Clearview AI and Facial Recognition

The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos.

His tiny company, Clearview AI, devised a groundbreaking facial recognition app. You take a picture of a person, upload it and get to see public photos of that person, along with links to where those photos appeared. The system—whose backbone is a database of more than three billion images that Clearview claims to have scraped from Facebook, YouTube, Venmo and millions of other websites—goes far beyond anything ever constructed by the United States government or Silicon Valley giants.

Federal and state law enforcement officers said that while they had only limited knowledge of how Clearview works and who is behind it, they had used its app to help solve shoplifting, identity theft, credit card fraud, murder and child sexual exploitation cases.

[…]

But without public scrutiny, more than 600 law enforcement agencies have started using Clearview in the past year, according to the company, which declined to provide a list. The computer code underlying its app, analyzed by The New York Times, includes programming language to pair it with augmented-reality glasses; users would potentially be able to identify every person they saw. The tool could identify activists at a protest or an attractive stranger on the subway, revealing not just their names but where they lived, what they did and whom they knew.

And it’s not just law enforcement: Clearview has also licensed the app to at least a handful of companies for security purposes.

Another article.

EDITED TO ADD (1/23): Twitter told the company to stop scraping its photos.

Tags: , , , , ,

Posted on January 20, 2020 at 8:53 AM30 Comments

Comments

Peter A. January 20, 2020 10:01 AM

China’s style surveillance is going to be deployed anyway, if not by mildly oppressive “democratic” governments, then by private companies – from which governments will happily buy services as they please while claiming virginity: “we’re not doing mass-surveillance”.

Time to walk with full-face mask, or better a fluffy robe fully covering the body, Taliban style, just in case.

In my city there’s a problem with smog (has been always, but only quite recently it got attention), so an anti-smog mask may be a good excuse. Add some goggles (protection from UV), and a poncho (personal style). Oh, and no electronic spy devices. Am I good? Or should I turn hobbit already?

In the hole in the ground there lived an anti-government activist…

JonKnowsNothing January 20, 2020 10:22 AM

@Peter A

re: full face mask

This is against the law in a large number of countries. These laws were enacted to acculturate people with a diverse clothing style and backgrounds into western dress and demeanor.

Face masks, full or partial along with wearing or display large(tbd by courts) symbols will land you in the slammer.

If you cover up your face incidentally while traversing a transient face recognition capture point, you will also go to jail for “evading law enforcement”.

The depth of enforcement and punishment for breaking these laws vary by country.

Edu January 20, 2020 11:18 AM

I think I know why deepfake is so important for the future of humanity! It’s what’s going to save humanity from being surveilled and always watched by businesses, governments, marketers, institutions, strangers and potentially enemies. Increased surveillance means decreasing trust. If deepfake is perfected where a machine or a human cannot distinguish between a digital picture of a real and machine generated synthetic human face that look look alike, it means no face recognition technology will ever solve this, therefore shaping the value of “face detection, recognition, and tracking” services as convenience and privilege to people! Therefore making the physical face to face the most valuable of all face forms, not thru displays..

Ross Snider January 20, 2020 12:54 PM

ClearView labels themselves as “Search, Not Surveillance”. The NSA used the terminology “Bulk Collection, Not Surveillance”.

Controlling the narrative through the use of suggestive vocabulary seems to be a widely deployed technique for these efforts. For example, in the United States propaganda is called “strategic communication” (and sometimes “perception management”), through which public conversation about the topic often gets dropped (“America doesn’t do propaganda!”).

This technique is also reminiscent of Orwell’s “newspeak” – an evolution of language intended to control populations by limiting the topics of conversation and their depth of insight.

On a broader level than ClearView AI, how should be we best secure ourselves from manipulation of language?

AlexT January 20, 2020 12:57 PM

Well I think the cat is out of the bad… the technology can’t be “uninvented” and will only become even better (it is already pretty good)! with time.

I don’t see a legislative solution either – in the unlikely case of congress passing a law the “five eyes” trick will be simply be put into action again.

I only (very) unperfect response I can see it to mandate for everyone to submit high resolution picture every few years – this will lower false positives and equalize somewhat the playing field. I’d go as far as suggest the same with DNA.

Happy to hear alternative views !

AlexT January 20, 2020 3:17 PM

@Bruce,

Just noticed your NYT op-ed on the subject.

I think it is surprisinmgly naive. Again, it is way too late for legislation (and quite frankly do you really think that the US government will, under the excuse of law enforcement, give a pass to such a powerful technology, congress be damned ?).

The sooner we understand that there is not path back from surveillance society the better we will be able to respond to the immense societal changes to come.

