Clearview AI, a little-known, tiny facial recognition company whose database features more than three billion images harvested from online websites, has lost its entire client list to a cyber attack, the company said.
The New York-area startup, which contracts with law enforcement agencies and does not sell its software to the public, notified its customers in a letter that a hacker gained “unauthorized access” to its client database, a Daily Beast report said. Clearview’s servers, systems and network were not breached in the cyber break-in and it has since patched the vulnerability, officials said. Its client list, which includes some 600 law enforcement agencies, reportedly extends to the Department of Homeland Security. In addition, the company has licensed its technology to third-parties for security purposes.
Clearview reportedly told its clients that the “intruder” also gained access to key information, including the number of user accounts and searches its customers have made, but did not pilfer any law enforcement search history.
“Security is Clearview’s top priority,” Tor Ekeland, a Clearview attorney, told The Daily Beast in a statement. “Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”
Clearview is embroiled in charges that it has crossed privacy lines by scraping pictures of individuals from the web without their permission. Last month, New Jersey State Attorney General Gurbir Grewal banned police from using the company’s app and ordered Clearview to stop promoting its product by using video from one of his press conferences. And, members of an Illinois class action lawsuit have charged the developer with illegally compiling their biometric data.
The company has also been indirectly criticized by a Canadian police department. In a pilot program conducted last year of facial recognition technology, law enforcement in Ottawa, Canada compared images against a gallery of mug shots that had been legally obtained by police officers, according to a report in the Ottawa Citizen. Police used NEC’s NeoFace Reveal, which accessed the Ottawa police internal database of mug shots taken when people are arrested and charged, local police chief Peter Sloly told the Citizen. “So it was not as other software can and does–crawling social media platforms, pulling in CCTV feeds and collecting a massive data lake around which it applied its software to,” Sloly said. “These were mug shots already lawfully secured by the organization.”
For its part, Clearview claims on its website that it does not search private or protected information, including social media accounts, and is not deployed as a surveillance tool. Still, the company has received cease and desist letters from Facebook, Google and Twitter, according to a New York Times report.
Clearview describes itself as a “new research tool used by law enforcement agencies to identify perpetrators and victims of crimes… Using Clearview, law enforcement is able to catch the most dangerous criminals, solve the toughest cold cases and make communities safer, especially the most vulnerable among us.” On its bare bones website the company posted that its software was “designed and independently verified to comply with all federal, state, and local laws.” Federal and state law enforcement officers told the Times that they only had minimal knowledge of how Clearview works but its app had help them solve shoplifting, identity theft, credit card fraud, murder and child sexual exploitation cases.
AI Privacy and Regulation: Track the Updates
ChannelE2E and MSSP Alert closely follow AI emerging technology and its growing impact socially, politically and technologically. Click here for ChannelE2E’s regularly updated blog on AI viewpoints and milestones from companies, countries and influencers worldwide.