Facial recognition software firm Clearview AI, which has been criticized for scraping together a database of as many as 3 billion online images, has been hit with a data breach.
The New York-based firm apparently had its list of customers including numerous law enforcement agencies stolen, according to The Daily Beast, which first reported the incident.
The news site reported it had obtained a notice sent to Clearview’s customers that an intruder had “gained unauthorized access” to its customer list, the number of searches customers have conducted and other data.
Clearview said in the notice that the company’s servers were not breached and that there was “no compromise of Clearview’s systems or network.”
However, Clearview’s attorney Tor Ekeland said, in a statement sent to USA TODAY, “Security is Clearview’s top priority. Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”
Facial recognition spurs privacy concerns
The issue of facial recognition technology and privacy has been controversial lately. Student uproar over the potential implementation of the face-scanning technology at University of California Los Angeles led the school to drop the plan. An editorial in The Daily Bruin student newspaper described the plan as “a major breach of students’ privacy and make students feel unsafe on a campus they are supposed to call home.”
Clearview attracted much attention after The New York Times reported in January that the startup had built a database of more than 3 billion images gathered from social media sites such as Facebook, YouTube, as well as payment site Venmo and countless other online sites.
The company notes on its website that it searches the open web – not private social media accounts – and markets its investigative tool only to law enforcement agencies and “is NOT available to the public. Federal and state law enforcement officials told The Times that they had used Clearview’s app in solving cases from shoplifting to murder and child sexual exploitation cases.
Clearview was founded by Australian technologist Hoan Ton-That and Richard Schwartz, an aide to then-New York Mayor Rudy Giuliani, the Times reported, and counts Silicon Valley venture capitalist Peter Thiel among its investors.
Clearview faces criticism
Since the report’s publication, Google, Facebook, Twitter and Venmo have sent cease-and-desist letters to Clearview demanding the company stop using its platforms for gathering imagery.
“YouTube’s Terms of Service explicitly forbid collecting data that can be used to identify a person,” YouTube spokesman Alex Joseph said in a statement. “Clearview has publicly admitted to doing exactly that, and in response we sent them a cease and desist letter.”
The New Jersey attorney general has banned police from using Clearview’s app, The Times reported, and the company also faces class action lawsuits in Illinois and Virginia.
And Clearview is coming under scrutiny by some in the U.S. Congress. Rep. Patrick McHenry (R-N.C.), has called for House Financial Services Committee chair Maxine Waters (D-Calif.), to schedule a hearing on the company’s data collection practices, Axios reported.
Sen. Edward Markey (D-Mass.), who last month expressed concerns about Clearview’s technology, strengthened his unease after Wednesday’s report. “Clearview’s statement that security is its ‘top priority’ would be laughable if the company’s failure to safeguard its information wasn’t so disturbing and threatening to the public’s privacy,” he said in a statement.
While the company said it had not been hacked, the incident raises apprehension, he says. “If your password gets breached, you can change your password. If your credit card number gets breached, you can cancel your card. But you can’t change biometric information like your facial characteristics if a company like Clearview fails to keep that data secure,” Markey said. “This is a company whose entire business model relies on collecting incredibly sensitive and personal information, and this breach is yet another sign that the potential benefits of Clearview’s technology do not outweigh the grave privacy risks it poses.”
Contributing: The Associated Press
Read more at USAToday.com.