Whole Foods delivery persons scan people's driver's licenses into their mobile phone app, a wildly risky procedure

In a grocery delivery order yesterday from Whole Foods, I requested a bottle of red and white cooking wine.  The delivery person rang my doorbell and requested ID because the order included "alcohol", though she said, "You are obviously over 18".  I brought her my driver's license, handed it to her, and then noticed she was preparing to photograph my driver's license with her cell phone.

I snatched the driver's license back and attempted to explain to her that I did not consider it safe to allow her to take a photograph of my driver's license, which includes every piece of information needed for identity theft short of an actual social security number.  Her broken English was not sufficient for us to communicate.  She put me on a call via her phone with "customer support", a man whose Spanish-accented English was even worse than hers.  This man insisted that I had to allow my ID to be photographed.  "Just do it", he said.  "It's required."  After attempting to explain and getting the same rote response, I hung up on him.

After several minutes, the poor delivery person finally gave up and left.  I looked around on my email order and online trying to find a customer support number for Whole Foods or even just for Amazon.  The only number I could find sent me directly to the recent delivery person.  In desperation, I phoned my local Whole Foods store and demanded to speak to the manager.  After several minutes wait, I spoke with a man who claimed to be the store manager, but he said that his store is one of those Whole Foods store that has no voice in how Whole Foods deliveries are handled.  However, he listened to my complaint and then gave me an actual phone number for support on Whole Foods delivery: 877-477-3527.

Upon calling this support number, I reached a help line person whose English was understandable.  She first sent a security code to my mobile phone so that I could verify my identity--a sign of Amazon's usually reasonable security procedures.  Then I explained the entire situation, naming my delivery person and requesting that she not receive any kind of discipline over my refusal to allow my license to be scanned.  I expressed my disappointment that Amazon was taking the risk of scanning customer ID's in a phone app on many different mobile phones for its delivery people.  I told her I understand that legally they need to verify that the order came from someone who is not a minor, but like in a liquor store, showing the delivery person an appropriate form of ID should be enough.  The delivery person ought to be able just to note down which kind of ID was shown and that should be enough.  After all, liquor stores don't scan our driver's licenses.

Next, she smugly assured me that scanned ID photos "are not stored locally on the device".  And my response was, "How do you know that?  How can you even begin to promise that?  I won't allow my driver's license to be photographed by a stranger onto their phone.  It makes me nervous enough to use a banking app when making check deposits, but at least, I have personally authenticated myself to the bank with end-to-end encryption."  I continued to explain that we customers know absolutely nothing about the app used by Amazon drivers, and we have no reason whatsoever to assume it doesn't store those photos locally, at least temporarily.  Also that apps frequently have been found to lie about data collection and steal and misuse customer information, as anyone would know who reads technical journals as I do.  This practice, I argued, is also not compliant with the basic tenet of data collection, which is, collect no more personal information about people than is absolutely necessary.  I went on and on.  How many episodes have occurred, for example, where an app illegally accessed the camera or microphone of a device?  News stories about these breaches of privacy occur almost daily.  Given the slow pace of cell phone communications with the phone network, I feel certain that photos must indeed go temporarily to the hard drive of the device, where they risk not being deleted appropriately later.

In the end, she promised to record and escalate my complaint to her management.  Whether she actually will do so or not, I do not know.  I think it more likely that I'll be noted down as a difficult or problem customer.  Hence, this blog.  People should refuse to allow strangers to photograph sensitive materials on their cell phones.  This is basic common sense in today's "bad internet" environment.