Jun 10, 2019
One of the key fears that critics of mass surveillance and the proliferation of facial recognition technology have warned about has been realized with new reporting Monday that a "malicious cyber attack" has resulted in photos of airport passengers and other personal data harvested by U.S. Customs and Border Patrol being stolen by unknown actors.
"This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency's data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain it in the first place."
--Neema Singh Guliani, ACLUAccording to the Washington Post:
Customs officials said in a statement Monday that the images, which included photos of people's license plates, had been compromised as part of an attack on a federal subcontractor.
The agency maintains a database including passport and visa photos that is used at airports as part of an agency facial-recognition program. CBP declined to say what images were stolen or how many people were affected.
But CBP makes extensive use of cameras and video recordings at the arrival halls of international airports as well as land border crossings, where vehicle license plates are also captured.
A CBP statement said none of the image data had been identified "on the Dark Web or Internet." But reporters at The Register, a British technology news site, reported late last month that a large haul of breached data from the firm Perceptics was being offered as a free download on the dark web.
The CBP apparently did not want to confirm which private subcontractor was the target of the attack, but the Post and others were able to track down that it likely was Perceptics:
\u201clol these dummies https://t.co/P3SJ0Jk8tN\u201d— Lindsey Barrett (@Lindsey Barrett) 1560197744
"This is a bombshell," said Evan Greer, deputy director of the advocacy group Fight fight for the Future, in response to the reporting. "Even if you 100% trust the US government with your biometric information (which you shouldn't) this is a reminder that once your face is scanned and stored in a database, it's easily shared across government agencies, stolen by hackers, other governments, etc."
Buzzfeed, also among the first to report on the breach on Monday, noted that the "cyberattack comes amid the ongoing rollout of CBP's "biometric entry-exit system," the government initiative to biometrically verify the identities of all travelers crossing US borders." Citing earlier reporting, Buzzfeed pointed out that "CBP is scrambling to implement the initiative with the goal of using facial recognition technology on '100 percent of all international passengers,' including American citizens, in the top 20 US airports by 2021."
\u201cThis breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers.\u201d— ACLU (@ACLU) 1560201751
In a statement, Neema Singh Guliani, senior legislative counsel at the ACLU, said the compromise of passenger data is a great example of why privacy and civil liberties groups continue to warn about facial recognition and the electronic collection of other personal data.
"This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers," said Guliani. "This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency's data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain it in the first place."
\u201cIn a total surprise that absolutely nobody could have predicted, the federal gov'ts new facial-recognition database is breached, just months after deployment:\n\nhttps://t.co/huyyjBhXZY\n\nBackstory from a good Buzzfeed piece:\n\nhttps://t.co/sqpT3AfSpS\u201d— \ud835\ude72\ud835\ude91\ud835\ude8a\ud835\ude9b\ud835\ude95\ud835\ude8e\ud835\ude9c \ud835\ude72. \ud835\ude7c\ud835\ude8a\ud835\ude97\ud835\ude97 (@\ud835\ude72\ud835\ude91\ud835\ude8a\ud835\ude9b\ud835\ude95\ud835\ude8e\ud835\ude9c \ud835\ude72. \ud835\ude7c\ud835\ude8a\ud835\ude97\ud835\ude97) 1560200480
In an opinion piece ironically posted at the Washington Post just hours before the news story broke--titled "Don't smile for surveillance: Why airport face scans are a privacy trap"--columnist Geoffrey A. Fowler warned that even as U.S. consumers become more accustomed to facial recognition technology--such as using your face to unlock an iPhone or other device--what happens when a government agency or airline captures such an image at the airport is something entirely different.
"When you unlock an iPhone, your face scans never go to Apple or even leave your phone," explains Fowler. "But at an e-gate, your face gets captured by the airline and then compared with a face database run by U.S. Customs and Border Protection, which reports back whether you're cleared to board."
The big difference, however, is that there needs to be some cross-verification of any face the system at the airport is trying to match. "Where do those come from?" writes Fowler. "From the State Department, which gathers the shots from passports and visa applications."
