Japanese Stores Facial Recognition Sharing

CP
Carlton Purvis
Published Apr 21, 2014 04:00 AM

A controversy is brewing in Japan after a newspaper was tipped off about a practice stores use to combat shoplifting. A network of stores uses facial recognition technology to tag customers as shoplifters and relay that information other stores. In this post we examine the practice and compare it to similar U.S. efforts.

**********

***** ******** ************ ******* ************ ****** ** *** ***** ************ area **** ********* ****** *********** ******* to ******* ****** ** *********** ** customers ***** *** **********. ***** ****** are ******** **** * ******** *** all ****** ** *** ******* *** also **** ****** *********** *******. *** system ***** ***** ******** ****** **** a ********** ** ******* ******** ***** into *** *****.

*** ******* ******* ***** **** **** comes ** * *****, *** **** only *** ***** ****** ** ******** to *** ********. **** *** *** database ****** ** “*******” ** ****** in *** *******.

Japan ******* ********

*** ***** **** *** ******** ********* says **** ***** *** ******** *********** Protection ********* ******** ** ******** *** ********** personal *********** ***** ** *** ** be ********** ***** *******. ******* *** ****** among ****** *** ** * ********* of **** ***.

* ****** *** ********* ***** ** said *** ******** ** ********** ******* it ***** ***** ******** ** *** treated ******** ** ** ********** **** visiting ****** **** **** ***** **** to *** ** ******* ** *********** added ** *** ******** ***** ** no *** *** **** ** ******.

***** *** **** ********* ****** **** accuracy. **** **** *** ***** ****, these ******** *** ***** ***** **** surveillance ******* *** ******** ** ***** images ***** **** ************ ******* -- not ************ ****** ****** ***** ******** to ****-** ****** **** ******'* ******** or ******** ****** *** *******.

Sharing ********** ****** ** *** *.*.

** ********, *** ******** ** ******* images ***** ****** ****** ** ****** in *** ****** ******. **’* *** in *** **** ** ****** *********** technology, *** ***** ** ** *********** sharing ****** *** *** ***** ********* where **** *** ***** *****, ****** and ************ ** *********** **** *** created ** **** ****** ********* ****** crime.

* **** *************** ******** **** ** this *** **** ****** ** *** U.S. *** * *****: ****** ************ printouts ** ****** ** *********** ** other ********* ** *** ****.

******* ********** ** **** ** *** U.S., **** ******* **** ****** *********** bigger ****** **** **** * ***** of **** **** ****'** ****** *** add **** ** * *******-**** **** database ** ***** **** ** ******** boards. ** *** **** ** *** Japanese *******, ****** ***'* **** ***** photos *** ***** *********.

Hard ** **** **** ****** *** ***** *** **********

** *** **** ********* ** **** *** which ****** *** *** **********. *** story **** *** *** **** ******* makes *** ********** ** **** *** of *** ****** ***** ** ** IPVM ********* ******* ************ (**** *** and *****) ** *****. **** ** them **** **** **** ***** **** software ** ******** ** ******. *** new ***** **** *** ****** ***** 50 ********* ********* *** ***** *** technology.

******** **** ********** ***** ** **** as *** ************ ****** ** *** story, ** *** ***** ** ** violating ******* ** ***** ***** ****** and ** *********** *** ****** ** shoplifters?

Comments (5)
HL
Horace Lasell
Apr 22, 2014

Suppose that magically (1) only shoplifters and no others were identified as risks and included in the database, and (2) erroneous matches never occurred. If this were the case, then it seems not unreasonable that high risk individuals should be closely monitored to mitigate losses.

On the other hand, suppose that (1) innocents are often erroneously or even maliciously identified as shoplifters and included in the database, and/or (2) erroneous database matches often mis-identify unrelated shoppers as risks. If this were the case, then the approach seems unreasonable and also counter-productive in terms of allocation of scarce retailer resources.

If the truth lies somewhere in between, at a minimum, the inability of databased suspects to understand or address systemic errors seems problematic. What indignities is an innocent likely to be subjected to, beyond closer scrutiny while shopping? Will these databases make it difficult for wrongly accused to get a job or a clearance because security investigations and pre-employment screenings use information from these databases? At a minimum, isn't it likely that job seekers at those retail facilities will walk through a monitored area and that management will be notified if they are flagged as a high shoplifting risk?

Also, I might be more sanguine if we didn't have the example of the do not fly list. I expect that in many cases it performed as intended, but the press indicated that some innocents were inconvenienced while growing pains were addressed, though I haven't heard of any issues in a while now. By its very nature, it seems the affected parties learned about and consequently had at least some form of recourse, although (for example) losing non-refundable tickets and non-refundable accommodation down-payments and then, three months later, having one's name removed from the list does not seem at all equitable. In the case of this retail shoplifters list, one could be even more powerfully negatively affected yet have no idea of the source of negative information. For example, an innocent person wrongly flagged as a suspect might never be called back after every employment interview, yet never understand the problem that needed to be addressed. Even if the source were discovered and even if the list were eventually corrected, would the reputation ever be rehabilitated? Would the losses suffered during the erroneous blacklisting ever be compensated? But more vigorous loss recovery options could increase resistance to ever acknowledging and correcting an error in the first place.

For a somewhat related issue, you might take a look at Spiceworks' recent discussions on issues associated with the way IP blacklisting is currently managed.

P.S. This was a fun article with interesting implications. Keep up the great work, IPVM!

U
Undisclosed #1
Apr 22, 2014

I blieve that if a shopper is prepared to enter someones premises with the intention of helping him/herself to thier property, he forfeits the right to maintain the privacy of his personal identityl, period.

Avatar
Jon Dillabaugh
Apr 24, 2014
Pro Focus LLC

It doesn't say that the suspected thieves are subjected to any sort of mistreatment, right? It just alerts LP that a suspicious person is in your store and they should keep a close eye on them. If that's the case, no harm, no foul.

Now, if these suspected individuals are harrased or intercepted at the door, then you might have something to gripe about.

UE
Undisclosed End User #2
May 11, 2014

Most Privacy laws require the holder of personal information to advise the person that the holder has the information and how it is being used. But, if a facial image has been provided to the police as evidence of a crime, it would be inappropriate. and possibly unlawful, to advise the person in the photo that the holder or the police have the evidence.

Prviacy laws allow Personal information to be collected so long as there is a 'necessity' for the information. It is appropriate for a person or a company to protect themselves from crime by circulating the photo to staff, as well as warn other potential victims, otehr shops, of the threat. Best to use the term 'alleged' before the description of the criminal activity.

JH
John Honovich
May 11, 2014
IPVM

"Most Privacy laws require the holder of personal information to advise the person that the holder has the information and how it is being used."

This depends on the country. In the US, there's really no law regulating / stoping use of such information. In Europe and Commonwealth countries, the opposite tends to be true.