Good and bad takes on Amazon’s in-store biometrics

I’m seeing a lot of takes (some good, some bad) about Amazon’s incentive to register palm prints for its stores in exchange for $10. A 🧵on some of the biometrics and tech behind this – and why some of the takes get implications wrong 👇🏽

For starters, it’s an imbalance on whether it entices certain demographics to give up personal biometric data in return for $10.

This kind of asymmetric power *needs* to be looked at closely, on how that data is used in the future.

“Amazon stores biometrics in the cloud”

What is often not appreciated in this is that biometrics are often stored as mathematical templates; equivalent to “hashes”. A biometric hash CANNOT be used to reconstitute the original hand, fingerprint, or palm print. This is low risk.

If you think of traditional methods of storing passwords, they are often “salted” (add some random data) and then “hashed”.

This is also often how biometric templates are stored. ✅

If there’s a data breach, the templates are useless to a hacker in reusing at a different place.

⚠️ However, this is ONLY secure and private if the company registering biometrics ONLY stores this as a biometric template. It should NOT store the original image/picture of the hand or palm print. 🖐

The analogy here is similar to passwords, where best practice is to never store the original plaintext password, and to only ever store it as a salted and hashed version of the password. ✅

So even if Amazon or any other system stores biometric templates in the cloud, the risk is the same as losing securely stored password hashes: they are useless to a hacker.

It’s all the OTHER data with personal information that’s more useful to hackers.

How does Amazon One compare to on-device biometrics like Apple Touch ID or Face ID? 🤔

The main difference is Touch/Face ID can ONLY be used for 1:1 matching with a single person.

Something like Amazon One which is a central system can be used for 1:1 matching (“give me access to my own account”)

But it can also be used for 1:many matching (“does this palm ✋ print belong to a known fraudster?”)

(How and who decides who is a “known fraudster”?)

Then there’s how Amazon One works, or most biometrics in general.

As a biometrics operator, you want to prevent fraudsters from taking a picture and showing it to a scanner.

⛔️ This is a risk with finger and palm prints…if someone is targeting a specific individual.

As a fraudster though, you’d want to maximise returns and minimise the effort.

Lifting physical finger or palm prints at large scale is *hard* to do.

Amazon uses vein prints, which also can check for something called “liveness”: it’s not just a static image, but can also see if there’s realistic motion that would happen with blood flowing through an actual human’s palm.

This makes it very hard to spoof by a fraudster.

Even if someone had my fingerprints or palm prints, that’s not the same kind of data as my vein patterns.

And even if they had pictures of my vein patterns, it’s hard to spoof the motion associated with vein prints.

TL;DR: the way Amazon One uses vein prints from a palm ✋is secure and follows best practices.

SHOULD they be doing this and whether it’s creepy is a different question that comes down to what’s acceptable in this context by society and users.

(E.g., people don’t mind doing this for passports or border control. They also have no choice in that scenario, whereas Amazon One biometrics is an opt-in programme)

If you’ve stuck by this far (thank you 🙏🏽), would YOU register and give your biometrics to Amazon for entering their grocery stores?

Originally tweeted by Ankur Banerjee (@ankurb) on 6 August 2021.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.