Access Management , Digital Identity
Why It Was Important for IRS to Remove Facial Recognition
Cybercrime Consultant Brett Johnson on the Various Problems with Vendor ID.meFacial recognition as a tool is not bad, but the manner in which it is used can make it look bad, says Brett Johnson, a consultant on cybersecurity, cybercrime and ID theft who was a central figure in the cybercrime world for over 20 years.
See Also: OnDemand | Protecting Digital Assets: A Blueprint to Identity-Centered Zero Trust
"What ID.me does with our data is questionable. The CEO at one point says that because of regulations they had to retain our data for seven years. Recently, he came out and said that we can get rid of that data if we want. So there is some dishonesty that is going on," Johnson says. (See: Update: Amid IRS' Pullback, ID.me Offers Alternative Solution)
"Moreover, a government organization forcing citizens to give up their information to a private company and then that company profiting by collecting that information - I don’t believe in that. This increases our threat landscape."
In a video interview with Information Security Media Group, Johnson also discusses:
- The pros and cons of facial recognition;
- The various problems with ID.me;
- Road ahead for proper authentication.
Johnson, referred to by the United States Secret Service as "The Original Internet Godfather," was a central figure in the cybercrime world for over 20 years. He built and was leader of ShadowCrew, the precursor to today's darknet markets. Johnson was instrumental in developing many areas of online fraud while helping design, implement and refine identity theft, account takeover fraud, card-not-present fraud, IRS tax fraud and other social engineering attacks, breaches and hacking operations. Today, Johnson works as a cybersecurity consultant and public speaker.