Identity Finder Frequently Asked Questions (FAQ)


Table of Contents

Why is the University of Maryland using Identity Finder?

As part of the University of Maryland's (UMD) information security strategy, UMD is using Identity Finder to proactively locate Personally Identifiable Information (PII) or sensitive information on university-owned computers and servers so that the information can be reviewed and deleted or appropriately secured to prevent unauthorized access. All university-owned computers will need to be scanned by Identity Finder.

What is Identity Finder?

Identity Finder is a software application that searches a computer for PII or sensitive information such as Social Security Numbers and credit card numbers. It also provides a way to remediate such information once it is identified (by scrubbing the sensitive information from files or by securely deleting them). If Identity Finder finds sensitive information that you need to keep, you will need to work with your departmental IT personnel to be sure it is stored appropriately.

Are we required to have UMD-owned handheld devices scanned by the tool?

Handheld devices such as iPads and smartphones are not currently required to be scanned as part of this effort. 

As a result of several tests across campus, we are focusing on computing devices that appear to pose the highest risk, such as servers, laptops, and desktops. If you wish to also scan a smartphone, simply connect it to another device being scanned by Identity Finder.

Am I required to use Identity Finder on personal computing equipment that I use primarily for university business such as teaching or doing research or administrative work?

Identity Finder is not licensed for use with computers not owned by the university. However, it is the expectation that you are being diligent about not keeping PII or sensitive information on personal devices used to conduct university business as that behavior does present a risk to you and to the university in terms of inappropriate data access.

Am I required to use Identity Finder on a grant-funded computer?

UMD grant-funded computers are licensed and should be scanned.

How will Identity Finder be distributed to my computer?

The Division of Information Technology (DIT) will partner with departmental IT professionals to use their regular means for distributing software.

Identity Finder will be distributed by platform. This approach will allow DIT and departmental IT support staff to dedicate their energies to supporting one Identity Finder configuration at a time while focusing on the platform with the most users – Windows.

At the conclusion of the Windows distribution, DIT will release the Identity Finder software for Apple computers and then complete this deployment with the Identity Finder software for Linux desktops.

How much will Identity Finder cost?

The Identity Finder license cost the university $279,563. This is a centrally-funded university initiative and is available at no cost to UMD departments for use on university-owned computers.

Are there any recommendations for working with Identity Finder?

What kind of information does Identity Finder locate?

The university is scanning for two types of sensitive information: 

What is a false positive?

A false positive is a match in Identify Finder that may look like a Social Security Number or credit card number but is actually just a series of numbers in a similar format as the pattern of the search criteria. The numbers could be the same length or start with the same set of numbers as, for example, credit cards. 

Identity Finder will come with default settings to reduce false positives related to unformatted SSNs. For a file to be listed in the results, it must contain the keyword SSN or Social Security in addition to a number that looks like an unformatted SSN. Also, for most files, three matches are required for this type of number before Identity Finder will report it. For a PDF, only one match is needed (many travel forms require an SSN). Because University ID (U ID) Numbers typically follow the pattern of an unformatted SSN, the false positives are reduced greatly by the need for keywords "SSN" or "Social Security." Formatted SSNs do not have the same restrictions. 

If you identify false positives on your computer after the scan is complete, you can press the Ignore button so Identity Finder will ignore that particular piece of data in the future.

Where does Identity Finder search on my computer?

By default, Identity Finder will search the following locations for sensitive information: 

If there is a device attached to your computer, such as a USB drive or smartphone, Identity Finder will try to search that device. If you do not want the attached device to be searched, simply remove it before starting the scan or do nothing (do not click OK or Cancel) when the Identity Finder Removable Storage Detected prompt appears. (This is a known bug in the Identity Finder client.)

Can the DIT Identity Finder team see all the files on my computer?

No, we only see a summary of files that Identity Finder flags as containing sensitive information. After the scan is complete, the Identity Finder tool sends the following data to the DIT Identity Finder team.

You will notice that the last item on the list of data sent back is Action taken (shred, scrub, or ignore). Be aware that this is not an automatic action that will be taken after the scan is completed. Identity Finder is an awareness tool, not an enforcement tool. The tool is designed to make people aware of the PII or sensitive data that may reside on their computers. Each of us shares in the responsibility of making the right decisions about whether PII or sensitive data found on computer files should be shredded, scrubbed of PII, or ignored by future scans and stored securely.

The information that is sent to DIT will be used to evaluate whether or not the Identity Finder program is effective. We will know which university-owned computers were scanned, but we will not follow up with individual UMD community members. Again, we are counting on you to help us with being good stewards of institutional data.

How much information from the results will DIT see? For example, do you now have a full copy of my tax return?

The DIT Identity Finder team only receives the data listed in the prior answer. The power is in your hands in terms of knowing what files containing PII must be kept and what files containing PII must be removed. The basic rule of thumb is if the file is unneeded, then please shred it. If the sensitive information must be saved for university business reasons, then please contact your departmental IT support staff about how to store the information securely. In addition, you can contact DIT at ID-finder@umd.edu should you need additional assistance with the Identity Finder tool.

Does Identity Finder search image files like scanned documents?

Identity Finder can search FAX images, PDF images, TIFs, JPGs, and almost all other major image formats to accurately identify all sensitive information. 

Optical Character Recognition (OCR) is used to search for text within images. The following file types are supported: bmp, dcx, gif, jbig2, jp2, jpeg, jpf, jpg, jpg2000, jpm, jpx, max, pcx, png, tfx, tif, tiff, xif, xiff, and xps. 

If the dots per inch or DPI (a measure of the resolution of an image file) of an image is less than 75 or greater than 2400, the recognition may fail and log an error.

Something does not seem right about the results my local scan is reporting.  Who should I contact?

Contact your departmental IT support staff. Your departmental IT support staff member will contact the DIT Identity Finder team if needed to determine any troubleshooting steps that should be taken.

I store many of my files on our shared space. How will that be scanned?

Your departmental IT support staff will work with the DIT Identity Finder team to determine a strategy for scanning files stored on a shared file server.

Will a scan slow my computer?

The first Identity Finder scan may take some time, depending on the size of the disk and the power of the computer. We recommend starting the initial scan before leaving work for the day. Subsequent scans are generally fast and do not materially affect system performance. You can continue to use your computer while it is being scanned.

How long does a scan take to complete?

The length of time to complete a scan depends on the amount of data being searched and your computer's performance.  It may run as quickly as an hour or last several days. Nonetheless, the software runs in the background so you can continue to use your computer.

How often should I run a scan?

You can run Identify Finder at any point when you think you may have collected new sensitive information on a university-owned computer. At this time, there is not a mandate to conduct a scan at regular intervals. However, we are working on a university policy to address scan frequency. 

In the meantime, it is up to all of us to now develop better habits about not storing PII or sensitive data on any computer unless it is absolutely necessary for conducting university business.

I do university work on multiple computers, should I scan all of them?

Yes, scan all university-owned computers that you work on to ensure university-owned sensitive information is not stored on them. Work with your departmental IT support staff to ensure the appropriate Identity Finder software is installed on all computers on which you conduct university business.

Can I run Identity Finder if I am at my home or from other off-campus locations?

Yes, but you must be connected through the campus VPN. In addition, we are licensed to run the software only on university-owned computers. To learn more about using VPN for university business, view Virtual Private Networking (VPN) at the University of Maryland.

How do I reset my Identity Finder profile password?

Identity Finder provides the ability to save settings, configuration information, and sensitive data across sessions through the use of a profile password. You'll need to create a password. It is not possible to recover a lost password. However, it is possible to delete a profile and create a new one. When the profile password is created, that password is used to encrypt the profile. The profile password is not stored anywhere, and therefore if it is lost or forgotten, all of the information in the profile will be lost. 

The following data will be lost in Identity Finder when deleting a profile.

For additional details on the location of the user profile folder, contact the DIT Identity Finder team at ID-finder@umd.edu.

Why is my virus scanner creating alerts during Identity Finder searches?

During the course of an Identity Finder search, anti-virus applications may create an alert for files created in a subfolder of IDFTmpDir, located in the user profile folder. This is not a problem with Identity Finder; it indicates that the user's system already contains one or more infected files. 

The files in IDFTmpDir are created during a search, specifically and most commonly when extracting files from archives (e.g., .zip files) or when detaching them from email messages. To search these files, Identity Finder places them in a temporary folder and then attempts to open them for read access. If the file has a virus, the act of extracting or detaching the file to the temporary folder and/or the attempt to read the file may trigger the anti-virus application (depending on its configuration). 

If Identity Finder is configured to log Locations Searched, you may be able to determine the specific archives or messages that contain the infected file(s). However, in these instances, it is recommended that you perform a full anti-virus scan of your system ensuring a search within archive files and email attachments.

Is Identity Finder configurable?

Identify Finder is highly configurable. This FAQ is constructed specifically for UMD's configuration of Identity Finder. It is possible to manually reconfigure Identity Finder in ways that cause it to do more – or to do less – than the standard UMD configuration. For this reason, the help documents focus on the behavior of Identity Finder as configured for UMD. Please contact ID-finder@umd.edu if you have a reason to consider reconfiguring Identity Finder for your particular scans.

What else has been done to date to remove sensitive or personally identifiable information from existing enterprise systems at Maryland?

Social Security Numbers were removed several years ago from hundreds of data warehouse tables and views from enterprise systems such as PHR and the Student Information System. In addition, Social Security Numbers have been removed from the Testudo login page, from ID cards, from the library billing system, from the Common Login page, and from other systems, databases, and tables. In addition, the university has deployed a new encrypted database service. 

Unfortunately, there are still software applications that request Social Security Numbers. We are working with those responsible for the software to make the necessary changes to eliminate the need for Social Security Numbers wherever possible.

What do I do if I still have questions about Identity Finder?

You should first contact your departmental IT support staff for assistance. Second, you can contact the Call Center. You can also email the DIT Identity Finder team at ID-finder@umd.edu.