The IT Nerd

Amazon has announced that they are going to be pausing police use of facial recognition by police forces. Here’s why via a blog post put out by Amazon:

We’re implementing a one-year moratorium on police use of Amazon’s facial recognition technology. We will continue to allow organizations like Thorn, the International Center for Missing and Exploited Children, and Marinus Analytics to use Amazon Rekognition to help rescue human trafficking victims and reunite missing children with their families.

We’ve advocated that governments should put in place stronger regulations to govern the ethical use of facial recognition technology, and in recent days, Congress appears ready to take on this challenge. We hope this one-year moratorium might give Congress enough time to implement appropriate rules, and we stand ready to help if requested.

This is a first step, but it’s really not one that goes far enough. IBM who quit the facial recognition business earlier this week took a very definitive stand on this. This move by Amazon isn’t even close to that. It seems to me that Amazon wants to say that it is doing something to address the issues that have come out of the George Floyd protests, but at the same time still make money from this tech at a later date. Thus it seems to me that this is more of a PR stunt than anything else, and as a result is meaningless. If Amazon really wants to show some leadership on this issue, then they would do something that is closer to the IBM end of the spectrum. But I suspect they won’t and thus you should not take them seriously on this issue.

It seems that there’s blowback from Amazon’s apparent firing of employees due to their concerns over their working conditions during the COVID-19 pandemic including some whistleblowers. Tim Bray who is well known for his part in creating the XML specification has quit the company “in dismay” and went public about his departure:

Tim Bray, a well known senior engineer and Vice President at Amazon has “quit in dismay” because Amazon has been “firing whistleblowers who were making noise about warehouse employees frightened of Covid-19.” In an open letter on his website, Bray, who has worked at the company for nearly six years, called Amazon “chickenshit” for firing and disparaging employees who have organized protests. He also said the firings are “designed to create a climate of fear.”

While this is going to create an optics issue for Amazon, this guy likely isn’t going to be poor, and he’s just one guy. If hundreds or thousands of people lower down on the food chain start to quit Amazon for the same reason, then Amazon may have to worry. If people at Bray’s level start to quit en-mass, then Amazon will have to worry. So while this will get the attention of many, it isn’t a watershed moment. Yet.

News is surfacing today that Amazon founder Jeff Bezos had his smartphone pwned by hackers working for the Saudi Crown Prince. Said hackers then pulled a ton of data off of it. And this was done because of the coverage that the Washington Post, which Bezos owns, has done on the Saudis. None of which was flattering given that one of the reporters was killed by Saudi agents recently. Here are the details via the Washington Post:

A report in GovTech caught my eye this morning as it had news that Amazon is working with police to provide access to video from the popular Ring doorbells simply by having the cops ask for it:

What has raised eyebrows, however, is the company’s push for partnerships with law enforcement agencies across the country, a fact that some feel has allowed police to create informal surveillance networks in hundreds of neighborhoods. 

Under Ring partnerships, police are provided with a special portal that allows them to communicate with and request video from community residents.  

Amazon offers these partnerships for free, in exchange for the signing of a memo of understanding that has also caused controversy. Critics allege these memos allow Amazon the unprecedented ability to ghostwrite a majority of law enforcement’s press releases about the product, leading to accusations that “Ring is using local police as a de facto advertising firm.”

“What we’re talking about is a private company trying to disrupt the public safety infrastructure of this country in the same way that companies have gone into other parts of our society,” said Dave Maass, senior investigative researcher with the Electronic Frontier Foundation. 

Among other things, Maass sees the product as problematic for both consumer privacy and cybersecurity. 

“Information is being collected on people who are just going about their lives. Not necessarily doing anything nefarious, yet they’re having information collected on them anyway,” he said. “By deploying tens of thousands of these cameras in any given community, you’re also creating a very wide surface area for attack [for hackers],” he went on. “We’ve seen over the years that IoT devices — specifically web cameras and CCTV cameras — have proven very rich targets for malicious actors.” 

However, here’s the other side of this:

However, he [Tony Botti, public information officer for the Fresno County Sheriff’s Office] noted, there is a workaround if a resident happens to reject a police request. If the community member doesn’t want to supply a Ring video that seems vital to a local law enforcement investigation, police can contact Amazon, which will then essentially “subpoena” the video. 

“If we ask within 60 days of the recording and as long as it’s been uploaded to the cloud, then Ring can take it out of the cloud and send it to us legally so that we can use it as part of our investigation,” he said

There’s a whole number of ways that this isn’t good. Privacy for example is at the top of the list. Unauthorized access is second on that list as I would be concerned at someone trolling through videos that a Ring Doorbell records for giggles. But on the other hand, you could make an arrangement that this shouldn’t be an issue because if you have video that could help the cops, any good citizen should want to hand it over. Thus eliminating the need for the cops to troll through your video. In other words, this is a complex issue that likely needs debating in public and Amazon answering some pointed questions before this goes away.

According to a new report from Bloomberg, Amazon has joined Apple in it will now let customers disable human review of their Alexa recordings. Clearly Amazon felt it had to do something to match Apple in terms of addressing this issue before someone else does it for them. As is the case with Google and the Germans who didn’t like this at all.

My question is, does this end this issue? Or is it going to continue?

You might remember this story about Amazon employees having access to what you say to your Amazon Alexa. Well, this story has just taken a bit of a creepy turn. Bloomberg is now reporting the following:

An Amazon.com Inc. team auditing Alexa users’ commands has access to location data and can, in some cases, easily find a customer’s home address, according to five employees familiar with the program.

The team, spread across three continents, transcribes, annotates and analyzes a portion of the voice recordings picked up by Alexa. 

And:

Team members with access to Alexa users’ geographic coordinates can easily type them into third-party mapping software and find home residences, according to the employees, who signed nondisclosure agreements barring them from speaking publicly about the program.

Well that’s delightful. Actually it’s not. And even though this information doesn’t appear to have been used for anything nefarious, the fact that this team has access to this data is problematic if you’re the privacy minded sort.

Now if you’re the least bit bothered by this…. And you should be bothered by this… Amazon has this handy page that will allow you to tweak your privacy settings so that you only allow Amazon to hear and see the information that you want them to see. I would suggest that all Alexa owners give this page a read and act accordingly.

A report from Bloomberg has revealed that whatever you say to your Amazon Alexa have potentially been heard by thousands of Amazon employees. The report explains that the company has staff around the world, both full time and contract, whose job it is to listen to people’s interactions with the Echo devices and use that to improve how Alexa responds in future.

Now this shouldn’t come as a shock seeing as Amazon keeps what you say to Alexa on file so that they can hand it over to the cops if they show up with a warrant for example. But at the same time it is a bit of a problem seeing as I really don’t want any of these smart speakers to be collecting my conversations and having the companies behind them listen to what I say.

Now if any of this sounds familiar, it should. You might remember the story I wrote on Amazon owned Ring employees watching customer camera feeds. At the time Amazon had this to say:

We take the privacy and security of our customers’ personal information extremely seriously. In order to improve our service, we view and annotate certain Ring videos. These videos are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes

And in the present day in terms of this fiasco, Amazon had this to say:

“We take the security and privacy of our customers’ personal information seriously,” an Amazon spokesman said in an emailed statement. “We only annotate an extremely small sample of Alexa voice recordings in order [to] improve the customer experience. For example, this information helps us train our speech recognition and natural language understanding systems, so Alexa can better understand your requests, and ensure the service works well for everyone.

“We have strict technical and operational safeguards, and have a zero tolerance policy for the abuse of our system. Employees do not have direct access to information that can identify the person or account as part of this workflow. All information is treated with high confidentiality and we use multi-factor authentication to restrict access, service encryption and audits of our control environment to protect it.”

You’ll excuse me if that doesn’t make me feel better. Which means that an Alexa device will never see the light of day in my home. In the meantime, I’ll go back to using Siri. Sure it isn’t as smart as the other smart assistants out there. But at least Apple’s privacy policy makes it clear how your information is used, the fact that it isn’t directly tied to you, that much of it resides on your iDevices, and you can reset things so that you can cover your tracks if you need to. All of that makes me feel better.