![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
This is a question being asked at the University of Waterloo (Canada) right now as the machines are being planned for removal.
If you're into IT like I am, or like reading computer security newsletters that show error screens of crashes or failure to loads, a student noticed a screen at one such vending machine on campus that showed a classic Windows error dialog that said "Invenda.Vending.FacialRecognitionApp.exe", and he asked the question 'WTF is facial recognition software doing on a vending machine?' Subsequent casual browsing of Invenda's web site found a sales brochure that "... promised "the machines are capable of sending estimated ages and genders" of every person who used the machines without ever requesting consent." While Canada may not have Europe's GDPR, their privacy laws come pretty darn close, especially on facial recognition. And the fecal matter impacted the rotary impellers.
Now, I'm going to play Devil's Advocate here as a programmer. They could be using this app to simply detect 'Hey! Someone is standing in front of the machine! Let's turn on the lights and do our little dog and pony show and try to entice them into buying something!' without storing or transmitting any biometric information whatsoever. It could be 100% innocent and they're using the tech just to detect someone staring at the machine.
Do I believe this?
Nope. I'm sure the app could do this, but if this is what they were using this for, you'd think someone would have +1 point of IQ to say 'Hey, maybe we should rename the app to FaceDetectApp.exe, just in case the name of the app leaks out'. But they didn't. And most vending machines have cell phone systems built-in to tell the managers what supply levels are, validate credit cards, and sometimes send diagnostic info if the machine needs repairs. It would be trivial to send biometric data. Modern vending machines are very sophisticated computers these days.
The article mentions a previous Canadian facial recognition scandal where a mall operator was covertly scanning people walking around a mall (or perhaps several) and collected biometric face data of over FIVE MILLION people! He was forced to erase those databases.
https://arstechnica.com/tech-policy/2024/02/vending-machine-error-reveals-secret-face-image-database-of-college-students/
https://yro.slashdot.org/story/24/02/24/0012232/vending-machine-error-reveals-secret-face-image-database-of-college-students
If you're into IT like I am, or like reading computer security newsletters that show error screens of crashes or failure to loads, a student noticed a screen at one such vending machine on campus that showed a classic Windows error dialog that said "Invenda.Vending.FacialRecognitionApp.exe", and he asked the question 'WTF is facial recognition software doing on a vending machine?' Subsequent casual browsing of Invenda's web site found a sales brochure that "... promised "the machines are capable of sending estimated ages and genders" of every person who used the machines without ever requesting consent." While Canada may not have Europe's GDPR, their privacy laws come pretty darn close, especially on facial recognition. And the fecal matter impacted the rotary impellers.
Now, I'm going to play Devil's Advocate here as a programmer. They could be using this app to simply detect 'Hey! Someone is standing in front of the machine! Let's turn on the lights and do our little dog and pony show and try to entice them into buying something!' without storing or transmitting any biometric information whatsoever. It could be 100% innocent and they're using the tech just to detect someone staring at the machine.
Do I believe this?
Nope. I'm sure the app could do this, but if this is what they were using this for, you'd think someone would have +1 point of IQ to say 'Hey, maybe we should rename the app to FaceDetectApp.exe, just in case the name of the app leaks out'. But they didn't. And most vending machines have cell phone systems built-in to tell the managers what supply levels are, validate credit cards, and sometimes send diagnostic info if the machine needs repairs. It would be trivial to send biometric data. Modern vending machines are very sophisticated computers these days.
The article mentions a previous Canadian facial recognition scandal where a mall operator was covertly scanning people walking around a mall (or perhaps several) and collected biometric face data of over FIVE MILLION people! He was forced to erase those databases.
https://arstechnica.com/tech-policy/2024/02/vending-machine-error-reveals-secret-face-image-database-of-college-students/
https://yro.slashdot.org/story/24/02/24/0012232/vending-machine-error-reveals-secret-face-image-database-of-college-students
