Clearview AI, the controversial and secretive facial recognition company, just experienced its first major data breach a scary prospect considering the sheer amount and scope of personal information in its database, as well as the fact that access to it is supposed to be restricted to law enforcement agencies.
According to a memo sent to its customers which was obtained by the Daily Beast, an intruder gained unauthorized access to the companys client list, its number of user accounts, and a number of searches its customers have conducted. That client list might be particularly sensitive, as Clearview claims it works with hundreds of federal and state law enforcement agencies. (A BuzzFeed News report said those numbers are inflated.)
The good news is that there is no evidence that Clearviews database of three billion photos was hacked. But the fact that the company could be breached at all is worrisome enough. Clearview says it obtained these photos by scraping publicly available images from all over the internet. The companys software uses proprietary facial recognition technology to help law enforcement agencies identify suspects by matching their images with those in the database.
Clearviews lawyer, Tor Ekeland, seemed blasé about the news in his response to the Daily Beast (he did not respond to a request for comment from Recode).
Security is Clearviews top priority, he said. Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.
Sen. Edward J. Markey, who has been highly critical of the company, said in his own statement that Clearviews comments would be laughable if its failure to safeguard its information wasnt so disturbing and threatening to the publics privacy.
This is a company whose entire business model relies on collecting incredibly sensitive and personal information, and this breach is yet another sign that the potential benefits of Clearviews technology do not outweigh the grave privacy risks it poses, Markey said.
Though Clearview is playing the breach off as a minor and quickly solved problem, it brings up larger issues that have been bubbling under the surface since Clearviews existence was made widely known last month in a New York Times report. Those include worries about what would happen should Clearviews data fall into the wrong hands, and how much confidence we should really have in the cybersecurity practices of a private company we know little about and have no reason to trust. If security is indeed Clearviews top priority, this data breach doesnt bode well.
Open Sourced is made possible by Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.