Join Us: News for people demanding a better world
Common Dreams is powered by optimists who believe in the power of informed and engaged citizens to ignite and enact change to make the world a better place. We're hundreds of thousands strong, but every single supporter makes the difference. Your contribution supports this bold media model—free, independent, and dedicated to reporting the facts every day. Stand with us in the fight for economic equality, social justice, human rights, and a more sustainable future. As a people-powered nonprofit news outlet, we cover the issues the corporate media never will. |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
aclubig brothercivil libertiescustoms and border protection (cbp)fight for the futureprivacytechnology
One of the key fears that critics of mass surveillance and the proliferation of facial recognition technology have warned about has been realized with new reporting Monday that a "malicious cyber attack" has resulted in photos of airport passengers and other personal data harvested by U.S. Customs and Border Patrol being stolen by unknown actors.
"This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency's data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain it in the first place."
--Neema Singh Guliani, ACLUAccording to the Washington Post:
Customs officials said in a statement Monday that the images, which included photos of people's license plates, had been compromised as part of an attack on a federal subcontractor.
The agency maintains a database including passport and visa photos that is used at airports as part of an agency facial-recognition program. CBP declined to say what images were stolen or how many people were affected.
But CBP makes extensive use of cameras and video recordings at the arrival halls of international airports as well as land border crossings, where vehicle license plates are also captured.
A CBP statement said none of the image data had been identified "on the Dark Web or Internet." But reporters at The Register, a British technology news site, reported late last month that a large haul of breached data from the firm Perceptics was being offered as a free download on the dark web.
The CBP apparently did not want to confirm which private subcontractor was the target of the attack, but the Post and others were able to track down that it likely was Perceptics:
\u201clol these dummies https://t.co/P3SJ0Jk8tN\u201d— Lindsey Barrett (@Lindsey Barrett) 1560197744
"This is a bombshell," said Evan Greer, deputy director of the advocacy group Fight fight for the Future, in response to the reporting. "Even if you 100% trust the US government with your biometric information (which you shouldn't) this is a reminder that once your face is scanned and stored in a database, it's easily shared across government agencies, stolen by hackers, other governments, etc."
Buzzfeed, also among the first to report on the breach on Monday, noted that the "cyberattack comes amid the ongoing rollout of CBP's "biometric entry-exit system," the government initiative to biometrically verify the identities of all travelers crossing US borders." Citing earlier reporting, Buzzfeed pointed out that "CBP is scrambling to implement the initiative with the goal of using facial recognition technology on '100 percent of all international passengers,' including American citizens, in the top 20 US airports by 2021."
\u201cThis breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers.\u201d— ACLU (@ACLU) 1560201751
In a statement, Neema Singh Guliani, senior legislative counsel at the ACLU, said the compromise of passenger data is a great example of why privacy and civil liberties groups continue to warn about facial recognition and the electronic collection of other personal data.
"This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers," said Guliani. "This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency's data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain it in the first place."
\u201cIn a total surprise that absolutely nobody could have predicted, the federal gov'ts new facial-recognition database is breached, just months after deployment:\n\nhttps://t.co/huyyjBhXZY\n\nBackstory from a good Buzzfeed piece:\n\nhttps://t.co/sqpT3AfSpS\u201d— \ud835\ude72\ud835\ude91\ud835\ude8a\ud835\ude9b\ud835\ude95\ud835\ude8e\ud835\ude9c \ud835\ude72. \ud835\ude7c\ud835\ude8a\ud835\ude97\ud835\ude97 (@\ud835\ude72\ud835\ude91\ud835\ude8a\ud835\ude9b\ud835\ude95\ud835\ude8e\ud835\ude9c \ud835\ude72. \ud835\ude7c\ud835\ude8a\ud835\ude97\ud835\ude97) 1560200480
In an opinion piece ironically posted at the Washington Post just hours before the news story broke--titled "Don't smile for surveillance: Why airport face scans are a privacy trap"--columnist Geoffrey A. Fowler warned that even as U.S. consumers become more accustomed to facial recognition technology--such as using your face to unlock an iPhone or other device--what happens when a government agency or airline captures such an image at the airport is something entirely different.
"When you unlock an iPhone, your face scans never go to Apple or even leave your phone," explains Fowler. "But at an e-gate, your face gets captured by the airline and then compared with a face database run by U.S. Customs and Border Protection, which reports back whether you're cleared to board."
