The US Custom and Border Patrol (CBP) reported a breach involving images of tens of thousands of people crossing the border with Mexico. According to the CBP, the breach affected the network of a sub-contractor. Among the photos stolen there are images of vehicle license plates.
Initial reports speak of almost 100,000 people affected.
The Custom and Border Patrol is extensively using cameras in airports and land borders as part of a rapidly growing face-recognition program. Every day, hundreds of thousands of photos of people entering and exiting the country are taken, stored and in this case, stolen.
“CBP has alerted Members of Congress and is working closely with other law enforcement agencies and cyber-security entities […] to actively investigate the incident,” said the CBD, in an emailed statement.
The agency stated that the sub-contractor involved in the breach was storing images on its systems without official consent, while CBP’s own systems weren’t affected.
The photos of the vehicles crossing the border were taken at a single border entry point, which the CBP did not specify yet. No other personal information that could lead to identification – such as passports, visas and travel documents – was compromised.
The case emerged late in May when the Register reported that license plates images belonging to vehicles crossing CBP checkpoints had been stolen and shared on the dark web.
CBP learned of the breach on the May 31st, and claimed none of the image data was found on the “dark web or internet.”
Arguments in favor of image recognition software say that this kind of technology makes borders safer and helps to catch criminals.
But face-recognition technology is often enforced in disregard of people’s privacy. It increases the risk of identity crime, and cannot be considered safe even when it is used by the government’s agencies.
Democratic Senator Ron Wyden said to the Washington Post:
“If the government collects sensitive information about Americans, it is responsible for protecting it – and that’s just as true if it contracts with a private company.
Anyone whose information was compromised should be notified by customs, and the government needs to explain exactly how it intends to prevent this kind of breach from happening in the future.”
According to Neema Singh Giuliani, senior legislative counsel at the American Civil Liberties Union, the breach comes “just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers…This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices.”