Facial Recognition App Used by Law Enforcement Agencies Hacked

Share

Clearview AI - the start-up company that compiles billions of images for its facial recognition software and whose technology Toronto Police were testing in 2018 for a pilot project - sustained a massive data breach Wednesday. He was criticized after a New York Times investigation into the software company last month, and Clearview AI was described as a "chilling" privacy risk by Democratic Senator Edward Markey in late January. The intruder also gained access to the number of user accounts each customer had set up, and to the number of times each customer searched Clearview's database.

The disclosure also claimed that Clearview's servers hadn't been breached and that there was "no compromise of Clearview's systems or network".

In a statement, Clearview's attorney Tor Ekeland told The Register: "Security is Clearview's top priority. We patched the flaw and continue to work to strengthen our security", Ekeland said.

BuzzFeed News' report Thursday said Clearview AI's client list actually has 2,900 clients, including companies like Macy's and Best Buy as well as federal law enforcement. A spokesperson for the exchange told BuzzFeed that it was testing Clearview due to its "unique needs around security and compliance".

About 2,200 of those clients have searched Clearview AI within the past year, according to BuzzFeed.

But numerous companies have strongly opposed Clearview AI deleting its images for its database.

Real Madrid's Hazard to miss City Barcelona clashes with fibula fracture
I know how hard we work. "It's an honour and I intend to enjoy it". It's sore now but we'll see tomorrow, when we do more tests". "It doesn't look good", said Zidane .


"Only trained victim identification specialists in the NCECC use the software primarily to help identify, locate and rescue children who have been or are victims of online sexual abuse".

Scraping billions of images from users' profiles promoted cease-and-desist requests from Facebook, Google and Twitter.

Clearview AI's CEO, Hoan Ton-That, has previously claimed its tech is meant "strictly for law enforcement" but the documents appear to indicate private companies widely use the service too.

"The general contours of what has been reported seem to indicate that an unauthorized person was able to perform limited commands or queries against the server or database without the expected authentication", Roger Grimes, data driven defense evangelist at security awareness training firm KnowB4 Inc.

In addition to the crossover from global law enforcement agencies and governments to private corporations, another major revelation of the hack is Clearview AI's ties to Saudi Arabia and the United Arab Emirates.

"The OPC, along with privacy regulators in every province and territory, have agreed to work together to develop guidance for organizations - including law enforcement - on the use of biometric technology, including facial recognition", the OPC statement said.

Share