FBI fingerprint software could contain Russian code: report
Software for analyzing fingerprints used by the FBI and more than 18,000 other U.S. law enforcement agencies could contain Russian code.
Two former employees of a subsidiary of the French firm Safran Group told BuzzFeed News that the company secretly purchased code from the Russian cybersecurity company Papillon Systems. That code was then included in fingerprint analysis software the company sold to the FBI when the bureau purchased new software in 2011.
Papillon Systems regularly works with law enforcement agencies in Russia, including the Federal Security Service (FSB), Russia’s modern-day spy agency. U.S. intelligence agencies say the FSB was linked to efforts to interfere in the 2016 presidential election.
One of the whistleblowers, Philippe Desbois, told BuzzFeed News that officials in the French company were worried about the FBI learning the truth of the code’s origin.
“They told me, ‘We will have big problems if the FBI is aware about the origin of the algorithm,’ ” said Desbois, the Safran subsidiary’s former CEO of Russia operations.
“It was always the intonation like we have done something bad that is a secret between us and that we should not repeat it to anybody,” he said.
Desbois has filed a whistleblower lawsuit against Safran in retaliation, alleging the company fraudulently took more than $1 billion from U.S. law enforcement agencies at every level. Safran did not deny the existence of Russian code in court filings, according to the report, but instead argued that it is not responsible for the actions of a subsidiary.
The FBI declined to answer questions but issued a statement to BuzzFeed.
“As is typical for all commercial software that we operate, appropriate security reviews were completed prior to operational deployment,” the statement said.
Earlier this year, the Trump administration issued a memo banning all software from another Russian company with alleged links to the Kremlin, Kaspersky Labs, from being used on government computers.
“The Department is concerned about the ties between certain Kaspersky [Labs] officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky [Labs] and to intercept communications transiting Russian networks,” the Department of Homeland Security said in September.
The Hill has removed its comment section, as there are many other forums for readers to participate in the conversation. We invite you to join the discussion on Facebook and Twitter.