A story came out yesterday that sent a few chills down privacy advocates’ spines. As reported in the Telegraph
“The ‘OptimEyes’ system will be rolled out into 450 Tesco petrol forecourts, which serve millions of customers a week.
It works by using inbuilt cameras in a TV-style screen above the till that identify whether a customer is male or female, estimate their age and judge how long they look at the ad.
The ‘real time’ data is fed back to advertisers to give them a better idea of the effectiveness of their campaigns and enable them to tailor ads to certain times of the day.”
The story was repeated in a number of places, with varying degrees of criticism – but it was good to see that most of the reports did at least talk about the privacy angle, because, despite what Tesco and the providers of the system, Alan Sugar’s company Amscreen, might suggest, there really IS a privacy issue here. In fact, there are many privacy issues.
Data Protection
Tesco have ‘reassured’ us – even directly tweeting me about it – that there is no data protection issue here, that no data is collected or stored. I wonder how they are managing that – and whether they understand how digital technology works. In order for their analysis to take place – through which they attempt to ascertain the age and sex of the person in the queue – a photographic image of some kind must be taken. The ‘inbuilt camera’ mentioned must take such an image. That image is then analysed – for things like hair length, shape of face etc – in order to make that determination.
From what I have read it looks as though the OptimEyes system then discards the image – which is, presumably, why Tesco think no personal data is ‘collected or stored’. That, however, is highly unconvincing. First of all, the image IS personal data. Secondly, even if it is immediately discarded, it has still been collected. That engages Data Protection – and means that, in these circumstances, Tesco would presumably need to get the consent of the people who they are photographing. I find myself wondering how they are planning to do this – and whether they are really aware of the requirement. What’s more, that consent needs to be informed consent. I look forward to seeing the notifications on the systems making clear what is going on….
Vulnerabilities and function creep
It’s important also to understand that a system like this will also automatically have vulnerabilities – and that the functions to which it is put may ‘creep’. Once the systems are set up, new uses will be found for them. Economics is part of what drives this – any business wants to get the best out of its assets. Technology is another part of it: if you have the cameras in place, then why not use the latest analytic software on the images? They may currently promise not to use facial recognition software, only basic facial scanning software, but once we’re softened up to this system (see normalisation below) it will only be a matter of time before the software is ‘upgraded’. And then integrated with the Clubcard data of the shopper using the till?
Vulnerability is another side to this. Where data is gathered, it is always vulnerable – that is axiomatic. Even if it is held only for an instant it can be intercepted. Systems can fail. They can be hacked. Presumably the data is being analysed and tested so that the systems can be improved and developed – that testing adds additional vulnerabilities. Anyone paying even cursory attention to the NSA/GCHQ leaks from Edward Snowden should understand how easily and often systems can be compromised – and systems like those set up for seemingly innocuous things like advertising often have far fewer and less effective security that those that are taken more seriously. Why break into carefully control security cameras when you can hack more simply and easily into an insecure advertising camera system?
The security bargain?
That brings into play another issue that was brought up by a number of people in discussions over Twitter yesterday. The argument goes roughly like this: ‘there are already CCTV cameras everywhere, and we don’t care about them – why does this matter?’ It is true, of course, that CCTV cameras are pretty much everywhere in the UK today, and also true that for the most part we simply accept their existence. Why, then, do I think this is different? The first reason is that there is a different ‘bargain’ going on. With security based cameras the bargain is at least in some ways equal. We sacrifice some of our privacy in exchange for at least a perception of an improvement in our security. We benefit from the (at least perceived) lowering of crime. Our environment is safer.
With this kind of system there is no such bargain going on. We are sacrificing some of our privacy – and in reality getting nothing in return. The only people benefiting from this are Tesco – and Amscreen. That is quite different.
Normalisation – and creepiness
For me, this is the most important angle. The reaction of many people, when reading about this kind of story is ‘this is really creepy’. They’re right – it is creepy. Even Simon Sugar, son of Alan, said ‘Yes it’s like something out of Minority Report’, without apparently realising that wasn’t something to be proud of. Creepiness matters – and we shouldn’t discard our cares about it just because they’re ’emotional’. Personally I hope we keep on thinking this sort of thing is creepy – because the time we really need to worry is when we don’t think of it as creepy. When we’ve been so softened up by the constant attacks on our privacy to accept this as ‘normal’. That’s the key risk here for me – the risk of normalisation. The more systems like this are accepted without question, the easier it is for our lives to be constantly monitored and controlled. The less freedom we have.
This particular system may not matter very much. It may, as some have said to me, be pretty trivial and unlikely to work – there have been a few jokes about the unreliability of Amstrad technology in the past – but the normalisation really does matter. If Tesco are followed by Sainsbury’s, by Asda, by Waitrose etc etc and then these systems become the default, we really will have sleepwalked into a Minority Report situation.
Solutions?
A few things have been suggested – from wearing wigs, baseball caps and even burkas. I even toyed with the idea of wearing a Lord Sugar mask – but the best, right now, seems to me to be simply not use Tesco petrol stations… and to make a noise about this! Tell Tesco what you feel, that you don’t want this kind of system. Ultimately, Tesco will only make decisions based on money. If enough people stay away, if they get no economic benefit, then they might change their minds. Sadly it seems unlikely. In this country we don’t seem to care nearly enough about our privacy…..
Paul Bernal's Blog 
Reblogged this on http://error451.me and commented:
Paul, meanwhile, as always, on futures which shouldn’t happen …
Thanks!
My pleasure. TBH, anything which is digitally processed is surely at the beck and call of anyone with access to the Internet. Just can’t see how they think we don’t suspect this.
In an age where everything has eyes, a mind, and an IP address there is no privacy. The sooner people get used to it the better. Instead of the parochial “Thou shalt not collect…” concept of privacy we need to move forward to a civil rights concept that bans certain kinds of harm and allows people to defend themselves from others.
When it comes to advertising, the law should allow a legal opt-out. My attention is worth money (demonstrably) and I don’t want to give it for free. I’d like to see prices advertised with or without ads, the difference should be fair price verified by accounting, and I as a customer should always have the option of no ads at slightly higher price.
Ah yes, privacy is dead…. but if it is, I want to resurrect it! I haven’t given up yet, and my concept of privacy is a far more nuanced version than ‘thou shalt not collect’. I’m still not sure that ‘harms’ is the way to deal with privacy, because it can’t deal with the normalisation effect….
The actual technology that underpins Amscreen and the new all seeing adverts in Manchester streets is from a french company called http://Quividi.com which seems to provide surveillance as a service.
Thanks – a company that we need to watch carefully….
Do you think there’s no conceivable bargain here? Tesco is going to advertise to us no matter what. What about the argument that consumers would now benefit from receiving more relevant ads?
That’s the argument commonly made, but it’s deeply flawed. In some ways it’s like trying to obtain money by menaces: ‘We’re going to annoy the hell out of you – give us your data, and we’ll annoy you a bit less.’
It also misses the point that these ads aren’t targeted to be more relevant for YOUR benefit, but because Tescos thinks they can sell more and make more money for themselves. It’s win-win-win for Tesco, lose-lose-‘lose marginally less’ for us.
Finally, this isn’t replacing a less relevant ad with a more relevant one – this is MORE advertising on the top of existing advertising…..
I dont want to see what young advertising executives think are acceptable ads for my age. Whenever I want the Apprentice I am appalled at what they think people in my age group (over 50s) are like. I can imagine ads for stair lifts and incontinence pads. If this is what they show me then I will not be shopping there. I don’t want to be reminded of my age thanks – If they want my business they will have to take 20 years of me in terms of what they try to sell me.