Clearview AI’s stolen client list is now out in the open, and the data breach seems to have confirmed people’s worst fears about the controversial facial recognition startup. Clearview first came to light thanks to an article in the New York Times, which revealed that the company has created a database with more than 3 billion unique images.
In that initial article, Clearview claimed that it was primarily targeting law enforcement clients in Canada and the US, and that it was currently providing services to approximately 600 agencies. However, new evidence suggests that those claims were at the very least highly misleading. The company has account and search records for roughly 2,900 unique public and private institutions in 27 countries around the world.
The numbers come courtesy of Buzzfeed News, which obtained the records from a source that was able to gain access to Clearview’s files. Of the 2,900 institutions in Cleraview’s records, 2,228 had carried out at least one search. The collective number of searches has nearly reached 500,000, all of which are retained in Clearview’s logs.
While the majority of those organizations are not paying Clearview customers (and were instead enjoying a free trial), that doesn’t necessarily place the company in a better light. For one thing, Clearview does not seem to have had any kind of vetting process. The company seems to have handed out free trials to virtually anyone with a government email address, including individual employees in police departments, federal agencies, and universities. In many cases, organizations were not even aware that employees were using the technology, which means there was no oversight and no guarantee that the people with accounts were using them for legitimate law enforcement purposes.
Local and state police departments represent most of Clearview’s paying customer base, although the platform has been quite popular with federal law enforcement agencies. The Department of Homeland Security has conducted around 7,500 searches from hundreds of different accounts, while Immigration and Customs Enforcement is among its paying customers. The FBI and U.S. Customs and Border Protection have also conducted searches.
Clearview made smaller inroads in the private sector, but companies in multiple industries did carry out searches with the platform, including Bank of America, Coinbase, and Wells Fargo. Retailers like Walmart and Kohl’s rounded out the list alongside a few more surprising entries like the NBA. Most of those companies were taking advantage of free trials, though Macy’s is a paying customer.
The sheer scope of the report is exhausting, and it’s not yet clear if there will be any fallout as a result. Clearview is already facing legal pressure from social media giants like Facebook and YouTube, which argue that Clearview illegally scraped their networks to create its database.
With that in mind, the latest data breach should only increase the level of scrutiny. It demonstrates that Clearview has been unscrupulous about giving people access to its platform, and that it actively tried to conceal the scope of its operation when it first came to light. It also shows that the company did not take privacy seriously enough to prevent this kind of breach.
Any one of those would be a serious technological and/or ethical concern. Taken together, they suggest that Clearview has an almost flippant disregard for the privacy and safety of the people subjected to its platform. The report is likely to exacerbate fears about facial recognition, and could lead to more calls for bans and other forms of regulation.
Source: Buzzfeed News
February 28, 2020 – by Eric Weiss