Hacked border security firm downplayed security/privacy concerns about its tech


Level 67
Thread author
Top poster
Mar 29, 2018
FEW PEOPLE HAD ever heard of Perceptics, a Tennessee-based subcontractor that sells license plate readers to U.S. Customs and Border Protection, before last month, when news emerged that the company had been hacked and that sensitive data — including images of license plates and drivers — had been released on the dark web.
The hack is just the sort of privacy breach that civil liberties advocates have long warned could come from massive government data collection, especially when it is contracted out to private firms. And it comes at a time when the CBP is under scrutiny for monitoring activists and journalists at the U.S.-Mexico border and airports.
Yet while photos of faces and license plates of some 100,000 U.S. drivers are now freely available online, the CEO of Perceptics, John Dalton, claimed in an email a few years ago that “CBP has none of the privacy concerns at the border that all agencies have inland.”
Writing to one of his company’s lobbyists in 2013, Dalton suggested that the border agency offered Perceptics an opportunity to make greater use of license plate images, stating, “Data mining and looking at traffic patterns/abnormalities are strong analytics for CBP, and could be for others.” Dalton appeared to be referring to the CBP’s relatively unfettered powers of search and seizure within 100 miles of the border. In contrast, for agencies other than CBP, “there is much concern with ACLU state level lawsuits and elsewhere around privacy issues, so this is a live challenge,” he wrote.
The CEO of Perceptics claimed in an email a few years ago that “CBP has none of the privacy concerns at the border that all agencies have inland.”
Dalton’s email and other internal documents laying out Perceptics’ strategy to politically defend its products are among the data taken from the company by an anonymous hacker and analyzed by The Intercept.
“Obviously, we don’t agree with the blanket assertion that there are no privacy concerns at the border,” said Nate Freed Wessler, of the American Civil Liberties Union’s Speech, Privacy, and Technology Project. “The government position is that they have latitude to do whatever they want there, and we vigorously disagree with that.”
Wherever they are used, said Wessler, license plate readers, or LPRs, are concerning when the data they collect is retained and analyzed, providing a gold mine of location information as people go about their daily lives in their cars.
“Especially for people who live in border communities, who live binational lives, it can really be sensitive information,” he said. And as the Perceptics hack shows, data that is retained is also vulnerable to unintended release or use, whether by hackers or unscrupulous government employees or contractors. ....

continue reading here: Before Being Hacked, Border Surveillance Firm Lobbied to Downplay Security and Privacy Concerns About Its Technology
Hacked Border Surveillance Firm Wants To Profile Drivers, Passengers, and Their “Likely Trip Purpose” In New York City