overwritten at the Travel Document Checker podium. We keep neither the live photo nor the photo of the ID," said Lim. But the TSA did acknowledge there are cases in which it holds on to the data for up to 24 months so its science and technology office can evaluate the system's effectiveness....

"None of this facial recognition technology is mandated," said Lim. "Those who do not feel comfortable will still have to present their ID — but they can tell the officer that they do not want their photo taken, and the officer will turn off the live camera." There are also supposed to be signs around informing you of your rights.
Here's the TSA's web page about the program. Thanks to long-time Slashdot reader SonicSpike for sharing the article.