US Senators Press Amazon On Palm-Recognition Security

amazon, whole foods, Amazon One, biometrics, Congress

Three U.S. senators — two Democrats and a Republican — have asked Amazon to provide details about privacy and security protections for its new Amazon One palm print-recognition system.

Amazon One lets customers use their palms to verify their identifies while making purchases at brick-and-mortar retail locations, including Whole Foods and Amazon retail stores.

“Recent reports indicate that Amazon is incentivizing consumers to share their biometric information with Amazon One by offering a $10 promotional credit for products,” a letter from the senators states. “Amazon has also announced that they have plans to expand Amazon One, which may include introducing the technology in other Amazon stores as well as selling it to third-party stores. Amazon’s expansion of biometric data collection through Amazon One raises serious questions about Amazon’s plans for this data and its respect for user privacy, including about how Amazon may use the data for advertising and tracking purposes.”

The authors are: U.S. Sens. Amy Klobuchar, D-Minn., Dr. Bill Cassidy, R-La., and Jon Ossoff, D-Ga.

The letter continues: “Offering products from home devices to health services, Amazon possesses a tremendous amount of user data on the activities of hundreds of millions of Americans. Our concerns about user privacy are heightened by evidence that Amazon shared voice data with third-party contractors and allegations that Amazon has violated biometric privacy laws.”

The senators also single Amazon out compared to other companies that use biometric technology in consumer devices.

“(Amazon) One users may experience harms if their data is not kept secure. In contrast with biometric systems like Apple’s Face ID and Touch ID or Samsung Pass, which store biometric information on a user’s device, Amazon One reportedly uploads biometric information to the cloud, raising unique security risks. Like many companies, Amazon has been affected by hacks and vulnerabilities that have exposed sensitive information, such as user emails.

“Amazon’s various home device systems have leaked information or been hacked, as highlighted in a recent letter to the Federal Trade Commission (FTC) from 48 advocacy organizations. Company whistleblowers earlier this year also raised concerns about Amazon’s security practices. Data security is particularly important when it comes to immutable customer data, like palm prints.”

The senators ask Amazon to provide written answers by Aug. 26 to a series of questions regarding topics including expansion plans beyond Amazon-owned retailers, the number of third parties that have been given access to the data, the number of Amazon One users, Amazon’s plans for the data and steps the company has taken to protect biometric data.

An Amazon spokesman declined comment after being contacted by Washington, D.C.’s “The Hill” newspaper.