Pimeyes responds to US senator’s claims of enabling ICE doxing

When Republican Senator Marsha Blackburn of Tennessee turned her attention to PimEyes, a facial search engine that lets anyone upload a photo to find matching faces across the public web, her letter to CEO Giorgi Gobronidze carried the sharpness of a political maneuver as much as a policy inquiry.

The senator, who chairs the Senate Committee on the Judiciary’s Subcommittee on Privacy, Technology and the Law and one of President Donald Trump’s most ardent allies in Congress, accused the facial recognition platform of enabling activists to identify Immigration and Customs Enforcement (ICE) officers online, potentially endangering federal personnel.

But what began as an oversight request has quickly evolved into a broader proxy fight over the boundaries of transparency, privacy, and law enforcement secrecy in an era of open access technology.

By November, the exchange between Blackburn and Gobronidze had become a public standoff. Blackburn, dissatisfied with PimEyes’ initial answers, sent a follow-up letter on October 31 pressing for concrete data on how many user accounts had been suspended or terminated for targeting law enforcement and asking whether the company could block searches aimed at federal officers.

Her complaint accused PimEyes of downplaying its role in “a chain of potential harms” and for failing to acknowledge that its technology had become a tool for harassment.

The senator’s campaign reflects her twin objectives of pressuring a single, emblematic company while advancing her and Sen. Lindsey Graham’s Protecting Law Enforcement from Doxxing Act, a bill that would criminalize publishing the names of federal officers when done with the intent to obstruct official duties.

When introducing the legislation, Blackburn cited what she said were “dangerous actions” by “Nashville Mayor Freddie O’Connell and his office to publicly release the names of law enforcement officers” that “put them at a higher risk of being targeted by criminal gangs, including MS-13 and Tren De Aragua.”

Noah Chauvin, Associate Professor of Law at the University of Oklahoma College of Law and a former attorney adviser in the Department of Homeland Security’s Office of General Counsel, argued that the bill is unconstitutional under the First Amendment and impermissibly vague under the Fifth.

He said the proposal “would violate the First Amendment because it is substantially overbroad, fails strict scrutiny, punishes the publication of lawfully obtained information of public interest, and would inhibit access to the courts.”

Together, Blackburn’s letters and legislation form a two-track strategy aimed at tightening corporate responsibility in the facial recognition industry while expanding federal criminal law in defense of agency anonymity.

PimEyes, however, did not quietly accept the senator’s framing. In his detailed eight-page September 23 letter to Blackburn’s original September 17 letter, Gobronidze told Blackburn that PimEyes “is not generative AI” and “not biometric facial recognition.” He explained that it is a “search engine” that performs “image-to-image similarity search” and returns links to already public webpages where visually similar images appear.

Gobronidze stressed that PimEyes “maintains no database of faceprints tied to identities,” processes uploads only transiently, and “does not attach names, disclose addresses, or access private databases.”

The letter reads less like a rebuttal than a technical manual. Gobronidze explained that PimEyes indexes only the open web – not private or login restricted databases – and that its child safety filters, sanctions screening, and “abuse-detection telemetry” prevent misuse.

“The principal risk to law enforcement personnel,” he wrote, “is not created by lawful indexing technologies but by the widespread publication and republication of sensitive personal details across uncontrolled public sources.” Like data brokers.

Gobronidze also pointed to internal safeguards like rate limits, bot detection heuristics, and sanctions screening to detect and suspend abusive users and offered to host a live demonstration for Blackburn’s staff “to review technical controls, including child safety interception, sanctions gating, and abuse detection telemetry.”

He also highlighted human rights and safety applications, from helping locate trafficking victims to supporting war crimes documentation in Ukraine.

Blackburn’s October 31 follow-up letter rejected nearly every foundation of Gobronidze’s defense.

“Your response sidesteps the role that your platform specifically plays in perpetuating and broadening the range of these harms,” she wrote, calling PimEyes’ emphasis on compliance “an insufficient defense” and accusing the company of “placing too little emphasis on ethical responsibility and too much on regulatory compliance.”

