Clearview AI Alarm - NY Times Report Says "Might End Privacy"

By John Honovich, Published Jan 20, 2020, 10:13am EST (Info+)

Over the weekend, the NY Times released a report titled "The Secretive Company That Might End Privacy as We Know It" about a company named Clearview AI who is selling facial recognition to police departments.

The main differentiation is that the company's facial recognition cloud service matches against billions of photos from "Facebook, YouTube, Venmo and millions of other websites".

The highly critical report immediately caused alarm and widespread condemnation.

Inside this note, we examine:

  • What Clearview AI's "innovation" is
  • Comparison to Russia similar service
  • What is not innovative
  • The legal issues they likely face
  • Why this is so powerful
  • Detailed examples from a police department
  • The confrontation this creates
  • Feedback to IPVM from a veteran security professional who has used Clearview
  • The specific use case this address and the ones it does not

Tech *** **********

** * ********** *****, ***** ** no **** ********** ***** ******* ****. The **** ** ***** *** *** touting *** ********** ******* ** *&*.

**'* ** ****** ******* ***** ***** can ****** ****** *** *** ******* back. *** ***, ** *****, ** is ******* ** ***** *** ******* access **** * ***** *** **** pay *** ******* ******.

Innovation - ******** ******** ***.

*** ********** ** *********** ***-******* ******** of ****** **** *** ****** ********. With ********* *** ****** *********** ******* sold ** ************ *****, ** ***** with ** '*********' ** '********' ** the **** ** ***** **** ******** their ***, ***** ** ********* *** impractical *** **** ** ***** ***** lists.

********* **'* ********, ********* ** *** NY *****, ** ** **** ****** websites, ** ** ******** ** ********, copy *** ***** *** *****, ********* a **** / ********* **** ** where **** ***** ** ****, ********* it **** ********* **'* ********.

** *** ** ********-******** *******, **** is ******* ***** ** ******** ** *********'* employees ** *** **** ****:

*** *******, ** * ********* ** user ******** ** ***** ** * Hikvision ********, ******* ******* *** *** person ***, ********* ** ***** *********** return * ***** ** **** ***** and **** ****, ******* *** **** know *** ******'* **********, ***.

Russia ******* *******

**** *****, *** ******* * ******* approach ** ******, *****, *.*.,******'* ***** *********** ******* ***** **** **** ******* to *** *** ** ********. ***** is ** ******* ******:

*** ****** ***********.******* ******** ******* ** **** * phone ******. ** ******** ******* ****** stored ****, **** ******** *** *** ******. The *** ***** ************ ******* * Russian *** **** * ***** ****** captured ** ***, ********* *****:

******* *** *****, ******** *****, ******** *********** *******:

***********

*** ***** ******* *** ********* ** is **** **** ******** ******** ****, if *** ****, ******** ***** ** services, ** *** ** ***** *******:

********, *******, *******, ********* *** **** Venmo. *************** ** ***** ********* **** their ******** ******** **** ********, *** Twitter **** ************ ********* ** *** **** *** ****** recognition....

*** ****** **** ********* ** ******** on ** **** *** ******* ** unique. ****’* ******* ******** *** ***** social ***** ***** ******** ****** **** scraping *****’ ****** — ********* ** violating *** *****’ ***** ** *******.

********* ** *** **** ********* **** much ***** *** *****, *.*., ** had ***** ***** ** **** *** until *** ** ***** ******* *** investigation, ********* ** *** ** *********** on ***** *******. ***,**** **** **** ***** ***********.

*** ** ***** ****** *** ******* heavy ******** ********* ** **** *******. We ***** ****** ****, ********** ***** Facebook ** ***** ******* ******** *** various ******* **********, **** *** ***** major ******** ***** ****** ***** ****** against ********* **.

Powerful ********

*** ***** ***** **** ****** ******** of ****** ** *********** ***** *******. The ******* ** **** ****** ** 2020 **** **** ****** ** ********** on ****** ***** ********. *******, **** security *** ************ ***** **** **** few ****** ********* ** ****** *******.

**** ***** ******** ******** ****** ****, except **** ***** ** ** ****** largely *******.

Police ********** ********

**** *** ***************************** ****** ******* **** *********** ***** ******* **** *** ******** and ***** ****.

************, ********* ** ** **** ******** ~$100 *** **** *** ***** (* users *** * **** - $*,***):

*** ****** ******** * **** **** of *********, ******** **** **** ******* police ********** ****** ***** * **** for ****:

**** *** **** *********** ***** * match:

*** ****:

** **** **:

Confrontation *******

** **** ******** ** *******, ** will ******* ****** ****** ** ********* doing ****, ** ***** ** ** doubt **** ****** **** * ******* watchlist ** ** ********** *********** *********.

