CBP signs Clearview AI deal to use face recognition for 'tactical targeting'

Posted by cdrnsf 5 hours ago

CBP signs Clearview AI deal to use face recognition for 'tactical targeting'(www.wired.com)

240 points | 135 comments

sailfast 5 hours ago|

Always easier when you can avoid the law and just buy it off the shelf. It’s fine to do this, we say, because it’s not being done by the government - but if they’re allowed to turn around and buy it we’re much worse off.

digiown 4 hours ago||

That's why it doesn't make sense to ban governments from doing things while still allowing private companies. Either it is illegal to surveil the public for everyone, or the government can always do it indirectly with the same effect.

I don't think the deal described here is even that egregious. It's basically a labeled data scrape. Any entity capable of training these LLMs are able to do this.

asveikau 4 hours ago|||

The difference is that a government can take personal liberty away from people in the most direct way. A private company can't decide to lock somebody away in prison or send them to death row. (Hopefully anyway.) So we put a higher standard on government.

That said, I do believe there ought to be more restrictions on private use of these technologies.

pixl97 3 hours ago|||

>A private company can't decide to lock somebody away in prison or send them to death row.

A private company can 100% do this in many ways. They already do this buy putting up and using their technology in minority areas, for example.

unethical_ban 3 hours ago||

It's a distinction. Private companies are partnering with the government to take away personal liberty.

We should ban the government from accessing data gathered by private companies by default, perhaps. I need to mull on it.

bjt 2 hours ago|||

The point is that "who gathers it" should be irrelevant.

The government shouldn't be able to buy data that would be unconstitutional or unlawful for them to gather themselves.

On the other hand if a company is just aggregating something benign like weather data, there's no need to bar the government from buying that instead of building it themselves.

dimitrios1 1 hour ago||

> The government shouldn't be able to buy data that would be unconstitutional or unlawful for them to gather themselves.

Now that sounds like a good argument to make in court! How do we do it?

asveikau 3 hours ago|||

I also personally think there are some private collections we should ban, or put in place limitations on how it can be used, in the interest of general privacy.

That is trickier to decide on and surely there's room to debate.

helterskelter 3 hours ago||||

Yeah but these companies are operating hand in glove with govt such that there's no discernible difference between the current system and government just doing it themselves. Ban it outright.

asveikau 3 hours ago||

I don't disagree with the sentiment. I feel like what we're seeing lately is that private companies are doing the thing that would violate the 4th amendment if government did it, then they sell to the government. The idea that it's not the government itself violating the constitution because they did it through a contractor is pretty absurd.

What specific legal measures you do to enforce this, I don't know, there's some room for debate there.

digiown 3 hours ago||

I don't think there is an expectation of privacy for things you literally post to the public, like social media. Even the government doing the scraping directly I believe would not violate the 4th amendment. The third party doctrine also basically legalizes most types of search through people's "cloud data". To have an expectation of privacy, the data needs to not be shared in the first place.

I don't think tying the hands of the government is a viable solution. The sensitive data needs to not be collected in the first place via technical and social solutions, as well as legislation to impose costs on data collection.

- Teaching that "the cloud is just someone else's computer"

- E2EE cloud

- Some way of sharing things that don't involve pushing them to the whole internet, like Signal's stories.

- GDPR type legislation which allows deleting, opting out, etc

magicalist 1 hour ago|||

> The third party doctrine also basically legalizes most types of search through people's "cloud data"

This isn't actually true (it varies by type of "cloud data", like content vs metadata, and the circuit you're in), and there are multiple recent carveouts (eg geofence warrants) that when the Supreme Court bothers to look at it again, suggests they don't feel it's as clear as it was decades ago. Congress can also just go ahead and any time make it clear they don't like it (see the Stored Communications Act).

It's also, just to be clear, an invented doctrine, and absolutely not in the constitution like the fourth amendment is. Don't cede the principle just because it has a name. Technical and social solutions are good, but we should not tolerate our government acting as it does.

asveikau 2 hours ago|||

> I don't think there is an expectation of privacy for things you literally post to the public, like social media

Neither is there an expectation that automation would slurp it up and build a database on you and everyone else. Maybe the HN crowd is one thing, but most normies would probably say it shouldn't be allowed.

> Even the government doing the scraping directly I believe would not violate the 4th amendment.

Every time I see someone make a statement like this I think of the Iraq war era when a Berkeley law professor said torture is legal. Simply saying something that clearly violates the spirit of our rights is ok based on a technicality, I would not call that a moral high ground.

> The sensitive data needs to not be collected in the first place via technical and social solutions,

At this point and points forward I think your comment is much more on the mark.

digiown 1 hour ago||

I think we clearly both agree that mass surveillance is problematic regardless of whether it is done by the government or corporations. With that said

> normies would probably say it shouldn't be allowed

Despite knowing about this, most continue supporting the various companies doing exactly that, like Facebook and Google.

