|Amazon’s palm reading starts at the grocery store, but it could be so much bigger|
Amazon One is about identity, not payments
By James Vincent
Oct 1, 2020, 12:56pm EDT
Earlier this week, Amazon unveiled Amazon One: new technology for its Amazon Go stores that lets shoppers pay for their groceries by scanning the palm of their hand. By analyzing the shape of your hand and the unique configuration of veins under your skin, Amazon says its technology can verify your identity the same way facial recognition does.
Although Amazon One will initially be used for payments only, it’s clear the tech giant has much bigger ambitions for this hardware. In the future, it says, Amazon One could not only be used for shopping but as a replacement for tickets at music and sporting events, and as an alternative to your office keycard, letting you scan in with a swipe of your hand. In other words, Amazon One isn’t a payment technology. It’s an identity technology, and one that could give Amazon more reach into your life than ever before.
Understandably, some experts are skeptical about Amazon’s claims of convenience, and worry about a company with a spotty track record on privacy becoming the controller of a new identity standard. Whether it’s Amazon’s use of biased facial recognition algorithms or its ambitions to grow a network of home surveillance cameras, this is an organization that has proved many times that individual privacy is not always its biggest concern. Is it a good idea if Amazon knows exactly who you are from the palm of your hand?
HOW THE TECHNOLOGY WORKS
Let’s start by looking at the technology itself, which is blessedly straightforward. Palm scanning has been around for years, and although Amazon isn’t offering many details on its own implementation, it looks to be similar to examples of the tech we’ve seen before.
PALM RECOGNITION IS THOUGHT TO BE MORE SECURE THAN OTHER BIOMETRIC METHODS
As the company explains on its FAQ page, the Amazon One hardware verifies a user’s identity by looking at “the minute characteristics of your palm — both surface-area details like lines and ridges as well as subcutaneous features such as vein patterns.” Usually, vein scanning is done using infrared light that penetrates the surface layers of skin, though Amazon doesn’t mention this technology specifically. It says anyone can sign up to Amazon One by inserting a credit card into one of its scanners and registering one or both of their palms. The scanners can then identify someone “in seconds” without skin contact. (A bonus during a pandemic, but no cleaner or quicker than using many contactless credit cards.)
From a security point of view, palm scanning has some key advantages over other biometrics. First, the information being used to identify you is not easily observable, unlike your face or ear print. Even fingerprints can be picked up from touched objects or photographed from a distance. It’s much harder, by comparison, to snap a picture of someone’s hand and use that to spoof their vein patterns.
“All the other biometrics that are becoming commonplace — face, fingerprints, iris — are all quite observable and visible from the outside,” Elizabeth Renieris, a law and policy researcher who focuses on data governance and human rights issues, told The Verge. “There’s definitely something to say for the advanced security [of palm scanning].”
Similarly, the information collected during a palm scan makes it easier to incorporate a liveness test: to check that you have a real, living person in front of you. For these reasons, it’s sometimes claimed that palm or vein recognition is the most accurate and secure of all common biometrics, though the stats depend on how the tech is implemented. It’s also worth noting that palm scanning is certainly not foolproof, and hackers have shown in the past they can create fake hands that can trick some scanners.
DO YOU WANT YOUR PALM STORED IN THE CLOUD?
There’s one other big difference between Amazon One and other biometric systems you might be used to, and that’s that Amazon will be keeping its palm data in the cloud. People have long worried about this sort of personal data collection, but it’s striking that it’s Amazon that is now trying to make it happen.
As Reuben Binns, an associate professor focusing on data protection at the University of Oxford, explained to The Verge, cloud storage is inherent in the system Amazon is building. “For this kind of use case it’s difficult to do anything other than have [that data] in the cloud,” he says. “Whether that’s a good idea or not is another question.”
From Amazon’s point of view, it will mean it has to be particularly careful about how it stores and collects the data. Biometric information is protected in a way other data is not, by the EU’s GDPR regulations and by some state-level laws in the US. It’s unclear, for example, how Amazon One will work with regulation like Illinois’ Biometric Information Privacy Act (BIPA), which requires that companies get informed consent before collecting biometric data. (Amazon seems to recognize this in its copy for its palm scanning tech and says that presenting your palm to a scanner “requires an intentional action” by the customer.)
Binns contrasts Amazon One with technology like Apple’s Face ID, which uses facial recognition data to unlock your phone and verify payments but keeps the biometric data on your device. By keeping data in the cloud, you’re exposing it to hackers as well as potentially making it more accessible to interested third parties, like governments.
But Binns stresses that Amazon One also makes the same basic trade-off as any biometric system of authentication: do you want to create a password that’s part of your body?
“IT SEEMS TO ME LIKE THE WRONG TRADE OFF”
“The advantage is that it’s on you all the time, this isn’t something you can lose, but that’s also a disadvantage because you can never change it,” says Binns. “You can never change your palm like you change your password or other identification tokens.” And while this might be acceptable for high-stakes scenarios — like using facial recognition to verify who you are with a country’s government at the border — Binns says it seems inappropriate for something like shopping, especially when equally convenient alternatives already exist.
“It seems to me like the wrong trade off between persistence [of data] and the level of assurance you actually need for some of these use cases,” he says.