Dozens of US Companies Were in a Leaked Database of Users for a Russian Facial Recognition Company – Business Insider

Dozens of US Companies Were in a Leaked Database of Users for a Russian Facial Recognition Company – Business Insider

wp header logo 112

Intel, SpaceX, Dell, and Philip Morris are among dozens of US companies listed in a leaked database of companies that have gotten a license to use FindFace, a facial recognition tool developed by the Russian company NTech Lab, which has been recently financed by Kremlin-backed funds.
The NTech Lab user list, which was shared with Insider by an anonymous source, includes more than 1,100 entries, with businesses and government agencies from more than 60 countries. 
When Insider contacted NTech Lab for comment and provided a sample of the user list, a spokesperson confirmed that the sample contained “a few current clients,” as well as “companies and organizations that have tested our video analytics software for various purposes,” like competitors doing market research, business partners, and resellers that sell NTech Lab software to other parties. Some of these parties may have gotten a FindFace license but never paid for it. 
Although it’s been speculated that NTech Lab — which rose to prominence in 2015 when it won the now-shuttered MegaFace Benchmark challenge, a facial recognition accuracy test — may have American users, it’s never been confirmed. 
The leaked user list provides the most detailed insight to date on how the secretive facial recognition company — which only recognizes a handful of clients and users publicly — has provided licenses to major US companies. More widely, the list shows that NTech Lab has given licenses to companies, police, and military agencies around the world, and powers important nodes of Russia’s state surveillance infrastructure.
Although the American companies that responded for comment and confirmed use — Philip Morris, CasinoSoft and MutualLink — said that they last used FindFace several years ago, the leaked user list also includes almost all of the current clients that NTech Lab names on their website, and many more.
An NTech Lab spokesperson told Insider that despite the leak, “There are no potential threats to our customers and biometric data.”
“Our software is functioning normally without any sign of hackers attack,” the spokesperson said. “Therefore, we are investigating the information about a possible leak based on your letter and, if it is confirmed, we will conduct [a] comprehensive security audit of our infrastructure and take necessary steps immediately.”
The tobacco company Philip Morris International, known for selling Marlboro and several other cigarette brands, confirmed to Insider that it had used FindFace. 
David Fraser, a spokesperson for the company, said that Philip Morris had considered using FindFace in 2017 and 2018 “as a potential vendor for our age-verification program.” Fraser added that the company “tested the software for a month, but ultimately we did not proceed and selected an alternate vendor.”
Philip Morris said in a blog that it uses “age-verification technology” to verify users who try to buy a IQOS VEEV, a vape only available in a few countries. The website for the vape doesn’t reference using facial recognition for age verification. (It asks people to upload a government-issued ID so that “name and date of birth” can be referenced “against government provided databases.”)
Despite being named on the leaked user list, Intel and Nokia denied having used or experimented with FindFace. The NTech Lab spokesperson noted that it’s very possible that some companies on the user list received a license but never used it or ran a search.
Many other US companies were included in the user list but did not respond for comment when contacted by Insider. Some of these companies include Starlink, a satellite-focused subsidiary of SpaceX, as well as Honeywell and Bosch. Several facial recognition vendors — such as Genetec, NEC, and Dataworks Plus — were also included in the user list.
The companies CasinoSoft, which sells compliance software to casino and gaming companies, and MutualLink, which sells technology for surveillance and responding to emergencies, also confirmed that they tried FindFace. 
“We had looked at using it at one time and even signed up to use it,” Matt Montano, a partner at CasinoSoft, told Insider. “We never did actively perform an integration with their product nor deploy any of their code. “
Mark Hatten, CEO of MutualLink, told Insider that a now-retired innovation team leader for the company investigated facial recognition technology “in 2016 and 2017.” But he said that the company “never pursued any innovation or development in the facial recognition area.”
Many other small, US-based companies were also included in the leaked user list such as Tradle, Vision Logic, S.I. Business Solutions, Barter Security, and Novotrax.
There are private companies from more than 60 countries in the Ntech Lab leak, including the US, Canada, Mexico, the United Kingdom, the United Arab Emirates, Saudi Arabia, China, Myanmar, India, and Australia.
Two of NTech Lab’s most recent investors are investment funds that are financed by the Russian government. The Kremlin-funded Russian Foundation for Technological Development gave the company a $1.3 million grant in 2021. In 2020, the company raised a cumulative $15 million from the Russian Direct Investment Fund, which is financed by the Russian government, and Mubadala, a state-run investment fund run in the United Arab Emirates.
In light of Russia’s invasion of Ukraine, the US and dozens of other countries have imposed sanctions on major Russian banks, major state-owned businesses in Russia, and top Russian officials. These sanctions seemingly do not apply to NTech Lab, which despite benefitting from money from state-owned investment funds, is privately run by individuals who don’t have positions in the Russian government. 
Most of the entries on the leaked NTech Lab user list are police and military agencies in other countries, including Interpol, the Brazilian Federal Police, and the Royal Thai Army. There are also many public institutions in Russia on the user list, like the Russian Federal Security Service, the Federal Penitentiary System, as well as several schools and metro systems. There are also at least 20 entities that are based in Ukraine, including businesses in areas like Kyiv Square. 
A handful of entries on the user list correspond to individuals. There’s also an entry for Russian billionaire Dmitry Itskov, which included his email address.
When reached for comment by Insider, Itskov said that he was likely on the user list because some of his employees requested a trial license for FindFace a few years ago.
“I recall around 2016 the software engineers from one of my companies looked at their SDK in light of a payments software project, but the development never happened due to the privacy concerns of our clients,” Itskov said.
NTech Lab claims that FindFace can do facial recognition, object recognition, license plate recognition, and detection of features (such as “gender, age, emotions, glasses, face mask, beard, and many others”). The company advertises several use cases on its website, including identifying “intruders in a crowd” from custom watch lists, document verification, airport security, and regulating access to buildings
There are some limitations to the leaked user list. The user list also does not appear to include all of NTech Lab’s customers. A few of the paying clients mentioned on its website, like MasterTek and Bitrix24, are not listed in the data. 
The NTech Lab spokesperson declined to specify if the leaked data represents a specific subset of companies and agencies that got a FindFace license in the past, or currently have one. However, the spokesperson noted that it has about 300 active clients in more than 20 countries. (On its website, NTech Lab says that it has more than 1000 “partners and customers.”) 
The leaked user list also contained encryption keys assigned to specific clients, which NTech Lab spokesperson said was a “key to use your license.”

Got a tip? Contact this reporter via email at or, or through secure messaging app Signal at +1 (785) 813-1084. Check out Insider’s source guide for suggestions on how to share information securely.
Keep reading
For you




July 31, 2022 at 04:22PM

Leave a Reply

%d bloggers like this: