Steve Wozniak Meets an Old Friend ⇥ twitter.com
I hope you enjoy this video of Steve Wozniak enthusiastically signing an Apple I belonging to Jimmy Grewal as much as I did.
Day: 24 November 2021
The Amazon Lobbyists Fighting Against Consumer Privacy Protections ⇥ reuters.com
Jeffrey Dastin, Chris Kirkham, and Aditya Kalra, Reuters:
Amazon’s lobbying against privacy protections aims to preserve the company’s access to detailed consumer data that has fueled its explosive online-retailing growth and provided an advantage in emerging technologies, according to the Amazon documents and former employees. The data Amazon amasses includes Alexa voice recordings; videos from home-camera systems; personal health data from fitness trackers; and data on consumers’ web-searching and buying habits from its e-commerce business.
Some of this information is highly sensitive. Under a 2018 California law that passed despite Amazon’s opposition, consumers can access the personal data that technology companies keep on them. After losing that state battle, Amazon last year started allowing all U.S. consumers to access their data. (Customers can request their data at this link.) Seven Reuters reporters obtained and examined their own Amazon dossiers.
Even setting aside its massive cloud computing business, it is staggering to imagine how much information Amazon has access to on its users with historically poor internal controls. For its heaviest users — Prime members who have Ring doorbells, Alexa devices in every room, read their Kindle most nights, and shop at Whole Foods — Amazon has a more-or-less complete picture of their lifestyle.
I am a very light Amazon user, with just one order made in 2021, and six in 2020. I do not have any Alexa or Kindle devices, and have never shopped at Whole Foods. So I was a little surprised when I requested my data on November 19 and was told that it would take up to a month for them to produce a copy. I delayed writing about this story because I wanted to have a copy of my own data in hand, but it has been five days and I have not received anything. Any other large technology company has produced a copy of my data within hours of me making the request, and even the slowest information brokers have taken just a couple days. Is Amazon relying on an entirely manual process?
Some of the examples cited by Reuters are a little weak on their face:
Alexa devices also pulled in data from iPhones and other non-Amazon gear – including one reporter’s iPhone calendar entries, with names of people he was scheduled to contact.
I am not sure it is newsworthy that Alexa devices need to know information about users’ calendar entries in order to respond to queries like “what time is my meeting with Leslie?”, for example. But perhaps it should be — if this reporter was not aware of how much information a smart speaker needed to ingest and share with Amazon’s servers, for some reason, it can understandably feel like an invasion of privacy. If something can be done locally, it probably ought to be.
One more thing:
As executives edited the draft, Herdener summed up a central goal in a margin note: “We want policymakers and press to fear us,” he wrote. He described this desire as a “mantra” that had united department leaders in a Washington strategy session.
This is a terrible goal to even suggest in a margin note, and it is indicative of the kind of ruthless work culture that urgently needs to die.
Amazon’s Poor Record of Internal Privacy Controls Has Enabled Corruption, Snooping, and Insufficient Logging ⇥ wired.com
Will Evans, Wired:
Around the tail end of 2016, a guy named Gary Gagnon — a cybersecurity executive with decades of experience, primarily in federal government work — flew to Seattle to discuss becoming Amazon’s new vice president of information security. His last interview of the day was with Wilke, the consumer CEO, who met Gagnon in a small conference room off of his modest office, dressed in a flannel button-down and jeans. The outfit was part of a tradition, Gagnon recalls Wilke explaining: He always dressed like a warehouse worker during the peak holiday shopping season, to remind folks at headquarters of the people who really kept Amazon churning.
[…]
As he settled into his new role, Gagnon quickly realized that all was not well with “information security” — as he was urged to call it — at Amazon. The size of the company’s network was astounding, but “it was all put together with tape and bubblegum,” a tangle of old and new software, Gagnon says. “It grew up out of a garage and it just kept going from there.” New consumer products were locked down with the utmost secrecy before launch, Gagnon says. But otherwise it seemed like everyone on the network had access to nearly everything, including customer information — and yet there was no insider threat program dedicated to preventing rogue employees from abusing their access while he was there. More fundamentally, he says, the team didn’t seem to have any systematic way of prioritizing its biggest security risks. “It was shocking to me,” Gagnon says.
Every section of this article is a gripping story of internal failures, corruption, and weak excuses. According to Evans’ reporting, Amazon prioritized growth to such an extent that even basic internal privacy controls were not implemented, and tens of thousands of employees had access to far more information than required for their job. Customer details were routinely scavenged and sold, sometimes finding their way into the hands of sketchy third-party firms that blended together several data sources. Evans too often compares this to the Cambridge Analytica scandal at Facebook for my liking.
Yet, despite this exhaustive look at Amazon’s internal practices, Gagnon’s fate somehow gets only a passing mention. He was reportedly fired after a conference in London in circumstances “under dispute”. There is plenty more room for detail and it appears that Evans interviewed Gagnon, but we get no more information than Amazon’s acknowledgement of his termination. Strange.