Online tools allow people to identify others from photos – opening the way for targeted ridicule, doxxing, or worse.
For months in 2023, an anonymous account on X, called @GloverJanny, identified people from their photos.
The account doesn’t exist anymore. But it was popular in anti-immigrant circles because its doxxing activities helped them advance harmful tropes.
Extremist accounts would shout it out. At one point, someone asked the account owner if they worked for the CIA.
Whatever tool the person behind the account was using, identifying people from their image isn’t hard.
Facial-recognition search engines are publicly accessible. PimEyes is one of them.
Indeed, even as the government is poised to send a bill to the Dáil to unlock technologies like this for use by An Garda Síochána, PimEyes is available to anyone willing to pay.
A spokesperson for An Garda Síochána has not yet addressed queries sent on 27 May, asking if it has any concerns about the use of facial-recognition technologies by extremists. And whether gardaí might be using such tools under the radar already.
A spokesperson for the Department of Justice referred queries about these issues to the Data Protection Commission.
A spokesperson for the Data Protection Commission (DPC) said gardaí can’t legally use any facial recognition tools at the moment, and if they do, it’s something An Garda Síochána needs to deal with.
But “The DPC does not have any concerns at this time that this may be occurring,” they said.
The DPC spokesperson did not directly respond to a query asking about its use by other parties.
Simon McGarr, a lawyer specialising in intellectual property and internet law at McGarr Solicitors, says all of these facial recognition tools process people’s biometric data – which includes people’s unique characteristics like facial features or fingerprints.
He points to the American company ClearviewAI, which faced fines in the EU for scraping people’s photos and compiling them in its database.
The Dutch data protection authority said that, “Among other things, Clearview has built an illegal database with billions of photos of faces, including of Dutch people.”
Clearview’s website says, in its FAQs, under the question, “Is Clearview illegal?” that its “technology is entirely lawful”, but that these days, it “does not offer its technology in the EU, UK, Australia and Canada”, or in several US states.
The problem for Clearview and other similar tools is the same, says McGarr.
“There isn’t a legal basis for collecting up the facial images and making the biometric fingerprint in the first place,” he said.
In other words, keeping and processing databases like that isn’t really legal, McGarr said.
In December 2022, a German data regulator said PimEyes’s practices were “a danger to the rights and freedoms of German citizens under the EU's General Data Protection Regulation.”
But unlike Clearview, PimEyes says it doesn’t store people’s images, just crawls the internet to find a match based on a face, and redirects its subscribers to external sites.
“PimEyes doesn’t keep the photos used or published by the various websites,” it says
Is that a loophole that helps it stay up and running in Europe?
McGarr, the solicitor, says that doesn’t matter. Both retrieval and storage count as processing of personal data under Article 4 of the General Data Protection Regulation (GDPR), he said.
PimEyes also argues that it wants to protect people who are victims of “illegal usage” of their images.
“Using the latest technologies, artificial intelligence, and machine learning, we help people find their pictures on the Internet and defend themselves against scammers,” says its website.
It says it’s empowering ordinary people to “track down their faces on the Internet, reclaim image rights, and monitor their online presence.”
Searching other people’s photos is not allowed, it says. But there’s no mechanism in place to stop it either.
PimEyes also shares news articles about how its search engine is aiding journalistic investigations, which seems to contradict that rule.
It cooperates with law enforcement officials and reveals the identity of misusers, its website says.
The search engine doesn’t crawl social media or any other website with “restricted information” either, only public ones, it says.
Whether these tools are legal in Europe at the moment or not, they are in private use – and they or similar tools may soon be in official use by law enforcement.
Last month, Paul Murphy, the People Before Profit TD, had flagged his concerns with Jim O’Callaghan, the Minister for Justice, about the possibility of facial recognition tech being used to trace people who attend public protests.
Meanwhile, Fianna Fáil TD Tony McCormack asked the Minister about his views on its use to combat “serious crime and retail theft”.
O’Callaghan told both that An Garda Síochána needs modern gear to protect the public from harm, things like body cams and facial recognition tech. There are commitments to that in the Programme for Government, too, he said.
Officials are putting the final touches to the bill that would tweak the Recording Devices Act and greenlight the use of biometric tech, O’Callaghan told the Dáil on 15 May.
“The draft Bill will provide for the sorting and filtering of CCTV or other footage and images through the use of biometrics by An Garda Síochána,” said a spokesperson for the Department of Justice.
That comes in handy for tracing “a person suspected of a serious crime in large volumes of video footage,” they said.
O’Callaghan, the Minister for Justice, told the Dáil that officers will be trained and its usage would mirror best practices followed across Europe.
But a subsequent bill outlines rationale to use “live” facial recognition tech, too, he said.
