The exploit wasn’t in the code. It was in the settlement class’s lack of recourse.
On February 13, 2025, the U.S. Court of Appeals for the Seventh Circuit overturned a proposed class-action settlement between Clearview AI and privacy plaintiffs. The deal would have granted the company 23% of its equity to the class — essentially trading statutory damages for illiquid shares in a company whose only product was scraping faces without consent. The Court ruled the settlement “unfair, unreasonable, and inadequate.”
For most readers, this is a privacy story. For those of us who audit crypto protocols for a living, it’s a roadmap. The same legal architecture that killed Clearview AI’s escape hatch is now primed to execute biometric blockchain projects — the ones building identity layers on immutability while ignoring the plain text of the Illinois Biometric Information Privacy Act (BIPA).
You didn’t think the SEC was your only regulatory headache. BIPA is the real smart contract: it executes on every Biometric Identifier collected without written release. And unlike a token sale, there’s no grandfather clause for decentralization.
The Anatomy of a Terminal Settlement
Clearview AI’s model was simple: scrape billions of facial images from the public internet, train a recognition engine, sell subscriptions to law enforcement and enterprises. When a BIPA class action arrived, the company had no cash reserves to pay statutory damages — $1,000 per negligent violation, $5,000 per reckless violation. Multiply by an estimated 100 million unique faces in its database, and the math yields a liability that could exceed $100 billion. No startup survives that.
So the attorneys devised a novel escape: grant the class 23% of Clearview’s equity. The argument was that equity would appreciate once the company pivoted to a compliant model, offering a greater recovery than a bankrupt liquidation. The Seventh Circuit wasn’t buying. Writing for the unanimous panel, Judge Wood noted that the settlement “converts statutory damages into a speculative equity stake in a company whose business model was found unlawful by multiple regulators.”
From a forensic perspective, the Court’s logic is a surgical strike against non-cash compensation in privacy class actions. It doesn’t matter that the equity had a theoretical value of $25 million. The Court demanded cash — real dollars that would actually compensate victims for the invasion of their biometric privacy.
Why This Matters for Blockchain
During my 2023 audit of a biometric identity protocol that claimed to “protect privacy via zero-knowledge proofs,” I flagged a clause in their terms: “In the event of a class action, the protocol may compensate users with governance tokens or future protocol fees.” I wrote in the report: “This is a Clearview equity trap. BIPA does not accept tokens as legal tender.” The team shrugged. “We’re decentralized,” they said. “Tokens are our currency.”
That protocol is now being sued in Cook County. The plaintiff’s attorneys are citing Clearview’s case as controlling precedent. The protocol’s treasury is mostly illiquid native tokens. The only cash they have is from a VC round that required a personal guarantee from the CEO. The CEO is now exploring personal bankruptcy.
The hypocrisy is staggering: blockchain projects that preach “code is law” ignore the law that writes itself into every Biometric Identifier they collect. BIPA is a strict liability statute. There is no “good faith” defense. If you collect a faceprint without a written release that specifies the purpose and duration of collection, you have violated the statute. Each scan. Each upload. Each on-chain hash of a facial encoding.
The Core Autopsy: BIPA’s Incompatibility with Immutable Ledgers
Let’s examine the technical fault lines. A typical biometric blockchain project works as follows:
- User provides a selfie or live scan.
- An oracle extracts a facial embedding vector.
- The embedding is hashed and stored on-chain (often as an NFT metadata field).
- The protocol uses the hash to verify the user’s unique identity for airdrops, voting, or credentialing.
At first glance, this seems privacy-preserving: the raw image is never on-chain, only a hash of the embedding. But BIPA defines “biometric identifier” broadly: “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.” The Illinois Supreme Court has held that a “scan” includes any digital representation derived from a physical scan, even if anonymized. A hash of an embedding is still a “scan” because it is derived from the original biometric data.
Now consider the permanence problem. BIPA requires that entities destroy biometric data “when the initial purpose for collecting or obtaining such identifiers has been satisfied or within three years of the individual’s last interaction, whichever occurs first.” A blockchain is an append-only ledger. Once a hash is committed to a canonical chain, it cannot be deleted. Even if the protocol implements a deletion function (e.g., a nullifier), the historical record remains. BIPA doesn’t care about immutability; it demands actual destruction.
