HOME

Archive for September, 2007

Immigration Fraud is the Problem, Not Immigrants

Friday, September 28th, 2007

“It is unfair to label Iranian and other immigrants as dangerous based solely on the activities of their government’s leaders. This one-sided post unnecessarily causes fear towards immigrants from Iran, Cuba, Sudan, and Syria. […] Immigration did not cause 9/11.”

That’s one of our own, Joe Alavi, Web Developer for Infoglide Software, taking us to task for our post on Monday, Much Ado About Ahmadinejad. But What of the Other 3,100 Iranians in the US? And of course, he’s right.

There was no intent to impugn every immigrant from these countries. Instead, we wanted to call attention to a new GAO report that warns that U.S. government is not taking adequate steps to properly resolve the identities of immigrants who apply through the Diversity Visa (DV) program. The report says, “Consular officers at 6 of the 11 posts we reviewed reported that widespread use of fake documents, such as birth certificates, marriage certificates, and passports, presented challenges when verifying the identities of applicants and dependents. Difficulty in verifying identities has security implications because State’s security checks rely heavily on name-based databases.”

In making our point, instead of keying off this provocative headline from Reuters, U.S. admits nearly 10,000 from “terrorism” states, we could have employed this more balanced story from the Washington Post — Risk of Fraud High in Visa Program.

Another story from the San Antonio Express News reported that of the 10,000 immigrants who have migrated here from states that sponsor terrorism, “None of those immigrants has been linked to terrorist investigations or acts. But the program should be overhauled, the 51-page report concluded, because the risk remains high and there are other lingering problems, such as rampant fraud.”

However, Investor’s Business Daily, CNSNews and Sen. Jeff Sessions (R-Ala.) all call attention to one exception: Mohamed Hadayet. He earned a green card through his wife and she gained entry through the DV program. Mohamed Hadayet was the terrorist who shot and killed two people at the El Al counter at LAX in 2002. For the sake of balance, we should point out that Hadayet was an Egyptian and Egypt is not listed as a state sponsor of terrorism.

And balance is what our post on Monday was missing.

Thank you, Joe, for writing

“The post does not mention that the vast majority of immigrants from these countries are peaceful, intelligent, law abiding citizens that make a positive impact on this country on a daily basis. It is irresponsible to single out Iranians in the title of the post because there are no facts to suggest that these Iranians are dangerous whatsoever. They are coming to this country to receive an education, a better way of life, to visit relatives, etc. They are not coming to be spies or terrorists as this post suggests.”

Joe also called us out for not balancing our post with the very real accomplishments of Iranian-Americans.

He’s right about that and he’s also right about this:

“The United States was founded by immigrants in Plymouth, Massachusetts and Jamestown, Virginia. The first transcontinental railroad (one of the greatest technological achievements of the 19th century) was constructed largely by hard working Irish and Chinese immigrants in very dangerous and grueling conditions.

“This country receives tremendous benefit by welcoming immigrants because often they are very intelligent individuals seeking higher education, and end up working in various industries, giving our country a competitive edge over the rest of the world. They bring fresh ideas and perspectives and give credibility to our country as an open minded society. Just because 9/11 happened does not mean that immigration is an epidemic. Immigration did not cause 9/11.”

Thanks again, Joe, for speaking up and keeping the blog on the right path.

Identity Resolution Daily Links 2007-09-28

Friday, September 28th, 2007

[Daily Post from Infoglide Software] We the Bloggers: Chertoff on Balancing Privacy and Security

“Privacy advocates would disagree that collecting a little information like the types of books you read does indeed maximize security and privacy. Note that Mr. Chertoff wrote that current data collection efforts are ‘the best way.’ As we saw when the CAPPS II program was scuttled over privacy concerns, if this isn’t the best way, DHS will respond to the howls of protest from privacy advocates and change the program.”

Threat Level: HOWTO: Check Your Homeland Security Travel File

“Are you interested in knowing what travel information is being stored about you by the Department of Homeland Security? Wondering if somehow your airport reading material was recorded and kept in their records? The Identity Project now has up an easy-to-use set of forms so you can make your own Privacy Act request to see what data powers the government’s assessment of your terrorism potential whenever you fly into or out of the country.”

