US Customs and Border Protection fails with drone surveillance privacy, security

Would it surprise you that a government agency collecting data via drones, data such as images and videos, failed to consider privacy implications of that data? Probably not, but apparently U.S. Customs and Border Protection (CBP) officials were shocked to know it was required.

According to an audit by the Office of Inspector General (OIG), CBP officials didn’t bother to do a privacy threshold analysis because they “were unaware of the requirement to do so.”

But hey, why stop at a single, albeit huge, privacy fail when you can fail at security, too? That’s right, when it comes to CBP’s drone surveillance program, the OIG detected failures in IT security controls, as well as failures that put CBP’s unmanned aircraft systems and operations at risk. In fact, the audit resulted in 10 recommendations to improve CBP’s unmanned aircraft systems program.

Not only did it not occur to CBP to perform a privacy assessment for the Intelligence, Surveillance, and Reconnaissance (ISR) Systems used in the unmanned aircraft systems (UAS) program, but the agency also failed to include ISR systems in CBP’s IT inventory. That meant the system was deployed without any CBP Privacy Office oversight. By not assessing the privacy of the surveillance systems, the CBP was unable to determine if the images and video collected and transmitted from the drones needed safeguards as are required by privacy laws, regulations and even Department of Homeland Security (DHS) policy.