"privacy advocates and industry stakeholders are debating ... how shoppers should be informed about when their faces are scanned"
I don't want to be informed when my face are being scanned, in the same way that I don't want to be informed when a website is about to sell my data. What I want is for the law not to allow such things.
This. The question should be why they should be allowed to do that in the first place, so "debating" is basically what they want, since it fundamentally side-tracks the discussion. I'm usually against government supervising anything, but if anything, it should be this: why facilities that are pretty much the primary example of a "public place" in modern society should be allowed spying on people without a good reason?
I'm also against government supervision, but there's a different between supervision/regulation (checking that legal activies are indeed being conducted in a legal way), and between make some activities illegal, such as theft, killing - and yes - also spying.
I want the law to allow such things, because it is extremely useful to me as a consumer and a customer if the system can automatically identify me and attach me to my past history with the company.
This dimension of privacy is still open for debate.
Strongly disagree. While I can accept that it's supposedly valuable for you as a consumer to be "identified and attached" to a company—even though it's something that I want nothing to do do with and consider a net bad for society—the notion that whole-scale identification of persons entering a store may be an acceptable default behavior is absurd, even before considering the so-called "dimension of privacy."
As the other child comment mentioned, there are many ways to identify yourself to a store that don't require facial recognition. The YMCA for example has a system that lets users track their exercise history; there's no reason Macy's couldn't do the same for your purchases. If indiscriminate ID'ing is the default position, then you have decided that _your convenience is more important than the freedom of every other person in the store._ It should be the responsibility of the person who wants this convenience to opt in, not the responsibility of the rest of us to opt out.
The desire to not have PiD stored by anyone should be reason enough to close the debate. But if it's not, we fortunately have hundreds (thousands?) of cases of corporate consumer abuse and irresponsible data storage to point to.
Amazon has an entire grocery store experiment that utilizes this is a core element of the experience.
It seems to be getting largely positive reviews from its users.
> The desire to not have PiD stored by anyone should be reason enough to close the debate.
Why? There is an open question of societal benefit versus personal benefit regarding how PID is tracked and used, to say nothing of the actual ownership of that PID (if you walk into a store's private property and their security cameras record an image of your face while you're standing in their private property, do you own that image? Why should you? You're in their property and it was recorded with a camera they own on to media they own).
Back in the day, growing up, the storekeepers may not have known my name, but they certainly knew my parents. I didn't realize until much later that a number of them were my parents second and third cousins.
True, but facial recognition is incredibly convenient. It requires the customer to do no additional work.
As a sibling comment notes, this is how general store customer interactions used to be done. The "facial recognition" system in question was the store owner themselves.
> True, but facial recognition is incredibly convenient. It requires the customer to do no additional work.
I don't see your point. It's an ethical discussion. Is the goal is to maximize your personal convenience or is the goal is to maximize ethics, while still allowing your extreme convenience?
> As a sibling comment notes, this is how general store customer interactions used to be done. The "facial recognition" system in question was the store owner themselves.
I disagree with the statement in general, but rather than dissecting it, I'll point out that the issue is "spying", not the particular action of recognizing your face.
Positioning "maximize your personal convenience" vs "maximize ethics" begs the question of whether the two are opposed. I don't think they are because I don't think it's unethical for a company to use facial recognition (as the OP seems to assume).
There's already many services that exist for accessing databases of personal data, it's just a matter of combining them into some sort of mesh to really tip the scales to the extreme.
With facial recognition being able to query a face against a number of databases, and payment information able to be queried as well, it just takes a matter of some SaaS subscriptions to be able to know someone's: name, address, email/phone/social media, wealth, education, employment history, what they look like, where they go, who they associate with, when they go places, what they buy/own, etc, etc.
It's like having a stalker behind your back all the time letting subscribers know someone's life history in exchange for trying to extract as much money and value out of person as possible until they are completely used up.
We might as well just back to feudal society and slavery because the game may be different but the motivations are the same.
Maybe it's time to run an e-commerce marketplace with no tracking, no "personalization" of anything, no ads, no marketing emails, non of that bullshit.
With a focus on quality, peace of mind, and best value for money products, focus on minimizing SEO plays and fake reviews.
