My body, my password

Shop in the name of love, before you break my card.

I was at the automated checkout in a Whole Foods Store in San Francisco, buying a jar of E&J’s Barbecue Sauce, [1] when the technology took hold.

I held my hand a few inches over a scanner next to the checkout machine, the way you do to see if a grill or a frying pan is hot enough to cook with. The screen flashed red, then a green circle filled in, indicating that I was holding my palm in the right place. The machine thanked me for my purchase and spit out a receipt.

I had just purchased something using nothing but my hand. My palm – or more accurately, its pattern of creases and ridges, as well as veins beneath the skin – was now a credit card. This was the first time I used Amazon One, the company’s newish biometric payment system.

OK, it wasn’t quite that easy. First I had to enroll online, uploading a copy of my legal ID and entering my Amazon payment information. Then I had to find a location that uses Amazon One (like that Whole Foods in San Francisco), and enroll my palm by letting the machine scan it a few times. Finding a place to do this was the hardest part of it; it’s not available in every Whole Foods or every Amazon outlet, and the website isn’t particularly helpful in finding one.

Now I never need to bring my wallet or even my phone to any venue that uses Amazon One (like Panera Bread and Coors Field in Colorado). My body is my ID, my credit card, and, well, my body, all in one.

Gotta hand it to Jeff

Fact is, I was a little hesitant to share the specifics of my anatomy with Amazon. Even though I already use my face to unlock my iPhone, my fingerprint to log into my laptop, and my voice to verify my identity to the keepers of my retirement account, there was something about handing my hand over to Jeff Bezos that made my palms sweat.

Amazon One in action. Source: Amazon.

I know that the actual biometric — the image of my face or fingerprint — is translated into a digital signature (aka, a long complicated number), and the original image is (usually) discarded. And I know that signature is stored in a secure digital vault on my phone and laptop and, presumably, at my brokerage (fingers crossed). But Amazon was going to store encrypted copies of my biometrics and my digital signature in the cloud.

If you lose your credit card, it can be replaced. It’s somewhat harder to replace your hand, face, or fingers. [2] If that data ever got breached, it could lead to a kind of identity theft that would be difficult if not impossible to recover from.

Amazon says there’s nothing to worry about:

Let’s assume for a moment Amazon kicks ass at security. There is no system immune to hacking or insider threats or the occasional cock-up. I also think the odds of biometric identity theft are infinitesimally small. Risk vs benefit. You pays your money, you takes your chances. Like always.

Stupid biometrics tricks

The range of biometric clues available to identify us is really kind of stunning. Aside from faces, fingerprints, voice, and palms, there’s also our eyes (iris or retina scans), the way we walk (gait), the way we talk (lip movements), the way we type (keystroke patterns), the pressure we apply when signing our names (on those rare occasions we use an actual pen), and, of course, our DNA. All of this is driven now by AI.

Everyone’s favorite dystopian nightmare. Also: Minority Report.

But biometrics are far from infallible. [3] For example: Facial recognition is notoriously bad at recognizing people of color. Part of this is undoubtedly due to not using enough photos of non-white folk to train the algorithm. [4] As a result, poor facial recognition has already led to mistaken identity and false arrests.

Then there's just bad technology, and/or corrupt operators of same. Take, for example, the scammers who used dolls’ heads to fool a facial recognition system so they could steal millions in Paycheck Protection Program relief funds.

A company called Womply was given a $2 billion contract by the Small Business Administration to verify the identity/humanity of employees of PPP applicants. Here are photos of some of the employees they verified:

Meet the extras from the new Barbie movie. Source: The Messenger.

Womply also collected $5 million in PPP loans for itself. [5] Oh, and Womply CEO Toby Scammell was convicted of insider trading in 2014 and banned by the SEC. Now he’s a Fintech bro. Ain’t America grand?

I’m no palm reader, but...

Potential positives: Biometrics can make it much harder for other folk to steal your identity. No more passwords to have stolen, security cards to swipe, dongles to dangle. No wallet to carry; ‘frictionless’ movement through the system. What humans crave most: Convenience.

It might even make it much harder for anonymous Internet trolls and/or scammers to thrive. One can only hope.

The negative? In the wrong hands – and we’ve seen a lot of wrong hands come into power lately, all over the place – biometrics could be the end of whatever escape from government scrutiny we have left. Hence its presence in nearly every dystopian nightmare coming out of Hollywood.

Happy shopping.

COMYAI (what an attractive acronym) is taking a bit of a break for the 4th of July holiday. If you must blow things up, please do so with adult supervision nearby. Happy Independence Day, y’all.

[1] From Everett & Jones, a famous barbecue joint in Oakland. Available in mild, medium, and hot. Warning: Once you start, you’ll never stop.

[2] I know what you’re thinking: Could someone cut off my hand and use it to shop at Whole Foods? The answer to that question is, thankfully, no: The scanners use “liveness detection” (movement of blood under the skin) to avoid that ghoulish scenario. The same goes for silicone replicas.

[3] Then there are the extremely rare cases of people born without fingerprints — a condition known as Adermatoglyphia. Seems like God is almost begging you to pursue a life of crime.

[4] A 2019 NIST study found that facial recognition algorithms were from 10x to 100X more likely to misidentify a Black or East Asian face vs. a white face. Combine that with racist policing and, well, it ain't a pretty picture.

[5] It’s not clear how many of its own employees had detachable arms and legs.