AT THE END of September, amidst its usual flurry of fall hardware announcements, Amazon debuted two especially futuristic products within five days of each other. The first is a small autonomous surveillance drone, Ring Always Home Cam, that waits patiently inside a charging dock to eventually rise up and fly around your house, checking whether you left the stove on or investigating potential burglaries. The second is a palm recognition scanner, Amazon One, that the company is piloting at two of its grocery stores in Seattle as a mechanism for faster entry and checkout. Both products aim to make security and authentication more convenient—but for privacy-conscious consumers, they also raise red flags.
Amazon's latest data-hungry innovations are not launching in a vacuum. The company also owns Ring, whose smart doorbells have had myriad security issues and have been widely criticized for bringing unprecedented surveillance to traditionally semi-private spaces. Meanwhile, the biometric data that Amazon Go will collect is particularly sensitive, because unlike a password you can't simply change it if a hacker steals it or it gets unintentionally exposed. Amazon has a strong record for maintaining the security of its massive cloud infrastructure, but there have been lapses across the sprawling business. The stakes are already phenomenally high; the more data the company holds the more risk it takes on.
"Amazon has a major genomics cloud platform, so maybe they hold your DNA and now they're going to have your palm as well? Plus all of these devices inside your house. And your purchase history on Prime. That's a lot of information. That's a lot of personal information," says Nina Alli, executive director of Defcon's Biohacking Village and a health care security researcher. "When you give away this data you're giving a company the ability to access and manage you, not the other way around."