New York City Council
Committee on Technology
Jun 10, 2024
·
10:00 AM
3 hr 44 min
Summary
A hearing on cybersecurity and regulation of biometric identification technologies like facial recognition in New York City. Discussions focused on evaluating the city's cybersecurity measures, proposed legislation banning use of facial recognition by businesses (Intro 217) and residential buildings (Intro 425), and restricting sale of geolocation data (Intro 539). Council members expressed disappointment over lack of transparency from the administration on agencies using these technologies and its stance on regulating private sector use. Privacy advocates argued the technologies are biased, invasive and threaten civil liberties, while business groups stated facial recognition enhances security and is highly accurate across demographics. Issues around public notification, opt-out mechanisms, data retention policies and enforcement measures were debated. Concerns were raised about cybersecurity resources for underserved community organizations. Features testimony from the NYC Office of Technology and Innovation, privacy advocacy groups, business associations, and the public.
Meeting chapters
Read summaries and watch videos for short segments that matter to you.
Council Member Jennifer Gutiérrez opens oversight hearing on cybersecurity of New York City agencies
Council Member Jennifer Gutiérrez opens an oversight hearing to evaluate New York City's cybersecurity landscape and protective measures. - She highlights the importance of cybersecurity in safeguarding city infrastructure and …
0:00:33
·
3 min
Council Member Shahana K. Hanif opens NYC City Council hearing on prohibiting businesses from using biometric surveillance technology
Council Member Shahana K. Hanif explains the urgency of passing legislation to prohibit businesses from using facial recognition and biometric surveillance technology in New York City. - She cites a …
0:04:36
·
4 min
Council Member Jennifer Gutiérrez read Council Member Carlina Rivera's statement regarding her bill of residential biomentrics
Council Member Jennifer Gutiérrez reads an opening statement on behalf of Council Member Carlina Rivera regarding legislation to regulate facial recognition technology and biometric identifier systems in residential buildings. - …
0:09:23
·
90 sec
Kelly Moan, Chief Information Security Officer and Head of New York City Cyber Command, on Cybersecurity Initiatives and Legislation in New York City
Kelly Moan provides an overview of the efforts by New York City Cyber Command to strengthen cybersecurity defenses and resilience across the city's agencies and infrastructure. - Moan details the …
0:11:41
·
8 min
What personnel and roles are in place for cybersecurity at each city agency?
Each city agency has security professionals and a cyber command liaison established under executive order 10. - These security and IT teams work collaboratively to roll out enhancements to the …
0:19:58
·
63 sec
What are the sizes of cybersecurity teams in larger New York City agencies like the Police Department (PD) and the Department of Education (DOE)?
The council member asks if larger agencies like the Police Department (PD) and the Department of Education (DOE) have cybersecurity teams or personnel proportionate to the size of those agencies. …
0:21:01
·
24 sec
What is the frequency of communication between agency teams or individuals and the Office of Technology and Innovation (OTI)?
The council member is informed that the OTI has regular communication with agency teams and individuals through a cybersecurity engagement program. - The program involves iterative cybersecurity roadmapping with agencies …
0:21:26
·
32 sec
What is the frequency of conversations with agencies that have experienced cyber breaches or incidents, particularly New York City Public Schools?
Council Member Jennifer Gutiérrez asks if conversations occur more frequently with agencies that have experienced cyber breaches or incidents in the past, specifically New York City Public Schools. Kelly Moan, …
0:21:58
·
41 sec
Does NYC Health and Hospitals have its own cybersecurity program and protocol, and how does it coordinate with the Office of Technology and Innovation?
The council member inquires about the cybersecurity oversight and protocols for NYC Health and Hospitals, which is not a direct city agency. The Chief Information Security Officer explains: - NYC …
0:22:39
·
90 sec
What are some examples of agencies similar to Health and Hospitals that the Office of Technology and Innovation coordinates with regarding cybersecurity?
The council member asks about examples of agencies, similar to Health and Hospitals, that the Office of Technology and Innovation coordinates with regarding cybersecurity. - The Chief Information Security Officer …
0:24:09
·
35 sec
What is the staffing situation at New York City Cyber Command?
Kelly Moan, the Chief Information Security Officer and Head of New York City Cyber Command, explains the current staffing situation at her unit. - The unit currently has over one …
0:24:45
·
39 sec
What challenges does New York City face in recruiting cybersecurity professionals?
Moan acknowledges the global shortage of cybersecurity professionals, with a gap of around 450,000 open positions in the United States. - The New York City government offers a unique value …
0:25:24
·
132 sec
What is the typical time it takes to hire new employees in NYC Cyber Command?
The process of hiring new employees can vary depending on the role and recruitment cycle. - The council member asks how long the hiring process typically takes from application to …
0:27:36
·
43 sec
What additional resources will be needed to mitigate evolving cybersecurity threats?
