Perceptics LLC is a developer and manufacturer of automated license plate recognition (LPR) equipment based in Farragut, Tennessee, founded in approximately 1978. John Dalton is the CEO. A large hack of their data exposed their operations, as well as the locations of installations.
Their technology is used by the U.S. Customs and Border Protection (CBP) at 43 border crossings, both to Mexico and Canada, as part of a partnership with Unisys Federal Systems. Perceptics is the exclusive license plate recognition provider for CBP. Perceptics operated as a subcontractor to Unisys for the license plate reader contract, worth $229 million over several years. As of 2019, Perceptics has worked on CBP contracts for "nearly 30 years". They also provide "under-vehicle surveillance systems", and have contracts with the Drug Enforcement Administration checkpoints, the Canada Border Services Agency, United Arab Emirates, and Saudi Arabia's Special Forces, and the Jordanian army.[1][2][3][4][5]
Perceptics was previously a subsidiary of Northrop Grumman. They have been filling CBP contracts since 1982 and license plate readers since 1997. In 2002 the equipment cost was approximately $90,000 per lane.[6][7][8][9]
Perceptics also discussed promoting their license plate reading technology for use on a congestion pricing scheme to MTA in New York City in a presentation titled "Smart Imaging Solutions for New York City Congestion Pricing". They demoed the technology to MTA's Bridges and Tunnels division. The Perceptics system provides much more capabilities than license plate reading, such as "Vehicle Occupancy Imaging System", which can identify drivers and passengers, as well as tracking car locations and driver behavior as a profile.[5] Perceptics and Unisys were also involved in a CBP trial project called the "Vehicle Face System", involving facial recognition of car occupants.[10][11]
Perceptics used Amazon Rekognition as of August 2018.[5]
Canadian operations
Data from the hack revealed the Canada Border Services Agency had at least two dozen installations, as widespread as the Sumas-Huntingdon Border Crossing in British Columbia, to the Fort Fairfield - Andover Border Crossing in New Brunswick, worth $21 million CND in contracts. Traffic weigh stations in Canada, run by International Road Dynamics, also use Perceptics. Halifax Harbour Bridges trialed the technology. The Buffalo and Fort Erie Public Bridge Authority as purchased Perceptics cameras, they are administered by the US CBP. Canada Revenue Agency had contracts with the company until 2014.[12]
Data breach
On May 13, 2019, Perceptics discovered they were hacked. They notified the FBI within 24 hours, and they notified Unisys on May 17. The hack was revealed by The Register on May 23. The CBP learned of the data breach on May 31, over three weeks after the discovery of the hack. CBP acknowledged a breach on that date but didn't reveal the contractor involved, but the Microsoft Word document title pointed to Perceptics. CBP also stated CBP said "as of today, none of the image data has been identified on the dark web or internet."[2][1][13]
Identifiable information such as faces were stolen. Somewhere under 100,000 images were taken, which were part of a 45-day dataset from one port of entry. The data was transferred off of the CBP's systems to Perceptics's systems, a violation of CBP policy. The Register showed that data was available on Tor, and included images, HR records, databases, DHS manuals, signed NDAs, and business plans. Distributed Denial of Secrets mirrored the data to the open web, making it more easily accessible. Later, The Register identified images taken at border crossings at Santa Teresa, New Mexico, and Columbus, New Mexico, and Hidalgo, Texas.[14][1][6]
Perceptics demoed the technology for the Pennsylvania Turnpike, and 50 gigabytes of photos over two months in 2017 were identified in the hack and published on Vice News's Motherboard.[15]
CBP suspended the contract, citing "conduct indicating a lack of business honesty or integrity". Suspensions are a rare action.[4] In September 2019, Perceptics and CBP signed an agreement, where CBP stated the collection of data was "completely unacceptable" but not unethical or illegal, and Perceptics agreeing to security reforms and monitoring.
A hacker claimed to have access to Perceptics's systems for four months and demanded a ransom.[4] The data was made publicly available by Distributed Denial of Secrets.[16][17]
The breach led to scrutiny from Sen. Rick Scott, Sen. Edward J. Markey, Sen. Ron Wyden, Rep. Bennie Thompson, and privacy advocates.[2][18]
Lobbying
Perceptics engaged lobbyists such as Lucia Alonzo of Ferox Strategies to lobby on their behalf, and the hack of Perceptics showed this influence. Cristina Antelo at Podesta Group also lobbied Democrats on their behalf, joining Ferox Strategies after Podesta Group closed.[19]
In emails to Perceptics, Alonzo confirmed that both top alternatives in a 2018 immigration reform bill included provisions with $125 million for "LPR modernization" and $175 million for a border cargo LPR project in Laredo, Texas, presumably benefitting Perceptics as the exclusive provider of LPR equipment to the CBP. The text of the provisions in both alternatives was nearly identical.[19]
Alonzo also supplied talking points to Tennessee's Republican Chuck Fleischmann to use in a session with the head of CBP. After the exchange, Alonzo emailed Perceptics, confirming Fleischmann "asked about CBP's plan to modernize its LPRs as we asked his office to do".[19]
Later, Texas Sen. John Cornyn, included the same Laredo border cargo LPR project and "LPR modernization" projects and figures in two late-2017 Senate immigration bills. Alonzo suggested that Perceptics CEO John Dalton donate money to Cornyn, and Antelo was previously on Cornyn's staff.[19]
In 2014 and 2015, Podesta Group emails said the Podesta staff would "preemptively meet if necessary to ensure LPRs do not get drawn further into the privacy conversation" and about building a "possible coalition against LPR bans". In 2018, Antelo, at Podesta, described meetings with California Democratic congressman Peter Aguilar, Colorado Democratic Sen. Michael Bennet, New Jersey Democratic Sen. Bob Menendez.[10]
In February 2020, connections to conservative Texas Democratic Rep. Henry Cuellar were published, tracing his involvement with Perceptics back to at last 2009, through Antelo and Podesta Group. He was described as "our Cuellar firepower" and by Perceptics CEO Dalton as a "friendly congressman". Cuellar was involved in the same "talking points" event as Fleischmann, and Cuellar asked other talking points recommended by Perceptics and lobbyists, with Alonzo emailing a report about Cuellar asking "about pilots going on at Laredo that sound a lot like Perceptics’".[20]
Perceptics and Podesta Group lobbied against competitor Axiompass in 2012, as presentations and reports indicated. A 2014 Podesta Group report identified dozens of PACs connected to politicians to make donations to.[21][22][23][24][20]
See also
References
- 1 2 3 "Border officials not told of massive surveillance breach until three weeks after subcontractor was first alerted". Washington Post. Retrieved 1 March 2020.
- 1 2 3 "Hacked documents reveal sensitive details of expanding border surveillance". Washington Post. Retrieved 1 March 2020.
- ↑ "CBP Awards Unisys $230 Million To Continue Border Security Efforts - Defense Daily". Defense Daily. 19 October 2016. Retrieved 1 March 2020.
- 1 2 3 "Border-surveillance subcontractor suspended after cyberattack revealed sensitive monitoring details". Washington Post. Retrieved 1 March 2020.
- 1 2 3 "Hacked Border Surveillance Firm Wants To Profile Drivers, Passengers, and Their "Likely Trip Purpose" In New York City". The Intercept. Retrieved 1 March 2020.
- 1 2 "US border cops confirm: Maker of America's license-plate, driver recognition tech hacked, camera images swiped". theregister.co.uk. Retrieved 1 March 2020.
- ↑ "Hackers Breach Company That Makes License Plate Readers for U.S. Government - VICE". vice. Retrieved 1 March 2020.
- ↑ "Vehicle Identification via License Plate Readers" (PDF). ibtta.org. Retrieved 1 March 2020.
- ↑ Burriesci, Jack J.; Fellow, Legislative. "LICENSE PLATE READERS". cga.ct.gov. Retrieved 1 March 2020.
- 1 2 "Before Being Hacked, Border Surveillance Firm Lobbied to Downplay Security and Privacy Concerns About Its Technology". The Intercept. Retrieved 1 March 2020.
Sen. Bob Menendez
- ↑ "New Homeland Security system will bring facial recognition to land borders this summer". The Verge. 5 June 2018. Retrieved 1 March 2020.
- ↑ "Border agency still using licence plate reader linked to U.S. hack | CBC News". CBC. Retrieved 1 March 2020.
- ↑ "'It's not a surveillance program'... US govt isn't going all Beijing on us with border face-recog, official tells Congress". theregister.co.uk. Retrieved 1 March 2020.
The border force has since terminated its contract with Perceptics. The Washington Post also reported today that officials only found out about the hack three weeks after Perceptics was ransacked.
- ↑ "Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online". theregister.co.uk. Retrieved 1 March 2020.
- ↑ "Here Are Images of Drivers Hacked From a U.S. Border Protection Contractor - VICE". vice. Retrieved 1 March 2020.
- ↑ "Hack Of U.S. Border Surveillance Contractor Is Way Bigger Than The Government Lets On". Gizmodo Australia. 24 June 2019. Retrieved 19 February 2021.
- ↑ Horne, Lorax B. "Release: Ransomware data". ddosecrets.substack.com. Retrieved 19 February 2021.
- ↑ "U.S. Customs and Border Protection says photos of travelers were taken in a data breach". Washington Post. Retrieved 1 March 2020.
- 1 2 3 4 "Hacked Emails Show GOP Demands on Border Security Were Crafted by Industry Lobbyists". The Intercept. Retrieved 1 March 2020.
Antelo
- 1 2 "Emails Show Rep. Henry Cuellar Provided Extensive Favors to Border Security Lobbyists". The Intercept. Retrieved 1 March 2020.
about pilots going on at Laredo that sound a lot like Perceptics'
- ↑ Intercept), Lee Fang (The. "Perceptics 114th Congress Work Plan Final". documentcloud.org. Retrieved 1 March 2020.
- ↑ Intercept), Lee Fang (The. "Perceptics Strategy Nov2012 Final". documentcloud.org. Retrieved 1 March 2020.
- ↑ Intercept), Lee Fang (The. "OIG Letter". documentcloud.org. Retrieved 1 March 2020.
- ↑ Intercept), Lee Fang (The. "Minutes Perceptics Consultants Mtg 7 10 2013". documentcloud.org. Retrieved 1 March 2020.