The Toledo Blade
Major hacks of facial-recognition data have long seemed like an inevitability, but that does not make the recent breach of a U.S. Customs and Border Protection subcontractor any less frustrating.
Customs recently revealed that tens of thousands of travelers’ faces may have been compromised after a “malicious cyberattack” targeted an unidentified contractor — though the company Perceptics seems to have been implicated thanks to Custom’s public statement, which was headlined “CBP Perceptics Public Statement.”
These guardians of security and secrecy estimate that fewer than 100,000 people had their photos taken in the data breach.
Concerns about the use of facial-recognition technology and the storage of the resulting data have been growing in recent years. Parallel to that, the government has been expanding its use of facial-recognition systems, particularly at border crossings. CBP is reportedly working to use facial-recognition technology on “100 percent of all international passengers,” including American citizens, within the next several years. And because congressional oversight on this technology is lagging behind, the bureau has been able to move forward without much regulation.
This has allowed Customs to partner with contractors who have a less than stellar track record, like Perceptics.
Just last month, hundreds of gigabits of data were breached at the Tennessee-based company, namely scans of drivers’ license plates that tracked their locations. It is unclear if that data breach is related to the facial-recognition hack, though investigators will surely want to look into such a possibility. Efforts are under way at all levels of government to address the growing use of facial-recognition technology.
San Francisco recently banned city agencies from using the technology and, in Congress, a bill has been introduced by Sens. Roy Blunt, R- Missouri, and Brian Schatz, D-Hawaii, that “would strengthen consumer protections by prohibiting commercial users of facial-recognition technology from collecting and resharing data for identifying or tracking consumers without their consent.”
But the government must begin serious discussions about how to regulate its own use of facial-recognition technology and how to provide meaningful oversight that will limit abuses and system breakdowns.
Without such safeguards in place, more problems are sure to arise and more innocent people will have to pay the price for governmental incompetence and failure.
That is unacceptable.