> The commissioners found Clearview scraped images of faces and associated data from publicly accessible online sources (including social media) and stored it in its database.
> What the commissioners recommended was that Clearview:
> • cease offering facial recognition services to Canadian clients;
> • cease collecting, using and disclosing images and biometric facial arrays collected from individuals in Canada, and;
> • delete images and biometric facial arrays collected from individuals in Canada.
> The company said those recommendations were impossible to execute.
Clearview claims that they have stopped selling to Canadian clients but they don't know where the people in the images are from. Probably true if they're just scraping images, but their argument seems to be "innocence by ignorance".
We don't usually allow that sort of argument in other areas. Stores cannot sell cigarettes/alcohol to minors and banks cant unknowingly launder money, and it is on them to make sure they collect enough data to comply with those laws. It may be hard or even impossible for Clearview to operate while following the law.. but maybe that just means they shouldn't.
>Clearview claims that they have stopped selling to Canadian clients but they don't know where the people in the images are from. Probably true if they're just scraping images, but their argument seems to be "innocence by ignorance".
This part of their defence is outright laughable. What's the point of having this sort of database without the associated metadata?
> This part of their defence is outright laughable. What's the point of having this sort of database without the associated metadata?
I'm not a fan of Clearview AI, but I understand it's still useful even for faces that aren't explicitly tied to an identity in the system, because the if the police know where the matched photo is from, they can do the legwork to fill in the missing details.
I think one of the examples in an early article about it had the police feeding a suspect's face into it. The system found a match in the background of some photo taken at a trade show (the guy was working a both). It only knew the website the photo was from, which allowed the police the identify the trade show, which allowed them to track down the people working at that booth to find their suspect.
The point being... _they then know where it's from_, that's the metadata. If they know the trade show, then they know where and when it was, whether it was in Canada and whether they need to delete it.
> The point being... _they then know where it's from_, that's the metadata. If they know the trade show, then they know where and when it was, whether it was in Canada and whether they need to delete it.
In most cases they probably only know the URL, and it's far from trivial (or even possible in a general case) to mechanically derive if photo was taken in Canada from that.
Personally I hope they're forced to overshoot and delete far more than necessary to ensure compliance (e.g. only keep photos they can positively determine were taken outside of Canada).
They don't, they just know the original URL. IIRC, they also scrape news websites and it's impossible to automatically and correctly detect the location of a person.
Even if it's from a social network, you still can't be sure. Especially, if a photo have multiple persons.
It is so impossible that it is the actual use case they are selling?
" The system found a match in the background of some photo taken at a trade show (the guy was working a both). It only knew the website the photo was from, which allowed the police the identify the trade show, which allowed them to track down the people working at that booth to find their suspect."
Just as evidence I'm not defending them, I find their project totally unethical, and the owners and their associates are also highly involved with internet fascism and credential phishing (I know the source isn't the best, but I recommend reading the article): https://www.huffpost.com/entry/clearview-ai-facial-recogniti...
With that said: the order is clearly impossible to execute. There's a huge difference between police clicking on a URL in a result and manually investigating to determine the location and having their system automatically determine the location of all photos and delete the ones that are in Canada.
> With that said: the order is clearly impossible to execute.
It is clearly possible to execute, it would just require much higher costs per image that ClearView processes and the probable need for ClearView to avoid using any images that they can't verify the location of in am economical fashion.
Saying it is "impossible" is different from saying that the costs of compliance would fundamentally change ClearView's business model.
Sure, but the point is that their business is not viable then. If it's illegal to serve childporn and imgur can't profitably detect if it's serving childporn or not, then imgur is doomed. I think no one would dispute that?
Depends, what level of accuracy are you demanding?
If the answer is 100%, then yes, all user-generated content on the internet will have to be banned unless subject to manual human review before allowing the post to be seen, and even that is probably not perfect.
The matched photo is some piece of evidence the police already have from some investigation, e.g. surveillance camera or whatever. They know exactly where they got it. This is matched against the Clearview AI database. So then that match attaches information to the Clearview AI photo. They may be able to figure out where that was taken, since it is narrowed down.
Also, it opens up a very simple avenue for the watchdog: they might require Clearview to delete any data for which they can't prove that it's not Canadian.
Clearview said its facial recognition search engine "compares user-provided images of faces to a database of images indexed from public web pages. The tool allows law enforcement and national security agencies to identify victims and perpetrators of crimes.
How is this fundamentally different from Google image search? [0]
Did Clearview do something to be investigated? The commission essentially claimed they read about the company in the news and decided to act based on that. [1] It seems odd that haven't they investigated Google for the same. [2]
Seemingly neutral laws can be enforced inequitably or corruptly. A government that goes after the little guys and gives big cos a pass is illegitimate.
> A government that goes after the little guys and gives big cos a pass is illegitimate.
A government that governs without consent of the governed is illegitimate. A government that governs inconsistently is not necessarily illegitimate. The legitimacy of a government is not determined by any particular small-large business axis. Viewing the world through that axis is not helpful in this case.
And while we're at it, just because your government is unfair doesn't make it illegitimate. There are plenty of state governments[1] that were, and are incredibly unfair in their enforcement of their laws, but when they aren't actively stealing elections, I wouldn't call them illegitimate.
[1] For a crystal-clear example, the south under Jim Crow. Unfair laws, unfair enforcement of laws, but I'd be hard-pressed to argue that many of those governments did not have the consent of most of who they governed.
> A government that governs without consent of the governed is illegitimate.
This is not exactly a mainstream viewpoint.
> For a crystal-clear example, the south under Jim Crow. Unfair laws, unfair enforcement of laws, but I'd be hard-pressed to argue that many of those governments did not have the consent of most of who they governed.
But in the other direction, it's trivially easy to argue that many major governments did not have the consent of the governed. e.g. the Qing dynasty was hated by the Chinese people it ruled.
The consent of the governed is not even a theoretically valid concept as applied to large groups. You rule through force.
You are correct, it's possible to further expand that definition of legitimacy, to include de-facto legitimacy (I am the guy in charge, I might be in charge because I rule through fear and force, but since I am the guy in charge, I am legitimate.)
My point is that it doesn't make much sense to contract the definition of legitimacy. At a minimum, if a government has the consent of the governed, it is legitimate.
If it does not, well, we can split hairs about whether or not being a warlord, a king, or some other kind of despot counts.
I would love clearview's business model and models like it to be illegal. All sorts of internet businesses claim that they can't know the provenance of their data and therefore can't comply with certain laws. They then argue that that means they shouldn't have to comply. It really should go the other way: if you can't comply, then your business is illegal.
I agree with this sentiment in principal. In this particular case it gets a little hairy since the service is illegal in Canada, but the company is based in the USA and no longer accepting Canadian customers. I'm not sure what the line should be, but certainly we don't want a situation where any internet company can be shut down by any country that interacts with the internet.
Of course, I also think we should make this business model illegal in any country. But that's a different thread.
We've created a mess of legal jurisdiction and geography that is difficult to reconcile with globally distributed systems.
BC and Clearview both have a point. But which jurisdiction is in play? Is it the one where the person lives or where the picture was taken? Was it the company that took the picture, one of a dozen networks in play, the one that transmitted it to a server, or the one that aggregated it into a database, or the one that sold the data? There could be 20 countries involved.
Laws really need to catch up to the tech which has far outpaced them.
> We've created a mess of legal jurisdiction and geography that is difficult to reconcile with globally distributed systems.
It's easy to reconcile. If you want to operate in a jurisdiction, you are subject to that jurisdiction's laws, and legal injunctions. This is a very basic thing, on the level that a school-child can understand it. Just because you're operating using computers doesn't change a damn thing.
