In the wake of reports that Amazon is offering customers $10 credits to share biometric information through Amazon One, Senators Amy Klobuchar, D-M.N., Bill Cassidy, R-L.A., and Jon Ossoff, D-G.A., posed security and privacy questions about the biometric tool in a letter to Amazon CEO Andy Jassy. Amazon One lets consumers record the view of their palm and then hover it over readers to make payments.
The senators asked the e-commerce behemoth for more information about its plans to expand Amazon One into Whole Foods and other physical stores, as well as how it plans to collect, use and secure customers' data. The senators raised concerns about the technology, including how the company could use consumers' data for advertising and tracking, and customer privacy more broadly.
The senators pointed to previous hacks of Amazon's home devices and reports by whistleblowers regarding the company's security practices in raising their concerns, and requested an answer to their questions by Aug. 26. Amazon declined to comment on the letter.
Retail giant Amazon markets the the payment tool as a convenient, contactless and quick way to buy items at the company's stores set up with the palm readers. Customers enter and check out by swiping their palms "because no two palms are alike," the company says. A consumer is able to sign up for the service at an Amazon One device, connecting a palm signature to contact information and the payment account of choice.
In addition to customer privacy and security, Seattle-based Amazon's expansion of Amazon One could pose further anti-competitive troubles for the retailer. The senators in their letter noted that Amazon's data collection through the technology, including through third parties that buy the devices, could "further cement its competitive power and suppress competition across various markets."
Members of Congress have long been critical of Amazon's business practices, citing interviews with small business owners and investigative reporting that indicate anti-competitive policies. Regulators have debated whether the company's practices are monopolistic.
In their request for more information on the technology, the senators pointed to Amazon's security protocols as a potential threat to user privacy. Comparing Amazon One to Apple Face ID and Samsung Pass, the senators noted that Amazon reportedly stores biometric data in the cloud, whereas the other two store data on a user's device. That practice raises "unique security risks," according to the senators, especially for biometric data like palm prints, which are immutable.
Concerns over the retailer's use of the technology were heightened by information that the retailer has shared voice data with third-party contractors and has allegedly "violated biometric privacy laws," the senators said.
While Amazon did not comment on the news, a spokesperson pointed Retail Dive to the company's website, which notes that Amazon One is "protected by multiple security controls, and palm images are never stored on the Amazon One device." Elsewhere on the company's site, Amazon notes that consumers' palm print signatures are "protected at all times, both at rest and in-transit."
The senators' questions on Amazon One come as the technology expands across the retailer's brick-and-mortar stores. In May, the company introduced Amazon One at a New York City Amazon Go store, the first on the East Coast. In June, it debuted its first Amazon Fresh store with checkout-free technology, complete with Amazon One and other payment options.
The company lists 60 store locations on its web site, many of them in its home state of Washington.