FB pixel

Breached CBP contractor may have been training biometric facial recognition algorithm

 

Facial images of travelers and license plate data have been stolen from a U.S. Customs and Border Protection (CBP) subcontractor, which appears to have been trying to train a facial biometric algorithm with CBP data it was not supposed to have, drawing immediate criticism from privacy advocates and concerned lawmakers. It is unclear at this time if the breach, first reported by The Washington Post, includes facial images captured for biometric matching as part of CBP’s Biometric Exit program.

An official, speaking anonymously, told The Post that the subcontractor was attempting to use the images to train its algorithms to match license plates with the faces of car occupants, which was outside of the approved use of the data. The images came from the Canadian border, according to the source, and a state actor is not suspected inside the agency.

Images of fewer than 100,000 people have been breached as part of an attack on the federal contractor, a statement from CBP said. While the agency did not identify the subcontractor to the Post, it did provide a statement titled “CBP Perceptics Public Statement.” Perceptics is a company based in Tennessee that provides license plate readers, and has claimed to be CBP’s sole provider of automatic license plate readers for U.S. land borders. Perceptics was hacked in May, and The Register reported thousands of files, including images the publication presumed were of license plates, were available on the dark web.

CBP says in its statement that none of the image data stolen has been identified on the dark web, so it may be a separate incident. The agency also says its own network was unaffected. No passport or other travel document data was stolen, CBP says, and “no images of airline passengers from the air entry/exit process were involved.”

The statement also says that the contractor violated CBP’s policies and mandatory security and privacy protocols in its contract by transferring images to its company network.

Senator Ron Wyden, who has called for the use of facial biometrics by CBP and law enforcement to be scrutinized by the Government Accountability Office (GAO), said the government now has a burden to explain how it will prevent a repeat.

“This incident should be a lesson to those who have supported expanding government surveillance powers – these vast troves of Americans’ personal information are a ripe target for attackers,” said Wyden in a statement reported by TechCrunch.

“The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place,” says ACLU Seior Legislative Counsel Neema Singh Guliani.

The Hill reports that the House Homeland Security Committee, meanwhile, is preparing to hold hearings into the use of biometrics by the Department of Homeland Services (DHS), of which CBP is a part. Committee Chairman Bennie Thompson (D-Miss.) announced the hearing, and criticized DHS for the breach.

“Government use of biometric and personal identifiable information can be valuable tools only if utilized properly,” Thompson said. “Unfortunately, this is the second major privacy breach at DHS this year. We must ensure we are not expanding the use of biometrics at the expense of the privacy of the American public.”

The House Committee on Oversight and Reform has held its first two hearings into the use of facial recognition, and expressed bi-partisan support for the rapid enactment of regulation on the technology.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Harmonized digital driving license in EU approved as part of driving reform package

The EU is getting closer to a harmonized mobile driver’s license (mDL) with the approval of a provisional deal on…

 

DARPA taps Aptima to bring media forensics to market amid deepfake surge

The Defense Advanced Research Projects Agency (DARPA) has awarded a commercialization contract to Aptima, Inc. that marks a critical inflection…

 

Parsons secures sole source deal to equip U.S. Air Force with biometric kits

The U.S. Air Force Air has issued a notice of intent to award a sole-source contract to Parsons Corporation for…

 

Gov.uk Wallet ‘empowering the market,’ says Kyle, in big win for OSPs

After a tense few weeks, the UK government has released the working principles for the Gov.uk Wallet plan that has…

 

Biometrics integrations, identity intelligence improve financial services onboarding

Major integrations for Fourthline and BioCatch are expanding the reach of their biometric user onboarding and KYC technologies, as financial…

 

Pakistan introduces digital birth, death registration in health facilities

Pakistan has taken a decisive move to streamline birth and death registration by digitizing the process and making services available…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events