When a jurisdiction tells you that you can't operate in it, unless you change your behaviour, you either change your behaviour, or stop operating in it. Or keep operating, and be treated by it like a criminal. Or appeal.
If you don't like Canadian internet laws, don't do business in Canada. If you don't like Russian speech laws, don't do business in Russia, or plan a vacation in Leningrad. If you don't like Quebec language laws... Don't operate in Quebec.
You're not entitled access to every market in the world, if you can't comply with their rules. If the rules are contradictory, pick the ones you care about more.
What defines "operating"? Does it mean you are physically based there? Your infrastructure being there? Your company registration? Your bank account? Etc.
Back in the day these weren't problems in practice; for physical goods/services you typically were based in a single jurisdiction. If exporting goods, customs take care of it.
The internet has no "customs" equivalent though, so you can very well be based in one jurisdiction and yet process personal data of residents of another. Sometimes you may not even know where the data subject actually resides.
> What defines "operating"? Does it mean you are physically based there? Your infrastructure being there? Your company registration? Your bank account? Etc.
For globally distributed businesses governments can and will target payment processors.
> The internet has no "customs" equivalent though
We can thank regulators for not understanding this "computer" thing. This environment gave the industry 20 years of innovation. Nothing more depressing than dealing with custom and special snowflakes regulations (most of the time, to protect some local rent-seeker!).
In this case, BC can do whatever it wants, they have no jurisdiction. They might as well claim ownership of the moon.
If some aspect of an operation can be detained, expropriated, or extradited, now or in the future, then it operates in that jurisdiction. Otherwise it is just talk. Hence Assange is slowly on his way to the US; Snowden is just cold until the US has something to offer.
> What defines "operating"? Does it mean you are physically based there?
Whether or not I do any business with anyone controlled by the jurisdiction.
It's not a problem in practice.
I can host a website that pisses on Putin in the United States. I have no intentions of ever going to Russia. I don't rely on any Russian services. A Russian may visit it, because, well, Russia has access to the internet. I may be breaking Russian law, but I don't care, because I'm not operating in Russia. Russia can tell their ISPs to block me, or can ask for my host to cut me off. My host isn't likely to comply, because it too, is unlikely to have ties to Russia.
I put up an ad from a Russian company on it. I'm now operating in Russia, and Russia can shut that part of my business down, by forcing the Russian company to stop doing business with me. Once they do, I'm no longer operating in Russia.
Some jurisdictions reach further than others. Russia (or Canada) has jurisdiction over its corner of the world, and little else. The United States has jurisdiction over a very large part of the world, because a lot of businesses that I would partner with have an American presence, and will comply with American requests. China is somewhere in the middle. Its reach extends somewhat beyond its borders, but doesn't straddle the world.
If I run a liquor store in Florida, and a Saudi tourist visits it and buys a bottle of wine, that's not my problem. Saudi Arabia can't do anything to me, regardless of how many of their drug laws I'm breaking.
If I start advertising my store in Saudi Arabia, or move my money into a Saudi bank, or visit their kingdom, then I'll have a problem. Because it can do something to me. It can tell my business partners to cut me off, or seize my money, or, in the latter case, arrest me as a drug kingpin.
The internet has always stretched through many different legal jurisdictions. It's tech companies who have decided that they can hide fugitive at the other end of a wire.
> The internet has always stretched through many different legal jurisdictions.
Back in the early days this wasn't a problem in practice because internet-based entities were operating in good faith, so even if the legal landscape was murky, nobody had a need to resort to it. This has now changed as companies are now acting in bad faith doing things many find reprehensible, and a legal precedent and/or a change in law is needed to effectively deal with those bad actors.
> This has now changed as companies are now acting in bad faith
I wonder what the major impetus for the change has been. Is it akin to having a million monkeys guided by money on computers, eventually one of them will write code enabling a fascist internet?
