The main judgement here seems to be: not everyone was there to get a refund, therefore, just entering the store is not an opt-in consent to biometric scans.
As a counter-example: Australian clubbing venues use facial recognition and id verification to identify banned individuals and detect fake documentation. This is required on condition of entry (therefore, opt-in), and this information is shared across all partner venues.
Something that you are required to do by every single venue that offers a service in order to participate is not really what I would call opt in. Yes, you can opt out by never going to a nightclub, but that seems different.
You can’t really call something opt-in if opting out means that you are barred from participating in an entire class of activity unrelated to what you opted out of.
As a counter example, the TSA in the US is now starting to use facial scans for ID, but you can opt out by telling the agent. It does not mean that you cannot go flying, it means that they use a human to identify you without the use of computerized facial scans.
I mean, the TSA already scans your passport/id, and knows every other detail about your trip. Is a facial scan really adding much more? Last time I entered the country they used facial recognition and I didn't even need to show my passport. So they obviously already had the data to recognize me from my passport photo. And this was over two years ago.
How is this the case? Presumably the scenario where they have live camera feeds and a security guard recognizes a banned person on them and removes them would be fine. Why does replacing the human with an algorithm legally make a difference? Did people consent to being facially recognized by a human security guard?
I think that it's analogous to when my genitals are fondled by a TSA agent because I opt out of body scans. The memory of the feeling of them caressing my shape lives on only in their brain instead of being permanently recorded in a database.
That's not a counter-example to the judgment reasoning you highlight: everyone entering a night club is there to enter a night club, not everyone entering a K-mart is there to get a refund.
Everyone trying to enter K-mart is trying to enter K-mart just like the night club. Everyone going into the night club is not there to drink/meet someone/dance/use the restroom/make a drug deal Just like not everyone going into K-Mart is there to shop/browse/by a snack/get a refund/steal something
nightclubs want lots of customers especially attractive women, and don't want lots of problems. What's the potential for abuse? Detecting your attractiveness or ethnicity in order to turn you away would be abuses, but is that what you are thinking of or alleging? because if it's just facial recognition, they don't have an incentive to misidentify people
Sounds like the tech wasn't deployed for "Refund Fraud" (it would be easier to just use facial recognition when a refund was made) but instead deployed across all stores to see what they could do with the data.
I'd be very surprised if refund fraud was the only POC that this facial recognition data was used for.
Sadly been going to HomeDepot long enough to have been there before all the cages were put up. E.g. if you want a small roll of wire, gotta find an associate to open the cage, get the wire, and walk with you to checkout to make sure you pay. I asked once if all the was necessary, and the experienced associate related some real horror stories such as folks putting a 200 ft roll of 4 guage onto a cart and simply walking out. That is impressive both in regard to the brazenness, and because someone could lift such a roll onto a cart (likely with a partner, but still).
I heard stories about how super advanced invasive surveillance let's people like Target know that you're pregnant before you actually know yourself. But I just don't buy it.
I get insane advertisements, even from places like YouTube that know me well. I get advertisements for Bumble featuring what looks like a teenage boy telling me you'll never know what you'll find on Bumble, which is weird considering I'm a married straight dude. Sometimes I even get ads in different languages.
If the most advanced ad network can't figure out the language that I speak, I'm less worried about Kmart doing some nefarious profiling based on my stride.
I like technology that targets fraud, because I like living in a high trust society. I'm annoyed that people abuse the system and that's why we can't have nice things. You could probably just target the worst 1% and basically go back to deodorants not being locked away behind glass.
> I heard stories about how super advanced invasive surveillance let's people like Target know that you're pregnant before you actually know yourself. But I just don't buy it.
I believe it. But it wasn't super-advanced surveillance. It was, as I recall, 2010's "machine learning" basically drawing inferences about purchase history to determine what sorts of personalized advertisements to mail to you or print on your receipts, or whatever.
I believe it because I worked at another large American retailer similar to Target at the time and though I was not directly involved, I was aware that other departments in our company were working on similar things. It wasn't that advanced or outlandish, it was just finding trends in the huge amount of historical purchase data we had. I can absolutely believe that it was similar at Target. People who bought these things typically bought baby-related stuff 3-6 months later, so lets send them some coupons for that baby-related stuff in 2 months. It's unlikely the fact it was baby-related was actually relevant, it probably just sent coupons for whatever the predicted purchases were.
