Amazon’s palm reading starts at the grocery store, but it can be quite large

Earlier this week, Amazon unveiled the Amazon One: a new technology for its Amazon Go stores that allows shoppers to pay for their groceries by scanning the palm of their hand. By analyzing the shape of your hands and the unique arrangement of veins under your skin, Amazon says its technology can verify your identity just like facial recognition.

Although initially Amazon One will only be used for payments, it is clear that the giant company of this technique has very big ambitions for this hardware. In the future, he says, Amazon One can be used not only for shopping, but also for music and sports events in exchange for tickets, and as an alternative to your office fee keycard, allowing you to scan with the swipe of your hand. In other words, Amazon One is not a payment technology. That one Identity Technol and G and can give Amazon more reach in your life than ever before.

Understandably, some experts are skeptical of Amazon’s convenience claims, and worry about a company with a spotty track record on privacy that could become the controller of the new identity standard. Whether it’s using Amazon’s biased recognition algorithms or its ambition to expand the home surveillance camera network, this is an organization that has proven time and again that personal privacy is not always its biggest concern. Is it a good idea if Amazon knows exactly that you are out of the palm of your hand?

Let’s start by looking at technology, which is a blessing in disguise. Palm scanning has been around for almost a year, and although Amazon doesn’t provide much detail on its own implementation, it looks a lot like its predecessors.

As the company explains on its FAQ page, the Amazon One hardware confirms the user’s identity by looking at “your palm minute characteristics – both surface-area detail lines and stripes as well as subcutaneous features like vein patterns”. Typically, vein scanning is done using infrared light that penetrates the surface layers of the skin, although Amazon does not specifically mention this technology. It says anyone can sign up to any Amazon One by inserting a credit card into its scanners and registering one or both palms. Scanners can then identify someone “in seconds” without skin contact. (Epidemic bonus, but not much cleaner or faster than using many contactless credit cards.)

From a security standpoint, palm scanning has some major advantages over other biometrics. First, the information used to identify you is not easily observable, unlike your face or earprints. Fingerprints can also be taken from touched from or photographed remotely. It is very difficult to take a picture of someone’s hand and use it to loosen their vein patterns.

“All other biometrics that are becoming commonplace – face, fingerprints, rainbow – are all visible and visible from the outside,” said Elizabeth Reneris, a law and policy researcher who focuses on issues such as data governance and human rights. Elizabeth Rainier said law and policy researchers focused on data governance and human rights issues. Edge. “It simply came to our notice then [of palm scanning]”

Similarly, the information collected during a palm scan makes it easier to incorporate a lifetime test: check to see if there is a real, living person in front of you. For this reason, it has always been claimed that palm or vein identification is the most accurate and safe of all common biometrics, although statistics depend on how the technique is implemented. It’s also worth noting that palm scanning is definitely not foolproof, and hackers have shown in the past that they can create fake hands that can trick some scanners.

Do you want to store your palm in the cloud?

There’s another big difference between Amazon One and other biometric systems you can use, and that Amazon will keep its palm data in the cloud. People have long been concerned about this type of personal data collection, but it’s surprising that it’s Amazon that is trying to make it happen now.

Reubenben, an associate professor focusing on data protection at Oxford University, explained Edge, Cloud storage is inherent in the system that Amazon builds. “It’s hard to do anything other than in the case of this type of use [that data] In the cloud, ”he says. “Whether it’s a good idea is another question.”

From Amazon’s point of view, this means that special care must be taken about how it stores and stores data. Biometric information is not protected in the same way as other data, by EU GDPR rules and some U.S. state-level legislation. It is not clear, for example, how Amazon One will work with regulation such as the Illinois Biometric Information Privacy Act (BIPA), for which companies obtain informed consent before collecting biometric data. (Amazon seems to recognize this in its copy for its palm scanning tech and says that presenting your palm to the scanner requires “intentional action” by the customer.)

Beans contrasts with the Amazon One with technology like Apple’s Face ID, which uses facial recognition data to unlock your phone and verify payments but keeps biometric data on your device. By keeping the data in the cloud, you are bringing it against hackers as well as potentially making it more accessible to third parties with interests like governments.

But Bins insists that Amazon One, like any authentication biometric system, has a basic trade-off: Do you want to create a password that is part of your body?

“The advantage is that it always stays on you, this is not something you can lose, but it’s also a disadvantage because you can never change it,” Bins says. “You can never change your palm like you change your password or other identification token.” And while this may be acceptable for low-stakes scenarios – such as using facial recognition to verify who you are with the country’s government at the border – Binns says it seems inappropriate for something like a purchase, especially when the same favorable options Already present.

“It simply came to our notice then [of data] And the level of assurance you really need for some use cases, ”he says.

Amazon One is fast and touch-free – but that’s why contactless credit cards are being used..
Image: Amazon

In addition to payment

If Amazon One is overpriced for shopping, then what is the company’s real end game?

It’s hard to guess, just because the Amazon One can have so many different uses. but why Would not Want to take charge of the ID and payment infrastructure used in companies, stores, stadiums and offices fees like Amazon? Amazon One is only launching in the company’s pair of Amazon Go stores in Seattle, but the company is offering anyone interested, promising that if they adopt Amazon One, they will be able to offer their customers “unified service, fast payment, and personal experience. . “If the service goes up, you can imagine that Palm Verification not only in shops and offices fees, but in smart homes, theme parks, airports and any other place where you have to verify who you are.

Mozilla Foundation Tech Policy Analyst and Fellow Frederick Calthuner Edge This is a potential inspiration for Amazon: filling spaces in its data empire, especially in the physical retail space. If they can better track what people are buying and what they are spending on it, they can better target them with new products on

“If I go to a store they have a missing link in the type of data they have,” Calthuner says. She notes that many data brokers exist that already collect information on buying habits from items such as loyalty cards, but if Amazon could have collected that data manually, it could have cut the middle man. “When a company that already has a lot of data and knows a lot about a lot of people enters a new industry, the question is, can data be linked?” Says Calthuner. (On Amazon One’s FAQ page, the company does not say what it intends to do with the payment data it may collect from third-party stores.)

For some, though, the concern of a service like Amazon One goes far beyond data collection. Rainier says what worries her about technology is a way in which you have a relationship with who you are physically, with your purchase and similar transaction history.

“The closest thing we have now is things like Apple Pay and Let Late and Apple Pay Pay and other device-based payment infrastructure,” says Rainier. “But I think, philosophically and morally, there is a lot of value in having a physical scattering between your behavioral structure and your physical self – your personality and your body. As we merge the two … a lot of rights based on the limits of the individual are further threatened. ”

Rainier says that from a historical point of view, privacy is based on physical places like your home, or your papers or your property. But once those physical spaces begin to bleed into the digital world, like an identity system that is incredibly tied to your real hand, “it becomes difficult to establish and maintain those rights.”

He says, “Your physical self is literally becoming a practical tool.”