Senate Committee member seeks CBP and Suprema biometric data security answers
The top ranking democrat on the U.S. Senate Intelligence Committee has separately requested information from both Customs and Border Protection (CBP) and Suprema regarding the security of the biometric data they store, and how it is protected, The Hill reports.
Senator Mark Warner (D-Va.) wrote acting CBP Commissioner Mark Morgan seeking details on the cyberattack suffered by a CBP contractor in June, in which more than 100,000 facial images of travelers were stolen.
“It is absolutely critical that federal agencies and industry improve their track records, especially when handling and processing biometric data,” writes Warner. “Americans deserve to have their sensitive data secured, regardless of whether it is being handled by a first or a third-party.”
Warner also wrote to Suprema CEO James Lee, asking for the company’s U.S. clients to be identified, and what cybersecurity standards it applies to protect biometric and other personal data. Warner says around 5,700 companies based in 83 countries use Suprema’s biometric data security systems, including banks and foreign law enforcement agencies.
A database of unencrypted biometric data owned by Suprema was found exposed to the internet in August, though the company has stated that it does not appear any sensitive information was downloaded from it.
“Unlike passwords, email addresses and phone numbers, biometric information in voices, fingerprints, and eyes are unique data that are impossible to reset,” Warner writes in the letter. “Biometric data can be used effectively for unauthorized surveillance and access to secure facilities, to steal identities, and is even valuable in developing deepfake technologies.”
Warner gave both CBP and Suprema two weeks to respond.
The Hill also notes that House Homeland Security Committee Chair Bennie Thompson (D-Miss.) advocated earlier this year for an increased emphasis on data controls before further use by federal agencies.