Site icon Sophos News

Smile this Black Friday, you might well be on camera!

Get ready for Black Friday shopping MADNESS!!

$394.99 for a drone that captures HD 1080p video and 14MP photos?!

$300 off a 49-in. Smart UHD TV featuring a 4K Upscaler to enhance details to near 4K quality?!?!

Get out!

No, seriously, get out of those stores if you care about your privacy.

It’s not just scammers who want to suck personal data out of customers like a bunch of pan juice slurping bird basters this Black Friday. What about retailers themselves?

It may be legal, but it’s still data suckage, and according to a recent survey, plenty of people don’t like it one little bit.

“It” is this, specifically: anticipate that your face data points may well be recognized and matched as stores track you.

The survey was conducted over the summer by research firm Opinion Matters for big-data provider CSC. It involved 2049 UK consumers (both in-store and online) and 150 senior IT, marketing or digital retail executives.

It found that 74% of retailers admit they track customers from the moment they enter a store, including tracking visitor behavior; recording information about gender, age and how much time you spend in the store; or recognizing how many times you’ve been in the store.

31% use big data, 27% use facial recognition, and 65% track customers for security purposes: for example, they’re using facial recognition to spot shoplifters and to give store security a heads-up about who to keep an eye on.

As Fortune reported earlier this month, retailers are scanning shoppers to automatically pick out suspected thieves – all without any rules to protect their privacy.

If you want to know which retailers are acting like the retail version of Facebook, with its massive, ever-expanding facial recognition database and ever-more sophisticated recognition technologies, good luck with that.

Most of the retailers contacted by the magazine kept their lips zipped about whether or not they’re using the technology.

Home Depot says it’s not. Walgreens says it’s got no contract with one particular facial recognition technology company – but at any rate, it doesn’t talk about specific security measures. Target wouldn’t say yes or no.

In fact, Walmart was the only company that ‘fessed up to using the software: the retailer tested facial recognition software in stores across several states for several months, but then discontinued the practice earlier this year.

Not because of privacy concerns, mind you: rather, crunching the data on shoppers’ faces was just too darn expensive.

For those people who actually know what facial recognition technology is (56% said they didn’t), the idea of so many retailers using it – without informing shoppers, mind you – is disturbing.

According to the survey, a third – 33% – of consumers know what facial recognition is and find it intrusive, particularly people over the age of 55.

A quarter – 25% – of retailers said they’re using facial recognition technology in-store to get existing customers to come back and shop again. That figure rose to 59% for fashion and apparel retailers.

The larger retailers (101-250 stores) use facial recognition most frequently (43%).

Nearly half (49%) of all retailers are in favor of facial recognition technology. As little as 7% felt that it was intrusive for customers. .

They’re pretty oblivious to the idea that customers might find this intrusive: 83% of retailers think that customers would respond positively to behavioral technology, either stating that it’s improved their shopping experience or that customers have benefitted from data-improved shopping experiences.

Only 9% of retailers felt that customers would object, and only 7% felt that customers wouldn’t even be aware of this type of technology used in-store.

The lack of rules governing the use of the technology in retail environments isn’t surprising: it’s just the latest wrinkle in the ways businesses have been glomming onto our details.

After all, in the past we’ve seen businesses trying to monitor potential customers by tracking their mobile devices, such as businesses that have built shopper profiles based on sniffing phones’ Wi-Fi, marketeers tracking your mobile phone as it broadcasts your movements around a shop, or even setting up rubbish bins to sniff your Wi-Fi.

Then too, there was that beverage vending machine that takes photos of people, superimposes wigs on their heads and exhorts them to buy a drink, or even guesses those people’s names and genders: the better to target-market at them.

When it comes to facial recognition in particular, we’ve seen a Russian billboard advertising contraband that hides when it recognizes cops’ badges (admittedly, that would be less facial recognition than badge recognition, though the same principles apply).

But still, the fact that retail is the Wild West of facial recognition stands in sharp contrast to what’s happening outside of the stores.

In June, pro-privacy groups in the US walked out of discussions with the Department of Commerce over creating new standards for using facial-scanning software.

But while privacy groups have thrown up their hands, law enforcement has kept grabbing for more.

The voracity includes the FBI’s latest plans to expand its facial recognition database.

The US city of San Diego, for its part, quietly slipped the technology into the hands of law enforcers in 2013.

And what of Facebook, the face collecting/dissecting marketing machine?

In April, Facebook was hit by a class action suit in the US – along with the photo-service site Shutterfly – when consumers in the state of Illinois filed suits alleging violation of a state law related to biometrics.

One of the suits claimed that Facebook violated its users’ privacy rights in acquiring what it describes as the largest privately held database of facial recognition data in the world.

In European countries and Canada, meanwhile, automated photo tagging features are unavailable because regulators are a mite queasy about the privacy implications.

In 2012, the company opted to ditch the facial recognition program and delete the user-identifying data it already held.

There’s actually been one (potentially) positive use of facial recognition suggested recently: Earlier this month, Facebook suggested using facial recognition to spot kids in photos and warn parents if they’re on the brink of sharing those images publicly instead of just with friends.

But here’s the biggest difference between facial recognition being used by Facebook vs. the cops, the Feds or the big-box electronics store down at the mall: at least with Facebook, we know what its face-crunching people are up to.

The company isn’t exactly shy about its sophisticated technology.

That’s why we know, for example, that Facebook’s DeepFace technology rivals humans’ ability to recognize faces, accurately identifying faces 83% of the time, even in profile or with features obscured.

We know Facebook is after our faces. We can choose to stay off the site if we find that unacceptably intrusive.

We don’t know what retailers are up to. This is true even in privacy-sensitive Europe.

So if Black Friday finds you packed in like a sardine, battling with co-shoppers for whatever door-buster deal got you off the couch, get ready to grin and bear it: the cameras well might appreciate both the grin and having you give a sunglasses-free, full-face frontal.

Image of stop sign courtesy of Shutterstock.

Exit mobile version