Me on Restaurant Surveillance Technology

I attended the National Restaurant Association exposition in Chicago earlier this year, and looked at all the ways modern restaurant IT is spying on people.

But there's also a fundamentally creepy aspect to much of this. One of the prime ways to increase value for your brand is to use the Internet to practice surveillance of both your customers and employees. The customer side feels less invasive: Loyalty apps are pretty nice, if in fact you generally go to the same place, as is the ability to place orders electronically or make reservations with a click. The question, Schneier asks, is "who owns the data?" There's value to collecting data on spending habits, as we've seen across e-commerce. Are restaurants fully aware of what they are giving away? Schneier, a critic of data mining, points out that it becomes especially invasive through "secondary uses," when the "data is correlated with other data and sold to third parties." For example, perhaps you've entered your name, gender, and age into a taco loyalty app (12th taco free!). Later, the vendors of that app sell your data to other merchants who know where and when you eat, whether you are a vegetarian, and lots of other data that you have accidentally shed. Is that what customers really want?

Posted on July 28, 2017 at 2:20 PM • 21 Comments

Comments

Todd EigenschinkJuly 28, 2017 2:34 PM

I like phrase "data that you have accidentally shed". It makes me think of the movie Gattaca.

BryanJuly 28, 2017 2:47 PM

I think the responsibility is on the consumer to understand the technological world around us. If you expect that you information is not going to sold to third parties or data mined by big internet company's than read the fine print and make sure that you understand what you are getting yourself into.

That said companies that collect this should be held accountable for keeping it secure and disposing of the data securely. If they cannot than they need to be fined.

This is a two way street and we as the consumer have more power than we think in this relationship.

JohnnySJuly 28, 2017 2:49 PM

I would say answer to "Is that what customers really want?" is obviously "Clearly NOT!". But we're not the customer any more: We're the sheep to be sheared, the cows to be milked and the rubes to be swindled.

RhysJuly 28, 2017 4:30 PM

Not so sure this is just poor understanding of contract negotiations &/or valuation.

Is that really a "security" issue?

Privacy, perhaps. (But where is duress?) Is there any baseline, minimal standard of privacy? (Even an agreed upon privacy definition for social conduct?)

Perhaps, this is an OpSEC issue. (Called aggregation) IT Industry spent a lot a Madison Ave/Philadelphia Lawyers dollars to find a way clothe 'aggregation' with 'data mining'. Is that a wrong against an individual, or a breach of the social contract?

If one is not competent to understand the contract, should the contract be voidable? (But who wants to admit to that.)

Residual rights are usually addressed- perhaps obliquely. Even if a pass-thru was provided for- there are Hollywood accounting schemes. & no good way for individuals to enforce (tort) claims.

There was an adage once that I think went something like...how bad do you want it because, that's how bad you're going to get it.

Peter S. ShenkinJuly 28, 2017 8:55 PM

No doubt, most of those who have commented are really speaking for themselves when they answer "No, No, No!" to whether the maintenance and trading of information such as whether or not they are vegetarians is "what customers really want."

Well then, I will also speak for myself and say that I don't give a damn that whether or not I am a vegetarian, and the like, becomes tradable or even public knowledge.

Like the others who have posted, I naturally assume that other customers are like me and don't give a damn, either. Based on the amount of fuss I see them raising, by and large, I think I am close to the mark.

Mike BarnoJuly 28, 2017 9:34 PM

@ Peter S. Shenkin :

Like the others who have posted, I naturally assume that other customers are like me and don't give a damn, either. Based on the amount of fuss I see them raising, by and large, I think I am close to the mark.

Unlike some of the others who have posted, I recognize that not all customers think like I do. Some of them have stopped raising a fuss because they keep getting dismissed by people who "don't give a damn" enough to study the science, to learn the technology, nor even to believe the experts who do these things enough to know.

Other people are NOT CUSTOMERS, and thus are ignored in your sampling, because these practices lead them to eat elsewhere, or to prepare their own food at home.

DroneJuly 28, 2017 10:35 PM

"Later, the vendors of that app sell your data to other merchants who know where and when you eat, whether you are a vegetarian, and lots of other data that you have accidentally shed. Is that what customers really want?"

