Controversial facial recognition firm Clearview AI broke Canadian laws and had at least 48 accounts in agencies across the country, most of them police forces, federal and provincial privacy commissioners said today.
And legislation — including proposed reforms — will not be adequate to deter similar privacy-harming software in the future, they said in a telephone press conference to discuss the release of their report.
The privacy watchdogs found Clearview AI's technology enabled mass surveillance of Canadians and violated their rights.
The 48 agencies using the software were not named in the report or the media conference held this morning. However, police forces across the country have publicly admitted to using the software. They made the admission after hackers obtained Clearview AI’s client list and leaked it to BuzzFeed News.
The RCMP and Vancouver Police Department each have used the software on at least one occasion, media reports including those by The Tyee have reported. The RCMP has only named one of the four units that used the software.
Clearview AI’s collection of billions of images including those of Canadians was a “clear violation” of privacy rights in Canada, agreed federal, B.C., Quebec and Alberta privacy commissioners in a report.
It is not clear how the joint condemnation might translate into changed or new laws. In a joint press conference held this morning by the provincial and federal commissioners, federal privacy commissioner Daniel Therrien highlighted that his Office of the Privacy Commissioner lacks the ability to either issue orders or impose fines in these circumstances.
B.C.’s information and privacy commissioner Michael McEvoy echoed Therrien’s call for stronger laws.
“It’s clear that we need stronger enforcement measures to ensure that companies realize it’s going to be cheaper to invest in the privacy and security of their clients up front rather than face the consequences if they don’t,” said McEvoy.
The federal government is reviewing its privacy laws and new legislation. Bill C-11, which would enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act is being debated in Parliament. The bill may end up giving the privacy commissioner the ability to issue orders to government agencies including police and impose fines, says Therrien.
But he says it is already clear that proposed legislation will lack sharp teeth. “Sadly, the violations of privacy law that we found in relation to Clearview would not lead to financial penalties according to C-11,” said Therrien.
Therrien will be pressing for more powers to issue fines with parliamentarians when discussing C-11, he said.
The Tyee obtained the internal requisition forms and an invoice to the RCMP from Clearview dated Oct. 24, 2019, after the force had denied it used facial recognition.
Alberta’s privacy commissioner stated the office first investigated facial recognition technology use over 15 years ago, related to issuing of driver’s licenses in the province.
In B.C, the technology is known to date back even further. The Tyee revealed that the B.C. RCMP has been using the “Computerized Arrest and Booking System,” which stores and compares faces of charged persons to create photo lineups, since 2002.
“Currently, it is only being used by the RCMP in B.C.,” an RCMP spokesperson told the Tyee last year.
In B.C. no force “officially took on the technology,” said McEvoy of Clearview AI during today’s press conference, but individual officers — including from the VPD on at least one occasion — took upon themselves to use the software. The use has since been discontinued, said McEvoy.
Both federal and provincial jurisdictions have existing frameworks designed to ensure privacy impacts are assessed by commissioners before new technologies are implemented by government agencies.
But Tyee reporting has found that forces including the RCMP evade the legislation by claiming the software programs are being trialled or not fully implemented, all while using them in active operations on Canadian citizens.
“This is a damning report. It is not a surprising one,” said a written statement sent to The Tyee by BC Freedom of Information and Privacy Association executive director Jason Woywada and president Mike Larsen. “Time and again we see organizations are trying to get away with it until they can’t.”
Larsen and Woywada echoed the need to strengthen legislation including C-11.
“Our privacy laws need teeth, but the currently proposed legislation [of] C-11 provides no guarantee and needs to be amended to improve protection.”
The worst of C-11’s current flaws, say Larsen and Woywada, are that C-11 creates a politically appointed tribunal which could both override and dilute the powers of the commissioner, whose role is intended to be free from political influence.
“These types of tribunals tend to side with corporate rather than citizen interests,” said Larsen and Woywada.
Read more: Rights + Justice, Politics, Science + Tech
Tyee Commenting Guidelines
Comments that violate guidelines risk being deleted, and violations may result in a temporary or permanent user ban. Maintain the spirit of good conversation to stay in the discussion.
*Please note The Tyee is not a forum for spreading misinformation about COVID-19, denying its existence or minimizing its risk to public health.