Inadvertently, Microsoft took offline from the Internet a database that stored more than 10 million faces that, according to information security services experts, the company used to develop facial recognition systems for possible military and commercial implementations.
The database, identified as MS Celeb, was put online in 2016 and, according to Microsoft this was the largest group of face recognition data in the world, as it contained more than 10 million of images belonging to about 100k people.
Information security services experts point out that the company did not ask for the consent of the people whose faces were in the database, as the images were obtained through image search engines and videos on the Internet under license of Creative Commons, which allows the use of the images for academic purposes.
A few days ago the company eliminated the database after some media reported the alleged use of the database by third parties. Regarding the shutdown, Microsoft stated: “The database was managed by an employee who no longer works with us, since then the content was deleted “.
In addition to the Microsoft database, two other data sets were recently deleted, including the MTMC surveillance data set, developed by Duke University researchers, and Brainwash, the Stanford University’s data system. This system used images of the clients of a cafeteria located in California called Brainwash. Stanford University claims that this dataset was eliminated due to a request of one of the system’s developers.
The information security services expert Adam Harvey was in charge of revealing the use of these databases by third parties. The expert says that the MS Celeb database has been used by multiple companies, including Panasonic, Nvidia, IBM, Hitachi, among others. However, the most warning cases are those of Sensetime and Megvii companies, which are Chinese organizations engaged in equipment for officials in Xinjiang, where minority groups, such as Muslims, are under constant vigilance and even sent to concentration camps.
Although the database has already been removed from the Internet, according to experts from the International Institute of Cyber Security (IICS) it is still available for companies that once had access to it; in addition, according to Adam Harvey, the database is still shared in open source development websites.