An individuals purchase history was probably correlated either by rewards program membership (preferred) or credit cards used. If you just paid cash and didn't use swipe your membership card, it was unlikely the purchase would be associated to you.
The story behind how Target found out a teenager was pregnant before her dad was is very interesting, and really gets me thinking what will happen when they monitor my behavior in-store.
Kmart secretly knowing that you are pregnant or you have colon cancer or whatever is not what I'd be worried about.
I'd be worried that they will either collaborate or get infiltrated by hackers, cops, and agencies. Then, one day I like a post on social media promoting wrongthink, and I'll be picked up.
> If the most advanced ad network can't figure out the language that I speak
The ad network absolutely knows you down to minute detail, but the only thing that matters is who bid the highest. Maybe the winner is the one with the most VC cash to burn?
This should be very familiar to people working with data in a lot of jurisdictions. I can speak to Europe but I think similar things exist elsewhere - data is less restricted in how and what you collect than it is how you use it. This makes a lot of sense, you should be able to have a basic record of ip addresses and access times for rate limiting, but that shouldn’t mean you can use it for advertising.
Similarly it seems reasonable that shops should be able to record for some purposes but not all.
I don't think "less restricted" is a good framing. How you are using it is the core, and you get to collect and store what's necessary for your legal uses, and use it for those uses.
You don't get to have access logs because there is no restriction on logging IPs, you get them because you argue a justified use of them, and thus you can have them to use them for it (and not for anything else).
I don't think it does, because it is completely unverifiable. It's like allowing people to buy drugs, but not to use them.
I'm not worried about people collecting IPs, I'm worried about people who collect IPs being able to send those IPs out and get them associated with names, and send those names out and be supplied with dossiers.
When they start putting collecting IPs in the same bag as the rest of this, it's because they're just trying to legitimize this entire process. Collecting dossiers becomes traffic shaping, and of course people should be allowed to traffic shape - you could be getting DDOSed by terrorists!
edit: I'm not sure this comment was quite clear - it's 1) the selling of private, incidentally collected information by service providers, and 2) the accumulation, buying, and selling of dossiers on normal people whom one has no business relationship that is the problem. IPs are just temporary identifiers, unless you can resolve them through what are essentially civilian intelligence organizations.
You forget store. This depends a lot on the type of data. Duration, specific laws related to it and protection are very different for randomised numbers vs medical as an example.
This is good. It means we have laws and rulings that understand the technology. That balance the need for business to protect their stores with people's privacy.
Free to record data but not free to process data... sounds a lot like books being stored rightfully but not analyzed by machine learning.
I have data on Google. Google has a TOS that says they can use my data. This could cover even future use cases, even though those future use cases I did not anticipate. So does Google have the right to use my data in this particular way?
There are all manner of things you can and cannot do with 'data'. For example, you cannot purchase a Blu-Ray, rip its contents and post them on the internet. This shouldn't be that "interesting".
I noticed that as well, it's a bit frustrating. I personally think if you're allowed to do something legally, you should be allowed to do it using technology.
It's seems silly to me that you can have a human being eyeball someone and claim it's so and so, but you can't use incredibly accurate technology to streamline that process.
I personally don't like the decay of polite society. I don't like asking a worker for a key to buy some deodorant. Rather than treat everyone like a criminal, why don't we just treat criminals like criminals. It's a tiny percentage of people that abuse polite society and we pretend like it's a huge problem that can only be attacked by erecting huge inconveniences for everyone. No, just punish criminals and build systems to target criminals rather than everyone. If you look at arrests, you'll see that among persons admitted to state prison 77% had five or more prior arrests. When do you say enough is enough and we can back off this surveillance state because we're too afraid to just lock up people that don't want to live in society.
Target the criminals. Yes, the criminals, according to the altruistic government that serves its people and never breaks the constitution or international law. According to its perfectly defined code. Someone who got an abortion in another state after rape, for example. Or said "children shouldn't be murdered"? but said it out loud at a campus. Run the tech of the most powerful trillionaires on the masses, the poor people and find out who is dissenting. Keep the prisons full. One man's prison is another man's pension. Make this system more powerful.
We are all potential criminals under tomorrow's government. Remember that!
First paragraphs pretty clearly read to me like the issue isn’t “processing it,” it’s the indiscriminate filming of everybody who enters the store without consent that’s the problem.
Security filming is common in Australia and not outlawed by this ruling. It is specifically the non-discriminate use of facial recognition technology this ruling applies to.
The specific difference is "sensitive information". General filming with manual review isn't considered to be collecting privacy sensitive information. Automatic facial recognition is.
The blog post makes this point about how the law is applied:
> Is this a technology of convenience - is it being used only because it’s cheaper, or as an alternative to employing staff to do a particular role, and are there other less privacy-intrusive means that could be reasonably used?
Everyone who enters almost any store is "filmed" with their implicit consent. Cameras are everywhere, and certainly are everywhere in every Australian court as well.
The root comment is precisely right. Deriving data from filmed content -- the illusory private biometric data that we are leaving everywhere, constantly -- is what the purported transgression was.
Is this from the 90s? Who doesn't expect to be recorded when entering a retail chain? How the hell does the government have the right to decide what this private company can do on their private land? If you enter onto someone else's property you should play by their rules.
Do you believe it? I once had to use facial recognition at a train station to get free toilet paper, which was labeled for "environmental protection," avoiding waste of paper. At that time, I was in pain and urgently had to sell my face just for a piece of toilet paper
yes, every human must be self sufficient at any time or be forced into selling their data. When moving through society keep drinking water, food, toilet paper, spare clothes, umbrella, mask, fake travel papers, wigs, and other necessary items allowing you to opt out of the panopticon.
As an Australian, I can say that Kmart here is an absolute powerhouse. They sell highly curated goods made in China for very cheap, it's a dream for young people on a budget. Poor delivery services here pushes people toward brick and mortar stores too.
This is more common than you’d think - often subsidiaries are distinct enough that the Canadian or Australian version survives the US parent’s bankruptcy.
And sometimes it’s just a different store that licensed the name for 100 years.
Even more astonishing to me is that we’ve not just simply allowed something like ubiquitous camera surveillance and facial recognition, increasingly with effectively 100% coverage, but most people have actively participated in it with all their various cameras they even installed inside their home, let alone set up neighborhood surveillance systems.
And yes, they are all tapped and not even Orwell imagined what we’ve done to ourselves. But don’t worry, it will only get more apparent and worse once things are far beyond too late, when Minority Report will be noted for its cute and naive depiction.
Orwell never imagined that the surveillance data would be worth so much money or that every single technological advancement could only be accessed once one agreed to surrender all of their privacy.
Kmart in Australia is pretty good to be fair. Cheap goods with good enough quality. I put them above Temu or Shein. For toys or pet accessories, they are unmatched in price anywhere else.
My house is full of kmart dog toys. I keep forgetting we got them there as they are good quality. It's a place you get everything, fairly cheap but good quality for the price. Notwithstanding TFA.
For stuff like cups, power boards, tooth brush holders, etc they are basically the best. The furniture is pretty garbage though and not really that cheap compared to something much better at ikea.
Yeah remember a decade or two ago they filed bankruptcy. Guess that is the wonders of Chapter 13 bankruptcy law in USA. And thanks to obfuscation of owner ship for corporations, god knows who owns them now.
Readit News
As a counter-example: Australian clubbing venues use facial recognition and id verification to identify banned individuals and detect fake documentation. This is required on condition of entry (therefore, opt-in), and this information is shared across all partner venues.
https://scantek.com/facial-biometric-matching-technology-sca...
You can’t really call something opt-in if opting out means that you are barred from participating in an entire class of activity unrelated to what you opted out of.
As a counter example, the TSA in the US is now starting to use facial scans for ID, but you can opt out by telling the agent. It does not mean that you cannot go flying, it means that they use a human to identify you without the use of computerized facial scans.
Where is the difference?
Everyone trying to enter K-mart is trying to enter K-mart just like the night club. Everyone going into the night club is not there to drink/meet someone/dance/use the restroom/make a drug deal Just like not everyone going into K-Mart is there to shop/browse/by a snack/get a refund/steal something
I'd be very surprised if refund fraud was the only POC that this facial recognition data was used for.
The only conceivably legal POC.
I get insane advertisements, even from places like YouTube that know me well. I get advertisements for Bumble featuring what looks like a teenage boy telling me you'll never know what you'll find on Bumble, which is weird considering I'm a married straight dude. Sometimes I even get ads in different languages.
If the most advanced ad network can't figure out the language that I speak, I'm less worried about Kmart doing some nefarious profiling based on my stride.
I like technology that targets fraud, because I like living in a high trust society. I'm annoyed that people abuse the system and that's why we can't have nice things. You could probably just target the worst 1% and basically go back to deodorants not being locked away behind glass.