Sort of. Originally, it was just hackers making things on the internet. Now, it's the most popular way to make money in the world. So if there's a way to make money doing something reprehensible on the internet, someone reprehensible will find it and do it.
>Laws really need to catch up to the tech which has far outpaced them.
None of this is new, or specific to tech, this is just how companies try to end-run the law.
How exactly would you propose changing jurisdictional boundaries and/or rules? Subjecting people to more governments that are not the ones for the areas in which they're operating? Removing the ability for some local areas to have control over the business that occurs in it?
What if they put out warrants for anyone involved and arrested them if they ever went to Canada? Extradition is probably off the table, but I think really the way to disincentivize this kind of garbage is at some level to hold people accountable for what their company does.
It's dubious for Canada to claim worldwide jurisdiction over pictures of Canadians. These two requests, that Clearview "cease collecting, using and disclosing images and biometric facial arrays collected from individuals in Canada" and "delete images and biometric facial arrays collected from individuals in Canada" sound like overreach.
Certainly, they can prevent Clearview from doing business inside Canada. Maybe even from accessing Canadian servers (though that would be tricky to implement and enforce). But from using images posted by Canadians to international platforms? Doubtful.
I think they are saying, "You did this in Canada and it was illegal and now you need to undo it," no? Not "We reserve the right to delete any picture of a Canadian person taken anywhere in the world."
My understanding is that they're claiming worldwide jurisdiction over Clearview's use of Canadians' pictures, such that Clearview letting a US client query their database for a picture of a Canadian would be contrary to the order.
As much as I dislike legal overreach in international matters, I agree: the pictures of Canadian individuals are likely to have been taken in Canada, or to come from Canadian sources or websites. The fact that they may have been shared with a US company (ex: Facebook, LinkedIn) is irrelevant: copyright etc. does not cease to exist when crossing a digital border. Some countries also have extra protections on top of copyright, like use right, certain rights you can't sign away, etc.
Even worse: by being able to correlate that to Canadian individuals (using metadata or facial metrics, etc), the company can't pretend they don't know who these pictures are from, or where they come from: they know damn well, which makes the court requests limited scope even more acceptable.
Also, claiming to be ignorant of Canadian law may not be a good excuse. They should have known, if only to start doing business there.
Let's construct an equivalent: if in ISIS or Afghan territory, a terrorist group had scraped pictures of people living in the EU or US, and known by them to be "enemies of the caliphate" or something equivalent and that's it's totally A-OK within their legal system to publish that on a website say to call for their murder (I must confess my ignorance on these matters but you get the idea), we'd all say "no it's not". This is just the same. What's legal for us to do domestically with domestic pictures of citizens may not be legal to do somewhere else, and importing the pictures to do it domestically doesn't magically make it legal.
Telling your followers to kill someone in another country is considered committing a crime in that country. Distributing information that at some point originated in another country is generally not. Where it is, it's because of something like a copyright treaty.
There's a bit of a hitch, as a photo can be legally taken, and legally transferred to a non-Canadian entity, at which point things get problematic. Canadian copyright and privacy rules don't usually apply to foreign entities.
If a canadian takes a picture of a canadian in canada, for example, it's canadian jurisdiction. And so long as any consequences for breaking it are limited to canada as well, it seems like it's still just canadian jurisdiction. It's not like they're trying to extradite the CEO for what they did in the US, or provide any extra-canadian consequences, right?
That's not really how it works. A judgment is kind of a universal thing. It is a right to the the value of the judgment and you can assert it in any number of ways. If you have a judgment against a foreign company, and that company temporarily has some assets in a bank in the country that issued the judgment, you can get a court order to have them seized. You can also go to other countries and enforce that judgment. If I sue you in the UK and win, but I can't adequately enforce the judgment in the UK because all of your assets are in another country, I can generally go to that other country and ask a court there to enforce the judgment. One of the main things that court will look into is whether the court that issued the judgment was acting properly under international law in the first place.
A country that issues a judgment beyond the scope of its jurisdiction under international law is violating international law. There's no international police to come get you, but you're not operating by the rules of the road and foreign countries will start to look at judgments originating in your country with suspicion. If you aggressively enforce illegally extraterritorial judgments, such as by seizing the assets of foreign actors that are just passing through your company, you might even get into tit-for-tats with other countries.
Extraterritorial jurisdiction is not totally illegal, but there are limits and this would seem to be outside of those.
Also of highly dubious legality. Would be interesting to see what would happen if an EU member state pursued damages on that angle and then tried to enforce the judgment in a US court. I would expect a US court would refuse to give it effect due to the other country exceeding the appropriate exercise of jurisdiction under international law.
Countries enforce laws on people/organizations they don't have jurisdiction over all the time. Usually it ends up with the country not being able to do anything about it until the convicted is doing business in that country, has assets there or is stepping foot into it (in the case of organizations: when a representative goes to that country).
Having another countries court enforce a judgement is the exception, it usually only happens if there's a treaty to that effect (like with copyright law).
You're mixing up personal jurisdiction with legislative jurisdiction. There is a body of customary international law that concerns the appropriate scope for extraterritorial legislative jurisdiction. This is separate from personal jurisdiction, which is in some ways easier to establish. In the US, for example, you can get personal jurisdiction over any natural person, and sue them for any way they wronged you anywhere in the world, merely by serving them with process while they are physically present in the US. But if you sue someone in Alabama for something they did in France, the Alabama court is going to apply French law in most cases. (in most countries, there is also something like the common law doctrine of forum non conveniens that allows courts to dismiss cases that are better heard by a court elsewhere)
And it's simply not the case that foreign judgments are generally unenforceable. See the discussion here https://en.wikipedia.org/wiki/Enforcement_of_foreign_judgmen... . No treaty is necessary, though it certainly helps the person seeking enforcement if there is one.
Legality at the root is what a nation or union of nations is able to enforce. Perhaps GPDR is not legal in the case law, but I see cookie banners on most sites I visit these days.
Ultimately, a country can regardless of what any other country says... ban a company from doing business within their borders, confiscate property within their borders, arrest employees within their borders, and prohibit employees or products from entering their borders.
Arguably, tech companies could just disregard GDPR, at the expense of all business, offices, and access to the European Union. However, if they want to continue to have that access, they need to comply with the EU's laws, even if someone could argue that those laws extend in dubious ways outside the borders.
The thing about national sovereignty, of which each EU member state has, and to some degree, the EU as a whole is capable of exacting, is that you can't decide whether you think their laws are reasonable or not, you can only decide if you're willing to comply in exchange for access to that market.
Bear in mind, the US literally tells people "you can't do business in Iran", and everyone accepts it, because the alternative of "you can't do business in the US" is way worse for business.
You're right in that international law isn't real in the same way that national laws are. But countries do consider international law in determining whether to give effect to another country's actions. If EU member states started seizing assets of businesses that it applied the GDPR to in violation of international laws, other countries would take that as a hostile action and possibly stop recognizing EU member state judgments, for example, as presumptively valid. And they can take retaliatory actions against European companies.
Customary international law is best thought of as widely accepted norms of fairness between sovereign states. There is no international police to come get you when you don't play nice, but staying within the dictates of international law generally protects you from accusations of unfair play and the consequences that can bring.
And yeah, the US maybe does violate international law in the specifics of its sanctions policies, though they are usually carefully crafted to only apply to people who somehow participate in the US financial/payments system. It's very possible that one day the US will pay the price for this overreach/maximalism when countries eagerly jump ship to an alternative international financial system, should a viable one emerge. But for now, the US is the only real game in town. The strong take what they can, and the weak suffer what they must.
And this is part of the reason why places like China have things like the GFW. Because they know that the US would never cooperate with even relatively benign things like foreign privacy laws (let alone more controversial things), so best ban them from the domestic network altogether.
PS: I have no intention of condoning the behavior of building censor networks like the GFW, but until there is some international court to adjudicate Internet jurisdiction cases, my prediction of the future is that there will be more and more countries adopting technological countermeasures and the Internet will be increasingly fragmented.
GDPR applies to individuals located in the European Union, and citizenship is not a factor. EU citizens have no GDPR rights while abroad, and conversely non-Europeans have GDPR protection while in the EU.
Clearview is not an ethical or well motivated company. It's not surprising they are attacking any institution who wants them to respect rights which are anathema to their business model. It's a quintessential Thiel company and I would be overjoyed if they went out of business.
Wait. Why "can't" Clearview comply with the order?
Don't they know the identities of the people whose photos they're scraping and storing? Thus, don't they know if those people are Canadian or not?
Or is Clearview just lazily scraping photos from the web etc. and storing whatever random username or pseudonym is attached to it, giving _that_ in search results? In which case, they should 1000% expect to be taken to task by jurisdictions all around the world for their gross overreach.
Wait, plus, isn't the very premise of their business just 99.99% pure IP infringement? They don't even have the legal right to use images posted online just because they're accessible. They are protected by copyright unless CC or public-domain licensed...
> They don't even have the legal right to use images posted online just because they're accessible. They are protected by copyright unless CC or public-domain licensed...
I'm not sure what the legal situation is exactly but it seems to be more complicated than that. The LinkedIn case appears to have determined that scraping public content is legal. I don't think you can redistribute it after that but I guess you can freely analyze it?
As to distributing (possibly even selling) the result of that analysis, see the GitHub Copilot controversy.
There are large OCR datasets of public domain books and old governmental records that come with a "no commercial use" clause. I'm not sure what the legality of feeding those in to an ML algorithm that gets used commercially is.
I really don't understand why they think that would be a suitable defense anyway? "It is too expensive for us to figure out if we're breaking the law, sorry."
I don’t know enough about Canadian IP law, but I assume they have protections for owners of images and maybe even for the subjects of the images.
clearview claims they can’t determine if a picture was taken in Canada or if the subjects are Canadian—if this is true, then they likely can’t determine if they have any legal right to be using the images in the first place.
It seems to me that the diligence should absolutely fall on clearview to determine if they’re lawfully using these images in every jurisdiction. I know there are many jurisdictions around the world and each will have their own laws but I mean, come on, this is common practice for every company in existence. For them to claim “we can’t follow the laws” is absurd.
Interesting to follow what happens. Great that there are still 'watch dogs' looking out for us.
The answer from the company to the order from the commission: "those recommendations were impossible to execute."
Imagine if a environmental commission ordered a company to stop polluting, and the company answered with those words!?
Google? Facebook? Microsoft? Any cell phone company? Most ISPs? Any of the CRAs? Any credit card company? Any major bank? About a thousand companies most people have never heard of? Palantir?
Checks article
> Clearview AI
OK. You really gotta specify in the headline. There are a lot of possibilities with that vague a description.
and how do they prove they did it in a way that makes you believe they did. Or how do you know that they didn't just use your request to confirm your identity? That's like clicking unsubscribe in SPAM.
Is it possible to tell if Clearview has my face in their dataset? Legally, they have no right to and I would like to get them to remove it if they do – I am an EU citizen and they have no right to have my data. However, to ask them to do that requires emailing them ID and a headshot [1]!
Does this seem silly, or deliberately obstructive?
If you cannot comply with Canadian laws, you cannot sell to, or operate in, Canada.
I don't think Clearview AI has any employees in Canada, so what do they stand to gain from this lawsuit? Does that tiny startup have any customers of note there?
I suspect they simply wouldn't care unless they actually fear repercussions from Canadian authorities. Whether those potential repercussions would be something to fear here and now, or if they simply want to keep the door open for potential future expansion, is not quite clear.
On the other hand, the scraping/facial recogniton they do would also violate European privacy regulations, and it could be they feel a win in a similar case would come in handy if they ever decide to offer their services to European customers.
Yes. I can't quote anything on this, but they were in trials with major tourism companies at the very least. Probably lucrative enough on their own, but in terms of data collection as a resource, those contracts would be a gold mine.
they don't really have a product outside storing data, an amateur could scrape Facebook and do facial recognition and the only reason it hasn't happened yet is because of how expensive the storage would be
Actually scraping Facebook is really difficult. They have some of the most aggressive browser-fingerprinting out there. Archive.is gave up trying because their facebook accounts kept getting restricted, and each new account needed a new SIM card to sign up so they aren't free..
Surprise, if you base you company on something which is illegal, or likely becomes illegal, you might no longer be able to comply with law without shutting down your company.
I feel like this is a very common delusion, the expectation of privacy when going into public.
It's like public photography. Some folks get really upset if their photo is taken out in public without consent, but those folks were out in public so zero expectation of privacy. Same exact thing for the Internet.
You're looking at the world through black and white, to the exclusion of all the shades of gray.
Someone snapping a photograph of a busy street is one thing. Someone snapping a photograph of a busy street, with a focus on you, because you are doing something that looks inappropriate, out of context, is another. Someone following you around, taking video, from the moment you step out of your front door, to the moment that you step back through it is a third.
That someone can be a stranger who doesn't know or care that you exist, a private individual with a deranged vendetta against you, who has threatened you with harm[1], a company that does this on a massive scale and aggregates data, a company that does this on a targeted, personal scale, a government agency that is lawfully investigating a crime, a government agency that is unlawfully acting out of vindictiveness, a government agency that is lawfully acting out of vindictiveness...
None of these things are the same, nor do they warrant the same "Oh, well, it's a public space, nobody owns it, everyone can do whatever they want."
It's a public space. We all own it. We all get to determine what kind of behaviour is acceptable, and unacceptable in it.
The solution to predators and bad actors in a public space is not expecting that everyone who can afford it move more of their life into a private one. That's how we lose our public spaces.
[1] Depending on your jurisdiction, you may not have any particular recourse against that. Some locales really don't like handing out restraining orders... Or enforcing them, when they are broken.
It might be a "common delusion" where you live (I'm guessing the US), but in every country I've lived in (n=6), it's an accurate understanding of basic privacy law. You can't just go and take someone's photo without their permission, even if they're in a public place.
* What about looking at people with one's own eyes, without the express consent of other people?
* What about people with photographic memory, who are effectively walking cameras?
* What about artists who draw pictures of people they see in public?
Where does this nonsense ever end? While the question is hyperbolic, and I apologize, that's intentional use of the "Reducto absurdum" fallacy to help illustrate the absurdity of this kind of idea.
This is very similar to how it works in most western countries.
You can photograph people in public all you want, but you cannot publish those without their permission.
Blurring or the people not being in focus/center can allow you to do so without getting everyone's permission though (think of crowds, passersby in the background).
> but you cannot publish those without their permission.
I wonder if someone could argue that using their photo as training data could make the model itself a derivative work? iirc those require royalty/license too.
> What the commissioners recommended was that Clearview:
> • cease offering facial recognition services to Canadian clients;
> • cease collecting, using and disclosing images and biometric facial arrays collected from individuals in Canada, and;
> • delete images and biometric facial arrays collected from individuals in Canada.
> The company said those recommendations were impossible to execute.
Clearview claims that they have stopped selling to Canadian clients but they don't know where the people in the images are from. Probably true if they're just scraping images, but their argument seems to be "innocence by ignorance".
We don't usually allow that sort of argument in other areas. Stores cannot sell cigarettes/alcohol to minors and banks cant unknowingly launder money, and it is on them to make sure they collect enough data to comply with those laws. It may be hard or even impossible for Clearview to operate while following the law.. but maybe that just means they shouldn't.