Kelly Moan acknowledges that evolving cybersecurity threats necessitate continual adaptation and resource allocation. - The cybersecurity realm requires ongoing monitoring of the threat landscape. - New tools and fine-tuning may …
0:28:20
·
102 sec
What grant funding is New York City utilizing for cybersecurity resources?
New York City is taking advantage of federal grant funding to expand its cybersecurity operations and access state-of-the-art resources. - The city has applied for a $1 billion federal grant …
0:30:02
·
57 sec
How does the NYC Cyber Command office receive and handle cybersecurity tips or reports from the public?
The NYC Cyber Command office receives tips or reports about cybersecurity issues from the public through various channels, including referrals from city agencies, elected officials' offices, and the NYC.gov website. …
0:31:01
·
53 sec
Is there an option to connect directly with the Office of Technology and Innovation (OTI) about a tip when calling 311?
No, there is not an option to connect directly with OTI about a tip when calling 311.
0:31:55
·
16 sec
What is the process for responding to cybersecurity tips or incidents involving NYC assets or data?
The Chief Information Security Officer explains the process for responding to cybersecurity tips or incidents involving NYC assets or data. - If a tip or incident involves NYC assets, data, …
0:32:10
·
35 sec
What is the turnaround time for responding to messages sent to agency websites and how does New York City Cyber Command communicate with agencies during cybersecurity incidents?
The Chief Information Security Officer states that New York City Cyber Command primarily focuses on analyzing and investigating cybersecurity incidents impacting city agencies, employees, assets and data. - New York …
0:32:46
·
37 sec
How can the public report potential security breaches or vulnerabilities involving their personal data?
The public has multiple avenues to notify authorities if they suspect a breach of their personal information, separate from NYC Cyber Command's role. - The public can report potential breaches …
0:33:23
·
79 sec
What is the extent to which agencies can share data and how is the data shared?
Kelly Moan explains that the ability for agencies to share data depends on the specific use case. - Data sharing may involve existing mechanisms like file transfer sites with security …
0:34:50
·
74 sec
Do the data agreements with vendors require encryption while data is being transferred?
The chief information security officer explains that the city has encryption requirements for data both in internal policies and in contractual agreements with vendors. - The city has an attachment …
0:36:04
·
91 sec
Is personal client information being shared between city and state agencies without notification?
The council member asks if personal data of clients is shared between city and state agencies, and whether clients are notified of this sharing. - The chief information security officer …
0:37:39
·
70 sec
Is there data sharing of personal information between city and state agencies?
The Chief Information Security Officer and Head of New York City Cyber Command states that she cannot speak to whether there is data sharing of personal information between city and …
0:38:49
·
7 sec
What agencies currently utilize facial recognition technologies?
Council Member Jennifer Gutiérrez inquires about which agencies use facial recognition technologies. - Kelly Moan, Chief Information Security Officer at the NYC Office of Technology and Innovation, does not have …
0:39:04
·
18 sec
What are the processes and policies for agencies using facial recognition technology?
The Chief Information Security Officer explains that there are processes in place for security review of technology systems. - If an agency wants to use a provider leveraging facial recognition, …
0:39:22
·
63 sec
What are the plans for the MyCity app to utilize biometric technology?
Kelly Moan, the Chief Information Security Officer and Head of New York City Cyber Command, states that she is not aware of any plans for the MyCity app to utilize …
0:40:26
·
16 sec
What is the reason OTI does not have jurisdiction over Intro 217 regarding biometric identifying information?
The Office of Technology and Innovation (OTI) does not have jurisdiction over Intro 217 because the legislation concerns biometric identifying information that does not apply to government agencies. - Intro …
0:40:56
·
51 sec
What is the jurisdiction of the New York City Office of Technology and Innovation (OTI)?
The OTI supports government operations. - Its jurisdiction is over government agencies - It does not have jurisdiction over the protections this bill is looking to have - The OTI …
0:41:47
·
19 sec
Council Member Shahana K. Hanif remarks on the hearing of the bill
Council Member Hanif expresses disappointment that the administration did not send relevant agencies to testify on Introduction 217, a bill related to privacy and surveillance technology. - She notes this …
0:42:12
·
96 sec
Council Member Robert Holden remarks on the bill and the administration's response to it
Council Member Holden expresses disappointment that the administration does not have an opinion on bills that would regulate businesses' use of facial recognition technology. - He argues that facial recognition …
0:44:01
·
44 sec
What are the current uses of biometric identification tools for enhancing public safety in New York City?
Council Member Robert Holden inquires about how biometric identification tools like facial recognition are currently utilized to improve public safety in New York City. Kelly Moan from the NYC Office …
0:44:46
·
79 sec
How accurate and regulated is facial recognition technology within New York City agencies?
The council member inquires about the accuracy of facial recognition technology and its use within New York City agencies. The Office of Technology and Innovation representatives explain their limited regulatory …
0:46:08
·
168 sec
Council Member Shahana K. Hanif remarks on the hearing
Council Member Hanif agrees with Council Member Holden and remarks that the hearing has been egregious and very disappointing.
0:49:04
·
11 sec
What is OTI's stance on the use of facial recognition technology by city agencies?
The council member inquires about OTI's position on facial recognition technology being utilized by city agencies. The OTI representative discusses the need to balance privacy and security considerations with emerging …
0:49:16
·
105 sec
Council Member Shahana K. Hanif expresses continued disappointment
The council member expresses disappointment that the administration did not provide substantive details on their utilization of emerging technologies like AI and biometrics. - The council member states it is …
0:51:05
·
48 sec
What guidelines or policies exist for artificial intelligence (AI) and biometrics?
The Office of Technology and Innovation has AI guidelines on its website. It also has a unit that deals specifically with creating guidelines and a space for AI. - There …
0:51:54
·
29 sec
What is the NYPD's pilot program with Fusus Axon that allows businesses to share security camera footage?
The council member inquires about the details of a pilot program announced by Mayor Adams where the NYPD collaborates with Fusus Axon to allow businesses to feed security camera footage …
0:52:23
·
24 sec
What agency would oversee the regulation of biometric identifying information in government agencies if not the Office of Technology and Innovation (OTI)?
Council Member Jennifer Gutiérrez asks if Bill Intro 217, which relates to the use of biometric identifying information within government agencies, would fall under the purview of an agency other …
0:52:59
·
56 sec
What is the process for New Yorkers to report discriminatory or biased incidents involving biometric technology?
The council member asks which city agency New Yorkers should report to if they experience discriminatory or biased treatment due to biometric technology. The city official responds that the appropriate …
0:54:06
·
75 sec
What is the balance between privacy and public safety regarding emerging technologies?
Kelly Moan explains that there should be a balance between privacy and public safety given the benefits and potential issues that emerging emergency technologies provide. - Emerging technologies continue to …
0:55:21
·
27 sec
What city agency would handle incidents involving alleged wrongful use of biometric technology by businesses like supermarkets?
The chief information security officer is unable to provide the specific agency name, but states they will consult with partners across city agencies to find a solution. - Council member …
0:55:49
·
49 sec
Council Member Shahana K. Hanif expresses the importance of knowing what city agency to report abuse of facial recognition to
Council Member Hanif expresses concern about the city's lack of response to potential abuse of facial recognition technology by private businesses like Rite Aid. - She asks which city agency …
0:56:38
·
86 sec
Council Member Vickie Paladino expresses support for facial recognition technology
Council Member Vickie Paladino expresses strong support for allowing the use of facial recognition technology in co-ops, government buildings, and by the police force. - She argues facial recognition is …
0:58:42
·
149 sec
What entities will bear the financial burden of adjusting current biometric identification (BID) technologies for businesses and landlords?
Council Member Vickie Paladino inquires about which parties will be responsible for covering the financial costs that businesses and landlords may incur to comply with legislation impacting their current biometric …
1:01:26
·
62 sec
What measures are in place to protect against cyberattacks on critical infrastructure?
Kelly Moan explains the multi-layered cybersecurity measures New York City has implemented to defend against threats to critical infrastructure like utilities and water systems. - The city has advanced capabilities …
1:02:28
·
4 min
What are OTI's current partnerships with businesses and entities that protect digital infrastructure?
The Office of Technology and Innovation (OTI) has partnerships spanning various sectors to protect digital infrastructure. - OTI partners with critical infrastructure providers like utilities, hospitals, and wastewater treatment facilities. …
1:07:34
·
53 sec
What partnerships does NYC Cyber Command have with businesses and other entities?
NYC Cyber Command has partnerships with entities across all sectors. - The Chief Information Security Officer does not want to name specific partners publicly - They take a 'whole of …
1:08:27
·
45 sec
What is the potential for partnerships between the city and businesses like Rite Aid regarding biometric data collection and protection?
Council Member Jennifer Gutiérrez asks Kelly Moan, Chief Information Security Officer and Head of New York City Cyber Command, if there is a pathway for partnerships with businesses like Rite …
1:09:12
·
69 sec
What has been the effectiveness of the New York City Cyber Critical Services And Infrastructure Project (CCSI) partnership and how is the Office of Technology and Innovation (OTI) involved?
Kelly Moan explains that the CCSI initiative demonstrates NYC's leadership in protecting critical infrastructure from cyber threats since 2017's inception of NYC Cyber Command. - The announced joint Security Operation …
1:10:22
·
93 sec
What are the details of New York City's first vulnerability disclosure program?
The council member is informed that New York City recently launched its first vulnerability disclosure program (VDP), allowing security researchers to identify and report vulnerabilities in the city's public-facing websites …
1:12:02
·
171 sec
How can security researchers submit vulnerabilities they discover?
The chief information security officer explains that security researchers can submit potential vulnerabilities through an online public-facing portal. - Researchers engage directly with the team through the portal to analyze …
1:14:53
·
44 sec
What are the ways individuals can access the online portal?
