At a glance.
- Vermont sues Clearview AI for violation of consumer protection and data acquisition laws.
- Backup organ donor records unaccounted for.
- Unlisted phone numbers inadvertently published.
Vermont brings suit against Clearview AI for facial recognition data scraping.
The US state of Vermont is suing Clearview AI for allegedly violating two of the state's laws: the Vermont Consumer Protection Act and the Fraudulent Acquisition of Data Law. Vermont's attorney general is seeking, among other outcomes, permanent injunctions against Clearview AI's legally objectionable practices, restitution to all Vermont citizens whose photographs were collected and analyzed, disgorgement of all profits derived from acts in violation of the two laws, civil penalties of $10,000 for each violation of the laws, investigation and litigation costs and fees, and "such other and further relief as the Court may deem appropriate." Ars Technica, which notes that Illinois has already filed a similar (but Federal) suit against Clearview AI in the US District Court for the Northern District of Illinois, reports that Clearview's response has been to say that it's done nothing that other search engines don't routinely and blamelessly do.
Backup organ donor records unaccounted for.
According to ZDNet, the Netherlands' government has lost hard drives containing the personal information of almost seven-million organ donors.
The drives stored electronic copies of all organ donor forms filed with the Dutch Donor Register between February 1998 to June 2010. The two drives were placed into secure physical storage back in 2016, pending eventual disposal as authorities migrated to newer storage systems. But earlier this year, when the Donor Register went looking for the drives, well, they were nowhere to be found. They haven’t turned up yet, either.
The personally identifiable information on the missing drives included first and last name, gender, date of birth, address at the time of the form, choice for organ donations, ID numbers, and a copy of the user's signature. Dutch authorities say there’s been no sign that anyone’s actually used any of the lost information, and that since the data fall short of what would count as fullz in the Netherlands--no official identification documents, for example--it’s “highly unlikely” they’d be used for fraud or identity theft.
Comcast inadvertently exposes unlisted numbers.
Ars Technica reports that US telecom service provider Comcast inadvertently published some two-hundred-thousand "unlisted" phone numbers. These are phone numbers whose users pay a monthly fee to keep them generally unavailable to searches, a throw-back to the old days when an unlisted number didn’t appear in a phone book. Comcast mistakenly put the unlisted numbers into its Ecolisting directory, from where third-party directories obtained them. Comcast has shut down Ecolisting and apologized to the affected customers. The company is offering those whose purchase of an unlisted number was less than fully successful $100 in compensation and the opportunity to change to a new number, which one hopes will remain successfully unlisted.
This happened to Comcast at least once before. In 2015 the company paid a $33 million settlement in a similar case.