What happened
Clearview AI scraped more than three billion facial images from social media and other public websites, converted each into a biometric template, and assembled them into a database that a user, typically a law enforcement officer, could search by uploading a single photograph and receive back matching images and the pages they came from. None of the people in it had been asked. The great majority had no connection to any investigation and were in the database only because their faces happened to be online.
On 14 October 2021, the Office of the Australian Information Commissioner, in a determination by Information and Privacy Commissioner Angelene Falk, found that Clearview AI had breached the Privacy Act 1988. The Commissioner found that Clearview collected the sensitive biometric information of individuals in Australia without consent, in breach of Australian Privacy Principle 3.3, and failed to take reasonable steps to implement practices, procedures, and systems to comply with the Australian Privacy Principles. The Commissioner ordered Clearview to cease collecting facial images and biometric templates from individuals in Australia and to destroy the information it already held.
Clearview did not accept the determination. Its position throughout was that it was a United States company that did not operate in Australia and so fell outside the reach of the Privacy Act. On 3 November 2021 it commenced proceedings in the Administrative Appeals Tribunal to challenge the finding. After the Tribunal indicated findings that Clearview had breached certain of the Australian Privacy Principles, Clearview withdrew from the proceedings in August 2023, leaving the determination standing. In August 2024, Privacy Commissioner Carly Kind announced that the OAIC was not satisfied that further action was warranted in the particular circumstances of the Clearview matter at that time, while maintaining that the company’s conduct had been troubling. Separately, the OAIC found that the Australian Federal Police had used Clearview’s tool and ordered the AFP to strengthen its privacy governance.
What an auditable version would have shown
The defining feature of the Clearview case is that there was no record on the collection side that anyone outside the company could inspect. The scale, three billion images, was Clearview’s own figure. Which Australians were in the database, when their images were taken, and whether they were ever removed after the cessation order, were not facts the public or the regulator could independently verify. Enforcement depended almost entirely on the company’s own account of what it had collected and what it had destroyed.
An auditable version would generate, for each image ingested, a signed record of where it came from, when, and on what claimed lawful basis, so the database’s history would be a matter of record rather than the company’s own account.
Where the gap was
The gap was the absence of any enforced lawful-basis check at the point of collection, and any durable record of it.
A ConstraintGate in front of ingestion would treat consent and lawful basis as a condition that has to be satisfied before an image is collected, not a question raised years later by a regulator. For a system whose entire design was indiscriminate collection, that gate would have denied the great majority of what Clearview ingested, which is precisely the point: the standing rules and the system’s behaviour were never connected. A ConductRecord for each ingestion and each deletion would then have made the database’s history legible, so that an order to stop and destroy could be verified rather than asserted.
Clearview’s architecture had neither. Its competitive advantage was the very absence of a gate: the more it collected without asking, the larger and more valuable the database became.
What governance should have looked like
The Clearview matter shows the limits of after-the-fact enforcement against a system built with no internal record. The regulator could find the breach, order cessation, and order destruction. What it could not easily do was verify compliance, because the only evidence of what was collected and what was deleted sat inside the company.
A lawful biometric system, by contrast, makes its own collection auditable from the start. Every template carries a record of its source and its basis. Every deletion is recorded against the order that required it. Aggregate figures, how many records are held, how many were destroyed under a given order, are bound to the underlying signed events so a regulator can confirm them on request. None of this prevents a determined actor from building a Clearview, but it changes what a regulator can prove, and it makes the difference between an order that is obeyed and an order that is merely issued.
The reference implementation of ConstraintGate and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. Anyone can read every line and verify the signatures. The repository is public now.
Sources
- Clearview AI breached Australians’ privacy (OAIC)
- Statement on Clearview AI (OAIC)
- AFP ordered to strengthen privacy governance (OAIC)
- Government drops further action against Clearview AI (Information Age, ACS)