Canada’s Privacy Commissioner Takes Shopping Mall Operator To Task Over Video Analytics, And It’s Just Stupid

October 30, 2020 by Dave Haynes

A bit of a shitstorm has spun up here in Canada over “news” Thursday that a major shopping center chain had been using computer vision in its malls to get a handle on shopper demographics, somehow threatening privacy in the process.

A report from Canada’s privacy commissioner says Cadillac Fairview – which owns and runs big malls like Toronto Eaton Centre – was using “facial recognition technology” on digital wayfinding displays without shopper knowledge or consent.

The report was picked up by numerous national and regional media entities, with much hand-wringing about perceived privacy invasion.

Here’s the problem: the tech used was NOT facial recognition, it was face pattern detection. Some 15 years into the existence and use of this tech for audience analytics, we STILL have the AI-based software that looks for the geometric patterns of faces being wrongly lumped in with software that matches faces against a database of stored faces.

They’re DIFFERENT!!!

The irony was I started getting emails about this report just hours after going on a rant, on a video call roundtable, about the endless misrepresentation and flawed understanding of computer vision tech.

It … just … makes … me … crazy.

The report even says up top that the technology used was anonymous video analytics. Anonymous. As in not identifiable.

There are idiot companies out there that do anonymous video analytics and stupidly call their products and services facial recognition, and I have no sympathy for them when privacy people raise a stink. You get to own your dumb.

Smart, seasoned companies like Quividi and AdMobilize take great pains in saying what they do is anonymous  and that privacy protection is central to their approach.

Example: AdMobilize solutions deliver 100% anonymous and aggregated metrics through our AI systems. Our technologies do not personally identify individuals in the moment or after the fact.  

Another: Quividi’s software never collects any information that is uniquely associated to an individual; demographics are assessed purely from visual cues. All video processing is performed locally in real time so that no image needs to be recorded or transmitted.

They use cameras (often called sensors to dodge the potential fuss) to grab a video stream of the audience near a display. That stream is analyzed by a machine-learning algorithm that looks for patterns of what it understands to be faces, and breaks that down further with estimates of general age range and gender. The video stream is discarded, and with it the images.

Facial recognition uses a camera stream to match captured faces against a database of faces. WILDLY different. It’s what major police departments, for example, use to find bad guys. I suspect most people have no real issue with that, when properly used.

Reports Canadian broadcaster CBC:

According to the report, the technology Cadillac Fairview used — known as “anonymous video analytics” or AVA — took temporary digital images of the faces of individuals within the field of view of the camera in the directory.

It then used facial recognition software to convert those images into biometric numerical representations of individual faces, about five million images in total.

That sensitive personal information could be used to identify individuals based on their unique facial features, said the commissioners.

NO IT CAN”T!!! It is a bunch of 1s and 0s, not pictures of Sue Smith and her Mom.

From the report:

“Our investigation revealed that [Cadillac Fairview Corporation Limited’s] AVA service provider had collected and stored approximately five million numerical representations of faces on CFCL’s behalf, on a decommissioned server, for no apparent purpose and with no justification,” notes the investigation.

“Cadillac Fairview stated that it was unaware that the database of biometric information existed, which compounded the risk of potential use by unauthorized parties or, in the case of a data breach, by malicious actors.”

OK, how?

Most of us, every day, see our privacy invaded far, far, far more online by websites and apps. I recently looked up a car my daughter was considering, and now my online activity is being stalked by Nissan’s marketers.

This whole thing actually tracks back to a trial – a trial – done two years ago in Cadillac’s malls.

 Setting aside the broad principle that privacy protection is, of course, important, the report is not worth repeating here. You can read the news release here and drill down into the report itself, if you want.

Among the nuggets of information related in the release is how the “investigation” was triggered by media reports. In my distant past, I was a daily newspaper reporter. On any given day, if I was on general assignment, I had to become an instant expert on something or other to report on, and write a story in a matter of 6-8 hours. You can miss the nuance and are led, at times, by outraged and indignant people who are clueless about what is really going on.

So I can understand reporters hearing from some shopper angry about cameras “watching” them, and banging out a story that has a whiff of controversy. As a harried reporter, especially these days, you would have neither the time, background or technical acumen to track down someone who could ‘splain the differences.

Done right, this stuff is not invasive or controversial, and I am guessing Cadillac shut down the trial because they didn’t want the grief, no matter how unwarranted the grief might be.

I leave you with Cadillac’s reasoned response:

Today, the Office of the Privacy Commissioner of Canada (OPC) released its report and recommendations related to a beta test of AVA (Anonymous Video Analytics) technology that was briefly conducted at select Cadillac Fairview (CF) properties in July 2018. The AVA beta test software was designed to assess the amount of foot traffic at a given site and categorize the general demographics of visitors anonymously.

The OPC report concludes there is no evidence that CF was using any technology for the purpose of identifying individuals.

The OPC has determined the complaint to be resolved. We have accepted and implemented all the Privacy Commissioner’s recommendations, with the exception of those that speculate about hypothetical future uses of similar technology. We currently have no plans to use the technologies in question.

Our WiFi policy is in full compliance with all legal and regulatory requirements and our operations are consistent with industry standards. The OPC report concludes that the privacy concerns related to our WiFi practices were unfounded.

Cadillac Fairview disabled and removed the AVA pilot software more than two years ago, when privacy concerns were first raised by the public. We subsequently deactivated directory cameras and the numerical representations and associated data have since been deleted. We take the concerns of our visitors seriously and wanted to ensure they were acknowledged and addressed.

The AVA software in our digital directories was being used exclusively to detect the presence of a human face and, within milliseconds, assign the face to an approximate age and gender category. It did not store any images during the pilot program, and it was not capable of recognizing anyone.

The five million representations referenced in the OPC report are not faces. These are sequences of numbers the software uses to anonymously categorize the age range and gender of shoppers in the camera’s view. If the same shopper crossed the camera’s view again, a new string of numbers would be generated.

While the focus of this report is of a technology that was disabled and removed more than two years ago, we want to reiterate that we take the concerns of our visitors seriously and are committed to protecting our visitors’ privacy.





  1. Adrian Weidmann says:

    While it is certainly true that there is a difference between facial recognition and detection as far as the processing algorithms are concerned, both technologies incorporate a connected camera lens. This means that there is a path that allows storage of base band video that could be used for ‘surveillance’ purposes. This capability is typically used for initial installation, setup, and troubleshooting as well as occasionally monitoring to ensure the camera lens is still oriented correctly. It all comes down to intention, transparency, and trust.

  2. Wes Dixon says:

    I’m with you Dave. If the CBC doesn’t understand the technology, they shouldn’t speculate on its operation or fabricate nefarious goals from incomplete and incorrect conclusions. The CBC has a responsibility to investigate and explain, not simply scream “no privacy” in a crowded, or even a Chinavirus de-populated, mall. They should be embarrassed, issue an apology and a retraction and then research and report the truth. It’s also interesting to note that, apparently, there can be no “real” compliance (past or present) with government privacy regulations (like OPC & GDPR) since they can redefine the terms at any time. Aargh!

  3. Ken Goldberg says:

    Canada’s Privacy Commissioner Is Just Stupid. There, I fixed the headline for you.

Leave a comment