An auditor’s report found major security and privacy deficiencies in Customs and Border Protection’s drone surveillance program.
The agency that protects U.S. borders isn’t effectively securing the images and video it collects using drones, nor was it aware of some of the security and privacy checks it was supposed to be doing, according to a recent auditor’s report.
U.S. Customs and Border Protection not only failed to continuously monitor its drone video and photo systems for digital attacks, but also didn’t effectively oversee contractors that accessed those systems or secure the physical locations where images and video were collected and stored, according to the Sept. 21 inspector general’s report.
“As a result, [surveillance] systems and mission operations were at increased risk of compromise by trusted insiders and external sources,” the report found.
CBP conducts drone surveillance along the Mexican and Canadian U.S. land borders as well as along the Gulf of Mexico and the southern California coastline. CBP’s drone office started deploying the Predator unmanned aircraft system—a variant of the armed drones used by the U.S. in Afghanistan and Iraq wars—at borders starting in 2005, according to a CBP fact sheet.
The images and video that CBP drones collect aren’t sufficient alone to identify an individual. They are, however, used by law enforcement agencies in concert with other data to help identify people accused of drug smuggling, crossing the border illegally and other crimes.
Because CBP did not include its drone surveillance program in its inventory of information technology systems, the program was never reviewed by CBP’s privacy office, the report found.
The privacy office, in fact, only became aware the drone surveillance system existed when the inspector general asked about it, the report states. After that conversation, the privacy office conducted research and determined the surveillance program “was a major system that should have been included in [its] inventory,” according to the report.
CBP agreed with all of the auditors’ 10 recommendations and began making changes before the audit was complete, the report states. That was two years after the surveillance system was first fielded, however, during which time the photos and videos of people along the border were unprotected, the report found.