Archive for the ‘Security’ Category

Identity Resolution Daily Links 2009-10-16

Friday, October 16th, 2009

[Post from Infoglide] Avoiding False Positives: Analytics or Humans?

“The European Union recently started a five-year research program in conjunction with its expanding role in fighting crime and terrorism. The purpose of Project Indect is to develop advanced analytics that help monitor human activity for ‘automatic detection of threats and abnormal behaviour and violence.’ Naturally, the project has drawn suspicion and criticism, both from those who oppose the growing power of the EU and from watchdog groups concerned about encroachments into privacy and civil liberty…”

SDTimes: Old thinking does a disservice to new data hubs

“The enterprise needs to be able to understand the origin, the time and possibly the reason for a change. These audit needs must be supported by the data hub at the attribute level. MDM solutions that maintain the golden record dynamically address this need by supporting the history of changes in the source systems record content.”

Accision Health Blog: Surveys Show Importance of EHR

“A new Rand study is one of the first to link the use of electronic health records in community-based medical practices with higher quality of care.  Rand Corporation researchers found in a study of 305 groups of primary care physicians that the routine use of multifunctional EHRs was more likely to be linked to higher quality care than other common strategies, such as structural changes used for improving care.”

NYSIF: Central NY Contractor Hit with Workers Comp Fraud Charges

“Investigators said Mr. Decker previously had an insurance policy with NYSIF when he operated RD Builders in November 2005, a policy cancelled for non-payment a few months later. In 2008, he applied to NYSIF’s Syracuse office for workers’ compensation insurance doing business as Bull Rock Development, Inc.”

public intelligence: Office of Intelligence and Analysis (DHS)

“These entities are unified under local fusion centers, which provide state and local officials with intelligence products while simultaneously gathering information for federal sources.  As of July 2009, there were 72 designated fusion centers around the country with 36 field representatives deployed. The Department has provided more than $254 million from FY 2004-2007 to state and local governments to support the centers.”

Avoiding False Positives: Analytics or Humans?

Wednesday, October 14th, 2009

By Robert Barker, Infoglide Senior VP & Chief Marketing Officer

The European Union recently started a five-year research program in conjunction with its expanding role in fighting crime and terrorism. The purpose of Project Indect is to develop advanced analytics that help monitor human activity for “automatic detection of threats and abnormal behaviour and violence.”

Naturally, the project has drawn suspicion and criticism, both from those who oppose the growing power of the EU and from watchdog groups concerned about encroachments into privacy and civil liberty:

According to the Open Europe think tank, the increased emphasis on co-operation and sharing intelligence means that European police forces are likely to gain access to sensitive information held by UK police, including the British DNA database. It also expects the number of UK citizens extradited under the controversial European Arrest Warrant to triple. Stephen Booth, an Open Europe analyst who has helped compile a dossier on the European justice agenda, said these developments and projects such as Indect sounded “Orwellian” and raised serious questions about individual liberty.

Shami Chakrabarti of Liberty, a UK human rights group, said, “Profiling whole populations instead of monitoring individual suspects is a sinister step in any society. It’s dangerous enough at [the] national level, but on a Europe-wide scale the idea becomes positively chilling.”

At IdentityResolutionDaily, we’ve consistently supported open and civil discussion about balancing security requirements with individual rights of privacy and liberty (e.g. “Walking the Privacy/Security Tightrope“) . We’ve also dealt with the criticality of using analytic technology that minimizes false positives (e.g. “False Positives versus Citizen Profiles“).

Not long ago, James Taylor of Decision Management Solutions made an excellent point about whether using analytic technologies (e.g. identity resolution) versus relying totally on human judgment increases or decreases the risk of false positives:

Humans, unlike analytics, are prone to prejudices and personal biases. They judge people too much by how they look (stopping the Indian with a beard for instance) and not enough by behavior (stopping the white guy who is nervously fiddling with his shoes say)… If we bring analytics to bear on a problem the question should be does it eliminate more biases and bad decision making than it creates new false positives… Over and over again studies show analytics do better in this regard… I think analytics are ethically neutral and the risk of something going “to the dark side” is the risk that comes from the people involved, with or without analytics.

We couldn’t have said it better ourselves.

Identity Resolution Daily Links 2009-10-12

Monday, October 12th, 2009

By the Infoglide Team

revenueXL: Web based EMR - ASP vs. SaaS? Should you really care?

SaaS applications differ from ASP applications in that SaaS solutions are developed specifically to leverage web technologies such as the browser, thereby making them web-native. The database design and architecture of SaaS applications are specifically built with ‘multi-tenancy’ in mind, thereby enabling multiple tenants (customers or users) to access a shared data model. An ASP application on the other hand in most cases is a typical Client-Server application (meant for a single client) that is accessed over the internet and therefore includes an independent instance of Database that is specifically meant for your medical office.”

