Thursday, December 27, 2012

SceneTap's national bar spying program and they don't have to reveal you're being spied on.

Imagine this. You and your girlfriend walk into a neighborhood bar, order a cocktail, and, unbeknownst to you both, a camera above is scanning your faces to determine your age and gender.

A company called SceneTap has launched a smartphone application at more than 30 bars, mostly in Boston and Cambridge, that it says can do all that right now.

But SceneTap could one day have the capability to do a lot more. That’s making some people so nervous that when SceneTap launched last spring in San Francisco, it sparked outrage and forced the chief executive to issue a letter to quell the anger. At the heart of the issue is privacy, something Facebook, Instagram, Twitter, and others have learned can incite the masses when mishandled.

SceneTap gathers data by collecting images from what is called a facial detection reader inside the bars. It locks in on a silhouette from the neck up and measures 14 data points on the featureless face, determining within seconds whether the subject is male or female and the person’s approximate age. It’s not facial recognition, like the picture-taking technology used at airports. But because SceneTap’s patent application includes language about facial recognition, some critics worry it’s only a matter of time before the company tries to collect more detailed information.

“We did not file for patents with plans to invade people’s privacy,” says Cole Harper, the 27-year-old chief executive of Austin, Tex.-based SceneTap, whose app is also being used in bars in Chicago, Phoenix, Milwaukee, and several other cities. “Our plan is to grow SceneTap using our unique program to where we include every city and metro area in the United States, and then other countries.”

He says patent lawyers told the company to cover every possibility of where the technology might go so that it can remain competitive.

Here is how SceneTap works: A person downloads the free app to a smart phone. The company provides and pays for a digital body counter gadget and a camera-like device for participating venues, at a cost of about $4,000. The devices are mounted about three feet apart on the ceiling just inside the entrance.

When a person enters or exits, the first device records that movement. The second device, the facial detection reader, captures the image. (The company says because its technology cannot identify people, it is not required to post signs in bars telling patrons it is in use.)

* Open SceneTap to see featured bars, deals, and specials in your area
* Locate nearby bars in map view or list view and receive immediate information
* Or, search more specific criteria: by number of people at the bar, age range of patrons, gender ratio, "type of scene," distance, and more
* Browse specials, real-time SceneTap deals, and what people are saying on the bar's page
* Access additional bar information (including its website) so you know it's the right spot for you
* Map out your trip to the bar from your current location, or even just check out the street view
* Socialize your interactions with Facebook, Twitter, Foursquare, and other services so you don't have to leave the app.

What’s most troubling about SceneTap, is that the consumer has no say in the matter. Walk into one of these bars and you’re being digitally sized up — and there’s nothing you can do about it. And who’s to say SceneTap won’t start collecting other traits such as height, weight, ethnicity, or wealth?

SceneTap has installed an entire infrastructure of cameras in each of its participating bars, utilizing cutting-edge facial detection and "people-counting" technologies to automatically collect and provide data on the venue's customers. Since there is no recording and each person is tracked anonymously, there are no privacy issues or liability risks related to the service.

Many privacy advocates are concerned that the actual facial data (and not necessarily the image itself) could somehow be linked to an actual person’s identity.

"It is in fact creepy!" wrote Rebecca Jeschke, a digital rights analyst for the EFF, in an e-mail sent to Ars on Thursday. "Looking at the privacy policy, they say they don't keep video or stills, but are silent on if they keep the measurements and other data they collect in order to make their conclusions about gender and age. That's a big question for me."

In an e-mail sent to Ars on Friday, Nieman clarified that the company does not retain facial measurement or related data, despite the fact that this is not reflected in the company's privacy policy.

"The only thing we record is the output of the algorithm: i.e.: male, 27, or female, 23," he wrote.
Despite its use in Facebook (and oddly, art history research), this appears to be the first time that facial recognition technology is being used by a private company in a semi-public space, like a bar.

Last year, a similar startup, BarSpace, which put cameras in bars to help customers gauge how busy a bar is via a smartphone app, launched to a similar controversy, but has since folded.

Last year, Alessandro Acquisti, a professor of information technology at Carnegie Mellon University, showed how it was relatively easy to use facial recognition technology to link images to actual people. (The university’s technology, created by a different team of researchers, known as Pittsburgh Pattern Recognition, was acquired by Google.)