Electron 007 January 20, 2020 3:30 PM

Federal and state law enforcement officers said that while they had only limited knowledge of how Clearview works and who is behind it, they had used its app to help solve shoplifting, identity theft, credit card fraud, murder and child sexual exploitation cases.

Some cops do methamphetamine on duty, and in their own minds they are able to think very, very clearly with the gun at hand in the holster on their hip.

The unrestricted ability to locate a targeted individual anywhere on the face of the earth is not limited to legitimate law enforcement purposes.

There is a strong and thriving murder-for-hire market for this kind of technology. Hit men can stake out their marks and establish the habitual comings and goings of their intended victims in order to make plans where best to lie in wait for ambush.

So many rank-and-file municipal labor-union cops all over the world, whose duty at one time should have been to protect and defend us against crimes, have not only abandoned that duty to turn against us, but they have maliciously, forcibly, and violently deprived us of the rights and means of defending ourselves from the continual and progressive depredations of serious organized crime.

Alex A January 20, 2020 4:06 PM

Directly from the article:

Another early investor is a small firm called Kirenaga Partners. Its founder, David Scalzo, dismissed concerns about Clearview making the internet searchable by face, saying it’s a valuable crime-solving tool.

“I’ve come to the conclusion that because information constantly increases, there’s never going to be privacy,” Scalzo said.

Excuse me but what the f*ck? Is this the direction we’re headed with privacy?

vas pup January 20, 2020 5:07 PM

From the article – looks like the weakest link:
“Clearview’s app carries extra risks because law enforcement agencies are uploading sensitive photos to the servers of a company whose ability to protect its data is untested.”

Photos from government databases are uploaded to private servers with untested security. Just speechless.

For all suggestion regarding laws: laws are working for honest people who used to follow them. Crooks and criminals of all flavors don’t give a s….t about laws. Moreover, laws are working (if at all) only AFTER unpleasant event.

It is better to be safe (rely on technical solution against technical threats in particular as preventive measure) than sorry (rely on lawyers and justice/unjustice system) thereafter.

Face recognition is just the first step of 21 century version of ‘1984’. Next in line is height, gate, etc. also available in public domain.

Anon Y. Mouse January 20, 2020 7:19 PM

My decisions to never use Facebook and other social media and my
steadfast avoidance of being included in peoples’ photos is looking
better and better.

Time for big, floppy, unisex hats to come into fashion!

ATN January 21, 2020 4:02 AM

The “nice” thing about these companies are that they are after the money, so if you are a Mafia chief or other “important” man you can pay such company to clean the database – and/or add some “fact” to the database for the police to arrest “non-compliant” people…
Proven by Artificial Intelligence from data in the database, the new level accepted by the courts!

JonKnowsNothing January 21, 2020 8:11 AM

Often these sorts of technologies are considered as impacting “the future”, which they do but they also impact the past and that’s something that gets missed.

There are age progression programs commonly seen on milk cartons for missing persons. They are used in other applications too.

In the case of unsolved crimes or actions that become criminal after the fact (like enhanced interrogation aka torture or state sponsored murders) and finding the names of various participants, these ginormous warehouses of long term images, data traces and geolocation points are going to be used to ID folks long in the past too.

Recently a news report detailed how they are looking for a group of men who are accused of gang rape 40 years ago. Given all the historical images we have of the good bad and ugly of the century, such databases will put names to each face and their decedents who may not know about the actions of their much-loved relatives is going to be a shocker and maybe for some past-future crimes a stint in jail.

Not too long ago a report of a visitor to a European hotel (I don’t remember which country) noticed 2 photographs from WW2. The men were wearing German uniforms and were founding members of the family hotel there. The visitor was appalled because they recognized some of the military insignia on the uniforms. A short exchange and a delving into historical records showed the visitor was correct about the insignia; the photos were removed (afaik) and the family said they had no idea because the individuals has always told the family that “they didn’t do those things”.

In the USA we just had our Martin Luther King remembrance holiday and there was a historical photo of men walking along the street with simple signs passing in front of a group of state militia with their guns pointing at the men and bared bayonets pointing at them.

I wonder if the militia men told their families and grandchildren and great great grandchildren that they “didn’t do those things” either?

It’s going to be a bit of a shock when such things are divulged.

In USA there are laws about “outing” some people working in “secret areas” but the scope of these databases and mutual distrust will keep some of them from merging but like Google’s Secret Geolocation Database where its been harvesting data from systems with geolocation turned off for more than a decade, collection is sure to continue in many places and results publicized.

It’s a sort of Paparazzi Frenzy for the masses.

Phaete January 21, 2020 10:05 AM

Things can get interesting if the company ever decides to do business in Europe.
GDPR requires consent for biometric data that can uniquely identify a person.

GDPR art 4 [14]

‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;

GDPR art 4 [11]

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

(just uploading a picture is not informed consent for usage of your biometric data)

ATN January 21, 2020 10:50 AM

@ Phaete:
You gave consent long time ago when you accepted cookies displaying an unrelated WEB page and did not read the 10 pages long contract that it did involved – before deleting the browser tab because it was completely unrelated information you did never want and had never requested.
Or when you used for the first time a Windows driver on the PC you did buy and refused to know which contract you did sign in to use the keyboard – or upgraded that windows driver “to fix a security issue”.

Even when you decide to use GDPR to erase personal info from a company, that would not remove that consent (no legal matter erased), and erasing such info involves adding you to a list of people “who have requested their info to be erased” – just that (I tried myself) – while completely keeping “enough” information about “who has asked for their info to be removed”. GDPR is a complete joke.

Phaete January 21, 2020 11:24 AM

@ATN,

Your examples does not fall into the category of specific, informed and unambiguous consent.

As far as given consent, just send them a legal communication withdrawing that consent.

For cookies and other “yes i agree” buttons on the internet, you might want to try NoScript and uBlock Origin.
NoScript blocks a lot of those consent popups, with uBlock Origin you can hide the consent and obscuring elements and just read the website normally without clicking any consent buttons.

And if you are using windows, you might as well just give up trying to protect any information that resides or goes through that OS.

And yes, you will get on a list of people that requested their data to be removed (in case they try to add it again…) but it won’t have your biometric data on that list, nor your other data.
That is 100 times better than on the list with all email adress, social number, biometric face recog data, fingerprints etc.

Scumop January 21, 2020 12:15 PM

Just an aside on having your data “deleted.”

In almost every database, the delete process does not involve removing or overwriting data. They simply set a flag to indicate the record is deprecated. There are good technological reasons for setting this ‘do not use’ flag such as preventing whats called a cascade delete.

If they use the flag, they should scrub the data as well, but that is pretty rare simply because it is extra work. As you can guess, browsing such data is dead easy with even simple tools. There is also the matter of database backups not being scrubbed of now deprecated records. Restore & explore.

Clive Robinson January 21, 2020 12:35 PM

@ Phaete,

And yes, you will get on a list of people that requested their data to be removed (in case they try to add it again…)

And thereby you reveal two potential attacks against the system.

That is how much information is required?

Take my name it’s far from unique, I’ve actually met a couple of people with the same name as me at conferences and exhibitions. One was because somebody paged me, and two of us turned up at the Information desk, much to the confusion of other people.

Thus the attacks,

The more people that register the longer and slower the search and the more checks the company has to do. Which means they either go illegal or they pay the price which makes their “product” not cost effective to keep.

The second is to register with the absolute minimum data possible thereby causing two “force multiplier effects”. If there are say five “Clive Robinsons” on the register the company has a choice to make when they get a “clive Robinson” come up. They can just assume on a minimal match the exclusion is valid, or search through all the Clive Robinsons on the list to check they all don’t match before keeping the data. But the less data held on that exclusion list the less possible it makes it to be certain they are not a match…

Thus the more data the companies have to ask you for. Which will absolutly annoy the heck out of most people these days, thus they will be less inclined to hand over details.

But there is a subtal way for list keepers to make lots more money which would please the Government Entity types. That is they charge by individual search, but deliberately limit the number of terms you can search for on each search. Which makes the search to check more expensive for those that want to keep user data.

Because the only way to stop privacy invasion is to make it to expensive up front to do. And for those that get caught mandatory tarrifs on time and fine per failing and remove the “director/officer limit on liability” so if they do cheat they can not get out of it by using the likes of bankruptcy or shell companies.

But even then there will always be some with psychopathic tendencies who will “risk it” but those are supposadly “1 in 5” of business leaders –depending on who’s study you use– should be somewhat easier to catch due to lesser numbers.

Oh and “means testing” on such fines should be based not just on “found wealth” but “assumed wealth” from the likes of “lifestyle indicators”. Which might sound unfair, but if you think about it, if your lifestyle is above the norm for what you earn etc, then you are probably a crook anyway. Some jurisdictions do have laws in place like this supposadly to catch “serious crime” bosses and the like, so the idea is not new as such, it’s more the perception issue of company directors/officers are honest people, when the figures tends to suggest they are less honest than the general population who are not directors or officers of companies of any size.

Phaete January 21, 2020 1:24 PM

@Clive

I like the idea of making it more expensive for the abusers.
Fines and penalties are one thing, but can only be enforced if backed by correct legal action.

Public disobedience (not the right word but close enough) can also be very effective. I remember people sending bricks through mail to postal free addresses.
Myself i liked to ‘return to sender’ any unsolicited personally addressed commercial mail, incurring a small cost to them and most stopped sending me commercial mail.

So if one were to setup an automated template to roll out several hundred information requests/deletions for the top 250 offending companies, then hosted that publicly.
If you get enough people to do it, it would cost those companies a lot of money.

Clive Robinson January 21, 2020 6:00 PM

@ Phaete,

So if one were to setup an automated template to roll out several hundred information requests/deletions for the top 250 offending companies, then hosted that publicly.
If you get enough people to do it, it would cost those companies a lot of money.

If I remember correctly, some years ago the home address of the self styled “Spam King” became known and “public minded activists”[1] signed him up for anything and everything, and the resulting mail was turning up by the truck load. Giving him the problem of soeting through it to find his actual important mail.

A friend goes about doing things in a slightly different manner but it involves obtaining the home address of the directors and officers of the company concerned, verifying they actually live at the address by various “credit databases” etc. And in effect sending them a contract promising certain actions in response to theirs.

[1] Activist is a nicer word than “disobedience” as it does not imply an negitivity or potentialy non obayance of authority in the action.

Clive Robinson January 22, 2020 3:34 AM

@ Lurker,

…could this put a heavy boot into selfies?

You would think so but…

The UK’s Met Police, have found social media to be a very good way to gather evidence about criminals.

Apparently criminals frequently post “selfies” of themselves and their friends either in the “criminal act” or “with the proceads”…

Back a decade or two ago criminals used to “big it up” down the pub not on social media by “flapping their gums” and some snitch / grass / confidential informant or under cover cop would pass it back to detectives. So much so that something like 80% of “solved crimes” were due to this route, not what we would consider “investigative measures” (forensics and enquirers to find witnesses etc). In fact the Met police were so dependent on this method, that a number of serious crimes never got investigated by the correct investigative measures at the time, so the wrong people got prosecuted and cleared and / or the cases went dead cold.

The fact that some criminals are still “bigging it up” but now by the clear and near impossible to deny “Social Media” kind of says something about their “group think” issues…

Oh the other way criminals often get caught is that they don’t plan properly. That is they get fixated on the crime and get away and don’t consider / plan what to do next. Thus they get caught trying to monetize the proceads.

One clasic example was the “alledged” IRA theft of millions of pounds in bank notes from a security distribution center. Because the notes were new and the serial number ranges were known and put out by the authorities, the money more or less became waste papet. Thus the money started showing up in strange places such as “wheelie bins” –more usually used for rubbish– at the bottom of peoples gardens hidden in bushes. Presumably the criminals were waiting for things to die down sufficiently that they could start putting it into circulation… But the IRA had a reputation for hiding weapons and explosives, and it was not in “wheelie bins at the bottom of the garden”. Which prompted some to observe that maybe people were being set up and scores were being settled.

One of the reasons we have “organised crime” is that some criminals realised you should not go around flapping your gums or having / displaying conspicuous wealth without reason. So they set themselves up a “society” that provides monetization of proceads and money laundering services as standard along with legal services etc advice and “specialists”.

The point being if you can not make it in business without going bankrupt, then you are not going to make it as an unconvicted –thus successful– career criminal.

vas pup January 24, 2020 2:34 PM

Neo-Nazi Rinaldo Nazzaro running US militant group The Base from Russia
https://www.bbc.com/news/world-51236915

“Rinaldo Nazzaro, 46, who uses the aliases “Norman Spear” and “Roman Wolf”, left New York for St Petersburg less than two years ago.

The Base is a major counter terrorism focus for the FBI.

Seven alleged members were charged this month with various offences, including conspiracy to commit murder.

===>The case against three alleged members states that the group leader instructed them to use coded language – or cyphers – when communicating, a tactic which the men are said to have employed.

The trio, accused of conspiring to murder an anti-fascist couple and their children, were allegedly counseled by the leader
===>to carry out “non-attributable actions but that will still send a message”.

Clipper January 24, 2020 7:54 PM

@vas pup
It was also revealed that he had a CAGE code and ties to various secret services and that FBI agents participated his movement and encouraged others to commit acts of violence. So what knows what comes next.

JonKnowsNothing January 28, 2020 9:35 PM

re: full face mask

Here’s an interesting twist:

Due to the global outbreak of the coronavirus, face masks have become really popular.

A report on the Guardian.com live feed

Timestamp: Tue 28 Jan 2020 9.24am

Unmasked man pulled off metro in China amid coronavirus crisis (video)

Chinese companies are working overtime to produce masks amid soaring demand caused by the country’s coronavirus outbreak.

Of course, they don’t really need your face, lots of other ways to ID you that are as good or better.

ht tps://www.theguardian.com/science/live/2020/jan/28/coronavirus-first-death-in-beijing-as-us-issues-new-china-travel-warning-live-updates
(url fractured to prevent autorun)

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.