Suit warns of Russian ‘back door’ into U.S. fingerprint systems

The company that supplies fingerprint-identification systems to the FBI, the Defense Department and driver’s-license agencies in most U.S. states is based in France and describes its technology as French in origin.

But in a lawsuit newly unsealed in federal court in San Jose, plaintiffs identified as two former company executives say the technology was actually developed by a Russian firm, is used by Russia’s security agency, and could be sabotaged in the event of a crisis.

“It is conceivable,” the suit said, that the software contains a “back door” that would enable the Russian government to “override fingerprint identification devices in such strategic places (as) the Pentagon, the CIA, the NSA (National Security Agency) and other secure areas, and gain unauthorized entry.”

A confidential, 25-year agreement between the French and Russian companies, signed in 2008, includes a declaration by the Russian firm, Papillon ZAO, that its software does not contain “any undisclosed ‘back door’” or other disabling mechanism. But the lawsuit said the declaration has not been independently verified, by either the French firm or any government agency.

That might not matter for routine uses of fingerprint-identification technology, like issuing replacement driver’s licenses. But federal agencies also use the technology for more sensitive purposes, like allowing only people with clearances and a matching print on file to gain access to secure areas. Such protections could be bypassed if the technology were hacked.

“The national security implications are significant,” attorney Daniel Bartley of Campbell said in the lawsuit.

Bookmark the permalink.

Leave a Reply