Unacceptable breach
Govt. must regulate its use of facial recognition
Major hacks of facial recognition data have long seemed like an inevitability, but that does not make the recent breach of a U.S. Customs and Border Protection subcontractor any less frustrating.
CBP recently revealed that tens of thousands of travelers’ faces may have been compromised after a “malicious cyberattack” targeted a contractor. The contractor has not been identified but Perceptics appears to be the one involved given a CBP statement headlined “CBP Perceptics Public Statement.”
These guardians of security and secrecy estimate that fewer than 100,000 people had their photos taken in the data breach.
Concerns about the use of facial recognition technology and the storage of the resulting data have been growing in recent years. Parallel to that, the government has been expanding its use of facial recognition systems, particularly at border crossings.
CBP is reportedly working toward using facial recognition technology on “100% of all international passengers,” including U.S. citizens, within the next several years. And because congressional oversight on this technology is lagging behind, CBP has been able to move forward without much regulation.
This has allowed CBP to partner with contractors who have a lessthan-stellar track record, like Perceptics. Just last month, the Tennesseebased company had hundreds of gigabits worth of data breached, namely scans of drivers’ license plates that tracked their locations. It is unclear if that data breach is related to the facial recognition hack, though investigators will surely want to look into such a possibility.
Efforts are underway at all levels of government to address the growing use of facial recognition technology. San Francisco recently banned city agencies from using the technology and, in Congress, a bill has been introduced by Sens. Roy Blunt, RMo., and Brian Schatz, D-Hawaii, that “would strengthen consumer protections by prohibiting commercial users of facial recognition technology from collecting and re-sharing data for identifying or tracking consumers without their consent.”
But the government must begin serious discussions about how to regulate its own use of facial recognition technology and how to provide meaningful oversight that will limit abuses and system breakdowns. Without such safeguards in place, more problems are sure to arise and more innocent people will have to pay the price for governmental incompetence and failure. That is unacceptable.