The council member asks if the online portal is accessible via an app or only on computers. The response indicates that it is an online portal with no app.
1:15:37
·
7 sec
What is the NYC Secure mobile app and is it still available?
The council member is informed that NYC Secure is a mobile app for New Yorkers to protect themselves against mobile threats. - It is still available for free download on …
1:15:44
·
36 sec
What is the status of the app being discussed?
The council member asks if a certain app is updated frequently, and the chief information security officer confirms that it is.
1:16:20
·
10 sec
What are the cybersecurity protocols and measures, and are they publicly available or kept confidential for security reasons?
Chief Information Security Officer Kelly Moan explains that specific incident response plans and procedures are not made publicly available in order to prevent potential threat actors from gaining insight into …
1:16:38
·
42 sec
How often are incident response plans reviewed, updated and discussed internally?
The Chief Information Security Officer explains that incident response plans are reviewed and updated at least annually as per citywide policy. - The plans can also be updated more frequently …
1:17:20
·
47 sec
How often are audits conducted to review cybersecurity compliance and posture of city agencies?
Kelly Moan explains that NYC Cyber Command routinely conducts audits and assessments to understand the cybersecurity landscape and maturity of city agencies. - Audits and assessments are used to identify …
1:18:08
·
114 sec
What mechanisms are in place to track legacy systems within city agency operations?
Kelly Moan explains that the Office of Technology and Innovation has visibility on legacy systems reaching end of life. - The office tracks the remediation and modernization journey for such …
1:20:12
·
61 sec
Does New York City have staff that conducts exercises to practice cyberattack response and recovery?
The Chief Information Security Officer and Head of New York City Cyber Command confirms that New York City does have staff that conducts exercises to practice cyberattack response and recovery.
1:21:16
·
13 sec
How does NYC Cyber Command ensure agencies comply with cybersecurity policies and protocols?
The council member asks how NYC Cyber Command ensures city agencies comply with established cybersecurity policies and protocols. - The chief information security officer explains there are escalation procedures and …
1:21:30
·
113 sec
How does the city respond to zero-day vulnerabilities and potential data breaches?
The city rapidly engages agency teams to assess potential exposure from critical zero-day vulnerabilities. - Fixes or compensating controls are implemented when available - Heightened monitoring is conducted to detect …
1:23:23
·
106 sec
What protocols are in place to ensure policy and protocol updates are relevant and audited?
The council member inquires about the process for updating policies and protocols to ensure relevancy and auditing. The chief information security officer explains that they follow industry best practices for …
1:25:13
·
107 sec
What is the frequency and process of application security audits conducted by NYC Cyber Command?
NYC Cyber Command routinely engages agency partners for periodic reviews of the city's applications to assess their security posture. - The office conducts heightened reviews when potential threats to systems …
1:27:05
·
151 sec
What are Kelly Moan's views on the use of facial recognition technology in the private and public sectors?
Moan does not directly address her stance on facial recognition technology. She discusses emerging technologies like artificial intelligence and Internet of Things (IoT) devices from a cybersecurity perspective. - Moan …
1:29:42
·
3 min
Has facial recognition technology been an issue in the speaker's professional career?
The speaker does not directly answer whether facial recognition technology has been an issue in their career. - The speaker states that New York City continues to be a leader …
1:32:49
·
44 sec
What are the views on legislating facial recognition technology? Should the government take an active or hands-off approach?
Kelly Moan, Chief Information Security Officer and Head of NYC Cyber Command, affirms a commitment to work together to find a balanced approach on facial recognition legislation. - She cannot …
1:33:37
·
36 sec
What role does Cyber Command play in negotiating technology contracts for New York City?
Cyber Command does not directly negotiate technology contracts for the city. - They provide support to agencies through advice and input related to security requirements - They offer guidance on …
1:34:20
·
50 sec
What is the process for the Office of Technology and Innovation (OTI) to review and support technology contracts and projects?
Council Member Jennifer Gutiérrez asks Kelly Moan, the Chief Information Security Officer and Head of New York City Cyber Command, to explain when agencies need to involve OTI in their …
1:35:10
·
47 sec
Does the Office of Technology and Innovation (OTI) review every single technology contract from city agencies?
Kelly Moan explains that OTI has significant engagement across city agencies in various forms. - OTI handles cybersecurity matters for agencies - OTI collaborates with agency teams on initiatives like …
1:35:58
·
57 sec
What is the role of the Office of Technology and Innovation (OTI) in the cloud review and procurement process for cloud-based services?
Kelly Moan explains that OTI's Cloud Review process is part of the broader OTI divisions and their technology strategy for New York City's digital ecosystem. - The Cloud Review provides …
1:36:55
·
68 sec
Which NYC agencies utilize cloud-based services?
The Chief Information Security Officer and Head of NYC Cyber Command states that most NYC agencies leverage cloud services, though they cannot provide specifics off the top of their head. …
1:38:06
·
55 sec
Does New York City have an insurance policy against cyberattacks?
The city maintains self-insurance against cyberattacks.
1:39:01
·
17 sec
What are the responsibilities in case of a cybersecurity incident resulting in a data breach involving the city or a vendor?
The city and vendors share responsibility for data breaches involving the city's data, depending on the circumstances. - If an agency is directly impacted by an incident not involving a …
1:39:19
·
105 sec
What is the nature of the agency's cooperation with NYPD and other entities regarding cybersecurity assessments and data protection?
The agency has a collaborative relationship with NYPD for cybersecurity threat intelligence sharing. - This collaboration extends beyond NYPD to include the federal sector and private entities. - The goal …
1:41:20
·
73 sec
What entities collaborate with New York City Cyber Command on cybersecurity matters, and who participates in this collaboration?
The Chief Information Security Officer explains that collaboration on cybersecurity typically occurs between security teams. - The collaboration is between New York City Cyber Command and other agencies or organizations. …
1:42:34
·
21 sec
What entity advises on the legality of the cybersecurity measures used by New York City?
The Chief Information Security Officer does not directly answer who advises on the legality of NYC's cybersecurity measures, but instead describes the city's cybersecurity strategy. - The strategy focuses on …
1:42:55
·
56 sec
What cybersecurity tools and practices are city agencies, including the NYPD, required to share with the New York City Cyber Command?
Kelly Moan explains that the New York City Cyber Command collaborates with city agencies on the cybersecurity tools they use. - The Cyber Command provides cybersecurity services and tools to …
1:43:51
·
88 sec
What is the process when a city agency wants to use a new tool or recommendation?
Kelly Moan explains the process when a city agency proposes using a new tool or recommendation. The agency engages in discussions with the Office of Technology and Innovation (OTI) from …
1:45:19
·
41 sec
What technology and cybersecurity capabilities does OTI collaborate with city agencies on?
The Office of Technology and Innovation (OTI) works with city agencies to determine cybersecurity tools and technology for their operations. - OTI collaborates with agencies to evaluate proposed cybersecurity tools …
1:46:00
·
59 sec
What are the cybersecurity measures used by New York City agencies?
The details of New York City's cybersecurity measures are largely not public information. - The city does not want to provide a roadmap of its protections to potential threat actors. …
1:46:59
·
49 sec
What steps is the NYPD taking to address deficiencies in its camera surveillance systems?
The council member asks about issues with the NYPD's ARGUS camera surveillance technology not being able to fully capture all areas due to obstructed views, blind spots, and poor image …
1:47:55
·
65 sec
What is the policy on vendor insurance coverage for victim notification in case of a data breach?
The council member asks about the Office of Technology and Innovation's policy for vendor insurance coverage for victim notification in the event of a data breach. - The Chief Information …
1:49:00
·
75 sec
What is the process for reviewing vendors' privacy and security audits before adopting their services in NYC public schools?
The council member asks if the agency reviewed the vendor's annual privacy and security audit before adopting its services in NYC public schools. The agency head explains that in the …
1:50:18
·
153 sec
How often are city-wide cybersecurity policies reviewed and updated by the Office of Technology and Innovation (OTI)?
The council member inquires about the frequency of reviews and updates to city-wide cybersecurity policies by OTI. The CISO from OTI explains that policies are updated periodically, citing the recent …
1:52:59
·
60 sec
Are updates to cybersecurity policies and standards publicly available?
The chief information security officer explains that many cybersecurity policies are available only internally, but a subset is made public. - Internal cybersecurity policies, standards, and guidance are not publicly …
1:54:00
·
30 sec
How can the public be assured that the Office of Technology and Innovation (OTI) is following local law 89 regarding cybersecurity policies?
The Chief Information Security Officer states that OTI routinely updates its cybersecurity policies and frameworks as required by law, but is open to discussing ways to provide more public awareness …
1:54:31
·
61 sec
What audits does the New York City Cyber Command conduct to assess agency cybersecurity readiness and responsiveness?
The New York City Cyber Command has various work streams to engage with city agencies on cybersecurity response, readiness, and assessments. They also sometimes cooperate with third-party audits taking place …
1:55:35
·
22 sec
What is the timeline and reason for the delay in notifying affected parties about the DOE and Move It data breaches?
The Chief Information Security Officer explains that after a vulnerability was exploited last summer, NYC partnered with DOE to mitigate the issue, but around 19,000 unique files were exposed by …
1:56:09
·
89 sec
What was the timeline for notifying the Office of Technology and Innovation (OTI) about the data breach vulnerability?
The Chief Information Security Officer explains that it took approximately 60-90 days from when the global community became aware of the vulnerability to when OTI received a full accounting of …
1:57:38
·
52 sec
How quickly did New York City Cyber Command respond to the unauthorized access of 19,000 files, and what processes were involved?
Kelly Moan explains that New York City Cyber Command worked quickly in responding to the unauthorized access of 19,000 files compared to other impacted entities. - The time from initial …
1:58:33
·
114 sec
What was the nature of the incident involving the New York City law department and how would it be classified?
The council member inquires about details and classification of an incident that occurred in 2020 involving the New York City law department. - The Chief Information Security Officer acknowledges the …
2:00:28
·
46 sec
What specific details can be shared about the compromise incident?
The Chief Information Security Officer cannot discuss specifics of the compromise incident in the public session. - She states she is unable to share details given the public nature of …
2:01:15
·
14 sec
What aspects of the Office of Technology and Innovation's (OTI) response to the cybersecurity incident involving the New York City Automated Personnel System (NYCAPS) Employee Self-Service (ESS) portal can be improved?
The council member inquires about potential areas for improvement in OTI's response to a cybersecurity incident involving unauthorized access to the NYCAPS ESS portal. - The Chief Information Security Officer …
2:01:35
·
5 min
How many city employees were impacted by the security incident?
A very small number of city employees were directly impacted by the incident in question. - Only a handful of employees disclosed their login information during the threat. - Kelly …
2:06:44
·
36 sec
What is the standard practice for issuing mandatory cybersecurity training and are there plans to create it in-house?
Kelly Moan explains that it is routine to leverage platforms from third-party vendors for cybersecurity awareness and training programs for city employees. - These programs often include custom content tailored …
2:07:22
·
79 sec
What are the details about the vendor providing cybersecurity training to New York City?
The council member's question about the name of the vendor providing cybersecurity training is not directly answered. - The chief information security officer states that they typically do not share …
2:08:41
·
24 sec
What agency should enforce the prohibition on third-party sale of geolocation data?
Council Member Jennifer Gutiérrez asks Kelly Moan, the Chief Information Security Officer, which agency would be better suited to enforce a bill prohibiting the third-party sale of geolocation data. - …
2:09:10
·
43 sec
Nina Loshkajian, Staff Attorney at Surveillance Technology Oversight Project, on urging the NYC Council to ban biometric surveillance in public accommodations and by landlords
Nina Loshkajian from the Surveillance Technology Oversight Project urges the NYC Council to pass legislation banning facial recognition and other biometric tracking tools in public places and residential buildings. - …
2:11:56
·
3 min
Albert Fox Cahn, Executive Director of the Surveillance Technology Oversight Project, on Protecting New Yorkers from Commercial Exploitation of Location Data
Albert Fox Cahn testifies in support of legislation to prohibit the commercialization of New Yorkers' location data by apps and technology companies. - He represents the Surveillance Technology Oversight Project …
2:15:40
·
3 min
Shane Farrell, Staff Attorney at the Legal Aid Society's Digital Forensics Unit, on Opposing the Use of Biometric Surveillance and Facial Recognition Technology
Farrell argues that biometric surveillance, especially facial recognition technology, erodes privacy rights and civil liberties of New Yorkers. - It diminishes citizens' democratic values and right to move freely without …
2:18:53
·
3 min
Council Member Jennifer Gutiérrez remarks on the issues concerning facial recognition technology
Council Member Gutiérrez expresses disappointment that the administration was not prepared to answer questions about which city agencies use facial recognition technology and biometric data. - She says it is …
2:22:22
·
39 sec
What are the positive uses of facial recognition technology?
Council Member Jennifer Gutiérrez asks if there are any positive examples of facial recognition technology. Albert Fox Cahn from the Surveillance Technology Oversight Project distinguishes between beneficial personal use, like …
2:23:03
·
60 sec
What types of location data are concerning in regards to privacy and surveillance?
Albert Fox Cahn explains that location data from activities like attending protests, places of worship, health facilities, and schools can be accessed and weaponized by various groups. - Location data …
2:24:04
·
109 sec
Do law enforcement agencies purchase individuals' location data from data brokers?
Albert Fox Cahn confirms that law enforcement agencies buy location data from data brokers like Thomson Reuters, which sells personal information of nearly all Americans to numerous agencies, including immigration …
2:25:55
·
63 sec
What can be done to ensure meaningful consent and understanding by users regarding the collection and use of their biometric data?
Council member Gutiérrez questions if there are steps that can be taken beyond terms of service agreements to ensure users truly understand and consent to the collection and use of …
2:26:58
·
3 min
What are the accuracy issues with facial recognition technology and how do they impact different demographics?
The experts explain that facial recognition algorithms are often inaccurate, especially for recognizing women of color where the accuracy can be less than a third. - Facial recognition systems were …
2:30:58
·
95 sec
What are the concerns regarding the rise in shoplifting and crimes, and the effectiveness of biometric surveillance in improving public safety for businesses?
Albert Fox Cahn explains that there is a fabricated sense of fear built on bad crime statistics, which surveillance companies exploit to sell their products despite a lack of evidence …
2:32:34
·
3 min
How can individuals remove their biometric data from surveillance systems and databases?
Individuals cannot easily remove their biometric data from surveillance systems and databases once collected. - Biometric data like faces and fingerprints cannot be changed like credit cards or Social Security …
2:36:06
·
159 sec
What concerns do panelists raise about businesses feeding surveillance footage to law enforcement without customer consent?
The panelists express doubts about law enforcement's claims of not using live facial recognition technology on private business surveillance footage. - They are concerned businesses could live-stream footage to NYPD …
2:38:48
·
4 min
What are the drawbacks of Maryland's targeted approach to banning geolocation data collection near sensitive locations?
Albert Fox Cahn explains that a targeted ban on geolocation data collection near facilities like mental health clinics and reproductive health centers cannot effectively protect individuals visiting those sites. - …
2:43:29
·
88 sec
How is the use of facial recognition software by businesses enforced and monitored?
Albert Fox Cahn explains how a lawsuit was filed against Amazon for allegedly collecting biometric data without proper disclosure, violating New York laws. - Observations were made of Amazon's camera …
2:45:06
·
50 sec
What are the main concerns with facial recognition technology and its accuracy?
Nina Loshkajian expresses concerns about facial recognition technology even if it reaches high accuracy levels. - The technology would be integrated into systems that discriminate in areas like housing and …
2:47:08
·
71 sec
What is the difference between private and business surveillance cameras?
The council member and the executive director discuss the differences between private surveillance cameras in homes versus cameras used by businesses. - The executive director argues there is a significant …
2:48:30
·
88 sec
What is being discussed regarding tracking consumer behavior and surveillance technology?
The council member and executive director are discussing how vendors sell software that can track consumer behavior, even for products that are not purchased. - They give the example of …
2:49:58
·
30 sec
What is the relationship between surveillance cameras and crime rates?
The council member questions whether surveillance cameras effectively reduce crime rates, citing an increase in burglaries in NYC despite the prevalence of cameras. - The executive director states that data …
2:50:28
·
82 sec
Should New York State take a comprehensive approach to protecting personal data rather than addressing different types of data separately?
The council member asks if New York State should take a comprehensive approach to protecting personal data instead of addressing different types of data separately like 18 other states have …
2:51:53
·
45 sec
What additional enforcement mechanisms are needed for the council bill on biometric data privacy?
Council members ask if private lawsuits alone would be sufficient for enforcing the biometric privacy bill, or if additional civil penalties are necessary. - The privacy advocate says private lawsuits …
2:52:40
·
35 sec
Adam Roberts, Policy Director of the Community Housing Improvement Program, on the Impact of Proposed Legislation on Security for Rent Stabilized Housing
Roberts argues the proposed legislation would be detrimental to security and affordability of rent stabilized housing. - He states the bill is punitive to tenants and workers in rent stabilized …
2:54:15
·
140 sec
Fernando Brinn, CEO of the Brinn Group, on Lack of Cybersecurity Funding for Underserved Community Organizations
Fernando Brinn raises concerns about the lack of cybersecurity funding and protection for underserved community organizations and non-profits receiving city contracts. - Underserved communities often lack access to affordable cyber …
2:56:43
·
138 sec
Sharon Brown, Member of the Public, on Transparency and Privacy Concerns with Biometric Surveillance Cameras
Sharon Brown, a member of the public, raises concerns about the need for transparency and notification regarding the use of biometric surveillance cameras with capabilities like iris recognition. - She …
2:59:19
·
126 sec
Jake Parker, Representative of the Security Industry Association, on the Impact of Proposed Biometric Technology Legislation in New York City
Jake Parker, representing the Security Industry Association, testifies against proposed biometric technology ordinances in New York City. - He highlights the benefits of biometric technologies in enhancing safety and security …
3:01:35
·
137 sec
Robert Tappan, Managing Director of the International Biometrics And Identity Association, on Responsible Regulation of Biometric Technologies for Public Safety and Convenience
Robert Tappan advocates for prudent regulation, not prohibition, of biometric technologies like facial recognition. - Biometric technologies enhance security, privacy, access management, productivity, and convenience across sectors. - In the …
3:03:56
·
135 sec
What biometric technologies and services do the member companies of the International Biometrics and Identity Association provide?
Robert Tappan explains that the International Biometrics and Identity Association has around two dozen member companies that provide various biometric equipment and technology for government and private sector use. - …
3:06:30
·
17 sec
What is the number of arrests made after facial recognition technology was installed in private businesses?
The managing director of the International Biometrics And Identity Association states that there are no comprehensive statistics on the number of arrests made after facial recognition technology was installed in …
3:06:49
·
48 sec
Do private businesses in New York City have signs informing people about their use of facial recognition technology?
The representative from the International Biometrics And Identity Association states that private businesses in New York City should have signs informing customers about their use of facial recognition technology per …
3:07:38
·
49 sec
What are the impacts of lack of access to cybersecurity for small businesses and businesses in communities of color?
Fernando Brinn explains that some small businesses may not have access to cybersecurity software or insurance. - Small businesses like mom-and-pop stores may not have internet capabilities - Community organizations …
3:08:42
·
124 sec
Does the city sell data from facial recognition systems for marketing or analytics purposes outside of safety?