The Virginian-Pilot: Retailers try to profit by learning to thwart theft

“Use of auction sites to sell shoplifted items has grown steadily since the inception of eBay, the experts said. ‘We’ve just seen a progression ever since then,’ said Greg Anderson, who handles investigations in the mid-Atlantic region for Target Corp. and spoke during a session on organized retail crime, a phrase for professional shoplifting rings. ‘They don’t have to go to an alley or someplace shady to do the merchandise exchange.’”

We the Bloggers: Chertoff on Balancing Privacy and Security

Thursday, September 27th, 2007

The month of September saw the launch of DHS head Michael Chertoff’s blog and even the State Department entered the blogosphere with its Dipnote blog. And Mike Leavitt, Secretary of Health and Human Services began publishing the first cabinet-level blog back in August.

This blogging thing must really be catching on.

Mr. Chertoff’s blog is of interest, particularly yesterday’s post, Privacy And Security. Writing about this post, Wired noted that “the man has a little flair.” And indeed, he does. His post starts off refuting Scott McNealy’s famous declaration, “Privacy is dead, get over it.” Writes Mr. Chertoff

“Privacy is certainly not dead, but our society must go the second mile to protect it. The question that my Department faces is how to do that in our post-9/11 world where the need for greater security is paramount.”

The U.S. has been balancing privacy and security since its inception, not just in a post-9/11 world. Witness these two competing quotes from our Founding Fathers

“He who would trade liberty for some temporary security, deserves neither liberty nor security.” — Ben Franklin

“The price of freedom is eternal vigilance.” — Thomas Jefferson

We write about the need for security versus the right to privacy a great deal, and those two quotes appear in most of our posts as a constant reminder to both securicrats and privacy advocates that this debate has raged since long before our time. And let us pray that it continues long after we’re gone.

To quote a previous post:

“Achieving a balance between privacy and security is critically important to the survival of our American democracy. At this juncture in our history, the threat of terrorism has caused us to restrict some rights to privacy for the sake of national security. Without a certain level of security then American lives will be lost. Conversely, without a certain level of privacy, the American way of life will be lost. And at times, we as a nation have made mistakes when the pendulum has swung too far either way. Fortunately, we seem to keep returning to a state of equilibrium. It’s the howls of protest that arise when proponents of one side earns a win over the other, the constant, never-ending debate that keeps both sides in check and ensures a perpetual balance.”

Reading Mr. Chertoff’s blog, it’s clear he gets the importance of preserving this balance. In yesterday’s post he wrote

“But what about the tension between privacy and security? Is it true that whatever we do to strengthen our security must be at the expense of privacy? It is not. Our efforts to secure our homeland need not harm our privacy. Rather, in many cases they can actually strengthen it. […] Privacy and security are fundamental rights and we will continue to defend both in our post-9/11 world.”

At Infoglide Software we’ve been acutely aware of this tension between privacy and security since the beginning. In the first week of our blog, CEO Mike Shultz wrote

“It was important to all of us here that we didn’t create some sort of Big-Brother-enabling technology. As a result, we designed software that can resolve identities across multiple sources while protecting data privacy and security. That technology is now the new core of the government’s Secure Flight program after it suffered some early setbacks.

“Now, there’s no question that our government has to be involved in identity resolution. The impact of the events of 9/11 clearly make this an imperative. The good news is that our government is under constant scrutiny as it relates to the freedoms that we all enjoy. From Congressional oversight to privacy advocates, the government invests in assuring that it does not unreasonably trample on personal rights.”

As an example of way in which DHS has strengthened privacy rights under his reign, Chertoff mentions the TSA Secure Flight program:

“Our strategy is to collect a little information about each visitor–just enough to help us decide who might be a potential security risk. When compared to the alternatives–-searching everyone, searching no one, or the hit-or-miss strategy of random searches–we’ve found that this is the best way to maximize security while at the same time maximizing privacy.”

Privacy advocates would disagree that collecting a little information like the types of books you read does indeed maximize security and privacy. Note that Mr. Chertoff wrote that current data collection efforts are “the best way.” As we saw when the CAPPS II program was scuttled over privacy concerns, if this isn’t the best way, DHS will respond to the howls of protest from privacy advocates and change the program.

DHS is the first department to have a Chief Privacy Officer as mandated by Section 222 of the Homeland Security Act of 2002, Mr Chertoff asserts. Hugo Teufel, the CPO, is empowered by Section 222 to assure that the “use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information.” Both Mr. Tuefel and the Civil Rights and Liberties Officer report directly to Mr. Chertoff, and must also compile an annual report that is subject to congressional review.

If Mr. Teufel’s position is just a token gesture, we’ll all know soon enough.

In conclusion, we’ll leave you with two quotes from another Founding Father, Thomas Paine:

“Wherefore, security being the true design and end of government, it unanswerably follows, that whatever FORM thereof appears most likely to ensure it to us, with the least expense and greatest benefit, is preferable to all others.” — Common Sense

“An avidity to punish is always dangerous to liberty. It leads men to stretch, to misinterpret, and to misapply even the best of laws. He that would make his own liberty secure must guard even his enemy from oppression; for if he violates this duty he establishes a precedent that will reach to himself.” — Dissertation on First Principles of Government

Identity Resolution Daily Links 2007-09-27

Thursday, September 27th, 2007

[Daily Post from Infoglide Software] Resist the Urge to Merge Purge Data

“Mr. Jonas published a great post yesterday comparing identity resolution against match merge, merge purge and list de-duplication systems that is a must-read for the CIOs doing all the hefty lifting in financial services, government and insurance industries. (Note: identity resolution is called “entity resolution” in IBM parlance.)”

GovernmentExecutive.com: Privacy advocates wary of data ‘fusion centers’

Riegle called the initiative ‘a novel and different approach to information-sharing’ and said privacy was a top concern when each center was formed. Wobbleton said transparency is a core part of the mission. ‘We do not want to mess this up,’ he added.”

Washington Post: Patriot Act Provisions Voided

“In a case brought by a Portland man who was wrongly detained as a terrorism suspect in 2004, U.S. District Judge Ann Aiken ruled that the Patriot Act violates the Constitution because it “permits the executive branch of government to conduct surveillance and searches of American citizens without satisfying the probable cause requirements of the Fourth Amendment.”

Leadership Journal: Privacy And Security

Writes Michael Chertoff in the DHS blog: “But what about the tension between privacy and security? Is it true that whatever we do to strengthen our security must be at the expense of privacy? It is not. Our efforts to secure our homeland need not harm our privacy. Rather, in many cases they can actually strengthen it. […] Privacy and security are fundamental rights and we will continue to defend both in our post-9/11 world.”

EFF: “Secure Flight” Returns, Lacking Privacy Protections

“When it enacted the Privacy Act in 1974, Congress sought to restrict the amount of personal information that federal agencies could collect and, significantly, required agencies to be transparent in their information practices. The Privacy Act is intended ‘to promote accountability, responsibility, legislative oversight, and open government with respect to the use of computer technology in the personal information systems and data banks of the Federal Government[.]’ Adherence to these requirements is critical for a system like Secure Flight.”

Resist the Urge to Merge Purge Data

Wednesday, September 26th, 2007

Surely you’re aware of Jeff Jonas, identity resolution’s poster boy and first real celebrity. Mr. Jonas is the chief scientist behind IBM’s Entity Analytic Solutions (EAS) and the founder of Systems Research & Development (SRD). He’s a media magnet who’s been featured in CNN, Forbes, Newsweek, NPR, Time and Wired. While he hasn’t quite made it to the cover of People Magazine yet, he was recently sought out by an NBC affiliate in Philadelphia to comment on the plot of the new NBC show Chuck.

Mr. Jonas published a great post yesterday comparing identity resolution against match merge, merge purge and list de-duplication systems that is a must-read for the CIOs doing all the hefty lifting in financial services, government and insurance industries. (Note: identity resolution is called “entity resolution” in IBM parlance.)

For example, when two insurance companies get the urge to merge, they always run into data compatibility issues when they begin to look at the databases they have currently have in place. For claims and underwriting purposes, data synchronization is not a luxury — it’s essential to the daily flow of business.

Back in August when Dutch AEGON acquired the life insurance operations of U.S. investment bank Merrill Lynch in a $1.3 billion in cash deal, our own Glenn Hopkins commented

“Instead of implementing a master data management program, I know that AEGON would be better served — and save lots of capital — if they bolted an identity resolution solution onto their existing architecture. And instead of merging or purging all the identities both companies possess, an identity resolution solution can sift through all the information and keep it all in its native formats for future use.”

