Clearview AI has created one of the broadest and most powerful facial recognition databases in the world. Their application allows a user (usually law enforcement) to upload a photo of an individual into the application. Once the photo is analyzed within the app, it shows the requestor all the public photos of that same individual found in their database of more than 3 billion images; along with links to where those images may rest online (often in social media sites but many other places as well).

What Does This Mean For You and I?

This application has been used by more than 600 law enforcement agencies over the last year, using it to help solve shoplifting, identity theft, credit card fraud, murder and even child sexual exploitation cases.

The New York Times analyzed the computer code underlying the application, and found that Clearview AI code includes programming language to pair it with augmented-reality glasses; meaning users would potentially be able to identify every person they saw. The application claims real-time identification. This could be a big win for law enforcement.

In a benevolent nation state, this powerful application will help law enforcement identify and catch criminals. However, privacy advocates point out that not every nation using this technology is benevolent. From China to Russia, powerful nation states are using this to track their citizens, their dissidents, and their everyday citizens. What could go wrong?

,What if this application was accessible by anyone? What if a man riding the subway in New York City snapped a photo of a woman they found attractive and uploaded that to this application? The man may now be able to see the woman’s name, address, much of her public online activity. If that man has criminal intentions, that could negatively impact the woman’s safety. While this is an extreme example of what could happen with this technology in the wrong hands, how can we be certain that will never happen? While today, the application is limited to law enforcement agencies, Clearview investors predict it will eventually be available to the public.

Even if it is NOT officially made available to the public, hundreds of thousands of network and computer breaches have shown that valuable databases like this are breached and stolen by nation states or other hackers all over the world. Something this valuable will be targeted by hackers. It’s only a matter of time before this data is breached and stolen and placed in the hands of bad actors.

Could CCPA, GDPR, or Other Legislation Help?

The recent passing and enforcement of the California Consumer Protection Act (aka: CCPA) has gotten businesses in the US thinking and talking about what data they collect, how they use it, how they protect it, report on it, and delete it. CCPA requires businesses to provide consumers with the following:

a summary of the data they collect and what sharing practices they follow;

a process to request that their data be deleted (all privacy policies should now spell this out);

the right to opt out of the sale or sharing of their personal information

the ability to prohibit from selling personal information of consumers under the age of 16 without explicit consent

The new law does include biometric information (facial recognition) within the definition of personal information. This means businesses will need to inform consumers if they are collecting biometric information, be prepared to provide that information to consumers if they exercise a right to access, request, and delete that information if a consumer requests it. Businesses that are selling biometric information will also need to provide a mechanism for adults, anyone 16 years of age or older, to opt out of the sale of their personal information. The law requires businesses with websites to place a link titled “Do Not Sell My Personal Information” on the homepage along with their privacy policy. When an individual clicks on this link, they must be taken to a form that allows them to opt out of the sale of their personal information.

California isn’t the only state that has adopted privacy requirements like these. Nevada has recently implemented legislation similar to the CCPA. The states of Colorado, Massachusetts, New York and Washington are also working on legislation that will try to protect their residents’ privacy. It is important that these states include biometric information within the definition of personal information, allowing people to opt out of having their information sold to companies such as Clearview AI.

What Can I do Now to Protect Myself?

You can reach out to companies like Clearview AI via their Privacy Page links and request that your data be deleted. You could also write to your congress delegate and request that the US Senate pass comprehensive privacy reform legislation that protects all citizens of the US instead of each state creating a Patchwork quilt of different privacy legislation. Technology is rapidly outstripping our ability to regulate it with the existing laws we have on the books. A holistic approach to privacy protection is needed. Reading this article and others like it to stay informed, delete your data where you don’t want it stored, and fight for privacy rights is what we need to do to protect ourselves.

Addendum:

As of February 27, 2020, CNN reported that Clearview AI has been hacked, they store billions of photos from people across the world and their entire client list has been stolen. The customer list includes police forces, law enforcement agencies and banks. Clearview AI said that the hacker didn’t obtain any search histories conducted by customers, which include some police forces. Clearview AI noted that they are working to strengthen their security as much as possible in the near future to prevent a breach from happening again.

Additional Reading:

New York Times Article: The Secretive Company That Might End Privacy as We Know It

Clarip Article: How the New California Privacy Law (CCPA) Handles Facial Recognition

GeekWire Article: Washington Privacy Legislation Includes Facial Recognition Provisions

CNN Article: Clearview AI Has Billions of our Photos. Its Entire Client List Was Just Stolen

5-9-14 Eyes Privacy and Surveillance Article: https://vpnalert.com/blog/5-9-14-eyes/