“We believe that law enforcement must have the most advanced technologies to solve crimes, improve public safety and bring justice to victims. (…) Our platform, which is powered by facial recognition, is the largest known database with over 10 billion facial images from exclusively public web sources. » So much for the welcome message.
The American company Clearview AI, founded in 2017, offers American law enforcement a somewhat special search engine. Just enter a photo in its application, which will strive to find matches, and if possible some information about the person sought. In April 2021, the media Buzzfeed had obtained a list of users establishing that 1,800 American law enforcement services, from the local sheriff to the US Air Force, used it.
Online photo collection
Clearview does not revolutionize facial recognition technology. But its database, on an unprecedented scale, opens up new horizons. To create it, the company uses the technique of “scraping” (“scratch, scrape”). An algorithm reviews the photos freely accessible on the Internet, collects them and identifies them. “They consider that if a piece of data is on the public Internet, then the user has consented to its existence and its reuse”, explains Lucie Audibert, lawyer for the British NGO Privacy International, at the origin of several complaints against the company.
→ MAINTENANCE. Éric Salobir: “Technologies can make us more human”
“To block Clearview, social networks would have to develop specific algorithms that would detect its data acquisition behavior, explains Benoît Piédallu, of La Quadrature du Net, an association that protects freedoms online. But are they going to spend money to block someone doing illegal things? »
Doubts about the use of data
Besides the collection, there are serious doubts about how Clearview uses the data. She is particularly suspected of monitoring how the police use it. One example among others in these revelations by journalist Kashmir Hill in the New York Times in 2020: “At my request, police officers rotated my photo in the Clearview app. They soon received calls from company officials asking if they were speaking to the press – a sign that Clearview has the ability, and in this case the will, to track people wanted by law enforcement. . »
After Clearview offered to make its services available free of charge, Ukraine announced on Sunday March 13 that it was going to use the services of the American company, in particular to secure checkpoints. But the American company has drawn the wrath of regulatory authorities.
A monitoring system
Australia, Canada, Austria, Great Britain… As recently as March 9, the Italian authority condemned the company to a fine of 20 million euros and ordered it to delete all data relating to its nationals. “Clearview, contrary to what it had claimed, allows the surveillance of Italian citizens and people in Italy”, justified authority.
Artificial intelligence, Europe wants a framework
The same in France, where the National Commission for Computing and Liberties (Cnil) gave it formal notice in December to cease “the collection and use of data from persons on French territory in the absence of a legal basis”. The company would not have complied with the European data protection framework (the RGPD).
“Clearview says it has no business in the European Union and does not have to apply the GDPR, explains Lucie Audibert. Except that the GDPR applies if the data processed belongs to European residents. » In the United States, five lawsuits are known to date.
Every person in the world “identifiable”
Not enough to plan the ambitions of the leaders of the company. In February, the washington post has made public a document intended for its investors dated the end of 2021. The company is then seeking to raise 50 million dollars: it promises that the sum will allow it to increase, in one year, its database to 100 billion images and so, “almost every person in the world would be identifiable”.
The GDPR framework
The actions of the European Union regulatory authorities against Clearview are based on the General Data Protection Regulation (GDPR), adopted in 2016. In a formal notice sent on December 16, 2021, the Cnil (National Commission for the and freedoms) considers that the company violates this text, article 6 of which provides the conditions of use and data collection.
It requires that any company obtain the user’s consent beforehand or justify a legitimate interest. The CNIL considers that these conditions are not met. In addition, the company is criticized for not respecting the rights of users who have sent it requests for access to their data or simply for deletion.