A Manhattan-based facial recognition company that uses artificial intelligence to collect data from unsuspecting social media users has reported that its entire client list has been stolen.
The company, Clearview AI, has developed an app which allows anyone to snap a picture of someone which is then compared to a database of more than 3 billion photos that the company has scraped off Facebook, Venmo, YouTube and other sites, before serving up matches along with links to the sites where the database photos originally appeared.
Clearview AI has partnered with law enforcement agencies around the country, however it was unknown exactly how many or who they were. That may not be the case for much longer, after an intruder “gained unauthorized access” to its customer list – along with data on the number of searches its customers have conducted, as well as how many user accounts have been set up, according to the Daily Beast.
The company raised concerns among privacy advocates after a New York Times article described their work with law enforcement agencies, with over 40 organizations signing a letter calling for an independent watchdog to recommend a ban on government use of facial recognition technology.
The company claims that there was “no compromise of Clearview’s systems or network,” and that the vulnerability has been breached. Specific search histories were not obtained.
“Security is Clearview’s top priority,” said company attorney Tor Ekeland. “Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”
The firm drew national attention when The New York Times ran a front-page story about its work with law-enforcement agencies. The Times reported that the company scraped 3 billion images from the internet, including from Facebook, YouTube, and Venmo. That process violated Facebook’s terms of service, according to the paper. It also created a resource that drew the attention of hundreds of law-enforcement agencies, including the FBI and the Department of Homeland Security, according to that report. In a follow-up story, the Times reported that law-enforcement officials have used the tools to identify children who are victims of sexual abuse. One anonymous Canadian law-enforcement official told the paper that Clearview was “the biggest breakthrough in the last decade” for investigations of those crimes. Daily Beast
David Forscey, managing director of the non-profit Aspen Cybersecurity Group said that the breach is concerning.
“If you’re a law-enforcement agency, it’s a big deal, because you depend on Clearview as a service provider to have good security, and it seems like they don’t.”