Photos of travelers who entered and exited the U.S. were stolen in a data breach

Data collected by U.S. Customs and Border Protection has fallen foul to a breach.
Data collected by U.S. Customs and Border Protection has fallen foul to a breach.
Image: JIM WATSON/AFP/Getty Images

Photos of travelers collected by U.S. Customs and Border Protection (CBP) have been compromised in a data breach, the agency revealed on Monday.

The breach, first reported by the Washington Post, was confirmed in a statement by a CBP spokesperson to Mashable.

“CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network,” the statement reads. 

“The subcontractor’s network was subsequently compromised by a malicious cyber-attack. No CBP systems were compromised.”

CBP added that none of the images that were stolen have been identified on the Dark Web or the internet, and that it has removed equipment involved in the breach.

The agency said initial reports indicate that fewer than 100,000 people were involved in the image breach, and the photographs were of travelers in vehicles entering and exiting the U.S. through a few lanes at a land border entry over a 1.5 month period.

“No other identifying information was included with the images. No passport or other travel document photographs were compromised and no images of airline passengers from the air entry/exit process were involved,” the statement read.

It comes after revelations of CBP’s planned expansion of its facial recognition technology at airports, where it would look to capture 97 percent of departing commercial air travelers from the U.S. over the next four years.

The move raised the ire of privacy advocates, and the CBP’s latest incident has provoked calls for the agency to rethink its collection of travelers’ data.

“This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices,” ACLU Senior Legislative Counsel, Neema Singh Guliani, said in a statement. 

“The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”

Uploads%252fvideo uploaders%252fdistribution thumb%252fimage%252f91270%252f3c313015 cb30 4c70 9fbf c261eb8ab5ec.jpg%252foriginal.jpg?signature= ncdthnsyf9nmc5mejntisrqi k=&source=https%3a%2f%2fblueprint api production.s3.amazonaws

Let’s block ads! (Why?)

Link to original source

Hackers steal traveler photos and license plates from US Customs

Sponsored Links


Joe Raedle/Getty Images

If you were wondering why it can be risky for governments to collect traveler images en masse on connected systems… well, here’s why. US Customs and Border Protection has confirmed that hackers stole traveler images from a subcontractor, including photos of people entering or leaving the country as well as copies of their license plates. In a statement, CBP said that the subcontractor had “violated mandatory security and privacy protocols” by transferring the data to its own network.

A representative didn’t tell TechCrunch how much data had been taken, or how many American citizens were caught up in the breach. The agency said alerted Congress and said it was “closely monitoring” the subcontractor’s associated work.

CBP said that none of the info had been spotted on either the dark web or the public internet, although the company in question might have had at least one leak. Officials inadvertently mentioned the border crossing tech company Perceptics in their document title, and a Register report in late May indicated that data from the firm was available for free on the dark web. It’s not certain if that info is associated with the CBP’s breach.

The incident underscores a common problem with database security: it’s only as safe as the weakest link in the chain. If a contractor leaves data vulnerable, it doesn’t matter how airtight the government’s own practices are. And that raises concerns about plans for facial recognition at airports. Officials have vowed to limit access to image data, but it could only take a momentary lapse in security to compromise a vast library of sensitive images.

Let’s block ads! (Why?)

Link to original source

ACLU: border agents regularly perform 'warrantless' device searches

Sponsored Links


Christina Mendenhall/Bloomberg via Getty Images

Privacy advocates have long been concerned that US border agents may be overstepping their boundaries when searching devices, and the ACLU just obtained evidence appearing to support that theory. The civil rights group has motioned for summary judgment in its lawsuit against the Department of Homeland Security after its discovery process revealed far-reaching policies for “warrantless and suspicionless” searches. Reportedly, both Customs and Border Protection as well as Immigration and Customs Enforcement have claimed “near-unfettered authority” to search phones, PCs and other devices, even though the requests fall well outside their purview.

Agency policies let officers search devices for generic law enforcement purposes like investigating bankruptcies and consumer portection laws, the ACLU said. Officers can also search devices to collect data about someone else, such as a friend that might be an illegal immigrant or the foreign sources for a journalist. CBP and ICE can also seize devices to produce “risk assessments” or push existing cases forward, and they’ll consider requests for data from other US agencies.

