Facial recognition is a technology that attempts to verify the identity of a selected individual by comparing his or her facial features with digital images of faces stored in a comprehensive database. The technology is already in widespread use by companies, intelligence agencies and police departments, allowing them to identify virtually anyone within a matter of seconds.
You might be wondering where these comprehensive “databases” of faces come from, and how “comprehensive” they really are. If you have a social media account with Facebook, Twitter, Google or LinkedIn, your face is in their database, along with other details about you such as name, address and phone number.
Maybe you knew that already. What you may not have known is that there are companies that “scrape” all this information from these and other social media sites, organize it into a more comprehensive database consisting of billions of records, package it up, and sell it. All this happens without your knowledge or permission. It’s almost as if you have lost control of your own face!
While most companies that engage in scraping do so secretly, one company that has been quite open about this kind of activity is Clearview AI, a facial recognition company in New York that boasts having collected over 3 billion “face prints”. This is not going unnoticed by social media companies, courts and Congress.
The big social media companies see themselves as victims, arguing that Clearview is violating their terms of usage policies and copyrights. They have sent Clearview cease-and-desist letters demanding that it stop scraping their sites and delete information already scraped.
Clearview claims that it has the right to collect public information to feed its facial recognition database, citing a First Amendment right to collect and index publicly available information, similar to what Google does to feed its indexing engine.
Google disagrees with this comparison, arguing that most websites want to be included in Google Search, and that it gives webmasters complete control over what information from their site is allowed to be included in its search results, including the choice to opt-out entirely. Clearview, on the other hand, secretly collects image data of individuals without their consent, and in violation of rules explicitly forbidding it from doing so.
Courts Weigh In
Clearview asserts that its activities are entirely legal, and it may have a court decision to back up that claim…
In 2016, a San Francisco startup, hiQ Labs, was marketing two products which depended upon public data collected from LinkedIn’s 550 million members. “Keeper” identified employees who might be amenable to recruitment and “Skills Mapper” summarized LinkedIn members’ skills.
To feed these products hiQ was grabbing the same material that anyone could get from LinkedIn without having to log in. Nevertheless, LinkedIn sent a cease-and-desist letter accusing hiQ of violating the Computer Fraud and Abuse Act (CFAA), the Digital Millennium Copyright Act (DMCA), and California Penal Code § 502(c) which prohibits unauthorized computer access.
In a 3-0 decision, the 9th U.S. Circuit Court of Appeals in September 2019 let stand a lower court’s August 2017 preliminary injunction that required LinkedIn, a unit of Microsoft, to allow hiQ access to publicly available member profiles.
Growing Concern in Congress
There will undoubtedly be more court cases dealing with the permissibility of data scraping, but the usage of facial recognition technology is another matter. The Electronic Frontier Foundation (EFF) has weighed in on the issue as has Congress.
The EFF wants laws that ban, or at least pause, law enforcement’s secretive use of facial recognition, citing the abuse of the technology by police. Law enforcement, it says, has already used face recognition on public streets and at political protests. If curbs are not put on the use of this technology now, says the EFF, what are we going to have in another ten years?
Congress has yet to produce legislation on the use of facial recognition to protect the privacy and safety of consumers, but the House Oversight and Reform Committee has been holding hearings on the technology concerning its accuracy, applications and potential for abuse. There is rising bipartisan concern that, what started out as primarily a corporate technology, is now being secretly threaded through the nation’s core infrastructures without much thought to the privacy rights of citizens and its impact on society.
Today’s Reality: Data Breaches
Any large accumulation of online data will inevitably attract hackers. So it’s no surprise that Clearview AI reported recently that an intruder stole its entire client list, which includes law enforcement agencies, along with the user accounts those customers had set up, and the number of searches those customers have conducted.
Although the vast trove of facial recognition data was not at risk, according to the company, the incident demonstrates how potentially vulnerable Americans are to having their personal details collected and distributed without their knowledge or consent. The incident also demonstrates that hackers are targeting companies like Clearview with the intent of stealing data and selling it on the dark web to the highest bidder. Clearview may have been lucky that the breach was not as serious as it could have been, but next time the situation might be quite different.
Innovation & Growth Continues
Many tech companies claim to want regulation but expect to have a seat at the table when it comes time to write the rules. They will endeavor to shape things in their favor to secure market advantage and to freeze out upstart competitors by making regulatory compliance too expensive. Meanwhile, they continue to fine-tune the technology and sell it to law enforcement and government agencies unimpeded, raising alarm about the eventual implementation and continued strengthening of authoritarian control over society.
Nathan Muller is the author of 29 technical books and over 3,000 articles that have appeared in 75 publications worldwide. He also writes articles, blogs and social media content for tech companies and their executives.