Domino's LP Implements Active Shooter Program Across North America

Kevin Kent from the Domino's Pizza Safety, Security and Loss Prevention, led by Van Carney, had the opportunity to speak to the entire team at ALICE Training Institute about the implementation of their active shooter program within the Domino's organization.

Kevin has spearheaded the implementation of the ALICE program at Domino's with a uniquely developed training model that increased training engagement among Team Members all across North America.

Domino's is committed to offering best-in-class training to its Team Members and ensuring they are all well-equipped with the knowledge of proper response strategies for violent incidents.

(pictured left to right) Jean-Paul Guilbault, CEO of ALICE Training Institute, and Kevin Kent, Team Leader - Safety, Security & Loss Prevention, Domino's

Thank you to Van Carney, Director, Loss Prevention, Safety & Security, Domino's, for this submission.
 

Proud Sponsor of the 2019 GLPS Pizza Parties
Thanks, Domino's LP Team & Van Carney!

In Today's OpEd - FaceFirst CEO, Peter Trepp Responds
to Clearview AI Controversy

About a week ago, the New York Times published an article about a largely unknown facial recognition company called Clearview AI entitled, "The Secretive Company That Might End Privacy as We Know It". Articles about facial recognition, good or bad, usually attract the attention of readers but this one will get heightened attention and here's why:

Clearview is one of many companies that have scraped social media websites to build a large database of faces that it uses to search with a probe image. For law enforcement, for example, this means that an image of a suspect (the probe image) can be compared to Clearview's database of 3 billion (claimed) images in order to find a possible match and then link it back to the source of the database image (e.g. from Twitter or Facebook). How did they get 3 billion images from social media? Hint: It wasn't by asking for permission from either the platforms or their users.

Read the full op-ed


'The New Rules of Consumer Privacy'
by FaceFirst CEO Peter Trepp

In The New Rules of Consumer Privacy: Building Loyalty with Connected Consumers in the Age of Face Recognition and AI, FaceFirst CEO and author Peter Trepp has devised a set of rules that will help companies uphold consumers' privacy without sacrificing their security and convenience. By following these rules, brands can create a win-win scenario that will maximize revenue, reduce crime, provide consumers with the best experience possible and ensure that consumers' privacy is reasonably protected. Learn more about the book in today's Vendor Spotlight below. Or order it here!



Clearview AI's Scraping Images at the Top of the News
'Facial recognition datasets & controversies drive biometrics news last week'

Clearview AI Worsening Public Anxiety About Biometrics & Data Privacy

Facial recognition and controversy around the technology were the theme common to most of the past week's top stories on Biometric Update. After a few weeks of relative calm for facial biometrics, the biggest stories about court cases, regulation, and market growth were all focused on the same modality; and then there was Clearview AI.

Mastercard's certification of fingerprint payment card technology remains our top story for the second week in a row, emphasizing the importance of payment card certification to the biometrics industry.

Lawsuits related to facial recognition and the Biometric Information Privacy Act (BIPA) of Illinois generated a pair of the top stories of the week on Biometric Update, but each with a twist on the all-to-common stories of arguments about standing and breaches of informed consent rules. Clearview AI has managed to somehow further worsen public anxiety about biometrics and data privacy, and along with IBM has been slapped with a BIPA suit over image acquisition practices. Both companies scraped images from social media to train facial recognition, but IBM did so to address the demographic disparities found in most facial biometric algorithms, while Clearview seems not to have had such a laudable intention.

The reaction of New Jersey's Attorney General to the evolving Clearview scandal was also among the two widely-read stories of the week, as they barred law enforcement agencies in the state from working with the company. biometricupdate.com

The Secretive Company That Might End Privacy as We Know It
A little-known start-up helps law enforcement match photos of unknown people to their online images - and "might lead to a dystopian future or something," a backer says.

Clearview AI, devised a groundbreaking facial recognition app. You take a picture of a person, upload it and get to see public photos of that person, along with links to where those photos appeared. The system - whose backbone is a database of more than three billion images that Clearview claims to have scraped from Facebook, YouTube, Venmo and millions of other websites - goes far beyond anything ever constructed by the United States government or Silicon Valley giants.

Federal and state law enforcement officers said that while they had only limited knowledge of how Clearview works and who is behind it, they had used its app to help solve shoplifting, identity theft, credit card fraud, murder and child sexual exploitation cases.

Without public scrutiny, more than 600 law enforcement agencies have started using Clearview in the past year, according to the company, which declined to provide a list. The computer code underlying its app, analyzed by The New York Times, includes programming language to pair it with augmented-reality glasses; users would potentially be able to identify every person they saw. The tool could identify activists at a protest or an attractive stranger on the subway, revealing not just their names but where they lived, what they did and whom they knew.

And it's not just law enforcement: Clearview has also licensed the app to at least a handful of companies for security purposes. nytimes.com

New Jersey Bars Police From Using Clearview Facial Recognition App
Reporting about the powerful tool with a database of three billion photos "troubled" the state's attorney general, who asked for an inquiry into its use. Gurbir S. Grewal, New Jersey's attorney general, told state prosecutors in all 21 counties on Friday that police officers should stop using the Clearview AI app.

New Jersey police officers are now barred from using a facial recognition app made by a start-up that has licensed its groundbreaking technology to hundreds of law enforcement agencies around the country.

The New York Times reported last week that Clearview had amassed a database of more than three billion photos across the web - including sites like Facebook, YouTube, Twitter and Venmo. The vast database powers an app that can match people to their online photos and link back to the sites the images came from. "Until this week, I had not heard of Clearview AI," Mr. Grewal said in an interview. "I was troubled.

In a promotional video posted to its website this week, Clearview included images of Mr. Grewal because the company said its app had played a role last year in Operation Open Door, a New Jersey police sting that led to the arrest of 19 people accused of being child predators.

"I was surprised they used my image and the office to promote the product online," said Mr. Grewal, who confirmed that Clearview's app had been used to identify one of the people in the sting. "I was troubled they were sharing information about ongoing criminal prosecutions."

Mr. Grewal's office sent Clearview a cease-and-desist letter that asked the company to stop using the office and its investigations to promote its products. nytimes.com


EU drops idea of facial recognition ban in public areas: paper

Moscow Launches World's Largest Live Facial Biometrics Surveillance Network


Read more on today's 2nd page here.
 

Coronavirus Update

New York Health Officials: 'Don't Be Overly Concerned'
Public health officials note that the ordinary flu has proved to be far more dangerous so far. Across the country, the C.D.C. says 68 children have died of the flu this year, and the agency estimates 10,000 adults have died. The coronavirus has not yet caused a single death in the United States, officials said.

Of course, that could change if the coronavirus begins spreading here. nytimes.com

Beijing Sees 'Major Test' as Doors to China Close & Coronavirus
Deaths Surpass SARS

Growing By 2,000 Cases a Day - 425 Deaths to Date

The number of dead is likely to grow as the tally of confirmed infections surges by more than 2,000 every day. "There's no sign that it's getting better," said a health expert.

The growing global move to effectively cut off China's 1.4 billion people came as government officials reported the new coronavirus strain had killed more in mainland China, 425 as of Tuesday morning, than the SARS outbreak in 2002 and 2003, confirming it as one of the deadliest epidemics in recent Chinese history.

Many leading infectious disease experts say the outbreak is likely to become a pandemic, defined as an ongoing epidemic on two or more continents, and that stringent anti-contagion restrictions may have come too late.

With the C.D.C. already running through its allocations for emergency response funds, the Department of Health and Human Services informed Congress that it may transfer up to $136 million to help combat the spread of coronavirus.

Some deaths still go unreported, and many residents in Wuhan say they believe the true number of deaths across China may be higher than the official tally. nytimes.com
 

Bankrupt Bumble Bee sold for $928M - After Pleading Guilty to
Massive Price Fixing Fraud

Fines & Penalties Drove them to Bankruptcy & Then the Sale

The DOJ wanted StarKist to pay $100m, which StarKist claimed could "bankrupt" it or limit the company's ability to pay the $518m in claims from the distributors, retailers and other customers that sued it claiming damage from the price-fixing.

StarKist's plea signals the beginning of the end of criminal proceedings that have dogged the "big three" US canners since allegations first emerged in 2015 that the firms conspired to fix prices at an artificially high level.

Bumble Bee pleaded guilty to criminal price-fixing charges last year and agreed to pay a $25m fine to the Department of Justice (DOJ). Bumble Bee could have faced a $136m penalty if its ability to pay wasn't taken into account, DOJ officials wrote in a sentencing memorandum. Bumble Bee's fine could rise to a maximum of $81m in the event of a sale of the company. undercurrentnews.com  fooddive.com

Global Enterprises and Merchants Unprepared as Fraudsters Focus on Rewards Programs
Forter, the leader in e-commerce fraud prevention, today announced availability of the Forter Loyalty Program Protection solution to protect high value rewards programs from fraud and abuse, enabling merchants to offer enhanced programs with the best possible customer experience.

Loyalty program fraud rose 89% year on year, predominantly driven by the amount of personally identifiable information (PII) available from increasing numbers of data breaches. With direct and indirect losses from loyalty and reward points fraud estimated at $1 billion every year, enterprises are struggling to limit damage as fraud attacks shift from the point of transaction to different elements of the buyer's journey, including new account signup, login, and promotion and coupon use. businesswire.com

FAA Moves Toward Certifying Specific Drones for Package Deliveries
Agency's plan boosts efforts by Amazon and others to accelerate delivery to consumers by air

U.S. aviation regulators plan to craft new safety standards for specific unmanned-aircraft models, the biggest step yet toward eventually authorizing widespread delivery of packages by drones.

The Federal Aviation Administration's proposal, disclosed on Monday in a Federal Register filing amounts to a major policy and regulatory win for Amazon and other companies wanting small-package delivery fleets. It for the first time formally laid out a policy intended to vet the design and reliability of drones.

Routine drone deliveries to U.S. consumers are still years away, and the FAA didn't spell out a timeline. The agency needs to complete rules for remote identification of more than 400,000 drones registered for commercial operations. wsj.com

L Brands Pulls Victoria's Secret Models Underwear Photos From Investor Website After NY Times Articles

'L Brands Distancing Itself From Victoria's Secret'

L Brands has since quietly changed the imagery on its investor website from a picture of Victoria's Secret models in their underwear to a photo of some candles and hand soap from Bath and Body Works. It's yet another sign that L Brands wants to distance itself from Victoria's Secret, which is increasingly being seen as a toxic asset.

In the Times article, we get a glimpse at the inner workings of the company. The story centers on Ed Razek, a top executive at L Brands, who was perceived to be Wexner's proxy. Razek allegedly used this power to get his way. According to the report, models alleged that he tried to kiss them, asked them to sit on his lap, and touched their bodies inappropriately before shows. Others said that when they rebuffed his sexual overtures, they were cut off from Victoria's Secret and no longer invited to be part of photo shoots and events. (Razek denied any wrongdoing.) fastcompany.com

Sephora To Open 100 Stores - Focus on Outside of Malls
   - Owned by LVMH- The Counterfeit Fighting CEO

Staples Connect Opening 6 New Concept Stores in Boston
   - Check the website out

Dollar General Creating 8,000 New Jobs in 2020

Rite Aid Appoints Andre Persaud As Executive Vice President, Retail


Quarterly Results
Regis Salons Q2 company salons comp's down 3.6%, franchise comp's down 1.4%, total comp's down 2.3%, total revenue down 24% (due to transition to franchise model)

FCC: Wireless Carriers Violated Law by Sharing Location Data

Selling Real-Time Location Data to Security Company

A Federal Communications Commission investigation found that one or more U.S. wireless carriers violated federal law by selling consumer location data to third parties, according to a letter FCC Chairman Ajit Pai sent to congressional lawmakers.

In his letter sent Friday, Pai did not name the companies that violated federal law, and he did not specify which statute may have been broken when the carriers sold real-time location data.

The findings described in the letter came from an investigation the FCC launched after the New York Times in 2018 reported about how the biggest wireless carriers, including AT&T, Verizon and T-Mobile, were giving real-time location data to third-party companies.

Service Meant to Monitor Inmates' Calls Could Track You, Too, ny times article. Thousands of jails and prisons across the United States use a company called Securus Technologies to provide and monitor calls to inmates. But the former sheriff of Mississippi County, Mo., used a lesser-known Securus service to track people's cellphones, including those of other officers, without court orders, according to charges filed against him in state and federal court.

Following these stories, Democratic members of the House Energy and Commerce Committee wrote to Pai to demand more details on FCC investigations into these practices as well as the agency's efforts to enforce the Communications Act (see: Democrats Pose Phone Data Privacy Questions to FCC). databreachtoday.com

Attackers Actively Targeting Flaw in Door-Access Controllers

Nortek's Linear eMerge E3 Series Under Attack

There's been a sharp increase in scans for vulnerable Nortek Linear Emerge E3 systems, SonicWall says.

Attackers are actively trying to exploit a critical, previously disclosed command injection flaw in a door access-controller system from Nortek Security and Control LLC to use the device to launch distributed denial-of-service attacks (DDoS).

SonicWall, which reported on the threat Saturday, said its researchers have observed attackers scanning the entire IPv4 address range space for the vulnerable systems in recent days. According to the security vendor, its firewalls have been blocking literally tens of thousands of hits daily from some 100 IP addresses around the world that are doing the scanning.

The command injection vulnerability [CVE-2019-7256] exists in products from Nortek's Linear eMerge E3 Series access-controller family running older versions of a particular firmware. The access controllers allow organizations to specify the doors that personnel and others can use to enter and exit designated areas within a building or facility, based on their access rights.

Organizations in multiple industries currently use Nortek's access controllers, including commercial, industrial, banking, medical, and the retail sector.

According to a description of the flaw on CVE Details, the flaw enables complete information disclosure, complete compromise of system integrity, and complete compromise of system availability. darkreading.com

NCCoE Seeks Collaborators for New Data Confidentiality Projects

Cybersecurity Vendor Engagement Opportunity - Making an Industry Impact

The National Institute of Standards and Technology's (NIST's) National Cybersecurity Center of Excellence (NCCoE) issued a Federal Register Notice today inviting cybersecurity vendors and other interested collaborators to participate in the latest NCCoE Data Security projects:

• Data Confidentiality: Identifying and Protecting Assets and Data Against Data Breaches (DCIP)
• Data Confidentiality: Detect, Respond to, and Recover from Data Breaches (DCDRR)

Data breaches can have far-reaching operational, financial, and reputational impacts. These NCCoE projects will provide practical solutions to identify and protect the confidentiality of an enterprise's data, as well as detect, respond to, and recover from incidents that affect data confidentiality.

Potential collaborators may participate in one or both projects by sending an email to ds-nccoe@nist.gov to request a Letter of Interest for a specific project or both projects. Refer to website for more details: govdelivery.com


Talk about an insider threat
Ex-CIA Engineer Set to Go on Trial for Massive Leak

Joshua Schulte allegedly gave WikiLeaks a trove of documents revealing secret hacking programs

In 2017, WikiLeaks released more than 8,000 pages of secret materials-which the antisecrecy organization called "Vault 7"-detailing the CIA's cyberespionage arsenal, including the agency's playbook for hacking smartphones, computer operating systems, messaging applications and internet-connected televisions. It was one of the largest breaches in the agency's history.

Federal prosecutors say the defendant, Joshua Schulte, stole the documents when he worked in a CIA unit that designed the hacking tools.

Mr. Schulte, 31 years old, faces 11 criminal counts, including illegal gathering and transmission of national defense information-charges that derive from the Espionage Act, a statute that has been applied in other WikiLeaks cases. wsj.com

Top Applications Businesses are Using

Coronavirus Phishing Attack Infects US, UK Inboxes