The US Custom and Border Patrol (CBP) reported a breach involving images of tens of thousands of people crossing the border with Mexico. According to the CBP, the breach affected the network of a sub-contractor. Among the photos stolen there are images of vehicle license plates.
Initial reports speak of almost 100,000 people affected.
The Custom and Border Patrol is extensively using cameras in airports and land borders as part of a rapidly growing face-recognition program. Every day, hundreds of thousands of photos of people entering and exiting the country are taken, stored and in this case, stolen.
โCBP has alerted Members of Congress and is working closely with other law enforcement agencies and cyber-security entities [โฆ] to actively investigate the incident,โ said the CBD, in an emailed statement.
The agency stated that the sub-contractor involved in the breach was storing images on its systems without official consent, while CBPโs own systems werenโt affected.
The photos of the vehicles crossing the border were taken at a single border entry point, which the CBP did not specify yet. No other personal information that could lead to identification โ such as passports, visas and travel documents โ was compromised.
The case emerged late in May when the Register reported that license plates images belonging to vehicles crossing CBP checkpoints had been stolen and shared on the dark web.
CBP learned of the breach on the May 31st, and claimed none of the image data was found on the โdark web or internet.โ
Arguments in favor of image recognition software say that this kind of technology makes borders safer and helps to catch criminals.
But face-recognition technology is often enforced in disregard of peopleโs privacy. It increases the risk of identity crime, and cannot be considered safe even when it is used by the governmentโs agencies.
Democratic Senator Ron Wyden said to the Washington Post:
โIf the government collects sensitive information about Americans, it is responsible for protecting it โ and thatโs just as true if it contracts with a private company.
Anyone whose information was compromised should be notified by customs, and the government needs to explain exactly how it intends to prevent this kind of breach from happening in the future.โ
According to Neema Singh Giuliani, senior legislative counsel at the American Civil Liberties Union, the breach comes โjust as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiersโฆThis incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agencyโs data practices.โ
