×

The 'internet of restaurants' is coming for your info

OpenTable
Getty Images

Once upon a time (1999 and the years that followed), there was a company named OpenTable that told San Francisco restaurants a story. Customers wanted, they said, to search for a restaurant on the wondrous world of the Internet, then click a button to make a reservation. Sure, a restaurant could just build its own website or keep managing reservations the old-fashioned way—with a book or spreadsheet offline—but OpenTable could do it all for them for a low set-up price, a monthly fee, and a dollar per diner.

By 2009, when OpenTable went public, it had a $1.5 billion valuation, and was bought for $2.6 billion soon thereafter. At the time, it controlled 90 percent of the country's online booking market share, meaning that the service it had provided to restaurants became something like a mandatory fee. Restaurants without the service argued that they lost bookings to those that did.

Those who signed up wondered why they had to give up all their customer data to this third-party company. Competitors arose, but the industry had already changed forever: Online reservations are just a cost of being in the restaurant business these days. It's not clear, though, that more people go out to eat just because they can book online. It's a surcharge and a near monopoly, and cuts into the profit margins of the folks actually selling us food.

More from Pacific Standard:
The contentious fight to protect Indonesian palm oil
How one California city is sending a message of environmental resistance to Trump
Look up, see a masterpiece

Bruce Schneier—a well-known technologist and security expert, a cybersecurity professor at Harvard's John F. Kennedy School of Government, and one of my closest friends—tells me about the controversy surrounding OpenTable as we wander through the Tech Pavilion of the 2017 National Restaurant Association. Every company here would be thrilled to become the next OpenTable.

None of them are focused on reservations, or at least not only reservations, but are instead trying to find other gaps where they can insert some kind of online service. Some of the sales pitches are compelling: Companies offer to harvest customer data so the restaurant can better track its clientele's needs.

They offer to manage every aspect of a restaurant's labor force. They offer to turn every piece of kitchen equipment into an "Internet of Things" device, a phrase now used casually in marketing, as if we all agree on its definition. Turn your restaurant into a panopticon! Schneier isn't surprised, as he's seen this sort of thing before in other industries. "Much of the 'Internet of Restaurants,'" as we agree to call it, "is extractive and disempowering while pretending to be about giving control to employees and owners," he says.

As Pacific Standard reported a year ago, the National Restaurant Association is the industry's massive annual gathering in Chicago's conference center, McCormick Place. It fills three huge halls (four, if you count the alcohol specific spin-off conference, BAR) with every kind of product you might need at your your restaurant: food, drink, furniture, lots of shoes, shirts, branded belt buckles, toilet cleaners, kitchen machinery (ovens, pasta makers, a sushi-making robot), pots and pans, and much more.

The giant producers and distributors (Coke, Sysco) hobnob with start-ups (Silk Road Catering, a family company making spice blends in Missoula, Montana; Nduja Artisans, a Chicago father and son making spicy spreadable Calabrian salami).

States send agricultural delegations (Louisiana seafood, Minnesota wild rice, Wisconsin cheese). A Québecois delegation served smoked meats and presumably ran out of poutine. A large contingent of Italians poured prosecco and served buratta. Celebrity chefs did demos, taught classes, and hawked their wares from large stages.

But in the back third of one of the halls, there is nary a snack to be found. Instead, the "tech pavilion" provides a space for over a hundred companies looking to sell a wide variety of technological tools to restaurants.

These vary from touch-screen ordering (a rapidly accelerating market) to employee management, marketing, customer tracking, and a wide variety of ways to connect the machinery and processes of the food business to the Internet. "Point of Sale" is the big buzzword, as everyone is offering new ways to have your customers pay in an easy, electronic, and trackable way.

The gateway to the pavilion is run by Microsoft. The company has a large booth with a variety of "totems"—their word—each of which advertised various Microsoft or partner products on a big screen. For the partners, mostly small companies, this is their chance to make the big time.

Some of the products are useful. "Cortana," from Microsoft, adds a tool to Bing (or to a restaurant's website) that automatically answers most questions about a menu, and learns answers to new ones, such as whether gluten-free options might be available.

Sprinklr manages social media by tracking everything said about your brand online, organizing responses, and—in theory—allowing for better engagement. It feels kind of creepy, though, knowing that, if I tweet about my meal, there's a team aggregating my information and preparing a response in real time.

Inventory that tracks itself, systems that reduce food waste, and the ability for employees to swap shifts over an app all feel like useful innovations. Nextep Systems has made accessibility for deaf consumers one of their main selling points, while telling me they also had accessible keyboards attached for blind consumers. Tech, done well, can be liberating for disabled individuals.

But there's also a fundamentally creepy aspect to much of this. One of the prime ways to increase value for your brand is to use the Internet to practice surveillance of both your customers and employees. The customer side feels less invasive: Loyalty apps are pretty nice, if in fact you generally go to the same place, as is the ability to place orders electronically or make reservations with a click.

The question, Schneier asks, is "who owns the data?" There's value to collecting data on spending habits, as we've seen across e-commerce. Are restaurants fully aware of what they are giving away? Schneier, a critic of data mining, points out that it becomes especially invasive through "secondary uses," when the "data is correlated with other data and sold to third parties." For example, perhaps you've entered your name, gender, and age into a taco loyalty app (12th taco free!).

Later, the vendors of that app sell your data to other merchants who know where and when you eat, whether you are a vegetarian, and lots of other data that you have accidentally shed. Is that what customers really want?

Perhaps more concerning than privacy, though, is the clear use of tech to further dehumanize workers in food service and restaurants. Swapping shifts over the phone is useful, but multiple "labor management" programs also allow for intense oversight of workers. Mesh Systems, one of the partners at the Microsoft booth, explained how their employee management software can track every second of a worker's day. For them, and likely the attendees at the conference, surveillance of workers was a selling point.

Then there's the formal "Internet of Things," where the results are mixed. Mesh Systems works with equipment manufacturers to hook up equipment to the Internet. At the show, they had a high-end espresso machine that could track inventory and monitor maintenance needs.

Both are likely to be useful, but the sales pitch included a suggestion the company could track your sales and "let you know whether it's the right size for the store." Maybe, the spokesperson suggested, they could track data from the sales to convince a store owner that they needed two machines, or at least a bigger (and more expensive one).

"This is a classic example of how the 'Internet of Things' benefits the companies that control the data," Schneier says. "You get the device, and the manufacturer gets both a maintenance contract and the opportunity to constantly market and upsell." Some of it might be genuinely useful. Regular maintenance of machinery, all the cool point of sale tricks, good marketing strategies, and efficient labor management are likely all useful to restaurant enterprises, at least once they reach a certain size.

"But the tech industry," Schneier says, "often is all about the skim. The tech industry is often about grabbing value you didn't know you had," such as consumer data, "and then either selling to you or to others." He makes an analogy to John Deere tractors. They now have tires that track soil data, but that data belongs to the tractor company, even if the farmer is driving the vehicle over his or her own land. That model is rapidly infiltrating the food service industry.

Then there are more direct risks. In March of 2016, Cici's Pizza got hacked, surrendering credit card information from more than 135 different locations. The breach was made through their online point of sale systems, allowing criminals to steal credit card data in real time. That doesn't happen with an old-fashioned cash register.

More important, I didn't see a single discussion of cybersecurity anywhere in the tech pavilion. Over email, a Microsoft spokesperson did offer me assurances: "We believe customers own the data that they put into the Microsoft Cloud. We invest heavily in our technology, people, and processes to help ensure that their data is private and protected." Still, Microsoft didn't have anyone at the show to talk about risks, just rewards. For risks, I had to find an AT&T booth tucked away against a wall.

The technicians there weren't authorized to talk to the press, but they offered a world-weary smile when I asked them whether restaurants were setting themselves up to be hacked. An AT&T spokesperson told me over email that all businesses, including restaurants, do need to have a digital presence, but that restaurants should "measure all digital and connectivity efforts from a risk view."

Each new app or connected device introduces risk. "Restaurants need to re-evaluate their cybersecurity plans regularly, and think of security as you build up your technology plans, rather than as an afterthought," the spokesperson said. Meanwhile, days after this year's NRA, news broke that nearly every Chipotle had been hacked.

"What I saw [at the NRA]," Schneier tells me later, "is the economics of the Internet invading the restaurant business. The economics of the Internet are inherently monopolistic. The big get bigger because they leverage enormous network effects." The Internet of Restaurants sells itself as helpful and slowly adds a little bit of extortion. Nice restaurant you have there, wouldn't want it to go out of business because you didn't hook your espresso machine up to the Internet.