The Data Asset: Closing the Loop: Selecting the Right Technology

“Data management tools include those for data profiling, data quality and identity resolution. Measures that need to be addressed include data standardization, pattern standardization, address verification, and adherence to business rules.”

Homeland Security: DHS Announces New Information-Sharing Tool to Help Fusion Centers Combat Terrorism

“State and major urban area fusion centers provide critical links for information sharing between and across all levels of government, and help fulfill key recommendations of the 9/11 Commission. This initiative will serve as a valuable resource to enhance situational awareness and support more timely and complete analysis of national security threats.”

ITBusinessEdge: Seven Data Integration Trends

Master data management, which should be an enterprisewide endeavor, is being deployed for tactical purposes. The result? MDM projects support specific business needs and aren’t fully integrated across the enterprise.”

Privacy – A Dying Concept?

Wednesday, October 7th, 2009

By Gary Seeger, Infoglide Vice President

An intriguing post by Nate Anderson on Ars Technica highlights a difficult reality about today’s easy availability of vast quantities of “anonymized” data. Quoting from a recent paper by Paul Ohm at the University of Colorado Law School, Anderson writes that “as Ohm notes, this illustrates a central reality of data collection: ‘data can either be useful or perfectly anonymous but never both.’”

A seminal study published in 2000 by Latanya Sweeney at Carnegie Mellon opened the issue by proving that a simple combination of a very small number of publicly available attributes can uniquely identify individuals:

“It was found that 87% (216 million of 248 million) of the population in the United States had reported characteristics that likely made them unique based only on {5-digit ZIP, gender, date of birth}. About half of the U.S. population (132 million of 248 million or 53%) are likely to be uniquely identified by only {place, gender, date of birth}, where place is basically the city, town, or municipality in which the person resides… In general, few characteristics are needed to uniquely identify a person.”

Faced with a choice between exploiting easily obtainable data for righteous ends versus the potential misuse of identifying individuals, can an appropriate balance be struck by privacy legislation? Anderson points out that:

“Because most data privacy laws focus on restricting personally identifiable information (PII), most data privacy laws need to be rethought. And there won’t be any magic bullet; the measures that are taken will increase privacy or reduce the utility of data, but there will be no way to guarantee maximal usefulness and maximal privacy at the same time.”

Looking at the subject from a business perspective, using technologies such as identity resolution to connect non-obvious data relationships serves many initiatives. It would seem admirable to exploit public records and other forms of publicly available information to mitigate risks, uncover fraud, or track down “bad” guys. Yet some cry foul when the technology exposes individuals who didn’t anticipate that their “private” information would be used to identify and/or track them down.

In the rapidly evolving cyber-information age, the desires, conflicts, and limitations of protecting privacy will continue to be sorted out in the legal realm. Those of us who solve business issues using identity resolution technology will swim in this legal quagmire for many years. Finding an appropriate balance between the protection of individual privacy and bona fide business uses of “public” data will almost certainly be a growing challenge to the moral and legal minds of our community.

Identity Resolution Daily Links 2009-09-28

Monday, September 28th, 2009

[Post from Infoglide] Social CRM, CDI, and Identity Resolution

“In her well-read book on CDI, Jill Dyché offers a definition of CDI that also seems to describe social CRM. Try reading her definition of CDI, replacing ‘CDI’ with ’social CRM’: CDI is a set of procedures, controls, skills and automation that standardize and integrate customer data originating from multiple sources.”

Concord Monitor: Don’t play games when giving your name

“What do they want? Your date of birth, your gender and your middle initial. This information will be relayed to the TSA, and the TSA will match the information against information maintained by the Terrorist Screening Center (an arm of the FBI that gathers and consolidates watch lists). The theory is that a 12-year-old boy named John X. Doe can more easily be separated from John Z. Doe, who happens to be a 37-year-old man with a history of making bombs, if additional information is collected during the booking process. Once TSA has cleared you, you’ll be issued a boarding pass.”

pressdemocrat.com: Achieving paperless health care

“Medical record-keeping, until recently, relied on rooms full of paper files that were easily misplaced and filled with hurried, handwritten entries that could be hard to read. Electronic records hold orderly, keyboard-entered data that never leaves a hard drive and have the potential to move seamlessly from a primary care provider’s office to an emergency room or specialist’s suite.”

ebizQ: MDM Becoming More Critical in Light of Cloud Computing

[David Linthicum] “We’re moving from complex federated on-premise systems, to complex federated on-premise and cloud-delivered systems.   Typically, we’re moving in these new directions without regard for an underlying strategy around MDM, or other data management issues for that matter.”

