Dozens of American companies were listed in a leaked user database for a Russian facial recognition company

    • A leaked user list from Russian facial recognition company NTech Lab counted more than 1,100 entities, including dozens of American companies.
    • Russia-based NTech Lab sells a facial recognition tool called FindFace, and its donors include two Russian government-backed funds.
    • The list of disclosed users provides the most detailed information on NTech Lab’s reach to date, as it publicly acknowledges only a handful of customers and users.

Intel, SpaceX, Dell and Philip Morris are among dozens of US companies listed in a leaked database of companies that have been licensed to use FindFace, a facial recognition tool developed by recently funded Russian company NTech Lab. by the Kremlin. – backed funds.

The NTech Lab user list, which was shared with Insider by an anonymous source, includes more than 1,100 entries, with companies and government agencies from more than 60 countries.

When Insider reached out to NTech Lab for comment and provided a sample user list, a spokesperson confirmed that the sample contained “a few current customers,” as well as “companies and organizations that have tested our video analytics software for various purposes”, such as competitors conducting market research, business partners, and resellers who sell NTech Lab software to other parties. Some of these parties may have obtained a FindFace license but never paid for it.

Although it was speculated that NTech Lab – which rose to prominence in 2015 when it won the MegaFace Benchmark challenge, a facial recognition accuracy test – might have US users, it never was. confirmed.

The leaked user list provides the most detailed information yet on how the secretive facial recognition company – which publicly acknowledges only a handful of customers and users – provided licenses to major US companies . More broadly, the list shows that NTech Lab has granted licenses to companies, police and military agencies around the world and powers important nodes of Russian state surveillance infrastructure.

Although the US companies that responded to comments and confirmed usage – Philip Morris, CasinoSoft and MutualLink – said they last used FindFace several years ago, the list of leaked users also includes nearly all current customers. which NTech Lab names on their website, and many more.

A spokesperson for NTech Lab told Insider that despite the leak, “there is no potential threat to our customers and our biometric data.”

“Our software is operating normally with no signs of hacker attacks,” the spokesperson said. “Therefore, we are investigating reports of a possible leak based on your letter and, if confirmed, we will proceed [a] complete security audit of our infrastructure and immediately take the necessary measures.”

Screenshot of the public user guide for FindFace, NTech Lab's facial recognition product.

Screenshot of the public user guide for FindFace, NTech Lab’s facial recognition product.

NTech Laboratory

Tobacco company Philip Morris International, known for selling Marlboro and several other cigarette brands, confirmed to Insider that it used FindFace.

David Fraser, a company spokesperson, said Philip Morris considered using FindFace in 2017 and 2018 “as a potential supplier for our age verification program”. Fraser added that the company “tested the software for a month, but in the end we did not continue and selected another supplier”.

Philip Morris said in a blog post that he uses “age verification technology” to verify users trying to buy an IQOS VEEV, a vape only available in a few countries. The vape website does not refer to the use of facial recognition for age verification. (It asks people to upload government-issued ID so that “name and date of birth” can be referenced “against government-provided databases.”)

Despite being named on the list of leaked users, Intel and Nokia denied using or experimenting with FindFace. The NTech Lab spokesperson noted that it is very possible that some companies on the user list received a license but never used it or conducted any research.

Many other US companies were included in the user list but did not respond to comments when contacted by Insider. Some of these companies include Starlink, a satellite-focused subsidiary of SpaceX, as well as Honeywell and Bosch. Several facial recognition vendors – such as Genetec, NEC and Dataworks Plus – were also included in the list of users.

Companies CasinoSoft, which sells compliance software to casino and gaming companies, and MutualLink, which sells monitoring and emergency response technology, also confirmed they have tried FindFace.

“We considered using it at one point and even signed up to use it,” CasinoSoft partner Matt Montano told Insider. “We have never actively integrated with their product or deployed any of their code.”

Mark Hatten, CEO of MutualLink, told Insider that a retired innovation team leader at the company investigated facial recognition technology “in 2016 and 2017.” But he said the company “has never pursued any innovation or development in the area of ​​facial recognition.”

Many other US-based small companies were also included in the list of leaked users, such as Tradle, Vision Logic, SI Business Solutions, Barter Security and Novotrax.

There are private companies from over 60 countries in the Ntech Lab leak, including the US, Canada, Mexico, UK, UAE, Saudi Arabia, China, Myanmar , India and Australia.

Two of NTech Lab’s newest investors are Russian government-backed investment funds. The Kremlin-funded Russian Foundation for Technological Development awarded the company a $1.3 million grant in 2021. In 2020, the company raised a cumulative total of $15 million from the Fund Russian Direct Investment Fund, which is funded by the Russian government; and Mubadala, a state-run investment fund managed in the United Arab Emirates.

In light of Russia’s invasion of Ukraine, the United States and dozens of other countries imposed sanctions on major Russian banks, major state enterprises in Russia, and senior Russian officials. These sanctions apparently do not apply to NTech Lab, which, although it receives money from public investment funds, is run by private individuals who do not hold positions in the Russian government.

Most of the entries on NTech Lab’s leaked user list are police and military agencies from other countries, including Interpol, the Brazilian Federal Police, and the Royal Thai Army. There are also many public institutions in Russia on the user list, such as the Russian Federal Security Service, the Federal Penitentiary System, as well as several schools and metro systems. There are also at least 20 Ukraine-based entities, including businesses in areas like Kyiv Square.

A handful of entries on the user list correspond to individuals. There is also an entry for Russian billionaire Dmitry Itskov, which included his email address.

When contacted for comment by Insider, Itskov said he was likely on the user list because some of his employees requested a trial license for FindFace a few years ago.

“I remember around 2016, the software engineers at one of my companies looked at their SDK in light of a payment software project, but the development never happened due to the issues with privacy of our customers,” Itskov said.

NTech Lab claims that FindFace can perform facial recognition, object recognition, license plate recognition, and feature detection (such as “gender, age, emotions, glasses, face mask, the beard and many others”). The company advertises several use cases on its website, including identifying “intruders in a crowd” from personalized watchlists, document verification, airport security and building access regulation. .

There are some limitations to the list of disclosed users. The list of users also does not appear to include all of NTech Lab’s customers. A few of the paying clients mentioned on its website, such as MasterTek and Bitrix24, are not listed in the data.

The NTech Lab spokesperson declined to clarify whether the leaked data represents a specific subset of companies and agencies that have licensed FindFace in the past, or currently have one. However, the spokesperson noted that it has around 300 active customers in over 20 countries. (On its website, NTech Lab says it has more than 1,000 “partners and customers.”)

The leaked user list also contained encryption keys assigned to specific customers, which the NTech Lab spokesperson said was a “key to use your license.”

Do you have any advice? Contact this reporter by email at [email protected] or [email protected], or via the Signal secure messaging app at +1 (785) 813-1084. Check out the Insider source guide for suggestions on how to share information safely.

About Travis Durham

Check Also

NASA calls for proposals for 2nd Artemis lunar lander

NASA is asking private industry to come up with ideas for another astronaut lunar lander. …