Excuse me, did you say something about a free taco?

Clive RobinsonJuly 28, 2017 11:36 PM

@ Bruce, All,

Is that what customers really want?

There are two words that might apply,

    Trickle Down

This is not new, infact it kind of goes back over a century ago.

At one time Hotel's were the key to traveling to a destination much as inns were for a century or two before that. You would arive at a place to catch a train or a boat and stay in a hotel at the terminal, then embark on the next leg of your journy to arive and stay at a hotel for the next leg and so on. This style of travel was only open to the very very rich and what they wanted was the comforts of home. This was not just having servants to do their bidding but servants that new about their likes and dislikes over all the fussy little details. Such as knowing not just when to serve tea but what biscuits, how many sugars etc etc. Likewise their breakfast prefrences and a whole manner of other small details.

One way this was dealt with was to send a trusted servant ahead, but this was not always possible. The invention of the telegraph and later the phone alowed a senior servant to remain with the traveler but also call ahead to ensure lifes little comforts were aranged befor they arived.

As hotels formed into chains it was advantageous to make records of these details so that if a wealthy customer visited another hotel in the chain all the little details could be painlessly put in place, without even the intervention of a servent, that had become quite scarce due to the social changes of the two world wars.

When computers became lower cost and easily networked one of the first things the hospitality industry did was widen the scope of such details. Often when you first stayed the check in form would be long and you would get given a loyalty card to make future check ins less time consuming. Amongst other little perks was having a birthday card sent to you each year to remind you of your last visit.

What computers and the Internet have now enabled is your likes and dislikes to be colated and a personal profile established, so that you to can have the sort of experience only available to wealthy individuals of a previous generation.

This profile is of course a double edged sword, you like it when it makes your life easier, but don't when it is used to push product at you or worse because it feels creepy or worse like you are being stalked by some phantom.

It's why I tend to only use cash in chain restaurants and nolonger stay at chain hotels, opting for the little independants, who's quirkiness I find much more enjoyable than the vanilla experience of the chains that quickly feels like a "guilded chain".

Sadly the intrusion of computers and the Internet has enabled even small hotels to put "in room entertainment" in. Which means they can get rid of other informal group spaces like the Games Room and TV lounge, where you would get to meet other residents in a relaxed and informal way and thus be social.

Gunter KönigsmannJuly 29, 2017 3:26 AM

What I don't understand is: They collect data. Data gets stolen so collecting it is dangerous. But what advantages do they have from the data? I mean they are selling food and the data they mine won't improve their food's quality nor reduce its cost.
Can't they loose more than they win?

PhJuly 29, 2017 4:59 AM

@Gunther,

It's how to increase their profit margins.
- Map the flow of people so you can serve faster during busy hours.
- (old and established) Make pictures of your food with (makeup) so they look idyllic, sells more then the foto's of the actual food.
- check occupancy of tables, are there tables people find uncomfortable?
- Which ads/poster are the people looking at, what motivates them to buy?
etc.

Look for a 3 part documentary called "The century of the Self" by Adam Curtis.
It's very dry, but it tells a lot about the psychoanalysis that has been applied to make us buy more without us (noticing) minding it.

TRXJuly 29, 2017 10:27 AM

Several years ago a friend and I went to a restaurant. We'd been there before, maybe three months before. Both of us are picky eaters, so our orders involve several substitutions.

So, we're seated, and a cute young waitress both of us are certain we've never seen before bounces up, recites what we had last time, and asks if we want the same thing again.

My friend found that curious. I told him it was probably just software; I could use some freeware libraries and whip something up easily enough. The restaurant probably has security cameras, so they can match our faces to where we're seated. The first waitress transfers our order from her pad to a computer, since we get a printed bill. My friend pays with a credit card, so they have his name. They don't have mine since I always pay cash, but they can still match me to my previous order with a fairly good degree of accuracy. And - this is the trick - it doesn't have to be 100% accurate. 75% would be a sufficient hit rate for customers to feel they were important and memorable, and to urge them to tip more heavily, as well as speeding table turnover during high traffic times.

