(via Did Arizona turn over its counterterrorism database to a Chinese spy? | The Verge)
Arizona’s biggest counterterrorism center may be covering up a massive data breach. A new ProPublica investigation centers on Lizhong Fan, a Chinese national hired at Arizona’s Counterterrorism Information Center in 2007. In June of that year, Fan abruptly left the country, flying back to Beijing with two laptops and a number of other hard drives in his luggage. His bosses in Arizona weren’t told about the trip and found his work computers completely erased, leaving no trace of his activities. Fan sent a few more emails, expressing a desire to return to the US in the distant future, but after that fell silent. According to ProPublica, no one at the Arizona center has heard from him in over three years.
Fan got the job through Xunmei Li, whom the FBI now suspects of espionage
Hired as a facial recognition expert, Fan had access to essentially all the data at the Arizona center, which includes five million driver’s licenses along with more sensitive law enforcement databases. Potentially, the database could also include information on intelligence analysts and investigators, putting it on the level with a recent USIS breach that revealed the birth dates and social security numbers for more than 25,000 Homeland Security officers.
Basic vetting should have disqualified active Chinese citizens from working at the center, but Fan seems to have slipped through thanks to a combination of bad contracting practices and possible foul play. Fan was officially an employee of Hummingbird Defense Systems, an Arizona firm that was hired to build a facial recognition system for the counterterrorism center. Hummingbird hired Fan based on his work building similar systems for the Chinese government, but it’s not clear he was ever properly vetted by Homeland Security. Fan was recommended for the job by Xunmei Li, girlfriend of Hummingbird CEO Steve Greschner, whom the FBI now suspects may have been spying for the Chinese government.
Sheriff Joe Arpaio seems to have worked to cover up the breach
There are still a lot of questions to be answered, including how the breach stayed secret for the seven years since Fan left the country. The two officials in charge of the center, Maricopa Country Sheriff Joe Arpaio and Homeland Security Chief Janet Napolitano, have been silent about the breach, and Arpaio’s deputies seem to have worked to keep the information secret, instructing officers not to discuss the incident.
The incident also raises real questions about the post-9/11 practice of housing data in central fusion centers like the Arizona outpost. In this case, it made it easy for an interloper like Fan to access all the state’s counterterrorism data from a single location. As ProPublica points out, the Arizona center was initially hailed as a model for fusion centers across the country. A 2006 Washington Post article described the center as “one of the best-run and most effective” intelligence centers in the country.