Clearview’s facial recognition app links to a database of 4 billion pictures. And those photos are linked to all the data that got scraped up with them, culled (without permission) from sites like Facebook, Instagram, LinkedIn… pretty much anywhere people post photos and personal information.
There’s no opting-out of this collection either, even as Clearview packages and sells access to this scraped data to law enforcement agencies in the US, as well as government agencies in countries known for their human rights abuses. Fun, fun, fun and all just a click away from exploitation by anyone with an account. That includes demo accounts operated by the super-rich and law enforcement officers told to test drive the software by running searches on friends and family members.
How much does Clearview gather on the average person? It’s tough to tell. Asking Clearview directly — at least in most of the US — will get you nothing. However, California’s privacy law (the California Consumer Privacy Act) mandates the disclosure of gathered personal data to requesters. That’s what Thomas Smith of OneZero did. And here’s what he got back.
The depth and variety of data that Clearview has gathered on me is staggering. My profile contains, for example, a story published about me in my alma mater’s alumni magazine from 2012, and a follow-up article published a year later.
It also includes a profile page from a Python coders’ meetup group that I had forgotten I belonged to, as well as a wide variety of posts from a personal blog my wife and I started just after getting married.
The profile contains the URL of my Facebook page, as well as the names of several people with connections to me, including my faculty advisor and a family member (I have redacted their information and images in red prior to publishing my profile here).
Based on the request process — which involved some emailing back and forth before Clearview asked Smith to upload a photo of himself to run against its database — Smith estimates it only took about a minute or so for Clearview to run the search and retrieve his profile.
No one knows how often Clearview crawls the web to gather new info, but what’s already been gathered is impressive enough. Unfortunately, there’s no one vetting this data, so it’s up to end users to figure out what’s right and what’s wrong. The end users are (most often) law enforcement agencies, who don’t really place a premium on ensuring innocent people don’t get swept up in their secondhand surveillance nets.
Perhaps most worrying is the fact that some of Clearview’s data is wrong. The last hit on my profile is a link to a Facebook page for an entirely different person. If an investigator searched my face and followed that lead (perhaps suspecting that the person was actually my alias), it’s possible I could be accused of a crime that the unknown, unrelated person whose profile turned up in my report actually did commit.
Or vice versa. The negative possibilities are endless. And all of this starts with a photo of someone’s face. No other input is needed. Clearview’s algorithm — which hasn’t been independently tested or examined — does the rest.
And there’s more bad news. As Smith points out, Clearview’s proprietary system is just it standing on looking over the shoulders of tech giants. If Clearview can do this, anyone similarly motivated can do it. One homegrown surveillance company crashing and burning from negative press just clears the way for more competitors. The bag is open and the cat is long gone. It was gone long before Clearview drifted into the public eye. A large number of companies offer social media monitoring services and plenty of other surveillance tech companies routinely scrape publicly-available data for their government agency users.
The difference is Clearview packaged its offering in an app and handed it out to whoever wanted to take a look at it. If Clearview goes down, something else will take its place. For now, it’s the most visible villain. But it’s not the only one. And as long as it operates, residents of California (as well as European residents under the GDPR) can demand Clearview show them how much of their data it’s gathered. So, those who can should take advantage of that to let others know this is a very real threat to their privacy, not just some theoretical threat that should only cause concern for criminals.