DHS Watchdog Says CBP's Drone Program Is An Insecure, Possibly Rights-Violating Mess

from the your-tax-dollars-thrown-wildly-into-the-air dept

The CBP has drones. How many, it’s not really sure. It depends on when you ask. Or how you ask. The EFF’s FOIA lawsuit against the agency caused it to suddenly “remember” it had deployed drones 200 more times than it had previously disclosed.

The CBP’s drones are a lending library for US law enforcement agencies. An audit of the program found the CBP’s drones were more often used by others than by the agency owning them, despite this agency being charged with patrolling thousands of miles of US border — something that might be aided by some additional eyes in the skies.

But the eyes were worthless. The Inspector General concluded it was an airborne boondoggle. The CBP wasn’t malicious, just inept. As the IG saw it, the half-billion slated for drone use would be better spent on more personnel and ground-based surveillance.

Nevertheless, the drones continue to fly. When not straying far from the border to aid inland law enforcement agencies, the agency’s unmanned aircraft are still aloft, engaging in surveillance no one can really say for certain is 100% legal. The Inspector General’s latest report [PDF] shows the CBP has done very little to ensure its drone deployments are secure or legally-compliant.

CBP has not ensured effective safeguards for surveillance information, such as images and video, collected on and transmitted from its UAS. CBP did not perform a PTA [Privacy Threshold Analysis] for ISR Systems [Intelligence, Surveillance, Reconnaissance] used in the UAS [Unmanned Aircraft Systems] program to collect data because CBP officials were unaware of the requirement to do so. Failure to include ISR Systems in CBP’s information technology inventory enabled system deployment without CBP Privacy Office oversight. Without a privacy assessment, CBP could not determine whether ISR Systems contained data requiring safeguards per privacy laws, regulations, and DHS policy.

This is what’s going to have to pass as the “good news” in “good news and bad news.” There only appears to be bad news. CBP didn’t implement security controls to safeguard its surveillance systems, including a failure to control access to ground control stations housing collected surveillance footage/data. The long string of screw ups listed in this report are the result of serious structural failure.

These information security deficiencies occurred because CBP did not establish an effective program structure, including the leadership, expertise, staff, training, and guidance needed to manage ISR Systems effectively.

This leaves the CBP’s drone program susceptible to threats both external and internal. Additionally, the lack of a privacy assessment means the CBP can’t say its surveillance doesn’t violate civil liberties or local laws. CBP officials seemed to be entirely unaware of the need to perform an impact assessment prior to deployment. But the officials did agree it was someone else’s fault they didn’t know how to do their job. The IG saw the buck being passed by everyone it spoke to. The final resting place for the oft-passed buck was the outside contractor who set up the ISR system. When in doubt, blame the civilians — a strategy that makes no sense when you’re discussing the lack of compliance with DHS policy and federal regulations.

As the IG sees it, the ISR program operates without authorization or approval. DHS requirements have yet to be met by the CBP, so every one of its hundreds of drone flights have been, at the very least, policy violations.

The CBP also could not provide the IG with a security assessment report for its ISR system, suggesting this has never been done in the program’s half-decade-plus of existence. Then there are other system-critical odds and ends the CBP can’t seem to get a grip on. Unauthorized media devices/USB drives are being plugged into system-critical hardware. Software patches are delivered irregularly and inconsistently. No one appears to be tasked with monitoring system events on ISR systems and a plethora of outdated software is still in use, which means some system-critical software hasn’t been patched in months or years and possibly may never receive another update.

Also described as “inadequate:” personnel management, physical access controls, staffing levels, and systems training.

So far, so government. But this a government agency with access to plenty of funding and advanced tech. It has plenty of tools but uses them poorly. Despite being told its unmanned systems were mostly useless, the CBP continues to pour money on the problems it won’t fix, rather than follow the IG’s last list of recommendations. It has access to plenty of surveillance tech, but won’t provide proper training, perform mandated assessments, or even put together a half-assed organizational chart for its drone operations.

