Earlier this week, Amazon unveiled Amazon One: new technology for its Amazon Go store, which lets shoppers pay for their groceries by scanning the palm of their hand. By analyzing the shape of your hand and the unique configuration of the veins beneath your skin, Amazon says that its technology can verify your identity in the same way that your recognition is.
Although Amazon One will initially be used for payment only, it is clear that the tech giant has huge ambitions for this hardware. In the future, it says, the Amazon One can be used not only for shopping, but as a replacement for tickets to music and sports shows, and as an alternative to your office card, you will need a link to your hand Allows to scan with injury. In other words, Amazon One is not a payment technology. this one recognise Technology, and one that can give Amazon greater access to your life than ever before.
Understandably, some experts are skeptical about Amazon’s claims of convenience, and worry about a company that becomes the controller of a new record standard on privacy. Whether it is Amazon’s use of biased facial recognition algorithms or its ambition to develop a network of home surveillance cameras, it is an organization that has proven many times that personal privacy is not always its biggest concern. Is it a good idea if Amazon knows who you are with the palm of your hand?
Let’s start by looking at technology itself, which is blessed straightforward. Palm scanning has been around for years, and although Amazon isn’t offering many details on its own implementation, it appears to be similar to the examples of technology you’ve seen before.
As the company states on its FAQ page, Amazon One Hardware confirms a user’s identity by looking at the “minute features of your palm – subcutaneous features such as lines and lines, as well as vein patterns -” . “Typically, vein scanning is performed using infrared light that penetrates the surface layers of the skin, although Amazon does not specifically mention this technology. It states that no one credits in one of their scanners One can sign up to Amazon One by inserting a card and using one or both palms. The scanner can identify someone “in seconds” without any skin contact. (A bonus during an epidemic, but using multiple contactless credit cards No cleaner or faster than.)
From a security point of view, palm scanning has some important advantages over other biometrics. First, the information being used for your identification is not easily viewable, unlike your face or ear prints. Even fingerprints can be taken from hidden objects or photographed from a distance. By comparison, it is much harder to take a picture of someone’s hand and use it to spoil the pattern of their vein.
Law and policy researcher, Elizabeth Reniris, who focuses on data governance and human rights issues, “all the other biometrics that are becoming commonplace – face, fingerprints, iris – are all quite observable and visible from the outside”. The ledge. “There is definitely something to be said for advanced security [of palm scanning]. ”
Similarly, the information collected during a palm scan makes it easy to include a linear test: to check that you have a real, living person in front of you. For these reasons, it is sometimes claimed that palm or vein identification is the most accurate and safe of all common biometrics, although statistics depend on how the technique is applied. It is also worth noting that Palm scanning is certainly not foolproof, and hackers have shown in the past that they can create fake hands that can trick other scanners.
Do you want your palm stored in a cloud?
There is another big difference between Amazon One and other biometric systems that you can use, and that is that Amazon will keep its Palm data in the cloud. People have long been concerned about such personal data collection, but it is striking that it is Amazon that is now trying to build it.
As Ruben Binons, an associate professor focusing on data protection at the University of Oxford explained The ledge, A cloud storage system built into Amazon. “It is difficult to do anything other than that in this use case [that data] In the cloud, “he says.” Whether it’s a good idea or not is another question. ”
From Amazon’s point of view, this would mean being particularly careful about how it stored and collected data. Biometric information is in a way preserved other data not covered by EU GDPR regulations and some state-level laws in the US. It is unclear, for example, how Amazon One would work with a regulation such as the Illinois Biometric Information Privacy Act (BIPA), which requires companies to obtain informed consent before collecting biometric data. (Amazon recognizes this in its copy for its palm scanning technology and states that presenting your palm in a scanner “requires a deliberate action by the customer”.)
Bins contrasts Amazon One with technology such as Apple’s Face ID, which uses facial recognition data to unlock your phone and verify payments but keep biometric data on your device. By placing data in the cloud, you are making it more accessible to hackers as well as potentially to third parties, such as governments.
But Binns insisted that Amazon One also makes the core business similar to any biometric system of authentication: do you want to create a password that is part of your body?
“The advantage is that it’s on you all the time, it’s not something you can lose, but it’s also a disadvantage because you can never replace it,” Binns says. “You can never change your palm like you change your password or other identification token.” And while it may be acceptable for high-stakes scenarios – such as using facial recognition to verify facial recognition with the government of a country at the border – Binns says it’s something like shopping Seems unsuitable for, especially when equally convenient alternatives already exist.
“It seems to me like the wrong trade-off between persistence [of data] And the level of assurance you really need for some of these use cases, ”he says.
If Amazon One is overkill for shopping, what is the company’s real end game?
It is difficult to estimate, because the Amazon forest can be kept for so many different uses. but why Will not done A company like Amazon wants to be in charge of an ID and payment infrastructure used in stores, stadiums and offices? Amazon One is only launching in a pair of the company’s Amazon Go store in Seattle, but the company is pitching the technology to anyone interested, promising that if they adopt Amazon One, They can “provide a seamless service, faster payment,” and a personalized experience to their customers. “If the service stops, you can imagine that palm verification can be included not only in shops and offices, but also in smart homes, theme parks, airports, and anywhere you have to verify who you are. Huh.
Frederick Kalayounter, a technical policy analyst and partner of the Mozilla Foundation, explains The ledge This is a possible motivation for Amazon: to fill gaps in its data empire, especially in the physical retail space. If it can better track what people are buying and spending money on, then it can target them with new products on Amazon.com.
“I have the data to go to a shop,” says Kultrunner, such a missing link. She notes that many data brokers exist that already collect information about shopping habits from things like loyalty cards, but if Amazon was able to collect that data on its own, it would cut the middle man Can. “When a company that already has so much data and knows so much about so many people enters a new industry, the question is, can the data be added?” It is said that Kalayatunar. (On the FAQ page for Amazon One, the company does not say what it wants to do with the payment data it can collect from third-party stores.)
However, for some, the concern of a service like Amazon One is more than data collection. Rainieris says that what concerns him about technology is the way it is as a person, who you physically connect to, the history of your purchases and similar transactions.
“What we have right now are things like Apple Wallet and Apple Pay and other device-based payment infrastructure,” says Renieris. “But I think, philosophically and morally, there is immense value in having the physical separation between your transactional infrastructure and your physical self – your personality and your body. As we merge the two … a lot of Rights that are based on an individual’s range are at greater risk. ”
Renaris states that from a historical point of view, privacy is based on physical locations such as your home, or your papers, or your property. But once those physical locations were blown into the digital world, as with an identity system that is irrevocably tied to your actual hands, “those rights become harder to establish and protect.”
She says, “Your physical self is actually becoming a means of transaction.”