Homeland Security: I&A Reconceived: Defining a Homeland Security Intelligence Role

“There are currently 72 fusion centers up and running around the country (a substantial increase from 38 centers in 2006).  I&A has deployed 39 intelligence officers to fusion centers nationwide, with another five in pre-deployment training and nearly 20 in various stages of administrative processing.  I&A will deploy a total of 70 officers by the end of FY 2010, and will complete installation of the Homeland Secure Data Network (HSDN), which allows the federal government to share Secret-level intelligence and information with state and local partners, at all 72 fusion centers.”

Identity Resolution Daily Links 2009-09-18

Friday, September 18th, 2009

[Post from Infoglide] Metrics for Entity Resolution

“In the last post I discussed the concepts of internal and external views of identity.  The fact that we can have different views of the same identity then raises the question of how to go about comparing different views.  What complicates this issue is that, even though we can talk about resolving references in pairs (i.e. linking two records if they refer to the same entity), the total number of references can be quite large, and consequently, there are many possible pair-wise combinations to consider.”

FederalComputerWeek: DOD opens some classified information to non-federal officials

“The non-federal officials will get access via the Homeland Security department’s secret-level Homeland Security Data Network. That network is currently deployed at 27 of the more than 70 fusion centers located around the country, according to DHS.”

Gerson Lehrman Group: Stylish Master Data Management

“In my experience, one of these styles is nigh-on impractical.  ‘Centralized’ (also called ‘transaction’) implies a wrenching architectural shift whereby the a master data hub becomes the one and only source of master data for an enterprise, replacing the functionality of generating master data in existing transaction systems, and serving up ‘golden copy’ data to other systems, perhaps via an enterprise service bus architecture. This sounds elegant, but is extremely invasive.”

INFORMATICA PERSPECTIVES: Get To “Meaningful Use” Faster

Identity resolution’s goal is to find the right person at the right time, regardless of the potential for error and variation in what information is available at the time of request.  This could be during patient registration and admission, patient transfers or referrals, emergency room visits, and simply sharing information across providers or insurers.  The ability to do this effectively must become the most basic and core function.”

False Positives versus Citizen Profiles

Wednesday, September 9th, 2009

By Mike Shultz, Infoglide Software CEO

A post from Steve Bennett in Australia refers to an announcement by the Dutch government about their intent to prevent crime by profiling their citizens. By creating a digital profile of each citizen using banking, flight, and internet usage information, their justice department plans to compare citizen profiles with those of convicted criminals, then let law enforcement authorities know when matches are found. Needless to day, the move has created quite a bit of discussion in the Netherlands.

In no way would such a move fly in the United States. From the time of its founding, our citizens have consistently shown a distrust of government that has limited its control over basic freedoms. While some would argue that the U.S. government has gained too much control over the years, that healthy distrust has definitely limited government intrusion into our personal freedoms.

In contrast to the broad approach proposed by the Dutch Minister of Justice, systems using entity resolution can avoid the “boil the ocean” approach. You can target specific data sources that hold relevant information, and then compare the bare minimum of attributes needed to discover hidden relationships, all without creating and storing profiles on millions of non-criminal citizens.

With such a system, can false positives occur? Yes, but the technology has become so sophisticated that the chance of a false positive is minuscule. The judgment to be made is whether the number of false positives outweighs the increased level of security afforded the public.

No doubt, the lively discussion between those concerned about invasion of privacy and those focused on keeping the populace safe will continue. And that’s how it should be.

Walking the Privacy/Security Tightrope

Wednesday, August 19th, 2009

By Mike Shultz, Infoglide Software CEO

In a post last April, we talked about the privacy/security balance issue for fusion centers and for vendors with supporting technology. Now an article in the Austin Sunday paper about a proposed fusion center again highlights the tension between security and privacy. Each time a fusion center is proposed, the story goes like this:

“Local law enforcement officials see benefit of two-way information sharing with other local, state, and national agencies… privacy groups are concerned about unnecessary intrusions into personal information.”

As of July 2009, 72 such centers have been put in place and are operational across the country. The Department of Homeland Security (DHS), in conjunction with the Justice Department, has tried to address the need for consistent operating principles. Starting in 2005, they published and continue to maintain a set of guidelines suggesting how to establish collaboration and data sharing between agencies while protecting the privacy and civil liberties of citizens.

It would be nice to report that every fusion center has performed flawlessly in solving crimes while preserving American freedoms. Given that they are run by human beings, execution at every center hasn’t always fallen within the guidelines. There are instances where the centers have been ineffective, and there are instances where controversial privacy issues have been raised when centers overstepped their bounds.