The senator dismissed PimEyes’ distinction between biometric and photographic analysis as “semantic rather than substantive,” asserting that “a photo of an individual’s face is perhaps one of the best likeness and identity matches, regardless of whether it is arrived at through pixel comparison or biometric data.”

Even transient processing of facial geometry, Blackburn argued, “undeniably steps into privacy regulated territory.”

Nevertheless, Blackburn accused PimEyes of amplifying public information rather than merely reflecting it, claiming that it “discovers, recovers, concentrates, and links information once scattered.”

Gobronidze emphasized that PimEyes cannot be queried by name, email, or phone number, and does not maintain a database of identities or “faceprints.” Instead, users upload an image, and the system returns links to where similar faces appear online – links that are already publicly available.

“By design, PimEyes does not accept name/text queries, does not index private/login-restricted platforms, and does not maintain an identity-linked faceprint database. Our results are links to already public webpages, not identities,” Gobronidze told Biometric Update.

Continuing, he said, “PimEyes does not identify individuals or occupations, and we do not categorize suspensions by whether a user searched for law enforcement personnel. Our system is not designed to attribute identity or profession to either the searcher or the subject; it returns links to public webpages where similar images already appear.”

The company’s rebuttal to Blackburn also underscored its safeguards. Gobronidze pointed to an opt-out process requiring users to verify their identity with a selfie and redacted government ID, arguing that this step ensures only the rightful subject of a photograph can request removal.

He added that PimEyes’ PROtect alert feature merely informs users when new public pages contain a similar image, without providing location data or accessing private accounts.

Gobronidze said the company routinely suspends accounts that violate its terms of service through automated or abusive use and noted that PimEyes does not categorize suspensions by user intent or occupation, meaning it cannot specifically identify who may have searched for ICE personnel.

“We routinely warn, suspend, or terminate accounts based on policy violation signals – e.g., automation/farming patterns, coordinated misuse, attempts to circumvent “self-search only,” etc.,” Gobronidze told Biometric Update.

“As you can see yourself, the Senator’s letter relies on several misinterpretations and technically incorrect premises – including conflating photographic similarity with biometric identification and suggesting that personal ethical preferences should supersede established legal standards,” Gobronidze said.

In her October 31 letter, Blackburn demanded that Gobronidze provide account suspension statistics, the ratio of internally detected to externally reported abuse, and whether the firm could flag uniforms or insignia linked to law enforcement imagery.

Gobronidze answered four days later in a November 3 response.

“For the avoidance of doubt,” he wrote, “this correspondence is not a defense. PimEyes has nothing to defend against: the facts speak for themselves.”

“It is regrettable that our willingness to cooperate, invite scrutiny, and provide a precise technical record was characterized as a ‘weak defense,’ which was already highlighted in public headlines from your side,” he added. “Our aim has been and remains to ensure policy discussion proceeds from accurate, verifiable facts rather than assumptions.”

Gobronidze reiterated PimEyes’ “threshold facts,” which are that it is an image-to-image search engine with no name-based queries, no private system indexing, and no identity linked database, and appended detailed enforcement metrics.

“From January 1 to November 1, 2025, PimEyes blocked 6,998 accounts for Terms-of-Service violations, intercepted 7,414 search attempts in real time, issued warnings in 100 percent of cases, and permanently blocked 6,575 users,” Gobronidze told Blackburn. “Of 14,424 total enforcement actions, 99.92 percent were internally detected and 0.08 percent externally reported.”

Gobronidze clarified that PimEyes “does not identify occupations and therefore does not tag suspensions by the occupation of a person searched.”

He cautioned that automated suppression “is noisy and risks censoring journalism and public interest content,” though the company offers immediate, time limited link removal upon verified law enforcement request.

Gobronidze also emphasized that PimEyes’ design had passed EU and UK regulatory scrutiny without violations, describing them as “the most demanding independent validation. PimEyes’ design does not violate privacy rights and does not constitute biometric identification.”

