The source code of controversial facial recognition tech startup Clearview AI has reportedly been exposed due to a lapse in security measures.
TechCrunch reports that the source code of the controversial facial recognition firm Clearview AI has been exposed after a misconfigured server left the company’s internal files, apps, and source code public allowing anyone on the internet to find it. This was discovered by Mossab Hussein, the chief security officer at the Dubai-based cybersecurity firm SpiderSilk.
The repository included Clearview’s source code which could be used to compile and run the company’s facial recognition apps. The repository also stored the company’s secret keys and credentials which provides access to Clearview’s cloud storage buckets where the company stores finished copies of its Windows, Mac, iOS and Android apps. The repository also included Clearview’s Slack tokens which according to Hussein, could have allowed password-free access to the company’s private messages and communications.
Clearview AI CEO Hoan Ton-That made headlines a few months ago after stating that he has a First Amendment right to scrape through billions of photos online to add to his company’s database of three billion pictures.
Clearview AI has developed a system that allows users to upload a photo of a person to the app and see public photos of that person, along with links to where those photos appeared. The system scrapes information from Facebook, YouTube, and millions of other websites.
Clearview AI’s facial surveillance systems have been licensed to over 600 law enforcement agencies from the FBI to the Department of Homeland Security and regular local police departments. The system operates with almost no oversight, is reportedly exempt from biometric data laws, and has been marketed widely to law enforcement agencies.
The company has previously faced data breaches, in February of 2020 Breitbart News reported that the company’s entire client list had been stolen. Clearview AI revealed that an intruder “gained unauthorized access” to its customer list, the number of user accounts the customer had set up, and the number of searches that customers have conducted using the service.
Tor Ekeland, an attorney for Clearview AI stated: “Security is Clearview’s top priority. Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”
David Forscey, the managing director of the non-profit Aspen Cybersecurity Group, commented on the breach stating: “If you’re a law-enforcement agency, it’s a big deal, because you depend on Clearview as a service provider to have good security, and it seems like they don’t.”
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com