For some reason this bothered my friend a lot, but I expect we'll see a lot more of it in the future.

IaskJuly 29, 2017 12:08 PM

Restaurants are big employers of ex-cons, a group that could have social ties that make them vulnerable to coercion.

IaskJuly 29, 2017 12:22 PM

"I didn't see a single discussion of cybersecurity anywhere in the tech pavilion."

Bob CJuly 29, 2017 6:37 PM


I may be one of the few people left in the US (or elsewhere) who
do this, but I pay my restaurant bills in cash.

No credit card company or bank takes any of my money.

/Rcc

Andre AmorimJuly 30, 2017 1:25 AM

According to Article 5 from the EU GDPR, the controller shall be responsible for, and be able to demonstrate compliance with, the principles relating to processing of personal data.

Ollie JonesJuly 30, 2017 7:08 AM

I live in New England (Northeast US). I sometimes travel to eastern Canada.

I've seen two kinds of electronic gizmos in restaurants used by patrons.

In Canada, after the meal, the wait staff give patrons a well-designed portable payment processor gadget. Patrons dip cards, the machine reads the chips and handles the payments. The patron's payment card never leaves his hands, much less his sight. This is pretty much universally the case in restaurants with table service in in Nova Scotia and New Brunswick.

Recently, in the US, a waitress handed me a thing that looked like an oversized Visa folder. It had the typical receipt for signature. And it also had a little electronic tablet, upon which was a survey. The survey ended with the notorious Net Promoter Score question .... "Will you recommend us to your friends?" on a scale of 1-10.

Canadian restaurants are doing customer-visible tech well. Credit card opsec benefits customers, the restaurant, and the economy. Good.

US restaurants are being sold garbage by their tech vendors. Imagine gathering all that info on me and my family. Why? Whose info is it? How safe is it? Does it have my name associated with the record? Does all that information benefit the restaurant in any way besides saving money by underpaying their staff if I don't answer "9" or "10" on the stupid NPS survey? Enough!

What's wrong with the old business slogan "If you're happy please tell your friends. If you're not satisfied please tell us?" What's this obsession with measuring everything? Is it just so programmers can use the AVG() and STDEV() functions on our data systems?

Enough already.

JG4July 30, 2017 8:42 AM


@all, thanks for jogging my memory

@Gunter and Ph - even if the data were no other use to the restaurant, they always can be sold to brokers.

I was in a place similar to TFIG, can't recall the name, but it is equally recognizable, about 18 months ago. they had on every table a f**king video camera with WiFi back to the mothership. they weren't much bigger than those acrylic holders frequently seen on restaurant tables. I'm sorry that I didn't ask the staff wtf they were doing there. or maybe I did and I've already forgotten what line of bu115hit they tried to feed me. I hope that I took a picture of it. I'm sorry that I didn't have some of that nice thick aluminum duct tape - the real foil variety, about 0.005" thick - to stick over the camera and the microphone. I just put it on a nearby table with the camera facing away. twice.

I related the hair-raising events of some months ago, where things that I had discussed with two people on subsequent days, two people who carry "smart" phones, showed up on my computer screen within 60 minutes. to be fair, they were things that I had searched on a computer 5 years earlier, but can't recall seeing an ad for either, ever. Denninger recently published confirmation, albeit anecdotal, that other people have experienced such creepy events. just for the record, all four of my flip phones have a slip of paper between the battery terminals the correponding contacts on the phone, except when I am actively using them. the implication is whoever wrote the OS for those phones are able to voiceprint me, and tie it back to my computer.

DFJuly 31, 2017 7:57 AM

I have to say I am very disappointed by this misleading headline. I was expecting video of Bruce at a restaurant.

Just kidding.

Seriously though rather than ask "Is that what the customer really wants" shouldn't we ask "Does the customer have ANY idea that could happen?"

FrancesAugust 1, 2017 10:20 PM

To Ollie Jones - credit cards in Canada are chip and pin which makes the use of those little hand-held devices possible. As far as I can tell, they are now pretty well universal and not only in restaurants. The only problem with using them is fat fingers.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.