It seems like a Clive Cussler novel - a beautiful woman, a corrupt government, espionage, state secrets, and a giant cover-up.
Sadly, this story is only too true. And if you're an Arizona resident, then your data has been at risk for over seven years.
In 2007, a Chinese nationalist was granted access to the Arizona Terror Center under the guise of a facial recognition software expert. He had unlimited access to over 5 million Arizona state driver's license photos and personal information.
Then, after five months, he disappeared. But he didn't leave empty-handed.
In spite of the personal watch guard that was supposed to be monitoring him and even escorting him to the bathroom, he took several hard drives full of information. Including the source code for the facial recognition software he was supposed to have been working on.
The mysterious Chinese nationalist was named Lizhong Fan, and after he stole data from the Arizona Terror Center he disappeared in 2010. No one has found a trace of him since.
But why are we only just hearing about this now? It seems that corrupted parties have moved to block the incident from the public's eye.
In fact, a review of records shows that David Hendershott, who was second-in-command at the sheriff’s office, moved aggressively to maintain silence, a silence that has now lasted some seven years. Two weeks after Fan departed, Hendershott directed others in writing not to discuss Fan and the possible breach. In an email to the outside contractor that had hired Fan, Hendershott wrote: “Keep this between us and only us.”
A man by the name of Steve Greschner was the founder of the facial recognition company, Hummingbird. Hendershott, the second in command at Sheriff Joe Arpaio's office, was friends with Greschner and persuaded then-Governor Janet Napolitano to use Hummingbird for facial recognition in the Arizona outdoor jail, Tent City.
The fact that a day's beard growth was enough to throw off the facial recognition scanners did not stop Hummingbird's contract with Arpaio's office. There was even a litigation case from a small Nevada airport when the Hummingbird software failed a few years prior to the contract with Arpaio's office.
Greschner decided to partner his business with a man named Gang Chen in 2002, and Chen's own business partner from China, Xunmei Li, sealed the deal. The beautiful Li, also called Grace, caught Greschner's attention, and they began dating immediately.
Greschner's struggling company benefited from Chen and Grace's involvement and merged with their own company, Detaq. It didn't deter Greschner when he discovered that Grace, raised in Shanghai, had powerful ties to the Chinese government.
Chen and Li were ceded most of the control of Hummingbird by Greschner, because he didn't have much knowledge with his own software, and was really only the show front for selling the software. Greschner was told by Chen that after a few modifications, the Hummingbird-Detaq software was installed in Tiananmen Square, and opportunities started appearing for the company.
In 2006, Napolitano agreed to bring the sheriff's office security software, Hummingbird, online in the new Arizona Terror Center. Chen insisted that they bring in an engineer specialized in their own facial recognition technology, since it was the most complicated job Hummingbird had taken on so far.
Their engineer of choice? Lizhong "Larry" Fan.
After barely skimming Fan's credentials, Greschner applied for a work visa for Fan, and Fan arrived in January 2007. He was put to work right away, and accompanied by a personal guard to make sure he didn't attempt anything illegal on American soil.
Then, after five months, Fan paid in cash for a ticket to Beijing and walked away with two laptops and multiple hard drives. Greschner and Li, who were out of town, discovered the drives that Fan had left behind were so thoroughly erased that even their operating systems had to be reinstalled.
In the frantic aftermath of the security breach, no one else was notified - even to this day.
But the people responsible for hiring Fan say one thing is clear: The privacy of as many as 5 million Arizona residents and other citizens has been exposed. Fan, they said, was authorized to use the state’s driver’s license database as part of his work on a facial recognition technology. He often took that material home, and they fear he took it back to China.
Under Arizona law, then-Gov. Janet Napolitano and Maricopa County Sheriff Joe Arpaio, whose agencies admitted Fan into the intelligence center, were required to disclose to the public any “unauthorized acquisition and access to unencrypted or unredacted computerized data” that includes names and other personal information.