Clearview AI won’t sell vast faceprint collection to private companies

Clearview AI – the web-scraping, faceprint-amassing biometrics company that’s being sued over collecting biometrics without informed consent – says it’s no longer going to sell access to its program to a) private entities or b) any entity whatsoever that’s located in Illinois.
Clearview’s artificial intelligence (AI) program can identify someone by matching photos of unknown people to their online photos and the sites where they were posted. Clearview AI founder and CEO Hoan Ton-That has claimed that the results are 99.6% accurate.
The company’s change of heart was revealed in court documents submitted during the course of a class action suit against Clearview that was filed in Illinois in January. It’s just one of multiple suits: Clearview’s also up against similar lawsuits in Vermont, New York and California.
The Illinois suit charges the company with breaking the nation’s strictest biometrics privacy law – Illinois’s Biometric Information Privacy Act (BIPA) – by scraping some 3 billion faceprints from the web to sell to law enforcement and to what’s turned out to be a motley collection of private entities, including Macy’s, Walmart, Bank of America, Target, and Major League Baseball team The Chicago Cubs.
From a court declaration made by Clearview legal counsel Thomas Mulclaire and filed on Wednesday:

Clearview is in the process of cancelling the accounts of every remaining user who was not either a law enforcement body or other federal, state, or local government department, office or agency. At the same time, Clearview is in the process of cancelling all user accounts belonging to any entity located in Illinois.

The suit contends that Clearview violated BIPA by using biometric data for commercial purposes and is seeking a temporary injunction that would prevent the company from using the information of current and past Illinois residents for its facial recognition program.

BuzzFeed investigations have shown that Clearview’s been happy to try to drum up new business by handing out free trials to friends, potential political allies, and hundreds of private companies, some of which converted to paying customers.
In February, BuzzFeed reported that at the time, Clearview was working with more than 2,200 law enforcement agencies, companies, and individuals around the world, including the US Justice Department, the US Immigration and Customs Enforcement (ICE), the FBI, US Customs and Border Protection (CBP), Interpol, hundreds of local police departments, and the National Basketball Association (NBA).
In other words, at least up until things started getting sticky with legal and regulatory matters, Clearview threw its technology at anybody and everybody, in spite of Ton-That having said that …

It’s strictly for law enforcement.

As of February, BuzzFeed was reporting that Clearview had been aggressively pursuing clients outside of law enforcement, including in law, retail, banking, and gaming, and that the company had been trying to gain traction outside of the US and Canada by pushing into Europe, South America, Asia Pacific, and the Middle East.
Small wonder that the company’s turning tail and running from the land where biometrics companies are being forced to their knees over privacy issues. Facebook, for one, has had to face the BIPA music to the tune of $550 million.
That’s how much it agreed to pay to settle a BIPA suit brought over the platform’s practice of scanning a user’s face in photos and offering tagging suggestions. Vimeo is also facing a BIPA lawsuit for storing people’s photos without their say-so.
How do you block out Illinois? Clearview’s attorneys told the Illinois court that the company has blocked all photos that were geotagged as having been uploaded in the state, or that have metadata (known as EXIF data) associating them with a geolocation within Illinois. They won’t appear in any search results, the company promised, nor can anybody query the database in a way that will return Illinois images, outside of document retention guidelines relevant to court requirements.
But as BuzzFeed notes, it’s unclear how Clearview will manage to sequester Illinois residents from searches on its database, given that many of the social media websites that have fattened its database with their images—such as Instagram, Facebook, and Twitter—typically strip metadata from photos once they’re posted. As it is, many of those companies – including Facebook, Google and YouTube – have ordered Clearview to stop scraping their sites.
On Wednesday, Clearview also said, in an 18-page memo to oppose the preliminary injunction, that it would no longer collect biometric data from images stored on servers that are displaying Illinois IP addresses or from websites with URLs containing keywords such as “Chicago” or “Illinois.” The company says it’s also implementing an opt-out mechanism to enable people to have their photos excluded from its database.
It’s taking these voluntary steps to comply with state law, it said, so the judge has no need to grant the injunction ordering it to leave Illinois residents in peace, free from its faceprint hoovering.

Latest Naked Security podcast