Pot luck: Facial recognition gets boost from marijuana kiosks

Between iPhone's fingerprints and a kiosk's face check, biometrics may be getting its day.

Credit: United States Fish and Wildlife Service

Anytime a technology mechanism requires consumers to change their behaviors, one of the biggest hurdles is getting them comfortable. That means two things: getting them to use it the first few times (this requires incentives); and getting them to then use it repeatedly over a short period, to develop the habit and remove the last vestiges of resistance.

Nowhere is this more true than with biometric authentication methods, such as retina scans, voiceprints, digital fingerprints and facial captures. One of the more problematic methods is facial, and that happens to be the method now being used by default by some marijuana-dispensing kiosks. I suppose a controversial product is a fitting partner for a controversial authentication method.

Before we puff away on the marijuana method, we should look at the best example today of how repeated exposure can indeed work for biometrics: smartphone fingerprint scans. Even though Google Android also has many units that now accept fingerprint scans, it's Apple that is most aggressively pushing the technique. With the latest iPhones, consumers have to repeatedly scan their fingers to unlock the phone (depending on settings, that alone can represent dozens of times each day), download/upgrade apps as well making in-app and in-store purchases.

Interestingly enough, Apple Pay in-store's use of NFC is the perfect example of what can happen when there is insufficient behavioral reinforcement. Because of a relatively tiny number of retail locations that accept Apple Pay in-store, even a shopper that has a positive experience will be unlikely to have the opportunity for another (other than at that same store) for quite some time. With no such reinforcement, the shopper is going to unlikely get much better at executing such transactions. Ideally, retailers want good interactions to beget more good interactions, thereby causing a hopefully permanent change in behavior. Think of the early days of ATMs. There was huge consumer resistance initially, but as they were forced to use the units repeatedly, their concerns eventually melted away.

Note: Although Apple's fingerprint scan approach is far better — in terms of frequency of use — than its NFC approach, it's far from perfect. My own testing on an iPhone 6 Plus consistently delivers about a 60% to 70% reliability score, meaning that it recognizes my fingerprint on the first or second try that often. When it works, it is much faster and easier than entering a PIN, even Apple's default four-digit PIN, which is its gift to cyberthieves everywhere. (By the way, wouldn't this be a better world if massive fines were imposed on people who say "PIN number"?) The problem is that it happens to not work often enough that I automatically go the PIN route every time it fails after two attempts. Hardly the effortless Apple experience.

Getting back to our original point — that the grass is always greener on the other side of the kiosk (if you think we're going to run out of marijuana plays on words any time soon, think again) — the very nature of such dispensing kiosks gives an excellent chance for behavioral reinforcement. One such deployment is from a company called Potbotics and it uses facial recognition.

Whether for medical or recreational use (and this kiosk is, understandably, positioning itself for the more legally friendly medical use), the nature of the contents suggests frequent use. This is especially true given the few alternative locations to secure the item, especially in rural communities.

This kiosk also pushes other high-tech features, such as using "neural-net algorithms to recommend cannabinoid levels and custom strains to medical marijuana patients. By combining scientific data and crowdsourced reviews, PotBot’s desktop and mobile app will guide patients toward the appropriate strain and consumption method for their specific ailments, eliminating the need for patients to experiment with different strains themselves." I'll try and avoid saying that the experimentation is half the fun.

The kiosk also pushes some interesting methods to help make those recommendations. It uses a "wireless EEG (electroencephalography) helmet that allows general practitioners to capture brain waves and analyze a patient’s neural response to cannabinoid stimulants so that the right strain and cannabinoid level can be recommended," the vendor's site said. "By using gene-radar technology to rapidly and accurately detect genetic fingerprints from cannabis seeds, cannabis cultivators can both understand the seed’s molecular biology and more effectively breed plants that benefit specific ailments" allowing for "a fully customized growth plan with optimal amounts of irrigation, sunlight, UV films and nano fertilizers to use when growing specific strains and hybrids."

Although all of that is medically intriguing, the IT area of interest is in the kiosk's authentication. Facial recognition is arguably the easiest verification data to access, even from a security camera 25 feet away. The ability to quickly differentiate Mary from Jane is good, but facial biometrics also has one of the highest false-positive risks in biometrics, with sunglasses, beard growth, new hairstyles and a different makeup approach all known to cause authentication problems. With some early age-detection face-recognition systems, someone holding a photograph has been known to fool the system.

This kiosk approach, though, has some advantages. The shopper will have strong incentive to cooperate with the system, especially if a biometric authentication means that it is less likely someone else could steal their marijuana. This is one of those unusual IT security situations where the nature of these kiosks means that it is less likely to attract top-level global cyberthieves, as the key value is non-digital, meaning that it has to be physically intercepted, one at a time. That's not the kind of efficient thefts that Eastern European cyberthieves are fond of.

At the same time, potential thefts are of extreme interest to local thieves, especially groups of teen thieves looking to create their own, if you will, joint task forces. (I suppose "joint task force" is a better name than Weed Wanters or Cannabis Collectors.)

This will be an interesting platform to try and work out the glitches in many of today's facial-recognition systems, while simultaneously getting consumers more comfortable with the scans.

The potential here is powerful, as once kiosk authentications work for distributing something as desired as marijuana, they could then theoretically shift to money madness. A few years ago, kiosk experimentation included everything from dispensing live crabs, fully cooked pizzas and custom suits and the creativity has only expanded since. There is already a facial-recognition kiosk that accepted smiles as payment for ice cream.  

Envision approaching a kiosk and being able to take any expensive item without having to swipe, dip or wave a card or phone. A quick facial scan and your payment method is debited in the cloud as soon as you make your selection.

Now that will attract the attention of global cyberthieves, who will pursue ways to attack that payment system at the network level. But there's a lot of potential benefits. Once perfected, that authorization method could apply to e-commerce (using a desktop/laptop's built-in camera), m-commerce (using the phone's camera) and in-store (leveraging the security closed-circuit cameras have been in place for decades).

First, though, consumers need to get so comfortable with these scans that they will — please forgive me — start being token for granted.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon