Minority Report on the Tesco Forecourt?

A story came out yesterday that sent a few chills down privacy advocates’ spines. As reported in the Telegraph

“The ‘OptimEyes’ system will be rolled out into 450 Tesco petrol forecourts, which serve millions of customers a week.

It works by using inbuilt cameras in a TV-style screen above the till that identify whether a customer is male or female, estimate their age and judge how long they look at the ad.
The ‘real time’ data is fed back to advertisers to give them a better idea of the effectiveness of their campaigns and enable them to tailor ads to certain times of the day.”

The story was repeated in a number of places, with varying degrees of criticism – but it was good to see that most of the reports did at least talk about the privacy angle, because, despite what Tesco and the providers of the system, Alan Sugar’s company Amscreen, might suggest, there really IS a privacy issue here. In fact, there are many privacy issues.

Data Protection

Tesco have ‘reassured’ us – even directly tweeting me about it – that there is no data protection issue here, that no data is collected or stored. I wonder how they are managing that – and whether they understand how digital technology works. In order for their analysis to take place – through which they attempt to ascertain the age and sex of the person in the queue – a photographic image of some kind must be taken. The ‘inbuilt camera’ mentioned must take such an image. That image is then analysed – for things like hair length, shape of face etc – in order to make that determination.

From what I have read it looks as though the OptimEyes system then discards the image – which is, presumably, why Tesco think no personal data is ‘collected or stored’. That, however, is highly unconvincing. First of all, the image IS personal data. Secondly, even if it is immediately discarded, it has still been collected. That engages Data Protection – and means that, in these circumstances, Tesco would presumably need to get the consent of the people who they are photographing. I find myself wondering how they are planning to do this – and whether they are really aware of the requirement. What’s more, that consent needs to be informed consent. I look forward to seeing the notifications on the systems making clear what is going on….

Vulnerabilities and function creep

It’s important also to understand that a system like this will also automatically have vulnerabilities – and that the functions to which it is put may ‘creep’. Once the systems are set up, new uses will be found for them. Economics is part of what drives this – any business wants to get the best out of its assets. Technology is another part of it: if you have the cameras in place, then why not use the latest analytic software on the images? They may currently promise not to use facial recognition software, only basic facial scanning software, but once we’re softened up to this system (see normalisation below) it will only be a matter of time before the software is ‘upgraded’. And then integrated with the Clubcard data of the shopper using the till?

Vulnerability is another side to this. Where data is gathered, it is always vulnerable – that is axiomatic. Even if it is held only for an instant it can be intercepted. Systems can fail. They can be hacked. Presumably the data is being analysed and tested so that the systems can be improved and developed – that testing adds additional vulnerabilities. Anyone paying even cursory attention to the NSA/GCHQ leaks from Edward Snowden should understand how easily and often systems can be compromised – and systems like those set up for seemingly innocuous things like advertising often have far fewer and less effective security that those that are taken more seriously. Why break into carefully control security cameras when you can hack more simply and easily into an insecure advertising camera system?

The security bargain?

That brings into play another issue that was brought up by a number of people in discussions over Twitter yesterday. The argument goes roughly like this: ‘there are already CCTV cameras everywhere, and we don’t care about them – why does this matter?’ It is true, of course, that CCTV cameras are pretty much everywhere in the UK today, and also true that for the most part we simply accept their existence. Why, then, do I think this is different? The first reason is that there is a different ‘bargain’ going on. With security based cameras the bargain is at least in some ways equal. We sacrifice some of our privacy in exchange for  at least a perception of an improvement in our security. We benefit from the (at least perceived) lowering of crime. Our environment is safer.

With this kind of system there is no such bargain going on. We are sacrificing some of our privacy – and in reality getting nothing in return. The only people benefiting from this are Tesco – and Amscreen. That is quite different.

Normalisation – and creepiness

For me, this is the most important angle. The reaction of many people, when reading about this kind of story is ‘this is really creepy’. They’re right – it is creepy. Even Simon Sugar, son of Alan, said ‘Yes it’s like something out of Minority Report’, without apparently realising that wasn’t something to be proud of. Creepiness matters – and we shouldn’t discard our cares about it just because they’re ’emotional’. Personally I hope we keep on thinking this sort of thing is creepy – because the time we really need to worry is when we don’t think of it as creepy. When we’ve been so softened up by the constant attacks on our privacy to accept this as ‘normal’. That’s the key risk here for me – the risk of normalisation. The more systems like this are accepted without question, the easier it is for our lives to be constantly monitored and controlled. The less freedom we have.

This particular system may not matter very much. It may, as some have said to me, be pretty trivial and unlikely to work – there have been a few jokes about the unreliability of Amstrad technology in the past – but the normalisation really does matter. If Tesco are followed by Sainsbury’s, by Asda, by Waitrose etc etc and then these systems become the default, we really will have sleepwalked into a Minority Report situation.


A few things have been suggested – from wearing wigs, baseball caps and even burkas. I even toyed with the idea of wearing a Lord Sugar mask – but the best, right now, seems to me to be simply not use Tesco petrol stations… and to make a noise about this! Tell Tesco what you feel, that you don’t want this kind of system. Ultimately, Tesco will only make decisions based on money. If enough people stay away, if they get no economic benefit, then they might change their minds. Sadly it seems unlikely. In this country we don’t seem to care nearly enough about our privacy…..