Nationwide outage of US CBP computer systems. Easily 5,000+ passengers in line at Dulles. pic.twitter.com/JGJD95sfFx

— Rebekah Tromble (@RebekahKTromble) August 16, 2019

According to officials at the JFK Airport in New York, the issue has impacted the processing system nationwide but airports have already begun to switch over to an older (albeit slower) backup. LAX in California has also confirmed that its systems are down and urges travellers to check the status of their flight before heading to the airport.

The CBP has not yet issued an official statement regarding the problem but has released the following tweet:

CBP is experiencing a temporary outage with its processing systems at various air ports of entry & is taking immediate action to address the technology disruption. CBP officers continue to process international travelers using alternative procedures until systems are back online.

— CBP (@CBP) August 16, 2019

“CBP officers are working to process travelers as quickly as possible while maintaining the highest levels of security,” the agency wrote in a subsequent tweet.

developing…

A representative didn’t tell TechCrunch how much data had been taken, or how many American citizens were caught up in the breach. The agency said alerted Congress and said it was “closely monitoring” the subcontractor’s associated work.

CBP said that none of the info had been spotted on either the dark web or the public internet, although the company in question might have had at least one leak. Officials inadvertently mentioned the border crossing tech company Perceptics in their document title, and a Register report in late May indicated that data from the firm was available for free on the dark web. It’s not certain if that info is associated with the CBP’s breach.

The incident underscores a common problem with database security: it’s only as safe as the weakest link in the chain. If a contractor leaves data vulnerable, it doesn’t matter how airtight the government’s own practices are. And that raises concerns about plans for facial recognition at airports. Officials have vowed to limit access to image data, but it could only take a momentary lapse in security to compromise a vast library of sensitive images.

In addition to needing a warrant, the “Protecting Data at the Border Act” would prevent agents from denying access to US citizens who refuse to hand over devices, passwords or log-in credentials. Though, federal agents could override the need for a warrant in the event of immediate danger, conspiratorial activities threatening national security or hints of organized crime — which could leave room for interpretation. “The border is quickly becoming a rights-free zone for Americans who travel,” Wyden reportedly said in a statement. “The government shouldn’t be able to review your whole digital life simply because you went on vacation, or had to travel for work.”

This isn’t a new issue, and Senators Wyden and Rand have led similar legislation in the past. In 2017, the Electronic Frontier Foundation (EFF) argued that federal border agents at international airports should obtain warrants before looking through passengers’ devices. At the time, EFF noted noted that the number of such searches had more than doubled since President Trump assumed office. It’s no secret, either, that border agents don’t always delete data after they transfer it to their servers.

As Engadget noted in 2017, border agents live in a gray area that’s not exactly protected by the Fourth and Fifth amendments, which provide some protections against unreasonable searches and self-incrimination. If it succeeds, the new bill would, theoretically, strengthen those protections — at least for US citizens.