Facial recognition startup Clearview AI has really blown it's cover!
Two weeks ago, I published, here on decentralize.today, an article entitled 'The sinister side of facial recognition' in which I looked at recent 'advances' in the science and application of facial recognition technologies. And in particular, the activities of a commercial outfit called Clearview AI, see
for that piece.
Whilst not being fans of the whole notion of surveillance societies and all that that entails, we're equally unhappy when the technology is flawed or has inherent biases that lead to its culpable misuse for supposedly legal but nonetheless largely questionable law enforcement purposes,
That, of course, leaves aside the hugely troubling actions of Clearview in the first instance whereby they have basically scraped every single image of you and I that they could find online from the likes of Facebook, Instagram, YouTube (all Google affiliates), Venmo, LinkedIn and PayPal etc., etc., and complied dossiers on each and everyone of us, completely without our knowledge or permission.
As previously covered, most of the company's customers are law enforcement agencies and that being the case you would also be forgiven for believing that they would therefore have all of that client data very securely battened down!
Well, it turns out that they're just as vulnerable as most other companies or organizations in the face of malicious cyberattacks. A recent notification obtained by the Daily Beast, has the company admitting to a 'vulnerability' that allowed an unauthorized person to gain access and help themselves to Clearview's client lists.
Brilliant! To put this into context, Clearview works with more than 600 law enforcement agencies across North America, see below for more details! Among other data presumably harvested by the hacker were the accounts setups and the number & type of searches requested and conducted in the past.
Security is Clearview's top priority, unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.
by Tor Ekeland, attorney for Clearview AI
Well, that's reassuring...for them! Thankfully, it doesn't appear that the hacker gained access to Clearview's database of three billion images.
No doubt, they were keen to get this panic mitigation message out asap as one of the biggest concerns voiced about their business model, of scraping billions of images from millions of websites to build their facial recognition database, was that the company's data storage and security protocols were untested and unregulated. It would appear this assertion was well founded.
Nearly 3,000 companies, both public and private sector have availed themselves of the services of Clearview and between them conducted in excess of 500,000 searches.
More than 200 private companies were enroled including Best Buy, Kohl's, Macy's, several Las Vegas casinos, Madison Square Garden, the NBA, Bank of America, Wells Fargo, Albertson's and even Equinox, the gym operator! And we're sure they all had good reason to require Clearview's services!
Among the thousands of law enforcement agencies listed were multiple US government departments including the Departments of Justice and Homeland Security (covering ICE & CBP), FBI and the US Secret Service. At state and/or international level, add in the US Attorney's Office for the Southern District of New York, Interpol and a number of foreign governments and their security apparatus agencies. Feeling any safer yet?
The Department of Homeland Security for instance, has more than 250 registered accounts thru the CBP, has run more 7,500 searches. ICE, by contrast, has run over 8,000 searches from just 60 accounts all associated with its El Paso, TX Homeland Security field office. The FBI and US Secret Service are both also keenly addicted having racked up over 5,000 searches each. Reassuring to know that all that info in now in the 'wrong hands' but then again maybe it already was!!!
In fairness, following disclosure about the company's activities some of the companies that operated the targeted websites, Facebook, Instagram, YouTube, Venmo, LinkedIn and PayPal et al, from whence the images used in the database had been gleaned did send cease-and-desist letters to Clearview. However, their CEO, Hoan Ton-That, responded that the company intends to challenge this letters in court by arguing that it has a First Amendment right to public information. Hmm, really???
So it was with a glimmer of hope I spotted the recent news that Apple, that bastion of privacy protection and fair trade/labor practices, had blocked Clearview AI's iPhone app
Maybe a corner had been turned, maybe honesty and decency and respect for the rights of the individual had won out and a Big Tech giant had at last taken the moral high ground and was making a stand against the invasion of privacy and the unacceptable level of intrusion they have been facilitating for so long now...
Nope...it was because the app violated their enterprise testing rules!
Clearview was using an enterprise certificate to let users install the software outside of the App Store, which is contrary to Apple's rules which limit certificate access to people within a company.
Apple has previous also blocked apps from Facebook & Google for much the same reason,although in those cases, the move killed internal apps that both companies relied upon.
In Clearview's situation, this is its core app, which is used by customers for its principal facial recognition tool and it is now inaccessible to iPhone users.
Never fear, here comes the Top Dog to save the day:
We are in contact with Apple and working on complying with their terms and conditions.
by Hoan Ton-That, Clearview CEO
So hopefully, they'll not be out of the identity 'theft' business for too long!