Author: Lucie Sykorova, HlidaciPes.org, Czech republic
German police will probably be able to use facial recognition software in the future. This is proposed in a new law by Interior Minister Nancy Faeser. The push to legalise the controversial tool reportedly came after two journalists used it to identify a wanted terrorist and former RAF member in Berlin for 30 years.
Under the draft law, the Federal Criminal Police Office and the Federal Police will be able to identify suspects, witnesses and victims of crime based on photographs on the internet. These could also be used by police officers to determine the whereabouts and movements of people.
For example, investigators would be able to compare internet videos of IS members with images on social media to obtain information on the whereabouts of Islamists. So far, police can only compare the data with biometric data from the Inpol police database. It holds all the photographs of people who have been processed for identification purposes and asylum seekers.
Under the Home Secretary’s proposal, biometric comparisons could be used by the police for criminal prosecutions if they involve at least moderate crime. However, Faeser does not explicitly want to allow real-time biometric searches. So not all passers-by (e.g. on an escalator at a train station) could be matched against police search databases.
According to the German media, the minister is under pressure after journalists used commercial facial recognition software and very quickly found former RAF terrorist Daniela Klette as a result. She had been in hiding for decades and was arrested in Berlin in February this year thanks to information from journalists.
The authorities also seized a Czech submachine gun
Daniela Klette was identified by German journalist of Afghan origin Khesrau Behroz and Canadian journalist from the Bellingcat network of investigative journalists Michael Colborne using the PimEyes facial biometrics software.
Daniela Klette, 65, belonged to the so-called third generation of the Red Army Faction (RAF) terrorist organisation and took part in three RAF attacks between February 1990 and March 1993. She was arrested on 26 February in a small apartment in the Kreuzberg district of Berlin, where she had been living under a false identity for about 20 years.
She has been in custody in Verden since 27 February 2024. She is on trial on suspicion of attempted murder and various serious robberies between 1999 and 2016, after the RAF was disbanded.
Authorities seized more than 240,000 euros in cash and more than a kilogram of gold from Klette’s apartment. According to the first findings, at least part of this amount was obtained in the robberies, Tagesschau reports. Police also seized, among other things, mobile phone jammers, a Soviet AK-47 (Kalashnikov) assault rifle and a Czech submachine gun.
The software was also used illegally by the British police
The PimEyes facial recognition software used by the journalists works similarly to a music app that recognises songs. But PimEyes identifies people by their photos instead of music. Even if the image is slightly blurry, the AI software can detect the identity.
The PimEyes tool was launched in 2017 by a Polish start-up owned by its creators, Polish software engineers. In 2020, the PimEyes brand was bought by shell company Face Recognition Solutions and the site’s headquarters moved from Poland to the Seychelles.
The software was also used illegally by the British police
The facial recognition software PimEyes used by the journalists works similarly to a music app that recognises songs. But PimEyes identifies people by their photos instead of music. Even if the image is slightly blurry, the AI software can detect the identity.
The PimEyes tool was launched in 2017 by a Polish start-up owned by its creators, Polish software engineers. In 2020, the PimEyes brand was bought by shell company Face Recognition Solutions and the site’s headquarters moved from Poland to the Seychelles.
The software was sold as a cyberstalking tool that was used for celebrity photos. In December 2021, Georgian lawyer Giorgi Gobronidze announced that he had bought the site from an anonymous owner. In doing so, he used a fictitious company he had registered in Dubai.
Giorgi Gobronidze has previously stated that the ethical responsibility lies with the users, who, in his opinion, should only use the tool to search for their own faces or the faces of those who have given their explicit consent.
He pointed out that the tool has helped, for example, women in searching for and litigating revenge porn. In a statement to iNews, Gobronidze said that PimEyes is designed solely to search for sources that post photos and that the company does not own or use any technology to identify living persons.
However, the iNews website revealed in May this year that officers from Britain’s Metropolitan Police have used the software at least 2,337 times. The site obtained the data under Freedom of Information (FOI) rules. Scotland Yard has since banned the use of PimEyes facial recognition technology.
At the same time, however, the British police announced that it was going to spend £55.5 million ($69.5 million) over the next four years on its own facial recognition technology. Former Conservative Party cabinet minister David Davis said that “police should only ever use tools that have been properly vetted, tested and approved for use. PimEyes is neither.”
Police in Australia have faced similar criticism for using the PimEyes facial recognition tool, according to the Biometric Updates website.
The database contains the faces of most Americans
US firm Clearview AI also offers a similar tool to PimEyes. The co-founder and CEO of Clearview AI is Hoan Ton-That, a 36-year-old Australian entrepreneur of Vietnamese origin. When the company launched in 2017, the software was reportedly created as a tool for retailers to prevent shoplifting.
However, after US reporter Kashmir Hill described Clearview’s activities in a New York Times article last June, it emerged that the tool has also been used for several years by a number of US law enforcement agencies to match security camera footage against the company’s extensive database of photographs. As early as 2020, Clearview’s technology was expected to be licensed to more than 600 police departments across America.
The technology is being used by US law enforcement agencies and police departments across the country, although some police departments have banned its use, The Record notes. The database contains the faces of the vast majority of Americans, according to the site.
The number of facial recognition searches conducted by law enforcement agencies using Clearview AI technology has doubled to two million in the past year, the company said in June.
The number of images stored in the face database, which is used to match biometric data, has also increased sharply, according to a statement from CEO Hoan Ton-That. At the end of June, the total number was expected to be 50 billion, up from 40 billion six months earlier.
In 2021, a report by Buzzfeed News revealed that the Clearview AI facial recognition tool had also already been used illegally in several hundred cases by Belgian police, the Brussels Times recalls.
The Ukrainian Ministry of Defense began using Clearview AI’s facial recognition technology in March 2022, Reuters reported. The US firm offered the app to Ukraine to detect Russian attackers, combat disinformation and identify the dead.
And Ukraine appreciated the software. In April 2023, Hoan Ton-That, the company’s CEO and co-founder, received an award from General Kirill Budanov, head of the Main Intelligence Directorate of the Ministry of Defense of Ukraine.
The company will compensate those who sued it
Facial recognition tools like PimEyes and Clearview work by collecting photos they find on the internet and storing them in their own gigantic data pools. The secret data collection involves searching social media platforms and collecting photos of ordinary citizens who have shared their images on platforms like Facebook and Instagram.
This photo collection likely violates the EU’s General Data Protection Regulation because the people in the picture never consented to become part of the private search pool. PimEyes, like US competitor Clearview AI, is facing a number of lawsuits for this.
US company Clearview had to pay a €20 million fine in both Greece and Italy in 2022. In Austria, Clearview was classified as illegal in 2023, but no penalty was imposed.
In early June, Clearview tentatively settled a class action lawsuit accusing it of violating people’s privacy. It proposed to give the group of people who filed the lawsuit and whose faces appeared in its database a 23% stake in the company. The company is worth $225 million, according to court filings, so twenty-three percent would amount to about $52 million, the New York Times explains.
In November 2022, privacy group Big Brother Watch filed a complaint against the company with the UK’s Data Protection and Privacy Authority. In December 2022, the German data protection authority opened proceedings against PimEyes. In May 2023, five plaintiffs in Illinois filed a lawsuit against the privacy company.