Agents for the two can not only keep information taken from devices, but share it with other government bodies in the US and abroad, the ACLU added.

The ACLU’s motion for judgment argues that the searches violate Fourth Amendment rights preventing unreasonable searches and seizures. However, it added that these searches effectively stomped on the First Amendment as well, as people would “self-censor and avoid expressing dissent” if they knew that border agents would sift through their data. The plaintiffs in the case include both a journalist seemingly targeted for his reporting as well as another whose phone included attorney-client privileged content.

CBP told Engadget that it was “unable to comment on matters under litigation.” However, the ACLU didn’t mince words. It saw authorities using the border as a pretense for an “end run around the Constitution,” and hoped a judgment would force border agents to get warrants for future searches. There’s no guarantee the ACLU will succeed in obtaining a judgment or winning if it has to go to trial. Should it win, though, border officials may have to dramatically limit the scope of their searches.

Let’s block ads! (Why?)

Link to original source

There's Never Been a Better Time to Bribe TSA and CBP Officers Than During President Trump's Shutdown

An unedited photo of President Donald Trump at the White House on January 23, 2019
Photo: Getty Images

It’s day 34 of President Trump’s government shutdown with no end in sight. And while most of the media’s attention has been focused on the long lines at airport security and food that’s going uninspected, there’s another topic that isn’t getting much coverage: the potential for rampant corruption.

There’s literally never been a better time to bribe someone who works for a U.S. government agency—from the Transportation Security Administration (TSA) and Customs and Border Protection (CBP) to U.S. Coast Guard service members and State Department officials overseas. The RAND Corporation has a startling new report about the potential risks.

Advertisement

“U.S. adversaries could exploit the shutdown by trying to corrupt border agents and airport screeners who are doing their jobs but not getting paid,” Ryan Consaul, a senior researcher at RAND writes. “Transnational criminal organizations and drug cartels have tried to bribe officers before.”

Conasul notes that 144 U.S. Customs and Border Protection officers were arrested between 2005 and 2012 on charges related to corruption, and that was when people were getting paid. Now that government workers are being forced to work for free, things could get much worse.

With over 800,000 federal employees not getting paid right now, many have resorted to begging for money on GoFundMe, visiting food banks, and selling personal items on Craigslist. The risk of corruption is only growing with each passing day. Otherwise morally upstanding people are more willing to break the rules to make sure that they can survive when things get really desperate. And things are really desperate at the moment.

Advertisement

As the RAND report notes, Congress passed a bill in 2010 that attempted to curtail corruption at agencies like CBP, but that law was neutered by the Republican-controlled House in 2017 in an effort to speed up hiring.

From RAND:

One investigation was of a Border Patrol agent who worked with drug traffickers to smuggle marijuana across the Mexican border into the United States. The agent pleaded guilty to conspiracy to import marijuana and was sentenced to 20 months imprisonment and three years of supervised release.

The other investigation centered on a TSA employee who was observed meeting with a known narcotics/money courier in uniform at an airport and was later found with a bag containing $130,000. The TSA employee pleaded guilty and was sentenced to a year of house arrest followed by 48 months of probation.

These examples are, of course, the rarest of exceptions. Nevertheless, the financial pressures caused by the shutdown provide U.S. adversaries with an opening to possibly exploit.

Advertisement

The new RAND article is primarily focused on agencies like CBP, but few people seem to be talking about other risks at places like the FBI and State Department—organizations that hold incredibly sensitive information, including state secrets.

If America’s New Cold War adversaries like China and Russia are looking to flip government officials and turn them into spies, now’s the time to strike. But they know that already. That’s one of the reasons that background checks for people in government positions include credit checks. Financially strapped police officers and diplomats have more of an incentive to betray their country. And unless President Trump gives up on his stupid and unnecessary border wall those incentives are only going to get more enticing.

Not only is President Trump simply a blathering idiot, he’s also making Americans less safe. Good job, Mr. President. Please open the government so that people can get on with their lives. You’ve done enough damage already.

Advertisement

[RAND Corporation]

Let’s block ads! (Why?)