The infrastructure exist and is rentable from many(although a bit pricy).
Maybe all of those, together, would offer enough value to enough people to make prices reasonable.
Good luck. We may constantly decry the erosion of privacy on HN, but I guarantee you that the populace at large (like 95%+), even if they may sometimes complain about a lack of privacy, also generally really like the stuff that personalization provides. People (again, the vast populace at large) make their purchasing decisions based on things like price and perceived quality; privacy considerations are a distant follow up. Why do you think the ad-supported web is the dominant model in the first place? Because to most users it feels like "free", because the stuff they're giving up (like privacy and the cost of advertising baked into things they buy) isn't readily apparent.
Privacy is a concern that really doesn't matter much, until it does. For other concerns like this it seems like regulation is the only thing that works. For example, insurance companies are highly regulated because the default risk of an insurer is something so amorphous for the average consumer to determine that it's basically impossible for them to judge on their own. So that's when government steps in and says there are basic standards an insurance company must adhere to to operate at an acceptable level of risk. I feel like that's the same for privacy. The average user isn't really able to comprehend, or value, the gradual long term effects of privacy erosion, so that's where the government steps in to demand all players must have basic standards.
> Because to most users it feels like "free", because the stuff they're giving up (like privacy and the cost of advertising baked into things they buy) isn't readily apparent.
This is currently because the internet treats data collection as an "opt-out" feature, if you're even allowed to do that. Changing the law so that it is "opt in", and via a mechanism that is clear to a layman, might significantly change that for people. Wasn't that the point of GDPR, anyways?
People actually hate robocalls and unsolicited texts, because they are an inconvenience.
Cookie tracking is transparent and doesn't bother most of the populace; In fact, what bothers them is being annoyed by nagging cookie tracking notifications.
As a merchant in general, an e-commerce site is also responsible for mitigating fraud. Too much online anonymity can compromise their ability to comply with the law and to protect themselves from money-losing scams.
Would those databases also have the option to trace the data back to the origins of that data?
It wouldn't solve the privacy issue but I think if companies are compelled to hold a record from whom they purchased/obtained data, it would help. It would help to determine if the originator had informed consent to share it and also if that included every company in the chain.
Currently if a company 'loses' their data then people who never even interacted with this company gets their data exposed without them knowing. If you're dealing with personal data, why not keep a record how, where and when you obtained it from?
I think I did hear brick-and-mortar stores complaining recently about having too many customers, and wondering whether there was something else they could do, something they hadn't thought of yet, to annoy and anger customers, maybe add a little friction to keep them from walking in the door. /irony
No but, ever since "the Schneier piece" [0] I've been thinking differently about this whole issue. It's about identifying you, and well, the store already knows exactly who you are as soon as you use your credit card. So does Amazon.com of course, though ironically they might not have an image of your face.
If you were going to that physical store and planning to use cash (or shoplift), THEN this affects you. Although even without "AI," you would still get captured on security cameras. So if your presence there became a matter of interest - let's say for example, to corroborate or debunk your alibi for a more serious crime elsewhere - someone would invest the time to identify your face the old-fashioned way. Like probably a subordinate of the senior detective on the case, watching hours of camera footage looking for you.
You can see how it was a series of small, slow, incremental steps, each one not necessarily big enough to create an uproar, that got us here.
I work on identity resolution problems among other data challenges at a big retailer. We get very few details when a credit card is used in-store -- pretty much just the basic card info. We don't own the payment networks and a variety of legal and business reasons prevent us from doing what may seem to be possible to get an individual's data based on a card number (from the networks themselves or other data brokers). What's possible is mostly limited to what you can do with the name on the card and store location. We've invested significantly in the problem and the answers are a patchwork of guesses.
There's an interesting related issue here for brick & mortar businesses with CCPA and GDPR in effect: you can do some useful analytics, personalization, and fraud prevention work with probabilistic identity info, but if someone verifies they actually are Person X and wants to download or delete whatever data you have on them, what can you confidently say is actually their data?