“In public debate, ethics vs. compliance is often framed as a choice. In practice, regulatory outcomes in the EU/UK are the most demanding, independent validation of whether a system respects privacy rights,” Gobronidze said.

“Our emphasis on EU/UK GDPR analysis and findings is therefore not a rhetorical shield – it is proof, tested against some of the world’s strictest privacy laws, that PimEyes design does not violate privacy rights and does not constitute biometric identification under the regulations,” he noted.

Blackburn’s critique hinges on a different reading of PimEyes’ influence. Her September 17 letter had cited reports that activists were using reverse image search and generative AI tools to unmask ICE agents with blurred faces in photos and videos.

She invoked the “ICE List,” a project by Dutch activist Dominick Skinner compiling names, partial images, and social media profiles of federal agents.

In a statement, Blackburn stated that PimEyes “artificial intelligence facial recognition technology [had been used] by leftist activists to dox Immigration and Customs Enforcement agents.”

However, Biometric Update was unable to find a publicly documented, independently verified example of PimEyes having ever been used to identify a federal officer in the manner alleged by Blackburn.

Moreover, Gobronidze stressed, “We do not reveal covered faces or unmask anyone. PimEyes performs photographic similarity retrieval. It compares the visible pixels of an uploaded photo to images on the open web and returns URLs where visually similar images already appear. With substantial occlusion, retrieval accuracy typically degrades; we do not reconstruct hidden regions, deblur, or use generative AI to infer identity. Nor do we return names.”

While activists describe their work as accountability journalism, Blackburn portrays it as intimidation that endangers officers’ safety.

Her warnings resonate with a political base that sees law enforcement as a bulwark against chaos but have alarmed civil liberties advocates who argue that her approach risks criminalizing speech, especially since the information in question is openly accessible.

Existing federal law already prohibits publishing federal law enforcement officers’ home addresses or phone numbers with “intent to threaten.” Blackburn’s proposal would extend liability to naming officers if prosecutors infer an undefined “intent to obstruct.”

Critics, including the American Civil Liberties Union and the Reporters Committee for Freedom of the Press, warn that such elasticity could chill journalism and public oversight, creating what one analyst called a “de facto secret police.”

Blackburn’s office insists the law is narrowly tailored to protect operational integrity, not legitimate reporting.

In this sense, the senator’s confrontation with PimEyes serves both legislative and symbolic purposes. It dramatizes the dangers she seeks to legislate against while casting a foreign-based tech firm as the face of an unregulated frontier.

PimEyes, owned by EMEARobotics and based in Dubai, epitomizes lawmakers’ anxiety over globalized AI search systems operating beyond U.S. jurisdiction.

Gobronidze counters that even if PimEyes vanished, “anyone armed with a photograph could still exploit the same open web ecosystem of data brokers, social media, and public archives to find a person’s identity.”

Blackburn’s position underscores the political reality that tools amplifying exposure – without creating new data – can nonetheless alter the calculus of safety. She has used that tension to advance her legislative agenda and embed the PimEyes fight in a broader narrative about the erosion of anonymity for federal officers.

For Gobronidze, the exchange underscores a different truth: that the infrastructure of public data itself, not any single search engine, is what enables exposure in the first place.

What began as a letter between a senator and a CEO has become a test case in how political theater, legislative ambition, and technological nuance collide.

Blackburn’s focus on ICE doxing speaks to legitimate fears about officer safety but also aligns with an administration narrative portraying digital activism as a national security threat.

Gobronidze’s replies – grounded in technical specificity and regulatory validation – highlight the difficulty of legislating against technologies that mirror, rather than manufacture, information.

The outcome of their exchange is unlikely to be settled by correspondence. It will unfold instead in the overlapping arenas of law, technology, and politics where privacy and transparency collide, where innovation and regulation chase each other in circles, and where a senator’s warning about a website doubles as a referendum on how democracies define the limits of being seen.

Article Topics

biometric identification  |  biometric matching  |  biometrics  |  data privacy  |  facial recognition  |  ICE  |  law enforcement  |  PimEyes  |  responsible biometrics  |  U.S. Government