U.S. Customs and Border Protection states that there was a privacy violation when taking photos of travelers on the Canadian border
As part of a malicious cyber attack, traveler images had been compromised, which raised concerns about how surveillance efforts by federal officials could jeopardize the privacy of Americans.
Customs officials said in a statement that the images, which included photos of faces and plates of people, had been compromised as part of an attack against a federal subcontractor.
CBP makes extensive use of cameras and video recordings at airports and land border crossings, where vehicle images are captured. These images are used as part of a growing agency facial recognition program designed to track the identity of people entering and leaving the US. UU.
In initial reports CBP commented that less than 100,000 people were affected, the photographs that were taken are of people in vehicles entering and leaving the US. UU. This attack was for more than a month and a half in which a single border entry port was violated.
Luckily the stolen information did not include other identification information, and that no passport or other photos of travel documents were compromised.
The journalists of The Register, a British technology news site, reported at the end of last June that a large amount of data breached by the Perceptics firm was offered as a free download on the dark web.
Perceptics representatives did not immediately respond to requests for comment.
CBP spokeswoman Jackie Wren said she was "unable to confirm" if Perceptics was the source of the violation.
Perceptics and other companies offer automatic license plate reading devices that federal officials can use to track a vehicle, or its owner, while traveling on public roads.
A US official, who spoke on condition of anonymity due to lack of authorization to discuss the violation, said it was described within CBP as a "major incident."
The data breached involved travelers who crossed the Canadian border and did not involve a foreign nation such as when China hacked the Personnel Management Office in 2014 exposing the information of at least 22 million people.
The news of the violation generated alarm in Congress, where lawmakers have questioned whether surveillance measures extended by the government could threaten constitutional rights by exposing millions of innocent people to identity theft.
Civil rights and privacy advocates also called information theft as a sign that the growing government image identification database had become an attractive target for hackers and cybercriminals.
"This violation occurs just when CBP seeks to expand its mass facial recognition apparatus and the collection of confidential information from travelers, including information on the badge and the identifiers of social networks."
CBP said that copies of "license plate images and traveler images collected by CBP" had been transferred to the subcontractor's company network, violating the agency's security and privacy rules. The subcontractor's network was attacked and violated. No CBP system was compromised, the agency said.
Immigration agents have used these databases to locate people who may be in the country illegally. Law enforcement agencies have also used the data to search for possible crime suspects.
The federal government, like the group of private contractors with whom it works, has access to a database of cars and faces of people who, it says, are necessary to improve security and enforce border laws.
The FBI has access to more than 640 million photos, including passports and driver's licenses, which it can scan with facial recognition systems while conducting criminal investigations.
“The government's use of biometric information and personal identification can be valuable tools only if used properly. We must ensure that we do not expand the use of biometrics at the expense of the privacy of the American public. "