Will companies be held to different standards based on how much money they've invested and success they've had in identity resolution, in which case this might be a factor dissuading them from doing more identification and personalization? Or if they haven't invested millions in trying to figure out who people are, but it's possible to do so, are they liable for some kind of misconduct if they don't produce all the data they have that could have been tied together for that person? Is the choice binary, i.e. either invest big in identity resolution and take it as far as possible (with parallel governance investment) or de-identify everything you can? A privacy advocate might think on first pass that it's as simple as choosing the latter, but that's mostly not possible due to requirements we face related to other regulation and business realities: fraud, anti-money laundering, age-related laws, shoplifting, intense competition in a razor thin margin industry, etc.
What do you do? Start growing all of your vegetables in your backyard, and order what you must with a fake identity from behind a proxy online?
I was going to question if we'd reached the point where it is not only impossible to avoid handing over intimate identifiable data, but necessary to participate in society - and I realized that we probably passed that threshold a few years ago, although this does make things seemingly worse.
I wonder how long before they'll ban adversarial masks or hats in the name of safety or some other such nonsense...
In all seriousness, it does open a business opportunity to create proxies to do your shopping for you, essentially hiding your identity through third parties. I don't think that's the real solution. We need to legislate these issues.
Years ago these were clearly possible options. It's only a matter of time before we start to see dynamic pricing based on identity as well. Consumers need to stop allowing these practices to happen. Spend more and shop at smaller shops if you have to. Elect people who will stop letting corporate greed interests take over at the detriment of our shared society and living conditions.
The irony os that it does not prevent theft or how do you know i does? “Please check the box if you where thinking in stealing this item” someone that never stole before or was never caught might steal anyway and someone who stole before and you prevent him/ her from entering might mean a lost sale or customer.
"I wonder how long before they'll ban adversarial masks or hats in the name of safety or some other such nonsense..."
In the US it's long been illegal to wear masks in public. From what I understand, this was done as a response to KKK members wearing masks to intimidate their victims and hide their identity.
However, I've personally never seen or heard of the anti-mask laws enforced, and I see Asian people wearing surgical masks in public relatively often, without any legal consequence that I'm aware of. People wearing masks on Halloween also seems to be not only tolerated but encouraged. And, while concern about the Wuhan coronavirus lasts, I expect to see a lot more masks worn in public.
Of course there are certain locations like banks, jewellery stores, courthouses and other government buildings, where wearing a mask probably won't be looked upon too kindly.
Actually, it's not clear to what extent such laws are constitutional in the US (https://en.wikipedia.org/wiki/Anti-mask_law#United_States). Anonymous speech (among other things) is very clearly protected, but threats of violence obviously aren't.
If challenged, I wonder if arguing that the mask was your way of expressing your wish not to be tracked would be successful. Of course this is all irrelevant since it likely won't be law enforcement you have to contend with - presumably businesses that cared would simply refuse entry to those with face coverings.
Surgical masks you can probably get away with, particularly if there is wildfire smoke in the region or a disease scare. In very cold weather regions you might be able to get away with a scarf covering your lower face.
Walking into a store with other sorts mask on in America runs a not insignificant chance of getting you shot, or at least held at gunpoint. But more importantly, you'd be traumatizing everybody else in the store. When somebody walks into a store with a mask on, more people expect 'robber' than 'privacy enthusiast'.
I've been telling myself to pay with cash more often, primarily because I think it's crazy that a finance company gets 3%-5% of every purchase using a CC. Obviously some of that covers overhead, but it's mostly a mafia style shake-down that society is blindly accepting as a matter of convenience. Stores linking facial recognition with CC details is just extra motivation for me.
I'm not a huge fan of the current state of affairs wrt privacy, but... aren't credit cards also a form of insurance for all involved? The consumer avoids carrying potentially large quantities of cash, and the business reduces their risk of exposure to theft of various forms.
Ok then how about if people went back to writing checks? Eliminates both of those issues without the additional finance charges. That would however provide personal information to the retailer, unless the check was somehow de-identified (like an on-demand money order or something). Also, in my opinion I'd think that businesses would prefer to make more money if the only downside is figuring out how to manage physical cash in the registers.
Privacy preserving electronic transfers of some sort would be amazing (not Bitcoin, I mean in native currency and via my bank). I'm not really sure what that would look like in practice though - neither the bank nor the retailer is likely to want to give up their data streams at this point, and money laundering regulations will result in a strict upper bound on privacy regardless.
I'm assuming there would be costs for the bank once you get into electronic transfers. (or did we just think of the next unicorn payment startup idea??) As a simpler solution, what if banks offered checks that didn't have any identifiable info on them and didn't require a signature, etc. And instead of account/routing number it have a hex value that is decrypted by the bank?
Most neighborhoods aren't so dangerous that carrying around $100 or so in cash to pay for groceries is a significant risk. Nor are most people ever going to chargeback a grocery store purchase.
For some sorts of purchases, particularly larger purchases, the benefits of a credit card become more important. But for most casual day to day purchases? Not so much in my opinion.
Primarily: walking around with $50,000 of cash makes me feel a lot more nervous than walking around with $100. There are other ways of paying for things than credit cards or cash of course. My point is mostly just that I understand cash isn't necessarily ideal for all circumstances.
Yeah that's way more than what I thought you initially meant. I recently bought a car and the max I could pay with a given payment source was $7,500. So even if I wanted to pay cash for the whole thing they apparently wouldn't have allowed it. I guess they wanted to spread out their risk. A place that allows a $50k all cash payment might actually be somewhat hard to find.
My main point is that the finance companies don't provide enough value to warrant a % of every dollar I spend. Not to mention that the % is most likely already baked into the price of everything I buy, so that charge is actually being paid by me the consumer, rather than by the retailer. I don't think there's ever been a time throughout history where finance companies have been paid on so many separate occasions throughout a single product purchase lifecycle: e.g. finance charges trickled throughout the supply chain before it arrives at the retailer, finance charges paid to/from retailer vendors, the % collected being discussed here, the extra % charged if the purchaser doesn't pay their CC bill on time, etc. The best and easiest way to begin taking power away from these companies is to simply start paying cash at all times, especially for the more expensive items considering they charge a percentage. Then switch to paying with personal check once your cash-holding-amount discomfort exceeds your retailers-will-have-my-personal-info-and-might-use-facial-recognition discomfort.
Most CCs will automatically give you an extended warranty, price protection, return protection, accidental damage protection, etc. So, there definitely are some useful benefits that go along with giving up some anonymity when it comes to larger purchases.
First ask them why they need this system. If it's reasonable then implement rules and laws so it can only be used for this specific purpose.
If the reason for installing it is to prevent theft then they shouldn't have any problems with rules limiting them to this one specific usage and a fine if they used it for anything else (eg. marketing).
We can also make up rules where it is acceptable to use it for marketing (informed consent being the bare minimum).
These things, like face recognition of customers, have a tendency of spinning out of control. They say they originally used it for purpose X but because they have the data... Why not use it for purpose Y and Z?
When ordering the fake ID, you'd need some kind of method that allowed the buyer to remain anonymous - I guess there are a few crypo currencies that fit the bill.
You'd also need to get the fake ID delivered somewhere other than your home, so it couldn't be trivially tied back to you.
Six years ago I interviewed at a company that was working on this technology. My background was in image processing and segmentation. I knew someone else would work on it if I didn’t but I still couldn’t sleep with myself at night working for a company whose monetization depends on data mining people. It deeply saddens me that even this shopping mall where I’m currently posting from, tracked customers secretly and got busted with a bit of luck. Eventually they will win. :(
It's a funny thing. You hear on HN constantly that everyone's backend is a mess, that the SQL tables are incomprehensible, the AWS server has crashed again. Surely these scummy companies must be in the same state?
Loss/theft prevention is a priority for retail adoption of FR, but the cherry on top is the creation of real world consumer tracking that every website gets "for free" due to their web platform, which until FR had no equivalent in the real world. With an FR enhanced retail location, the store knows your face visited just as a web site knows your IP address visited. This will overlay a tracking capability on the real world with as much capacity as the out of control tracking of people online. For this key reason, we need regulation to prevent the sharing of any and all personal data between organizations. Wrong identification and junk/incorrect/false data in retail/non-authoritative databases must never be combined to create an uber-database of dirty data we get impressed as "official".
Yet somehow there are twice as many Amazon Go stores in Illinois than in California [1]. And biometric-based time-tracking for hourly employees is extremely common. It's because the Illinois law doesn't prohibit biometric collection and use, it prohibits collection and use without explicit permission of each individual person involved.