The CBP has shown it can’t be trusted with the stuff that’s given to it to use in its border patrolling efforts. Sadly though, the response from Congress year after year has been to give it more money and stuff to use poorly, unwisely, and possibly illegally.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DHS Watchdog Says CBP's Drone Program Is An Insecure, Possibly Rights-Violating Mess”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

'We should care... why again?'

The long string of screw ups listed in this report are the result of serious structural failure.

I’m not quite sure that ‘screwing up’ is the proper description of what’s going on, so much as ‘displaying indifference to’.

‘Screwing up’ implies that they tried but didn’t do it right, however from what it sounds like they didn’t even get that far, and instead just shrugged off any requirements as something they didn’t care about and didn’t need to bother with.

So long as they keep getting plenty of money despite their indifference, why would they spend more effort than they have to?

Anonymous Coward says:

Re: serious structural failure

.- “The long string of screw ups listed in this report are the result of serious structural failure.”

Yup — serious structural failure in our entire Federal Government.

These CBP abuses are but minor symptoms of an entirely dysfunctional and scary government power structure. Another dozen Federal agencies are 10 times worse than CBP — the NSA makes CBP look like choir boys.

If you can’t see the fundamental problem here– then you can’t fix it or defend youself against it.

Anonymous Coward says:

Re: Re: serious structural failure

does posting pointless garbage like this make you feel smart?

Especially after this current administration and congress has been voted in the party and group that cry the most about the ‘evil federal government’ is the party that does everything it can to expand its power and remove any accountability.

JoeCool (profile) says:


The final resting place for the oft-passed buck was the outside contractor who set up the ISR system. When in doubt, blame the civilians — a strategy that makes no sense when you’re discussing the lack of compliance with DHS policy and federal regulations.

Might as well blame the local drugstore for violating someone’s privacy because they sold you the film. How does this make any sense at all? "The guy at Walgreens never said I couldn’t sneak into people’s houses at night and photograph all their stuff!"

steell (profile) says:

Re: Re: Blame

According to wikipedia:

plural noun: civilians
a person not in the armed services or the police force.
synonyms: noncombatant, nonmilitary person, ordinary citizen, private citizen; informalcivvy
“family members and other civilians were quickly evacuated from the post”
a person who is not a member of a particular profession or group, as viewed by a member of that group.
“I talk to a lot of actresses and they say that civilians are scared of them””

Valkor says:

Re: Re: Re: Blame

According to Merriam Webster’s Dictionary of Synonyms:

“Civilian refers to persons who are not members of the armed forces and is used chiefly in contrast to military”

Police are part of the civil service. They take a civil service test. They enforce civil law, not martial law.

Do we have a problem with militarization of the police? Maybe we should stop thinking they’re the army. Confusing the two is pernicious. I think my new project is to research when law enforcement started getting shoehorned into the formal definition, instead of the informal definition.

JoeCool (profile) says:

Re: Re: Re:2 Blame

According to Webster’s DICTIONARY (the actual dictionary, not a book of synonyms), it means:

1 : a specialist in Roman or modern civil law

2a : one not on active duty in the armed services or not on a police or firefighting force

2b : outsider sense 1

And outsider 1 is:

1 : a person who does not belong to a particular group

So civilian meaning someone not in our group IS an acceptable usage according to the dictionary, and is not a recent change like ‘literal’. It’s been that way for as long as I’ve been alive.

The Wanderer (profile) says:

Re: CBP and abbreviations

Officially (nowadays) I believe it stands for “Customs and Border Protection”, although IIRC they were originally the “Customs and Border Patrol”.

They’ve been in the news often enough and recently enough that I wouldn’t think it really necessary to give the expansion of the initialism – unless you know of another entity whose name is abbreviated the same way, which might result in uncertainty about which is meant?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...