The big difference, however, is that there needs to be some cross-verification of any face the system at the airport is trying to match. "Where do those come from?" writes Fowler. "From the State Department, which gathers the shots from passports and visa applications."
One of the key fears that critics of mass surveillance and the proliferation of facial recognition technology have warned about has been realized with new reporting Monday that a "malicious cyber attack" has resulted in photos of airport passengers and other personal data harvested by U.S. Customs and Border Patrol being stolen by unknown actors.
"This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency's data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain it in the first place."
--Neema Singh Guliani, ACLUAccording to the Washington Post:
Customs officials said in a statement Monday that the images, which included photos of people's license plates, had been compromised as part of an attack on a federal subcontractor.
The agency maintains a database including passport and visa photos that is used at airports as part of an agency facial-recognition program. CBP declined to say what images were stolen or how many people were affected.
But CBP makes extensive use of cameras and video recordings at the arrival halls of international airports as well as land border crossings, where vehicle license plates are also captured.
A CBP statement said none of the image data had been identified "on the Dark Web or Internet." But reporters at The Register, a British technology news site, reported late last month that a large haul of breached data from the firm Perceptics was being offered as a free download on the dark web.
The CBP apparently did not want to confirm which private subcontractor was the target of the attack, but the Post and others were able to track down that it likely was Perceptics:
\u201clol these dummies https://t.co/P3SJ0Jk8tN\u201d— Lindsey Barrett (@Lindsey Barrett) 1560197744
"This is a bombshell," said Evan Greer, deputy director of the advocacy group Fight fight for the Future, in response to the reporting. "Even if you 100% trust the US government with your biometric information (which you shouldn't) this is a reminder that once your face is scanned and stored in a database, it's easily shared across government agencies, stolen by hackers, other governments, etc."
Buzzfeed, also among the first to report on the breach on Monday, noted that the "cyberattack comes amid the ongoing rollout of CBP's "biometric entry-exit system," the government initiative to biometrically verify the identities of all travelers crossing US borders." Citing earlier reporting, Buzzfeed pointed out that "CBP is scrambling to implement the initiative with the goal of using facial recognition technology on '100 percent of all international passengers,' including American citizens, in the top 20 US airports by 2021."
\u201cThis breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers.\u201d— ACLU (@ACLU) 1560201751
In a statement, Neema Singh Guliani, senior legislative counsel at the ACLU, said the compromise of passenger data is a great example of why privacy and civil liberties groups continue to warn about facial recognition and the electronic collection of other personal data.
"This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers," said Guliani. "This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency's data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain it in the first place."
\u201cIn a total surprise that absolutely nobody could have predicted, the federal gov'ts new facial-recognition database is breached, just months after deployment:\n\nhttps://t.co/huyyjBhXZY\n\nBackstory from a good Buzzfeed piece:\n\nhttps://t.co/sqpT3AfSpS\u201d— \ud835\ude72\ud835\ude91\ud835\ude8a\ud835\ude9b\ud835\ude95\ud835\ude8e\ud835\ude9c \ud835\ude72. \ud835\ude7c\ud835\ude8a\ud835\ude97\ud835\ude97 (@\ud835\ude72\ud835\ude91\ud835\ude8a\ud835\ude9b\ud835\ude95\ud835\ude8e\ud835\ude9c \ud835\ude72. \ud835\ude7c\ud835\ude8a\ud835\ude97\ud835\ude97) 1560200480
In an opinion piece ironically posted at the Washington Post just hours before the news story broke--titled "Don't smile for surveillance: Why airport face scans are a privacy trap"--columnist Geoffrey A. Fowler warned that even as U.S. consumers become more accustomed to facial recognition technology--such as using your face to unlock an iPhone or other device--what happens when a government agency or airline captures such an image at the airport is something entirely different.
"When you unlock an iPhone, your face scans never go to Apple or even leave your phone," explains Fowler. "But at an e-gate, your face gets captured by the airline and then compared with a face database run by U.S. Customs and Border Protection, which reports back whether you're cleared to board."
The big difference, however, is that there needs to be some cross-verification of any face the system at the airport is trying to match. "Where do those come from?" writes Fowler. "From the State Department, which gathers the shots from passports and visa applications."
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.