PS - Illinois also prohibits discrimination against employees that do not consent to biometric-based tracking and thus all of the systems for sale in Illinois have traditional methods that can be used at all times.
Someone else may have purchased the items. Eventually. Or it may have spoiled and been thrown out for perishables. Or it may have been sold on sale. Or it may have not sold at all before being destroyed or liquidated.
Lots of maybes there. A sale at sticker price can't be assumed just because the product exists in a store. Had the story used the cost of the item, not imagined sales, I wouldn't have brought it up.
Also since we're talking physical products, in cases where the stolen good would've spoiled/been thrown out/destroyed, theft actually makes money for the store by freeing up shelf space.
Um, no. They might have just sat on the shelf. The whole reason stores have sales is to get rid of merchandise that isn't moving at the price they hoped it would.
I think it's fair to assume that people mostly steal desirable things. It seems unlikely that thieves are by and large stealing things no one wants to buy.
Even if it is not lost sales, there's obviously an increased cost associated with breakage in that you have to buy new goods at the wholesale price to replace the ones that were stolen. Grocery stores, for example, have gross margins of about 10-15%, so even if "lost sales" is not entirely accurate, it's close enough that it's not going to severely misrepresent the size of the problem. Perhaps in the case of a luxury goods shop where the gross margins are 50%+ this is not the case.
I was going to complain about "consent" being removed from the headline, but the consent model for this is all wrong anyway.
Even if you had to sign a EULA when you entered the store, there's no way to meaningfully consent to submitting your biometric data into a legally unlimited universe of analysis, cross-referencing, marketing, credit reporting, law enforcement, and whatever else ingenious minds can invent. This just isn't a consent problem. It's a regulatory problem.
Under a proper regulatory regime, you shouldn't need to consent to a computer recognizing your face any more than you should for an employee to recognize your face, because the laws constrain what the computer can do with that recognition, and you can reasonably expect those limits to be in line with what the employee could do.
TBH, casinos are not brick and mortar shops.
When you go into an establishment that attracts troublemakers(casinos, night clubs, etc.) you expect the security-privacy balance to tip towards the former as that's the easiest way to keep out scammers and troublemakers.
Ten years ago I thought there would be a cultural shift towards wearable spy technology. Now I wonder if there will be a shift towards developing anonymous masks worn as part of a cultural norm.
It's illegal in Denmark to have your face covered. There are a few exceptions, but I don't think "I don't want my face identified" would fly. It seems to go directly against the intention of the law: https://apnews.com/9e5f787cdcc94c0c83210dbf275b715f/Danish-b...
soon, masks won't be enough... they will have x-ray-like methods to see you naked at all times (like they already have at airports). Who is going to wear a mask 24/7 anyways?
This has been going on for more than five years in California; Target and Chipotle are rumored early adopters. Individual vendors are supplying and installing the setup into corporate chain retail locations, creating "jobs".
This has got to be a US thing, as this would almost certainly be illegal under the GDPR.
Facial recognition is processing of biometric data, which belong to the "special categories of personal data", which are protected under Article 9 GDPR [1].
Customers would need to give explicit consent to this.
Contrast this with normal security cameras, which don't use biometric data: these do not necessarily require consent. For example, security cameras filming a cashier's desk are usually lawful because of legitimate interests (see Article (6)(1)(f) [2]).
But legitimate interests don't work with Article 9 data.
I like how the gif showing the shoppers they should "observe" as being a risk is of two burn out looking dudes. A total stereotype. It begs the question are these type of stereotypes baked into the FaceFirst software?
The other image of a violent offender is more along the Ted Bundy type. Less a victim of traditional bias but a total serial killer stereotype - white, inconspicuous male.
It's usually a slippery slope with these kinds of biases being perpetuated at the software design level - "stoner" types, minorities, and other marginalized groups often getting the short end of the stick.
I understand retail wanting to reduce shrinkage (the term for stock loss via theft). I guess that's one concern as a whole, how is it ethically being handled?
I live in Texas, and I've seen awkward moments at dinner parties where pro-gun people say the government must not ever have a registry of owners or civilization will collapse. I bet that the next day, to let off a little steam, they bought bullets on their iPhone and had Google maps take them to the range...
