As a California or EU resident, shouldn't it be illegal for it to be opt-out?
(edit: on further reading it looks like GDPR requires opt in, while CCPA seems to only require opt in for people younger than 16, and requires opt-out for people 16 or older, which is some bullshit)
Regardless, I should be able to say "I'm opting out" and the onus should be on them to figure out how to do it, rather than me submitting enough pictures for them to recognize and exclude me from their crawler. This seems against even CCPA.
(another edit since this pisses me off so much: The page linked says "Alternatively, you can email: privacy-requests@clearview.ai" so I'm just going to email them to tell them I opt out. They can figure out how to comply with my opt out)
The funny thing is that you can't really opt out if the mechanism they use to tell their system to ignore you is in and of itself facial recognition based.
They'd have to crawl all incoming data, and compare it with you (I.e. identifying you) in order to know whether or not that picture they just slurped up was someone who had opted out. Opt-outs don't work by definition when what you are opting out of is a system of identification.
The fact of the matter is, the system shouldn't have been made in the first place,and the mere existence of it guarantees the capability for it to be abused.
> the system shouldn't have been made in the first place,and the mere existence of it guarantees the capability for it to be abused
I casually know the guys who made this, and they're, well, unorthodox thinkers in terms of ethics. I highly doubt that, say, government regulations would've prevented them from building this app (although it may prevent them from using it in certain regions).
It's very hard to put neural network and image recognition tools into public hands and also prevent anyone in the world from building something like this. Such is the Pandora's Box of technology.
Oh absolutely - Considering what clearview did was replicated by a few individual researchers, I'm sure any government or private entity that wants to build s system like this has.
But I think most people here would fight against those systems once discovered, and there's no reason to allow clearview to profit now.
How will laws help against the same thing, but made by unlawful people? I think it's better to accept that privacy in the classic sense is dead and adjust.
Well, you can doubt it, but it is what it is: "efektivní" in Czech means both effective ("successful in producing a desired or intended result") and efficient ("working or operating quickly and effectively in an organized way") combined. Also it seems like that "efficient" in English includes "effective" as well, so there probably was no actual problem with my original comment.
Maybe it is you who should check the thesaurus and get a little more understanding of the world before posting dismissive comments.
That is not the commonly accepted definition of "efficient" in English. It would be more like "making good, thorough, or careful use of resources; not consuming extra."
The distinction is important because one can be very efficient (using resources carefully) while being ineffective (not achieving desired results).
In this context, the distinction is relevant because it is not clear that mass surveillance is a useful tool for preventing unlawful behavior (what most of us consider to be the desired result of law enforcement). Mass surveillance is effective at mass population control (e.g., subverting opposition political movements).
Well if you legally have to be able to opt out, and they can't opt you out without completely reworking their business, then legally it seems like they should have to rework their business if you opt out. I'd call that a functioning opt out, even though I expect I'm being unrealistically optimistic :(
There is a slight problem (i am not sure if this is valid case, just thinking loud), if the data were gathered from public sources like fb, they might argue that those data are public.
Yes, I think this is what they'd argue too. But something to think about: Recently Google was asked (in France[1]) to start paying publishers for including news snippets in search results. That data is also "public" in the sense that it is available for crawling, but it is still owned by creators who can (and did) exercise rights to limit use. Presence of a third platform like Facebook further complicates this (I don't know if you sign off your rights to your photos when you upload them to FB for example).
In raw, mathematical black/white terms, yes, I grant that image with my name next to it is technically public. However, uploading a profile portrait is typically intended for someone who searches for your name to determine whether or not a particular URL represents the person they met offline. I have to walk past a security camera to go through a store checkout - my image is in that camera because I want to buy stuff, not because I want my image to be public - and I might present my ID to the clerk because I want to be identified as of age to legally buy alcohol, not because I want the camera to link my face to my name (and my purchase list) or anything creepy like that.
When a person uploads a profile picture or appears in a security camera feed, they typically have an intent that doesn't match Clearview's use case, and an expectation that the stuff that Clearview.ai is trying to do with the image was humanly impossible. Historically, it has been impossible. True, some people are good with faces, and I'm sure some of them work in law enforcement or advertising, but no one can cross-reference 7 billion profile pictures to every security camera on the planet, and remember who went where at what time.
I'd argue that there's a fundamental difference in whether a right does or does not apply based on scale. A human looking at one data point needs to be approached ethically and legislatively differently from a machine looking at a million identical data points, because the use cases are different.
Clearview.ai is trying to make a land grab on human rights, asserting that because the things that they're trying to do have not yet been prohibited (because they're complicated, and because no one realized they were feasible) that they ought to continue to be allowed to do them.
I imagine scraping Facebook might be similar to the result in the hiQ v. Linkedin case, involving scraping public LinkedIn information. At the time, the EFF and a lot of others celebrated the ruling. For example, the EFF characterized it as a victory for "...the wide variety of researchers, journalists, and companies who have had reason to fear cease and desist letters threatening liability simply for accessing publicly available information in a way that publishers object to."
I feel like there ought to be a line somewhere. Like, maybe you can access the data because it's public, but to (for example) profit off of it or even share it further, you need more than just the fact that it's public.
For some reason open source licenses come to mind. You can use this code (or image) under terms XYZ and this license has to go with it too. That way, me letting github to show my code publicly doesn't give you license to do whatever you want with it. Or me letting linkedin show my picture doesn't give you license to do whatever you want with it. Maybe we need something like that.
If you make your profile available publicly then I'd argue it is indeed public. As far as I'm aware, Clearview doesn't have a relationship with Facebook to access non-public data and instead they just operate a web crawler storing anything that's being served without requiring auth.
An image at the top of a news article on cnn.com is "public" in the sense that anyone can access it. But the company and the photographer still retain rights to that image - you can't take it and use it for whatever you like.
What is confusing here is that everyone imagines that clearview (and google, and fb, ...) are really storing those pictures. In reallity they just train their ai. There is no trace of that picture on their servers once you delete it. But ai is capable of recognizing you, in case of clearview from picture. In case of google and fb from your picture, browsing habits, contacts, gps coordinates, your friends, semantics of your texts, ... The only difference is that google and fb are not so stupid to advertise this. But capability is there.
IANAL but I think the GDPR does not just look at the data in isolation, but considers the data and what it is used for.
Thus if I give a company access to my data it does not give them a carte blanche to use it however they see fit, instead I have allowed usage of the data for a set of purposes.
I think that it can be like how github lets you have public repos that are covered under whatever license you like. Being public doesn't invalidate those licenses. Or if Disney made a movie free on youtube for a day, it doesn't lose legal protection over that movie.
GDPR puts the picture of a person under special protection. They need to ask for your permission if they want to store and process it. Additionally they are required to provide to you a copy of all information they have stored about you. Probably they claim that they deleted the pictures after they completed the training of their neuronal networks. I'd watch court proceedings, that try to figure out if the auto-encoded version of a picture still is under GDPR protection.
> I'd watch court proceedings, that try to figure out if the auto-encoded version of a picture still is under GDPR protection.
That’d be a fascinating case!
If these were people rather than computers, I don’t think you could ask them to forget a face. But they could be asked to destroy notes or derived work.
(edit: on further reading it looks like GDPR requires opt in, while CCPA seems to only require opt in for people younger than 16, and requires opt-out for people 16 or older, which is some bullshit)
Regardless, I should be able to say "I'm opting out" and the onus should be on them to figure out how to do it, rather than me submitting enough pictures for them to recognize and exclude me from their crawler. This seems against even CCPA.
(another edit since this pisses me off so much: The page linked says "Alternatively, you can email: privacy-requests@clearview.ai" so I'm just going to email them to tell them I opt out. They can figure out how to comply with my opt out)