The Federal Trade Commission (FTC) banned Rite Aid from using facial recognition powered by artificial intelligence (AI) for surveillance purposes for five years on Tuesday, following allegations that the retailer’s use of AI lacked appropriate safeguards and falsely tagged customers as shoplifters.
In a complaint filed in federal court, the FTC argued that Rite Aid used AI-based facial recognition tools to identify customers who may have engaged in shoplifting or other problematic behavior. The agency said that Rite Aid failed to put in place safeguards to protect employees who were falsely accused of wrongdoing because the facial recognition technology mistakenly flagged them as matching someone previously identified as a shoplifter or other troublemaker.
According to the FTC, the facial recognition system “generated thousands of false-positive matches” and “sometimes matched customers with people who had originally been enrolled in the database based on activity thousands of miles away or flagged the same person at dozens of different stores” across the country.
It went on to say that Rite Aid’s technology was more likely to produce false positives in stores with a majority of Black and Asian customers, that it used low-quality images, which increased the likelihood of false positives, and that it failed to adequately train employees on the technology and RITE AID IS CLOSING 154 STORES IN
15 STATES: Here’s the list of facial surveillance systems that left their customers facing humiliation and other harms, and their order violations put consumers’ sensitive information at risk,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “Today’s groundbreaking order makes clear that the Commission will be vigilant in protecting the public from unfair biometric surveillance and unfair data security practices.”
The FTC will require Rite Aid to implement consumer safeguards when deploying automated systems using biometric information to track them or flag them as security risks. It will also require the company to discontinue the use of technology if can’t control potential risks to consumers, and Rite Aid executives will have to implement a “robust information security program” that has to be “overseen by the company’s top executives.”
