Just when the U.S. authorities are trying to cope with the Russian involvement in the Presidential election of 2016, there is a new development that indicates the fingerprint analysis software under use by the FBI contains codes developed by a Russian company.
More critically, this report emanating from France claims this particular company in Russia is close to the Kremlin.
French Company Involved
A French company named Morpho supplied this software program to the FBI and other entities in the U.S.
Thousands of other setups, including local law enforcement agencies across the U.S., have been using this biometric identity-verification technology.
The matter has come to light following the revelations by two whistleblowers who were former employees in Morpho.
They claimed in an interview that the French company had to obtain some technological assistance in making its security product better to suit the needs of the FBI, and they did this with the help of the Russian outfit Papillon.
But there was a clear written agreement which prevented them from disclosing this association.
From this, it is being understood that the FBI did not know that the main security software it uses has Russian coding within it.
A Security Compromise?
All stakeholders would want to know how much of a security risk it would be, if part of the software’s codes have been written by a Russian cybersecurity firm that could well be close to the Federal Security Service (a successor to the KGB of the Soviet Union).
One way of answering this question would be to take a look at the recent directive of the U.S. Department of Homeland Security insisting that all federal organizations and government institutions stop using antivirus products developed by Kaspersky, a renowned cybersecurity company based out of Russia.
Such has been the paranoia ever since the Democratic National Committee leak of 2016.
Since that time, any cyber activity associated with Russia is looked at with suspicion by U.S. officials.
And Russia’s supposed ties to a biometric identification program used by the FBI, the country’s premier investigating and law enforcement agency, cannot just be ignored.
Some experts do believe that the code can be put to rogue use by hackers to access the systems connected with the software.
The FBI’s Claims
Reacting to these reports, the FBI has indicated that it has taken all necessary precautions with the technology, and the mandatory checks were conducted before the contract was issued to the French firm.
The real concern for the FBI is that the Russian firm Papillon is not just any other technology firm in this space.
By its own admission, Papillon Systems supplies all kinds of products to and is closely associated with Russia’s Ministry of the Interior, the Ministry of Defense and the Ministry of Justice departments.
Now that the whistleblowers have revealed this Russian angle, the FBI might call in some independent experts to perform an audit to identify if the codes indeed pose a threat to the networks.
Two Sides to the Issue
Like with any much-debated technological topic, there are opinions predicting both possibilities that there is a real security threat or that there is no such thing.
Those who believe it may not be so much of a risk argue that just because a part of the software coding has been done by a particular agency does not give it the capability to break into an entire system.
Agencies like the FBI have their own experts who protect their systems.
On the other side, those who justify the fears expressed in some quarters obviously refer to the DNC hack and the Kaspersky ban to drive home the point that the Russian government is enhancing the country’s hacking capabilities, posing a real threat to the U.S.
If the disclosure by the whistleblowers is correct, can the agency take up with the French supplier on this and question their non-disclosure of such an important element, that there is a Russian connection? Or will the FBI take precaution to remove the biometric identification program and replace with something else?
The public will have to wait and see how the FBI handles the whole issue.