Amazon and PRISM

Amazon and PRISM

There is a lot of buzz in the news right now about alleged US Government connections to tech company data.

There are some odd elements to the reports, but let’s put the basic idea as the Government gathering mass amounts of data, presumably about user activity (not about internal company functioning) from some major companies. According to this

The Atlantic article

those companies are (in order of when collection supposedly began):

  • Microsoft
  • Yahoo
  • Google
  • Facebook (and “ok” follows the name on the PowerPoint slide)
  • PalTalk
  • YouTube
  • Skype
  • AOL
  • Apple

Notice who isn’t on that list?

Amazon.

Amazon is famously protective of users’ privacy, having fought State government requests for data in court.

Is that what happened here? Did Amazon say “no” when everybody else above said yes?

Actually, there are some good reasons why that might not be the case.

First, the intent here would hypothetically be to detect illegal (and likely specifically terrorist) activity. One way to do that would be to first build patterns for what is normal, then detect things that don’t fit that pattern.

That’s essentially the way very young humans learn, as I understand it. You figure out that this is the normal process for dinner. Then, when that pattern isn’t matched, that event stands out…and may become one of your earliest memories.

That’s also how Behavioral Recognition Systems Labs AISight system works. That’s an artificial intelligence system in use now in San Francisco (and other cities) that watches security video, learns normal patterns (on its own), and alerts a human agent for additional review when something seems strange.

It makes sense to me that the Government would want lots of data on phone calling patterns, for example (not on individual’s phone calls). If I told you that somebody made ten phone calls within one minute to ten different numbers in a country that person had never called before…and in each case spoke to someone for five seconds (the calls were actually answered), you would immediately know that seemed odd. Software, first, has to learn what is normal to be able to sound an alarm.

So, Amazon may not be on the list because there aren’t enough patterns of  communication between individuals on it to trigger alerts. Do people communicate with each on Amazon? Not very directly. They could in Amazon’s forums. They could leave reviews, and comment on the reviews, using secret code words. Honestly, I don’t think Amazon is a likely way for criminals to communicate.

Could having data from Amazon about which books are bought be informative? Sure, but that’s not the kind of data that’s being discussed here.

We could, then, think that Amazon is not on this list (presuming that the list is at all accurate) because they aren’t useful for the purposes of PRISM.

However…

Did you notice who else isn’t on the list?

Twitter.

Twitter would definitely be interesting if you were tracking communications.

I think there is another reason Twitter might not be in PRISM (if PRISM even exists…I have to keep emphasizing that). The Library of Congress already archives all public tweets. It’s possible that the Government can analyze useful Twitter data without any secret stuff happening. After all, there are many places where you can get Twitter data. For example, you can go to

http://www.tweetfeel.com/

enter a term, and see tweets about it with their sentiment analyzed.

It could be, therefore, that Twitter’s person-to-person communications are already public enough.

I don’t know if these reports are accurate, and this isn’t really the right forum for me to discuss whether I think the program would be good and/or legal.

It does seem appropriate for me to say that it wouldn’t surprise me that Amazon wouldn’t be on a list like this, because first, they don’t have much of this kind of pattern building communication data, and second, the data that they do have like that (forums and comments on things) are already public and wouldn’t need to be part of a secret program. Similarly, Tweeting is basically public.

Remember that the concept here is not asking “What did Bufo Calvin tweet?” It’s “How many tweets are normal for people at what time of day?”, that kind of thing.

It’s also worth mentioning geolocation, which would likely matter. Certainly, my Kindle Fire typically knows where I am, since I’ve enabled location based services. It’s likely that my Kindle Paperwhite could be geolocated. Even though that sort of data is probably available to Amazon, I still don’t think it’s that useful for criminal investigations. I suppose if it turned out that there were a hundred purchases at the same time of day in a place which had never purchased a Kindle book before, that might be intriguing…but it’s not like data that involves communication between two or more people.

While I would like it to be true that Amazon is particularly protective of my privacy, I don’t think the PRISM stories prove that.

This post by Bufo Calvin originally appeared in the I Love My Kindle blog.

6 Responses to “Amazon and PRISM”

  1. jjhitt Says:

    Amazon’s S3 could pretty easily be used as a means of communications, as could any any shared directory “in the cloud”.

    I’d be much more worried about someone studying by Amazon buying habits or my credit records to see how and where I spend my money. I don’t want Intellectual Property Stormtroopers kicking in my door because of some bootleg tapes I bought on Ebay.

  2. Tracey Says:

    I’m not sure how Amazon monitors or uses information but I’ve received several e-mails from Amazon about different products that I purchased somewhere else. For example, I bought something at a retail store using cash and I gave my phone number to the retail store. Several days or weeks later, I receive an e-mail from Amazon letting me know that I can buy that same item at Amazon.

    • Bufo Calvin Says:

      Thanks for writing, Tracey!

      Certainly, Amazon may be buying lists of purchases from people…you’d have to look at privacy agreements on that one. It’s also possible, I think, that it could be detected by a cookie…although, when you say “retail store”, you mean brick and mortar, as opposed to online?

      The other possibility here to me is that Amazon didn’t know about that specific purchase (unless they said something like, “You recently bought X item…” It could just be that other purchases of yours with Amazon are predictive of your desire for that item.

      That said, I don’t think that sort of information fits into what is being alleged here. Purchases of specific items by individuals probably don’t provide the patterning data that is being described. Sure, intelligence agencies would be interested if somebody bought a bunch of certain types of materials that can be used for nefarious purposes, but I don’t think that’s what the stories are discussing. It would be hard to communicate with another person through purchases…I suppose, a criminal organization could use a trigger that a particular book got on the bestseller list at Amazon (by mass purchasing it at a slow time of day), but I’m just not convinced that Amazon is a great target for what has been alleged.

      • Tracey Says:

        I agree, I don’t think that type of information is being collected by government agencies and I’m not really concerned about that. I think Amazon knows more about me than the government. 🙂
        Yes, it was a brick and mortar store, Lowe’s Hardware to be exact. The e-mail Amazon sent was to let me know that I could buy that same exact item at Amazon, the item I bought was listed in the e-mail. I don’t typically buy hardware items online and my previous purchases with Amazon are in completely different categories than the Lowe’s item. I would be surprised if they could predict that I was going to buy that item but I guess anything is possible.

      • John Says:

        How about:

        I went down to the hardware store and bought a load of fertiliser.

        The govt. would definitely be interersted in purchase history and patterns.

      • Bufo Calvin Says:

        Thanks for writing, John!

        Oh, I’m sure intelligence agencies would be interested in purchases…although your example might be true for a lot of legitimate uses. What they would want to know is what are anomalous purchases of fertilizer. Maybe someone who lives in a very urban area special orders a (literal) ton of particular types of fertilizer…and I assume they may already be alerted about that.

        That doesn’t appear, from the allegations we’ve seen, to be the kind of information PRISM would collect, though. There isn’t anything to suggest that this would be the only data collection program out there, and it isn’t likely that a single program would collect widely different types of data…from a software and workflow point of view, that’s just much more complicated (the same person who would react to anomalous e-mails might not have the expertise to react to anomalous purchases). There might be a master program that is sent the heads-up on anomalies of different types…

        I just don’t think that Amazon offers that much in terms of person to person communication for analysis: you are correct that they might have other data for analysis.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: