As unveiled in a report by DHS' Office of Inspector General, the Customs and Border Protection (CBP) failed to put up appropriate safeguards for protecting surveillance information gathered using unmanned aircraft systems (UAS).
After the audit, the Office of Inspector General found that images and videos collected and transmitted as part of the drone surveillance program designed to support CPB's law enforcement mission weren't adequately secured according to DHS and federal policies.
The security oversight happened because CBP officials were not aware that the drone-powered data collection program requires a privacy assessment to make sure that CBP's Privacy Office implements the proper safeguards required by law, DHS policy, and federal regulations.
Moreover, Intelligence, Surveillance, and Reconnaissance (ISR) Systems used to collect surveillance data were at an increased risk of being compromised until the time the audit was started, by both external and internal actors.
CBP's security lapse could put in danger private information collected through its drone program
CBP uses drones to collect a wide range of surveillance material, from raw image data to videos of drug smuggler interceptions and undocumented migrants trying to cross the US border.
Although the UAS-gathered material does not allow one to identify an individual accurately, it can still be used as part of an active investigation during encounters with CBP agents or law enforcement officers.
Furthermore, there are potential privacy risks in the absence of a privacy threshold analysis (PTA) submitted to the DHS Privacy Office and this did not allow Air and Marine Operations (AMO) to have the certainty that the acquired data needed privacy protection.
CBP's failure to implement proper security controls to protect the information collected through its UAS program could lead to privacy-sensitive info being stored on its computing systems being compromised, stolen, or lost due to internal or external bad actors.
NEW! CBP’s Unmanned Aircraft Systems & Ops at-Risk. @CBP failure to implement adequate #security controls according to #Federal & @DHSgov policy could result in potential loss of confidentiality & integrity FMI: https://t.co/xGVg4GY9Pe — DHSOIG (@DHSOIG) September 25, 2018