*****, ** *** ***** ****, ** is ****** ******* *******.

**** **** ** **** **** ***** a ******* *** ***** *** *** but *** ****** ******* ** *** process? ** ** ******** *** ** are ********* ** ********* ** ** a ***** ******* *** *** ******* to ********** ****** (****** ****) ** low ** ***-********.

Veteran ******** ************ *** *** **** *********

* ******* ******** ************ *** *** used ********* **** **** ********:

********* ** ****** **** *** **** all **** ***********, *** ******** ***** it **** ******** ** * **** and *** ***** ****** ***** ******** are ************ *********. **** *** *** a **** ** ***** ***** * human ******* ** **** ******* *** returned ****** *** ****** ***** **** deserve ********** ****** **. *** *** "match" **** ** **** **** **% at ****.

*** ***** ******* ** ********* *********, and, ** ****, **** ********* *** the ** ***** **** **** *** been **** ** ****** *********** **** have ********* *** ***** ** ***** such *****.

*** ***** **** ****** ***** *** the **** ** *** ** ***** report **** ** ***** ********** ** made ******:

****** ******** *** *********’* ********* ******* that *** *** **** ********** ** available ** *** ******.

Use **** - *** ** **** ******? *** ** **** ****** ****?

***** * *** ** ****** *********** is **** *** *** *** **** of "*** ** **** ** **** person ** ** **** *****", ********* AI ******** ** ****** *** ********: "Who ** **** ******?"

**** ** **** ****** ** ****** because *** ********* ** **** ******* has * ******* ** * ****** but *** ** ********. ** *** image **** ** * ***** ***** anywhere ** *** ******** *** ***** that, **** ** *** ***** ** years *** ** **** *** ****. The **** ***** ****** ***** ** establish ** ******** ** *** ******, which, ******* **** * ********, *** be ********* ** **.

*******

********* ** ****** **** *** ********* benefits *** ***** ** ****** ***********. How **** ** ******** **** **** a *********** ****** ** *****-*******, *** surveillance ********, *** ****** *******.

Comments (32)

How long before we find out this company is funded by one of the many three letter agency incubator programs prevalent in tech concentrated regions?

Agree: 2
Disagree
Informative
Unhelpful
Funny

Exercise your data privacy rights.

Requests to exercise data protection rights can be submitted here to privacy-requests@clearview.ai. (see below for further instructions)

These rights are subject to limitations that vary by jurisdiction. We will honor such requests, withdrawal or objection as required under applicable data protection rules but these rights are not absolute: they do not always apply and exemptions may be engaged. Clearview does require that persons requesting the sharing or deletion of their personal data provide us with information to verify their identity and to facilitate the processing of data requests. While most of this information is deleted after the completion of the request, Clearview is required to retain some of this information to maintain a record of data rights requests. If we do not comply with your request, we will explain why.

If you would like to ask a question about our privacy policy or exercise your data privacy rights please contact us at: privacy-requests@clearview.ai. This address will connect you to our Data Protection Officer. Please submit name, a headshot and a photo of a government-issued ID to facilitate the processing of your request.

Agree
Disagree
Informative
Unhelpful
Funny

This reminds me of FB’s attempt to manage revenge porn:

Just send nudes 🤫

Agree
Disagree
Informative
Unhelpful
Funny

"This super scraping approach solves that, except that doing so is likely largely illegal." I would like to know how is this illegal in U.S.? Perhaps in EU with regards to GDPR? Perhaps in CA with GDPR+ like law?

Perhaps this is a question for a lawyer. Has the scraping in terms and condition tested in courts?

Not saying pro or con but I am curious because there is so much scraping going on.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Perhaps this is a question for a lawyer. Has the scraping in terms and condition tested in courts?

Not a lawyer not do I know much about this area. This Facebook, Inc. v. Power Ventures, Inc. case looks to be relevant.

At a higher level, if you allow anyone to scrap Facebook, LinkedIn, Twitter, etc. and then re-sell the content, it's going to cause a lot of problems, so I am skeptical that this is going to be allowed.

And the sheer fact that no one else has done this indicates that companies with legal counsel have decided this is not a prudent tactic.

That said, I don't know, maybe Clearview AI 'wins' here and changes expectations of what can be scraped.

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny

Below is from paid newsletter that I am subscribed to. I was just reading it which answers my question above.

That’s the thing with robots.txt: it relies on good-faith actors. Sure, Facebook can and does implement technical measures to try and catch scraping services, but even then the most it can do is block the offending IPs. Moreover, Facebook does not have any sort of legal recourse, thanks to a 9th Circuit Court decision from last year entitled hiQ Labs, Inc. v. LinkedIn Corp.. From the decision:

Using automated bots, hiQ scrapes information that LinkedIn users have included on public LinkedIn profiles. LinkedIn sent hiQ a cause-and-desist letter, demanding that hiQ stop accessing and copying data from LinkedIn’s server. HiQ filed suit, seeking injunctive relief based on California law and a declaratory judgment that LinkedIn could not lawfully invoke the Computer Fraud and Abuse Act (“CFAA”), the Digital Millennium Copyright Act, California Penal Code § 502(c), or the common law of trespass against it.

Affirming the district court’s grant of the preliminary injunction in favor of hiQ, the panel concluded that hiQ established a likelihood of irreparable harm because the survival of its business was threatened. The panel held that the district court did not abuse its discretion in balancing the equities and concluding that, even if some LinkedIn users retain some privacy interests in their information notwithstanding their decision to make their profiles public, those interests did not outweigh hiQ’s interest in continuing its business. Thus, the balance of hardships tipped decidedly in favor of hiQ.

Agree
Disagree: 1
Informative
Unhelpful
Funny

I was just reading it which answers my question above....

Moreover, Facebook does not have any sort of legal recourse thanks to a 9th Circuit Court decision [emphasis added]

That is a reckless and minimally misleading statement from Ben Thompson of Stratechery.

First, it's not a final decision. It's a preliminary injunction, an order entered by a court prior to a final determination of the merits of a legal case.

From the case's preliminary injunction summary, the court made clear their basis that if this was not given, that company LinkedIn was suing would go out of business immediately before the trial would even be completed:

The panel held that the district court did not abuse its discretion in balancing the equities and concluding that, even if some LinkedIn users retain some privacy interests in their information notwithstanding their decision to make their profiles public, those interests did not outweigh hiQ’s interest in continuing its business.

Maybe that company (hiQ) wins and it survives the various appeals and other legal challenges that could be brought but declaring that "Facebook does not have any sort of legal recourse" is irresponsible and obviously wrong.

Agree: 1
Disagree
Informative: 3
Unhelpful
Funny

As some of the other comments accurately point out, Legal precedent is way behind technological capabilities. We're in the wild west of these technologies and I don't see any current trend on which way the pendulum will ultimately sway, privacy vs. openness and any form of enforcement action to honor terms and conditions.

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny

If a company is collecting every available photo on the web then allowing the state to sift through them at will I have to believe there is a case to be made this violates the 4th Amendment. Especially if they take it to the next level, which the NYT seems to think is on the road map:

The computer code underlying its app, analyzed by The New York Times, includes programming language to pair it with augmented-reality glasses; users would potentially be able to identify every person they saw.

Agree
Disagree
Informative
Unhelpful
Funny
Agree
Disagree
Informative: 2
Unhelpful
Funny

The founder's ties to extremists are troubling

Agree: 1
Disagree
Informative
Unhelpful
Funny
Agree: 1
Disagree
Informative
Unhelpful
Funny
Agree
Disagree
Informative
Unhelpful
Funny

Clearview's CEO is on CBS This Morning tomorrow (i.e., Wednesday) and defending use of social media scraping based on First Amendment:

It is interesting that Clearview has generated very little interest in the industry but continues to be a major mainstream media topic.

Agree
Disagree
Informative
Unhelpful
Funny
Agree
Disagree
Informative
Unhelpful
Funny

So this was just a matter of time.

https://www.thedailybeast.com/clearview-ai-facial-recognition-company-that-works-with-law-enforcement-says-entire-client-list-was-stolen?source=tech&via=rss

Agree
Disagree
Informative
Unhelpful
Funny: 1

According to their lawyer:

"Security is Clearview's top priority. Unfortunately, data breaches are part of life in the 21st century."

Data breaches are part of life now...

Agree
Disagree
Informative: 2
Unhelpful
Funny: 1

I saw that quote, those two two statements are oxymoronic. Apologize for your failure and promise to do better. Never say "That's life".

Agree
Disagree
Informative
Unhelpful
Funny
Agree
Disagree
Informative
Unhelpful
Funny

CNN: Apple suspends controversial facial recognition app Clearview AI from its developer program.
Apple suspended Clearview AI from its developer program for violating policies - CNN

Agree
Disagree
Informative
Unhelpful
Funny

I've been thinking about this whole defense that Clearview AI uses only publicly available photos. I NEVER post photos of myself on Facebook. Even my profile photo is of my hero Buckminster Fuller. However, others have posted photos of me and tagged me. I have given NO permission for those photos to be put on facebook. If clearview AI has scraped those photos into their DB it is most definitely NOT with my implicit permission let alone any explicit permission. If their approach is legally upheld, other people could collect, post and tag photos to be scraped into Clearview AI DB with no impunity.

Agree
Disagree
Informative
Unhelpful
Funny

Clearview AI apparently makes cameras with the facial recognition baked in

Insight

Facial Recognition Company Clearview AI Has Been Experimenting With Security Cameras

Agree
Disagree
Informative
Unhelpful
Funny

The New York Times: Before Clearview Became a Police Tool, It Was a Secret Plaything of the Rich.
Before Clearview Became a Police Tool, It Was a Secret Plaything of the Rich - The New York Times

Agree
Disagree
Informative: 3
Unhelpful
Funny

Thanks for sharing. Yikes!

John Catsimatidis, the billionaire owner of the Gristedes grocery store chain, was having dinner at Cipriani, an upscale Italian restaurant in Manhattan’s SoHo neighborhood, when his daughter, Andrea, walked in. She was on a date with a man Mr. Catsimatidis didn’t recognize. After the couple sat down at another table, Mr. Catsimatidis asked a waiter to go over and take a photo.

Mr. Catsimatidis then uploaded the picture to a facial recognition app, Clearview AI, on his phone. The start-up behind the app has a database of billions of photos, scraped from sites such as Facebook, Twitter and LinkedIn. Within seconds, Mr. Catsimatidis was viewing a collection of photos of the mystery man, along with the web addresses where they appeared: His daughter’s date was a venture capitalist from San Francisco....

The Times, however, has identified multiple individuals with active access to Clearview’s technology who are not law enforcement officials. And for more than a year before the company became the subject of public scrutiny, the app had been freely used in the wild by the company’s investors, clients and friends.

Agree
Disagree
Informative: 3
Unhelpful
Funny

More grist for this mill OneZero: I Got My File From Clearview AI, and It Freaked Me Out.
https://onezero.medium.com/i-got-my-file-from-clearview-ai-and-it-freaked-me-out-33ca28b5d6d4?source=rss----444d13b52878---4

Agree
Disagree
Informative: 2
Unhelpful
Funny

Gizmodo: Creepy Face Recognition Firm Clearview AI Sure Has a Lot of Ties to the Far Right.
Creepy Face Recognition Firm Clearview AI Sure Has a Lot of Ties to the Far Right

Agree
Disagree
Informative: 1
Unhelpful
Funny

New: Security lapse exposed Clearview AI source code – TechCrunch, quote:

Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview’s source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code.

The repository contained Clearview’s source code, which could be used to compile and run the apps from scratch. The repository also stored some of the company’s secret keys and credentials, which granted access to Clearview’s cloud storage buckets. Inside those buckets, Clearview stored copies of its finished Windows, Mac and Android apps, as well as its iOS app, which Apple recently blocked for violating its rules. The storage buckets also contained early, pre-release developer app versions that are typically only for testing, Hussein said.

The repository also exposed Clearview’s Slack tokens, according to Hussein, which, if used, could have allowed password-less access to the company’s private messages and communications.

Agree
Disagree
Informative
Unhelpful
Funny

So the part that concerns me most is "Hussein said that he found some 70,000 videos in one of Clearview’s cloud storage buckets, taken from a camera installed at face-height in the lobby of a residential building. The videos show residents entering and leaving the building." Didn't Ton-That say that clearview deletes video that doesn't result in a hit? Were the residents/visitors given informed consent to participate in this experiment and have their recorded activity retained by the company?

Agree
Disagree
Informative
Unhelpful
Funny
Agree
Disagree
Informative
Unhelpful
Funny
Agree
Disagree
Informative: 2
Unhelpful
Funny

The Hill: Senator presses controversial facial recognition company on use on protesters | TheHill.Senator presses controversial facial recognition company on use on protesters | TheHill

Agree
Disagree
Informative
Unhelpful
Funny

So this time we get to laugh and learn. Clearview AI is about 12:35 in but the whole show is chillingly funny.

Agree
Disagree
Informative
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports