The US Department of Homeland Security (DHS) has signed a contract with Clearview AI to give Immigration and Customs Enforcement (ICE) access to the controversial facial recognition firm's technology. Tech Inquiry, a non-profit technology watchdog and rights outfit, spotted documents revealing the deal last week. The $224,000 purchase order, signed on August 12, 2020, is for "Clearview licenses" relating to "information technology components," but no further information has been made public. The contract will last until September 4, 2021. Tech Inquiry has submitted a Freedom of Information Act (FOIA) request for the contracts and communication between Clearview AI and ICE relating to the award.
Clearview AI has been fined £7.5 million by the UK's privacy watchdog for scraping the online data of citizens without their explicit consent. The controversial facial recognition provider has scraped billions of images of people across the web for its system. Understandably, it caught the attention of regulators and rights groups from around the world. In November 2021, the UK's Information Commissioner's Office (ICO) imposed a potential fine of just over £17 million on Clearview AI. Today's announcement suggests Clearview AI got off relatively lightly.
The data protection authority in Hamburg, Germany, for instance, last week issued a preliminary order saying New York-based Clearview must delete biometric data related to Matthias Marx, a 32-year-old doctoral student. The regulator ordered the company to delete biometric hashes, or bits of code, used to identify photos of Mr. Marx's face, and gave it till Feb. 12 to comply. Not all photos, however, are considered sensitive biometric data under the European Union's 2018 General Data Protection Regulation. The action in Germany is only one of many investigations, lawsuits and regulatory reprimands that Clearview is facing in jurisdictions around the world. On Wednesday, Canadian privacy authorities called the company's practices a form of "mass identification and surveillance" that violated the country's privacy laws.
Australia's Information Commissioner has found that Clearview AI breached Australia's privacy laws on numerous fronts, after a bilateral investigation uncovered that the company's facial recognition tool collected Australians' sensitive information without consent and by unfair means. The investigation, conducted by the Office of the Australian Information Commissioner (OAIC) and the UK Information Commissioner's Office (ICO), found that Clearview AI's facial recognition tool scraped biometric information from the web indiscriminately and has collected data on at least 3 billion people. The OAIC also found that some Australian police agency users, who were Australian residents and trialled the tool, searched for and identified images of themselves as well as images of unknown Australian persons of interest in Clearview AI's database. By considering these factors together, Australia's Information Commissioner Angelene Falk concluded that Clearview AI breached Australia's privacy laws by collecting Australians' sensitive information without consent and by unfair means. In her determination [PDF], Falk explained that consent was not provided, even though facial images of affected Australians are already available online, as Clearview AI's intent in collecting this biometric data was ambiguous.
Canadian regulators on Wednesday said facial-recognition-software company Clearview AI Inc. violated federal and provincial privacy laws in the country by offering its services there, though they acknowledged having limited enforcement powers in penalizing the New York-based company and others like it. Regulators said Clearview collected "highly sensitive biometric information without the knowledge or consent of individuals," affecting millions of Canadians. Clearview has a database of about 3 billion photos it scraped from the internet, allowing it to search for matches using facial recognition algorithms. The practices violated federal and provincial laws, regulators said, including in Quebec where express consent is required to use biometric data. Officials with four Canadian regulatory agencies said they completed an investigation into Clearview that began last February, finding that the company served 48 accounts for law enforcement agencies and other organizations across the country, including a paid subscription by the Royal Canadian Mounted Police.