Link to original source

Marc Benioff struggled for most of last summer with his decision to keep Salesforce's controversial contract with the US Customs Border Patrol (CRM)

salesforce tower san francisco marc benioff 5277Salesforce CEO Marc BenioffMelia Robinson/Business Insider
  • Marc Benioff struggled in deciding whether or not to keep Salesforce’s contract with the Customs Border Patrol (CBP) after employee backlash last June, according to a recent interview with CNBC
  • “[Employees] ask me questions I don’t have the answer to and I don’t have the authority or understanding to be able to opine on,” Benioff said. 
  • Ultimately, Benioff decided to keep the contract in place, though he vowed that in the future, an internal team focused on ethics would make these types of judgment calls. 
  • Political organizing groups who oppose the CBP contract tell Business Insider that they are still are not satisfied. 

Government agencies are attractive customers to Silicon Valley tech companies peddling software and services that promise to modernize the cogs of bureaucracy. 

But in an age of divisive public policy and rising employee activism, doing business with the government is not the slam dunk business deal it once was.

For Salesforce CEO Marc Benioff, this reality hit hard last year, leaving the the industry’s most outspoken champion of progressive causes on the defensive. 

Benioff struggled with the decision to work with the Customs Border Patrol throughout last summer, he said in a recent interview with CNBC. And even after Benioff took steps to ensure that Salesforce is better prepared to address thorny issues like this in the future, the experience has left its mark on the company.

“What’s the right thing to do here?”

In June, more than 650 Salesforce employees sent an email to Benioff criticizing the company’s contract with the Customs Border Patrol (CBP).  “Given the inhuman separation from their parents currently taking place at the border, we believe that our core value of Equality is at stake and that Salesforce should re-examine our contractual relationship with CBP and speak out against its practices,” the letter said. 

The Salesforce founder and co-CEO ultimately decided his company would keep its contract with the CBP claiming that his company’s software was not used to separate families — though he“wrestled” with the judgment call for most of the last summer, according to a CNBC interview with Benioff

“[Employees] ask me questions I don’t have the answer to and I don’t have the authority or understanding to be able to opine on,” Benioff said in the interview. 

Read more: Salesforce is hiring its first Chief Ethical and Humane Use officer to make sure its artificial intelligence isn’t used for evil

After his decision, Benioff vowed never to put himself in that situation again. “I said I need a team that I can pivot to say, ‘What is the right thing to do here?’ And I’m like, it’s crazy that we don’t have a team like this,” he said. 

salesforce protest border patrol san francisco 5Katie Canales/Business Insider

According to the interview, Benioff tasked Salesforce’s Chief Equality Officer, Tony Prophet, with forming an internal team to own difficult ethics questions as they arise. Six months later, the group was complete with the hiring of Paula Goldman, the company’s first chief ethical and humane use officer. 

“It takes political clarity”

The hiring of a chief ethical officer and the offloading of Benioff’s decision making in ethically-hairy situations, however, did not satisfy those who continue to oppose Salesforce’s contract with the CBP, like the political organizing group Business Insider spoke to named Mijente

Mijente met with Tony Prophet and other Salesforce executives in an off-the-record meeting at Salesforce Tower last November, but ultimately, their demands to cancel the contract were not met.

“I think Salesforce is calculating the political risks of it,” Mijente member Jacinta Gonzalez said in a recent interview with Business Insider. “I think even though they know that it’s wrong, even though they feel the pressure, I think standing up to the government in these times takes courage. And it takes political clarity. And I think they’re struggling with that decision.” 

A Salesforce spokesperson told Business Insider: “We believe in a multi-stakeholder dialogue and that’s why we met with Mijente to hear their concerns.” 

Benioff’s strife over the CBP contract, highlights the struggle tech companies face as they balance working with the government, which is an important part of their business, with their progressive, Silicon Valley ethos. Google, for instance, has been providing AI technology to the Pentagon but decided to not renew its contract after an internal uproar last March.

“You don’t want to be a CEO or co-CEO and all of the sudden you get a phone call, ‘I don’t agree with your ethics, I’m leaving,'” Benioff told CNBC. “I could not imagine if that actually happened. I’d be very upset.”

Let’s block ads! (Why?)

Link to original source