In my audit of another project, I found that their “deletion” logic simply burned a token that marked the hash as invalid but left the hash permanently on-chain. I wrote: “This is not deletion. This is redaction. BIPA requires physical deletion of the numeric representation itself.” The lead developer argued that “deletion in a censorship-resistant system is philosophically impossible.” I responded: “Then your system is philosophically illegal in Illinois.”
Liquidity is a mirror, not a vault
The Clearview case also exposes the fallacy of using protocol tokens as compensation. In the appellate ruling, Judge Wood specifically noted that equity was inappropriate because it “converted a certain statutory damage into an uncertain, illiquid asset.” Governance tokens are even worse: their value depends on the continued operation of the protocol, which is precisely what the class action seeks to disrupt. A token awarded as compensation would likely crater in value upon news of the lawsuit. The liquidity is a mirror of the ecosystem’s health — when the ecosystem is attacked, the mirror shatters.
Furthermore, BIPA’s statutory damages are calculated per violation, not per user. A user who submits multiple scans across different transactions generates multiple violations. For protocols with on-chain activity loops (e.g., a user resubmits a scan to re-verify after a key rotation), each submission is a separate collection event. The statutory multiplier can quickly exceed the protocol’s entire token supply by several orders of magnitude.
Oracle Liability: The Hidden Symbiosis
Many blockchain projects source biometric data from third-party oracles that integrate with Clearview-style databases. In 2022, a decentralized identity aggregator used an oracle that pulled faceprints from public social media feeds. The oracles’ terms claimed they had obtained consent, but the consent was generic — not BIPA-compliant (which requires “a written release executed by the subject”).
The protocol argued it was merely a user of the oracle’s data, not a collector. BIPA’s definition of “collection” includes “capturing, obtaining, or otherwise collecting biometric identifiers.” When the oracle sends the embedding to the protocol’s smart contract, the protocol “obtains” the data. The protocol is a joint collector with the oracle. Both are liable.
In the Clearview ecosystem, the company’s customers (e.g., law enforcement agencies that uploaded photos) were also sued as collectors. Courts have held that any entity that “rowses” a biometric database for its own purpose becomes a collector. The same logic applies to any DeFi protocol that calls an oracle to fetch biometric data for identity verification.
The Contrarian Angle: What the Bulls Got Right
Let’s be fair: some blockchain projects have anticipated BIPA. They store biometric data only in encrypted off-chain databases with deletion functions, and use on-chain zero-knowledge proofs to verify identity without exposing raw embeddings. They claim that “blockchain is just the settlement layer; the biometric data never touches the chain.”
This structure mitigates the permanence problem, but it introduces a new one: the off-chain database itself is a centralized honeypot. If that database is compromised, the protocol faces a class action for inadequate security. BIPA allows a private right of action for negligent storage. And because the protocol’s token holders vote on upgrades, they may be deemed “owners” of the database under agency law. Decentralization doesn’t erase liability; it just spreads it across thousands of unidentifiable defendants, making it harder to depose but easier to sue as a “unincorporated association.”
The bulls also argue that BIPA’s $1,000/$5,000 damages are outdated and will be preempted by federal privacy legislation. But no such legislation exists in 2025. The Clearview ruling shows that courts are willing to enforce BIPA’s full force. The only federal bill that has any chance — the American Privacy Rights Act — specifically preserves BIPA’s private right of action. Preemption is a myth.
Forensic Takeaways: Where Every Biometric Blockchain Project Will Fail
Based on my audit experience across 12 biometric-related protocols, I’ve identified five recurring failure points that mirror Clearview’s mistakes:
- No written release: Project terms of service are often a clickwrap agreement that does not specify (a) the specific purpose of collection, (b) the duration of retention, or (c) the procedures for deletion. BIPA requires a written release that is “executed” by the subject before collection. Clickwrap is not a signed document.
- No deletion mechanism: Even when projects claim to delete data, they cannot delete historical on-chain hashes. The only solution is to keep biometric data entirely off-chain in a deletable database. But that database must be auditable by a court. Most projects refuse to audit their off-chain servers.
- Token compensation plans: Many projects embed compensation in their tokenomics, assuming they can pay damages with their own token. Clearview’s case now establishes precedent that non-cash compensation is presumptively inadequate in BIPA class actions. Tokens are equity, not currency.
- Oracle reliance without due diligence: Projects that use third-party oracles often fail to verify that the oracle obtains BIPA-compliant consent. The oracle’s word is not enough. BIPA requires the collector to retain the written release for the duration of possession. The protocol must have a copy of the release, not just a claim.
- Ignoring withdrawal of consent: BIPA allows subjects to withdraw consent at any time. If a user submits a zero-knowledge proof that they no longer consent, the protocol must delete the biometric identifier within a reasonable time. On-chain deletion is impossible; off-chain deletion must be immediate. Most projects have no mechanism to honor withdrawal because it breaks the invariant of unique identity.
Standardization fails when it ignores human chaos
The blockchain industry loves standards: ERC-721, ERC-4337, ERC-725. But there is no standard for BIPA-compliant biometric collection. The only way to be safe is to not collect biometrics on-chain. If you must tie identity to a unique being, use a deterministic commitment like a Solana wallet signature that proves control of a private key. That’s not biometric; it’s cryptographic. BIPA doesn’t apply.
The Expandability of Risk
In code, silence is the loudest vulnerability. The silence in most biometric blockchain projects is the absence of a BIPA compliance clause in their smart contract code. I’ve audited protocols that have 500 lines of complex zk-circuits but zero lines addressing the statutory requirement to obtain a written release. The protocol simply assumes that “user consent” is implied by connecting a wallet.
But BIPA’s consent standard is higher than web3’s. A written release must be a physical or electronic signature that is “readily capable of being authenticated.” A MetaMask pop-up is not a signed instrument. The Seventh Circuit’s ruling in Clearview implicitly reinforces this: the Court rejected the equity settlement partly because it didn’t provide a “reliable method” to verify claimants’ identities. The same logic applies to on-chain consent: without a verifiable binding release, the protocol has no defense.
The Contrarian’s Last Stand
Some argue that BIPA only applies to “biometric identifiers” used for “identification or authentication.” If a project uses faceprints for something else — say, generating an artistic avatar — is it outside BIPA’s scope? The Illinois Supreme Court has not ruled on this, but lower courts have held that any “scan of face geometry” is covered, regardless of purpose. The statutory definition is broad and has no commercial use exception.
Another contrarian take: “We don’t have users in Illinois.” BIPA applies to any person whose biometric identifier is collected while residing in Illinois. If even a single user connects from an IP address in Chicago, the entire protocol is subject to BIPA. Geolocation blocking is trivial to bypass. The court will not accept technical ignorance.

The Takeaway: BIPA is the Real Smart Contract
If your blockchain project touches faces, you’re not building the future. You’re building a lawsuit. BIPA’s statutory damages are executed algorithmically: every time a facial scan is recorded without a proper release, a penalty is accrued. There is no oracle to stop the execution. The blockchain remembers, but the auditors forget. BIPA remembers too.
I’ve seen projects raise $50 million on a whitepaper that promises “private decentralized identity” with not one mention of BIPA. Their legal counsel (if they have one) is a corporate lawyer who thinks “data privacy” means not sharing email lists. They are the next Clearview — but with smarter code and dumber legal hygiene.
The smart money is already moving away from biometric identity entirely. They’re using proof-of-personhood mechanisms that rely on social graph analysis (like a user vouching for another user’s uniqueness) or hardware attestations (like a trusted execution environment that attests to a single device per human). These systems don’t collect biometrics. They collect cryptographic proofs of human activities. BIPA doesn’t apply.
But if you persist with facial recognition, at least do this: get a written release from every user before the scan, store it in an auditable off-chain database, implement a deletion function that actually destroys the digital representation, and set aside a cash reserve of at least $10 million for potential statutory damages. Then watch as the reserves dwindle with each new user.
Logic is binary; trust is a spectrum. BIPA forces a binary choice: either your project is compliant or it is illegally collecting biometrics. There is no middle ground of “we’ll fix it later.” Clearview tried that. The Seventh Circuit just closed the door.
The exploit was never in the code. It was in the assumption that the law is slower than the blockchain. It’s not. BIPA is faster. And it doesn’t accept tokens.
