Thursday, February 27, 2020

Shadowy facial-recognition company Clearview AI, with ties to Alabama Republican operative Jessica Medeiros Garrison, reports "intruder" stole client list


Jessica Medeiros Garrison at a gambling expo in Las Vegas.

 A controversial facial-recognition company, which has Alabama connections, said yesterday an "intruder" stole its entire client list, according to a report at The Daily Beast. It's not clear how the intruder gained access, if the data was stolen digitally or in some other fashion.

Birmingham-based GOP operative Jessica Medeiros Garrison serves as vice president of public affairs for Clearview AI, which has been pitching its services to law-enforcement agencies and casino operators, among others. Garrison is the one-time campaign manager and mistress for former U.S. Sen. (R-AL) and Alabama attorney general Luther Strange -- and her social-media presence appears to have gone dark since her ties to Clearview became public.

Reports Betsy Swan at Daily Beast:

A facial-recognition company that contracts with powerful law-enforcement agencies just reported that an intruder stole its entire client list, according to a notification the company sent to its customers.

In the notification, which The Daily Beast reviewed, the startup Clearview AI disclosed to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted. The notification said the company’s servers were not breached and that there was “no compromise of Clearview’s systems or network.” The company also said it fixed the vulnerability and that the intruder did not obtain any law-enforcement agencies’ search histories.

An attorney for Clearview quickly went into damage-control mode:

Tor Ekeland, an attorney for the company, said Clearview prioritizes security.

“Security is Clearview’s top priority,” he said in a statement provided to The Daily Beast. “Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”

The firm drew national attention when The New York Times ran a front-page story about its work with law-enforcement agencies. The Times reported that the company scraped 3 billion images from the internet, including from Facebook, YouTube, and Venmo. That process violated Facebook’s terms of service, according to the paper. It also created a resource that drew the attention of hundreds of law-enforcement agencies, including the FBI and the Department of Homeland Security, according to that report. In a follow-up story, The Times reported that law-enforcement officials have used the tools to identify children who are victims of sexual abuse. One anonymous Canadian law-enforcement official told the paper that Clearview was “the biggest breakthrough in the last decade” for investigations of those crimes.

What could the breach mean for Clearview? That remains unclear:

The notification did not describe the breach as a hack. David Forscey, the managing director of the no-profit Aspen Cybersecurity Group, said the breach is concerning.

“If you’re a law-enforcement agency, it’s a big deal, because you depend on Clearview as a service provider to have good security, and it seems like they don’t,” Forscey said.

Facial-recognition technology—which matches photos of unidentified victims or suspects against enormous databases of photos—has long drawn intense criticism from privacy advocates. They argue it could essentially mean the end of personal privacy, especially given the proliferation of security cameras in public places. Some law-enforcement officials, meanwhile, see it as a tool with enormous potential value.

No comments: