By Chand Bellur
February 29, 2020 at 8:38 p.m. PDT
- Clearview AI misused enterprise certificates by issuing them to the public.
- Enterprise certificates are only intended for internal use, within corporations.
- Apple blocked Clearview AI’s app for violating enterprise certificate rules.
Enterprise Certificates Authenticate Corporate Employees
Enterprise certificates authenticate users in corporate information systems. Unlike public certificates, the enterprise version grants greater access to corporate apps and networks.
These enhanced certificates are intended for internal use by corporate employees, however, recently, tech firms have misused the technology by offering enterprise certificates to the public. Facial recognition software developer Clearview AI recently had their app banned by Apple for violating enterprise certificate rules.
Clearview AI Violates Enterprise Certificate Rules
Apple issues strict guidelines for using enterprise certificates. This is done to ensure security, as this class of digital credentials is intended for internal use at corporations.
Clearview AI distributed their app’s enterprise certificate using public Amazon S3 storage space. Anyone could download their enterprise certificate, even though the app is intended for limited distribution to security personnel.
Apple’s response to Clearview AI’s certificate abuse was to block the app entirely. The move appears to be motivated by concern that the technology may get into the wrong hands. Clearview AI’s app allows security agents to identify people using a database of three billion images. It’s used by law enforcement and private firms such as Wells Fargo and Walmart.
Clearview AI Draws Industry Scorn
Apple isn’t the only major tech corporation conflicting with Clearview AI. The facial recognition software developer scrapes social media and the Web to assemble their massive image database. Social media companies, often employing similar technologies, have bristled at Clearview AI’s data gathering methods.
Both Facebook and Clearview AI violate Illinois privacy laws. The latter corporation settled a lawsuit for $550 million. Current pending lawsuits against Clearview AI could severely impact the small start-up corporation.
Hackers have gravitated toward Clearview AI. The company recently admitted to a data breach resulting in theft of their client list. Between Apple, social media corporations and malicious actors, Clearview AI has a lot going against them.
Clearview AI’s technology, however, is extremely useful for law enforcement agencies and private security. These entities may support Clearview AI or perhaps embrace a similar, competing product in the near future.
Laws against widespread abuse of biometric scanning are critical to preserving privacy. Pending litigation against Clearview and Facebook’s settlement may set a precedent that protects privacy.
Clearview AI may eventually get the green light from Apple. This would allow law enforcement and private security firms to continue using the app, which may violate existing privacy laws.
Reports indicate that Clearview AI CEO Hoan Ton-That is in compliance talks with Apple. If the company stops distributing their enterprise certificate publicly, Apple may very well lift the app’s ban. Pending legal action, however, may stop Clearview AI from infringing on personal privacy.