> Neither is there an expectation [...]

Expectation is not law, and it cuts both ways. The authors of the 4th and 5th amendments likely did not anticipate the existence of encryption - in their view, the flip side of the 4th amendment is that with a warrant, the government could search anything except your mind, which can't store that much information. We now get to enjoy an almost absolute right to privacy due to the letter of the law. You might feel that we should have that right anyway, but many other governments with a more recent/flexible constitution do not guarantee that, and in fact require key disclosure.

magicalist 41 minutes ago||

> > Neither is there an expectation [...]

> Expectation is not law.

It is in this case.

Expectation of privacy is a legal test based literally on on what "normies would probably say". If, as a society, we're moving more and more of our private effects to the cloud, there is a point where there's an expectation of privacy from the government there, regardless of the shadiness of the company we trusted for it, and regardless of what's convenient for the government.

https://www.law.cornell.edu/wex/expectation_of_privacy

Carpenter v. United States is a great example of this, where a thing once thought as obviously falling under the third party doctrine (cell tower location information) was put definitively within protection by the fourth amendment because of ongoing changes in how society used and considered cell phones.

And I forgot about this but just saw it referenced in the wikipedia article: it's notable that Gorsuch's dissent on the case argued for dropping the third party doctrine completely:

> There is another way. From the founding until the 1960s, the right to assert a Fourth Amendment claim didn’t depend on your ability to appeal to a judge’s personal sensibilities about the “reasonableness” of your expectations or privacy. It was tied to the law. The Fourth Amendment protects “the right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures.” True to those words and their original understanding, the traditional approach asked if a house, paper or effect was yours under law. No more was needed to trigger the Fourth Amendment....

> Under this more traditional approach, Fourth Amendment protections for your papers and effects do not automatically disappear just because you share them with third parties.

https://www.law.cornell.edu/supremecourt/text/16-402

WrongAssumption 3 hours ago||||

But that is his point with "or the government can always do it indirectly with the same effect"

The company doesn't have that power, but the government can compel companies to provide them with the same data as long as it exists, and then abuse it in the same way as if they had collected it themselves.

heavyset_go 3 hours ago||||

A private company can put you on a list and you'll never have a home again.

digiown 3 hours ago||||

A private company can rat you out the government in the same way that a private citizen can report you to the police. I don't see a reasonable way to change this.

The government should be held to higher standards in terms of being able to appeal its actions, fairness, evidentiary standards. But the government shouldn't necessarily be prevented from acquiring and using information (which is otherwise legally obtained).

I don't disagree that we should perhaps more restrictions on private processing of data though -- GDPR style legislation that imposes a cost on data collection is probably sufficient.

kristopolous 3 hours ago||||

The separation between private and the government is purely theatrics - a mere administrative shell.

I really don't understand why people treat it with such sacrosanct reverence.

It reminds me of a cup and ball street scam. Opportunistic people move things around and there's a choir of true believers who think there's some sacred principles of separation to uphold as they defend the ornamental labels as if they're some divine decree.

I mean come on. Know when you're getting played.

asveikau 3 hours ago||

In some cases yes, especially when it comes to surveillance, the distinction doesn't feel like very much. When the government hires a contractor specifically because they break the spirit of the 4th amendment, it's hard to argue that it's not the government breaking the law.

tintor 3 hours ago||||

People die all the time, because of decisions made by private companies.

mrguyorama 1 hour ago||||

Cops are legally forbidden from surveilling everyone at all times using machines. Explicitly so. Yet, if a company starts up and surveils everyone at all times, and their only customer is Cops, it's all Okay somehow. The cops don't even need a warrant anymore.

What's worse, is that third party doctrine kills your rights worse than direct police surveillance.

Imagine if you will, back in the day of film cameras: The company developing your film will tell the police if you give them literal child porn but otherwise they don't. But imagine if they kept a copy of every picture you ever took, just stuffed it into a room in the back, and your receipt included a TOS about you giving them a license to own a copy "for necessary processing". Now, a year after you stopped using film cameras, the cops ask the company for your photos.

The company hands it over. You don't get to say no. The cops don't need a warrant, even though they 100% need a warrant to walk into your home and grab your stash of photos.

Why is this at all okay? How did the supreme court not recognize how outright stupid this is?

We made an explicit rule for video rental stores to not be able to do this! Congress at one time recognized the stupidity and illegal nature of this! Except they only did that because a politician's video rental history was published during his attempt at confirmation.

That law is direct and clear precedent that service providers should not be able to give your data to the cops without your consent, but this is America so precedent is only allowed to help businesses and cops.

bcrosby95 2 hours ago||||

Uh, the government can pay the private company for the data so they can lock those people up.

keybored 35 minutes ago|||

> The difference is that a government can take personal liberty away from people in the most direct way. A private company can't decide to lock somebody away in prison or send them to death row. (Hopefully anyway.) So we put a higher standard on government.

We put higher standards on the government because companies have the biggest propaganda coffers.

It’s not some rational principle. Money goes in, beliefs come out.

koolba 1 hour ago||||

What would such a ban look like?

A private company can surely link its own cameras and data to create a private use database of undesirables. I’m certain that Walmart and friends do exactly this already. It’s the large scale version of the Polaroids behind the counter.

bad_haircut72 1 hour ago||

wouldnt "Any person found to have implemented a system which violates the rights of people in xyz way will be punished with imrisonment" work ?

koolba 58 minutes ago||

In what way? A business can refuse to service any individual as long as it’s not a direct violation of things like civil rights laws.

CGMthrowaway 4 hours ago|||

[flagged]

throwaway894345 4 hours ago|||

I would much rather have a democratically elected and constitutionally constrained government than private enterprise with limitless power. It would also be helpful if the “government is bad” people would stop electing the people who seek to sabotage the government.

plagiarist 3 hours ago|||

Facial recognition is not a legitimate private enterprise. It is a complete failure of legislation that it is allowed to exist.

CGMthrowaway 3 hours ago||

Apple Face ID is not a good or legitimate feature? You just upset hundreds of millions of people

heavyset_go 3 hours ago|||

Most people miss Touch ID on the iPhone.

CGMthrowaway 3 hours ago||

So biometrtics are OK as long as it's not your face? Trying to derive the first principle here.

plagiarist 2 hours ago|||

When it's allegedly stored in the Secure Enclave and the data unable to leave the device, it is obviously not the same interaction. I personally would be fine with a law making that distinction with the on-device recognition as legal.

runlevel1 3 hours ago|||

Just like when Verizon sold its customers' precise location history to data brokers who then sold it to law enforcement agencies.[^1] Laundered.

[^1]: https://arstechnica.com/tech-policy/2025/09/court-rejects-ve...

Manuel_D 1 hour ago|||

That's not how the law works in the US. The government cannot have a third party take action on its behalf to do something that would be illegal for the government to do itself. This is why the Biden administration had a restraining order filed against it, on account of them pressuring social media companies to ban content it didn't like. This violated the First Amendment, despite the fact that it was a third party that was doing the actual banning at the behest of the government.

The government could legally create its own facial recognition technology if it wanted to. They're not avoiding the law, facial recognition isn't illegal.

mothballed 1 hour ago||

That's pretty much how KYC works. The government can't just willy nilly demand papers of everyone going into the bank to open up an account due to the 4th amendment. So they just make the bank do it so it is a "private" act, and then for instance IRS is authorized to do warrantless seizure on the accounts which are now tied to names that were forced to be revealed under KYC laws.

Manuel_D 1 hour ago||

The government doesn't need a warrant to access bank records, as per the US's banking laws. They just need an administrative subpoena, which doesn't have to be signed off by a judge.

This is not and example of the government sidestepping laws through a third party. You just don't like the existing laws, and would prefer to make certain things illegal that are presently legal.

mothballed 46 minutes ago||

There wouldn't be any identity linked for an anonymous bank account to 'access', were it not for the warrantless search of your papers required under KYC but done via private entity (sidestepping 4th amendment) to open an account. That part is done without even a subpoena.

That is, the US banking laws force private actors, under color of law, to systematically inspect the papers of those opening an account, which conveniently sidesteps the 4th amendment implication of the government searching the papers themselves at everyone opening an account at the bank. And then allows the government to act on the information of that forced search, even without a warrant.

---------- re: below due to throttling -------

I'm referring to this:

>The government cannot have a third party take action on its behalf to do something that would be illegal for the government to do itself.

It is illegal for the government to violate the 4th amendment, whether or not a 'law' beyond what is written in the constitution is present.

Clearly the government would love to just take all your information directly when you open an account, as that would be even better for them, but due to the 4th amendment they can't do that. But just asking or without a warrant requiring the bank to act on it or reveal it is almost as easy, so they just sidestep that by just requiring via the law the bank to search your papers instead. It's effectively a government imposed search but carried out by a 3rd party.

--------------------

>This is just factually wrong. The Bank Secrecy Act specifically requires that banks to provide this info. The 4th amendment does not prohibit this. If a bank refused to provide this required information, the government would go in and get that information directly.

>Again, no law is being avoided. You just don't like the

This is not 'just factually wrong.' The bank is doing the search instead of the government. A blanket search of everyone, even without a subpeona, even without an individualized notice, even without any sort of event that would require reporting to the government under the BSA, even then they still are required to search the information even in the instances that it doesn't end up being required to be transmitted to the government. You're saying the portion of data the government collects might be 4A compliant, but that doesn't mean the private actor being forced to collect information that doesn't even get reported is 4A compliant if the government did it. You're just saying the subset of required KYC collected information that ends up transmitted to the government was 4A compliant, which isn't sufficient to establish the government could have collected all the information to begin with under the 4A as they have required the bank to do.

>the government would go in and get that information directly

A blanket sweep of everyone's information willy nilly by the government is not 4A compliant, that's why they've had the bank do it on their behalf.

Manuel_D 23 minutes ago|||

> Clearly the government would love to just take all your information directly when you open an account, as that would be even better for them, but due to the 4th amendment they can't do that

This is just factually wrong. The Bank Secrecy Act specifically requires that banks to provide this info. The 4th amendment does not prohibit this. If a bank refused to provide this required information, the government would go in and get that information directly.

Again, no law is being avoided. You just don't like the law.

Manuel_D 37 minutes ago|||

Right, but the point is, no law is being avoided. The comment I responded to wrote:

> Always easier when you can avoid the law and just buy it off the shelf. (Emphasis mine)

No law is being avoided, neither in your banking example nor in the situation with Clearview. To be sure, people can have whatever opinion on the law that they want. But I do want to make it clear the the government is not "avoiding" any law here.

duped 3 hours ago||

This is why we should shun the people that build this stuff. If you take a paycheck to enable fascism, you're a bad person and should be unwelcome in polite society.

observationist 5 hours ago||

https://archive.is/3qywb

snarky123 3 hours ago||

"Tactical Targeting" - you just know someone's PowerPoint presentation used the word "synergy" in it too.

givemeethekeys 3 hours ago||

How long before the bring the price down and local PD's start using it too?

nsriv 3 hours ago|

Not sure if you're joking but Clearview's primary customers are local or metro police departments.

yababa_y 4 hours ago||

local laws forbidding facial recognition tech have never been wiser

tcmart14 15 minutes ago||

I'm sure the anti-vax crowd who were foaming at the mouthes over the vaccine containing tracking chips will explain why this is needed and why its not a big deal.

quantified 4 hours ago||

225k USD per year sells us cheaply!

grvdrm 2 hours ago||

I keep reading this as “CBS signs…” and can’t help thinking about that uncomfortable possible future moment.

mschuster91 5 hours ago||

And this right here is why Clearview (and others) should have been torn apart back when they first appeared on stage.

I 'member people who warned about something like this having the potential to be abused for/by the government, we were ridiculed at best, and look where we are now, a couple of years later.

gostsamo 5 hours ago|

"This cannot happen here" should be classified as a logical fallacy.

dylan604 4 hours ago||

As stated in many of the comments in my code where some else branch claims this shouldn't be happening

jmyeet 4 hours ago|

There are certain people who believe that average citizens can be held responsible for the actions of their government, to the point that they are valid military targets.

Well, if that's true then employees of the companies that build the tools for all this to happen can also be held responsible, no?

I'm actually an optimist and believe there will come a time whena whole lot of people will deny ever working for Palantir, for Clearview on this and so on.

What you, as a software engineer, help build has an impact on the world. These things couldn't exist if people didn't create and maintain them. I really hope people who work at these companies consider what they're helping to accomplish.

Manuel_D 44 minutes ago||

> average citizens can be held responsible for the actions of their government, to the point that they are valid military targets.

What do you mean by this? If a government conscripts "average citizens" into its military then they become valid military targets, sure.

I'm not why you think this implies that developers working for Palantir or Clearview would become military targets. Palantir builds software for the military. But the people actually using that software are military personnel, not Palantir employees.

some_random 2 hours ago|||

>There are certain people who believe that average citizens can be held responsible for the actions of their government, to the point that they are valid military targets.

Yeah we typically call those people terrorists or war criminals.

mikkupikku 2 hours ago||

Or heroes, if they win.

some_random 1 hour ago||

No, I will continue to call them terrorists or war criminals. You can feel free to lick their boots though.

the_gastropod 4 hours ago||

I never worked at a company that could broadly be considered unethical, I don't think. But it was always a bit disheartening how many little obviously unethical decisions (e.g., advertised monthly plans with a small print "annual contract" and cancellation fee) almost every other employee would just go along with implementing, no pushback whatsoever. I don't know what it is, but your average employee seemingly sees themselves as wholly separate from the work they're paid to do.

I have friends who are otherwise extremely progressive people, who I think are genuinely good people, who worked for Palantir for many years. The cognitive dissonance they must've dealt with...

throw-qqqqq 3 hours ago||

> I don't know what it is, but your average employee seemingly sees themselves as wholly separate from the work they're paid to do.

Hannah Arendt coined the term “the banality of evil”. Many people think they are just following orders without reflecting on their actions.

More comments...