The Austin American Statesman article presented a balanced view of the issues surrounding fusion centers without sensationalizing them. Instances of controversies surrounding fusion centers were discussed, yet instances of the benefits of existing centers were also given.

As Jack Thomas Tomarchio, former deputy undersecretary for intelligence and analysis operations at DHS was quoted, “These things are brand new. They haven’t been around 20 years, and even the ones that have been around three or four years are still in their formative years. In many cases, they don’t have a track record.”

While existing software technology addresses both privacy and security issues, the ultimate decision to use it wisely falls to the people who run the fusion centers. In the City of Austin case, the concerns of privacy and security seem to be receiving equal consideration so that the best results can be achieved without trampling on civil liberties.

Vetting Sharks and Whales

Wednesday, August 12th, 2009

By Robert Barker, Infoglide Senior VP & Chief Marketing Officer

If you’re not in the casino industry, the title of this post may be meaningless, but for casino managers, “sharks” are the bad guys and “whales” are the good guys. Sharks are people who try to defraud the casino through illegal activities, while whales are the high rollers who are apt to win $20,000 one trip and lost $25,000 the next. If there’s any environment where you’d be motivated as a businessperson to know as much as you can about who you’re dealing with, it’s a casino.

What can an ideal identity resolution system do for a casino manager? From the moment of check-in, the system identifies the whales and sharks. Unbeknownst to the hospitality clerk, the attributes of the person checking in are compared real time against computerized lists of bad guys and good guys. The shark lists include known card counters, chip stealers, and other types of troublesome guests and fraudsters.

When a match is found as the suspected fraudster checks in, a text alert is sent immediately to a security room. Then a plainclothes hotel security staffer quietly pulls the person of interest aside, confirms who they are, and informs them that they aren’t welcome and should leave immediately. The identity resolution system also monitors other points of interaction (e.g., credit cards) in the casino.

Whales are similarly detected at entry points into the casino, but once detected, they get the “red carpet” treatment instead of a red flag. Alerts are sent to the appropriate people, including those running the whale’s favorite tables.

The identity resolution system also detects the whale’s friends and relatives to ensure that they are likewise handled with care. Without the system in place, unfortunate incidents can happen. For example, a whale’s wife or girlfriend may be refused some request because the server doesn’t realize who she’s related to. It’s not good business to let even one incident like that happen!

Implementing an identity resolution system can help any enterprise get a better handle on its business. Consultant and blogger Jim George documented what he calls “the 6 R’s” about knowing who’s whom in a casino environment:

  • Resolve –  Is Jane Smith also Jane Brown and/or Jane Brown-Smythe?
  • Research – What is known about her? Is she a known criminal? Card counter?
  • Relate – Who is she related to and how? Is she Gotti’s limo driver or the wife of a wealthy high rolling CEO?
  • Recognize – At the check-in counter, out on the casino floor, over the phone, on the Internet site, at the cage, etc.
  • Respond – All the above is wasted without the capability to differentiate the appropriate response by the casino.
  • Recover – If all else fails, do we have all of the information to make a recovery or support an arrest?

If you’re investigating identity resolution, you’re in the right place. That’s all we talk about here.

If you have a comment, we want to hear it; if you have a question, our readers will try to help.

Identity Resolution Daily Links 2009-08-07

Friday, August 7th, 2009

[Post from Infoglide] Applying Identity Resolution to Patient Identification Integrity

The recently passed economic stimulus plan included $20 billion to encourage adoption of electronic health records by medical facilities across the U.S., spurring a huge amount of activity in the health care world. A key issue in EMR implementation is the integrity of the patient identification process used in creating an enterprise master patient index (EMPI).

KELOLAND.com: Keeping An Eye On The Highways

“South Dakota troopers receive alerts about fugitives and people of interest that may be in the state on a regular basis through a place called the National Fusion Center Network. It’s a Department of Homeland Security agency that funnels information to law enforcement agencies in every state. ‘The information sharing is something that improved after 9/11. I think this is a case where the information sharing paid off,’ Lt. Welsh said.”

HealthData Management: When Will EHR Spending Ramp Up?

“‘The steady drumbeat of inevitability is changing the debate from not ‘if’ we’ll get an electronic health record but ‘when’,’ says Eric Brown, research director at Forrester Research Inc., Cambridge, Mass. ‘There’s a tipping point at which we’ll see big growth, but we’re not there yet.’”

YouTube: Bruce Schneier on Secure Flight

Noted security expert Bruce Schneier discusses how TSA’s Secure Flight program has evolved

Bad Behavior has blocked 846 access attempts in the last 7 days.

E-mail It
Portfolio Strategy News The Direct Marketing Voice