US lawmakers are not convinced about Amazon's ability to store palm prints safely


Posts: 325   +2
In brief: Amazon is offering $10 in credit to everyone that scans and saves their palm prints into their Amazon accounts for authentication purposes within their stores, and that's something that has raised eyebrows among US senators. Yesterday, a group of senators sent a letter to Amazon explaining their concerns and listing some questions they would like to be answered.

With Amazon One, the company is hoping to make payment for your groceries simpler and faster by scanning your palm. For now, you can use it in a few Amazon Go, Amazon Books, and Amazon 4-star stores, but if it becomes more mainstream, it will expand to more locations.

To promote the new technology, Amazon is giving away $10 in credit for anyone that links their palm to their Amazon account. This can be done in participating physical Amazon stores. Once the process is complete, users will receive an email with the $10 credit.

Following these events, US Senators Amy Klobuchar, Bill Cassidy and Jon Ossoff wrote a letter to Andy Jassy, CEO of Amazon, explaining their concerns over the system's security, Amazon's $10 credit promotion, and how the company will use this data. The letter is also accompanied by some questions that the US senators would like to see answered by August 26, 2021.

"Our concerns about user privacy are heightened by evidence that Amazon shared voice data with third-party contractors and allegations that Amazon has violated biometric privacy laws," wrote the Senators in the letter. "We are also concerned that Amazon may use data from Amazon One, including data from third-party customers that may purchase and use Amazon One devices, to further cement its competitive power and suppress competition across various markets."

Unlike companies such as Apple and Samsung, Amazon wouldn't be storing the biometrics data in the user's device. Instead, the data is uploaded to Amazon's cloud so buyers can use it in different stores. By storing it on the cloud, there's the risk that this information may be leaked or stolen through cyber attacks or exploiting a vulnerability in Amazon's systems.

This isn't the first time Amazon is questioned by the US Senate to hand out details about their biometrics systems. In 2018, ACLU tested Amazon's 'Rekognition' facial recognition tech, identifying 28 lawmakers as criminals. Following these results, both the Senate and the House of the Representatives sent a letter to Amazon asking for details about the technology.

Permalink to story.


Uncle Al

Posts: 9,363   +8,581
Here is an easy enough solution. Any company that wants to take and store our personal information must post a bond worth 10x the value of the company plus 10K per user. Should their be a breach, this money will be distributed to the users to help them recover and fix any damages. With that in place I think you will find a lot more companies being a hell of a lot more careful ....


Posts: 708   +334
Sorry but seems like FUD to try to slow down Amazon... The entire web is already a gargantuan trackin mechanism... They target ads using every details of our eletronic habits...

Down here in Brasil some banks already use biometrics for security... I see Amazon One as the IRL version of it's "One Click" buying button with security features, making the daily supermarket/grocery payments easier/faster, thus allowing consumers to spend more in the end of the day...

Arguing about Amazon's cloud security around credentials on this specific matter seems useless when the entire web is already tracking you... I think my own bank palm auth system may be less secure then Amazon's, but this authentication information can't be exploited outside my bank system.... So seems like a pointless concern.

They are not creating a public biometric tracking infrastructure, it's a narrowly scoped biometric system.

We should be a lot more concerned about the relationship of governments and the eletronic tracking mechanism providers, because any tracking system, be it palm, face recog, any tracking system where the gov get to tap can (and most certainly will) become a weapon for the gov....

Hackers stealing customers credentials are every enterprise nightmare, you can bet enterprise already pour down billions to counter It.... But nobody's countering government, and in the end of the day we just get to know this one new authentication system became a gov tracking tool when we get some confidential info leak.

Everything considered we are doomed.


Posts: 390   +242
Using biometrics for security is a bad idea, simple as that. Once the data is compromised there's no way to fix the situation.