Category: #Ethics
Idaho law limits use of digital ID, bans compelled adoption
Idaho Governor Brad Little has signed into law Senate Bill 1299, which limits how public entities can use digital identification while stopping short of some of the stronger remedies included in the bill’s original version.
The result is a law that still places meaningful limits on mandatory digital ID and related device access, but with enforcement mechanisms that are more restrained than what lawmakers first proposed. The act takes effect July 1.
The new law adds a new section to Idaho code defining digital identification as an electronic credential issued by a public entity and stored or displayed on a personal electronic device to establish a person’s identity, age, or legal status.
It defines “public entity” broadly to include the state, agencies, political subdivisions, and contractors acting on the state’s behalf.
At the heart of the measure is a ban on compelled use. Public entities may not require anyone to obtain, maintain, present, or use digital identification, and they may not deny, delay, condition or reduce any service, benefit, license, employment, education, or access because a person refuses or is unable to use it.
The law also states that physical, non-digital identification authorized under Idaho law remains valid for all governmental purposes.
The statute also includes device privacy protections. A public entity may not require a person to surrender, unlock, or relinquish control of a personal electronic device for identity verification, and presenting digital identification does not constitute consent to search or access any other contents of the device.
It further limits digital identification to immediate identity verification and bars public entities from tracking individuals, retaining identity data beyond a transaction, or using digital identification as a universal or shared credential across agencies.
But the final law is narrower on remedies than the introduced bill. The original version said information incidentally observed on a device could not be used to establish probable cause or justification for further search or seizure, and it allowed statutory damages of $500 to $2,500 per violation along with civil penalties of up to $5,000 for knowing violations after notice and an opportunity to cure.
A Senate amendment stripped those provisions out. In their place, the final law gives the Idaho attorney general authority to enforce the statute after written notice and a 15-day cure period.
If a violation is not cured, the attorney general may seek injunctive relief in district court.
Aggrieved individuals may still bring actions for declaratory or injunctive relief, and prevailing plaintiffs may recover attorney’s fees and costs, but the specific statutory damages and civil penalty provisions from the introduced bill are gone.
The amendment also says no public employee is personally liable for actions taken within the scope of employment.
Behind the veil: When are we entitled to unmask the anonymous?
Anonymity can help people speak truth to power or remain safely out of the limelight. But it can also be used to avoid accountability.
The post Behind the veil: When are we entitled to unmask the anonymous? appeared first on THE ETHICS CENTRE.
Kazakhstan adopts palm‑vein biometrics for banking in national deployment
Palm biometrics is getting a big boost in Central Asia as one of the world’s largest countries sees major implementation of one of the most secure biometric modalities.
Kazakhstan’s National Bank and the Agency for Regulation and Development of the Financial Market (ARDFM) have approved new rules governing how financial institutions must verify customers using state‑held biometric data.
The framework formalizes biometric login and identity checks across banking apps, remote onboarding and high‑risk financial transactions, and introduces palm‑vein authentication as a regulated modality alongside facial recognition.
The new system has banks authenticating users by comparing live biometric samples against reference templates stored in the National Bank’s Identification Data Exchange Center, according to El.kz.
Customer biometrics will be collected through secure video channels or certified biometric scanning devices and transmitted to the unified state system for verification, with a match threshold of 95 percent required for successful authentication.
All attempts will be logged and retained for at least five years, both by the state system and by financial institutions after a customer relationship ends.
Palm‑print and palm‑vein authentication are being added for the first time, enabling banks to verify users based on the vascular patterns and surface lines of the hand. The rules prohibit the use of a customer’s smartphone for palm‑based verification, requiring specialized hardware or secure terminals instead.
Users will have three attempts to authenticate, according to reporting by The Caspian Post. If palm verification fails, banks must fall back to face biometrics. The regulations also include alternative pathways for people with disabilities, such as video‑based identification or specialized assistive technologies.
Biometric verification will now be mandatory for remote account opening along with initial registration in digital banking services, and for issuing electronic digital signatures. The same applies for updating customer data, granting loans above a regulatory threshold and certain in‑branch or microfinance transactions.
Microfinance organizations will also be permitted to use biometrics for higher‑value microloans. The move follows earlier restrictions introduced in March that banned online loan issuance without biometric verification.
Alongside the regulatory rollout, palm‑vein payment systems are gaining traction in Kazakhstan’s retail and service sectors. These systems link a user’s biometric signature directly to a bank account, enabling payments without cards, phones or cash.
Kazakhstan’s adoption of multimodal, state-anchored biometrics places it among a growing group of countries using centralized identity databases to secure financial services, with palm‑vein technology now joining face recognition as a regulated authentication method.
Kazakhstani startup Biometric.Vision struck a deal to supply biometric ID services including liveness detention for customers of the National Bank of Kazakhstan in 2024. The company was one of several, along with Alaqan and Oqylyq.kz.
Kazakhstan-based startup Alaqan demonstrated a palm vein biometrics scanner which uses infrared sensors in 2024. Alaqan developed products for payments that were deployed to coffee shops and schools. More than 140 schools across Kazakhstan were using the system for meal tracking and other applications, and the company planned to roll out its technology in Georgia and Türkiye.
Palm-based biometrics is gaining ground in healthcare, payments and blockchain, and even getting standardized for automated forensics. A palm biometric identity verification system has received venture funding to tackle the threat of deepfakes and AI-generated identities.
According to recent research from Handwave, U.S. consumers are increasingly open to palm biometrics. Handwave CEO Janis Stirna talked through the possibilities of the palm on the Biometric Update Podcast, going through plans to leave a bigger handprint on the U.S. market.
The Crypto Bros Want to Get Their Hands on Anthropic’s ‘Super Dangerous’ Model
Before it cracks cryptography entirely.
Philippines launches broad crackdown on deepfakes as AI drives identity fraud surge
In the war against fakery, the Philippines is on the frontline as it launched a coordinated, whole‑of‑government campaign against disinformation, deepfakes and digitally manipulated media.
The government has signed a memorandum of agreement (MOA) that formalizes joint action by the Department of Justice (DOJ), the Presidential Communications Office (PCO) and the Department of Information and Communications Technology (DICT).
The government is launching the initiative in response to a sharp rise in global threat levels. iProov processed more than one million daily authentication checks in 2025 as enterprises confront synthetic identity attacks driven by generative AI, and is deployed in the Philippines and Vietnam.
The company cited Gartner research showing that 62 percent of organizations experienced a deepfake attack in the past year, underscoring how identity manipulation has become a primary entry point for cybercriminals.
iProov’s threat intelligence unit recorded a 2,665‑percent surge in native virtual‑camera attacks and a 300 percent rise in face‑swap attempts last year. Separate research found that only 0.1 percent of consumers could reliably detect deepfakes, reinforcing concerns that the public is increasingly vulnerable to AI‑generated deception.
DOJ Secretary Frederick Vida, PCO Secretary Dave Gomez and DICT Secretary Henry Aguda signed the MOA at the DOJ headquarters in Manila, establishing an inter‑agency framework intended to protect public safety and national security from malicious information operations.
The PCO will lead public information efforts, the DOJ will oversee legal enforcement, and the DICT will provide technological support, cybersecurity capabilities and monitoring systems.
Vida described the MOA as a “pivotal step” in defending the country from digitally mediated falsehoods, warning that deepfakes and coordinated disinformation campaigns can erode trust, sow division and trigger confusion during critical events. He stressed that the government will distinguish between criminal disinformation and constitutionally protected speech.
Aguda said the DICT will focus on cybersecurity, digital infrastructure and coordination with technology platforms, including tools that allow citizens to report false content. “This is no longer just a rumor. Now, lies can look real,” he said, referring to the rapid spread of deepfakes.
AI and deepfakes are warping public safety in Southeast Asia
For the Philippine government, the new MOA signals a recognition that combating disinformation now requires legal, technological and communications strategies working in tandem — and that the threat landscape is being reshaped by AI at unprecedented speed.
Dominic Forrest, iProov’s CTO, spoke on the urgency in an interview with Cybersecurity Asia. “AI‑driven deepfakes and synthetic identities are no longer theoretical risks,” he told the publication. “They are being actively weaponised to move money and take over accounts.”
He noted that the problem is especially pronounced in Southeast Asia, where explosive digital growth is outpacing regulatory maturity. With millions of new users enrolling in mobile banking, e‑government services and online marketplaces each month, the region has become a prime target for fraudsters leveraging synthetic media and AI‑powered identity attacks.
iProov’s Security Operations Center (iSOC) observed live operations of Grey Nickel, a group that systematically targeted organizations in the Asia-Pacific region. The fraudsters employed advanced face-swap technology, metadata manipulation and injection techniques aimed at bypassing single-frame liveness-based verification systems used by banks and payment platforms.
Forrest says regulators and financial institutions in Asia need to move away from traditional active liveness checks, which generative AI can now mimic with convincing ease. These methods are also powerless against injection attacks, where fraudsters bypass the camera entirely. He argues that passive liveness — such as iProov’s Dynamic Liveness technology — offers a more resilient alternative.
iProov’s technology has gained traction across government and finance including deployments with UnionDigital Bank in the Philippines, Vietnam’s MoMo platform and Raiffeisen Bank in Czechia.
Privacy advocates want Google to stop handing consumer data over to ICE
The Electronic Frontier Foundation (EFF) is asking the attorneys general of California and New York to investigate Google for deceptive trade practices, saying the tech giant fails to notify users before handing over their data to law enforcement agencies like ICE. “For nearly a decade, Google has promised billions of users that it will notify […]
