The First Amendment protects a lot of things, even flipping off a cop or burning the flag. But it may not give a controversial facial recognition company the right to keep scraping data from the internet for a database of more than 3 billion images.
On a CBS This Morning segment on Wednesday, Clearview AI CEO Hoan Ton-That said his company has a First Amendment right to access public data, including photos from YouTube, Facebook, Twitter, LinkedIn and Venmo. It uses those photos for a controversial database primarily accessed by law enforcement. (Disclosure: CBS News and CNET are owned by the same parent company.)
Facebook, Twitter and Google have already sent cease-and-desist letters to Clearview, saying data scraping violates their terms of service. Clearview's legal counsel has been in touch with the companies, Ton-That told CBS, defending the practice with the first item in the Bill of Rights. On Thursday, LinkedIn said it's also sending a cease-and-desist letter to the company.
"There is also a First Amendment right to public information," Ton-That said in the interview. "The way we have built our system is to only take publicly available information and index it that way."
Privacy and technology lawyers are finding plenty of holes in the company's argument. They say that First Amendment protections apply only in cases where the government interferes with someone's speech and that an activity protected by the First Amendment could run afoul of a specific law. In addition, the First Amendment argument hasn't worked in previous data collection cases, though none of those involved facial recognition.
"I don't really buy it," said Tiffany C. Li, a privacy attorney and visiting professor at Boston University School of Law teaching technology law. "It's really frightening if we get into a world where someone can say, 'The First Amendment allows me to violate everyone's privacy.'"
Clearview didn't respond to a request for comment.
The First Amendment specifically protects people from the government interfering with someone's free speech. But it says nothing about private businesses, like Twitter and Google, which can set up ground rules for their sites and services. Because it doesn't cover private business, arguments that Twitter and Facebook violate the First Amendment by "censoring" posts also often fall flat.
"Defending and respecting the voices of the people who use our service is one of our core values at Twitter, and we remain committed to protecting their privacy," Twitter said in a statement.
Google didn't immediately respond to requests for comment.
"If this were a government website that was posting information and someone was scraping it, as opposed to Facebook or Twitter data, there could be a much clearer argument," Li said. "Here, these were private parties."
Even if the First Amendment does protect data scraping, Clearview's use of it could still violate privacy and biometrics laws across the US, said Albert Fox Cahn, a civil rights and technology attorney and executive director of the Surveillance Technology Oversight Project. Clearview is already facing a class action lawsuit in Illinois, in which plaintiffs claim the company violated the state's biometrics law.
"The way First Amendment analysis works is that just because you're protected under one law doesn't mean that you're protected under all laws," Cahn said. "Biometrics surveillance is different than other forms of data scraping -- to the extent that you're taking my image and profiting off of me, that creates a different legal issue than creating a directory."
Another way to think about this: The First Amendment protects your right to burn the flag, but it doesn't protect you from being charged with arson.
Still, tech giants would face an uphill battle if their main defense is that Clearview is violating their terms of service. Tech companies have tried to fight data scraping in the past. It hasn't always worked.
In 2017, LinkedIn, a professional network owned by Microsoft, sent a cease-and-desist letter to data analytics firm HiQ, saying the company was violating its terms of service by scraping public profiles and posts on the social network. LinkedIn blocked HiQ's access to public posts and warned the company would be violating the Computer Fraud and Abuse Act if it developed a workaround. The 1986 law contains broad definitions of what constitutes "hacking."
Like Clearview, HiQ used the First Amendment as a defense, arguing that the CFAA was a use of government authority to stifle access to information that was publicly available on LinkedIn. The social network lost the case and the data scraping was allowed to continue.
The use of the First Amendment in the HiQ case, however, might not be a precedent for Clearview, lawyers say. That's because the decision ultimately came down to the court's interpretation of the CFAA's provisions, finding that data scraping on its own wasn't "hacking." In some cases, data scraping has benefits, like researchers using it to investigate racial discrimination on Airbnb.
On Thursday, LinkedIn said it's also taking action against Clearview AI.
"We are sending a cease-and-desist letter to Clearview AI. The scraping of member information is not allowed under our terms of service and we take action to protect our members," the company said.
Lawyers say Google, Facebook, LinkedIn and Twitter might not need to rely on the CFAA. Instead, they can use privacy protection to address the situation.
"If you want to deal with this, the way is not by messing with the CFAA. It's by going through biometric privacy laws," Li said. "I'm in favor of allowing for web scraping generally, but I'm also in favor of privacy."
Clearview says it's partnered with more than 600 law enforcement agencies in the US. Sen. Edward Markey, a Democrat from Massachusetts, has said Clearview presents "chilling privacy risks," while New Jersey's attorney general has barred the state's police from using the app over concerns about privacy and cybersecurity.
"Even if they're protected for the purposes of scraping, that doesn't mean they're protected for the ways they're using that data for biometric surveillance," Cahn said. "We shouldn't conflate immunity from the CFAA with immunity from every possible state and legal claim."
Originally published Feb. 6, 8 a.m. ET.
Update, 3:12 p.m. ET: Adds that LinkedIn is now sending a cease-and-desist to Clearview.