Breached CBP Data Used to Train Biometric Face Matching: Report

“The CBP said that the subcontractor had transferred the image data to its own network, violating security rules, and that its own systems were not affected in the attack. Somewhere under 100,000 people were impacted, the agency said.”

It appears that a US government subcontractor’s use of biometric border control technology has resulted in the compromising of tens of thousands of individuals’ data.

The US Customs and Border Protection agency (CBP) revealed this week that one of its subcontractors had suffered a malicious cyberattack at the end of May that included a breach of databases containing images of the license plates and faces of individuals crossing an unnamed land border. The CBP said that the subcontractor had transferred the image data to its own network, violating security rules, and that its own systems were not affected in the attack. Somewhere under 100,000 people were impacted, the agency said.

The Washington Post, meanwhile, has dug deeper into the matter, finding some evidence suggesting that the contractor in question was Tennessee-based Perceptics. What’s more, an anonymous US official told the Post that Perceptics was using the image data to train biometric algorithms designed to match drivers’ faces to their vehicles’ license plates – technology that would be of interest to the CBP.

News of the breach comes at a time of intensifying debate about government use of biometric surveillance technology in the US, with multiple cities in California having recently moved to restrict such practices at the municipal level. The CBP, meanwhile, has been increasing its use of biometric border control technology in airports, land borders, and even sea ports, with a growing number of airline and airport partners working alongside it with an eye to the benefits biometric screening can offer in terms of speeding up passenger processing.

Sources: The Washington Post, The Washington Times

–

June 12, 2019 – by Alex Perala