Data Requests Put Amazon Between Rock, Hard Place

Amazon’s recently released first report on government requests for information revealed that from January to May, it received 813 subpoenas and 25 search warrants.

The company fully responded and provided all the requested information sought for 542 of the subpoenas. It partially responded and provided only some of the requested information for 126 of the cases, and it did not respond with any information for 145 cases. Amazon fully responded to 13 of the search warrants, partially responded to eight, and did not respond to four.

“Amazon was the last holdout — the last major tech company to release a transparency report,” said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation.

“They have been very hesitant to release one,” he told the E-Commerce Times. “Amazon likes to keep a low profile, which is surprising given the size of the company, so this completes the list of major tech companies releasing these kinds of reports.”

Data Protectionists

In addition to subpoenas and warrants received, the report revealed that Amazon received 13 “other” court orders. It fully responded to four, partially responded to five, and did not respond to four.

It also received somewhere between zero and 249 national security requests. Typically, those requests are in the form of National Security Letters or orders from the secret Foreign Intelligence Surveillance Act court.

“Amazon is prohibited by law from reporting the exact number of NSLs and FISA orders it receives,” the report explains. “Therefore we report the numbers of such requests only within certain ranges set by the government.”

Amazon is very protective of its customers’ data, noted Amazon Web Services Chief Information Security Officer Steven Schmidt.

“Amazon does not disclose customer information unless we’re required to do so to comply with a legally valid and binding order,” he explained.

“Unless prohibited from doing so or there is clear indication of illegal conduct in connection with the use of Amazon products or services,” Schmidt continued, “Amazon notifies customers before disclosing content information.”

End Warrantless Searches

Amazon isn’t shy about refusing to comply with information requests that it feels are overreaching. “Where we need to act publicly to protect customers, we do,” noted Schmidt.

“We have repeatedly challenged government subpoenas for customer information that we believed were overbroad,” he added, “winning decisions that have helped to set the legal standards for protecting customer speech and privacy interests.”

Amazon advocates modernization of outdated federal privacy laws to require law enforcement to obtain a search warrant from a court to get the content of customer communications.

“That’s the appropriate standard, and it’s the standard we follow,” Schmidt argued.

That commitment by Amazon is an important one, maintained Jake Laperruque, a fellow on privacy, surveillance, and security at the Center for Democracy & Technology.

“This is a strong statement in support of a warrant-for-content standard that many major tech companies have adopted,” he told the E-Commerce Times.

“It’s valuable to have Amazon affirming its commitment to this position — and to protecting user privacy — as it seeks to expand its role as a cloud storage provider,” said Laperruque. “Companies like Amazon taking a stand that content requires a warrant demonstrates that it’s time for Congress to do the same.”

Critical Accountability Tool

Amazon’s report also revealed the company received 132 information requests from non-U.S. entities. It fully responded to 108 of them, partially responded to seven, and did not respond to 17. It received one removal request, to which it fully responded.

Although the report is a good start, it could be beefed up in some areas, observed EFF’s Cardozo.

“Breaking down non-U.S. requests into countries is critical,” he said. “I would hope and fully expect to see that in future reports.”

Transparency reports have become important because of government secrecy, he added.

“Governments around the world don’t tell us what they’re doing, so we’ve become dependent on the companies as government watchdogs. Without transparency reports such as Amazon’s and Twitter’s and Google’s, we wouldn’t know the extent and the tools the government uses to get user data,” said Cardozo.

“They’re a critical government accountability tool,” he said.

“We’re desperately trying to figure out what our government is doing,” said Bruce Schneier, CTO of Resilient Systems and a fellow at the Berkman Center for Internet and Society at Harvard Law School.

“This is one way,” he told the E-Commerce Times. “We hope to get some glimmer of a shadow of what our government is doing in our names, supposedly with our permission.”

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by John P. Mello Jr.
More in Privacy

E-Commerce Times Channels