This is not a case of consistent logic through ignorance. The same friends who will literally go out guns blazing before letting law enforcement take their AR15, believe Snowden was a traitor and the intelligence agencies would never abuse their power ¯\_(ツ)_/¯
"Willingly" might be overstating things - Google is expert at misleading privacy notifications, and just like they wouldn't expect the local baker to keep logs of what they buy and when, and sell them to data collectors, maybe they have a naive idea that buying something on their phone is similar. They're just not aware how deeply hostile and backstabbing the entities they're dealing with are - like most humans, they're adapted to dealing with neighbors and people they know, not amoral international conglomerates.
"The cascade of reports following the June 2013 government surveillance revelations by NSA contractor Edward Snowden have brought new attention to debates about how best to preserve Americans’ privacy in the digital age."
Unfortunately time-series data on perceptions and sentiments is difficult to find. But the very fact we're discussing this on the grounds of it being or not being an Edward Snowden-related awareness speaks to Snowden's impact. As does the the fact that the matter hasn't been considered notable enough to warrant tracking over time as part of a sentiment study.
Writing as someone who has been long aware of the issue, well before Snowden. But who has also noted that the nature and tenor of discussions with others since has changed markedly.
There's still commercial products that will track your wifi/bluetooth MAC, and probably ISMI as well. You're not preventing this sort of thing with that sort of behavior and just making things awkward for yourself. If I can find the home addresses of people walking past my house using reverse lookups of ESSID probes, you can be damn sure that everybody else is doing it too.
When your device is trying to find networks its seen previously, it for some reason broadcasts the ESSID, the human readable name of the networks it knows about. A lot of these are globally unique, as many routers come with a default name which is based on their MAC address.
You walk past my house, I see you have connected to direct-roku-845-7e16d8. Great! I can go do a reverse lookup of that (say, based on information collected by SkyHooks or WiGLE), and I now know that you've at least authenticated to a network in downtown SF one time.
With a good sampling of these (many pieces of software send the last 4+ networks), I can get an idea of where you live, where you work, and where you've traveled. From your device details I can tell what brand of device you have, from the times of day I see you I can work out what your patterns and behaviors are, from your bluetooth connections I can get an idea of what sort of devices you own. I can even match this with real time video and directional antennas to match this with a picture of your face.
This is all things that an individual can do right now with off the shelf software, not something you need to be a company or a government agency to pull off. This is absolutely receive only, and does not interact with anybodies devices in any way. It is not illegal and you can not detect that someone is doing this sort of attack. Your only defense against this is to have as bland and as generic of a wifi point name as possible.
So if someone starts getting misidentified, or is erroneously put into a database somewhere and passed down the data brokerage systems, who does one petition to be removed? With the government, you (usually) know where the data is. With private databases, who knows where it starts and ends?
And once all major stores link up and you get banned from everything, how do you survive once you can't buy anything anymore?
Minority Report movie predicted eye iris identification. 25 years ago irises were thought to result in fewer false positive matches than facial parameters, but the latter has improved since then. A problem with iris identification is building a large database. Face images are collected by the government. DNA is collected by police and ancestry companies. Not so much for irises.
High quality selfies might be sufficient to build a database. But since faces are larger features that don't need close-ups they're commercially more useful.
At 2019 SIGGRAPH a Chinese software company was creating free unique 3D avatar characters for whomever voluntarily stopped at their booth. They probably archived your face photo and badge ID for future research and other database uses(!!!). Other booths could probably collect face and badge from walkerbys, but not of the quality of someone who voluntarily submitted to their pictures taken. I realized this shortly after getting my avatar (-:
Anyone remember the movie Minority Report? Specifically the part where he walks into a store and the sign recognizes him and shows him a targeted ad for an item in the store?
I feel like that use of facial recognition would have a far greater ROI than loss prevention.
We can name and shame companies who use facial recognition tech. If the bad pr outweighs the benefits then they will abandon them. The challenge is to educate the general public about the dangers of it.
I don't want to be informed when my face are being scanned, in the same way that I don't want to be informed when a website is about to sell my data. What I want is for the law not to allow such things.