US senators query Amazon over security of biometric data from Amazon One palm-scanning system, and how company plans to use the data
A group of US senators has expressed concern to Amazon over palm-recognition technology the company began rolling out in its Whole Foods supermarkets earlier this year, questioning the security of the biometric data involved and how the information is to be used.
The group includes Amy Klobuchar, who chairs the Senate Judiciary Committee’s antitrust panel, as well as Senators Bill Cassidy and Jon Ossoff.
Amazon announced the Amazon One palm-scanning programme last year and began rolling out palm-print scanners in Seattle-area Whole Foods stores in April, allowing users to link a credit card to their palm print.
The system is also used in Amazon Go convenience and grocery stores, Amazon Books bookshops and Amazon 4-Star physical stores.
The senators noted that systems from Apple or Samsung typically store biometric data on a smartphone, while Amazon’s information is to be stored online.
“In contrast with biometric systems like Apple’s Face ID and Touch ID or Samsung Pass, which store biometric information on a user’s device, Amazon One reportedly uploads biometric information to the cloud, raising unique security risks,” the senators wrote in an open letter addressed to new Amazon chief executive Andy Jassy.
“Data security is particularly important when it comes to immutable customer data, like palm prints.”
The senators asked whether Amazon plans to link the data to facial-recognition systems and whether the information collected would be used to target ads.
“Amazon’s expansion of biometric data collection through Amazon One raises serious questions about Amazon’s plans for this data and its respect for user privacy, including about how Amazon may use the data for advertising and tracking purposes,” the senators wrote.
Amazon attracted criticism from civil rights campaigners over facial recognition software called Rekognition that it provided to US law enforcement agencies before instituting a moratorium for policing applications last year.
The senators cited concerns that Amazon may have previously violated privacy laws and that it could use the system to “further cement its competitive power”.
“Our concerns about user privacy are heightened by evidence that Amazon shared voice data with third-party contractors and allegations that Amazon has violated biometric privacy laws,” they wrote.
“We are also concerned that Amazon may use data from Amazon One, including data from third-party customers that may purchase and use Amazon One devices, to further cement its competitive power and suppress competition across various markets.”
They asked about plans to expand Amazon One, to whom the system had been sold or licensed and how many people had signed up for it.
Amazon declined to comment but pointed to a blog post dated 21 April in which it said it was in “active discussions with several potential customers”.
The post said Amazon One was designed to be “highly secure”.
“Palm images are never stored on the Amazon One device. Rather, the images are encrypted and sent to a highly secure area we custom-built for Amazon One in the cloud,” the post said.