Amazon One: Senators probe Andy Jassy about palm scan payments

By Eric Johansson

US senators are worried about Amazon One, the ecommerce giant’s new hand-scanning payment system, and want to know how the $1.6tn juggernaut will protect people’s private data.

Amazon rolled out the payment programme in September 2020 in two of its Amazon Go stores in Seattle. The technology enables users to link their accounts to a credit card and to pay for groceries and other things by simply scanning their palms. The biometric payment system has since also been rolled out in Whole Food stores, which Amazon bought in 2017.

It is currently available in around 50 locations across the States. The ecommerce giant is eager to see that number grow. In early August, Amazon offered a $10 discount for users willing to upload their palm prints to the system.

However, the expansion plans have just hit a snag. On Friday, three senators published an open letter to Amazon’s new CEO Andy Jassy. They expressed concern about the biometric payment system, saying that it “raises serious questions” about “user privacy, including about how Amazon may use the data for advertising and tracking purposes.”

The news comes as data privacy is increasingly becoming an issue keeping business leaders up at night. This is particularly true for companies like Facebook, Apple, Amazon, Netflix and Google (FAANG) who have found themselves at the centre of several data privacy scandals over the years. As a result, regulators around the world are now putting the screws to web giants through formal probes and by issuing new regulations.

“Once deemed consumer champions, Big Tech now appears to be the new dark side of capitalism, arguably presenting a bigger risk to society than bankers were in 2007,” a recent GlobalData report noted. “Public outrage at their actions is now forcing regulators to act.”

Amazon One letter

The new letter is the most recent example of this global regulatory pushback. Three senators – Amy Klobuchar, Bill Cassidy and Jon Ossoff – co-signed the bipartisan letter. Klobuchar has form when it comes to Big Tech regulation, having previously co-sponsored several bills making their way through the corridors of Capitol Hill that are designed roll back the power of the Big Five.

And when it comes to Amazon’s palm-scanning payment system, she and her co-signatories have reason to be worried. In 2019, the company’s smart assistant Alexa, which is integrated into several internet of things devices such as speakers and TVs, was found to be sending sensitive audio recordings to human contractors. Apple’s Siri and Microsoft’s Cortana were caught in similar scandals.

In July 2020, Amazon, Microsoft and Google’s parent company Alphabet were sued in Illinois by two individuals. They alleged that the three web giants had used their images to train facial recognition solutions without those two individuals’ consent. Therefore, they argued, the companies were in breach of Illinois state law. Pictures of the claimants’ faces had been available in IBM’s Diversity in Faces database.

These and other cases were cited by the three senators as reasons to why Amazon had questions to answer before the payment solution’s rollout could continue.

They also cited antitrust concerns. The senators worried about Amazon using data from the payment system as well as data from third-party customers, which could “further cement its competitive power and suppress competition across various markets.”

Biometrics aplenty

Of course, Amazon isn’t the only FAANG company using biometric data in its payment solutions. The number of payments using facial, fingerprint, palm or any other biometric data are set to double from 671 million in 2020 to 1.4 billion by 2025.

Apple and Google, for instance, use fingerprint scans to authenticate payments via their smartphones. The difference is that Cupertino and Mountain View store the biometric data on the users’ individual devices, whereas Amazon has repeatedly made a point out of not storing the data on Amazon One devices. Instead, it sends the data to be stored in the cloud.

The senators warned that this “raised unique security risks.”

“Like many companies, Amazon has been affected by hacks and vulnerabilities that have exposed sensitive information, such as user emails,” Klobuchar, Cassidy and Ossoff wrote, citing reports about cybersecurity vulnerabilities and concerns expressed by 48 advocacy groups in an open letter to the Federal Trade Commission in July.

The three senators asked Jassy, who took over as CEO from founder Jeff Bezos in July, to answer questions about the payment system’s rollout by August 26, 2021.

They wanted to know details about the rollout in Amazon-owned stores, what third-party customers have access to the biometric payment system, how many users have signed up to it so far, if the palm scans were ever paired with Amazon’s facial recognition data, how the company keeps consumers informed about how personal information about them is being used, and how Amazon protects the data.

Amazon declined Verdict‘s requests for comment, but linked to a blog post published in April.

“At Amazon, nothing is more important to us than earning and maintaining customer trust,” the blog post said. “We take data security and privacy seriously, and any sensitive data is treated in accordance with our long-standing policies.”

It continued that hand scans were never stored on the devices. Instead, the images were encrypted and “sent to a highly secure area we custom-built for Amazon One in the cloud.”