ICE Facial Recognition Contractor Leaks A Whole Bunch Of Personal Data

from the hey-it's-just-other-people's-data-so-what's-the-big-deal dept

It’s not just the private sector leaking data at alarming rates! Well, it is still the private sector, but it’s leaking data on behalf of the government! So… somewhat different. But still alarming.

According to this report from Caroline Haskins for Business Insider, an ICE contractor harvesting facial recognition and GPS data on behalf of one of the most despised federal agencies has been caught with its database pants down. (via invaluable resource

Trust Stamp, a government contractor that develops facial recognition and surveillance tools for agencies like Immigration and Customs Enforcement, left the personal information of several dozen people unsecured on a breached database, Insider has learned. This information included names, birthdays, home addresses, and driver’s license data.

An anonymous tipster who said they were a security researcher contacted Insider and disclosed the breach. Insider confirmed the authenticity of the data with the people named in the data leak. Trust Stamp then confirmed the security vulnerability and breach to Insider. 

LOL. “Trust Stamp.” Nice job there with both the name and the security practices. Trust Stamp says this isn’t really a problem because most of the exposed data was clearly fake and just used for training. But alongside fake people like “Heidi Sample,” real people’s data was exposed, as was verified by both Business Insider and the security researcher who forwarded the tip.

That sort of service is apparently worth $7.2 million in federal tax dollars. It’s one thing to have a poorly secured testing environment. It’s quite another to have a poorly secured testing environment that apparently includes real-world data for reasons that have gone completely unexplained by Trust Stamp.

Another question that has gone unanswered by Trust Stamp is where this real-world data came from. The company was hired to assist ICE in monitoring immigrants processed at border crossings. But the real-world data exposed (and verified by BI and researchers) did not come from the expected source of Trust Stamp data.

None of the several dozen people whose names were included in the data leak were migrants who had been processed at the US southern border. Of the people Insider was able to reach by phone, none were familiar with Trust Stamp or any of its services.

So, where did this data come from? Did Trust Stamp just upload information it had gathered via other customers (an SEC filing lists a potential “39 commercial opportunities”) into its dummy testing database, neglecting to inform ICE that the test environment contained plenty of real-world data? And if it was using actual US persons’ info to pad its test database, why didn’t it do more to ensure the test environment was sufficiently safeguarded against leaks/breaches?

We still have no answers. Trust Stamp only says it is aware of the problem and has rectified it. It has yet to explain where this data originated and why it was included in the demo environment it crafted for ICE. Maybe Congress might want to start asking a few questions about this breach and pass along the same set of questions to other private contractors who may be playing fast and loose with personal data they’ve collected.

Filed Under: , , ,
Companies: trust stamp

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “ICE Facial Recognition Contractor Leaks A Whole Bunch Of Personal Data”

Subscribe: RSS Leave a comment

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...