Controversial facial recognition software company Clearview AI was the victim of a large scale data breach earlier this week. The unauthorized intrusion exposed the entire client list of the company, which mostly consisted of law enforcement agencies and several national businesses and retail chains.
Clearview AI has been hit with criticism for months over its ambitious, potentially dangerous app. It works by scanning people's public social media profiles and other information they've shared online to produce a searchable database. The app is capable of comparing images of people, matching their faces with photos in the database, and subsequently identifying them based on the previously stockpiled info. The company generates revenue by selling access to its database to American law enforcement agencies (its CEO, Hoan Ton-That, says they will never sell data to foreign countries) and in-turn, those agencies use it to locate people from crime scene footage, ideally.
Wednesday's data breach has revealed the entirety of Clearview's client list, showing the company has clients outside of the law enforcement field. Buzzfeed News reports the list includes such businesses as Verizon, Macy's, Bank of America, and others. The list also includes the number of searches performed by each client, and whether a client was using a 30-day free trial or an active subscription. The breach did not, however, include access to Clearview AI's servers, which means their image database was not exposed. The company says they have since patched the hole, preventing the issue from reoccurring.
The Dangers of Clearview AI
The thought of any entity storing facial recognition data on billions of US citizens and selling access to that cache is terrifying to most people. Although the company operates within the confines of the legal system, many feel Clearview AI should be subject to more regulation, as a response to the enormous privacy threat the business creates. There's also the issue of the company's consistent lack of transparency. For example, its public statements mention the system only scans publicly available information yet fails to emphasize that it will keep any information that once public, even if it's no longer public today. Such policies have led social media giants Facebook and Twitter to send cease-and-desist letters to the company. That said, websites have no control over what happens to a downloaded image, let alone billions of them, so there's virtually no way to enforce compliance with a cease-and-desist in this case.
At the same time, Clearview's defenses are easy to argue. What it's doing is not illegal and the core of it, downloading images from public social media profiles, could be accomplished by anyone with a web browser. Law enforcement agencies boast about the thousands of crimes, including sex trafficking and murder, that have been solved using Clearview AI in under four years. And while this data breach is a sobering reminder that we can never have enough security in the digital age, the actual database was never accessed. However, even if it was, it's worth remembering that it's a database of information that was willingly made public beforehand. It's difficult to argue for privacy while also knowingly sacrificing it.
A healthy dose of skepticism is always healthy, perhaps doubly so when it comes to online privacy. While it is hard to call Clearview AI an honest company, it's also true that its involvement in law enforcement has been more helpful than harmful to the US. Understandably, many people feel it would be comforting to know the company was legally obligated to keep it that way.
Source: Buzzfeed News [via CNET]