The always eloquent Mr. Jonas extends this argument further in his post, Entity Resolution Systems vs. Match Merge/Merge Purge/List De-duplication Systems.

If it’s not too late for AEGON, they should consider Mr. Jonas’ reasons below to avoid a “ground up reload”:

  • Batch versus real-time
  • Snapshot in time versus perpetually current
  • Data survivorship versus full attribution
  • Data drifting versus self-correcting
  • Single version of truth versus every version of truth
  • Outlier attribute suppression versus context accumulating
  • Binary list processing versus “n” data source ingestion
  • Limited scalability versus massive scalability

Please read the post in its entirety for a full explanation of these points and you’ll see why we agree with Mr. Jonas’ conclusion below.

“Entity resolution systems are best suited for real-time missions where processes require access to the most accurate and most current view of that which is knowable [to the enterprise].”

To conclude this post, we’d like to point out to insurance execs that there are other business applications to consider, as mentioned by Glenn in his post on the AEGON merger last month:

“With mergers and acquisitions, there’s always customer overlap issues in any industry. In the insurance industry, with some customers attempting to defraud insurers by using multiple identities, it’s critical to the bottom-line to cross-reference multiple identity records against not just watch lists but also the following business applications:

  • Automated fraud detection
  • Underwriting risk management
  • Enterprise identity management
  • Transactional CRM
  • Compliance
  • Background checks
  • Producer risk assessment”

Identity Resolution Daily Links 2007-09-26

Wednesday, September 26th, 2007

[Daily Post from Infoglide Software] Identity Resolution for Employee Screening Beats Background Checks

“Good help is hard to find, so the saying goes. Now thanks to identity resolution solutions, retailers are benefiting from this corollary: Hardened criminals are also good to find. Before the hire and even after the hire, it’s good for a company’s bottom line if they can identity potential problems before they happen.”

Jeff Jonas: Entity Resolution Systems vs. Match Merge/Merge Purge/List De-duplication Systems

“Sometimes entity resolution systems get mixed up with match merge, merge purge and list de-duplication systems (collectively “merge purge systems”) … so I thought I would take a moment to point out some of the differences….”

CNN: With 300,000 names on list, terrorist center always on alert

“Twelve watch lists from throughout the government have been consolidated into one master document. The names are persons whom the government has determined there is a reasonable suspicion of being associated with terrorism. After the terror center confirms a name on the list, the inquiring agent ‘can drill down deeper and get more information about that person and make a more informed decision as to whether he represents a threat to the people of the United States,’ Boyle said.”

Center for Democracy and Technology: Surveillance Law Must Protect Privacy and Security

“Congress can enact legislation that meets the needs of intelligence agencies for defending national security, while still protecting the fundamental privacy rights of innocent Americans, CDT Policy Director Jim Dempsey told the Senate Judiciary Committee today.”

AP: Pope: War on terror must respect rights

“Democratic societies have the right to defend themselves against terrorism but must also respect laws and human rights — or they risk endangering the very freedoms they want to protect, Pope Benedict XVI said Friday.”

Identity Resolution for Employee Screening Beats Background Checks

Tuesday, September 25th, 2007

Good help is hard to find, so the saying goes. Now thanks to identity resolution solutions, retailers are benefiting from this corollary: Hardened criminals are also good to find. Before the hire and even after the hire, it’s good for a company’s bottom line if they can identity potential problems before they happen.

According to the DOJ, employee theft is growing 15 percent annually and the Department of Commerce says that a third of all employees steal from employers. Hence the nationwide rise in employers making background checks a pre-condition to hire. But there are several inherent problems in standard background checks. For example, job candidates can:

1. Lie about convictions
2. Use a fake identity
3. Have hidden relationships with known criminals
4. Be the perfect employee but certain life changes after the hire can make a thief out of an honest person.

Lying on resumes and job applications is widespread. The San Francisco Chronicle pointed to a survey a while back that found that a fourth of all job candidates lied or gave erroneous information. But background checks only disqualified 13 percent of these applicants. The hard part in catching a liar is that the proof is often concealed in various data silos or legacy systems that can’t be accessed. Since 9/11, the authorities have gotten much better at sharing conviction records. Unfortunately, way too many shoplifter apprehensions don’t lead to convictions. Retailers do, however, keep databases of shoplifting suspects. But that data is worthless if it can’t be accessed due to complex data management issues or even simple constraints like the inability to access data at a sister store.

For employment pre-screening, identity resolution solutions solve this problem by easily gliding across multiple data sources (e.g., lists of known shoplifters, bad check writers, vendors, returns, perpetrators of organized retail crime, and LERPnet) and finding linkages that indicate fraud.

Identity resolution also solves the problems with fake identities and hidden relationships. By applying sophisticated similarity search techniques to resolve multiple identities, a single view of an individual highlights otherwise hidden relationships discovered by analyzing multiple attributes like common phone numbers and addresses.

But what about when good employees go bad due life changing events like financial difficulties, divorce or addictions? Could any of these circumstances have motived this Target Loss Prevention pro to allegedly turn off the security cameras and steal $14,000 worth of merchandise? While it’s true that personal issues do not necessarily a thief make. But if your heretofore great employee is being added to negative databases in his off-time, wouldn’t you want to know about it?

For employee monitoring, an identity resolution solution can check periodically to detect employees who may have been added to these sources of information after being hired.

Background checks are good in theory. But as Yogi Berra said, “In theory, there is no difference between theory and practice. But in practice, there is.”

Identity Resolution Daily Links 2007-09-25

Tuesday, September 25th, 2007

[Daily Post from Infoglide Software] Much Ado About Ahmadinejad. But What of the Other 3,100 Iranians in the US?

“Unless you’ve been living in a cave (a real cave, not the wired data center that Bin Laden apparently occupies), you’ve probably seen all the hoopla surrounding Iranian President Mahmoud Ahmadinejad visit to the U.N. and his lecture at Columbia University. Instead of one Iranian who’s hard to miss, perhaps we should be more concerned about the 3,100 Iranians who’ve legally entered the U.S. in the last six years under the Diversity Visa Program (DV)….”

Little Falls Times: Campaign under way to combat insurance fraud

“Insurance fraud costs Americans at least $80 billion a year. If this illegal activity were a legitimate industry, its profits would exceed Toyota, IBM, Wal-Mart and Microsoft. If measured by sales, insurance fraud would crush Johnson & Johnson, Proctor & Gamble and Coca-Cola among many more of the Forbes Global 2000.”

Yuma Sun: Target employee arrested on suspicion of theft of store goods

“As an employee of the loss prevention section, Bratcher said, Reynoso allegedly knew how to disable the electronic sensor that sets off an alarm when someone walks out the door with an unpaid item. ‘I don’t even think they were hiding it in some cases,’ Bratcher said. ‘When the guy who’s watching the (security) camera is the one who’s stealing it … The accomplice would come to the store in some cases while the security guy would … if need be, disable the security system. They would roll stuff right out the front door.’”

Wall Street Journal: Surveillance Showdown

“Would any sane country purposefully limit its ability to spy on enemy communications in time of war? That is the question Congress must answer as it takes up reform of the Foreign Intelligence Surveillance Act (FISA) this week. Privacy activists, civil libertarians and congressional Democrats argue that both foreign and domestic eavesdropping must be subject to judicial scrutiny and oversight, even if this means drastically reducing the amount of foreign intelligence information available to the government, without ever acknowledging the costs involved. It is time the American people had an open and honest debate on the relative importance of privacy.” (Subscription required.)

Much Ado About Ahmadinejad. But What of the Other 3,100 Iranians in the US?

Monday, September 24th, 2007

Unless you’ve been living in a cave (a real cave, not the wired data center that Bin Laden apparently occupies), you’ve probably seen all the hoopla surrounding Iranian President Mahmoud Ahmadinejad visit to the U.N. and his lecture at Columbia University. Instead of one Iranian who’s hard to miss, perhaps we should be more concerned about the 3,100 Iranians who’ve legally entered the U.S. in the last six years under the Diversity Visa Program (DV).

The DV was created in 1990 and according to a new GAO report,

“The DV program is contributing to the diversity of U.S. immigrants; more than 500,000 aliens from countries with low rates of immigration to the United States have become legal permanent residents through the program.”

That all sounds nice. But here’s where it gets scary. Again, from the GAO site, they’ve found that the DV is

“vulnerable to fraud committed by and against DV applicants, but State has not compiled comprehensive data on detected and suspected fraudulent activity. […] Consular officers at 6 of the 11 posts we reviewed reported that widespread use of fake documents, such as birth certificates, marriage certificates, and passports, presented challenges when verifying the identities of applicants and dependents. Difficulty in verifying identities has security implications because State’s security checks rely heavily on name-based databases. [Emphasis added.] In 2003, State’s Inspector General raised concerns that aliens from countries designated as state sponsors of terrorism can apply for diversity visas. Nearly 9,800 persons from these countries have obtained permanent residency in the United States through the program.”

The Associated Press reports that,

“Of countries designated by the State Department as sponsors of terrorism, over 2,700 people from Cuba have come into the United States through the program, as have 3,100 Iranians, 3,700 Sudanese and 160 Syrians.”

The State Department’s “difficulty verifying identities” due to its heavy reliance on name-based databases is a solvable problem.

If ever there was a case for identity resolution, this would be it. Identity resolution engines are typically used to uncover risk, fraud, conflicts of interest and master data management (MDM). Identity resolution is an operational intelligence process whereby organizations can search disparate data sources with a view to understanding possible identity matches and non-obvious relationships across those sources. It analyzes all of the information relating to individuals from multiple sources of data, and then applies likelihood and probability scoring to determine which identities are a match and what, if any, linkage exists between those identities.

It’s safe to assume that the State Department’s data is spread across different systems, platforms and even countries. But that’s not a problem for an identity resolution solution that glides across multiple data sources and applies sophisticated similarity search techniques to resolve multiple identities.

The State Department’s issues with name resolution is also complicated by the transliteration of foreign names, misspellings, typos and out right identity fraud, but again this is solvable with identity resolution. (See Playing the Name Game with Terrorist Watch Lists and Shoplifter Databases, for more information.)

Here’s hoping that the State Department gets its databases in synch quickly so we can avoid this nightmare scenario as reported by Reuters:

“The [GAO] report quoted a U.S. security officer in Turkey as saying it would be possible for Iranian intelligence officers to pose as applicants and not be detected if their identities were not already known to U.S. intelligence.”

Identity Resolution Daily Links 2007-09-24

Monday, September 24th, 2007

[Daily Post from Infoglide Software] Privacy and Security Advocates: It’s a Good Thing We Can’t All Get Along

“Achieving a balance between privacy and security is critically important to the survival of our American democracy. At this juncture in our history, the threat of terrorism has caused us to restrict some rights to privacy for the sake of national security. Without a certain level of security then American lives will be lost. Conversely, without a certain level of privacy, the American way of life will be lost.”

Washington Post: Collecting of Details on Travelers Documented

“Stewart Verdery, former first assistant secretary for policy and planning at DHS, said the data collected for ATS should be considered ‘an investigative tool, just the way we do with law enforcement, who take records of things for future purposes when they need to figure out where people came from, what they were carrying and who they are associated with. That type of information is extremely valuable when you’re trying to thread together a plot or you’re trying to clean up after an attack.’”

Reuters: U.S. admits nearly 10,000 from “terrorism” states

“The report quoted a U.S. security officer in Turkey as saying it would be possible for Iranian intelligence officers to pose as applicants and not be detected if their identities were not already known to U.S. intelligence. The GAO said the State Department expressed disappointment with the report’s findings and rejected recommendations that the department compile more comprehensive data on fraud activity and formulate a new strategy for combating it.”

Homeland Security Watch: The Only Thing Certain About Fusion Centers Is Change

“Today, about 43 Fusion Centers exist. Since 2003, DHS has provided more than $300 million to states and regions to establish these Centers and have assigned only about 15 of its own intel analysts to the Centers. (35 more analysts are to be deployed by year’s end.) A list of state and regional intelligence fusion centers dated March 8 was first published by Secrecy News, and by the National Criminal Intelligence Resource Center of the Justice Department in Tallahassee.”


Bad Behavior has blocked 594 access attempts in the last 7 days.

Close
E-mail It
Portfolio Strategy News The Direct Marketing Voice