security

FTC fines Amazon in data privacy settlements – Marketplace


Last week, Amazon agreed to pay more than $30 million to settle two complaints brought by the Federal Trade Commission over allegations the company violated user privacy with its Ring video security system and Alexa audio assistant.

The FTC said Amazon gave employees too much access to users’ private videos and left Ring systems open to hacking.

The agency also said Amazon Alexa devices violated child privacy law by retaining kids’ voice recordings for years and that the company used consumer audio and video recordings to train algorithms without consent.

Amazon, while agreeing to the proposed settlement, denied it broke any laws and said the issues had long since been addressed. Ring released a similar statement.

Marketplace’s Meghan McCarty Carino spoke with Makena Kelly, a politics reporter at The Verge, about the nonmonetary penalties facing Amazon.

The following is an edited transcript of their conversation.

Makena Kelly: Both of these orders, I think, are similar and in the same vein where they instruct Amazon to not use any of this improperly accessed data, whether it’s the voice information or the customer videos, to create new products, new services or better the services that they already have. And then I think, in both of them, it bars them from misrepresenting their certain privacy policies and informing customers more blatantly about the ways that they collect and use the data from the services and the products that these customers use.

Meghan McCarty Carino: And the FTC complaints also included allegations that the Ring systems were vulnerable to third-party hackers, right?

Kelly: Right, around 55,000 customer accounts were accessed by hackers for, you know, standard cyberattacks. We’re thinking like credential stuffing. If you ever used the website, “have I been pwned” to see if your user information, your passwords have been leaked online somewhere, these hackers would go through that material and just kind of stuff that into the Ring websites trying to gain access. And the creepiest thing that happened there was that the FTC alleges that these hackers harassed, threatened and insulted customers, and at one time taunted children with racial slurs, and just very disgusting stuff. When I reached out to Amazon for comment, they did not deny any of these things, which I think is important. But what they did say was that we were paying the settlement, we addressed these things years ago, and we want to move forward.

Readers Also Like:  UK’s offensive hacking unit takes on military opponents and terrorist groups

McCarty Carino: This piece about not using data for machine learning and even destroying the algorithm that was trained on that data, to what extent does that improve privacy and security?

Kelly: I think what we’re hearing now — and we’re talking about ChatGPT, we’re talking about all these new AI products — there’s conversation right now bubbling up that if an algorithm is to learn from the behavior of the people using it, they should get explicit consent for that. And I think, coming from the FTC’s perspective and thinking about retroactive regulation, that’s a very hard thing to do. So I think it’s one of the easier things to be like, “Delete it. And maybe we can start over and tell people that we need their consent before we start using the information that they give us.”

McCarty Carino: Yeah, I was really struck by the FTC statement that machine learning isn’t an excuse to break the law. It does seem like that maybe applies to some other AI-related things going on right now.

Kelly: Right. So I think what Chair Lina Khan is saying here with all these privacy rulings and orders is looking at this next frontier. We’re looking at AI, machine learning, we just had Sam Altman of ChatGPT testifiy before Congress. She’s saying, “Look at what we’re doing now with tech. We can do it to you too.” It’s a warning in that way. When these settlements were proposed by the FTC last week, Chair Khan warned folks that when it comes to AI, when it comes to machine learning, the FTC needs to be on their toes right now. And they can’t wait, right, to see how these technologies mature all the way through before they actually start acting. And I think this is actually a lesson both Congress and the FTC and other federal agencies have learned with Big Tech.

Readers Also Like:  Strategies For Investigating Employee Misconduct

McCarty Carino: How big of a deterrent is an action like this? Obviously, the monetary amounts are in the millions, but a Big Tech company like Amazon, it’s kind of a drop in the bucket.

Kelly: I think anything that’s a million-dollar penalty, anything in the millions really doesn’t affect a company like this, bottom line, in the long run. What it does do, right, is creates certain new protections. And I think the most important thing with the Amazon Ring order would be these new security and privacy rules, which would prohibit, for the most part, any employee, any third-party worker from accessing these customer videos, unless it’s for some law enforcement matter, like trying to supply some data for a warrant from law enforcement or something like that. It’s very strict in when and where employees can access these videos, and seeing what the complaint laid out, the allegations it made about the spying concerns and these harassment concerns, I think that will probably have the greatest effect on Ring’s policy and the safety of its customers going forward.

This isn’t the first time the agency has gone after a Big Tech company for violating children’s privacy.

Last year on the show, Kimberly Adams talked about a complaint the FTC brought against WW International, formerly known as weight-loss company Weight Watchers, for collecting children’s user data through an app without their guardian’s permission.

In addition to a $1.5 million fine, the company was also ordered to destroy any algorithms created from that data.

The action also definitely falls in line with the strategy articulated by FTC Chair Lina Kahn on our programs.

Readers Also Like:  New IDC Spending Guide Forecasts Worldwide Security ... - IDC

In an interview with Marketplace’s Kai Ryssdal last month, she said protecting consumer privacy is a major priority as she seeks to hold Big Tech companies accountable. As part of that effort, the agency created a new Office of Technology earlier this year.

In March, we spoke to Chief Technology Officer Stephanie Nguyen, who’s gearing up for the latest big challenge: keeping up with fast-moving innovations and potential violations involving AI.





READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.