Documents reveal AFP’s use of controversial facial recognition technology Clearview AI

Documents reveal how the Australian Federal Police made use of Clearview AI — a controversial facial recognition technology that is now the focus of a federal investigation.

At least one officer tested the software using images of herself and another member of staff as part of a free trial.

In another incident, staff from the Australian Centre to Counter Child Exploitation (ACCE) conducted searches for five “persons of interest”.

According to emails released under Freedom of Information laws, one officer also used the app on their personal phone, apparently without information security approval.

Based in New York, Clearview AI says it has created a tool that allows users to search faces across a database that contains billions of photos taken, or “scraped”, without consent from platforms such as Facebook and Instagram.

The company provoked outrage in January, when the New York Times revealed the extent of its data collection and its use by law enforcement officials in the United States.

The AFP initially denied any ties to Clearview AI before later confirming officers had accepted a trial.

An agency spokeswoman said a “limited pilot of the system” was conducted to assess its suitability in combatting child exploitation and abuse.

She did not comment on questions from the ABC regarding whether the trial was approved and conducted appropriately by officers.

Last week, the Office of the Australian Information Commissioner (OAIC) announced an investigation into Clearview’s use of scraped data and biometrics, working with the UK’s Information Commissioner’s Office (ICO).

AFP initially denied using Clearview AI

The AFP acknowledged in April that members of the ACCE had undertaken a free trial of Clearview’s facial recognition services, but the extent of its use by officers remained unclear.

No formal contract was ever entered into.

“The use by AFP officers of private services to conduct official AFP investigations in the absence of any formal agreement or assessment as to the system’s integrity or security is concerning,” Labor leaders, including Shadow Attorney-General Mark Dreyfus, said in a statement at the time.

The new cache of AFP documents shows officers accessed the Clearview AI platform from early November 2019.

Tests of the tool undertaken using images of AFP staff and several “persons of interest” are detailed in the agency’s response to questions issued by the information commissioner as part of the office’s inquiries.

However, the agency said it did not know how many actual searches officers undertook, because the AFP’s access to Clearview AI was now restricted.

An executive briefing note claims Clearview AI was used operationally only once to locate a suspected victim of imminent sexual assault.

“To date no Australian personal information has been successfully retrieved through the Clearview platform,” the briefing also states.

The use of Clearview AI appears to have caused concern within the agency — and in some cases, officers appear to query whether the tool has been formally approved.

In December 2019, one officer asks if “info sec” (information security) had raised any concerns about the use of Clearview AI.

In response, another officer responds they “haven’t even gone down that path yet”, revealing that they’re “running the app” on their personal phone.

In January, after the media began reporting about Clearview AI, another member of staff notes “there should be no software used without the appropriate clearance”.

The emails also show some bemusement internally at public claims the AFP was not using the tool, with one officer commenting: “Maybe someone should tell the media that we are using it!”

“Or should we stop using it since everyone is raising the issue of approval,” another replies, with a smiley face emoji.

“Interesting that someone says we aren’t using it when we clearly are,” another employee from the ACCCE wrote on January 21.

Officers were directed to cease all access as of January 22, 2020 — four days after the New York Times story was published.

Clearview AI was founded by Australian businessman Hoan Ton-That.

In the documents, he appears to contact an AFP officer personally via email in December 2019 — introducing himself and asking them how they found the tool.

In a statement, Dr Ton-That said Clearview would cooperate with the UK’s ICO and Australia’s OAIC.

“Clearview AI searches publicly available photos from the internet in accordance with applicable laws,” he said. “It’s powerful technology [and] is currently unavailable in UK and Australia.”

Shortly after Mr Ton-That’s December message, an AFP officer wrote in an email that they had run a mugshot through the Clearview system and “got a hit for [the suspect’s] Instagram account”.

“The [facial recognition] tool looks very good,” they wrote.

Article courtesy: www.abc.net.au

Why IT Security is Important for Medical Practices

In healthcare, instant access to patient data could be critical. If doctors can’t get the patient’s
info they need, the standard of healthcare can be severely compromised with potentially
unpredictable consequences.

The privacy and security of patient health information is a top priority for patients and their
families, health care providers and professionals, and the government. Laws require many of the key
persons and organizations that handle health information to have policies and security safeguards
in place to protect your health information — whether it is stored on paper or electronically.

This means that the data privacy and storage is of vital importance in healthcare. Downtime must be
avoided at all costs. However the data storage and privacy has become increasingly diffi cult,
time-consuming and expensive for healthcare organizations.

REASONS

There are several reasons for this. To begin with, the volume of healthcare data is growing at an
astronomical rate, driven in part by necessary efforts at healthcare organizations to digitize all
their patient health records.

Another driver of data growth is diagnostic devices like CT scanners, MRIs and X-ray machines,
which produce massive amounts of imaging data. As these technologies continue to advance, the image
files they produce become better, have higher resolution and grow larger and larger in
file-size. Connected devices like fitness monitors and in-room sensors all produce their own
streams of data, all of which must be stored and managed.

The storage demand at even a small medical practice can quickly reach petabyte-size. However the
challenge does not stop there – as the data grows, the time, budget and resources required to
store,
protect and manage this critical patient data grows as well.

SOLUTION

Medical Practices need proper data backup and security management solutions that delivers con-
stant data availability. The solution must be reliable and cost effective, also covers Virus
protection covering ransomware and cyberattacks, because healthcare organizations are increasingly
under attack from a growing list of threats.

Data breaches in health care come in a variety of forms. They can include cases in which criminal
hackers steal protected health information to commit medical identity theft, or instances when an
employee views the records of one patient without authorization.

This is partly why healthcare suffered more ransomware attacks than any other industry in 2017,
according to a report from global cybersecurity insurance company Beazley. The report found that 45
per cent of all ransomware attacks in 2017 were aimed at the healthcare sector.

GOOD NEWS

The good news is that the market also offers solutions designed to handle the ever-increasing amounts of
healthcare data securely and cost-effectively, ensuring that quality care is never risked by lack
of access to vital information.

SECURE YOUR PRACTICE

Here are five ways healthcare organizations can also protect themselves against the triple threat of out
of control data costs, system downtime and loss of data integrity:

1: Look for converged primary and secondary storage

To properly deal with explosive data growth, healthcare centers need to integrate primary,
secondary and cloud data-management capabilities which can eliminate storage and data protection
silos while decreasing the risk of any downtime.

2: Benefit from cost-effective, scale-out storage

Small and medium-size healthcare practices with fewer resources and smaller budgets, need scalable
storage that will adapt to their data needs.

3: Protect against data degradation

Medical images, in particular, are highly vulnerable to data degradation. The silent corruption of
data in medical images caused by bit rot is a significant concern. The problem is compounded
because legacy systems store images such as X-rays to a picture archiving and communication system
However, may not detect if data has been compromised. As a result, the information read from the legacy
storage system may be corrupt and unusable. Healthcare organizations also need modern data solutions
that can guard against this kind of data degradation.

4: Inoculate against ransomware
Data protection is also top priority for practices as they battle against the constant threat of
cyberat- tacks. However, modern healthcare practices solve this issue by implementing a storage solution
that protects information continuously and takes data also take snapshots every 90 seconds. Because the
object store is immutable, these snapshots remain completely unaffected in the event of an attack.
As a result, medical practices can recover the most recent version of data, and thus thwart any
ransomware attack.

5. Insist on a tangible ROI
Cyberattacks are increasingly common and as a result, practices are seeking insurance policies that
provide coverage in the event of a data breach or loss.
Dollar value by insurance companies as part of the risk assessment, this can also quickly add up to tens
of mil- lions of dollars in premiums. However, these insurance premiums can be reduced when
practices can also demonstrate they have effective data management and protection strategies in place.
With the right data management solution, healthcare facilities can not only protect their data and
decrease costs, they can also better treat their patients and ultimately save more lives.

For more information, please visit Medical IT Services