Topline
Amazon announced Thursday the launch of an app allowing users to easily sign up for Amazon One, its palm recognition service that has reached increasingly more retail locations in recent years and raised concerns from digital privacy experts.
Key Facts
The new app lets users sign up for Amazon One through their phones instead of having to visit a physical location to do so, requiring them to take photos of their palms for enrollment.
Amazon One uses palms and their underlying vein structure to create a palm signature, which is created with the help of generative AI and verified by Amazon One scanners for things like retail purchases, age verification, entry and more.
Amazon One scanners, once limited to Amazon stores, can now also be found in hundreds of Whole Foods locations, some Panera Bread stores and third-party locations including stadiums, airports and fitness centers.
Palm and vein images are encrypted and sent to the Amazon Web Service cloud, which Amazon says is “highly restricted to select AWS employees with specialized expertise.”
Albert Cahn, founder of the digital privacy advocacy Surveillance Technology Oversight Project, told Bloomberg he was skeptical of the trade-off between the convenience of biometric-based services and the user data required to run them, saying he didn’t understand how it will be “better, or easier,” to submit government IDs and biometrics to private companies when customers can just take their ID out of their wallets when needed during transactions.
Evan Greer, a director at Fight for the Future, also a digital privacy advocacy group, told CNBC that, most of the time, people shouldn’t entrust their data to private corporations, citing tech companies’ “terrible track record” of keeping personal information secure.
Contra
Amazon has said users’ Amazon One palm signature can’t be replicated to impersonate them and noted the palm’s unique characteristics including creases, friction ridges, and underlying veins. The company has also implemented the ability to recognize the difference between a real live palm and a replica with liveness detection, citing tests in which 1,000 silicone and 3D printed palms were rejected by Amazon One.
Big Number
100 times. In a blog post, that’s how much more accurate Amazon said palm identification is than scanning two irises, and claimed that after millions of uses of the feature, it hasn’t had one false positive.
Tangent
Amazon One users in California can unenroll from the service and have their personal information deleted under the California Consumer Privacy Act. Users can also delete their Amazon One IDs and check to see if any of their data has been retained through a data access request.
Key Background
Amazon has been scrutinized for how it uses users’ personal information. One notable instance happened last year, when the tech giant forked over more than $30 million to the Federal Trade Commission to settle two separate lawsuits over privacy concerns. One lawsuit, settled for $5.8 million, alleged Amazon-owned smart doorbell company Ring didn’t notify customers or obtain permission from them before allowing “thousands of employees and contractors” to watch recordings of customers’ private spaces. The other lawsuit alleged the company procured and retained thousands of children’s voice and geolocation data through Alexa, Amazon’s virtual assistant product, giving the company “valuable” data to train its algorithms “at the expense of children’s privacy,” according to the FTC. Amazon denied wrongdoing in the lawsuits and told Forbes that Ring addressed the privacy issues on its own years ago.
Further Reading
Amazon Wants You to Pay With Your Palm. It’s a Sneak Attack on Apple and Google. (Wall Street Journal)
Amazon’s palm reading starts at the grocery store, but it could be so much bigger (The Verge)
