Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 9 submissions in the queue.
posted by janrinok on Monday April 20 2020, @07:34PM   Printer-friendly
from the forgot-to-secure-it-again dept.

Security lapse exposed Clearview AI source code – TechCrunch:

Since it exploded onto the scene in January after a newspaper exposé, Clearview AI quickly became one of the most elusive, secretive and reviled companies in the tech startup scene.

The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it and match it against its alleged database of 3 billion images, which the company scraped from public social media profiles.

But for a time, a misconfigured server exposed the company's internal files, apps and source code for anyone on the internet to find.

Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview's source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code.

The repository contained Clearview's source code, which could be used to compile and run the apps from scratch. The repository also stored some of the company's secret keys and credentials, which granted access to Clearview's cloud storage buckets. Inside those buckets, Clearview stored copies of its finished Windows, Mac and Android apps, as well as its iOS app, which Apple recently blocked for violating its rules. The storage buckets also contained early, pre-release developer app versions that are typically only for testing, Hussein said.

The repository also exposed Clearview's Slack tokens, according to Hussein, which, if used, could have allowed password-less access to the company's private messages and communications.

Related Stories

Clearview AI to Stop Selling Controversial Facial Recognition App to Private Companies 9 comments

Clearview AI to stop selling controversial facial recognition app to private companies:

Controversial facial recognition provider Clearview AI says it will no longer sell its app to private companies and non-law enforcement entities, according to a legal filing first reported on Thursday by BuzzFeed News. It will also be terminating all contracts, regardless of whether the contracts are for law enforcement purposes or not, in the state of Illinois.

The document, filed in Illinois court as part of lawsuit over the company's potential violations of a state privacy law, lays out Clearview's decision as a voluntary action, and the company will now "avoid transacting with non-governmental customers anywhere." Earlier this year, BuzzFeed reported on a leaked client list that indicates Clearview's technology has been used by thousands of organizations, including companies like Bank of America, Macy's, and Walmart.

"Clearview is cancelling the accounts of every customer who was not either associated with law enforcement or some other federal, state, or local government department, office, or agency," Clearview's filing reads. "Clearview is also cancelling all accounts belonging to any entity based in Illinois." Clearview argues that it should not face an injunction, which would prohibit it from using current or past Illinois residents' biometric data, because it's taking these steps to comply with the state's privacy law.

Previously:
(2020-04-20) Security Lapse Exposed Clearview AI Source Code
(2020-04-18) Some Shirts Hide You from Cameras
(2020-03-13) Vermont Sues Clearview, Alleging "Oppressive, Unscrupulous" Practices
(2020-02-28) Clearview AI's Facial Recognition Tech is Being Used by US Justice Department, ICE, and the FBI
(2020-02-26) Clearview AI Reports Entire Client List Was Stolen
(2020-02-24) Canadian Privacy Commissioners to Investigate "Creepy" Facial Recognition Firm Clearview AI
(2020-02-06) Clearview AI Hit with Cease-And-Desist from Google, Facebook Over Facial Recognition Collection
(2020-01-22) Clearview App Lets Strangers Find Your Name, Info with Snap of a Photo, Report Says


Original Submission

Senator Fears Clearview AI Facial Recognition Use on Protesters 37 comments

Senator fears Clearview AI facial recognition could be used on protesters:

Sen. Edward Markey has raised concerns that police and law enforcement agencies have access to controversial facial recognition app Clearview AI in cities where people are protesting the killing of George Floyd, an unarmed black man who died two weeks ago while in the custody of Minneapolis police.

[...] "As demonstrators across the country exercise their First Amendment rights by protesting racial injustice, it is important that law enforcement does not use technological tools to stifle free speech or endanger the public," Markey said in a letter to Clearview AI CEO and co-founder Hoan Ton-That.

The threat of surveillance could also deter people from "speaking out against injustice for fear of being permanently included in law enforcement databases," he said.

Markey, who has previously hammered Clearview AI over its sales to foreign governments, use by domestic law enforcement and use in the COVID-19 pandemic, is now asking the company for a list of law enforcement agencies that have signed new contracts since May 25, 2020.

It's also being asked if search traffic on its database has increased during the past two weeks; whether it considers a law enforcement agency's "history of unlawful or discriminatory policing practices" before selling the technology to them; what process it takes to give away free trials; and whether it will prohibit its technology from being used to identify peaceful protestors.

[...] Ton-That said he will respond to the letter from Markey. "Clearview AI's technology is intended only for after-the-crime investigations, and not as a surveillance tool relating to protests or under any other circumstances," he said in an emailed statement.

Previously:

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2, Interesting) by aristarchus on Monday April 20 2020, @07:50PM (5 children)

    by aristarchus (2645) on Monday April 20 2020, @07:50PM (#985200) Journal

    original submission [soylentnews.org]

    If SN were an academic journal, some serious kicking of editorial butts would be taking place. First, giving AC the lead credit, when AC submitted after I did, having checked for prior coverage? And then managing to bury the original aristarchus submission? What with the "holding" of aristarchus subs, these are all techniques to censor view points and NEWS that some at SoylentNews have ideological hostility towards. Almost makes me think that SN does not actually want user submissions. Maybe I should stop. Just Kidding!

    • (Score: 3, Insightful) by fadrian on Monday April 20 2020, @08:31PM (4 children)

      by fadrian (3194) on Monday April 20 2020, @08:31PM (#985212) Homepage

      If certain people didn't NEED to have their submissions checked, then maybe their stories would get to the front page sooner. That being said, the notion that some random, offshoot blog would come anywhere close to a reviewed publication in terms of editorial quality is so laughable that one wonders if your comment would be better suited for the Onion than for here.

      --
      That is all.
      • (Score: 3, Insightful) by NickM on Monday April 20 2020, @09:18PM

        by NickM (2867) on Monday April 20 2020, @09:18PM (#985224) Journal
        At least he is not spamming like ap?, not paranoid like jmichaelhudsondotnet and provides some kind of entertainment via his performance art.
        --
        I a master of typographic, grammatical and miscellaneous errors !
      • (Score: 2, Offtopic) by aristarchus on Tuesday April 21 2020, @12:27AM

        by aristarchus (2645) on Tuesday April 21 2020, @12:27AM (#985286) Journal

        And within mere minutes, more aristarchus submissions meet their appointed fates, rejected from hidden "hold" queue, to wander aimlessly across the muted sands of time, like silent claws of censored clams! Oy, the Mussels! Oh, the carapacians! Not like anyone is trying to cover up anything, like perhaps, Illegal human experimentation [soylentnews.org], or Magical Republican Syndrome [soylentnews.org]. Sorry, all off topic, except for the fact that Trump's supporter, and "young blood" vampire Peter Thiel is behind Clearview AI.

      • (Score: 0) by Anonymous Coward on Tuesday April 21 2020, @01:58AM

        by Anonymous Coward on Tuesday April 21 2020, @01:58AM (#985310)

        that one wonders if your comment would be better suited for the Onion than for here.

        LOL, you say it like S/N is the pinnacle of serious foruming.

      • (Score: 2) by DannyB on Tuesday April 21 2020, @02:26PM

        by DannyB (5839) Subscriber Badge on Tuesday April 21 2020, @02:26PM (#985436) Journal

        one wonders if your comment would be better suited for the Onion than for here.

        What is this Onion you speak of? Hmmm. Interesting.

        --
        The server will be down for replacement of vacuum tubes, belts, worn parts and lubrication of gears and bearings.
  • (Score: 2) by krishnoid on Monday April 20 2020, @09:15PM (2 children)

    by krishnoid (1156) on Monday April 20 2020, @09:15PM (#985223)

    Seems like anyone can look at the source now (and maybe examine it for bugs), but they don't have the data against which to run it. Considering their explicitly stated mission already makes people hate them anyway, how bad is this, really, for Clearview? Are people gonna complain about inconsistent indentation or undesirable algorithm complexity?

    • (Score: 1) by DECbot on Monday April 20 2020, @09:45PM

      by DECbot (832) on Monday April 20 2020, @09:45PM (#985234) Journal

      Obviously they train the AI compiled from the source code with a dataset that will guarantee false positives and show the method is unreliable. Then it will be on Clearview to demonstrate the quality of their training dataset and how their running AI is superior than the AI trained by the inferior dataset. In a dick measuring contest, 300 millimeters beats 12 inches.

      --
      cats~$ sudo chown -R us /home/base
    • (Score: 2) by DannyB on Tuesday April 21 2020, @02:29PM

      by DannyB (5839) Subscriber Badge on Tuesday April 21 2020, @02:29PM (#985438) Journal

      Seems like anyone can look at the source now

      Data wants to be free!

      (no, it's his brother that wants to be free)

      What if the source could be written by an AI having the properties:

      • it is highly optimal for its intended purpose
      • it is udderly incomprehensible / indecipherable to mere humans
      --
      The server will be down for replacement of vacuum tubes, belts, worn parts and lubrication of gears and bearings.
  • (Score: 5, Interesting) by khallow on Monday April 20 2020, @11:04PM (1 child)

    by khallow (3766) Subscriber Badge on Monday April 20 2020, @11:04PM (#985267) Journal
    Clearview AI is the "most elusive, secretive and reviled" and yet, we have
    1. Public announcement of what they do - enough on its own to destroy any nascent benefit of the doubt they might receive as yet another anonymous business.
    2. Their customer list got leaked.
    3. Now, their software got leaked.

    It's the secretive, but highly public train wreck. I wonder who their competitors are, because those guys are going to get a lot of business.

    • (Score: -1, Offtopic) by Anonymous Coward on Tuesday April 21 2020, @07:45AM

      by Anonymous Coward on Tuesday April 21 2020, @07:45AM (#985369)

      khallow says: #freearistarchus!!!!1!!!

(1)