What Kmart and Bunnings’ controversial crackdown could mean for you #Kmart #Bunnings #controversial #crackdown Welcome to Lopoid
Once the purview of law enforcement and intelligence agencies, facial recognition is now being used to identify consumers in Australian stores.
If you’ve seen the movie Minority Report, you’ll remember how Tom Cruise’s character John Anderton is identified through iris recognition to perform his duties, and later tracked with it when he’s a wanted man. When he replaces his eyes to evade identification, Anderton is bombarded with advertisements targeting his new assumed identity.
This once-futuristic idea from a movie could soon be a reality in our lives. An investigative report published by consumer magazine Choice reveals three major retailers (out of 25 queried), Kmart, Bunnings and The Good Guys, have admitted using facial recognition technology on customers for “loss prevention”.
The companies say they advise consumers of the use of the technology as a condition of entry. But do consumers really know what this entails, and how or where their images could be used or stored?
What is facial recognition and why do we care?
We’ve grown accustomed to our phones and cameras using facial detection software to put our faces into focus. But facial recognition technology takes this a step further by matching our unique identifying information to a stored digital image.
Facial recognition has come a long way. It was initially used in 2001 to identify relationships between gamblers and employees in Las Vegas casinos, where there was suspected collusion.
The signage has triggered backlash this week. Source: Choice
Currently, software such as Clearview AI and PimEyes are being used in highly sophisticated ways, including by Ukrainian and Russian forces to identify combatants in Ukraine.
But what is this technology doing in Bunnings?
As with its early use in casinos, Kmart, Bunnings and The Good Guys told Choice their facial recognition software is used for “loss prevention”.
Images captured on store surveillance devices and body cameras could be used to identify in-store individuals engaged in theft, or other criminal activities. Real-time identification could allow law enforcement to quickly identify shoppers with unpaid tickets, outstanding warrants, or existing criminal complaints.
Bunnings chief operating officer Simon McDowell told SBS News the technology was used “solely to keep team and customers safe and prevent unlawful activity in our stores”. Both The Good Guys and Kmart told news outlets they were using it for the same reasons, in a select number of stores – and that customers were notified through signage.
Bunnings is also using the technology at their stores. Source: Getty
Choice confirmed there were some signs disclosing use of the technology – but reported these signs were small and would be missed by most shoppers.
The news has stoked shoppers’ fears of how their image data may be used. As in Minority Report, images captured in a store could theoretically be used for targeted advertising and to “enhance” the shopping experience.
It’s likely images and video collected through standard in-store surveillance are either matched immediately against a remote database using specialised facial recognition software, or analysed against a database of tagged and catalogued images later on. Ideally, the images would be encoded and stored in a file that’s readable only by the algorithm specific to the device or software processor.
Potential for misuse
We have also seen companies correlate our social media profiles and our other online experiences across various websites. Australian stores employing facial recognition could use collected information internally to track:
the number of visits by a person
the times of those visits
pattern or behavioural analysis (such as a consumer’s reaction to pricing or signage) and
associations with other shoppers (such as friends, family and anyone else with them).
Retailers could also use this identity data to extract information from social media, where most people have images of themselves uploaded. They could then perform risk analysis based on the credit and financial reporting access of that specific shopper.
Externally, the images and associated consumer information could be merged with financial, economic, social and political data already collected by commercial data aggregators – adding to the already massive data aggregation market.
Current Australian privacy laws require retailers to disclose what data are being collected, retained and protected, as well as how it might be used outside of a loss prevention model.
A Bunnings spokesperson told The Guardian the technology was being used in line with the Australian Privacy Act. Choice has reached out to the Office of the Australian Information Commissioner to determine whether the use of the technology is indeed consistent with the Privacy Act.
What to do?
While the retailers highlighted in Choice’s investigation state consumers must agree to the collection of their images as a condition of entry, the reality is the collection, retention, and use of their images are not usually disclosed in any explicit way.
As far as data collection in retail settings goes, there should be a precondition for all stores to make sure consumers are made aware of:
the specific information that is collected while they are visiting
how it might be aggregated and combined with other relevant information from third parties
how long the images or data will be retained, retrieved, or accessed and by whom, and
what security precautions are being used to secure the data.
Furthermore, as with their online shopping experience, consumers should be given the option to opt-out of such data collection.
Until then, consumers may try to avoid collection by donning hats, sunglasses and face masks. But considering the rate at which facial recognition technology is advancing – and how large the personal data market has already grown – retail cameras may soon be able to see through these disguises, too.
The author of this article is Dennis B Desmond, Lecturer Cyberintelligence and Cybercrime Investigations, University of the Sunshine Coast
Disclosure statement – Dennis B Desmond previously received funding from the United States Department of Defense.
Do you have a story tip? Email: email@example.com.