"These apps are bridgeheads, or perhaps trojan horses, for more powerful (and probably more intrusive) services to come," wrote Acquisti, in an e-mail sent to Ars technica.

"The fact that, as consumers, we do get eventually habituated to those new services, does not necessarily prove that they come without risks: our attention is captured by what we can see as their immediate benefits—the excitement of using tools that, technologically speaking, are innovative and cool. What we don't see are the long term risks, that more and more information gathered and analyzed about us will allow others to influence and control us. Perhaps that sense of creepiness many feel when they hear about certain identification technologies is nature's way of telling us that something, down the line, may not be right."

Beyond academics and policy experts, some San Francisco bar owners that originally partnered with SceneTap have said that they’re pulling out and will be taking down the company’s cameras. An increasing number of bars still listed on the SceneTap’s site are now saying that they’re not working with the Chicago startup, including Mr. Smith’s, Southpaw, John Colins, and Bar None.

"We’ve decided that we’re not going live with it," said Charles Hall, the manager of Bar None. Hall originally had told Ars on Thursday afternoon that his bar would be trying out the service, but then called back an hour later to say that he had reconsidered.

"I feel that at this point we have little to gain and a lot to lose until it is made completely transparent as to how [SceneTap is] going to operate the system."

Okay so, some may think, no big deal. What’s the harm in a little anonymous profiling? In fact, the company said it’s already fast-approaching 100,000 users (we’d like to know the demographic breakdown of those people).

But others may find it disconcerting, sketchy, and perfect for the opportunist. Do we really want the bad eggs of the world to know when a bar or restaurant is overpopulated with young women? Jolie O’Dell likened it to creepster application Girls Around Me, recently calling SceneTap, “an absolute sewer of an application.”

We do know that SceneTap hopes to put its facial detection cameras to work in other markets. The startup already has its eyes on the retail sector. Let’s just hope the cameras don’t find their way into dressing rooms.

I covered SceneTap in May, read more: "SceneTap facial recognition software coming to a bar near you." 

Google starts watching what you do off the Internet too.

 The most powerful company on the Internet just got a whole lot creepier: a new service from Google merges offline consumer info with online intelligence, allowing advertisers to target users based on what they do at the keyboard and at the mall.

Without much fanfare, Google announced news this week of a new advertising project, Conversions API, that will let businesses build all-encompassing user profiles based off of not just what users search for on the Web, but what they purchase outside of the home.

In a blog post this week on Google’s DoubleClick Search site, the Silicon Valley giant says that targeting consumers based off online information only allows advertisers to learn so much. “Conversions,” tech-speak for the digital metric made by every action a user makes online, are incomplete until coupled with real life data, Google says.

“We understand that online advertising also fuels offline conversions,” the blog post reads. Thus, Google says, “To capture these lost conversions and bring offline into your online world, we’re announcing the open beta of our Conversions API for uploading offline conversion automatically.”

The blog goes on to explain that in-store transactions, call-tracking and other online activities can be inputted into Google to be combined with other information “to optimize your campaigns based on even more of your business data.”

Google is all but certain to ensure that all user data collected off and online will be cloaked through safeguards that will allow for complete and total anonymity for customers. When on-the-Web interactions start mirroring real life activity, though, even a certain degree of privacy doesn’t make Conversions API any less creepy. As Jim Edwards writes for Business Insider, “If you bought a T shirt at The Gap in the mall with your credit card, you could start seeing a lot more Gap ads online later, suggesting jeans that go with that shirt.”

Of course, there is always the possibility that all of this information can be unencrypted and, in some cases, obtained by third-parties that you might not want prying into your personal business. Edwards notes in his report that Google does not explicitly note that intelligence used in Conversions API will be anonymized, but the blowback from not doing as much would sure be enough to start a colossal uproar. Meanwhile, however, all of the information being collected by Google — estimated to be on millions of servers around the globe — is being handed over to more than just advertising companies. Last month Google reported that the US government requested personal information from roughly 8,000 individual users during just the first few months of 2012.

“This is the sixth time we’ve released this data, and one trend has become clear: Government surveillance is on the rise,” Google admitted with their report.

No comments: