Clearview AI commercialization of facial recognition raises concerns, risks

Facial recognition as a service has caught the attention of regulators and litigators. CISOs at companies considering the technology need strong privacy protections in place.

facial recognition technology
Thinkstock

The year is 2054 and a man walks into a Gap store. The virtual salesperson greets him by name, “Hello Mr. Yakomoto. Welcome back to the Gap,” from the life-size video monitor. This famous scene is cribbed from the film Minority Report. The prescience displayed in the 2002 film has actually short-changed the advances of science and technology between then and now. Indeed, some may argue that today we are well beyond the fictional capabilities of the Minority Report. The moral dilemma posed in the film, however, remains.

Today many sensors and cameras are in constant search-and-connect mode. Recently, Clearview AI has announced that it is taking its advanced facial recognition technologies beyond the already controversial government/law enforcement usage into the commercial sector. The company, according to the Washington Post, has accumulated over 100 billion facial photos and is adding to the total at a rate of 1.5 billion images per month, which it wishes to monetize. 

While Clearview AI is not sailing in the ocean of facial recognition technology alone, it is meeting with a strong headwind of controversy, complete with global efforts to regulate how the technology may be used, especially in law enforcement. Some other facial recognition vendors have stepped away while others simply have taken a pause.

Major vendors pause then restart facial recognition services

In June 2020 IBM abandoned its facial recognition technology and “no longer offers general purpose IBM facial recognition or analysis software. IBM firmly opposes and will not condone uses of any technology offered by other vendors for mass surveillance, racial profiling, violations of basic human rights and freedoms ….”

Concurrent with IBM’s abandonment of the technology, Microsoft announced that it, too, would not  sell its facial recognition software to police departments “until we have a national law in place grounded in human rights, that will govern this technology.” Fast forward, to January 2022 and Microsoft is offering facial recognition technology via its Azure product platform. The company highlights the utility of the technology for identification verification and authentication, security and access control, event and travel security and smart home applications.

Joining in with IBM and Microsoft in June 2020, Amazon placed a one-year moratorium on its Rekognition computer vision technology. Now in 2022, it has joined Microsoft with a product offering. The Amazon facial recognition capability is available to all with a plethora of suggested uses including content moderation, facial compare and search, and face detection and analysis as part of its AWS offering.

Legality of collecting facial images in doubt

Clearview AI has been in court for the last few years defending its right to “scrape photographs from the internet.” In mid-February, U.S. District Judge Sharon Coleman issued an opinion and order that dismissed the company’s attempt to have the pending consolidated class-action lawsuit dismissed. The lawsuit alleges the company “scraped more than three billion photographs posted online, then used artificial intelligence algorithms to scan facial geometry, harvesting unique biometric identifiers to build databases it sold to retailers, law enforcement agencies and others.”

The company does not appear to be contesting it is scraping data. Indeed, the three-billion number is indicative of how long the lawsuit has been kicked down the road, given the databases currently stands at 100 billion images and counting.

Governments considering regulation of facial recognition technology

Meanwhile, the European parliament has called for a ban on the use of facial recognition technology. The European ban specifically calls out the use of “artificial intelligence in criminal law and its use by the police and judicial authorities in criminal manners,” which addresses the police use of the technology.  

In the United States, Senate Bill 3284, Ethical use of Facial Recognition Act was introduced in February 2020 and went nowhere. Perhaps influenced by the fact that the U.S. government not only is using this technology, but it is also pushing for better, faster and more accurate solutions to be derived from the technology. Which makes it all the more ironic that the U.S. National Counterintelligence Security Center in January 2022 issued a warning to the nation to be aware of commercial surveillance tools.

How CISOs should prepare for the risk of facial recognition

As CISOs and product managers look to implement facial recognition technology into their corporate infrastructure and product offerings, it makes sense to ensure a complete review of how the data collected is protected. This review should include a robust scrub of process and procedure with respect to the risks the accumulated data presents in terms of protecting individual rights to privacy and preserving basic human rights.  

Copyright © 2022 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.