Facial recognition startup Clearview AI has really blown it's cover!

​Two weeks  ago, I published, here on decentralize.today, an article entitled 'The  sinister side of facial recognition' in which I looked at recent  'advances' in the science and application of facial recognition  technologies. And in particular, the activities of a commercial outfit  called Clearview AI, see

The sinister side of facial recognition
With an estimated one CCTV camera for every 14 people in London, it would appear to be one of the most surveillance-minded cities in the world outside of China. It has been calculated that during the working day of an average person in the UK’s capital would be caught on around 300 different camer…

for that piece.

Whilst  not being fans of the whole notion of surveillance societies and all  that that entails, we're equally unhappy when the technology is flawed  or has inherent biases that lead to its culpable misuse for supposedly  legal but nonetheless largely questionable law enforcement purposes,

That,  of course, leaves aside the hugely troubling actions of Clearview in  the first instance whereby they have basically scraped every single  image of you and I that they could find online from the likes of  Facebook, Instagram, YouTube (all Google affiliates), Venmo, LinkedIn  and PayPal etc., etc., and complied dossiers on each and everyone of us,  completely without our knowledge or permission.

As previously  covered, most of the company's customers are law enforcement agencies  and that being the case you would also be forgiven for believing that  they would therefore have all of that client data very securely battened  down!

Well, it turns out that they're just as vulnerable as  most other companies or organizations in the face of malicious cyberattacks. A recent notification obtained by the Daily Beast, has the company admitting to a 'vulnerability' that allowed an unauthorized person to gain access and help themselves to Clearview's  client lists.

Brilliant! To put this into context, Clearview works with more than 600 law enforcement agencies across North America, see below for more details! Among other data presumably harvested by the  hacker were the accounts setups and the number & type of searches  requested and conducted in the past.

Security is Clearview's top priority, unfortunately, data breaches  are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.
by Tor Ekeland, attorney for Clearview AI

Well, that's reassuring...for them! Thankfully, it doesn't  appear that the hacker gained access to Clearview's database of three  billion images.

No doubt, they were keen to get this panic  mitigation message out asap as one of the biggest concerns voiced about  their business model, of scraping billions of images from millions of  websites to build their facial recognition database, was that the  company's data storage and security protocols were untested and  unregulated. It would appear this assertion was well founded.

Nearly  3,000 companies, both public and private sector have availed themselves of the services of Clearview and between them conducted in excess of  500,000 searches.

More than 200 private companies were  enroled including Best Buy, Kohl's, Macy's, several Las Vegas casinos,  Madison Square Garden, the NBA, Bank of America, Wells Fargo,  Albertson's and even Equinox, the gym operator! And we're sure they  all had good reason to require Clearview's services!

Among the  thousands of law enforcement agencies listed were multiple US government  departments including the Departments of Justice and Homeland Security  (covering ICE & CBP), FBI and the US Secret Service. At state and/or  international level, add in the US Attorney's Office for the Southern  District of New York, Interpol and a number of foreign governments and  their security apparatus agencies. Feeling any safer yet?

The  Department of Homeland Security for instance, has more than 250  registered accounts thru the CBP, has run more 7,500 searches. ICE, by  contrast, has run over 8,000 searches from just 60 accounts all  associated with its El Paso, TX Homeland Security field office. The FBI  and US Secret Service are both also keenly addicted having racked up  over 5,000 searches each. Reassuring to know that all that info in now  in the 'wrong hands' but then again maybe it already was!!!

In  fairness, following disclosure about the company's activities some of  the companies that operated the targeted websites, Facebook, Instagram,  YouTube, Venmo, LinkedIn and PayPal et al, from whence the images used  in the database had been gleaned did send cease-and-desist letters to  Clearview. However, their CEO, Hoan Ton-That, responded that the company  intends to challenge this letters in court by arguing that it has a  First Amendment right to public information. Hmm, really???

So  it was with a glimmer of hope I spotted the recent news that Apple,  that bastion of privacy protection and fair trade/labor practices, had  blocked Clearview AI's iPhone app

Maybe a corner  had been turned, maybe honesty and decency and respect for the rights of  the individual had won out and a Big Tech giant had at last taken the  moral high ground and was making a stand against the invasion of privacy  and the unacceptable level of intrusion they have been facilitating for  so long now...

Nope...it was because the app violated their enterprise testing rules!

Clearview was using an enterprise certificate to let users install the software outside of the App Store, which is contrary to Apple's rules which limit  certificate access to people within a company.

Apple  has previous also blocked apps from Facebook & Google for much the  same reason,although in those cases, the move killed internal apps that  both companies relied upon.

In Clearview's situation, this  is its core app, which is used by customers for its principal facial  recognition tool and it is now inaccessible to iPhone users.

Never fear, here comes the Top Dog to save the day:

We are in contact with Apple and working on complying with their terms and conditions.
by Hoan Ton-That, Clearview CEO

​   So hopefully, they'll not be out of the identity 'theft' business for too long!