The council member asks if the city is aware of businesses potentially selling data from facial recognition systems for marketing or other analytics outside of safety concerns. The panelists respond …
3:10:48
·
15 sec
What cybersecurity measures and funding do non-profit organizations need to protect sensitive data?
Fernando Brinn explains that non-profit organizations that have contracts with city agencies often do not have funding for cybersecurity in their operating budgets. - These non-profits handle sensitive data and …
3:11:03
·
86 sec
What is the policy on collecting, sharing and storing biometric data by private entities?
Private entities do not buy or sell biometric data as it is proprietary to each technology and cannot be reverse engineered. - Biometric data is unique to each individual and …
3:12:42
·
5 min
Sharon Brown, Member of the Public, on Personal Data Privacy and Opt-Out Registry
Sharon Brown, a member of the public, testifies about the need for personal data privacy and an opt-out registry for the sale of collected personal information. - She suggests having …
3:18:08
·
38 sec
What are the concerns related to impersonation and deepfakes when using biometric data, and how are they addressed?
Jake Parker explains that using biometric data itself to impersonate someone's identity is not possible due to how it is created and used. - There are concerns about using deepfakes …
3:18:47
·
52 sec
Can physical alterations like plastic surgery, colored contacts, and makeup fool biometric identification systems?
Sharon Brown questions the effectiveness of biometric systems against extensive physical alterations like plastic surgery, colored contacts, and heavy makeup that can change a person's appearance. - Robert Tappan from …
3:19:40
·
4 min
Council Member Shahana K. Hanif remarks on the scope of Intro 217
Council Member Shahana K. Hanif clarifies the scope of intro 217 on biometric surveillance. - She states that intro 217 is not a full ban on biometric surveillance - There …
3:23:58
·
38 sec
What are the safeguards and practices for biometric surveillance?
Jake Parker explains that the Security Industry Association supports the FTC's calls for reasonable safeguards in the use of biometric surveillance technologies. - The case involving Rite Aid's misuse of …
3:24:36
·
106 sec
What types of businesses do the technology providers represented by the Security Industry Association serve?
The representative states that the technology providers they represent do not primarily serve New York City-based businesses. - Some of the providers are based in New York City - But …
3:26:23
·
22 sec
How many members of the biometrics and security industry associations are based in New York City?
The council member does not receive a clear answer on the number of New York City-based members from the representatives of the biometrics and security industry associations. - The biometrics …
3:26:44
·
37 sec
What safeguards and testing processes are in place to prevent misuse and ensure accuracy of facial recognition technology?
The council member asks about safeguards companies use to prevent misuses like the Rite Aid incident, and what has been done to test the efficacy and accuracy of facial recognition …
3:27:22
·
3 min
Council Member Shahana K. Hanif remarks on the meeting
Council Member Hanif states the goal of the meeting is to address many instances of misuse of surveillance technology that disproportionately targets Black and brown people, especially women of color. …
3:30:49
·
24 sec
Sharon Brown, Member of the Public, on Concerns with Facial Recognition Accuracy and Authentication
Sharon Brown raises concerns about the accuracy and authentication capabilities of facial recognition technology. - She questions whether facial recognition can reliably identify someone if hairstyles or features are obscured …
3:31:24
·
79 sec
What is the accuracy of modern facial recognition technology according to industry representatives?
The industry representative states that leading facial recognition technologies today have over 99% accuracy across demographics according to government testing under NIST, with 97.5% accuracy across 70 demographic factors measured. …
3:33:09
·
68 sec
What is the accuracy of facial recognition technology compared to manual human identification?
The council member and the industry representative discuss the accuracy of facial recognition technology versus manual human identification. - The industry representative states that facial recognition technology is accurate, contrary …
3:34:17
·
79 sec
How can individuals request deletion of their facial images from biometric systems?
The representative explains that individuals should be provided a means to contest or request deletion of their enrollment in facial recognition systems. - There need to be clear policies and …
3:35:39
·
71 sec
What requirements beyond limitations on facial recognition technology are proposed for biometric data collection?
The council member explains that the proposed legislation would require cybersecurity safeguards, a written retention policy, and written consent in advance of any biometric data collection. - The industry representatives …
3:36:51
·
103 sec
Hally Thornton, Staff Member at Fight for the Future, on the Dangers of Facial Recognition Technology in Public Spaces and Residential Buildings
Hally Thornton testifies virtually on behalf of Fight for the Future, a digital rights organization, in support of banning facial recognition technology in public places and residential buildings in New …
3:38:56
·
123 sec
Daniel Schwartz, Representative of the New York Civil Liberties Union, on the Invasive Nature and Civil Liberty Implications of Biometric Surveillance Technologies
Daniel Schwartz testifies against the use of biometric surveillance technologies on behalf of the New York Civil Liberties Union. - He argues that biometric surveillance tools enable invasive tracking and …
3:41:07
·
162 sec
