US facial recognition firm Clearview AI has become the victim of a data breach after a hacker “gained unauthorized access” to the company’s entire client list, exposing for the first time the details of the organizations which work with the controversial firm.
The data breach, first reported by The Daily Beast on 26 February, is believed to be the largest in the company’s history to date. According to the report, Clearview AI allegedly sent out a notification explaining the data breach to its clients—most of whom are law enforcement agencies based in the US and other corporate entities. The Daily Beast obtained the notification, using it as a basis for their reporting.
According to the notification, not only were the names of Clearview AI’s clients exposed, but additionally the number of user accounts each client had opened and the number of searches they had conducted were also revealed.
Despite what appears to be a relatively extensive leak which the data breach brought about, according to The Daily Beast, Clearview AI’s notification ensured that the firm’s servers remained secure and that there had been “no compromise of Clearview’s systems or network.”
Clearview AI also said that it had taken care of the vulnerability that had led to the data breach occurring in the first place, and mentioned that the hacker had not managed to obtain the search histories of clients.
Alongside a large number of US state and local law enforcement agencies, known clients of the facial recognition firm include federal agencies such as the FBI and the Department of Homeland Security.
Facial recognition firm fuels controversy
In recent months, the Manhattan-based company has amassed controversy for its use of facial recognition technology in cahoots with US law enforcement agencies.
According to The New York Times—which broke the story back in January—Clearview AI makes use of a vast database of over three billion images scraped from social media platforms like Facebook, Twitter, YouTube, Venmo and LinkedIn, and then uses these images to match against photographs of suspects provided by police departments.
The controversy that Clearview AI’s use of these facial recognition technology has garnered has resulted in several high-profile tech companies such as Google, Facebook, YouTube and Twitter issuing cease and desist letters to Clearview AI. These, in essence, point out to the company that scraping photographs off of their sites is illegal or stands in violation of their terms of service.
Clearview AI, on the other hand, contends these allegations. In a CBS interview with Hoan Ton-That, Clearview’s founder and CEO, it is claimed that the facial recognition firm is protected by a “First Amendment right” to access information which is in the public domain—including photographs.
Ton-That also expressed his aim to build a “great American company” that has “the best of intentions,” claiming that he would not sell his technology to world actors like Russia, China and Iran on ethical grounds.
However—in spite of the controversy which has surfaced as a result of the company’s use of facial recognition technologies—Clearview AI nonetheless affirms its own commitment toward matters of cybersecurity and privacy.
“Security is Clearview’s top priority,” the company’s attorney Tor Ekeland told The Daily Beast.
“Unfortunately, data breaches are part of life in the 21st century,” he adds. “Our servers were never accessed. We patched the flaw and continue to work to strengthen our security.”
A data breach with unknown implications
Aside from the company’s short statement on the subject to its clients, however, there is very little that is known in the way of specifics—neither concerning the extent of the data breach, nor its wider implications. In this way, it remains within the realm of informed speculation to posit what may or may be the long-term result of such a potentially impactful development in relation to the company’s privacy protections.
The move, for example, highlights a trend in ‘hacktivism,’ whereby hackers take action against corporations and organizations for what they perceive as being ethical reasons. It is likely that, due to the potential implication associated with Clearview AI’s controversial business dealings, that hackers targeted the company for retributive reasons.
Clearview AI, for one, appears to be downplaying the extent of the incident. According to The Daily Beast—which reviewed the company’s statement to clients—Clearview AI avoided making reference to the breach as having been a ‘hack’ in the first place.
However, one thing is very much clear. The potential implications of a data breach such as this one provides a fitting example as to the sensitive nature of facial recognition technologies, as well as how the data is processed and used. And while the company has undoubtedly seen much success its use facial recognition to improve law enforcement effectiveness, the success begs the question of costs involved.
With over three billion photos stored on a central database, it should come as no surprise then that many privacy advocates have raised concern over the potential implications such a technology could come to have on individual freedom.