Controversial facial recognition company Clearview AI may have run afoul of a federal children's privacy law, Senator Ed Markey says in a new letter to CEO Hoan Ton-That.
“I am concerned that Clearview might be collecting and processing images of children in violation of federal law,” the Democratic Massachusetts senator writes. “In the process of scraping billions of photos from social media to build its database, I fear Clearview may also have indiscriminately collected and processed images of children under 13.”
Markey specifically says Clearview may have violated the Children's Online Privacy Protection Act, which prohibits website operators from knowingly collecting personal data from children under 13, without their parents' permission.
Clearview, which came to public attention earlier this year, says it offers a facial-recognition database to police departments and other “security professionals.”
The company reportedly created its product by scraping billions of photos from Twitter, Facebook and other companies, then deploying facial-recognition technology to create a faceprint database.
Markey notes in his letter that many Facebook users are believed to be under 13, although the company's terms of service prohibit children under 13 from creating accounts.
Since news about Clearview came to light, the company has faced widespread criticism. Twitter, Google and Facebook have demanded that Clearview stop scraping their sites for photos, several people brought a class-action privacy complaints, and New Jersey's attorney general told state prosecutors to stop using the service.
It also emerged last week that Clearview suffered a data breach resulting in the theft of its client list.
The company has not publicly disclosed names of its customers, but BuzzFeed reported last week that Clearview's clients include US Immigration and Customs Enforcement, the US Attorney's Office for the Southern District of New York, and Macy’s.
Markey first expressed concerns about Clearview's technology in January, writing that its tool was “capable of fundamentally dismantling Americans' expectations that they can move, assemble, or simply appear in public without being identified.”
At the time, he asked Ton-That to provide a host of data about the company, including information about its clients.
Clearview refused to answer Markey's questions. Instead, company lawyer Tor Ekeland wrote in January 31 letter to the lawmaker that Clearview is a “privately held company and cannot disclose its proprietary technology or its clients without appropriate safeguards.”
On Tuesday Markey called that response “unacceptable,” and asked Ton-That to answer a detailed list of additional questions.
Among others, the lawmaker is asking whether hackers who stole the company's client list also accessed any facial images or other personally identifiable information.
He is also asking what steps Clearview has taken to comply with a biometric privacy law in Illinois that prohibits companies from compiling faceprint databases of state residents, without their written consent.
Markey additionally wants to know whether Clearview will comply with requests by Google, Facebook and Twitter to stop scraping, and whether it will delete images previously collected from those services.
The lawmaker is asking Clearview to respond by March 24.