Clearview AI, a facial recognition surveillance firm, has agreed to impose a permanent ban on most private companies from using its service under a court settlement. The agreement was filed in Illinois court on 9th May (1).
The decision settled a 2020 ACLU, American Civil Liberties Union lawsuit that alleged that Clearview had built its business on facial recognition data it gathered without user consent (2). The agreement formalized the company’s past actions and safeguarded it from further ACLU lawsuits under Illinois’ Biometric Information Privacy Act (BIPA).
In addition, as part of the settlement, Clearview has agreed to a permanent nationwide injunction restriction its free distribution or sale of access to a vast facial database. Most of this data was originally gathered from social media platforms like Facebook, as successfully argued by the lawsuit.
The injunction bars the firm from dealing with most private businesses and individuals. It includes government employees who are not acting on behalf of their employers. Also, it can’t deal with any Illinois state or local government agency for five years.
Besides attempting to remove any Illinois residents’ photos, the company must keep an opt-out program for residents who wish to block any searches via their face or prevent any collection of their photos.
Read Also: You Can Now Pay Using Your Face With this Technology
Scrutiny Against Facial Recognition Databases
Clearview can still work with local police departments and federal agencies outside Illinois.
Illinois is one of the states to legislate a biometric privacy law across the US, making it a hub for activists fighting against facial recognition tools. Last year, Meta agreed to pay 650 million USD under a class action BIPA suit (3).
Clearview had already declared back in 2020 that it would stop working with private companies. It also cut off a list that included Bank of America, Walmart, and Macy’s. Since then, the company instead focused on working with thousands of local law enforcement departments and government agencies like the Justice Department, which have controversially used the data for general police work and events like the Capital riot of 6th January 2021 (4).
While Clearview can sign these contracts outside Illinois under the agreement, it can no longer offer free trial access to individual police officers without the department’s knowledge.
The practice faces opposition from several states and local governments, where lawmakers have restricted government use of Clearview and all other facial recognition databases (5).
Read Also: Eye-Tracking, Metaverse, and Health Crisis with Virtual Addiction
Clearview and Biometric Privacy
Clearview, founded in 2017, compiles billions of photos into a database for its software, which one can use to identify individual people (6).
It has more than 3 billion photos on the internet, including on popular social media platforms like Instagram, Facebook, YouTube, and Twitter. In the past, these tech companies have also sent Clearview cease-and-desist notices arguing that its photo snagging practices violate the terms of their services (7).
Last February, Canada declared Clearview illegal and asked the company to remove Canadian faces from its database (8). Australia, Italy, and France are also countries that have determined the company to be illegal (9).
“Clearview abides by all applicable law, and the First Amendment protects its conduct,” stated Floyd Abrams, the company’s lawyer, to CNN Business last year (10).
Facial recognition technology has grown in prevalence over the past few years, rolling in everywhere from airport security to police departments and drugstores.
While it adds a sense of security and convenience for businesses, it has also attracted controversies. Privacy advocates have widely criticized facial recognition technology, with concerns that it has the potential for misuse and may even include racial biases.
Privacy watchdogs also scrutinize who gets to use these databases and under what circumstances. The company had already declared that it offers limited access to its images to law enforcement. But, the agreement under the lawsuit now makes that assurance binding under the law.
Now that there is a ban on the private sector, Clearview will shift its focus and expand its services to law enforcement agencies only.
“Clearview’s posture regarding sales to private companies is unchanged. We would only sell to private entities complying with BIPA. We will only offer our database to law enforcement authorities to solve crimes,” said Hoan Ton-That, CEO of Clearview AI, in a statement (11).
Read Also: Increased Skepticism Could Lead to Big Tech Platforms Downfall
Security Concerns
The company stated that its current customer base includes more than 3,100 US agencies, including the FBI and the Department of Homeland Security.
According to a June 2021 report published by the US Government Accountability Office (12), elicited from a survey of 42 federal agencies, at least ten agencies used Clearview between April 2018 and March 2020.
It includes agencies like the FBI, US Postal Service, and DEA. For instance, the US Postal Inspection Service informed the GAO that it used Clearview software to track down people suspected of crimes like stealing and opening mails and stealing from Postal Service offices.
The debate on the fairness and effectiveness of facial recognition technology continues; however, security remains a concern.
Read Also: How to Build a Business with Ethical Hacking and Cybersecurity
Breach of Law Enforcement Data
On 8th May, KrebsOnSecurity received information that hackers have gained access to the LEIA, Law Enforcement Inquiry, and Alerts, a system managed by DEA, the US Drug Enforcement Administration.
LEIA “provides federated search capabilities for both EPIC and external database repositories,” according to the Justice Department website (13), including data classed as “law enforcement sensitive” and “mission sensitive” by the DEA.
KrebsOnSecurity published a report about the breach (14), which highlights that not only hackers could exploit this access to read sensitive material but submit fraudulent records to law enforcement and intelligence databases.
And in the past, hackers have managed to gain access to at least 16 federal law enforcement agencies, including their photo databases. It can allow them to send out arbitrary law enforcement, alerts for specific people or cars, or interrupt ongoing law enforcement activities.
Law enforcement will keep expanding the use of facial recognition technology despite the security concern (15).
