Clearview Claims Breach granted access to his customer list

FCC Commissioner Geoffrey Starks testifies before the House Energy and Commerce Committee's Communication and Technology Subcommittee on December 5, 2019 in Washington, DC.
Photo : Chip Somodevilla (Getty

A security breach at a startup with facial recognition that has already fought on behalf of its hundreds of law enforcement clients for the unrestricted collection of American personal data underscores the potential dangers to which Consumers are exposed to controversial and largely unregulated surveillance technology federal officials said on Wednesday.

Clearview AI, who has criticized scratching billions of photos from public websites like Facebook and Google, for facial recognition software To train law enforcement in the search for suspects. This week the company informed its customers that an unidentified intruder had "unauthorized access" to their internal customer list and the number of database searches performed by each client.

T There s Daily Beast first reported on the news . Clearview AI attorney Tor Ekeland confirmed the violation in a statement to Gizmodo. Security remains Clearview's "top priority," said Ekeland, adding, "Unfortunately, data breaches are a part of life in the 21st century. Our servers have never been accessed. We have fixed the issue and are continuing to improve security. "

Clearview informed the Daily Beast that the breach did not give the intruder access to its platform or a law enforcement client's search history. Nevertheless, US lawmakers quickly questioned Clearview's response, which they found to be dismissive. [19659006] "Shrugging and saying that data breaches occur is a cold consolation to Americans who could pass their information on to hackers without their consent or knowledge," said Sen. Ron Wyden, a permanent congressional data protection officer and author of Mind Your Own Business Act a bill that is supposed to make it difficult for tech companies, huge date Collect banks with personal data from consumers.

"How can we trust a company with massive data protection responsibilities if it can't even protect its own corporate data?"

"Companies that collect and market large amounts of information, including facial recognition products, should be held accountable if they don't keep this information safe, ”Wyden told Gizmodo.

Clearview, whose services are tested by the FBI and the Department of Homeland Security, according to the New York Times . has been sharply criticized for its data collection process. The company claims to have scraped more than three billion images from Facebook, Google and YouTube that Clearview served on this month's injunction and claims that the scraping violates company policies.

Clearview's CEO and founder, Hoan Ton-That, defended his company's practices this month in an interview with CBS This Morning by comparing data collection to Google and saying Clearview had a " Right to adjust to public information ”. ”

Alex Joseph, a YouTube spokesman, later replied to Ton-That’s comments, saying that most websites, unlike people whose photos have been added to the Clearview database, go to Google -Search want to be included. "Clearview secretly collected image data from people without their consent and in violation of rules that explicitly prohibit them," he said.

FCC Commissioner Geoffrey Starks told Gizmodo that face recognition technology "poses serious problems of privacy and civil liberties, especially when it comes to color communities".

In December, the National Institute for Standards and Technology, a division of the Commerce Department, published a study of 189 facial recognition systems that found, among other things, that African and Asian people were misidentified by the systems at a rate 100 times higher than white faces.

“As I said a long time ago, handling our data is one of the most important civil rights issues facing our generation. Face recognition is currently one of the most worrying. Face recognition is used to determine if you can enter your home, if law enforcement can stop you on the street, and if you can even enter the country, ”said Starks. "Now we learn that Clearview, after collecting so many personal images, cannot even protect its own systems. How can we trust a company with massive data protection responsibilities if it cannot even protect its own company data?"

Sen Ed Markey, a member of the Trade, Science and Transport Committee, has also targeted Clearview's response this morning, stating that the claim that security is a top priority "would be ridiculous if the company's failure to provide its information." protect, would not be as distracting, and threatens public privacy. "

" If your password is breached, you can change your password. If your credit card number is breached, you can cancel your card. However, you can use biometric information such as your facial features don't change this when a company like Clearview not kept safe, ”he said. "This is a company whose entire business model is based on collecting incredibly sensitive and personal information. This violation is another sign that the potential benefits of Clearview technology do not outweigh the serious privacy risks associated with it."

Source link