Data privacy is a hot topic right now. Scandals such as Cambridge Analytica, where the personal data of 87 million Facebook users were collected by the British consulting firm without permission, angered and dismayed in equal measure. The Netflix documentary The Great Hack provides an excellent portrayal of events. The incident demonstrated to us all how powerless we users are on the vast platforms of the internet’s largest corporations. But there are positives we can take from such incidents. It has propelled data privacy to the forefront of the public consciousness, forcing the average user to think more deeply about what they share online, how their data is used by the platforms, and the lack of control we really have over our data.
Facebook is not alone in capturing the headlines for all the wrong reasons, Google has also been dragged into the mire. In late 2018 it was reported that third-party Gmail app developers could access users emails and associated metadata. The news report went onto confirm that Google employees may also access user emails, but only in “very specific cases”.
Beyond these particular examples, both companies have, for a number of years, been regarded as the anti-privacy poster boys by privacy rights advocates. The fundamental issue; their business models of selling access to their users, and their data, to third-parties, is in direct conflict with the notion of user privacy. But to focus concern only on Facebook and Google would be a mistake. Indeed, there is a more threatening and sinister cloud on the horizon, a veritable wolf in sheep’s clothing in the form of Amazon.
Regarded as one of the original e-tailers, Amazon has grown into one of the world’s most powerful and valuable tech companies. And it is easy to see why, they stock everything, including the kitchen sink. They are also able to deliver in the blink of an eye, and often without any shipping fees if you are a member of Amazon Prime. A paid service that enables members to enjoy music, movies and tv on-demand as well as free shipping.
What’s more, Amazon has been able to achieve this incredible commercial success without the baggage of Google and Facebook, who are often treated with contempt in the media and grudgingly utilised by many of their users. But behind the gentle, friendly and dependable brand, Amazon has it’s fingers in many pies that when combined, may yet prove to be a greater threat than Google and Facebook combined.
Intelligence agencies and law enforcement
In recent years, Amazon has moved well beyond its e-commerce roots. Amazon Web Services (AWS) is a dominant force and the market leader in cloud computing (with over 30% market share), hosting large swathes of the Internet. Their cloud platform has many millions of customers who purchase online storage, databases, analytics and application services to name just a few. AWS counts the CIA and the 16 other government agencies that comprise the intelligence community amongst these, providing a cloud storage platform upon which the CIA and NSA run on-demand analytics services.
AWS also provides a machine learning-powered service, called Rekognition, which performs facial analysis and facial recognition on large data sets. Rekognition is marketed toward law enforcement agencies worldwide and already has partnerships in place with US authorities in Florida and Oregon.
As we have already seen, governments like China have already been using facial recognition technology to racially profile, track and control ethnic minorities and the Russsian state are known to be using it to surveil ‘people of interest’. Providing this technology on-demand can only negatively impact upon our privacy.
Surveillance in our homes
But, Amazon’s products don’t only run in public places. More than 100 million Amazon Alexa devices have been sold worldwide. The digital voice assistant has been shipped in over 150 products including Amazon Echo, Echo Dot and third-party tablets, as well as third-party soundbars and headphones. Alexa devices are quickly becoming ubiquitous in our lives and have made their way not only into our homes, but also into hotel rooms, vehicles, classrooms and even children’s hospitals.
Worryingly, and as we highlighted in our SAFE Gossip June newsletter, complaints were filed earlier this year by a number of consumer groups and privacy advocates against Amazon, alleging that their Echo Dot Kids Edition speaker, which utilises Alexa, was storing the voice recordings of under 13’s in contravention of the Children’s Online Privacy Protection Act (COPPA). The complaint also suggests that children’s voice recordings are not only kept for longer than required, but the tool that should enable parents to delete recordings doesn’t work.
And finally, just to make sure that they have us completely surrounded, Amazon bought video doorbell company, Ring, last year for $1B. The doorbells, which are Wi-Fi connected devices, enable owners to view live video feeds taken from cameras within the doorbell continuously, providing footage over a 30-foot radius. The devices capture video whenever motion is detected and users can view the footage as it happens, and can pay to store recordings. You get bonus points if you can guess where that data is stored. Yes, that’s correct, on AWS!
Not content in covering just Ring user’s premises, Amazon has created an app called Neighbors, which despite the friendly title is in effect a social surveillance experience, enabling homeowners to capture, upload, share and comment on each other’s recordings. Handily, the captures can even be made available to the police.
It is not that these services don’t have value, they do. Cheap and efficient data infrastructure, facial recognition (used to track and identify criminals), voice assistants and better home security are all hugely useful. It is the fact that much of this data is controlled by Amazon that presents the biggest risk. And that this is a company whose revenue streams are increasingly driven by data analysis for surveillance purposes for third-parties, or are used by Amazon themselves. Did you notice the increasing prevalence of ads last time you shopped on Amazon? Their knowledge of your buying preferences was worth $10.1 Billion in 2018.
Where do we go from here?
We should be designing services that provide these features, but doing so in such a way that the user retains control over their data. For example, each users Alexa or Ring data could be stored with Amazon, but the user could be given the ability to control their own encryption keys. This would enable them to encrypt the data before it is stored so that only the user would be able to access it as only they would have the keys to decrypt it. Alternatively, the user could choose to store the data at a location of their choosing, potentially with another provider (where they control their own encryption keys), or even store it locally. Of course, Amazon would need to enable this in the services they offer, but there are plenty of key management, storage and encryption companies in existence.
However, there is no technical solution that enables privacy for data (images and video) that is taken from public places. Cameras are everywhere and law enforcement agencies are unlikely to wind back the clock and stop using this technology. It looks increasingly likely that legislative process, as imperfect and cumbersome as it is, will provide at least some oversight of government agencies use of this data.
So, while Facebook and Google grab the snooping headlines, Amazon has been extremely shrewd in creating a highly diverse group of businesses that when brought together have the potential to pose a serious threat to our privacy both on and offline. They have also out-marketed their competitors. While Facebook and Google are reviled in many quarters, Amazon continues to be one of the world’s most popular companies. Only time will tell if they can keep it up.