I believe it. But it wasn't super-advanced surveillance. It was, as I recall, 2010's "machine learning" basically drawing inferences about purchase history to determine what sorts of personalized advertisements to mail to you or print on your receipts, or whatever.
I believe it because I worked at another large American retailer similar to Target at the time and though I was not directly involved, I was aware that other departments in our company were working on similar things. It wasn't that advanced or outlandish, it was just finding trends in the huge amount of historical purchase data we had. I can absolutely believe that it was similar at Target. People who bought these things typically bought baby-related stuff 3-6 months later, so lets send them some coupons for that baby-related stuff in 2 months. It's unlikely the fact it was baby-related was actually relevant, it probably just sent coupons for whatever the predicted purchases were.
An individuals purchase history was probably correlated either by rewards program membership (preferred) or credit cards used. If you just paid cash and didn't use swipe your membership card, it was unlikely the purchase would be associated to you.
https://www.forbes.com/sites/kashmirhill/2012/02/16/how-targ...
I'd be worried that they will either collaborate or get infiltrated by hackers, cops, and agencies. Then, one day I like a post on social media promoting wrongthink, and I'll be picked up.
The ad network absolutely knows you down to minute detail, but the only thing that matters is who bid the highest. Maybe the winner is the one with the most VC cash to burn?
Person of Color?
Point of Contact?
- you can record all manner of video in your store...
- but you can't process it in this particular way.
Similarly it seems reasonable that shops should be able to record for some purposes but not all.
I don't think it does, because it is completely unverifiable. It's like allowing people to buy drugs, but not to use them.
I'm not worried about people collecting IPs, I'm worried about people who collect IPs being able to send those IPs out and get them associated with names, and send those names out and be supplied with dossiers.
When they start putting collecting IPs in the same bag as the rest of this, it's because they're just trying to legitimize this entire process. Collecting dossiers becomes traffic shaping, and of course people should be allowed to traffic shape - you could be getting DDOSed by terrorists!
edit: I'm not sure this comment was quite clear - it's 1) the selling of private, incidentally collected information by service providers, and 2) the accumulation, buying, and selling of dossiers on normal people whom one has no business relationship that is the problem. IPs are just temporary identifiers, unless you can resolve them through what are essentially civilian intelligence organizations.
I have data on Google. Google has a TOS that says they can use my data. This could cover even future use cases, even though those future use cases I did not anticipate. So does Google have the right to use my data in this particular way?
It's seems silly to me that you can have a human being eyeball someone and claim it's so and so, but you can't use incredibly accurate technology to streamline that process.
I personally don't like the decay of polite society. I don't like asking a worker for a key to buy some deodorant. Rather than treat everyone like a criminal, why don't we just treat criminals like criminals. It's a tiny percentage of people that abuse polite society and we pretend like it's a huge problem that can only be attacked by erecting huge inconveniences for everyone. No, just punish criminals and build systems to target criminals rather than everyone. If you look at arrests, you'll see that among persons admitted to state prison 77% had five or more prior arrests. When do you say enough is enough and we can back off this surveillance state because we're too afraid to just lock up people that don't want to live in society.
https://mleverything.substack.com/p/acceptance-of-crime-is-a...
We are all potential criminals under tomorrow's government. Remember that!
The specific difference is "sensitive information". General filming with manual review isn't considered to be collecting privacy sensitive information. Automatic facial recognition is.
The blog post makes this point about how the law is applied:
> Is this a technology of convenience - is it being used only because it’s cheaper, or as an alternative to employing staff to do a particular role, and are there other less privacy-intrusive means that could be reasonably used?
https://www.oaic.gov.au/news/blog/is-there-a-place-for-facia...
The root comment is precisely right. Deriving data from filmed content -- the illusory private biometric data that we are leaving everywhere, constantly -- is what the purported transgression was.
Dead Comment
It's very successful in Australia.
Which also now owned by the same owners of Kmart (Coles Group, now owned by Wesfarmers).
And both Kmart and Target Australia operations have merged (though still operating 2 separate brands)
Deleted Comment
Dead Comment
And sometimes it’s just a different store that licensed the name for 100 years.
And yes, they are all tapped and not even Orwell imagined what we’ve done to ourselves. But don’t worry, it will only get more apparent and worse once things are far beyond too late, when Minority Report will be noted for its cute and naive depiction.