“In cases of terrorism, national security, and missing persons, with strict safeguards,” said O’Callaghan.
Live facial recognition cameras stream the faces of people that pass them by on the police’s facial recognition system and compare them to a watch list, says the website of the UK’s Metropolitan Police, which already uses it.
Olga Cronin, a policy officer at the Irish Council for Civil Liberties (ICCL) says she’s worried about that.
It would be an invasion of people’s privacy when they’re minding their own business in public, she said.
Its deployment could also change how people behave in public, Cronin says, having “an effect on the choices people make as to where they will go, who they will meet and who they will associate with”.
And it could also lead to the misidentification of innocent people, especially people of colour, which this tech has misidentified over and over.
“It is well-documented that FRT [facial recognition technology] has a bias against people who are women and people who are not White,” said Cronin, by phone recently. The reason is that it’s been trained on photos of mostly White men, she says.
A spokesperson for the Department of Justice said the guards won’t jump the gun and make consequential decisions just because someone’s face is a match. “It would be one lead into an investigation that might lead to other lines of inquiry,” they said.
Journalist Kashmir Hill, author of the book Your Face Belongs to Us, about Clearview AI, has written that this is a common line in the United States.
“Law enforcement often defends the use of facial recognition, despite its flaws, by saying it is used only as a clue in a case and will not lead directly to an arrest,” she wrote.
But she has documented in articles in the New York Times several examples of people – Black men – wrongly arrested “based almost solely on a suggested match by the technology”.
Clearview AI no longer operates in Ireland, and the Department of Justice says it hasn’t decided which facial recognition tech the guards will use if the bill passes, but “accuracy and safety” would be a vital factor.
At the moment, the Department of Foreign Affairs uses the tech offered by the French firm Thales. It has been used to combat passport fraud this year, according to that department.
A June 2024 Artificial Intelligence Advisory Council recommendations to the government brief about the use of facial recognition tech by An Garda Síochána calls for “caution and rigour”.
“FRT [Facial Recognition Tech] in law enforcement is high-risk and cannot be responsibly implemented without addressing issues of accuracy, discriminatory effects, data privacy, data security, and fundamental rights,” it says
It advises against its use without “independent review and evaluation by AI experts, considering unresolved risk factors and their potential impacts”.
PimEyes users can buy a monthly subscription and upload anyone’s photo to be searched. Right now, its prices range from roughly €34 a month to a little over €335, the latter package lets you perform “deep search” and export the results, says its website.
The company’s tool compares uploaded photos with a galaxy of shots found in different corners of the internet and generates best matches for its subscribers.
Its website features a bunch of testimonials from big journalism clients. “It’s quick, it’s accurate, it’s facial recognition on steroids,” says a quote attributed to the BBC.
Sometimes it shows people in public settings, minding their own business.
An architect might post photos of a building they had designed, and PimEyes would direct you to their website because the person you’d face-searched happened to be sitting outside a café near a showcased building.
Other times, it throws up pornographic videos because it thinks people in them look like the photo it was given. It mostly does that with photos of women.
To be excluded from its search results, users must upload a clear image of themselves to the website. “For better results, please upload more than one photo to include different face angles,” says its website.
Some subscribers can also manually hide their photos on the search engine as long as they’re paying at least €40 per month. PimEyes will help send GDPR takedown requests to external websites it links to if you’re paying them, too, says its website.
PimEyes says it won’t let users search children’s faces. But testing it again and again showed it only blocks searches of younger kids – and it allows searches of teenagers’ faces.
A spokesperson for PimEyes has not yet responded to a query sent on Monday asking about that.
If a garda searches a suspect’s face on PimEyes on a personal device and uses the information in the course of their work, it may not be possible to find out.
Cronin says the ICCL had the same concerns about under-the-radar use of ClearviewAI by gardaí back when it was available.
But the Department of Justice said it didn’t have any evidence to suggest it was happening, said Cronin.
Murphy, the People Before Profit TD, says he’s pretty concerned about the use of biometric search engines in general.
“The fact that anybody can pay a small amount of money for PimEyes and be able to doxx them from publicly available video is concerning,” he said.
It’s even worse if the cops use it before they’re authorised to do that, he said. “That represents a significant threat to civil liberties.”
Whatever temporary measures are put in place, nothing is ever going to do the job like a big solid concrete wall, says Maynooth University’s Peter Thorne.
They recite schemes that were promised, or piloted, but seem to have gone nowhere. A council spokesperson said similar initiatives still exist.
But they appear to lack the necessary power, and are likely moving too late. Manna hopes to start delivering toasties and tacos in the city “by late this summer”.
Grosvenor Lodge is so rundown that the council is looking at adding part of it to its derelict sites register.
