US Customs and Border Protection (CBP) admitted earlier this week that images it had collected as part of a facial recognition programme had been accessed by hackers.
The agency told journalists that the stolen data included photos of the faces and vehicle license plates of “fewer than 100,000 people”.
The images were taken of vehicles entering and exiting the US over a month and a half through a land border entry port, which it did not name.
CBP said that no travel document photos were compromised, but a government official nonetheless described it as a “major incident”.
The attack was on a federal contractor which CBP said had transferred the images to its own network, in violation of its policies.
The news comes as CBP and other countries’ security agencies ramp up their use of facial recognition technology for border control, particularly at airports:
CBP wants biometric exit technology to cover more than 97 per cent of departing commercial air travellers within the next four years.
While providing conveniences for travellers, such as removing the need to show a passport and boarding pass at multiple airport checkpoints, several groups are arguing that the public has not been consulted on the growing use of the technology.
Many are also concerned by the growth of biometric systems in the US and other countries, calling them overly intrusive and vulnerable to abuse. Activists and academics recently spoke at a US House of Representatives Committee on facial recognition technology, with some calling for a total ban on its use.
This week’s admission of a data breach by the CBP has brought that debate back to the fore.
American Civil Liberties Union spokeswoman Neema Singh Guliani issued a statement stating that the “incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices.”
“The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place,” Singh Guliani added.
In the Atlantic, Sidney Fussell says the hack “feels like an inevitability.”
“The more information the government collects, the more attractive that information is to bad actors, and the more people have to be involved in storing and securing it – all of whom have their own associated risk vectors. At the scale that DHS hopes to achieve, that means any vulnerability could prove disastrous,” Fussell writes.
The New York Times notes that “the imagery of travellers … arriving in the United States would be of little value to thieves. But it might be useful to foreign governments interested in tracking Americans, or in the agency’s procedures.”
The CBP argues that the information it collects allows it to crack down on visa overstays and illegal immigration, while providing a smoother and more convenient system for travellers at borders and airports.