Why Facial Recognition at the Checkout is a Little Creepy

Why Trust Techopedia

Facial recognition is everywhere, from unlocking our constant smartphone companions to boarding a flight in the U.S.

Although many of us are comfortable using this technology to authorize a payment from our phones, paying for items using our faces at a checkout in a shopping mall or supermarket starts to seem creepy.

Over a decade ago, Techopedia warned that online privacy was disappearing for good. Fast-forward to the present day, and facial recognition has entered the mainstream.

It is time to re-examine privacy vs. convenience tradeoffs and try to determine whether facial recognition at the checkout is cool — or a bit too Black Mirror.

Key Takeaways

  • Facial recognition technology is becoming ubiquitous, from unlocking smartphones to airport check-ins.
  • Using facial recognition for payments in retail settings seems convenient — but we are ignoring the privacy factor.
  • Incidents of unconsented facial recognition, such as those at the University of Waterloo and Cadillac Fairview malls, highlight privacy invasion risks.
  • High-profile data breaches underscore the need for data security before adopting biometric technologies widely in retail.

Facial Recognition in Retail

Nobody thought to ask too many questions when smart vending machines were installed at the University of Waterloo in Canada.

However, when a student went to pick up a pack of M&Ms, a facial recognition error message on the screen revealed that facial analysis software was used to gather information from students, such as age and gender.

Advertisements

Students tracked the vending machines back to a Swiss company called Invenda, which referred to its technology as facial analysis rather than facial recognition.

But the “Invenda.Vending.FacialRecognition.App.exe — Application Error” message went viral for all the wrong reasons.

The absence of signs warning users that facial recognition was being used or any request for consent sparked a debate about third-party surveillance and encroachment of facial recognition.

After the news story went viral on Reddit, the university covered the cameras with tape, disabled the software, and vowed to remove all 29 vending machines.

For what it’s worth, Invenda, is adamant it is not using facial recognition software, simply ‘people detection’ along with approximate demographic attributes.

However, it’s not the only case where a hedging of wording or lack of warning leads to a camera in your face without warning.

Millions of Shoppers Unknowingly Captured by Mall Facial Recognition

Cadillac Fairview embedded cameras at 12 shopping malls across Canada four years ago. An investigation later found that it had used facial recognition and captured 5 million shoppers’ images without its customers’ knowledge or consent.

The investigation found that the facial recognition software was capturing data such as the estimated age and gender of every shopper. Although the images were deleted, the investigation revealed that a third party stored biometric information generated from the pictures in a centralized database.

Although Cadillac Fairview claimed to be unaware that the third party was storing information, this put them in a tight spot. Ultimately, the company is responsible for determining if it can access this data, so this raised questions about what would happen if somebody sold the data to another third party or leaked it in a data breach.

Data Security Concerns Mount as High-Profile Breaches Continue

Once data is captured, we should be at least be able to trust that the company doing the capturing will handle the data safely.

But another year of data disasters proces otherwise.

In June, Ticketmaster confirmed a data breach impacting 560 million users. Unfortunately, this was also followed by news that AT&T’s cellular customers learned that their phone call and text message records had been compromised, yet another example of big corporations losing our personal data.

In addition, a biometrics system used by banks and the UK police also suffered a breach. These incidents highlight the risks of trusting organizations with sensitive biometric data when the impact of a breach would be much greater.

Before moving fast and breaking things, there needs to be increased trust in corporations’ ability to secure all data before we even consider adding biometric data to the mix.

Face Value and The Privacy Debate Surrounding Retail Facial Recognition

Privacy advocates have raised concerns about the slightly coercive nature of facial recognition in some stores. There is an illusion of choice when you arrive at a checkout and expect to automatically agree to use your face for payment or security features.

A privacy lawsuit against big players, including Amazon and Starbucks, accused big tech of profiting by sharing biometric data with third-party partners. The fightback ended abruptly after the court case was thrown out.

But the court’s decision did not slow down the increasing discomfort with facial recognition being used in stores.

Many view the technology as surveillance and an unnecessary invasion of privacy. Although it’s used for payments today, many wonder if it could evolve into tracking customer behavior, targeting ads, or even discriminating based on personal characteristics like race and age.

We already accept that every swipe and click online creates a deluge of data about our online habits. However, bringing this tracking to the physical world could lead to continuous monitoring and give the green light to use our data beyond payments.

The Complexities of In-Store Facial Recognition

The speed and convenience of facial recognition have many potential benefits, especially for tasks like verifying age for alcohol purchases or expediting checkouts. Biometric systems can also enhance store security and efficiency by quickly identifying individuals on trespass lists or preventing shoplifting.

A network of cameras in every store that talk to each other and identify known shoplifters or banned shoppers might initially sound like a good idea. But there are concerns about the accuracy and oversight this technology could have in neighborhoods.

When asked about the rising number of cameras watching your every move, you might say, “Hey, if you have nothing to hide, you have nothing to fear.”

But that argument could quickly come crashing down if you are misidentified as a shoplifter, accused of a crime you didn’t commit, or become a person of interest.

There are also many practical concerns about the technology’s accuracy, especially when a person’s appearance changes. In an age where hair transplants, cosmetic treatments, and a new Hollywood smile are just a short flight away, using facial recognition technologies for everyday transactions is much more complex than you might think.

Using your face to complete a speedy transaction could be considered an upgrade to the retail experience, similar to the one-click baskets when shopping online.

But when you look at the tech behind the scenes that makes it all possible, your excitement might turn to fear. For example, headlines about facial recognition being used more in poor areas are a long way from the seamless shop-and-go dream that we are being sold.

The Bottom Line

Although every retailer will set out with honourable intentions, we cannot afford to ignore how high-profile data breaches have become the norm. We must thoroughly understand the risks of privacy invasion, data security, potential misuse, and ethical implications of any form of biometrics in retail.

Walking around in a surveillance-heavy society that feels like a permanent police line-up and hearing the news that your biometric data has just been leaked online could be much closer than you think. When convenience costs your privacy, the real question is, who truly benefits?

References

  1. hey so why do the stupid m&m machines have facial recognition? (Reddit)
  2. Vending machines spying on you? Privacy office opens files (Therecord)
  3. News release: Cadillac Fairview collected 5 million shoppers’ images – Office of the Privacy Commissioner of Canada (Priv.gc)
  4. Susan Krashinsky Robertson on X (X)
  5. Ticketmaster confirms data breach impacting 560 million customers?(Securityaffairs)
  6. Report: Data Breach in Biometric Security Platform Affecting Millions of Users (Vpnmentor)
  7. Biometric data privacy lawsuit against Amazon, Starbucks mostly thrown out (Biometricupdate)
  8. ‘I was misidentified as shoplifter by facial recognition tech’ – BBC News (Bbc.co)
  9. Facial recognition cameras in supermarkets ‘targeted at poor areas’ in England (Theguardian)
Advertisements

Related Reading

Related Terms

Advertisements
Neil C. Hughes
Senior Technology Writer
Neil C. Hughes
Senior Technology Writer

Neil is a freelance tech journalist with 20 years of experience in IT. He’s the host of the popular Tech Talks Daily Podcast, picking up a LinkedIn Top Voice for his influential insights in tech. Apart from Techopedia, his work can be found on INC, TNW, TechHQ, and Cybernews. Neil's favorite things in life range from wandering the tech conference show floors from Arizona to Armenia to enjoying a 5-day digital detox at Glastonbury Festival and supporting Derby County.? He believes technology works best when it brings people together.

',a='';if(l){t=t.replace('data-lazy-','');t=t.replace('loading="lazy"','');t=t.replace(/