A surveillance company founded by a former Israeli intelligence officer has been using Facebook, YouTube and other social networks to build a massive facial recognition database — and is just one of many companies doing so.
As Facebook comes under scrutiny over privacy practices following the company’s latest user data scandal, further focus has been put on how other companies use Facebook’s data for their own gain. Forbes discovered that one such company is Terrogence, a surveillance company founded by former Israeli intelligence officer Shai Arbel, has been building a massive facial recognition database using photos and videos scraped from Facebook, YouTube and other social media networks.
The database being compiled by Terrogence makes up most of the information used by facial recognition service Face-Int, which is owned by Israeli vendor Verint. Both Verint and Terrogence have provided surveillance and spy technology to U.S. government bodies such as the NSA and the U.S. Navy as well as many other intelligence agencies. The information in the facial recognition database was “harvested from such online sources as YouTube, Facebook and open and closed forums all over the globe,” according to the Terrogence website. The faces in the database were scraped from as many as 35,000 videos and photos of terrorist training camps, terror attacks, and motivational videos. The Terrogence marketing page hasn’t been updated since 2013, implying that far more than 35,000 faces have been documented as the program has been operating for the past five years.
The LinkedIn profile of a former staffer at Terrogence described the employee’s role at the company, stating that the employee “conducted public perception management operations on behalf of foreign and domestic governmental clients,” and used “open source intelligence practices and social media engineering methods to investigate political and social groups.” This has brought into question how private companies are taking advantage of the public information posted to Facebook. CEO Mark Zuckerberg insisted during his hearing before Congress that “On Facebook, you have control over your information… the information we collect you can choose to have us not collect,’ but how can users prevent other companies from collecting their data?
Jay Stanley, a senior policy analyst at the ACLU, commented on the issue saying:
It raises the stakes of face recognition – it intensifies the potential negative consequences. When you contemplate face recognition that’s everywhere, we have to think about what that’s going to mean for us. If private companies are scraping photos and combining them with personal info in order to make judgements about people – are you a terrorist, or how likely are you to be a shoplifter or anything in between – then it exposes everyone to the risk of being misidentified, or correctly identified and being misjudged.
Jennifer Lynch, senior staff attorney at the Electronic Frontier Foundation, warned that if this facial recognition database had been shared with the U.S. government, it could pose a significant threat to free speech.
Applying face recognition accurately to video is extremely challenging, and we know that face recognition performs poorly with people of color and especially with women and those with darker skin tones. Combining these two known problems with face recognition, there is a high chance this technology would regularly misidentify people as terrorists or criminals.
This could impact the travel and civil rights of tens of thousands of law-abiding travelers who would then have to prove they are not the terrorist or criminal the system has identified them to be.
A spokesperson for Facebook, which employs its own facial recognition tech to help identify users’ visages in photos across the platform, said it appeared Terrogence’s product would violate its policies, including one that prohibits the use of data grabbed from the social network to provide tools for surveillance. Facebook also doesn’t allow accessing or collecting information via automated methods, such as harvesting bots or scrapers. The spokesperson noted that it hadn’t found any Facebook apps operated by the company.
So the question remains, even if Facebook faces stricter privacy regulation and is forced to crack down on third-party developers on their website, what can be done about outside firms using social media networks as a treasure trove of public user data?